Samsung Moment
Find Your Forum
  
Welcome, Guest. Please login or register.
Did you miss your activation email?

News: Do you like Samsung Moment?
Advanced search
Scratch-Proof your Samsung Moment        Best Price on Sprint Phones      Screen Protection Latest Ringtone for your mobile
Pages: [1] 2
« previous next »
Print
Topic: Flashing Custom Content  (Read 6259 times)
zefie
Pro Member
****

Cookies: 29
Posts: 458


View Profile
« on: December 07, 2009, 10:47:45 AM »
Our first goal should be to flash a modified version of the CJ05 rom. Hex edit one byte, doesn't matter, just change something so the checksum fails. We need to figure out said checksum.

Our second goal should be to flash the stock android system.img, data.img, cache.img and kernel. I know it won't work correctly due to lack of drivers, but once we can flash the stock Android, it should be easy to make our own.
Logged
mrjones98
Newbie
*

Cookies: 0
Posts: 7


View Profile
« Reply #1 on: December 08, 2009, 05:28:52 PM »
What does this entail, in a general sense?  I'd like to start helping and I'm a firmware/software engineer in my other life with quite a bit of linux experience.  However, I'm brand new to android and haven't even begun looking at anything.  I just got my first non-WM phone a couple weeks ago...
Logged
hokansoc
Global Moderator
Moment Monster
*****

Cookies: 21
Posts: 890


hokansoc@googlewave.com


View Profile WWW
« Reply #2 on: December 08, 2009, 07:06:32 PM »
Well it entails tricking the checksum on the phone / odin in order to be able to install our own rom. As of right now, we can't even un-tar the file and re-tar it and install it. It has to be the official one. (which btw, is precisely 1024 bytes larger than the un-tarballed and re-tarballed one). Not sure how to do that yet.
Logged
peepsalot
Jr. Member
**

Cookies: 8
Posts: 90


View Profile
« Reply #3 on: December 08, 2009, 09:30:32 PM »
Quote from: hokansoc on December 08, 2009, 07:06:32 PM
...It has to be the official one. (which btw, is precisely 1024 bytes larger than the un-tarballed and re-tarballed one). Not sure how to do that yet.

I think you have it backwards, I did some testing and my un-tar'd and re-retar'd file is 1024 bytes longer than the official one I downloaded.  These extra bytes are at the end of the tar file and are just a bunch of zeroes that can be trimmed off (not sure why tar puts them there).

Also, the files in the original tar come in a particular order.  To put re-tar them in the same order, use this command:
Code:
tar -cf SPH-M900_CJ05_REL_re-tard.tar Sbl.bin boot.bin cache.rfs factoryfs.rfs logo.png modem.bin zImage datafs.rfs
I've done this on a windows machine, using tar from cygwin.  After trimming the trailing zeroes, I get the exact same size.  It's still not a byte-for-byte match with the original, since some of the file headers don't match exactly(owner,group,permissions,etc) gets mangled.  I'm not sure if this is due to windows not having the same sort of permissions data as linux, but I'm going to try this later on my linux box to see if it matches closer.

The tar format is pretty simple, it's just: file1 header, file1 data, file2 header, file2 data, etc.  With a hex editor and a calculator that supports octal/hex, you can compute the position of the next file header and see everything yourself.
Tar file format description for reference

I could try making an application or script that tries to reproduce the original tar exactly if you guys think this would be useful.
« Last Edit: December 08, 2009, 09:39:17 PM by peepsalot » Logged
peepsalot
Jr. Member
**

Cookies: 8
Posts: 90


View Profile
« Reply #4 on: December 09, 2009, 02:25:44 AM »
Alright, I went ahead and wrote this program for re-tar'ing the ROM files in the exact format as the original.
It recreates it byte-for-byte.  Source code attached.

Hope that's useful to someone, cause I have no idea what to do with this now that I made it Huh

Also, which file exactly are you talking about that you need to figure out the checksum for?

Edit: Removed faulty program attachment, see updated program in post below.
« Last Edit: December 09, 2009, 12:48:11 PM by peepsalot » Logged
zefie
Pro Member
****

Cookies: 29
Posts: 458


View Profile
« Reply #5 on: December 09, 2009, 08:43:23 AM »
Quote from: peepsalot on December 09, 2009, 02:25:44 AM
Alright, I went ahead and wrote this program for re-tar'ing the ROM files in the exact format as the original.
It recreates it byte-for-byte.  Source code attached.

Hope that's useful to someone, cause I have no idea what to do with this now that I made it Huh

Also, which file exactly are you talking about that you need to figure out the checksum for?


root@debian:~/tmp/SPH-M900_CJ05_REL# ./retar-moment-x86-linux  test.tar
root@debian:~/tmp/SPH-M900_CJ05_REL# md5sum test.tar
928cccc041ff26c94b3fe3917bc12cf3  test.tar
root@debian:~/tmp/SPH-M900_CJ05_REL# md5sum ../SPH-M900_CJ05_REL.tar
bd84d450db40efa1312cd158937c0b54  ../SPH-M900_CJ05_REL.tar
root@debian:~/tmp/SPH-M900_CJ05_REL#
Logged
peepsalot
Jr. Member
**

Cookies: 8
Posts: 90


View Profile
« Reply #6 on: December 09, 2009, 12:47:12 PM »
Quote from: zefie on December 09, 2009, 08:43:23 AM
Quote from: peepsalot on December 09, 2009, 02:25:44 AM
Alright, I went ahead and wrote this program for re-tar'ing the ROM files in the exact format as the original.
It recreates it byte-for-byte.  Source code attached.

