I think I figured out how to get past the bootloader HEHE - G1 Android Development
I am still testing but... well another user gave us the info to the update file... and it gives us the radio.img, the boot.img, and an editable system folder... I wonder if it will let you update it if you change the files... Wonder if you can sign it yourself.
Well please do let us know!
It is too late to do it tonight (for me anyways) I will be deleting files and seeing if it keeps it signed status tomorrow (you know how HTC likes every signed a certain way LOL) will keep you informed. BTW there is another thread with the file.
You get hat Structure from the Following File
https://android.clients.google.com/updates/signed-kila-ota-115247-prereq.TC4-RC19+RC28.zip
Making the Customised Image is not an Issue though but how can we signed it to Possible load it on Device.
We must get Cracked Boot loader to flash Unsigned Object and file like we have done it so far to Windows Based HTC Devices.
Yeah, I think that the signature of those files (found in the MANIFEST.MF) is crucial to get it to flash.
If, however, you can get it to flash with those things changed - that'd be pretty awesome.
The easiest way to test it, I think, would be to leave the files intact but to alter one of the signatures in the MANIFEST.MF file so that you are effectively breaking the signing (which is the same thing changing one of those files would do) - once you have done that - if the device will still flash then you KNOW you are in business.
Just don't want to waste a lot of time building some sweet image only to find out you can't do anything with it.
Just my 2 cents.
The other question is - once you've run an update from the SD card with the RC29 update can you re-run the update?
RyeBrye said:
The easiest way to test it, I think, would be to leave the files intact but to alter one of the signatures in the MANIFEST.MF file so that you are effectively breaking the signing (which is the same thing changing one of those files would do) - once you have done that - if the device will still flash then you KNOW you are in business.
{...}
The other question is - once you've run an update from the SD card with the RC29 update can you re-run the update?
Click to expand...
Click to collapse
I can test it out for you. Just change any value in the file?
And someone else had stated that you can re-update, but I'll try it again with the file changed.
Okay... so you can run the update again, just confirming.
I removed a ringtone from the /system/media/audio/ringtones but didn't change anything in the MANIFEST.MF file.
"Verification failed
Installation aborted."
Next i'll try to change the value for it in the MANIFEST.MF file and see if it goes thru.
Changin the MANIFES.MF file failed because it checks with CERT.SF
Chaning CERT.SF to be the same.
Now I got the following
E:No signature (414 files)
E: Verification failed
Installation aborted.
Time to tinker away... If someone can guide me just a lil, that would be apreciated. I'm still going to waste my time doing whatever "I beleave" is progress in the mean time
quedijo said:
Now I got the following
E:No signature (414 files)
E: Verification failed
Installation aborted.
Time to tinker away... If someone can guide me just a lil, that would be apreciated. I'm still going to waste my time doing whatever "I beleave" is progress in the mean time
Click to expand...
Click to collapse
I wish i knew anything about linux permission, i would like to help
apatcas said:
I wish i knew anything about linux permission, i would like to help
Click to expand...
Click to collapse
Thoughts count aswell
I got to go do a job right quick... should be back in 4hrs or less, I hope
i'll try to help as much as i can
Ill look into how the manifest works, ill work on it as much as I can
Let's get this baby customized
The cert is referencing a checksum to the manifest. It seems that they are using sha1-digest as stated plainly in the manifest file but i believe it is further encoded by base32 encoding. Does anybody have a base32 encoder handy?
Digests and the Signature File JDK
I believe the second line in CERT.SF is a hash for MANIFEST.MF. You need that hash to match the hash for the actual file MANIFEST.MF. There could be something that also hashes CERT.SF to see if you messed with it, but I don't see that right now.
So, edit CERT.SF so the line:
SHA1-Digest-Manifest: lsGC/wXGYwKahxByTQdTNs2K5oY=
Matches the SHA1-Digest (in base32) of MANIFEST.MF and try again.
Just to clear up some things for those following this thread...
The update image is signed with a private key by either HTC or Google (honestly not sure which, probably google). When your phone receives the image it decrypts the signature with each of the public keys it has installed, if one matches it installs.
The keys are made in pairs, the private key (which only the signer has and we will not obtain) signs and the public key (which is installed on the device as trusted) is used to decrypt.
