[OTA-Decrypted]-official ota got decrypted

skoperst · Feb 26, 2012

Here are some OTA firmware updates which were decrypted, they are fully working and can be installed using the original recovery
Huge thanks to Condi who actually made this possible.

You can check which region/product you have by looking at your build.prop:

Code:

ro.build.description=nbx03_010-user 3.2.1 THMAS0042 0042.004 release-keys

Please look at the next post to see what those numbers mean.

Full OTA:

signed_nbx03_007-ota-0042.017_decrypted.zip

Incremental OTA:
incremental_nbx03_001 0042.001

obicom · Feb 26, 2012

It would be very helpful, if you would describe the version exactly.
From which country, which version and with or without 3G.
Otherwise it is a risk to flash a "unknown" version.

We should also collect a "region code translation table"
I would like to start with:

Region Code:
001 = USA
007 = Germany
015 = Austria
016 = Poland

Version Code:
0042.017 = 3.2.1R2
11000.014 = 3.2

I have two different versions downloaded:
signed-nbx03_007-ota-0042.017.zip
signed-nbx03_007-ota-11000.014.zip

My device:
Sony Tablet S - 16GB - no 3G - Model: SGPT111DE/S

Could someone explain how we can decrypt a firmware version?

skoperst · Feb 26, 2012

obicom, check PM

rimsilva · Feb 26, 2012

Yes, more details needed, we cannot do a blind update.

Sent from my U8800 using Tapatalk

skoperst · Feb 26, 2012

Actually my post was intended to be used by developers, there are some interesting technical information in the update.

I'll try to upload more firmwares once i have time and try to put a list like obicom suggested

condi · Feb 26, 2012

uploading full last ota from pl region, for developing purpose, will be ready in ~18min.

signed-nbx03_016-ota-0042.004_decrypted.zip

thomas.raines · Feb 26, 2012

Great work! Is there anyway you can create an update.zip to replace the /system/sbin, /system/bin, and /system/xbin with the stock or prerooted files?
I ask this because, I tried creating one, but I still get the signature verification failed error.
I have tried signing it with a few different methods, but still failing.
I'm trying to root the device and when I do, I get permission denied with every buysbox command, ie chmod, insmod, etc...
In addittion, I tried running just the update, and that failed because it is the same as my current version. I would think you could just change the update version inbedded in this package...

norberto_ · Feb 26, 2012

Great work guys!

Can i ask how to decrypt the zip files?
I want to decrypt my OTA zip too.

Thanks!
Br
norberto

obicom · Feb 26, 2012

@Condi:
If I take a look into the posted fw .. I am a little bit astonished.

I found three different region.prop files:
one for Austria
one for Switzerland
one for Poland

Does it mean this is the fw file for this three countries?
Do you know what the last three digits of the file name mean?

for Poland 004 and in Germany 017?
Mabay a hint for the included kernel version? (Build)

sebarkh · Feb 26, 2012

condi said:
uploading full last ota from pl region, for developing purpose, will be ready in ~18min.

signed-nbx03_016-ota-0042.004_decrypted.zip

Is this for wifi or 3g version? Or maybe desn't matter. I ask because I have SGPT111PL/S and the last ota I got 3 days ago was:
signed-nbx03_015-ota-0042.002.zip

daClaus · Feb 27, 2012

obicom said:
@Condi:
If I take a look into the posted fw .. I am a little bit astonished.

I found three different region.prop files:
one for Austria
one for Switzerland
one for Poland

Does it mean this is the fw file for this three countries?
Do you know what the last three digits of the file name mean?

for Poland 004 and in Germany 017?
Mabay a hint for the included kernel version? (Build)

The file on my austrian SGPT111AT/S is named "signed_nbx03_015-ota-0042.002.zip"

obicom · Feb 27, 2012

@Condi & skoperst

Do you know how I can extract the system.img and hidden.img file ?
Do you know what part of our OS is 'hidden' in the hidden.img file?
Is it the kernel image?

Where did you get the 'signed_nbx03_007-ota-0042.017_decrypted.zip' file?
From my point of view, it is exactly "my" firmware file from Germany.
Could you confirm that?

skoperst · Feb 27, 2012

obicom said:
@Condi & skoperst

Do you know how I can extract the system.img and hidden.img file ?
Do you know what part of our OS is 'hidden' in the hidden.img file?
Is it the kernel image?

