Jump to content


Photo

Repacking UPDATA.APP (was New version of split_updata.pl)

* * * * * 1 votes

  • Please log in to reply
202 replies to this topic

#161
AntonioPT

AntonioPT

    Addict

  • Members
  • PipPipPipPipPip
  • 645 posts
  • Gender:Male
  • Devices:Huawei U8230 (aka TMN a1)
This guy says he's got bin2app (posted here)! Isn't that all that was missing for us to repack UPDATA.APP?

Believe it or not I have Bin2App.exe :)

What I miss is CRCGEN !

If anyone has it, contact me!

Bin2App.exe  [-F] -iAPP ╬─╝■├√1  ╬─╝■├√2 -o ║╧▓ó║≤╡─╬─╝■
		-iBin  Name:╬─╝■├√:╥╗╕÷╢■╜°╓╞╬─╝■

		Addr:  ╡╪╓╖

		SecCode: ░▓╚½┬δ

		Desc: ╢╘╙ª╡─╧╘╩╛├√(┐╔╤í)

		-o: ╥¬╫¬╗╗╬¬╡─App╬─╝■├√

		Desc: App╬─╝■╧╘╩╛├√(┐╔╤í)

		-iApp  ╬─╝■├√1 ╬─╝■├√2: ╨Φ╥¬║╧▓ó╡─2╕÷╬─╝■

Does anybody know how to setup the CMD console so to read chinese characters? I tried many codepages.. without apparent success..


  • 0

#162
mr.a

mr.a

    Enthusiast

  • Members
  • PipPipPip
  • 203 posts
  • Gender:Male
  • Devices:Orange San Diego
im not a coder but i may have found something related to app2bin

it can be found here:

http://hg.sourceforg...ca5b70393ea6212

  • 0

#163
Zibri

Zibri

    Newbie

  • Members
  • Pip
  • 5 posts
  • Devices:Huawei U8150, iPad
  • Twitter:@Zibri

seccode is just "HWU8220" in hex.


Hmm.. no it's not :) there is an FF

  • 0

#164
Zibri

Zibri

    Newbie

  • Members
  • Pip
  • 5 posts
  • Devices:Huawei U8150, iPad
  • Twitter:@Zibri

im not a coder but i may have found something related to app2bin

it can be found here:

http://hg.sourceforg...ca5b70393ea6212


Yep.. it's related as much as a monkey is related to a donkey... they are both animals :)

Don't worry I am now coding an APP creator... I hope I can release it soon.

  • 0

#165
anegin

anegin

    Newbie

  • Members
  • Pip
  • 47 posts
  • Devices:Huawei U8230
Zibri, it's good news! Waiting for your tool.

  • 0

#166
Zibri

Zibri

    Newbie

  • Members
  • Pip
  • 5 posts
  • Devices:Huawei U8150, iPad
  • Twitter:@Zibri

Zibri, it's good news! Waiting for your tool.


I just finished writing the main program. It's better than bin2app :)

Now I need to figure out the 1024 bit signature and I'm done.

  • 0

#167
thom@cn

thom@cn

    Newbie

  • Members
  • Pip
  • 2 posts
  • Devices:C8600

I just finished writing the main program. It's better than bin2app :(

Now I need to figure out the 1024 bit signature and I'm done.


Hi, Zirbi, could you post the analysis of updata or bin2app?
of course, source code of bin2app is much better.
Thanks for your hard work of damn huawei updata.

  • 0

#168
leo001

leo001

    Regular

  • Members
  • PipPip
  • 54 posts
  • Devices:Samsung Omnia i900

I just finished writing the main program. It's better than bin2app :(

Now I need to figure out the 1024 bit signature and I'm done.


IT
Novità Zibri?

EN
any news?

  • 0
To donate: CLICK

#169
thom@cn

thom@cn

    Newbie

  • Members
  • Pip
  • 2 posts
  • Devices:C8600
I think it's no need to reengineer 0xe2000000.
Think a bit, we can upgrade in the phone it's self, by settings -> sd card update.
after reengineer the Settings.apk (apktool is a good tool, you may need framework-res-hwext.apk)

i find all the upgrade process will call updateModemandApp, and it's in libandroid_runtime.so (/system/lib/)
so we can disassemble it, and then find out..

I'm doing it, but i'm not familiar with arm instruction.