Of course if someone can manage root access to the phone through one of the processes running as root by using a buffer overflow or something of that nature we can simply add OUR OWN public key to the phone's repository, and sign our images with OUR OWN private key. This would allow a new image to be made that once installed could auto-check for updates and pull off the same kind of update process that we see with rc29...
netcmd said:
I believe the second line in CERT.SF is a hash for MANIFEST.MF. You need that hash to match the hash for the actual file MANIFEST.MF. There could be something that also hashes CERT.SF to see if you messed with it, but I don't see that right now.
So, edit CERT.SF so the line:
SHA1-Digest-Manifest: lsGC/wXGYwKahxByTQdTNs2K5oY=
Matches the SHA1-Digest (in base32) of MANIFEST.MF and try again.
Click to expand...
Click to collapse
It is the hash for MANIFES.MF
I did that and still gives the following:
E:No signature (414 files)
E:Verification failed
syrusfrost said:
Just to clear up some things for those following this thread...
The update image is signed with a private key by either HTC or Google (honestly not sure which, probably google). When your phone receives the image it decrypts the signature with each of the public keys it has installed, if one matches it installs.
The keys are made in pairs, the private key (which only the signer has and we will not obtain) signs and the public key (which is installed on the device as trusted) is used to decrypt.
Of course if someone can manage root access to the phone through one of the processes running as root by using a buffer overflow or something of that nature we can simply add OUR OWN public key to the phone's repository, and sign our images with OUR OWN private key. This would allow a new image to be made that once installed could auto-check for updates and pull off the same kind of update process that we see with rc29...
Click to expand...
Click to collapse
@syrusfrost: It's true that the zip is signed with a private key from HTC, however we can easily resign the package using our own key. The question is will the G1 accept this?
Has anyone tried resigning the application with the jarsigner? The errors people have been listing, and the files located in META-INF corrospond to the same errors you get after patching a dalvik-executable (dex file) and not resign the package.
If the system files are NOT verifying it to the the specific HTC key we should be able to resign and have it accept out own update file...
I'm currently not at my development machine but I'm thinking we might be able to get somewhere using the permissions.xml file located in /system/etc/ - though this is considered a 'read-only' file in both the emulator and in the G1 hardware so changing it has thus far been unable to happen... Possibly a minor change like the following;
Code:
<!-- Test to see if we can gain cache access by assigning permissions and getting new
update -->
<assign-permission name="android.permission.ACCESS_CACHE_FILESYSTEM" uid="shell" />
Then resigning the whole package would let us get access to the /data/dalvik-cache system? Any takers on my... Seemingly stretching assumption?
strazzere said:
Then resigning the whole package would let us get access to the /data/dalvik-cache system? Any takers on my... Seemingly stretching assumption?
Click to expand...
Click to collapse
Okay bare with me. I wan't instructions on how to get the SHA1-digest of a file.
I found some instructions to use PHP and I can boot a LiveUSB Distro of Fedora but i'm sitll a bit lost
I have installed CyoHash for vista and the SHA1 base64 are exactly the same as the ones in the MANIFEST.CF but different for CERT.CF
So are the hashes for MANIFEST.CF SHA1 base64 and SHA1-Digest base32 for CERT.CF?
quedijo said:
Okay bare with me. I wan't instructions on how to get the SHA1-digest of a file.
I found some instructions to use PHP and I can boot a LiveUSB Distro of Fedora but i'm sitll a bit lost
I have installed CyoHash for vista and the SHA1 base64 are exactly the same as the ones in the MANIFEST.CF but different for CERT.CF
So are the hashes for MANIFEST.CF SHA1 base64 and SHA1-Digest base32 for CERT.CF?
Click to expand...
Click to collapse
I think Manifest.cf is just a regular hash checking file to make sure all files are there. While Cert.cf is the one that makes sure they are signed by the RSA
EDIT: CERT.CF is signed with HMAC-SHA1 The RSA is the public Key used to decrypt the hash correctly. I believe this means we can definitely use our own private/public keys to sign the package.
Anyone wanna help me figure out how to sign a HMAC-SHA1?
Related
rezipping update
I have opened jf1.5 adp1 and removed the camera app from it how do I zip it back up so my phone will perform the update. I have already updated my phone to the unedited version of jf1.5 adp1 when I try to use the edited version it aborts the updated
quilobo said: I have opened jf1.5 adp1 and removed the camera app from it how do I zip it back up so my phone will perform the update. I have already updated my phone to the unedited version of jf1.5 adp1 when I try to use the edited version it aborts the updated Click to expand... Click to collapse it has to be signed .. read JFs info for his "Build Environment" .. very easy to do in linux .. you can't just modify the zip and be done .. files must be signed
thanks for your response
No need for the entire build environment. Just get the AndroidMod.zip file (google for dl sources) and run the modified update.zip through signapk. There is a readme included detailing how to use it.
