Guest ZeBadger Posted June 16, 2010 Report Share Posted June 16, 2010 (edited) I've been working on examining UPDATA.APP and have pretty much got most of the file format identified. I've modified the original split_updata.pl to extract the correct filenames out every time (based on McSpoon's filenames) and also CRC check the extracted file. Script is here EDIT: I have had to move it to here as my crazy new hosting tries to execute the perl script. It needs this crc checking binary to be in the same directory (linux only, until I get time to convert the c code to perl) Actions that I think need to be done... anyone can help out here ;) Identify what the 2 byte Something2 is and how to calculate it... if that is even relevant (see my later posts)Identify what files are actually needed for an UPDATA.APP (the Huawei "time machine" one only had 6 files)Write code to repack the UPDATA.APPConvert the CRC c code into PerlWrite Perl script to repackWrite a windows app to repack I'm editing this post to be up-to-date, so some of the below posts might not make much sense! Edited October 10, 2011 by ZeBadger Link to comment Share on other sites More sharing options...
Guest Speckles Posted June 16, 2010 Report Share Posted June 16, 2010 So we know it's not a sum checksum, or a xor, and is unlikely to be crc16, and a few others (Unless of course they are using weird start values or slightly modified. Manufacturers don't often do either.) Link to comment Share on other sites More sharing options...
Guest ZeBadger Posted June 16, 2010 Report Share Posted June 16, 2010 (edited) So we know it's not a sum checksum, or a xor, and is unlikely to be crc16, and a few others (Unless of course they are using weird start values or slightly modified. Manufacturers don't often do either.) Yes, I've been trying to hunt down checksum routines, but so far haven't found one that matches. Here is my dump of just the header for the Image file that contains the T-Mobile logo. Most of the actual image file is x00 except somewhere just above the middle... which is reflected in the checksum. So we need a checksum that gets bigger the larger the file... unless it's just a checksum of every 4096 bytes. +------+------------+-------------+--------------+ | File | Start Byte | Header Size | Data Size | +------+------------+-------------+--------------+ | 025 | 139445312 | 248 | 307200 | +------+------------+-------------+--------------+ RecordId : 55 AA 5A A5 U.Z. HeaderSize: F8 00 00 00 .... Always 1 : 01 00 00 00 .... HardwareID: 48 57 55 38 32 32 30 FF HWU8220. File Seq : 00 00 00 F2 .... File Size : 00 B0 04 00 .... File Date : 32 30 31 30 2E 30 34 2E 31 39 00 00 00 00 00 00 2010.04.19...... File Time : 31 34 2E 35 30 2E 35 30 00 00 00 00 00 00 00 00 14.50.50........ Input? : 49 4E 50 55 54 00 00 00 00 00 00 00 00 00 00 00 INPUT........... Blank? : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Something2: D2 B7 00 10 .... Blank? : 00 00 .. Checksum : 08 04 08 04 08 04 08 04 08 04 08 04 08 04 08 04 ................ Checksum : 08 04 08 04 08 04 08 04 08 04 08 04 08 04 08 04 ................ Checksum : 08 04 08 04 08 04 08 04 08 04 08 04 08 04 08 04 ................ Checksum : 08 04 08 04 08 04 08 04 08 04 C3 28 C8 B2 B4 69 ...........(...i Checksum : 9A 1D 31 34 B7 11 38 A4 08 04 08 04 08 04 08 04 ..14..8......... Checksum : 08 04 08 04 08 04 08 04 08 04 08 04 08 04 08 04 ................ Checksum : 08 04 08 04 08 04 08 04 08 04 08 04 08 04 08 04 ................ Checksum : 08 04 08 04 08 04 08 04 08 04 08 04 08 04 08 04 ................ Checksum : 08 04 08 04 08 04 08 04 08 04 08 04 08 04 08 04 ................ Checksum : 08 04 08 04 08 04 ...... Edited June 16, 2010 by ZeBadger Link to comment Share on other sites More sharing options...
Guest Josh04 Posted June 16, 2010 Report Share Posted June 16, 2010 Very well done ;) Link to comment Share on other sites More sharing options...
Guest ZeBadger Posted June 16, 2010 Report Share Posted June 16, 2010 (edited) Holy moley... I just downloaded this tool and I have found it is : CRC16 (X25) I'll be writing a perl script to recompile the files first... then a nice little windows tool eh? ;) Edit : FCS 16 also matches.... maybe more... I'll have to investigate further, but should have something done in a few days. Edited June 16, 2010 by ZeBadger Link to comment Share on other sites More sharing options...
Guest Josh04 Posted June 16, 2010 Report Share Posted June 16, 2010 Hurrah! We'll be able to flash the Huawei boot screen away ;) Link to comment Share on other sites More sharing options...
