Jump to content


Photo

Repacking UPDATA.APP (was New version of split_updata.pl)

* * * * * 1 votes

  • Please log in to reply
202 replies to this topic

#81
Speckles

Speckles

    Diehard

  • Members
  • PipPipPipPip
  • 340 posts
  • Devices:Galaxy S, Pulse, SPV 500 :)
Huawei released it for the Pulse Mini - it's close enough for the purposes in the topic :lol:

  • 0

#82
ZeBadger

ZeBadger

    Regular

  • Members
  • PipPip
  • 90 posts
  • Gender:Male
  • Devices:Nexus 4
file02.mbn appears to contain CRC checksums for some of the files. I'm guessing that it's not a 4096 byte checksum in this one, coz I can't find the checksum for larger files, so I just need to work out the size used... leave me on it :lol:

eg for the Time Machine rom
$ hd file02.mbn
00000000  27 91 42 fd f9 ac 26 fc  87 21 01 3e 48 9a de c9  |'.B...&..!.>H...|
00000010  d1 64 af 9f 4d 42 4f 10  04 1d 09 9d			  |.d..MBO.....|
0000001c

boot_versions.txt 2791  (bytes 1 and 2)
upgradable_versions.txt 099D (last 2 bytes)
version.txt 099D  (last 2 bytes as well... ahem)
file01.mbn 2109 
file02.mbn 7A7A (It can't contain the checksum for itself)
file04.mbn 42FD (bytes 3 and 4)
file05.mbn 01C9

Edited by ZeBadger, 30 June 2010 - 05:13 PM.

  • 0

#83
Speckles

Speckles

    Diehard

  • Members
  • PipPipPipPip
  • 340 posts
  • Devices:Galaxy S, Pulse, SPV 500 :)
Interesting... I wonder why they would do that? Secondly, I wonder if they have a file that contains checksums for the file headers?

Edited by Speckles, 30 June 2010 - 05:11 PM.

  • 0

#84
ZeBadger

ZeBadger

    Regular

  • Members
  • PipPip
  • 90 posts
  • Gender:Male
  • Devices:Nexus 4

Interesting... I wonder why they would do that? Secondly, I wonder if they have a file that contains checksums for the file headers?


I'm quite sure all the checksums for the files will be in this file. Just got to workout how they are stored. I'm confident that this will sort out my CRC error with my image :lol:

  • 0

#85
Speckles

Speckles

    Diehard

  • Members
  • PipPipPipPip
  • 340 posts
  • Devices:Galaxy S, Pulse, SPV 500 :)
I think you could be right. If you open the CUSTOMIZED_HU file, the FILE02 contains just two bytes 7D BD which happens to be the CRC16 of the file which contains the text "T-Mobile HU".

  • 0

#86
ZeBadger

ZeBadger

    Regular

  • Members
  • PipPip
  • 90 posts
  • Gender:Male
  • Devices:Nexus 4
I thought I had it for a minute. There are 117145030 bytes of data in the files, 7180 in file02.mbn, that gives around 16315 bytes per file. This is very close to 16k (16384).

I split the splash screen up with "split -b 16384 splash.raw565". This didn't give me anything recognisable when passed through crc_file
"split -a 10 -b 16383 splash.raw565" gave me lots of F078

$ for each in x??
> do
> echo $each: `./crc_file $each`
> done
xaa: F078
xab: F078
xac: F078
xad: F078
xae: F078
xaf: F078
xag: F078
xah: 1357
xai: 3F61
xaj: F078
xak: F078
xal: F078
xam: F078
xan: F078
xao: F078
xap: F078
xaq: F078
xar: F078
xas: 4FA7

There's a lot of F078 in file02.mbn which makes me think that for large amounts of NULL this is probably correct, but 1357 isn't and 3F61 are not in there.

EDIT: Doh doh doh... it's 2 bytes per chunk... so must be 32k chunks... Stupid coincidence of F078 and 78FO lol

Edited by ZeBadger, 30 June 2010 - 07:30 PM.

  • 0

#87
ZeBadger

ZeBadger

    Regular

  • Members
  • PipPip
  • 90 posts
  • Gender:Male
  • Devices:Nexus 4
Yup :lol: for the splash screen... the checksums are in there

$ for each in x??
> do
> ./crc_file $each
> done
78F0
78F0
78F0
9A0B
EE47
78F0
78F0
78F0
78F0
0E07

I'll recompile a crc creator for 32k... brb after rebooting into Linux! Okay it's here crc32k

Time to edit file02 then try re-flashing my phone!

Edited by ZeBadger, 30 June 2010 - 07:23 PM.