Hope that's useful to someone, cause I have no idea what to do with this now that I made it Huh

Also, which file exactly are you talking about that you need to figure out the checksum for?


root@debian:~/tmp/SPH-M900_CJ05_REL# ./retar-moment-x86-linux  test.tar
root@debian:~/tmp/SPH-M900_CJ05_REL# md5sum test.tar
928cccc041ff26c94b3fe3917bc12cf3  test.tar
root@debian:~/tmp/SPH-M900_CJ05_REL# md5sum ../SPH-M900_CJ05_REL.tar
bd84d450db40efa1312cd158937c0b54  ../SPH-M900_CJ05_REL.tar
root@debian:~/tmp/SPH-M900_CJ05_REL#

DOH!  I was testing against the wrong tar file the whole time(one that I tried to create using tar command).  I've now corrected it.  Sorry about that.  Let me know if that works for you now.

The one thing I just don't understand is why the checksums are done in the way they are.  Only one of the file headers (logo.png) follows the wikipedia defintion of how to compute the header checksum
Quote
The checksum is calculated by taking the sum of the unsigned byte values of the header block with the eight checksum bytes taken to be ascii spaces (decimal value 32). It is stored as a six digit octal number with leading zeroes followed by a null and then a space. Various implementations do not adhere to this, so relying on the first white space trimmed six digits for checksum yields better compatibility. In addition, some historic tar implementations treated bytes as signed. Readers must calculate the checksum both ways, and treat it as good if either the signed or unsigned sum matches the included checksum.
The logo.png header is the only one with an actual six digit octal checksum, followed by null value then space.
All the others are 7 digit octal followed by null.

Edit: removed attachment, see update below
« Last Edit: December 09, 2009, 04:48:14 PM by peepsalot » Logged
zefie
Pro Member
****

Cookies: 29
Posts: 458


View Profile
« Reply #7 on: December 09, 2009, 04:10:47 PM »
Stil sumthin funny...

Code:
root@debian:~/tmp/SPH-M900_CJ05_REL# rm *.bin
root@debian:~/tmp/SPH-M900_CJ05_REL# rm *.rfs
root@debian:~/tmp/SPH-M900_CJ05_REL# rm logo.png
root@debian:~/tmp/SPH-M900_CJ05_REL# rm zImage
root@debian:~/tmp/SPH-M900_CJ05_REL# tar -xvf ../SPH-M900_CJ05_REL.tar
Sbl.bin
boot.bin
cache.rfs
factoryfs.rfs
logo.png
modem.bin
zImage
datafs.rfs
root@debian:~/tmp/SPH-M900_CJ05_REL# ./retar-moment-x86-linux test.tar
header checksum: 1120422
header checksum: 1120625
header checksum: 1120756
header checksum: 1121727
header checksum: 120646
header checksum: 1121011
header checksum: 1120355
header checksum: 1121155
root@debian:~/tmp/SPH-M900_CJ05_REL# md5sum test.tar ../SPH-M900_CJ05_REL.tar
edc57500e67ae99f2256ded2a7b2325e  test.tar
bd84d450db40efa1312cd158937c0b54  ../SPH-M900_CJ05_REL.tar
root@debian:~/tmp/SPH-M900_CJ05_REL#
Logged
peepsalot
Jr. Member
**

Cookies: 8
Posts: 90


View Profile
« Reply #8 on: December 09, 2009, 04:47:32 PM »
AGH, stupid mistake, wasn't initializing the checksum int to 0.  I'm surprised it worked on my ubuntu karmic 64 box though.  I tried it in windows cygwin, and got crazy checksums like you got, and this latest modification fixed that.

They say the 3rd time's a charm...

Source attached

If you still have any issue, first let me know if at least the file sizes match, and then if you wouldn't mind showing a screenshot of the first difference that shows up using vbindiff?

Edit: Added minor update to source which should help compatibility with non *nix systems.
* retar-moment.c (4.42 KB - downloaded 25 times.)
« Last Edit: December 13, 2009, 03:47:17 PM by peepsalot » Logged
zefie
Pro Member
****

Cookies: 29
Posts: 458


View Profile
« Reply #9 on: December 09, 2009, 04:57:41 PM »
Quote from: peepsalot on December 09, 2009, 04:47:32 PM
AGH, stupid mistake, wasn't initializing the checksum int to 0.  I'm surprised it worked on my ubuntu karmic 64 box though.  I tried it in windows cygwin, and got crazy checksums like you got, and this latest modification fixed that.

They say the 3rd time's a charm...

