Related
To create themes, or to edit themes to your liking, you will need a working knowledge of android, adb, how to resign apk's, knowledge of your own O/S.
Before you start be aware that you will may end up wiping your phone once, if not more. So lets go over the things that you will need.
You will need JF's RC30, RC8, or ADP1 V1.3, depending on what version you intend to create for.
Here is the link to these: http://forum.xda-developers.com/showthread.php?t=466174
You will also want to get the dev bootloader installed on your phone and to HIGHLY suggest everyone trying your theme to install it as well.
Link to dev bootloader: http://forum.xda-developers.com/showthread.php?t=455860
You will also need to resign all the apks located in /system/app and framework-res.apk located in /system/framework. When you push all of these to your phone.
JesusFreke was kind enough to build a custom signing tool for me that would allow me to right click on an apk and resign it from there. I am posting it here for others to use as well. Note that this is a courtesy of JF, so thank him for it. I cannot stress how much time this has saved me and will save you.
Here is the link: Http://www.FightForthePits.com/testsign(2).zip
Before using this you need to know how to set this up:
I will assume that you have the sdk downloaded and extracted somewhere(if not, do that now), extract both files to the tools directory of your sdk.
Now you will need to add the tools dir of your sdk to the environment variable CLASSPATH.(This is for XP, Vista coming soon)
To do this, right click on My Computer click properties, then choose the tab that says advanced. Click the button that says environmental variables. Go to system variables find the one that says CLASSPATH, double click it, go to the end of variable value. There should be a semicolon ; at the end. type in the path to the testsign.jar located in the tools directory of your SDK, for example the path to my testsign.jar was c:\sdk\android-sdk-windows-1.0_r1\tools\testsign.jar If CLASSPATH is not in your system variables then create it. Secondly, Find the system variable called PATH and add to the end of it, the full path to your sdk directory. For example, mine was c:\sdk\android-sdk-windows-1.0_r2\tools
Now right click the reg file that you extracted and choose to install it, or merge.
Now, right click an apk, do you see an option that says ResignApk? That's how you will resign your .apks and .zips.
If you find the right click menu not working for some reason you can type the following in cmd to sign your files: java testsign whateverfiletosign
Now through doing this you have done two things, first off you have made the resigning process extremely easy, secondly you will not have to cd to the tools dir of the sdk to use adb or any other tool in the sdk.
You will also need a version of linux installed or running vmware with linux, if you want to create, or edit, an update script, which will install the theme onto the users phone.
You will need to be specific in addressing what version your theme is for, RC8, RC30, or ADP1. Make sure every file gets signed. Make sure you test the update.zip before you release it.
Every .apk contains the images relating to itself. However, every apk has the ability to use the images in framework-res.apk. The images for every apk is located inside of itself. To find these images open up the apk, you can rename it to .zip or open it with an archiver of your choice, winrar, winace, etc. Then after opening the apk open the folder called res and inside of that there are folders that are named Drawable, drawable-land, drawable-port, etc. This is where the images are stored.
Ther are some things you cannot edit unless you rebuild the entire apk from source, which we will not go into here.(another tutorial, another time) Just know that at this time you SHOULD NOT edit, or even open images with the extension .9.png. If you do you will have problems...Trust me. These are special images called ninepatch images and android resizes these images to fit wherever android, or any other apk, needs it to. if you do open them or edit them they will no longer render correctly when resized. I believe that in order to edit these you must do so and then put them into the source and rebuild the entire apk.
Before getting started you must also realize that you cannot simply resign one or two apk's and stick them in your phone and expect them to work. You must resign every apk inside of /system/app and framework-res.apk and put them on your phone at the same time.
To simplify this process for you though, I have provided an empty update.zip which you can place all of your resigned apps into and use to update your phone to your custom theme. You can also download someonelses theme and use there files, since they are resigned already. It may also be easier to see what files do what and go where since they have already been edited and are easy to point out.
Now, your ready to start changing things up.
You will now need to open the apk, which you can do by adding .zip after .apk, effectively changing it to a zip. Note that if you are using windows you will need to unhide known file extension types. you can also use your favorite archiver such as winrar, winzip, etc.
