Jump to content

Extracting UPDATE.APP HELP


Guest Gary_J_Wright

Recommended Posts

This thread is great and I love it (deletesmiley)

Does the install procedure actually check for a signature? I wouldn't be surprised if Huawei relied on security through obscurity.

Because we're like a bunch of blind lesbians in a fish market?

I could figure out how to compile https://github.com/terrex/unupdatapp but not in the next couple of weeks. Going away :-)

Also not sure if anyone has tried bin2app

Edited by tcpaulh
Link to comment
Share on other sites

I actually have bin2app.exe, but this one was for an old tablet. Neither the update.app contains a signature nor is the structure valid (the 0x55aa5aa5 is missing and other things).

I wrote a java program for extracting and crc-checking update.app, but the other way is still impossible.

Link to comment
Share on other sites

  • 2 months later...
Guest tcpaulh

I actually have bin2app.exe, but this one was for an old tablet. Neither the update.app contains a signature nor is the structure valid (the 0x55aa5aa5 is missing and other things).

I wrote a java program for extracting and crc-checking update.app, but the other way is still impossible.

Would be interesting to see your java app and possibly the bin2app in case someone can hack it :)

Link to comment
Share on other sites

Guest unaszplodrmann

Would be interesting to see your java app and possibly the bin2app in case someone can hack it :)

Hands up anyone who'd be willing to test a package created by just such a homebrew programme. Come on now, don't be shy; it won't trash the partition table... honest.

Link to comment
Share on other sites

Guest tcpaulh

Hands up anyone who'd be willing to test a package created by just such a homebrew programme. Come on now, don't be shy; it won't trash the partition table... honest.

The java app in question was for extracting. I'm guessing you're having a bit of a laugh about volunteers for flashing a repacked update. Not sure though :)

I'd potentially be up for it after having a discussion with the coder.

UPDATE.APP is digitally signed with a private key only Huawei has.

What could probably be done, is patch osbl to ignore signature verification and save it to /dev/block/mmcblk0p3

.

Repacking shouldn't be a major hurdle though it wouldn't have a valid RSA key.

bin2app here :- http://people.freedesktop.org/~hadess/huawei-e585/%E6%88%91%E7%9A%84%E5%85%89%E7%9B%98/release/

Edited by tcpaulh
Link to comment
Share on other sites

Guest unaszplodrmann

I'm guessing you're having a bit of a laugh about volunteers for flashing a repacked update.

Aye. Ohh, I seee - bin2app is ostensibly a Huawei tool. No more risky than using any another vendor tool, like Odin for example... :unsure: :blink: :D

Link to comment
Share on other sites

Guest tcpaulh

Aye. Ohh, I seee - bin2app is ostensibly a Huawei tool. No more risky than using any another vendor tool, like Odin for example... :unsure: :blink: :D

Pretty much. At least they use it. Probably not that version though. Patching the os bootloader (mmcblk03 off the top of my head :eek: ?!?) so it doesn't require the RSA signature is perhaps the biggest hurdle.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.