Guest Gary_J_Wright Posted July 7, 2012 Report Posted July 7, 2012 (edited) this is a script that can extract update.app for G300 originally by Mcspoon then zebadger and Qiwu Haung Need help with modifying this perl script for windows, that extracts update.app, you need active perl for windows installed to use cant quite get it to extract properly and crap @ perl and my linux hard drive is down so cant dual boot into linux to use trying to get it to complete with out errors plus im on the beer tonight, so not a good combo.....split_update.zip Edited July 7, 2012 by Gary_J_Wright
Guest tillaz Posted July 7, 2012 Report Posted July 7, 2012 what errors are you getting CRC ? this is how i done it (post #22) http://www.modaco.com/topic/355595-cook-b926/page__st__20 i just ignored the crc errors, and after extracting the system.img and boot.img everything seems ok
Guest Gary_J_Wright Posted July 8, 2012 Report Posted July 8, 2012 Are you extracting B926? yes to b926 and i think i removed the crc check from perl script, get a unknown file error when complete the resulting system.img wont unpack with unyaffs (as you can do with a CWM backup) says it may be corrupted
Guest Gary_J_Wright Posted July 8, 2012 Report Posted July 8, 2012 (edited) what errors are you getting CRC ? this is how i done it (post #22) http://www.modaco.co...26/page__st__20 i just ignored the crc errors, and after extracting the system.img and boot.img everything seems ok i will try that way lol I just used the syntax i found via google, probably less alcohol would help to.... Edited July 8, 2012 by Gary_J_Wright
Guest Dazzozo Posted July 8, 2012 Report Posted July 8, 2012 You can't extract B926 with unyaffs2 as it isn't a yaffs2 image. It's an ext4 image. As much as we'd like, unyaffs2 isn't the ultimate solution to every Android image.
Guest Gary_J_Wright Posted July 8, 2012 Report Posted July 8, 2012 (edited) You can't extract B926 with unyaffs2 as it isn't a yaffs2 image. It's an ext4 image. As much as we'd like, unyaffs2 isn't the ultimate solution to every Android image. okay i see more research and less alcohol!!! :unsure: used diskinternasl linux reader for windows to mount the ext4.img and to extract /save file structure - sorted! Edited July 8, 2012 by Gary_J_Wright
Guest sej7278 Posted July 8, 2012 Report Posted July 8, 2012 (edited) if its ext4 then you could mount it on linux using just a loop: mount -t ext4 -o loop ext4.img /mnt if you're getting "unknown file" its just that that file doesn't exist in %fileHash which is quite likely, and not a problem i'd say. you don't need to rename the file, just pass it in as an argument: ./split_update.pl UPDATA.APP[/code] i just had a poke at it and oddly enough split_update.pl gives me "Unrecognised file format. Wrong identifier." but split_updata.pl doesn't, even though the code for doing that bit doesn't differ (maybe its windoze line wrappings or something). i end up with this lot, most of the unknown_file's just seem to be huawei version strings (e.g. U8818V100R001C17B926 and U8815V100R001C00B924) [code]$ file * AMSSMBN.img: x86 boot sector, mkdosfs boot message display, code offset 0x3c, OEM-ID " mkdosfs", sectors/cluster 8, root entries 512, Media descriptor 0xf8, sectors/FAT 130, heads 64, sectors 266240 (volumes > 32 MB) , serial number 0x7a0a34fb, label: " ", FAT (16 bit) appsboothd.mbn: data boot.img: data boot_versions.txt: data cust.img: Linux rev 1.0 ext4 filesystem data (extents) (large files) file01.mbn: Hitachi SH big-endian COFF object, not stripped file02.mbn: data file04.mbn: data file05.mbn: data file07.mbn: data file18.mbn: data file20.mbn: data file21.mbn: Tower32/800 68020 recovery.img: data system.img: Linux rev 1.0 ext4 filesystem data (extents) (large files) unknown_file.0: x86 boot sector; partition 1: ID=0x4d, active, starthead 0, startsector 1, 40 sectors; partition 2: ID=0x45, starthead 0, startsector 41, 600 sectors; partition 3: ID=0xc, starthead 0, startsector 641, 266240 sectors; partition 4: ID=0x5, starthead 0, startsector 266881, 0 sectors, code offset 0x0 unknown_file.1: ASCII text, with CRLF line terminators unknown_file.10: ASCII text, with CRLF line terminators unknown_file.2: data unknown_file.3: ASCII text, with CRLF line terminators unknown_file.4: data unknown_file.5: data unknown_file.6: DOS executable (device driver) unknown_file.7: data unknown_file.8: DBase 3 index file unknown_file.9: ASCII text, with CRLF line terminators userdata.img: Linux rev 1.0 ext4 filesystem data (extents) (large files) version.txt: data[/code] Edited July 8, 2012 by sej7278
Guest Dazzozo Posted July 8, 2012 Report Posted July 8, 2012 How is it typical of Huawei? This isn't Huawei's code. Read the comments at the top, it was clearly added by the guy who wrote the script.