See here to unhide known file extension types for Xp: http://www.mediacollege.com/microsoft/windows/extension-change.html
See here to unhide file extension types for Vista: http://maximumpcguides.com/windows-vista/how-to-change-a-file-extension/
After opening the apk go to res and copy the folders that have drawable in their name. Go to your desktop, or wherever, create a new folder called Images, or whatever. Open the folder, paste the drawable folders in there. Now you can see what the files look like without opening them. Btw, you may also want to add -frame, or -launcher, to the end of the folders you cope over to keep them separated from others.
Finally, you've edited the images put them all in the apk renamed it back to an apk and resigned it. Now it's time to push it to your phone and see the changes you've made.
Important! : Whenever pushing files to the phone NEVER do it while the phone is running. Do this in recovery mode! If you do this while the phone is running normally you will begin to lose space in /system.
So, boot into recovery plug your phone in and open a cmd prompt. From the cmd prompt type adb shell mount /system then type the following: adb push c:\whereveryourfileis\whateveryourpushing.apk /system/app (system/framework if your pushing framework-res.apk)
Now reboot your phone. If it doesn't boot, try doing a wipe, if that doesn't work reinstall an update and try again. There are alot of things people can do wrong, I can't explain them all here. If you get real stuck, you can ask for help here or contact me on Gtalk [email protected].
So now your theme is done and your ready to make an update.zip for others to install your theme.
I have created a template for you to make your own update.zip. Just download, add the system apps to app, and framework to framework. Zip it up, SIGN IT, TEST IT YOURSELF, and then distribute it!
Empty update.zip template: Http://www.FightForthePits.com/Androidstuff/update_empty.zip
If anyone has any questions please try asking for help in this thread before emailing me for help Usually I will respond to questions in this forum.
I hope this Tutorial has been helpful. I will add on to it as needed.
Stericson
Links of interest:
Downloading SDK: http://code.google.com/android/intro/installing.html
Using ADB: http://code.google.com/android/reference/adb.html
Working with ninepatch should be straightforward if you use the draw9patch tool included in the SDK. Documentation on usage here:
http://code.google.com/android/reference/draw9patch.html
JF could also save theme users a wipe by resigning /system/app/* and /system/framework/framework-res.apk in his builds with the test keys. Nice tutorial, btw.
However it doesn't. I have used that to no avail. I believe you need to edit the images, put them in the source then rebuild the apks from the source.
As for JF's update, it does not currently wipe your phone after install. So, for him to do this he would have to have his update do a wipe. So technically, they would still have to do this initial wipe.
Stericson
Stericson said:
However it doesn't. I have used that to no avail. I believe you need to edit the images, put them in the source then rebuild the apks from the source.
Click to expand...
Click to collapse
Good point. I thought you could simply drop a similarly dimensioned PNG in but apparently there is some metadata that only the android tool can create.
As for JF's update, it does not currently wipe your phone after install. So, for him to do this he would have to have his update do a wipe. So technically, they would still have to do this initial wipe.
Click to expand...
Click to collapse
True, but a user who is upgrading to a JF update after having put in customized (and test-key signed) system apps will have to wipe again anyway =) Anyone using custom themes will have to wipe every time a JF update (or any update) comes out. However if JF resigns, custom theme users would not have to wipe and stock theme users only have to wipe once. (Nevermind the fact I think everyone should wipe when updating...)
thx stericson this will help big time how long before I can get resigned rc30 last night when you said all the apk. need to be resigned I was like this is going to be a long night but I see jf hooked you up save some big time with his resigning tool
jashsu said:
Good point. I thought you could simply drop a similarly dimensioned PNG in but apparently there is some metadata that only the android tool can create.
True, but a user who is upgrading to a JF update after having put in customized (and test-key signed) system apps will have to wipe again anyway =) Anyone using custom themes will have to wipe every time a JF update (or any update) comes out. However if JF resigns, custom theme users would not have to wipe and stock theme users only have to wipe once. (Nevermind the fact I think everyone should wipe when updating...)
Click to expand...