Guest rjm2k Posted June 17, 2010 Report Share Posted June 17, 2010 Hurrah! We'll be able to flash the Huawei boot screen away ;) Can't we just use this to change the boot? .... (from http://source.android.com/porting/customization.html) Boot Screen Customization At startup, Android displays a splashscreen image while booting the device. Do the following if you wish to modify the default splash screen: Create a 320x480 image, splashscreen.jpg in this example. Using ImageMagick, convert your .jpg file to .r format: convert screen.jpg screen.r Use the rgb2565 application to convert the image to 565 format: rgb2565 < screen.rgb > screen.565 Use fastboot to flash the image to the device: fastboot flash splash1 screen.565 Link to comment Share on other sites More sharing options...
Guest ZeBadger Posted June 17, 2010 Report Share Posted June 17, 2010 Can't we just use this to change the boot? .... (from http://source.android.com/porting/customization.html) fastboot flash splash1 screen.565 I tried this and it didn't work, although I think I might have put splash not splash1. If I can get this to work we can install what we want without using superboot or the recovery app. USB would also not be required for those folk who broke theirs. Link to comment Share on other sites More sharing options...
Guest Josh04 Posted June 17, 2010 Report Share Posted June 17, 2010 We don't have a mapped splash partition. The only way to write to that memory is with an UPDATA.APP. Link to comment Share on other sites More sharing options...
Guest myface Posted June 17, 2010 Report Share Posted June 17, 2010 thanks a lot Link to comment Share on other sites More sharing options...
Guest Sh4d0w940 Posted June 17, 2010 Report Share Posted June 17, 2010 If we could create updata.app files we would be safe for future, i.e. december update wich will flash over any future rom Because time machine may not work on roms that aren't released yet and this probably will. Warranty forever ;) Sh4d0w940 Link to comment Share on other sites More sharing options...
Guest ZeBadger Posted June 17, 2010 Report Share Posted June 17, 2010 I'm going to release the Std 2.1 Hungarian ROM with the custom Recovery image built in at some point in the next few days... I might change the colour of the t-mobile logo too... so it's not pink! Any other ideas? Link to comment Share on other sites More sharing options...
Guest Speckles Posted June 17, 2010 Report Share Posted June 17, 2010 If your going all that way, why not remove the T-Mobile logo completely and use a MoDaCo logo for sheer coolness factor? Of course, the first thing to do is ensure that a custom made updata actually works and doesn't brick your phone... Link to comment Share on other sites More sharing options...
Guest ZeBadger Posted June 17, 2010 Report Share Posted June 17, 2010 (edited) If your going all that way, why not remove the T-Mobile logo completely and use a MoDaCo logo for sheer coolness factor? I'm just doing the image first... then the recovery image. I think my "Something2" in the hex dump above is the checksum of the header... which wont change with the image mod. Will check it out after I've got the image working. Where can I get a cool MoDaCo one from? Is there one somewhere? Of course, the first thing to do is ensure that a custom made updata actually works and doesn't brick your phone... No pain no gain eh? ;) Edited June 17, 2010 by ZeBadger Link to comment Share on other sites More sharing options...
Guest ZeBadger Posted June 17, 2010 Report Share Posted June 17, 2010 (edited) Bugger.... 95% thru the update process then "Update Failed" ... not had much chance to check what I did wrong (bed time and I was copy and pasting huge chunks of binary data around... lol) but the blue boot screen worked so I can recover... Phew ;) The CRC program (linux binary at the moment, will convert to perl when I get chance!) that I wrote is available here if anyone else wants experiment! MAKE SURE that you test it works properly with files that you extract (compare the checksums to the ones in the header) I haven't done much testing on it yet. Edit: Struggling to recover... take care!! I'm sure this will work, but I need to get to bed :/ Looks like I'm sticking the sim in a spare phone! I'm going to add a crc checker to the split program... then I can at least check my creations! Edited June 18, 2010 by ZeBadger Link to comment Share on other sites More sharing options...
Guest Josh04 Posted June 19, 2010 Report Share Posted June 19, 2010 Did you have any luck? Link to comment Share on other sites More sharing options...
Guest ZeBadger Posted June 19, 2010 Report Share Posted June 19, 2010 (edited) Did you have any luck? My phone is back alive without me having to use the above. I've didn't had chance to play around last night due to the game and drinking a little too much. Out tonight too, but I'll hopefully get a few hours. I'm going to prioritise making the splitter check the checksums first and also work out what "Something2" is (I guess it's the crc of the header, but I've not had time to check yet). I've also not very thoroughly checked my checksum binary works... but that will be automatically checked when I've done the checksum adding to the splitter. Edited June 19, 2010 by ZeBadger Link to comment Share on other sites More sharing options...
