it's not 'YOUR' rom I need just any update that either includes mtd's OR .hex files
Reason is i've stripped down my own .hex files from ACER EUU update which contained the .hex files, from these extracted the .img files as follows:
AMSS .hex file extracted ->
AMSS.pre.img........1kb
AMSS.part1.img.....1kb
AMSS.part2...........12kb....(you get the idea
)
AMSS.part7.bin.......17,972kb - as you'd expect as it is the AMSS*
neither aARM or mARM directly communicate as this would open up mARM for system attack as this holds all the security keys/locks (call it what you will) even NAND has to get past mARM to unlock to write to NAND essentially mARM (as ignorant and acting DUMB as it is) gives the system permission!
found a list of partitions on the phone through wxHexEditor which gave me this...
Code:
File pos Mem pos ID Text
======== ======= == ====
00000010 00000010 0 0:MIBIB
0000002C 0000002C 0 0:QCSBL
00000048 00000048 0 0:OEMSBL1
00000064 00000064 0 0:OEMSBL2
00000080 00000080 0 0:FTM
0000009C 0000009C 0 0:SIM_SECURE
000000B8 000000B8 0 0:AMSS
000000D4 000000D4 0 0:EFS2
000000F0 000000F0 0 0:RSV
0000010C 0000010C 0 0:MODEM_LOG
00000128 00000128 0 0:ANDROID_LOG
00000144 00000144 0 0:FOTA
00000160 00000160 0 0:APPSBL
0000017C 0000017C 0 0:BOOT
00000198 00000198 0 0:SYSTEM
000001B4 000001B4 0 0:FLEX
000001D0 000001D0 0 0:RECOVERY
000001EC 000001EC 0 0:USERDATA
00000208 00000208 0 0:CACHE
00000224 00000224 0 0:MISC
as I kept noticing different phones give slightly different layout/naming for partitions etc.
Now as I can understand it the 'part1-7' .img files they relate to the mtd partitions am I right? (if you're never sure you don't have to directly ask and let them know you're a bit dim
) If this is the case I'm wondering why i found ELF file/sys with test screen possibly mARM booting sequencing in the 'MISC' and what seems like a test file or files between
" Unable to read BD_ADDR from NV, using default "
and the following
" smsm.c.Assertion info->num_hosts <= SMSM_HOSTS_MAX failed.Assertion owner == info->this_hostfailed.smsm_state_get: smsm not initialized.spinlock.c.Invalid argument to spin_lock.Invalid argument to spin_unlock.smem_log_read internal error: read_count (%d) > smem_num_entries (%d) " is a nice little sequence of tags, tag no. and tags, 32 in all (as with NAND fuses although the Qualcomm docs say 11 are sufficient
) and each set has a date with it.
A bit like this :
Code:
;[General] ;Signature = windows ;FormatVersion = 1.0 ;TimeStamp = Friday August 14, 2009 11:35:24 AM ;
;[Tag] ;Num = 37 ;
;[Tag0] ;TagNum = 2 ;TagLength = 6 ;TagValue = E2 1B 0A ED 1C 5A ;
;[Tag1] ;TagNum = 6 ;TagLength = 8 ;TagValue = FB FE 0F FE 9B FF 59 83 ;
;[Tag2] ;TagNum = 17 ;TagLength = 7 ;TagValue = 0A 01 00 00 00 00 00 ;
;[Tag3] ;TagNum = 27 ;TagLength = 1 ;TagValue = 01 ;
;[Tag4] ;TagNum = 28 ;TagLength = 15 ;TagValue = 00 10 00 00 2C 01 01 00 00 F0 00 00 FF FF 00 ;
;[Tag5] ;TagNum = 32 ;TagLength = 2 ;TagValue = 0C 07 ;
;[Tag6] ;TagNum = 36 ;TagLength = 35 ;TagValue = 09 09 07 04 09 00 01 02 03 04 05 06 07 07 07 00 00 00 00 00 00 00 01 01 02 00 01 02 03 04 05 06 07 08 09 ;
;[Tag7] ;TagNum = 37 ;TagLength =22 ;TagValue = 00 00 02 01 01 12 1D 00 00 12 1D 00 00 00 00 00 34 32 30 00 00 00 ;
;[Tag8] ;TagNum = 39 ;TagLength = 4 ;TagValue = 17 03 00 00 ;
;[Tag9] ;TagNum = 40 ;TagLength = 18 ;TagValue = 32 05 07 0D E2 11 43 13 1C 0C 17 10 59 13 8D 04 3D 08 ;
;[Tag10] ;TagNum = 41;TagLength = 38 ;TagValue = 11 00 00 00 42 33 A5 31 B1 07 C1 70 1C FA 1D 04 1E 1F 20 6C 3D E
F 3E C9 A7 F5 AA 42 AB 94 AC 8F A6 BF A8 36 CF 58 ;
;[Tag11] ;TagNum = 42 ;TagLength = 10 ; TagValue = 87 04 38 0E BD 2D C5 01 38 82 ;
;[Tag12] ;TagNum = 78 ;TagLength = 2 ;TagValue = 04 04 ;
;[Tag13] ;TagNum = 95 ;TagLength = 11 ;TagValue = 00 03 01 0D 00 00 00 02 00 02 02;
;[Tag14] ;TagNum = 99 ;TagLength = 1 ;TagValue = 07 ;
;[Tag15] ;TagNum = 100 ;TagLength= 135 ;TagValue = 10 22 03 70 00 00 00 00 84 08 7C 00 4F 38 47 09 00 00 00 13 48 14 49 40 69 88 42 18 D1 A0 68 40 07 15 D5 11 49 08 6B 00 28 11 D1 04 20 A0 60 03 20 08 63 12 4F 78 78 3F 78 38 43 11 4F 3F 78 38 43 01 27 38 43 A4 31 08 60 48 20 28 62 07 E0 A0 68 C0 07 02 D0 09 4E 07 4F 38 47 04 4F 38 47 04 4F 38 47 64 08 00 00 80 BD 03 70 C0 F0 0F B0 91 22 03 70 0B 2 2 03 70 19 22 03 70 00 10 00 B0 40 12 00 00 42 02 00 00 ;
What I'm thinking is you have your 'Private Key', send out the updates with 'Public Keys' but you need a cypher, all over the place is the files with Qualcomm, Taipei, CCI with 2 long numbers with the details, think of the NAND as a two way lock, you never open the whole thing you spin lock it, locking the unlocked and vice-versa, misc would be written at the other end of the NAND area (what we may be seeing as oob and garbage), the thing is why would my phone if it was only made in the last 12 months or so have a dated file another 12 months before that in an update only 2 to 5 months old and around 2 months after the phone came out? like August 14th 2009
Don't forget they have to update it without human contact, without a pc, no adb, and no Jtag so it's gotta be a numbers thing