Click to collapse
Ah, good point
The resigned apps will be released maybye sometime tonight...I had them done but ran into a script problem on adp1 and I have yet to try the rc30 and rc8 ones yet. so I won't release those until I've tested them. If you want to be a Guinea pig however, just let me know
Stericson
Stericson said:
Ah, good point
The resigned apps will be released maybye sometime tonight...I had them done but ran into a script problem on adp1 and I have yet to try the rc30 and rc8 ones yet. so I won't release those until I've tested them. If you want to be a Guinea pig however, just let me know
Stericson
Click to expand...
Click to collapse
The resigned apps have been released, each update file will resign all of apps in /system/app and framework-res.apk. However, these updates make no changes to them whatsoever...Meaning your phone will look just like a brand new phone without any modifications.
rc30 works thx Stericson made it easy for use
Issues with using the update.zip above
Hi all,
I just wanted to point out that after I applied the update.zip above and rebooted applications kept force closing randomly and constantly even through the initial setup (where you have to click the green android to start).
Prior to this, I had JF's RC30 1.3, and the engineering bootloader V2 no sigcheck.
First I did just a alt+s then a alt-w and alt+s. And still nothing.
I'm new to all this so I'm not even sure where to begin troubleshooting. Should I be using the HardSPL?
Thanks in advance and I appologize if this isn't the right place for this post.
Update:
After reflashing with JF's 1.3 RC30 and the problem persisted I noticed that there was a new release 1.31 and this has fixed the problem. I hope this helps anyone else who runs into the same problem.
I still don't know what went wrong though, can anyone shed some light on this? thanks.
Truly there's no telling, sounds like J'f's update fixed it. Can I ask what version you tested?
I would also like to announce that now, thanks to JF, again, you do not have to wipe your phone completely to apply the resigned app updates. However, you will have to re-enter your google info and your call history and other minor things will be gone, but all of your apps will be retained.
Stericson
Alright, I am a little confused........
So I downloaded testsign.zip and extracted it to the tools folder. Then I went into environmental variables and added CLASSPATH with the value D:\Android\tools\testsign.jar and now I am not sure what to do next. Can someone give me some clarification. And btw I am on XP but I can get on linux at home if I need it, but I am a total noob to all this stuff so be gentle.
I'm using http://www.fightforthepits.com/Androidstuff/update_Rc30.zip and have been encountering issues when the phone boots up. As soon as the initial phone setup comes up I get process force close errors, I extracted launcher.apk, edited the files I wanted, repacked it, signed it and then resigned the update.zip. Any ideas what I'm doing wrong? I'm already running JF's RC30 1.31
Did you repack it in linux? Did you resign Launcher.apk? Also, that update file was never meant to be used as a template for an update since it kind of wipes your phone. You should be using update_empy, to push your own theme.
If you want to do only one file at a time, flash that update(update_rc30) then adb push your file into system/app. There are lots of things that you can mess up, most of them are hard to catch too. At any rate, everyone who has made a theme can tell you it's not just a straight forward process, expect errors. I've had more than I count I know....
Trial and error is your best teacher
Stericson
Stericson said:
Did you repack it in linux? Did you resign Launcher.apk? Also, that update file was never meant to be used as a template for an update since it kind of wipes your phone. You should be using update_empy, to push your own theme.
If you want to do only one file at a time, flash that update(update_rc30) then adb push your file into system/app. There are lots of things that you can mess up, most of them are hard to catch too. At any rate, everyone who has made a theme can tell you it's not just a straight forward process, expect errors. I've had more than I count I know....
Trial and error is your best teacher
Stericson
Click to expand...
Click to collapse
Must .apk's be signed if they're pushed over ADB? I'm not running Linux, I'm repacking/signing in windows.
I also had the issue with force close when installing the resigned update from the first post, apps that shouldn't even run on start up were force closing.
Also the IM application was gone, had to do a wipe and go back to jf 1.31 to correct it
I will take another look at the update I provided...
Stericson
did you ever figure out how to change the text on the status bar from black to white?
to do that you have to rebuiuld the entire apk from source and edit an xml document
Stericson
has anyone tried making the icons bigger? I noticed they are 48x48 if we go bigger will that affect anything? Also has anyone been able to remove the text below the icons on the home screen? Oh and where is the tab located that has been made invisible?