I have the sign app but I can't figure out how to use it. I searched but I could not find a good set of instructions.
Open your command line, change directory to the signapk directory (also for convenience your update.zip file should be in this directory too) then type: java -jar signapk.jar testkey.x509.pem testkey.pk8 update.zip update_signed.zip That's it. The update_signed.zip file will be the finished file. If it gives you an error 'java' is not a valid executable, that is because you don't have JRE or JDK installed.
ok I did all that put the update.zip that is signed on my sd card with nothing else on it. started teh up date the phone verifies the file. then it starts installing as soon as it starts to install I get this error on my phone. "E:Can't find update script installation aborted.
Somehow you deleted the update-script. Check the zip file to see if its still present: \META-INF\com\google\android\update-script
it is still there
quilobo said: it is still there Click to expand... Click to collapse Confusing.
it is only a 3k file. I found a 14k file in another update.zip I had
still says it can't find it
What archive creation program are you using to create the zip?
winzip what should I be using
Hm. Idk, I was just curious. It shouldn't make a difference really. Particularly if the signing tool worked fine. Maybe someone else can shed some light on this.
Try and re download your sources and then modify and resign. Also be sure to check your sources after download and transfer (SHA1, MD5 etc)
ok I redownloaded the file and repeated the process and still get the same error. all I am trying to do is remove the camera app from the jf1.5adp1 build and put it on my phone .
[Android RUU] Change .zip file contents WITHOUT changing md5 hash
Hey guys, I am currently working on a workaround to get root back from the RUU_Hero_C_Sprint_2.27.651.5_R_signed_release.exe that Sprint released for the HTC Hero. I have figured out a way that will revert us back to root using a hacked version of one of the test_signed RUU's I have. My main question is: I need to edit a text file in a .zip signed by HTC, without breaking the signature OR changing the md5 hash. Can this be done? I have tried many ways of going about this (including hex editing the zip) and have not made much progress. Any ideas? Any input would be appreciated, for I too "took one for the team" and updated with the released RUU, to the unrooted Sprint 2.1 Android release in order to test this out.
Nope, that would negate the reason for a check sum. The hash is calculated according to the current file/s so each time you alter it/them/an archive you will change your hash....
update-script complete command listing
hello everyone, Well After a few weeks looking to find a guide with all the update scripts commands. I finally dove into the source from CM7 and stripped out the commands for writting scripts. most of the descriptions were straight from the source with slight rewording to try and make it a bit clearer. I hope this helps! ****commands***** assert(bool); tests to see if the argument passed to it is true. continues if true or fails when false format(root) wipes data starting at the point passed to it delete<file1>[<fileN>...] like rm -f. it will continue to delete even if previous delete failed. delete_recursive<file or dir1[<file or directoryN>....] same as delete except if it fails to delete early it will stop copy_dir<source-dir> <dst-dir> [timestamp] copies from source to dst. nothing in dst is changes unless something in source overwrote them. the timestamp is in decimal seconds since 1970. if not supplied a default one will be used ex: "copy_dir PKG:system SYSTEM:" will copy the contents of system to SYSTEM run_program <program-file>[args....] run a program included in the update package set_perm <uid> <gid> <mode> <path>[<pathN>....] set_perm_recursive<uid> <gid> <dir-mode> <file-mode> <path>[<pathN>....] like "chmod" "chown" "chgrp" all in one. sets permissions and owner using integer values for linux permissions on a single file or an entire directory tree. any error causes failure. show_progress <fraction> <duration> use <fraction> of the on screen progress bar for the following operation. fill acording to <duration> or faster if the actual duration can be determined. symlink <link-target> <link-path> creates a symlink between <link-target> and <link-path>. <link-path> must be in rootath format however <link-target> may be relative. write_radio_image<src-image> write_hboot_image<src-image> copies radio or hboot image to the proper partition. will not take effect until the rest of the instalation finishes. write_raw_image <src-image> <destination-root> write an image to ur specified partition mark <resource> dirty|clean marks the resource as dirty or clean. checks exist to insure that the entire file system is not marked dirty to force a downgrade **** function definitions ***** compatible_with(<version>) returns true if the parser and command set support the named version update_forced() returns true if some part of the system has determined that the update should happen no matter what get_mark (<resource>) returns the current mark provided with <resource> hash_dir(<path-to-dir>) makes a hash for comparison uses of the provided dir matches(<str1>, <str2> [,<strN> ...]) test to see if a supplied string matches. more than two may be supplied concat(<str1>, <str2> [,<strN> ...] combines all supplied strings getprop(<property>) returns the named Android system property value or "" if not set file_contains(<filename>, <substring>) returns true if file contains <substring>
thank you very much
This would be extremely helpful for a lot of people if update-script wasn't outdated by updater-script and binary. Any chance you want to take on that project too?
