EDIT 12/8/2015 - THIS THREAD IS NOW OBSOLETE.
In Early April 2015, Google retroactively changed a large number of prior factory images for nakasi/grouper (possibly nakasig too). Read this thread from post #57 onward.
Thank to wugfresh for noticing the changes.
Note that because previous binary images are now "in the wild" (or, you might have retained your own archives) you still need to be aware of what you are flashing - cross-check your checksums, folks.
Executive Summary:
1) There are at least THREE different bootloader files from Google/Asus that are all labeled with the identical version number "4.23". The versions distributed with the JWR66Y, KOT49H, KUT48L, KUT48P, and LRX21P Google factory images are INVALID. If you want a 4.23 bootloader ".img" file, get it from any of the (JWR66V, KRT16O, KRT16S) Google factory images
2) The "bootloader.raw" files contained in the OTA update .zip files ARE PREFIXED WITH A 76-byte PREAMBLE, and thus are NOT identical to the bootloader ".img" files distributed by Google in their full factory image distros. They should never be used with fastboot.
3) Somebody from Google/Asus screwed up royally and put the OTA (preamble-prefixed) bootloader file into the JWR66Y (full) factory Image; similarly the bootloader ".img" file in the KOT49H image is also screwed up - it starts with "BOOTLDR!" rather than an arm objcode near branch ("ea000010 == b[ranch] 48"). It is also a wildly different size than prior bootloader .img files. What's up Google?
I didn't examine any of the tilapia full factory images or OTA zip files to check them. You've been warned!
details:
What sloppiness. Hard to say whether this is a Google fumble or an Asus fumble; perhaps something fell in the cracks between them.
What are the OTA 76-byte preambles of the "bootloader.raw" files? I'm not sure exactly. Perhaps they are nothing more than a signature used to "alert" the existing bootloader that a replacement bootloader has been dropped into the USP partition. (I suppose that all versions of the bootloader look at the USP partition when they first boot up to check for the presence of an update; the same technique may also be used by tilapia devices for radio firmware, but that's speculation) These prefixes are also not identical to each other; they seem to vary in only a few bytes from version to version, e.g.:
The differences that appear in these preambles are the 4-bytes sequence (shown highlighted above) which are exactly the (little-endian) length of the corresponding (non-preamble-prefixed) bootloader of the same "version".
Recommendations:
- Be extremely aware of where you get bootloader files from. The authoritative place to get the unadorned (no preamble) bootloaders are from the Google Factory Images. In the event you need older factory images which are not available from Google any longer, oldblue910 maintains a historical archive of both the factory images and individual OTA patch bundles.
- "bootloader.raw" files should NEVER be flashed with fastboot.
- bootloader ".img" files from the factory full-image distros won't do anything if flashed to the USP - they don't have the preamble that the (pre-existing) bootloader looks for.
- If you must flash a bootloader, avoid the "4.23" bootloader .img files from the JWR66Y and KOT49H factory images. A valid 4.23 bootloader ".img" file has an MD5 signature of df53028033c9eccf4fe5ba7bc198ce24
cheers
* not sure what this file is; but it isn't a bootloader. While there is plenty of arm object code in there, It has almost 0% overlap of ascii strings greater than length 8 with the valid 4.23 bootloader from (e.g.) JWR66V. Possibly worth a look by folks that enjoy disassembly?
In Early April 2015, Google retroactively changed a large number of prior factory images for nakasi/grouper (possibly nakasig too). Read this thread from post #57 onward.
Thank to wugfresh for noticing the changes.
Note that because previous binary images are now "in the wild" (or, you might have retained your own archives) you still need to be aware of what you are flashing - cross-check your checksums, folks.
Executive Summary:
1) There are at least THREE different bootloader files from Google/Asus that are all labeled with the identical version number "4.23". The versions distributed with the JWR66Y, KOT49H, KUT48L, KUT48P, and LRX21P Google factory images are INVALID. If you want a 4.23 bootloader ".img" file, get it from any of the (JWR66V, KRT16O, KRT16S) Google factory images
2) The "bootloader.raw" files contained in the OTA update .zip files ARE PREFIXED WITH A 76-byte PREAMBLE, and thus are NOT identical to the bootloader ".img" files distributed by Google in their full factory image distros. They should never be used with fastboot.