Source attached

If you still have any issue, first let me know if at least the file sizes match, and then if you wouldn't mind showing a screenshot of the first difference that shows up using vbindiff?


root@debian:~/tmp/SPH-M900_CJ05_REL# md5sum ../SPH-M900_CJ05_REL.tar test.tar
bd84d450db40efa1312cd158937c0b54  ../SPH-M900_CJ05_REL.tar
bd84d450db40efa1312cd158937c0b54  test.tar


Yey!
Logged
hokansoc
Global Moderator
Moment Monster
*****

Cookies: 21
Posts: 890


hokansoc@googlewave.com


View Profile WWW
« Reply #10 on: December 09, 2009, 05:00:01 PM »
now here's the question... can you install the new tar on your phone? and if so, how do we take advantage of that?
Logged
zefie
Pro Member
****

Cookies: 29
Posts: 458


View Profile
« Reply #11 on: December 09, 2009, 05:10:23 PM »
Quote from: hokansoc on December 09, 2009, 05:00:01 PM
now here's the question... can you install the new tar on your phone? and if so, how do we take advantage of that?

If the md5sum matches, its basically the same file. So yes, it will install on the phone. The REAL question is, can we flash modifications using this tar creator.

It is going to take 10 forevers for me to checkout Android 2.0 source, another 10 forevers to compile it, then about 50 forevers for me to figure out how to flash it, since NORMAL android phones have the kernel and ramdisk seperate :/
Logged
peepsalot
Jr. Member
**

Cookies: 8
Posts: 90


View Profile
« Reply #12 on: December 09, 2009, 05:12:17 PM »
Seems like a fun first thing to try would be a custom logo.  At least see if it takes that, then move on to the other more important stuff.  Probably want to modify single files at a time to see if particular ones have special checksums.

Let me know if there's anything else I can do to help.  I'll probably try the logo thing later tonight just for fun.  Can't do any flashing until I get home in a few hours though.

Also, is there any way to back up app/settings as best as possible before flashing a new rom?
« Last Edit: December 09, 2009, 05:41:32 PM by peepsalot » Logged
zefie
Pro Member
****

Cookies: 29
Posts: 458


View Profile
« Reply #13 on: December 09, 2009, 05:40:45 PM »
someone more proficient than I figure out how to decompress and re compress the zImage without destroying the decompression stub (aka still boot-able when repacked) so that we can hex edit the init.rc
Logged
hokansoc
Global Moderator
Moment Monster
*****

Cookies: 21
Posts: 890


hokansoc@googlewave.com


View Profile WWW
« Reply #14 on: December 09, 2009, 05:44:36 PM »
peepsalot: there's a program called mybackup that works fairly well for settings and texts and call logs and things. It'll backup your programs too but the market won't know you have them, so you'll have to manually check for updates.
Logged
Pages: [1] 2
Print
« previous next »
Jump to:  

Got a new phone? Find the forum here


Related Topics
Subject Started by Replies Views Last post
New info on filesystem, flashing, and the future
Rooting 		glitch77 8 7446 Last post December 17, 2009, 05:26:45 PM
by orangesunshine
Rooting/Flashing Procedure for Complete n00bs « 1 2 3 »
Rooting 		petrafan007 43 7331 Last post January 09, 2010, 09:03:23 PM
by cnstarz
Flashing leaked version of android 2.1, root, and other goodies
Android 2.1 Discussions 		RedBullZ 7 5707 Last post April 11, 2010, 11:07:30 PM
by lovinlissa1984
Flashing Moment to Boost Mobile
How To.... 		momenthead 0 6485 Last post May 21, 2011, 07:44:24 PM
by momenthead
Android market and content filter issue
Android 2.1 Discussions 		Airmack 2 9492 Last post August 04, 2011, 09:02:36 PM
by Airmack




Galaxy S3 | Galaxy Note | Galaxy Nexus | Kindle Fire | Atrix 4G | Motorola Xoom | Windows Phone 7
Nokia Lumia | Tech Support Forum | Top Hosts | Samsung Galaxy Tab | Samsung Galaxy S2 | Samsung Galaxy S | Samsung Wave
HTC Evo 3D | HTC Evo 4G | HTC Incredible | HTC Incredible 2 | HTC Incredible S | HTC Thunderbolt
Motorola Droid Razr | HTC Desire | HTC Desire HD | HTC Desire Z | HTC Desire S | HTC Wildfire
Motorola Droid | Galaxy Indulge | Nokia N8 | Droid Charge | Droid X | Droid X2 | Droid 2| Droid 3 | Fascinate
HTC Sensation | HTC Flyer | LG Revolution | Asus Transformer | Xperia Play | iPhone 4 | Nexus S | Droid Bionic
HTC One | HTC Wildfire S | HTC Droid Eris


This is an Un-Official fan based Website. The views expressed on this website are solely those of the proprietor, or contributors to the site, and do not necessarily reflect the views or opinions of the parties it covers, and is not affiliated with, endorsed or sponsored by parties involved.
If you have a problem with any of the content posted on this website, please contact "mobile@vssupportqueue.com"
Term of Use | Privacy Policy | BlackRain 2006 by, Crip



Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC Sitemap