Related
This information may be old news for experienced users but those new to android may find it useful.
When downloading a new ROM that you would like to flash, it is always possible for corruption to occur. Either in the download itself or in storing it to the SD card. In order to address this issue, most ROMs put out by developers also include an MD5SUM for that ROM. This MD5SUM is used to verify that all of the bits in the file came across right.
Below are instructions on how to verify if the file that you have on your SD card on the phone is not corrupted.. These instructions assume that the file is located at the root of the SD card (as would be needed for flashing ROMs but not necessarily for Recovery Images).
All lines will automatically start with the $ symbol, you need not type this in. Every line ends by pressing the enter key, do not include the quotation marks. The command to show a directory is ls (lower case L and lower case S). this is done in the example to make sure that you use the correct file name when calling the md5sum command.
Open Terminal Emulator
Type "cd /sdcard" and press Enter
Type "ls" or "ls *.zip" to only show zip files and press Enter
This will provide a list of files at the root of the sd card.
Type "md5sum <filename>" substituting the name of the file listed in the ls command for <filename>.
An MD5SUM value will be calculated and displayed. Verify this value against what is published by the developer. If it is correct, go ahead and flash, if not try redownloading the file and repeat. If you continue to get a different MD5SUM value, try downloading it from a different (perhaps mirrored) site
In my example below, I combined the ls command to show only zip files (so that you can see it all on one screen)
http://twitpic.com/39cc3y
Alternatively, you can call the md5sum command with the *.zip or *.img argument and get an md5sum for all files of those types.
For additional information on md5sums, check out this link http://forum.xda-developers.com/showthread.php?t=706705
awesome!
Thank you for helping new people like me who are just entering the Android game.
Sent from my HTC Glacier using XDA App
check md5 file on pc
download a program called teradata
can be found here:
http://www.codesector.com/teracopy.php
install program
open md5 file
ta-da, this will tell you if the files are ok or not
QMAN101 said:
This information may be old news for experienced users but those new to android may find it useful.
When downloading a new ROM that you would like to flash, it is always possible for corruption to occur. Either in the download itself or in storing it to the SD card. In order to address this issue, most ROMs put out by developers also include an MD5SUM for that ROM. This MD5SUM is used to verify that all of the bits in the file came across right.
Below are instructions on how to verify if the file that you have on your SD card on the phone is not corrupted.. These instructions assume that the file is located at the root of the SD card (as would be needed for flashing ROMs but not necessarily for Recovery Images).
All lines will automatically start with the $ symbol, you need not type this in. Every line ends by pressing the enter key, do not include the quotation marks. The command to show a directory is ls (lower case L and lower case S). this is done in the example to make sure that you use the correct file name when calling the md5sum command.
Open Terminal Emulator
Type "cd /sdcard" and press Enter
Type "ls" or "ls *.zip" to only show zip files and press Enter
This will provide a list of files at the root of the sd card.
Type "md5sum <filename>" substituting the name of the file listed in the ls command for <filename>.
An MD5SUM value will be calculated and displayed. Verify this value against what is published by the developer. If it is correct, go ahead and flash, if not try redownloading the file and repeat. If you continue to get a different MD5SUM value, try downloading it from a different (perhaps mirrored) site
In my example below, I combined the ls command to show only zip files (so that you can see it all on one screen)
http://twitpic.com/39cc3y
Alternatively, you can call the md5sum command with the *.zip or *.img argument and get an md5sum for all files of those types.
For additional information on md5sums, check out this link http://forum.xda-developers.com/showthread.php?t=706705
Click to expand...
Click to collapse
Wow, thank you for that! I've been wondering wtf an md5sum is. Now I know.
missing info
Thanks for posting this information - very well written and appears to leave no steps out.
One thing I have to say about a lot of the instructions that are posted about modding - they leave out important step(s) that would be needed to complete the process. Usually it's something that's easily overlooked; what the screen should look like after completing a step, prior to starting the next step. One example, that messed me up (in the past), is partitioning: many instructions gave examples on partitioning, but don't say how to configure the partition (primary, extended, etc)... I had to figure out why my android G1 wasn't working exactly as advertised, because the instructions I found were incomplete.
I think that's why video instructions are awesome - although through bad editing they can suck too.
It's hard work writing instructions, and I thank the people who do, but please write down everything.
This post is just a tangent brought on by reading the original, very well written post.
