Jump to content

[ROM] ZTE Blade Stock ROMs


Guest Sebastian404

Recommended Posts

Guest oh!dougal
I Unlocked my SF while it was on stock rom then flashed it with flb-froyo-blade-r3a and then to MCR r4 (2.1) and then to HedgeHog RLS2 (2.1). It never went to SIM lock state since unlocking.

Yes, indeed.

But I said something rather different!

The point was that a locked phone was unlocked (temporarily) by running FroYo, and that the lock returned when reflashing to its own 2.1 --- NOT that a phone that had been UNlocked by a user was ever RElocked.

Unlocking is probably something that gets saved in some NVRAM somewhere. But it looks like the OS is charge of whether it looks at that flag or not before permitting a SIM. So 'all'(!) we need to do now is spot the difference between the Finnish and the closest matching SIM-locking ROM... And/or maybe narrow that down by spotting similarities between the Finnish 2.1 and the 2.2 ROM.

It does indeed sound as though there is an NV setting stored outside the normal rom and recovery areas, and that the prototype 2.2 and the Finnish 2.1 are simply not asking to check that setting.

However, the interrogation of that setting must be in the boot/loader code, as a locked phone detects a "wrong" sim before much else happens.

So, anyone looking for differences between lockable and never-locked versions is unlikely to find that stuff in the kernel itself ...

Edited by oh!dougal
Link to comment
Share on other sites

Guest lepton.android

Are they really stock rom?

I found a /system/bin/busybox with some suid bit set in OUK_P729BV1.0.0B05.

Then Orange have root their phone before ship this phone?

I thought I'd start a thread to cover all the known Stock ROMS

OUK_P729BV1.0.0B05

Carrier - Orange

Country - England

ro.build.version.release=2.1-update1

ro.build.date=Sat Jul 24 21:32:24 CST 2010

ro.build.sw_internal_version=OUK_P729BV1.0.0B09

ro.build.display.id=OUK_P729BV1.0.0B05

ro.com.google.gmsversion=2.1_r6


uname: Linux localhost 2.6.29 #1 PREEMPT Sat Jul 24 21:43:15 CST 2010 armv6l GNU/Linux
ZTE_P729CUV1.0.0B01 Carrier - devphone Country - n/a
ro.build.version.release=2.2

ro.build.date=Thu Sep  2 10:54:26 CST 2010

ro.build.sw_internal_version=P729CUV1.0.0B01

ro.build.display.id=UNI_CN_V880 1.0
BY_P729CV1.0.0B04 Carrier - Bouygues Telecom Country - France
ro.build.version.release=2.1-update1

ro.build.date=Thu Sep 16 19:23:52 CST 2010

ro.build.sw_internal_version=P729CV1.0.0B11

ro.build.display.id=P729CV1.0.0B04

ro.com.google.gmsversion=2.1_r7


uname: Linux localhost 2.6.29 #5 PREEMPT Thu Sep 16 19:26:41 CST 2010 armv6l GNU/Linux
WIND_P729BV1.0.0B02 Carrier - Wind Country - Greece
ro.build.version.release=2.1-update1

ro.build.date=Mon Oct 25 16:44:45 CST 2010

ro.build.sw_internal_version=WIND_P729BV1.0.0B05

ro.build.display.id=ZTE_P729BV1.0.0B02

ro.com.google.gmsversion=2.1_r11


uname: Linux localhost 2.6.29 #1 PREEMPT Tue Oct 25 16:55:27 CST 2010 armv6l unknown
TM_P729TV1.0.0B02 Carrier - T-Moblile Country - Hungary
ro.build.version.release=2.1-update1

ro.build.date=Tue Oct 26 16:29:03 CST 2010

ro.build.sw_internal_version=TM_P729TV1.0.0B05

ro.build.display.id=TM_P729TV1.0.0B02

ro.com.google.gmsversion=2.1_r11


uname: Linux localhost 2.6.29 #1 PREEMPT Tue Oct 26 16:39:50 CST 2010 armv6l unknown
EFIN_P729BV1.0.0B02 Carrier - Saunalahti Country - Finland
ro.build.version.release=2.1-update1