Cayniarb said: This would be extremely helpful for a lot of people if update-script wasn't outdated by updater-script and binary. Any chance you want to take on that project too? Click to expand... Click to collapse To be fair, a lot of ROMs, themes, etc still use update-script rather than updater/binary. Idk, I still use update-script a lot. Having some issues with the set_perm. Regardless, than you for the thread. I have found it rather useful.
xap package signature is not valid?
i try to load some xap files into my phone using Tom XAP Installer v1.1, but i consistently got some error messages. i tried every method and can not fix it. 1. make sure your phone is unlocked 2. make sure you connected device to pc and zune launched. My device is 100% sure unlocked and i have every tool installed in my machine. Finally i used application deployment tool by MS, and i got error message: "xap package signature is not valid or the wp manifest file is invalid. re-sign with valid signature and fix the manifest file." what should i do? thanks for you help.
The XAP's are DRM protected. I know multiple ways to strip off the DRM, but that would be illegal and therefore I will not give you instructions on this forum. That would violate the rules of XDA forum.
The guy who gave you the xap used the wrong compression method to generate it. - Rename it to .zip - Decompress the zip - Compress the decompressed files with Windows Integrated ZIP (Right Click->Send To) - Rename .zip to .xap
so basically if you knew multiple ways to strip off the DRM, i can google it and do it by myself. anyway, thanks. Heathcliff74 said: The XAP's are DRM protected. I know multiple ways to strip off the DRM, but that would be illegal and therefore I will not give you instructions on this forum. That would violate the rules of XDA forum. Click to expand... Click to collapse
simply re-decompressing the file will solve my problem? i doubt. but i will try later. thanks. kuerbis2 said: The guy who gave you the xap used the wrong compression method to generate it. - Rename it to .zip - Decompress the zip - Compress the decompressed files with Windows Integrated ZIP (Right Click->Send To) - Rename .zip to .xap Click to expand... Click to collapse
thanks it's working...
does not work for me, but thanks?
I think you can use WP7-DesktopMarketplace And remember to choose Remove DRM & Replace signature
[TOOL] yaffs extractor, mmssms.db & contacts2.db converter
Some time ago I sold my old android phone and forgot to make a backup of SMS messages and call logs, but kept a complete image backup made by clockworkmod recovery (system.img, data.img, etc.). I wanted to import my SMS messages and call logs to a new phone, but without a reasonable backup this seemed to be impossible. Some quick search over the internet showed that a question about extracting/importing SMS messages from mmssms.db is not so uncommon, but there are no tools to do this. So I wrote one, and decided to share Sources are available at github.com abbot/android-restore-tools. It requires Python 2.6 and above to run. I've also made compiled binaries for windows, attached to this post. [Binaries last updated on 12.04.2011]
Thanks for the tools. Nice work. Sent from my GT-I8150 using XDA
Hello, I'm trying to use your tool to extract SMS from a nandroid backup. I'm using the data.yaffs2.img file from the backup. When I choose #2 for mmssms.db and then "s" to extract SMS I get the following error: Failed to extract messages: file is encrypted or is not a database DatabaseError('file is encrypted or is not a database',) Warning: failed to remove temporary file... What does this mean, and is there a solution?
Hi, This may be caused by two things: either my tool can't properly read/extract the image file, or it can't read the database. Please try to extract the image (extract -x data.yaffs2.img). If this does not produce any errors, find the mmssms.db file in the extracted data, it will probably be in data/com.android.providers.telephony/databases/mmssms.db. Then try to run extract -s mmssms.db. Please post if you get any errors doing these steps.
There was an error while extracting the image...it got through partway, but then failed at some bluetooth directory with colons in the path. So I used a different tool to extract it, which went successfully. Then I ran extract -s mmssms.db which came with the same error. I'm pretty sure there isn't some weird encryption since I opened it up with Notepad ++ and I could read bits and pieces of conversations. Anything else to try?