Guest Davidoff59 Posted July 8, 2012 Report Posted July 8, 2012 I was going to say that I thought the code was tweaked on other phones so we could identify what each individual file was so the same will need doing for this script.
Guest Gary_J_Wright Posted July 8, 2012 Report Posted July 8, 2012 Dont worrry used tillaz version ignored the crc and extracted the ext4.img and saved file structure - sorted - shame i missed tillaz post it would of saved me a hour or so!
Guest tcpaulh Posted September 24, 2012 Report Posted September 24, 2012 Which of these remain a mystery:-AMSSMBN.img 22,760,448 appsboothd.mbn 40 boot.img 4,462,592 boot_versions.txt 40 cust.img 41,943,040 file01.mbn 80 file02.mbn 40 file04.mbn 9,508 file05.mbn 641,424 file07.mbn 40 file18.mbn 128 file20.mbn 40 file21.mbn 38,962 recovery.img 5,146,624 system.img 396,361,728 unknown_file.0 405 unknown_file.1 24,576 unknown_file.10 20 unknown_file.2 145,844 unknown_file.3 25 unknown_file.4 3,145,728 unknown_file.5 3,145,728 unknown_file.6 768,000 unknown_file.7 3,864,000 unknown_file.8 205,108 unknown_file.9 330 userdata.img 155,189,248
Guest tcpaulh Posted September 25, 2012 Report Posted September 25, 2012 ;-) So we know what eg file01.mbn is?
Guest da2401 Posted September 25, 2012 Report Posted September 25, 2012 Some of the 40-byte-files are identical - those are the 'HD'-files .. (Hardware Description, or Hardware Device, just guessing) Here is a list of what those file could be ... file01.mbn -> HD-file file02.mbn -> HD-file file04.mbn -> could be QCSBL_CFGDATA file05.mbn -> imho the extracting / flashing / controlling program file07.mbn -> HD-File file18.mbn -> MD5_RSA file20.mbn -> HD-File file21.mbn -> ADSP ? unknown_file.0 -> OEMSBL_Version-List (list of upgradeable Versions) unknown_file.1 -> another Config-File (?) unknown_file.10 -> AMSS-Version unknown_file.2 -> QC_SystemBootloader (?) unknown_file.3 -> OEMSBL_Version unknown_file.4 -> MODEM_ST1 unknown_file.5 -> MODEM_ST2 unknown_file.6 -> Boot-Splashlogo (RAW565 480x800) unknown_file.7 -> Install-Pictures (Updateing 1/2, Installing 2/2, one RAW565, 480 width, 4025 height) unknown_file.8 -> fastboot (?) unknown_file.9 -> AMSS_Version_List
Guest tcpaulh Posted September 25, 2012 Report Posted September 25, 2012 da2401, that's great thanks. BTW, there's (unfinished?) repacker code at https://github.com/terrex/unupdatapp courtesy of terrex found at
Guest b4da55 Posted September 25, 2012 Report Posted September 25, 2012 will this be able to change caseband/version check?
Guest tcpaulh Posted September 25, 2012 Report Posted September 25, 2012 will this be able to change caseband/version check? Potentially, yes. Not sure how far along it is. Signature checking may still need disabling.