ro.build.date=Wed Nov  3 09:44:31 CST 2010

ro.build.sw_internal_version=EFIN_P729BV1.0.0B03

ro.build.display.id=EFIN_P729BV1.0.0B02

ro.com.google.gmsversion=2.1_r12


uname: Linux localhost 2.6.29 #2 PREEMPT Wed Nov 3 09:44:05 CST 2010 armv6l unknown

Download link - http://android.podtwo.com/roms/stock/

Link to comment
Share on other sites

Guest oh!dougal
Are they really stock rom?

I found a /system/bin/busybox with some suid bit set in OUK_P729BV1.0.0B05.

Then Orange have root their phone before ship this phone?

I think you will find that Paul rooted the phone in order to get the first dump of the rom ...

... and I don't think anyone has "cleaned" these images to remove such traces!

Link to comment
Share on other sites

Guest lepton.android

Sorry. I am a android newbie.

If traditionally we don't clean such trace in the image, then is it possible that some malware can use these "traces" to do some evil thing when I don't know?

I think you will find that Paul rooted the phone in order to get the first dump of the rom ...

... and I don't think anyone has "cleaned" these images to remove such traces!

Link to comment
Share on other sites

Guest oh!dougal
Sorry. I am a android newbie.

If traditionally we don't clean such trace in the image, then is it possible that some malware can use these "traces" to do some evil thing when I don't know?

You should have no concern about malware within these rom images which have been studied by plural developers on this forum.

Or unusual facillitation of malware.

These roms are likely to be the 'safest' you will find on the forum.

They may not have been cleaned to remove every trace of their rooting, but there aren't going to be any trojans (other than the bloatware that operator has chosen to supply to all their customers).

A principal use for the stock rom library is to allow users a means to revert their phone to standard, should they wish to for any reason.

However, it is important to note that the dumps from 'development' phones are NOT production-ready and NOT immediately usable by ordinary users -- and that they do have elements of protective software security. Stay away from those until you understand what you are getting into!

Link to comment
Share on other sites

Guest Sebastian404
Are they really stock rom?

I found a /system/bin/busybox with some suid bit set in OUK_P729BV1.0.0B05.

Then Orange have root their phone before ship this phone?

I have a backup of my phone I took before I started messing with it, but Its back in the US, I will check it out when I'm back home, however most of the ROMS have them..

I have a dump of the finish ROM on my phone right here.. and when we look in /system/bin ...

-r-sr-x--- 1 root root 1225376 2010-11-03 02:00 busybox
Now yes, you might say that that's left over from when the dumper installed root/exploit, but it matches all the other file dates for the standard system stuff.. but if we look in build.prop
ro.build.date.utc=1288748671

1288748671 is an epoch is Wed, 03 Nov 2010 01:44:31 GMT

15 minutes in it...

You forget that ZTE are not the most professional bunch

Edited by Sebastian404
Link to comment
Share on other sites

Guest lepton.android
I have the idea that Busybox and SU was put by the person who uploaded the rom, but I could be wrong

I also found the time stamp of these binaries is as same as the other binary.

So if it is the person who uploaded the rom, he must do it intentionally.

Link to comment
Share on other sites

Guest Sebastian404
I also found the time stamp of these binaries is as same as the other binary.

^^ this

its not 100% accurate method, but you can normally see the file date of SuperUser.apk wont match..

Link to comment
Share on other sites

Guest kaska_pt

If the portuguese rom has busybux and has been obtained through clockwork mod recovery, then it's already rooted and not fully stock, but that's fine by me ;)

Link to comment
Share on other sites

Guest Sebastian404
If the portuguese rom has busybux and has been obtained through clockwork mod recovery, then it's already rooted and not fully stock, but that's fine by me ;)

busybox is not a sign of being rooted, and I've mentioned a couple of times now, it would seem that it comes as standard with some devices...

if you look in init.rc from the boot partitions ramdisk, and that's something you have to be quite knowledgeable to tamper with, it would seem its something ZTE know about..