Guest ZeBadger Posted June 19, 2010 Report Share Posted June 19, 2010 (edited) I've added CRC checking to the script and also fixed a bug which meant it got stuck if there was null padding at the end of the file. The CRC binary needs to be in the same dir. My UPDATA.APP checked out okay... so that "Something2" must be my problem... will work on that at some point in the next few days! Edited June 19, 2010 by ZeBadger Link to comment Share on other sites More sharing options...
Guest DanWilson Posted June 19, 2010 Report Share Posted June 19, 2010 I've added CRC checking to the script and also fixed a bug which meant it got stuck if there was null padding at the end of the file. The CRC binary needs to be in the same dir. My UPDATA.APP checked out okay... so that "Something2" must be my problem... will work on that at some point in the next few days! Are you trying to make a tool to create an UPDATA.APP? Damn I'd have fun with that, "DAN BE KING!" as every boot screen! ;) Link to comment Share on other sites More sharing options...
Guest ZeBadger Posted June 19, 2010 Report Share Posted June 19, 2010 (edited) Are you trying to make a tool to create an UPDATA.APP? Yes, just working out how to do it first, nearly there I think! I built my own, but it failed at about 95%... just those 2 bytes to work out probably... unfortunately got a BBQ to get to tonight, so wont be doing any more today. Edited June 19, 2010 by ZeBadger Link to comment Share on other sites More sharing options...
Guest DanWilson Posted June 19, 2010 Report Share Posted June 19, 2010 Yes, just working out how to do it first, nearly there I think! I built my own, but it failed at about 95%... just those 2 bytes to work out probably... unfortunately got a BBQ to get to tonight, so wont be doing any more today. Ah well, I always take a break if I get stuck at anything for a while - just to clear my head. I'd say that's good advice to anyone - take a break if you get really stuck, chill for a bit or sleep, cos it means you won't get irritated and do something you shouldn't. Link to comment Share on other sites More sharing options...
Guest McSpoon Posted June 20, 2010 Report Share Posted June 20, 2010 Wow, this is awesome. It's good to see the script becoming more robust and versatile. And the CRC stuff is looking very promising. I haven't been able to catchup on this forum much lately as work is hectic at the moment but I like what you're doing. Especially the ingenious way it obtains the filename from the file sequence string. I always wanted to find a cunning way to do that as they often change the order of the files. So is the checksum generated by the FCS-16 result of every 4096 bytes? And I'm equally puzzled by the Something2 value. It probably is another CRC but why would they do that?! Keep up the great work. It's looking good. Link to comment Share on other sites More sharing options...
Guest ZeBadger Posted June 20, 2010 Report Share Posted June 20, 2010 (edited) Wow, this is awesome. It's good to see the script becoming more robust and versatile. And the CRC stuff is looking very promising. I haven't been able to catchup on this forum much lately as work is hectic at the moment but I like what you're doing. Especially the ingenious way it obtains the filename from the file sequence string. I always wanted to find a cunning way to do that as they often change the order of the files. Just a lucky guess with the file sequence, but nice when it comes together ;) So is the checksum generated by the FCS-16 result of every 4096 bytes? It's a CRC16(X.25) for every 4096 bytes of the extracted file. I worked that out by 1) dividing the size of the file by the header and getting figures around 2048 giving me a 1:2048 ratio 2) the header only ever went up in 2 byte chunks so I made the ratio 2:4096 3) the splash screen being mostly nulls meant that I could see that x08 x04 was 4096 bytes of null 4) I was hunting around running loads of algorithms on that file. Eventually, I found that easy hash windows program that gave me my answer. I found a piece of C code that generated codes for it. I modified the main program to chop input files up into 4096 bytes and pass it though. I would like to convert to perl so I can put it into this script, but I've not had time to invest in that yet. And I'm equally puzzled by the Something2 value. It probably is another CRC but why would they do that?! I can't see it being anything other than a CRC of the header as the numbers are too random... and the splash screen values don't match on the December vs Hungarian files even though they are the same file. The