Jump to content


Photo

Extracting UPDATE.APP HELP

- - - - -

  • Please log in to reply
32 replies to this topic

#21
tcpaulh

tcpaulh

    Addict

  • Members
  • PipPipPipPipPip
  • 947 posts
  • Gender:Male
  • Devices:Moto G, Huawei G300, ZTE Blade
  • Twitter:@tcpaulh
Editing cust.img https://docs.google....VRDIbxRGh4/edit

Editing/repacking stock rom .img files http://forum.xda-dev...d.php?t=1081239

Getting a bit OT here but interesting.

Edited by tcpaulh, 25 September 2012 - 08:53 PM.

  • 0

How To Provide Error Logs

 

There's a problem on KitKat with text wrap / reflow not working. Issue raised here. Please Star and Reply if you think it's a stupid regression


#22
tcpaulh

tcpaulh

    Addict

  • Members
  • PipPipPipPipPip
  • 947 posts
  • Gender:Male
  • Devices:Moto G, Huawei G300, ZTE Blade
  • Twitter:@tcpaulh
AMSSMBN.img 22,760,448 AMSS modem binary image
appsboothd.mbn 40 lk bootloader binary
boot.img 4,462,592 Kernel, ramdisk and boot config
boot_versions.txt 40 Encoded list of roms?
cust.img 41,943,040 Huawei custom settings eg toggles, boot animation, locale, language
file01.mbn 80 HD-file
file02.mbn 40 HD-file
file04.mbn 9,508 could be QCSBL_CFGDATA
file05.mbn 641,424 extracting / flashing / controlling program
file07.mbn 40 HD-File
file18.mbn 128 MD5_RSA
file20.mbn 40 HD-File
file21.mbn 38,962 ADSP ?
recovery.img 5,146,624 The recovery and update environment’s kernel and ramdisk. Similar to BOOT.
system.img 396,361,728 The OS partition, static and read-only.
unknown_file.0 405 OEMSBL_Version-List
unknown_file.1 24,576 Config-File (?)
unknown_file.10 20 AMSS-Version
unknown_file.2 145,844 qcsbl.mbn(?) Qualcomm Secondary Bootloader (?)
unknown_file.3 25 OEMSBL_Version
unknown_file.4 3,145,728 MODEM_ST1
unknown_file.5 3,145,728 MODEM_ST2
unknown_file.6 768,000 Boot-Splashlogo (RAW565 480x800)
unknown_file.7 3,864,000 Install-Pictures (Updateing 1/2, Installing 2/2, one RAW565, 480 width, 4025 height)
unknown_file.8 205,108 fastboot (?)
unknown_file.9 330 AMSS_Version_List
userdata.img 155,189,248 default /data/app applications?


MSM7x27A uses a multistage boot that is comprised of a Primary Boot Loader (PBL), Qualcomm secondary Boot Loader (QCSBL), and OEM Secondary Boot Loader (OEMSBL). The binary files corresponding to the multistage boot loaders, the associated headers, and the AMSS are placed in the build\ms\bin\<build_id> directory.
amss.mbn AMSS modem binary image
amsshd.mbn AMSS modem binary image header
qcsbl.mbn Qualcomm secondary boot loader binary
qcsblhd_cfgdata.mbn Qualcomm secondary boot loader header and config data binary
oemsbl.mbn OEM secondary boot loader binary
oemsblhd.mbn OEM secondary boot loader header binary
partition.mbn Partition table binary
NPRG7627A.hex QPST host downloader
The following .mbn files are intermediate files generated during the build process and will be inserted into the final AMSS image:
 amss_hash.mbn – Binary image containing hash information for verifying the integrity of AMSS images
 amss_hashhd.mbn – Header for the hash information image
The multi-image JNAND in the tools\mjnand directory is used to program these binary images into the NAND Flash.


Edited by tcpaulh, 25 September 2012 - 09:23 PM.

  • 0

How To Provide Error Logs

 

There's a problem on KitKat with text wrap / reflow not working. Issue raised here. Please Star and Reply if you think it's a stupid regression


#23
da2401

da2401

    Newbie

  • Members
  • Pip
  • 10 posts
There's a lot of other stuff in other forums concerning creation of update.app, e.g. a huawei-Tool bin2app for a huawei tablet.
As long as the private rsa key isn't available/leaking, there is no chance creating a valid update.app.

Edited by da2401, 27 September 2012 - 09:49 AM.

  • 0

#24
Dazzozo

Dazzozo

    Hardcore

  • Developer Team
  • PipPipPipPipPipPip
  • 3,305 posts
  • Gender:Male
  • Location:Shropshire, UK
  • Devices:Crescent, G300, Y300, Nexus 5
  • Twitter:@Dazzozo
This thread is great and I love it :P

Does the install procedure actually check for a signature? I wouldn't be surprised if Huawei relied on security through obscurity.

  • 0
Like my work? Give me rep!

Like my work a lot? Donate! Remember to leave your forum name if you want to be credited!

#25
tcpaulh

tcpaulh

    Addict

  • Members
  • PipPipPipPipPip
  • 947 posts
  • Gender:Male
  • Devices:Moto G, Huawei G300, ZTE Blade
  • Twitter:@tcpaulh
There are references to a limited number of secure machines at Huawei for building. Presumably due to RSA key.

Someone should try the repacking code to see where it's at.