I've tracked the above message down in the updater app. It's caused by this routine returning zero:

ROM:00019738 var_20		  = -0x20
ROM:00019738
ROM:00019738				 STMFD   SP!, {R3-R9,LR}
ROM:0001973C				 MOV	 R7, R0
ROM:00019740				 MOV	 R0, #0
ROM:00019744				 LDR	 R8, =(loc_FFFC+3)
ROM:00019748				 MOV	 R6, R2
ROM:0001974C				 MOV	 R4, R1
ROM:00019750				 STR	 R0, [SP,#0x20+var_20]
ROM:00019754				 B	   loc_1979C
ROM:00019758; ---------------------------------------------------------------------------
ROM:00019758
ROM:00019758 loc_19758							 ; CODE XREF: sub_19738+68j
ROM:00019758				 LDRB	R0, [R6]
ROM:0001975C				 CMP	 R4, #0x1000; 4096
ROM:00019760				 MOVLS   R5, R4
ROM:00019764				 STRB	R0, [SP,#0x20+var_20]
ROM:00019768				 LDRB	R0, [R6,#1]
ROM:0001976C				 MOVHI   R5, #0x1000; 4096
ROM:00019770				 AND	 R1, R8, R5,LSL#3
ROM:00019774				 STRB	R0, [SP,#0x20+var_20+1]
ROM:00019778				 MOV	 R0, R7
ROM:0001977C				 BL	  sub_184AC
ROM:00019780				 LDRH	R1, [SP,#0x20+var_20]
ROM:00019784				 SUB	 R4, R4, R5
ROM:00019788				 ADD	 R7, R7, R5
ROM:0001978C				 CMP	 R1, R0
ROM:00019790				 MOVNE   R0, #0; If compare fail, set return status to zero (failure)
ROM:00019794				 ADD	 R6, R6, #2
ROM:00019798				 BNE	 locret_197A8; and abort
ROM:0001979C
ROM:0001979C loc_1979C							 ; CODE XREF: sub_19738+1Cj
ROM:0001979C				 CMP	 R4, #0; else go and have another loop if we have more bytes to check
ROM:000197A0				 BNE	 loc_19758
ROM:000197A4				 MOV	 R0, #1; success return code! 
ROM:000197A8
ROM:000197A8 locret_197A8						  ; CODE XREF: sub_19738+60j
ROM:000197A8				 LDMFD   SP!, {R3-R9,PC}
ROM:000197A8; End of function sub_19738

Does that look familiar to you? I thought it might :D

The "184AC" routine is like the following:

ROM:000184AC sub_184AC							 ; CODE XREF: sub_19738+44p
ROM:000184AC									; sub_2C2F4+98p ...
ROM:000184AC				 LDR	 R2, =(loc_FFFC+3)
ROM:000184B0				 LDR	 R12, =0x9495E4
ROM:000184B4
ROM:000184B4 loc_184B4							 ; CODE XREF: sub_184AC+34j
ROM:000184B4				 CMP	 R1, #8
ROM:000184B8				 BCC	 loc_184E4
ROM:000184BC				 LDRB	R3, [R0],#1
ROM:000184C0				 SUB	 R1, R1, #8
ROM:000184C4				 MOV	 R1, R1,LSL#16
ROM:000184C8				 EOR	 R3, R3, R2
ROM:000184CC				 AND	 R3, R3, #0xFF
ROM:000184D0				 ADD	 R3, R12, R3,LSL#1
ROM:000184D4				 LDRH	R3, [R3]
ROM:000184D8				 MOV	 R1, R1,LSR#16
ROM:000184DC				 EOR	 R2, R3, R2,LSR#8
ROM:000184E0				 B	   loc_184B4
ROM:000184E4; ---------------------------------------------------------------------------
ROM:000184E4
ROM:000184E4 loc_184E4							 ; CODE XREF: sub_184AC+Cj
ROM:000184E4				 CMP	 R1, #0
ROM:000184E8				 BEQ	 loc_18524
ROM:000184EC				 LDRB	R0, [R0]
ROM:000184F0				 MOV	 R0, R0,LSL#8
ROM:000184F4				 B	   loc_18510
ROM:000184F8; ---------------------------------------------------------------------------
ROM:000184F8
ROM:000184F8 loc_184F8							 ; CODE XREF: sub_184AC+74j
ROM:000184F8				 EOR	 R3, R2, R0
ROM:000184FC				 TST	 R3, #1
ROM:00018500				 MOV	 R2, R2,LSR#1
ROM:00018504				 EORNE   R2, R2, #0x8400
ROM:00018508				 EORNE   R2, R2, #8
ROM:0001850C				 MOV	 R0, R0,LSR#1
ROM:00018510
ROM:00018510 loc_18510							 ; CODE XREF: sub_184AC+48j
ROM:00018510				 MOVS	R3, R1
ROM:00018514				 SUB	 R1, R1, #1
ROM:00018518				 MOV	 R1, R1,LSL#16
ROM:0001851C				 MOV	 R1, R1,LSR#16
ROM:00018520				 BNE	 loc_184F8
ROM:00018524
ROM:00018524 loc_18524							 ; CODE XREF: sub_184AC+3Cj
ROM:00018524				 MVN	 R0, R2
ROM:00018528				 MOV	 R0, R0,LSL#16
ROM:0001852C				 MOV	 R0, R0,LSR#16
ROM:00018530				 BX	  LR
ROM:00018530; End of function sub_184AC