only thing that has changed are the header file date and file time. I wonder if we can find any UPDATA.APP files that have the same headers in for some of the files... that would help prove this before investing too much time! December splash screen +------+------------+-------------+--------------+ | File | Start Byte | Header Size | Data Size | +------+------------+-------------+--------------+ | 024 | 115742372 | 248 | 307200 | +------+------------+-------------+--------------+ RecordId : 55 AA 5A A5 U.Z. HeaderSize: F8 00 00 00 .... Always 1 : 01 00 00 00 .... HardwareID: 48 57 55 38 32 32 30 FF HWU8220. File Seq : 00 00 00 F2 .... File Size : 00 B0 04 00 .... Date : 32 30 30 39 2E 31 31 2E 32 37 2009.11.27 Blank? : 00 00 00 00 00 00 ...... Something1: 30 31 2E 34 34 2E 35 37 01.44.57 Blank? : 00 00 00 00 00 00 00 00 ........ Input? : 49 4E 50 55 54 00 00 00 00 00 00 00 00 00 00 00 INPUT........... Blank? : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Something2: 0E 39 00 10 .9.. Blank? : 00 00 .. Checksum : 08 04 08 04 08 04 08 04 08 04 08 04 08 04 08 04 ................ Checksum : 08 04 08 04 08 04 08 04 08 04 08 04 08 04 08 04 ................ Checksum : 08 04 08 04 08 04 08 04 08 04 08 04 08 04 08 04 ................ Checksum : 08 04 08 04 08 04 08 04 08 04 C3 28 C8 B2 B4 69 ...........(...i Checksum : 9A 1D 31 34 B7 11 38 A4 08 04 08 04 08 04 08 04 ..14..8......... Checksum : 08 04 08 04 08 04 08 04 08 04 08 04 08 04 08 04 ................ Checksum : 08 04 08 04 08 04 08 04 08 04 08 04 08 04 08 04 ................ Checksum : 08 04 08 04 08 04 08 04 08 04 08 04 08 04 08 04 ................ Checksum : 08 04 08 04 08 04 08 04 08 04 08 04 08 04 08 04 ................ Checksum : 08 04 08 04 08 04 ...... Hungarian splash screen: +------+------------+-------------+--------------+ | File | Start Byte | Header Size | Data Size | +------+------------+-------------+--------------+ | 025 | 139445312 | 248 | 307200 | +------+------------+-------------+--------------+ RecordId : 55 AA 5A A5 U.Z. HeaderSize: F8 00 00 00 .... Always 1 : 01 00 00 00 .... HardwareID: 48 57 55 38 32 32 30 FF HWU8220. File Seq : 00 00 00 F2 .... File Size : 00 B0 04 00 .... Date : 32 30 31 30 2E 30 34 2E 31 39 2010.04.19 Blank? : 00 00 00 00 00 00 ...... Something1: 31 34 2E 35 30 2E 35 30 14.50.50 Blank? : 00 00 00 00 00 00 00 00 ........ Input? : 49 4E 50 55 54 00 00 00 00 00 00 00 00 00 00 00 INPUT........... Blank? : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Something2: D2 B7 00 10 .... Blank? : 00 00 .. Checksum : 08 04 08 04 08 04 08 04 08 04 08 04 08 04 08 04 ................ Checksum : 08 04 08 04 08 04 08 04 08 04 08 04 08 04 08 04 ................ Checksum : 08 04 08 04 08 04 08 04 08 04 08 04 08 04 08 04 ................ Checksum : 08 04 08 04 08 04 08 04 08 04 C3 28 C8 B2 B4 69 ...........(...i Checksum : 9A 1D 31 34 B7 11 38 A4 08 04 08 04 08 04 08 04 ..14..8......... Checksum : 08 04 08 04 08 04 08 04 08 04 08 04 08 04 08 04 ................ Checksum : 08 04 08 04 08 04 08 04 08 04 08 04 08 04 08 04 ................ Checksum : 08 04 08 04 08 04 08 04 08 04 08 04 08 04 08 04 ................ Checksum : 08 04 08 04 08 04 08 04 08 04 08 04 08 04 08 04 ................ Checksum : 08 04 08 04 08 04 ...... Edited June 25, 2010 by ZeBadger Link to comment Share on other sites More sharing options...
Guest ZeBadger Posted June 20, 2010 Report Share Posted June 20, 2010 (edited) I wonder if we can find any UPDATA.APP files that have the same headers in for some of the files... that would help prove this before investing too much time! I've had a brainwave... I can copy the header from the Hungarian splash screen to the December one and see if that works... thus proving theory. Will work on that baby later! Edit: Okay that worked :( Next step is to make it fail by modifying the file date. If that makes it fail, then I'll know that part is included in the checksum. Will have to try that tomorrow, if I get chance. Edit: Hmm, that worked too. I've just double checked that modifying the "Something2" broke things and it did... at the unpacking stage. Just double checked my modified splashscreen UPDATA.APP and it didn't fail until around 95% in the writing stage ;) Edited June 20, 2010 by ZeBadger Link to comment Share on other sites More sharing options...
Guest Speckles Posted June 22, 2010 Report Share Posted June 22, 2010 Did you check the log file in the dload folder with different values (Correct/incorrect) for Something2 ? Maybe it'll say whats wrong and we can decide on its purpose from the error message? Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now