*edit
well I tried making the icons bigger and it doesn't really do anything, they don't show up bigger on the screen. Might have something to do with the text underneath, not sure.
Kyeld said:
Must .apk's be signed if they're pushed over ADB? I'm not running Linux, I'm repacking/signing in windows.
Click to expand...
Click to collapse
yes they must be signed.
Hi im working on creating some boot animations. Ive got the files ready, but i cant figure out how to put them into a flashable .zip.
I flashed this file thunderbolt boot animation and it worked so i figured if i just replaced my animation and audio it would work but i get an error saying "e:update script not found" or something along those lines.
Id like to know if there is an easy way to create a "template" were i just copy my animation into a folder and zip it, or if there is a program that will package it for me including the script/etc.
Any input or guide on how to make these boot animations flashable .zip's would be great, thanks.
Eat it iPhone said:
Hi im working on creating some boot animations. Ive got the files ready, but i cant figure out how to put them into a flashable .zip.
I flashed this file thunderbolt boot animation and it worked so i figured if i just replaced my animation and audio it would work but i get an error saying "e:update script not found" or something along those lines.
Id like to know if there is an easy way to create a "template" were i just copy my animation into a folder and zip it, or if there is a program that will package it for me including the script/etc.
Any input or guide on how to make these boot animations flashable .zip's would be great, thanks.
Click to expand...
Click to collapse
Thats weird it didn't work. Should. Maybe it wasn't re-packaged correctly.
Try the one attached.
CCallahan said:
Thats weird it didn't work. Should. Maybe it wasn't re-packaged correctly.
Try the one attached.
Click to expand...
Click to collapse
Thanks ill try it out, just dont have the time right now.
If you cant figure it out i'll give you a guide tomorrow when i'm off my iPad .
did you rezip it correctly?
I ran into this trouble, I forget what it is, but you have to zip the files a certain way or they will not work. I don't remember the settings anymore, but just creating a regular zip file won't work.
There is a good guide to making your own update script on xda somewhere. Just search the entire site. If i'm just flashing something simple like a theme or boot animation sometimes I just use someone else's flashable zip and replace the necessary files. I can't remember off the top of my head, but iirc there are two folders you want to keep from someone else's zip. Meta-inf which is basically the signature files and something else which contains the script. If you dissect someone's zip it should be obvious what the other folder you want to keep is. You will find the update script in one of the sub folders, and if you want you can open it with a text editor and get an idea of how the script works.
If you need more info I can help you more when I get to my computer.
Sent from my PC36100 using XDA App
dkdude36 said:
If you cant figure it out i'll give you a guide tomorrow when i'm off my iPad .
Click to expand...
Click to collapse
Id appreciate a guide either way, id rather learn to do it myself than use someone else's. No rush as i cant really approach this til the weekend.
Eat it iPhone said:
Id appreciate a guide either way, id rather learn to do it myself than use someone else's. No rush as i cant really approach this til the weekend.
Click to expand...
Click to collapse
ok, here it goes.
first, figure out where you want to push your file. i'd reccomend pushing manually in recovery to make sure the file itself works. then, using a tool like 7zip (pc) or betterzip (mac) create a file structure that matches the one on the phone. for example, if you wanted a boot animation to be put in system/customize/resource, make a folder system, customize in that, resource in that, and the bootanimation.zip inside that. now you have the main part. next, make a folder in the root of the zip called META-INF (caps counts) inside that, com, inside that, google, and inside that, android. thats /META-INF/com/google/android/. inside android, you need to place in an update-script. i'd reccomend taking one from another zip and just editing it becasue i still have not figured out a way to make that type of file (unix exec) from scratch. open it up in a .txt editor like notepad++ (pc) or coda (mac) and write your script. here is the baisic script for copying the directory system on the zip to system on the phone (like flashing a boot animation).