Still hoping it will be possible to disable signatures

  • 0

How To Provide Error Logs

 

There's a problem on KitKat with text wrap / reflow not working. Issue raised here. Please Star and Reply if you think it's a stupid regression


#26
tcpaulh

tcpaulh

    Addict

  • Members
  • PipPipPipPipPip
  • 947 posts
  • Gender:Male
  • Devices:Moto G, Huawei G300, ZTE Blade
  • Twitter:@tcpaulh

This thread is great and I love it (deletesmiley)

Does the install procedure actually check for a signature? I wouldn't be surprised if Huawei relied on security through obscurity.


Because we're like a bunch of blind lesbians in a fish market?

I could figure out how to compile https://github.com/terrex/unupdatapp but not in the next couple of weeks. Going away :-)
Also not sure if anyone has tried bin2app

Edited by tcpaulh, 27 September 2012 - 11:23 AM.

  • 0

How To Provide Error Logs

 

There's a problem on KitKat with text wrap / reflow not working. Issue raised here. Please Star and Reply if you think it's a stupid regression


#27
da2401

da2401

    Newbie

  • Members
  • Pip
  • 10 posts
I actually have bin2app.exe, but this one was for an old tablet. Neither the update.app contains a signature nor is the structure valid (the 0x55aa5aa5 is missing and other things).

I wrote a java program for extracting and crc-checking update.app, but the other way is still impossible.

  • 0

#28
tcpaulh

tcpaulh

    Addict

  • Members
  • PipPipPipPipPip
  • 947 posts
  • Gender:Male
  • Devices:Moto G, Huawei G300, ZTE Blade
  • Twitter:@tcpaulh

I actually have bin2app.exe, but this one was for an old tablet. Neither the update.app contains a signature nor is the structure valid (the 0x55aa5aa5 is missing and other things).

I wrote a java program for extracting and crc-checking update.app, but the other way is still impossible.


Would be interesting to see your java app and possibly the bin2app in case someone can hack it :)

  • 0

How To Provide Error Logs

 

There's a problem on KitKat with text wrap / reflow not working. Issue raised here. Please Star and Reply if you think it's a stupid regression


#29
unaszplodrmann

unaszplodrmann

    Diehard

  • Members
  • PipPipPipPip
  • 400 posts
  • Gender:Male
  • Devices:Huawei G300

Would be interesting to see your java app and possibly the bin2app in case someone can hack it :)


Hands up anyone who'd be willing to test a package created by just such a homebrew programme. Come on now, don't be shy; it won't trash the partition table... honest.

  • 0
Kill the bee... and ultimately... you'll have nothing to spread on your toast — John Shuttleworth

#30
Davidoff59

Davidoff59

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 2,317 posts
  • Gender:Male
  • Devices:Orange San Francisco, G300
well some Huawei updates have bricked some phones so maybe the b952 update could cause a few also if someone tested this, if u get what I mean.

  • 0

#31
tcpaulh

tcpaulh

    Addict

  • Members
  • PipPipPipPipPip
  • 947 posts
  • Gender:Male
  • Devices:Moto G, Huawei G300, ZTE Blade
  • Twitter:@tcpaulh

Hands up anyone who'd be willing to test a package created by just such a homebrew programme. Come on now, don't be shy; it won't trash the partition table... honest.


The java app in question was for extracting. I'm guessing you're having a bit of a laugh about volunteers for flashing a repacked update. Not sure though :)

I'd potentially be up for it after having a discussion with the coder.

UPDATE.APP is digitally signed with a private key only Huawei has.
What could probably be done, is patch osbl to ignore signature verification and save it to /dev/block/mmcblk0p3


.
Repacking shouldn't be a major hurdle though it wouldn't have a valid RSA key.

bin2app here :- http://people.freede...5/我的光盘/release/

Edited by tcpaulh, 18 December 2012 - 01:09 AM.

  • 0

How To Provide Error Logs

 

There's a problem on KitKat with text wrap / reflow not working. Issue raised here. Please Star and Reply if you think it's a stupid regression


#32
unaszplodrmann

unaszplodrmann

    Diehard

  • Members
  • PipPipPipPip
  • 400 posts
  • Gender:Male
  • Devices:Huawei G300

I'm guessing you're having a bit of a laugh about volunteers for flashing a repacked update.


Aye. Ohh, I seee - bin2app is ostensibly a Huawei tool. No more risky than using any another vendor tool, like Odin for example... :unsure: :blink: :D

  • 0
Kill the bee... and ultimately... you'll have nothing to spread on your toast — John Shuttleworth

#33
tcpaulh

tcpaulh

    Addict

  • Members
  • PipPipPipPipPip
  • 947 posts
  • Gender:Male
  • Devices:Moto G, Huawei G300, ZTE Blade
  • Twitter:@tcpaulh

Aye. Ohh, I seee - bin2app is ostensibly a Huawei tool. No more risky than using any another vendor tool, like Odin for example... :unsure: :blink: :D


Pretty much. At least they use it. Probably not that version though. Patching the os bootloader (mmcblk03 off the top of my head :eek: ?!?) so it doesn't require the RSA signature is perhaps the biggest hurdle.

  • 0

How To Provide Error Logs

 

There's a problem on KitKat with text wrap / reflow not working. Issue raised here. Please Star and Reply if you think it's a stupid regression





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users