This might be caused by an older sqlite3 version bundled with binaries. I have updated the binaries in the first message to a newer version, could you download it and try again, extract -s mmssms.db?
Different error this time: Failed to extract messages: no such column: failure_cause OperationalError('no such column: failure_cause',) Warning: failed to remove temporary file... FYI the first thing at the top of the file when I open in Notepad++ is SQLite format 3 and this is from an HTC device running Android 4.x does that help at all?
This is much better and now makes sense: android 4.0 usually has sqlite 3.7.x, previous binary build of this tool had sqlite 3.6.21, and that was the reason for the 'file is encrypted or is not a database' error. Now it looks like mmssms.db format in Android 4.0 has changed a little bit. I will have a look on these changes and update the app accordingly. Hope it will not take too much time
abbot2 said: This is much better and now makes sense: android 4.0 usually has sqlite 3.7.x, previous binary build of this tool had sqlite 3.6.21, and that was the reason for the 'file is encrypted or is not a database' error. Now it looks like mmssms.db format in Android 4.0 has changed a little bit. I will have a look on these changes and update the app accordingly. Hope it will not take too much time Click to expand... Click to collapse That would be awesome, perhaps keep the old version available for other folks too though If you can get this working I'll be sure to send a couple bucks your way. Thanks!
I have updated the extractor again, did some limited testing with android 4.0.3 on the emulator - seems to work. This database has a number of fields removed on android 4 compared to android 2, however everything required for xml dump is still there - just had to remove some unused stuff. Download the new version and try again. Regarding the older versions, no reason to keep them - new one works fine with old database formats.
Awesome works perfectly! Send me a PM where to donate. Sent from my GT-I9000 using xda premium
Thanks! It really works perfectly. Any plans to include MMS?
Sorry for the noobish question but I'm not familiar with Python. Installed newest version of Python and also got the extracted mmssms.db and contacts2.db (used Nandriod Browser to extract them), which command lines do I need/what do I have to do? :s €dit: Downloaded the zip from github and got as far as opening mmssms2xml.py which gives me an error when opening the mmssms.db Exception in Tkinter callback Traceback (most recent call last): File "C:\Python27\lib\lib-tk\Tkinter.py", line 1410, in __call__ return self.func(*args) File "D:\Downloads\abbot-android-restore-tools-bc8584d\abbot-android-restore-t ools-bc8584d\mmssms2xml.py", line 99, in open_file self.messages = read_messages(filename) File "D:\Downloads\abbot-android-restore-tools-bc8584d\abbot-android-restore-t ools-bc8584d\mmssms2xml.py", line 33, in read_messages c.execute("SELECT _id, thread_id, address, person, date, protocol, read, pri ority, status, type, callback_number, reply_path_present, subject, body, service _center, failure_cause, locked, error_code, stack_type, seen, sort_index FROM sm s ORDER BY date DESC") OperationalError: no such column: priority Click to expand... Click to collapse €dit2: No problems with contacts2.db?! €dit3: Well..this should be the last, found this explanation of rani2001 over here (http://forum.xda-developers.com/showpost.php?p=25173166&postcount=7). That did it for me!
Dude you just made my day
Can you please compile a new windows version with the latest files from github? Or give us a manual how to use the .py files. I think this will help many of us. Thank you very much. BTW: Your tool worked perfectly with my mmssms.db but failed with contacts2.db. Maybe the new files requested above will help me.
Got all my sms back thanks to you. Amazing script, Thanks for sharing and explaining and updating.
60% There I was just wondering if there was anything special I had to do to merge my old SMS list and the ones from the new list. I didn't see an option there for it and I don't want to just paste it in there and load it. Many thanks ahead of time
Hi I want to extract the data.yaffs2.img from my HTC Desire nandroid backup but get the error message: > extract.exe -s data.yaffs2.img Failed to extract messages: file is encrypted or is not a database Any ideas?
I tried this tool yesterday evening and I'm truly grateful for your work! I was ready to spend the whole night to work with these damn tables when I found your work. Many thanks! :highfive:
Where is the file stored after i run it? This is what I got. Code: C:\Users\Damastah>C:\Users\Damastah\Downloads\yaffs-mmssmsdb-calls-extractor\ext ract.exe -s D:\S3_recovery\mmssms.db Read 1782 messages Save as (empty=sms-20130330111807.xml): y