  • 0

#88
Speckles

Speckles

    Diehard

  • Members
  • PipPipPipPip
  • 340 posts
  • Devices:Galaxy S, Pulse, SPV 500 :)
Cool, I was just about to mention that the file02.mbn was too big for one crc per file and that it looked chunked into 32KB sections, but I'd not confirmed it as fast as you had and I don't want to post every thought as this isn't twitter :lol:

BTW, I use VMWare for Linux, much easier than rebooting :D

Edited by Speckles, 30 June 2010 - 07:39 PM.

  • 0

#89
ZeBadger

ZeBadger

    Regular

  • Members
  • PipPip
  • 90 posts
  • Gender:Male
  • Devices:Nexus 4

Cool, I was just about to mention that the file02.mbn was too big for one crc per file and that it looked chunked into 32KB sections, but I'd not confirmed it as fast as you had and I don't want to post every thought as this isn't twitter :D


Failing straight away on me now. "Update failed". First time was because I had forgotten to update the CRC for file02.mbn!

Now I'm getting :
**** SD download log ****
Failure: MD5_RSA verify failure.
Failure: operation did not succeed.  
Failure: operation did not succeed.  
Failure: operation did not succeed.  
Failure: operation did not succeed.  
Failure: operation did not succeed.  
dload_sd_ram_data_proc->(retry >= DLOAD_RETRY) failed!

Crikey... there must be an md5 in there somewhere too ? Maybe, as you had the same problems, this is something to do with how the file is assembled too.

That's enough tinkering for tonight... g/f is getting tetchy :lol:

Edited by ZeBadger, 30 June 2010 - 08:12 PM.

  • 0

#90
Speckles

Speckles

    Diehard

  • Members
  • PipPipPipPip
  • 340 posts
  • Devices:Galaxy S, Pulse, SPV 500 :)
I think it's the F3 file (file01.mbn), thats 128 bytes and changes drastically on every updata.app. I don't think it's just an MD5 either - I think it's an MD5 of the file headers (those have not been checked yet, only the data) and then that MD5 hash cryptographically signed by Huawei using there own private key which is then checked by the phone which has a copy of the public key.

  • 0

#91
Epic-Emodude

Epic-Emodude

    Addict

  • Members
  • PipPipPipPipPip
  • 630 posts
  • Location:Southend, England
  • Devices:T-Mobile Pulse, HTC Wildfire
  • Twitter:@Aaron_Durant

I think it's the F3 file (file01.mbn), thats 128 bytes and changes drastically on every updata.app. I don't think it's just an MD5 either - I think it's an MD5 of the file headers (those have not been checked yet, only the data) and then that MD5 hash cryptographically signed by Huawei using there own private key which is then checked by the phone which has a copy of the public key.


Hi,

I have been following this post for a while now (since it started), and I am very interested in what your doing. Unfortunately I don't understand much of what your talking about, so I was wondering if you could say roughly how close to completion you are on this, as I am sure there are many others in a simular position to me.

Thanx

Aaron

  • 0
Visit my website! uba-blog.co.uk

#92
Speckles

Speckles

    Diehard

  • Members
  • PipPipPipPip
  • 340 posts
  • Devices:Galaxy S, Pulse, SPV 500 :)
Really, it's impossible to say. We think there just one hurdle left, but we've been thinking that for a while now and as soon as we jump over it, another one jumps in our way. It could end up being impossible, we just don't know yet. We need a proof of concept.

  • 0

#93
ZeBadger

ZeBadger

    Regular

  • Members
  • PipPip
  • 90 posts
  • Gender:Male
  • Devices:Nexus 4

I think it's the F3 file (file01.mbn), thats 128 bytes and changes drastically on every updata.app. I don't think it's just an MD5 either - I think it's an MD5 of the file headers (those have not been checked yet, only the data) and then that MD5 hash cryptographically signed by Huawei using there own private key which is then checked by the phone which has a copy of the public key.


Yeah I was looking in there... it's divisible by 32bits (_8_ md5 checksums... just need to know what they are checksums for, it's also 128 bytes in the TimeMachine rom)

I know how we can work out what it is for. It's not all of the headers as I have edited one of them and it didn't fail. I have however edited file02.mbn and got this error... but only after I fixed the CRC checksum for it! So we can just try bodging other files until we know which ones are affected.... okay I'm really going for the evening now!

I have been following this post for a while now (since it started), and I am very interested in what your doing. Unfortunately I don't understand much of what your talking about, so I was wondering if you could say roughly how close to completion you are on this, as I am sure there are many others in a simular position to me.


As Speckles says, it might not even be possible, if there's any cryptography we will probably hit a brick wall. We still haven't worked out the "something2" field... although one of my friends got the bug and has taken it away for analysis.