How did I miss your great post!!! Nice little write up for me checking files on the go.
-John
And for the mac users out there you simply need to open a terminal and type:
md5 <filename>
Or you can get afv (android file verifyer) from the market and just click on the file to generate the md5. Easier if you do it all the time
ahh thanks for spilling the beans
i keep getting "error checking md5sums" when restoring a nandroid back up
I think my SD card is buggered. Its nearly 18 months old and a hell of a lot of transfers on and off it. Maybe time to replace.
i use mand5 and it has an option to google search that checksum. Makes it convenient when devs post the checksum in the OP of their thread because then the search will find it and i can clearly see it's right, 4ext recovery also calculates md5s as well
Another excellent program for verifying checksums on Windows based PCs is Hashcheck. After installation, you'll find a new tab in the properties window of any file which will generate many different types of checksums and contains a box you can type or paste an existing checksum such as one posted with the download. It integrates cleanly with most versions of Windows. You can even use it to create a .md5 checksum file that can be opened to verify the file at any time. This is one of the first applications I install on a clean Windows installation.
And whoever suggested teracopy, it seems to run quite buggy on certain PC setups with mid-transfer freezes and such even on.a fresh Windows installation. SuperCopier is another alternative free file copy/transfer application that I've never seen fail on any of the systems I've used and which has quite similar.functionality to teracopy. Granted, I've only tried a limited number of PCs, but that number continues to grow as I'm basically the technical go-to guy in my family and neighborhood due to my background as a current software programming major.
Sent from my HTC Glacier using Tapatalk
Sorry, double post. My fat fingers hit quote instead of modify.
Sent from my HTC Glacier using Tapatalk
Hash Droid
The app called Hash Droid works perfect for me.
If I helped please press thanks.
I'm a noob when it comes to Linux and it's commands and I'm currently dual booting with ubuntu (windows installer) and when it says check md5 sums to see if they match i have no idea, how am i suppose to find the md5 sum for my phone because i have no idea. Detailed instructions is greatly appreciated. My phone is currently rooted running oxygen RC 7 s-off stock table.
Thanks,
Ryan
Why would you want to find the md5 of the phone? Since your S-off and running oxygen I'm gone guess you want to change hboot, just download the hboot image, then open a terminal and type "md5sum "with the space, and drag and drop your hboot image in to the terminal window. It might add " to the location of the hboot image so remove those.
Sent from my HTC Desire using XDA App
You need to check the md5 of the file you've downloaded to make sure it matches the original file on the website. Google it and you'll find some freeware programs that will do the job
md5 is nothing to do with your phone
Let me google that for you.
yeah GOOGLE is your friend
Command name is 'md5sum'. This utility usually comes built-in with linux (most distros should have this..). Go to a terminal and type in:
'md5sum <filename>'
Replace <filename> with the file you want to check and make sure you are in the directory which holds that file.
EDIT: I'm not sure what you meant when you said "find the MD5 sum of my phone"...this is the only way I know of for checking MD5 sums.
In very simple terms:
MD5 provides a checksum for an arbitary file. It's just a string of characters like a long PIN code.
You can use it to guarantee that the file that's been downloaded is identical to the original, i.e. not corrupted on the way. So for any file that has an associated MD5 sum. You download the file and run a MD5 utility on that file on your system and check the MD5 value output against the original one.
There are many other checksum utilities available but MD5 is the one most used currently.
i am new on this i wos worked whit 6.5 hd2 all things
can somebody give links about why we must check md 5 what is that
some basic things i look on net but is so dificult to understanding
thanks
Md5 is like a validation that a package is complete I.e not corrupt. If there is an Md5 value with a download, you run the package through an Md5 app and if the output matches, its all good.
If you're on windows, Google winMd5
Sent from my HTC Desire using XDA App
Md5 is something like file integrity check.
More info: http://en.wikipedia.org/wiki/MD5
I use this tool: http://www.pc-tools.net/win32/md5sums/
Drag & drop the file on the .exe and it generates the MD5 sum.
5 md I realized how much like a fingerprint jedinstver which every rom there correct me if I am wrong I am specially interested in what was to check the MD 5 the numbers are small, or something within the file, I have not found anywhere video tutorial because it would mean a lot of people who are struggling with English so well as I do, and thus reduce the number of posts with the same issues apologize ...one more for this
I captured the following four tar.md5 archives downloaded by kies, during a recent restoral.