I don't know about you, but that smells of a crc check to me.


  • 0

#170
goodoane

goodoane

    Newbie

  • Members
  • Pip
  • 21 posts
  • Devices:Omnia i900,Huawei S7 v104
Is this project still alive...
I own a tablet Huawei s7 that use the same updata.app for upgrade.
It will be great to have some tools for the future developement.
Thank you.
Keep it up.

  • 0

#171
Brandaman717

Brandaman717

    Newbie

  • Members
  • Pip
  • 1 posts
  • Devices:T-Mobile Comet (Huawei U8150)
I installed this UPDATA.APP (http://www.huaweidev...ealand Vodafone).zip) to my T-Mobile Comet, just playing around, and it will not let install the original UPDATE.APP that you can download from "http://www.huaweidev...5B823SP01.zip". Does anybody know how i can get this phone back the way it was or am i just stuck in this small hole. Cause all it does now when i boot it up is show a small hourglass as it is booting up but it still works it's just that i wish to see the T-Mobile screen again if i could?

Thanks for any replies on this issue!!!!

  • 0

#172
TJ Style

TJ Style

    Newbie

  • Members
  • Pip
  • 45 posts
  • Gender:Male
  • Location:Bogor
in this link http://people.freede... there is have the bin2app.exe but there is not have crcgen.

maybe it's usefull for future development

  • 0

#173
ZeBadger

ZeBadger

    Regular

  • Members
  • PipPip
  • 90 posts
  • Gender:Male
  • Devices:Nexus 4
I've completely forgotten where we are with this.

The only thing I think we needed to do to progress out of the stuck part was work out the md5 certificate creation. Which means we need their private key... or an inordinate amount of time to crack it.

I'll re-read the whole thread :/

but there is not have crcgen

I have worked the crcgen part out myself.

With

8. Repeat the same operation as step 4 to 7,making system,userdata and recovery together, finally creating dload\UPDATA.APP.
..\tools\bin2app -F -iAPP temp19.bin recovery_v.bin dload/updata.app descHUAWEI_U8220_BEIJING

and

So, all we need now is bin2app :D


We appear to now have it, there's no references to including private keys in the above command. Are we there I wonder?

Edited by ZeBadger, 26 March 2011 - 02:13 PM.

  • 0

#174
TJ Style

TJ Style

    Newbie

  • Members
  • Pip
  • 45 posts
  • Gender:Male
  • Location:Bogor

I've completely forgotten where we are with this.

The only thing I think we needed to do to progress out of the stuck part was work out the md5 certificate creation. Which means we need their private key... or an inordinate amount of time to crack it.

I'll re-read the whole thread :/
I have worked the crcgen part out myself.

With

and
We appear to now have it, there's no references to including private keys in the above command. Are we there I wonder?


I track the download page of huawei (bruteforce), but still can't find the sd_packer (bin2app & crcgen) utility.
and i test your split_updata is not working to on Huawei U8800 Firmware.

Edited by TJ Style, 26 March 2011 - 02:58 PM.