Where did you get the 'signed_nbx03_007-ota-0042.017_decrypted.zip' file?
From my point of view, it is exactly "my" firmware file from Germany.
Could you confirm that?

Yes its your firmware.
system.img is just ext4 partition while hidden.img is not yet fully understood.
My guess its some sort of encrypted package for kernel/recovery/bootloader, maybe more then just one.

obicom · Feb 27, 2012

But if system.img is a dd image of the system partition, I would guess that 'OTA RootKeeper' cannot work in this case. From my understanding the ota update would overwrite the /system/, system/xbin and /system/bin. Is this correct?

-- Edit --
I found the following string in the 'updater-script':

assert(package_extract_file("system.img", "/dev/block/mmcblk0p3"));

so I guess it is not a dd image .. any idea how I can extract such a file?

Nesquick95 · Feb 28, 2012

img's

The img files can be mounted with rw access this way :

cd /media
mkdir tablet_system
mkdir tablet_hidden
mount -o loop -t ext4 system.img /media/tablet_system
mount -o loop -t sysfs hidden.img /media/tablet_hidden

Maybe a way to build pre-rooted roms if the stock recovery accepts uncrypted zips or if we are able to re-encrypt a modified one ?

I'll be very pleased to try something but i need a decrypted french OTA update...

sebarkh · Feb 28, 2012

Nesquick95 said:
The img files can be mounted with rw access this way :

cd /media
mkdir tablet_system
mkdir tablet_hidden
mount -o loop -t ext4 system.img /media/tablet_system
mount -o loop -t sysfs hidden.img /media/tablet_hidden

Maybe a way to build pre-rooted roms if the stock recovery accepts uncrypted zips or if we are able to re-encrypt a modified one ?

I'll be very pleased to try something but i need a decrypted french OTA update...

Get one using this method:
http://xdaforums.com/showthread.php?t=1511825

obicom · Feb 28, 2012

@sebarkh
I guess he need a decrypted one .. not only an encrypted ota update.

@Nesquick95
Thanks for the advice. Try to send Condi and/or skoperst your build.prop and region.zip. Maybe they can download an encrypted french version for you.

sebarkh · Feb 28, 2012

So, the question is HOW to decrypt.

Nesquick95 · Feb 28, 2012

img's

Some further informations :
My tablet isn't actually rootable because of an unlucky OTA update that leads me from kernel 8 to kernel 10.
I'm trying to find a way to gain root again but i'm not experienced in hacking...
The simple idea is to add the ro.kernel.qemu = 1 in the local.prop of a decrypted firmware and flash it with recovery to gain root with ADB, then push the busybox, su and superuser.apk in the right places.
I've mounted Condi's decrypted firmware with the mount commands given in my last post. Unfortunatly, i've not found the exact image of the tablet's file systems that I expected to.
I'll try to understand how it works anyway.
I join the "ls" of the two img file, if someone wants to take a look.
I also join my build.prop + region.zip if someone (Condi ?) can get a french OTA update and upload it somewhere for me.

condi · Feb 28, 2012

Nesquick95 said:
Some further informations :
My tablet isn't actually rootable because of an unlucky OTA update that leads me from kernel 8 to kernel 10.
I'm trying to find a way to gain root again but i'm not experienced in hacking...
The simple idea is to add the ro.kernel.qemu = 1 in the local.prop of a decrypted firmware and flash it with recovery to gain root with ADB, then push the busybox, su and superuser.apk in the right places.
I've mounted Condi's decrypted firmware with the mount commands given in my last post. Unfortunatly, i've not found the exact image of the tablet's file systems that I expected to.
I'll try to understand how it works anyway.
I join the "ls" of the two img file, if someone wants to take a look.
I also join my build.prop + region.zip if someone (Condi ?) can get a french OTA update and upload it somewhere for me.

I will start from the end. About getting ota update - ask skoperst - he is an expert in this

Second thing - it will not work.

Encryption of update zip is one thing, signature - signing is another thing. You will edit anything in zip - signature failed.

To understand how flash works you don't need your region decrypted ota zip.
Its very hard to get final decrypted update. Two of available - one incremental,
and one full - are fully sufficent to 'understand how it works'

br
condi

[OTA-Decrypted]-official ota got decrypted

Member

Senior Member

Member

Senior Member

Member

Senior Member

Recognized Developer

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Attachments

Senior Member

Similar threads

Top Liked Posts