PHP:
T989UVKL1_ABOOT_SGH-T989user_CL799405_REV00.tar.md5
T989UVKL1_phone_secure_D_PROJECT_TMOBILE_REV_04_CL744338.tar.md5
T989UVKL1_PLATFORM_KERNEL_AMSS_SGH-T989user_CL799405_REV00.tar.md5
T989UVKL1_SGH-T989-CSC-TMBT989UVKL1_CL799405.tar.md5
Just thought I'd get this out there, as you probably won't find a cleaner base to build from. I've used 7zip to compress, and split an archive, to make it available via MediaFire. But the md5 archives within, are completely untouched. Have Fun.... =)
TMBT989UVKL1.7z.001 http://www.mediafire.com/?lrvxzmquubyfour
TMBT989UVKL1.7z.002 http://www.mediafire.com/?bt28h7b25c4pnwt
Hi,
just a quick thought (maybe my thinking is to easy but hear me out):
Can't we just redirect (Via DNS or something else, IDK) the amazon update queries to download a rooted firmware or an older signd (than rootable) official firmware?
We know, what URLs we have to block, so someone must have figured that out, maybe via Wireshark, where the FTV is looking for new updated. So, if you would connect the FTV via eth0 to your pc, to get to the internet: could some piece of software be on the pc to redirect it? So that the FTV thinks: htp://amzdigitaldownloads.edgesuite.net/obfuscated/0aa573bc909901dd4713dc2166eadbdf/bueller-ota-51.1.3.0_user_513011820-signed.bin is new, so I better grab it! But your computer redirects it (via DNS maybe??) to: htp://localhost/obfuscated/0aa573bc909901dd4713dc2166eadbdf/bueller-ota-51.1.3.0_user_513011820-signed.bin , which in reality would be a renamed older firmware (which would be rootable via towelroot), put in the same folder structure, as the original one.
So my question is:
a) Am I thinking to simple and this is just NOT possible in any way?
Or: b) In theory, this is possible, but there are missing pieces of information, we don't have at the moment (like, how it checks for an update, not where)
Or: c) Yea, this is possible, let me try it out, don't worry, I'm a professional
Just a thought, so what do you think? If a) than please explain for a dummy like me, why this is just not possible. If b) what information would be missing?
---
edit: I can't post URLs hence my lack of posts at XDA, so I shortend http to htp, but you get the idea...
bamdaschmu said:
Hi,
just a quick thought (maybe my thinking is to easy but hear me out):
Can't we just redirect (Via DNS or something else, IDK) the amazon update queries to download a rooted firmware or an older signd (than rootable) official firmware?
We know, what URLs we have to block, so someone must have figured that out, maybe via Wireshark, where the FTV is looking for new updated. So, if you would connect the FTV via eth0 to your pc, to get to the internet: could some piece of software be on the pc to redirect it? So that the FTV thinks: htp://amzdigitaldownloads.edgesuite.net/obfuscated/0aa573bc909901dd4713dc2166eadbdf/bueller-ota-51.1.3.0_user_513011820-signed.bin is new, so I better grab it! But your computer redirects it (via DNS maybe??) to: htp://localhost/obfuscated/0aa573bc909901dd4713dc2166eadbdf/bueller-ota-51.1.3.0_user_513011820-signed.bin , which in reality would be a renamed older firmware (which would be rootable via towelroot), put in the same folder structure, as the original one.
So my question is:
a) Am I thinking to simple and this is just NOT possible in any way?
Or: b) In theory, this is possible, but there are missing pieces of information, we don't have at the moment (like, how it checks for an update, not where)
Or: c) Yea, this is possible, let me try it out, don't worry, I'm a professional
Just a thought, so what do you think? If a) than please explain for a dummy like me, why this is just not possible. If b) what information would be missing?
---
edit: I can't post URLs hence my lack of posts at XDA, so I shortend http to htp, but you get the idea...
Click to expand...
Click to collapse
It seems they already tried this. One would have to match the FW's checksum it is trying to download or the downgrade or update fails. In other words it seems like it can't be done.
http://forum.xda-developers.com/showpost.php?p=55914173&postcount=6
Unless there is a way to inject the right checksum while loading the older FW. Since your talking about a 3rd party prog ("some piece of software"). But that is way above my pay-grade.