  • 0

#175
McSpoon

McSpoon

    Enthusiast

  • PipPipPip
  • 280 posts
  • Gender:Male
  • Location:England
  • Devices:Galaxy Tab 10.1

I track the download page of huawei (bruteforce), but still can't find the sd_packer (bin2app & crcgen) utility.
and i test your split_updata is not working to on Huawei U8800 Firmware.

Yes it looks like they've changed the format for the U8800 slightly. There seems to be some extra data before each file (I briefly looked into it but gave up). I just hope they haven't been modifying bin2app.exe for different devices.

  • 0

#176
TJ Style

TJ Style

    Newbie

  • Members
  • Pip
  • 45 posts
  • Gender:Male
  • Location:Bogor

Yes it looks like they've changed the format for the U8800 slightly. There seems to be some extra data before each file (I briefly looked into it but gave up). I just hope they haven't been modifying bin2app.exe for different devices.

I have to debug the bin2app.exe but it seems the device specific tools. i see is just for E600 device. but i hope this bin2app.exe can be used with other devices.

and for U8800 i see the updata is missing 55 AA 5A A5 signature on some partition.

Edited by TJ Style, 29 March 2011 - 08:00 AM.

  • 0

#177
goodoane

goodoane

    Newbie

  • Members
  • Pip
  • 21 posts
  • Devices:Omnia i900,Huawei S7 v104

I have to debug the bin2app.exe but it seems the device specific tools. i see is just for E600 device. but i hope this bin2app.exe can be used with other devices.

and for U8800 i see the updata is missing 55 AA 5A A5 signature on some partition.


Have you succeded to unpack the new type of updata.app file?...
If anyone has a solution for this please post here.
Thank you.

  • 0

#178
poulpix83

poulpix83

    Newbie

  • Members
  • Pip
  • 7 posts
unpacking UPDATA.APP ok
Repacking UPDATA.APP ?

:P

  • 0

#179
projectshadow

projectshadow

    Newbie

  • Members
  • Pip
  • 6 posts
  • Devices:NDriveS400 - GT540

file02.mbn appears to contain CRC checksums for some of the files. I'm guessing that it's not a 4096 byte checksum in this one, coz I can't find the checksum for larger files, so I just need to work out the size used... leave me on it :lol:

eg for the Time Machine rom

$ hd file02.mbn
00000000  27 91 42 fd f9 ac 26 fc  87 21 01 3e 48 9a de c9  |'.B...&..!.>H...|
00000010  d1 64 af 9f 4d 42 4f 10  04 1d 09 9d	  		|.d..MBO.....|
0000001c

boot_versions.txt 2791  (bytes 1 and 2)
upgradable_versions.txt 099D (last 2 bytes)
version.txt 099D  (last 2 bytes as well... ahem)
file01.mbn 2109 
file02.mbn 7A7A (It can't contain the checksum for itself)
file04.mbn 42FD (bytes 3 and 4)
file05.mbn 01C9


i need your help if you can
I want to return to the original version (U8510-1 V100R001C02B827 (Portugal Vodafone)) U8510
I have update to this U8650 V100R001C223B826 (Malaysia General) U8650

Please help, i dont wont noting else tks

Edited by projectshadow, 20 August 2011 - 12:57 PM.

  • 0
System Android
Huawei X3 (U8510-1)
Version: 2.3.3 Official
Rom: U8650 V100R001C223B826 (Malaysia General)
Need help to install the original U8510-1 V100R001C02B827 (Portugal Vodafone)
----
System Android
LG GT540 Swift
Version: 2.3.5
Rom: SwiftDroid v2.0 RC3 (based on CyanogenMod-7.1.0-RC1)
----
System Android
Samsung GT-i5510
Version: 2.2 Official

#180
McSpoon

McSpoon

    Enthusiast

  • PipPipPip
  • 280 posts
  • Gender:Male
  • Location:England
  • Devices:Galaxy Tab 10.1

I want to return to the original version (U8510-1 V100R001C02B827 (Portugal Vodafone)) U8510
I have update to this U8650 V100R001C223B826 (Malaysia General) U8650

Have you tried installing the original firmware for your U8510?
In case you haven't, the links can be found at the wiki: http://wiki.modaco.c..._Firmware_U8510
Within the zip file there will be a .PDF document explaining how to flash it. If it works it will restore your phone back to it's original state thereby losing any changes you've made. If it doesn't then you're screwed. Good luck.

  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users