Edited by ZeBadger, 01 July 2010 - 05:05 PM.

  • 0

#94
DanWilson

DanWilson

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,821 posts
  • Gender:Male
  • Location:Glasgow
  • Interests:Trololololololololol
  • Devices:HTC Desire Z // HP Touchpad
  • Twitter:@PARTAYDan

although one of my friends got the bug and has taken it away for analysis.

Erm whut? What bug? Analysis how and where? Is this the phone still or has your friend got diarrhea?

  • 0
HTC Desire Z - Something CM9 ish - giffgaff
HP Touchpad - AOKP? I dunno (ICS) // webOS // Debian - 30MB Interwebz

I should still be a mod. #JustSayin.

#95
Speckles

Speckles

    Diehard

  • Members
  • PipPipPipPip
  • 340 posts
  • Devices:Galaxy S, Pulse, SPV 500 :)
:lol:

  • 0

#96
DanWilson

DanWilson

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,821 posts
  • Gender:Male
  • Location:Glasgow
  • Interests:Trololololololololol
  • Devices:HTC Desire Z // HP Touchpad
  • Twitter:@PARTAYDan

:lol:

DAMMIT!! Why can't people answer me with words, instead of smiling at me!?
:D :D :) :D :) :)

  • 0
HTC Desire Z - Something CM9 ish - giffgaff
HP Touchpad - AOKP? I dunno (ICS) // webOS // Debian - 30MB Interwebz

I should still be a mod. #JustSayin.

#97
ZeBadger

ZeBadger

    Regular

  • Members
  • PipPip
  • 90 posts
  • Gender:Male
  • Devices:Nexus 4

Erm whut? What bug? Analysis how and where? Is this the phone still or has your friend got diarrhea?

#5

bug
noun
1. insect, beastie (informal), creepy-crawly (informal), gogga (S. African informal) a bloodsucking bug which infests poor housing
2. (Informal) illness, disease, complaint, virus, infection, disorder, disability, sickness, ailment, malaise, affliction, malady, lurgy (informal) I think I've got a bit of a stomach bug.
3. fault, failing, virus, error, defect, flaw, blemish, imperfection, glitch, gremlin There is a bug in the software.
4. bugging device, wire, listening device, phone tap, hidden microphone There was a bug on the phone.
5. (Informal) mania, passion, rage, obsession, craze, fad, thing (informal) I've definitely been bitten by the gardening bug.

  • 0

#98
DanWilson

DanWilson

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,821 posts
  • Gender:Male
  • Location:Glasgow
  • Interests:Trololololololololol
  • Devices:HTC Desire Z // HP Touchpad
  • Twitter:@PARTAYDan

#5

bug
noun
1. insect, beastie (informal), creepy-crawly (informal), gogga (S. African informal) a bloodsucking bug which infests poor housing
2. (Informal) illness, disease, complaint, virus, infection, disorder, disability, sickness, ailment, malaise, affliction, malady, lurgy (informal) I think I've got a bit of a stomach bug.
3. fault, failing, virus, error, defect, flaw, blemish, imperfection, glitch, gremlin There is a bug in the software.
4. bugging device, wire, listening device, phone tap, hidden microphone There was a bug on the phone.
5. (Informal) mania, passion, rage, obsession, craze, fad, thing (informal) I've definitely been bitten by the gardening bug.

Still don't get it, your friend is enraged and analyzing himself?
Lulz, you've lost me...

  • 0
HTC Desire Z - Something CM9 ish - giffgaff
HP Touchpad - AOKP? I dunno (ICS) // webOS // Debian - 30MB Interwebz

I should still be a mod. #JustSayin.

#99
ZeBadger

ZeBadger

    Regular

  • Members
  • PipPip
  • 90 posts
  • Gender:Male
  • Devices:Nexus 4

Still don't get it, your friend is enraged and analyzing himself?
Lulz, you've lost me...

He's gotten obsessed with the puzzle.

  • 0

#100
DanWilson

DanWilson

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,821 posts
  • Gender:Male
  • Location:Glasgow
  • Interests:Trololololololololol
  • Devices:HTC Desire Z // HP Touchpad
  • Twitter:@PARTAYDan

He's gotten obsessed with the puzzle.

Ah. I'm to stupid to see the puzzle than to become obsessed with it...
I think someone should work 24/7 , just to fix his friends obsession. *HINT HINT*
JK - I wouldn't rush you that much, you need an hour to sleep!

  • 0
HTC Desire Z - Something CM9 ish - giffgaff
HP Touchpad - AOKP? I dunno (ICS) // webOS // Debian - 30MB Interwebz

I should still be a mod. #JustSayin.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users