Guest b4da55 Posted September 25, 2012 Report Posted September 25, 2012 that would be awesome. keep up the good work
Guest da2401 Posted September 25, 2012 Report Posted September 25, 2012 Also interesting: http://www.scribd.com/doc/106714961/41/eMMC-loading-procedure Those 40-Byte-HD-files are header binaries, but I still don't know what they good for.
Guest tcpaulh Posted September 25, 2012 Report Posted September 25, 2012 (edited) Editing cust.img https://docs.google....VRDIbxRGh4/edit Editing/repacking stock rom .img files http://forum.xda-developers.com/showthread.php?t=1081239 Getting a bit OT here but interesting. Edited September 25, 2012 by tcpaulh
Guest tcpaulh Posted September 25, 2012 Report Posted September 25, 2012 (edited) AMSSMBN.img 22,760,448 AMSS modem binary image appsboothd.mbn 40 lk bootloader binary boot.img 4,462,592 Kernel, ramdisk and boot config boot_versions.txt 40 Encoded list of roms? cust.img 41,943,040 Huawei custom settings eg toggles, boot animation, locale, language file01.mbn 80 HD-file file02.mbn 40 HD-file file04.mbn 9,508 could be QCSBL_CFGDATA file05.mbn 641,424 extracting / flashing / controlling program file07.mbn 40 HD-File file18.mbn 128 MD5_RSA file20.mbn 40 HD-File file21.mbn 38,962 ADSP ? recovery.img 5,146,624 The recovery and update environment’s kernel and ramdisk. Similar to BOOT. system.img 396,361,728 The OS partition, static and read-only. unknown_file.0 405 OEMSBL_Version-List unknown_file.1 24,576 Config-File (?) unknown_file.10 20 AMSS-Version unknown_file.2 145,844 qcsbl.mbn(?) Qualcomm Secondary Bootloader (?) unknown_file.3 25 OEMSBL_Version unknown_file.4 3,145,728 MODEM_ST1 unknown_file.5 3,145,728 MODEM_ST2 unknown_file.6 768,000 Boot-Splashlogo (RAW565 480x800) unknown_file.7 3,864,000 Install-Pictures (Updateing 1/2, Installing 2/2, one RAW565, 480 width, 4025 height) unknown_file.8 205,108 fastboot (?) unknown_file.9 330 AMSS_Version_List userdata.img 155,189,248 default /data/app applications? MSM7x27A uses a multistage boot that is comprised of a Primary Boot Loader (PBL), Qualcomm secondary Boot Loader (QCSBL), and OEM Secondary Boot Loader (OEMSBL). The binary files corresponding to the multistage boot loaders, the associated headers, and the AMSS are placed in the build\ms\bin\<build_id> directory. amss.mbn AMSS modem binary image amsshd.mbn AMSS modem binary image header qcsbl.mbn Qualcomm secondary boot loader binary qcsblhd_cfgdata.mbn Qualcomm secondary boot loader header and config data binary oemsbl.mbn OEM secondary boot loader binary oemsblhd.mbn OEM secondary boot loader header binary partition.mbn Partition table binary NPRG7627A.hex QPST host downloader The following .mbn files are intermediate files generated during the build process and will be inserted into the final AMSS image: amss_hash.mbn – Binary image containing hash information for verifying the integrity of AMSS images amss_hashhd.mbn – Header for the hash information image The multi-image JNAND in the tools\mjnand directory is used to program these binary images into the NAND Flash. Edited September 25, 2012 by tcpaulh
Guest da2401 Posted September 27, 2012 Report Posted September 27, 2012 (edited) There's a lot of other stuff in other forums concerning creation of update.app, e.g. a huawei-Tool bin2app for a huawei tablet. As long as the private rsa key isn't available/leaking, there is no chance creating a valid update.app. Edited September 27, 2012 by da2401
Guest Dazzozo Posted September 27, 2012 Report Posted September 27, 2012 This thread is great and I love it :P Does the install procedure actually check for a signature? I wouldn't be surprised if Huawei relied on security through obscurity.
Guest tcpaulh Posted September 27, 2012 Report Posted September 27, 2012 There are references to a limited number of secure machines at Huawei for building. Presumably due to RSA key. Someone should try the repacking code to see where it's at. Still hoping it will be possible to disable signatures
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now