copy_dir PACKAGE:system SYSTEM:
CAPS COUNT AND MAKE SURE YOU HAVE AN ENTER AT THE END. IF YOU DO NOT HAVE AN ENTER AT THE END (TO MAKE IT TWO LINES INSTEAD OF ONE, LIKE ISSUEING A COMMAND) THEN IT WILL NOT WORK AT ALL ( E:SYNTAX ERROR IN UPDATE-SCRIPT IS THE ERROR YOU WILL GET)
so put this file into the folder android, and zip it. make sure it is in store only, compatibility mode, if you have such options. then, use an auto signer (or just say zip is not signed and make sure to put sig verification off) to sign the zip. flash, and watch your work magically appear.
the update-script i showed is written in amend. i have no idea how to write in edify bcuz it is much more complicated with the binary and stuff. so dont flash with cwm 3.0+.
good luck. ask if you have any questions.
hello will this methed work on like adding some personal apps you want to be on your rom?
HI EVERY BODY, I REALLY NEED HELP IN PATCHING this files to get Arabic support. I am not an expert with patching and code stuffs . Last days i was trying to root my nook. First i rooted with Slasicha but i was not able to run android market,
then restored and rooted again with minimal touch. i was afraid of it because it involves installing cwm which i don't know any thing about it, but with following steps and instructions, It worked . also Google apps and market
files that i need to try patching it
framework.jar
libwebcore.so
framework.jar takes care of shaping texts in android on all texts except Gmail and the browser, while libwebcore.so takes care of shaping texts in the default Browser and Gmail app.
This patcher will attempt to get you Arabic support in both of these files.
This should work with all Android phones sporting Android
these steps taken from here :
http://blog.devasque.com/?page_id=11
by madmack member
http://forum.xda-developers.com/member.php?u=1436971
Requirements:
Your device needs to be rooted.
Your Android version is 2.1 or newer
Your ROM needs to be deodexed. To find out if your installed ROM is deodexed, navigate to /system/framework on your phone. If you see a file called framework.odex then this patch will NOT work for you.
Your rom is not based on MIUI.
Steps to apply the patch:
Download the patch below and extract it to a folder on your computer.
Pull /system/framework/framework.jar from your phone and place it in the subfolder input that you extracted in step 1
If you’re not using a CyanogenMod ROM, then you’ll also need to pull /system/lib/libandroid_runtime.so from your phone and place it in subfolder input that you extracted in step 1
If you’re interested in getting arabic shaping in the Browser, pull file /system/lib/libwebcore.so from your phone and place it in subfolder input as well.
Double click on commands.exe. Do not close the black cmd screens that will pop up. Once the patch is done, you should get a patched framework.jar in the subfolder output
Version 0.800 provides a recovery flashable file in folder output. Place that on your sdcard, reboot into recovery and flash it. If the flashing through recovery didn’t work for some reason, you’ll need to do the following manually:
Put file output/framework.jar in your phone at /system/framework/
Put file output/libandroid_runtime.so in your phone at /system/lib/ (if this file exists, it shouldn’t if you’re arabizing CM6).
Put file output/libicuuc-arabic.so in your phone at /system/lib/ This is extremely important, failing to place this file will result in a boot loop of your deivce
If file exists: Place file output/libwebcore.so in your phone at /system/lib/
If file exists: Place file output/lib__bcore.so in your phone at /system/lib/
I’ve also included the Aljazeera fonts in fonts. You can place these in /system/fonts and reboot
Sometimes permissions and xml data doesn’t get updated correctly resulting in corrupted data entries. If you receive a bunch of Force Closes after a reboot, you’ll need to Factory Reset.
member: dark hawk, on this post
http://forum.xda-developers.com/showpost.php?p=22521341&postcount=17
said ,
dark_hawk said:
As for how to add Arabic, I'll add a guide soon, it involves patching the Framework.jar only, as I found that patching the lib files causes crashes in the anything related to the stock browser , like gmail and such. But all in all, You'll have Arabic in everything else.
Click to expand...
Click to collapse
but he did not answer, i hope he is ok
can someone help me with that a screenshot with these website :
www.ce4arab.com
www.bbc.co.uk/arabic/
, it would be a great help
On Samsung phones I guess you can turn root on/off by changing the variable in default.prop, but I have my phone rooted and it says ro.secure=1. How would I modify the bootloader? What would I look for to find out what I'm talking about?