	# ZTE_LOG_CXH_001,set root right
chown root system /system/bin/getlogtofile.sh
chmod 4550 /system/bin/getlogtofile.sh
chown root system /system/bin/Tgetmem
chmod 4550 /system/bin/Tgetmem
chown root system /system/bin/busybox
chmod 4550 /system/bin/busybox

chown root root /system/bin/fota_api
chmod 4555 /system/bin/fota_api
# mengxiangfei ZTE_FOTA_MXF_001[/code]

Edited by Sebastian404
Link to comment
Share on other sites

Guest kaska_pt
busybox is not a sign of being rooted, and I've mentioned a couple of times now, it would seem that it comes as standard with some devices...

if you look in init.rc from the boot partitions ramdisk, and that's something you have to be quite knowledgeable to tamper with, it would seem its something ZTE know about..

	# ZTE_LOG_CXH_001,set root right

	chown root system /system/bin/getlogtofile.sh

	chmod 4550 /system/bin/getlogtofile.sh  

	chown root system /system/bin/Tgetmem

	chmod 4550 /system/bin/Tgetmem

	chown root system /system/bin/busybox

	chmod 4550 /system/bin/busybox


	chown root root /system/bin/fota_api

	chmod 4555 /system/bin/fota_api

	# mengxiangfei ZTE_FOTA_MXF_001

thanks for the info Sebastien! Didn't know that... just curiosity, what could it be for? why would ZTE install busybox in the Portuguese Rom, will it allow to do something else?

Link to comment
Share on other sites

Guest kallt_kaffe
busybox is not a sign of being rooted, and I've mentioned a couple of times now, it would seem that it comes as standard with some devices...

if you look in init.rc from the boot partitions ramdisk, and that's something you have to be quite knowledgeable to tamper with, it would seem its something ZTE know about..

	# ZTE_LOG_CXH_001,set root right
chown root system /system/bin/getlogtofile.sh
chmod 4550 /system/bin/getlogtofile.sh
chown root system /system/bin/Tgetmem
chmod 4550 /system/bin/Tgetmem
chown root system /system/bin/busybox
chmod 4550 /system/bin/busybox

chown root root /system/bin/fota_api
chmod 4555 /system/bin/fota_api
# mengxiangfei ZTE_FOTA_MXF_001[/code]

The funny part about that part in the init.rc is that it shouldn't be there in the first place. They do lots of write operations on /system in init.rc and leaves /system mounted as read-write. I've fixed that in my latest custom ROMs. Having /system as read-write on a retail phone? Doesn't sound right to me and I sometimes wonder what they've been smoking over at ZTE when looking at the different init* files in the ramdisk.

Link to comment
Share on other sites

Guest Arr Too
Also, the portuguese rom has busybox AND su in it...

This Portuguese ROM is based on the latest UK one:

ro.build.software_version=OPT_P729BV1.0.0B03

ro.build.sw_internal_version=OPT_P729BV1.0.0B07

ro.build.UK_sw_version=OUK_P729BV1.0.0B16

Interestingly, it has a later version number on "ro.com.google.gmsversion" (2.1_r12 vs the UK's 2.1_r9).

Link to comment
Share on other sites

Guest oh!dougal
This Portuguese ROM is based on the latest UK one:

ro.build.software_version=OPT_P729BV1.0.0B03

ro.build.sw_internal_version=OPT_P729BV1.0.0B07

ro.build.UK_sw_version=OUK_P729BV1.0.0B16

Interestingly, it has a later version number on "ro.com.google.gmsversion" (2.1_r12 vs the UK's 2.1_r9).

Isn't the UK latest B08? Where has B16 come from?

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.