Myself and AFTVNews have both tried this without success
I tried doing this a few weeks ago. I was able to get the Fire TV to download 51.1.1.0 when it was actually requesting 51.1.3.0. The Fire TV downloaded the update, extracted it, but then knew it was not the version it was expecting. I assume when it gets the update URL from Amazon, it also gets the update version number. I assume it then compares the version number it is told to get with some version information inside the file it downloaded. Here are the relevant log file entries:
Code:
D/com.amazon.dcp.framework.IntentEvent( 1358): Intent { act=android.intent.action.DOWNLOAD_COMPLETE flg=0x10 pkg=com.amazon.dcp }
...
I/com.amazon.dcp.ota.DownloadManifestHandler( 1358): Verifying OS update at /cache/bueller-ota-51.1.3.0_user_513011520-signed.bin
...
E/com.amazon.dcp.ota.DownloadManifestHandler( 1358): The OS version from install manifest is 513011520, but 511070220 from update file.
The only way for this to work is to spoof/MITM the information returned from Amazon when checking if an update is available, and that's difficult (impossible?) because the communication is encrypted.
Is the signature done on the whole image (header + payload + checksum etc.) or only on the payload? If only the payload of the image is signed it could be probably possible to find the version in the header and change it to the version it does expect.
Calibaan said:
Is the signature done on the whole image (header + payload + checksum etc.) or only on the payload? If only the payload of the image is signed it could be probably possible to find the version in the header and change it to the version it does expect.
Click to expand...
Click to collapse
I haven't fully analzyer how the updater works, but the gist of it is it downloads the update and verifies the signature of the entire file. It then figures out which version it is, not sure how it does that though. It's a zipfile, so its not a header payload checksum. It probably reads one of the files inside of the zip to check the version.
Is a link URL known for a valid firmware image? Doesn´t matter which version. Would like to have a look on the file.
Calibaan said:
Is a link URL known for a valid firmware image? Doesn´t matter which version. Would like to have a look on the file.
Click to expand...
Click to collapse
This page has links to all the software versions.
http://www.aftvnews.com/software/
Sent from my SCH-I545 using Tapatalk
rbox said:
I haven't fully analzyer how the updater works, but the gist of it is it downloads the update and verifies the signature of the entire file. It then figures out which version it is, not sure how it does that though. It's a zipfile, so its not a header payload checksum. It probably reads one of the files inside of the zip to check the version.
Click to expand...
Click to collapse
my guess it checks "system/build.prop" for version
my guess it checks "system/build.prop" for version
Click to expand...
Click to collapse
Does someone can test this? This would be an easy method
apfelstyle said:
Does someone can test this? This would be an easy method
Click to expand...
Click to collapse
You can't modify the contents of the update. The file as a whole has a signature and all the files in it do too.
Maybe I´m thinking to easy but could it be that Amazon does handle the ROM images similiar like an APK, so that tricking around with ZipSigner:
https://play.google.com/store/apps/details?id=kellinwood.zipsigner2&hl=de
could sign a modified ROM image?
If this would be possible (couldn´t test it since my ordered FTV isn´t still delivered :/ ) the idea would be:
-unzip image
-insert su in image and add MD5 in "MANIFEST-FILES.MD5" or change build.prop to another version and correct its MD5 in "MANIFEST-FILES.MD5"
-zip image
-upload to /sdcard on FTV
-start ZipSigner and try to sign the image again
I know that the correct release keys are important but probably the loader does only check if just a valid signature does exist so it allows probably flashing also with test keys.
Calibaan said:
Maybe I´m thinking to easy but could it be that Amazon does handle the ROM images similiar like an APK, so that tricking around with ZipSigner:
https://play.google.com/store/apps/details?id=kellinwood.zipsigner2&hl=de
could sign a modified ROM image?
If this would be possible (couldn´t test it since my ordered FTV isn´t still delivered :/ ) the idea would be:
-unzip image
-insert su in image and add MD5 in "MANIFEST-FILES.MD5" or change build.prop to another version and correct its MD5 in "MANIFEST-FILES.MD5"
-zip image
-upload to /sdcard on FTV
-start ZipSigner and try to sign the image again
I know that the correct release keys are important but probably the loader does only check if just a valid signature does exist so it allows probably flashing also with test keys.
Click to expand...
Click to collapse
There are 2 checks. The first is after the file is downloaded, and the second is after recovery starts before it flashes it. If we ignore the first check, and focus on the second, recovery has the amazon public key in it and it definitely verifies the file was signed with the key that matches that public key.