I would like to try compiling my own kernel too. XDA University has information about compiling the kernel, but it is kind of unclear about how to put the actual package together though, or at least confusing. It says just zip the image and .ko files together and then it is good to flash, but then gives a file structure tree with unknown files? I downloaded a kernel to test from this site and the file structure was different, and it also reset the whole phone to get the job done.
Hi,
just a quick thought (maybe my thinking is to easy but hear me out):
Can't we just redirect (Via DNS or something else, IDK) the amazon update queries to download a rooted firmware or an older signd (than rootable) official firmware?
We know, what URLs we have to block, so someone must have figured that out, maybe via Wireshark, where the FTV is looking for new updated. So, if you would connect the FTV via eth0 to your pc, to get to the internet: could some piece of software be on the pc to redirect it? So that the FTV thinks: htp://amzdigitaldownloads.edgesuite.net/obfuscated/0aa573bc909901dd4713dc2166eadbdf/bueller-ota-51.1.3.0_user_513011820-signed.bin is new, so I better grab it! But your computer redirects it (via DNS maybe??) to: htp://localhost/obfuscated/0aa573bc909901dd4713dc2166eadbdf/bueller-ota-51.1.3.0_user_513011820-signed.bin , which in reality would be a renamed older firmware (which would be rootable via towelroot), put in the same folder structure, as the original one.
So my question is:
a) Am I thinking to simple and this is just NOT possible in any way?
Or: b) In theory, this is possible, but there are missing pieces of information, we don't have at the moment (like, how it checks for an update, not where)
Or: c) Yea, this is possible, let me try it out, don't worry, I'm a professional
Just a thought, so what do you think? If a) than please explain for a dummy like me, why this is just not possible. If b) what information would be missing?
---
edit: I can't post URLs hence my lack of posts at XDA, so I shortend http to htp, but you get the idea...
bamdaschmu said:
Hi,
just a quick thought (maybe my thinking is to easy but hear me out):
Can't we just redirect (Via DNS or something else, IDK) the amazon update queries to download a rooted firmware or an older signd (than rootable) official firmware?
We know, what URLs we have to block, so someone must have figured that out, maybe via Wireshark, where the FTV is looking for new updated. So, if you would connect the FTV via eth0 to your pc, to get to the internet: could some piece of software be on the pc to redirect it? So that the FTV thinks: htp://amzdigitaldownloads.edgesuite.net/obfuscated/0aa573bc909901dd4713dc2166eadbdf/bueller-ota-51.1.3.0_user_513011820-signed.bin is new, so I better grab it! But your computer redirects it (via DNS maybe??) to: htp://localhost/obfuscated/0aa573bc909901dd4713dc2166eadbdf/bueller-ota-51.1.3.0_user_513011820-signed.bin , which in reality would be a renamed older firmware (which would be rootable via towelroot), put in the same folder structure, as the original one.
So my question is:
a) Am I thinking to simple and this is just NOT possible in any way?
Or: b) In theory, this is possible, but there are missing pieces of information, we don't have at the moment (like, how it checks for an update, not where)
Or: c) Yea, this is possible, let me try it out, don't worry, I'm a professional
Just a thought, so what do you think? If a) than please explain for a dummy like me, why this is just not possible. If b) what information would be missing?
---
edit: I can't post URLs hence my lack of posts at XDA, so I shortend http to htp, but you get the idea...
Click to expand...
Click to collapse
It seems they already tried this. One would have to match the FW's checksum it is trying to download or the downgrade or update fails. In other words it seems like it can't be done.
http://forum.xda-developers.com/showpost.php?p=55914173&postcount=6
Unless there is a way to inject the right checksum while loading the older FW. Since your talking about a 3rd party prog ("some piece of software"). But that is way above my pay-grade.
Myself and AFTVNews have both tried this without success
I tried doing this a few weeks ago. I was able to get the Fire TV to download 51.1.1.0 when it was actually requesting 51.1.3.0. The Fire TV downloaded the update, extracted it, but then knew it was not the version it was expecting. I assume when it gets the update URL from Amazon, it also gets the update version number. I assume it then compares the version number it is told to get with some version information inside the file it downloaded. Here are the relevant log file entries:
Code:
D/com.amazon.dcp.framework.IntentEvent( 1358): Intent { act=android.intent.action.DOWNLOAD_COMPLETE flg=0x10 pkg=com.amazon.dcp }
...
I/com.amazon.dcp.ota.DownloadManifestHandler( 1358): Verifying OS update at /cache/bueller-ota-51.1.3.0_user_513011520-signed.bin
...
E/com.amazon.dcp.ota.DownloadManifestHandler( 1358): The OS version from install manifest is 513011520, but 511070220 from update file.
The only way for this to work is to spoof/MITM the information returned from Amazon when checking if an update is available, and that's difficult (impossible?) because the communication is encrypted.
Is the signature done on the whole image (header + payload + checksum etc.) or only on the payload? If only the payload of the image is signed it could be probably possible to find the version in the header and change it to the version it does expect.
Calibaan said:
Is the signature done on the whole image (header + payload + checksum etc.) or only on the payload? If only the payload of the image is signed it could be probably possible to find the version in the header and change it to the version it does expect.
Click to expand...
Click to collapse
I haven't fully analzyer how the updater works, but the gist of it is it downloads the update and verifies the signature of the entire file. It then figures out which version it is, not sure how it does that though. It's a zipfile, so its not a header payload checksum. It probably reads one of the files inside of the zip to check the version.
Is a link URL known for a valid firmware image? Doesn´t matter which version. Would like to have a look on the file.
Calibaan said:
Is a link URL known for a valid firmware image? Doesn´t matter which version. Would like to have a look on the file.
Click to expand...
Click to collapse
This page has links to all the software versions.
http://www.aftvnews.com/software/
Sent from my SCH-I545 using Tapatalk
rbox said:
I haven't fully analzyer how the updater works, but the gist of it is it downloads the update and verifies the signature of the entire file. It then figures out which version it is, not sure how it does that though. It's a zipfile, so its not a header payload checksum. It probably reads one of the files inside of the zip to check the version.
Click to expand...
Click to collapse
my guess it checks "system/build.prop" for version
my guess it checks "system/build.prop" for version
Click to expand...
Click to collapse
Does someone can test this? This would be an easy method
apfelstyle said:
Does someone can test this? This would be an easy method
Click to expand...
Click to collapse
You can't modify the contents of the update. The file as a whole has a signature and all the files in it do too.
Maybe I´m thinking to easy but could it be that Amazon does handle the ROM images similiar like an APK, so that tricking around with ZipSigner:
https://play.google.com/store/apps/details?id=kellinwood.zipsigner2&hl=de
could sign a modified ROM image?
If this would be possible (couldn´t test it since my ordered FTV isn´t still delivered :/ ) the idea would be:
-unzip image
-insert su in image and add MD5 in "MANIFEST-FILES.MD5" or change build.prop to another version and correct its MD5 in "MANIFEST-FILES.MD5"
-zip image
-upload to /sdcard on FTV
-start ZipSigner and try to sign the image again
I know that the correct release keys are important but probably the loader does only check if just a valid signature does exist so it allows probably flashing also with test keys.
Calibaan said:
Maybe I´m thinking to easy but could it be that Amazon does handle the ROM images similiar like an APK, so that tricking around with ZipSigner:
https://play.google.com/store/apps/details?id=kellinwood.zipsigner2&hl=de
could sign a modified ROM image?
If this would be possible (couldn´t test it since my ordered FTV isn´t still delivered :/ ) the idea would be:
-unzip image
-insert su in image and add MD5 in "MANIFEST-FILES.MD5" or change build.prop to another version and correct its MD5 in "MANIFEST-FILES.MD5"
-zip image
-upload to /sdcard on FTV
-start ZipSigner and try to sign the image again
I know that the correct release keys are important but probably the loader does only check if just a valid signature does exist so it allows probably flashing also with test keys.
Click to expand...
Click to collapse
There are 2 checks. The first is after the file is downloaded, and the second is after recovery starts before it flashes it. If we ignore the first check, and focus on the second, recovery has the amazon public key in it and it definitely verifies the file was signed with the key that matches that public key.