3) Somebody from Google/Asus screwed up royally and put the OTA (preamble-prefixed) bootloader file into the JWR66Y (full) factory Image; similarly the bootloader ".img" file in the KOT49H image is also screwed up - it starts with "BOOTLDR!" rather than an arm objcode near branch ("ea000010 == b[ranch] 48"). It is also a wildly different size than prior bootloader .img files. What's up Google?
I didn't examine any of the tilapia full factory images or OTA zip files to check them. You've been warned!
details:
Code:
GROUPER (N7 Wifi-Only, 2012) BOOTLOADERS
DERIVED FROM Google "Factory Images":
BYTES MD5SUM ROM FACTORY_IMAGE_FILENAME strings *.img | grep BOOTLOADER
2142784 f5f8c0dd160ef92c601311a0c9054118 JZO54K ./nakasi-jzo54k/bootloader-grouper-3.41.img BOOTLOADER VERSION - 3.41
2146892 a119629c89ad06c7e49bebd260df9cf3 JOP40C ./nakasi-jop40c/bootloader-grouper-4.13.img BOOTLOADER VERSION - 4.13
2146892 a119629c89ad06c7e49bebd260df9cf3 JOP40D ./nakasi-jop40d/bootloader-grouper-4.13.img BOOTLOADER VERSION - 4.13
2146892 bffa744a6847b5bede2bf445427ef80e JDQ39 ./nakasi-jdq39/bootloader-grouper-4.18.img BOOTLOADER VERSION - 4.18
2150992 df53028033c9eccf4fe5ba7bc198ce24 JWR66V ./nakasi-jwr66v/bootloader-grouper-4.23.img BOOTLOADER VERSION - 4.23
[color=red]2151068 5bdb2e87370cdb1a7ea14bb0c3e21390[/color] JWR66Y ./nakasi-jwr66y/bootloader-grouper-4.23.img BOOTLOADER VERSION - 4.23
2150992 df53028033c9eccf4fe5ba7bc198ce24 KRT16O ./nakasi-krt16o/bootloader-grouper-4.23.img BOOTLOADER VERSION - 4.23
2150992 df53028033c9eccf4fe5ba7bc198ce24 KRT16S ./nakasi-krt16s/bootloader-grouper-4.23.img BOOTLOADER VERSION - 4.23
[color=red]4005632 797a8ddfe19bfe4c485f8a8c119f1bdd[/color] KOT49H ./nakasi-kot49h/bootloader-grouper-4.23.img BOOTLOADER VERSION - %s
[color=red]2151068 5bdb2e87370cdb1a7ea14bb0c3e21390[/color] KTU84L ./nakasi-ktu84l/bootloader-grouper-4.23.img BOOTLOADER VERSION - 4.23
[color=red]2151068 5bdb2e87370cdb1a7ea14bb0c3e21390[/color] KTU84P ./nakasi-ktu84p/bootloader-grouper-4.23.img BOOTLOADER VERSION - 4.23
[color=red]2151068 5bdb2e87370cdb1a7ea14bb0c3e21390[/color] LRX21P ./nakasi-lrx21p/bootloader-grouper-4.23.img BOOTLOADER VERSION - 4.23
What sloppiness. Hard to say whether this is a Google fumble or an Asus fumble; perhaps something fell in the cracks between them.
What are the OTA 76-byte preambles of the "bootloader.raw" files? I'm not sure exactly. Perhaps they are nothing more than a signature used to "alert" the existing bootloader that a replacement bootloader has been dropped into the USP partition. (I suppose that all versions of the bootloader look at the USP partition when they first boot up to check for the presence of an update; the same technique may also be used by tilapia devices for radio firmware, but that's speculation) These prefixes are also not identical to each other; they seem to vary in only a few bytes from version to version, e.g.:
Code:
nakasi-JZO54K-from-JRO03S.d41da8f6 bootloader.raw (v 3.41)
00000000 4d 53 4d 2d 52 41 44 49 4f 2d 55 50 44 41 54 45 |MSM-RADIO-UPDATE|
00000010 00 00 01 00 3c 00 00 00 3c 00 00 00 01 00 00 00 |....<...<.......|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000030 00 00 00 00 00 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
00000040 4c 00 00 00 [color=red]40 b2 20 00[/color] 01 00 00 00 |L...@. .....|
0000004c
nakasi-JOP40D-from-JZO54K.c01f18e0 bootloader.raw (v 4.13)
00000000 4d 53 4d 2d 52 41 44 49 4f 2d 55 50 44 41 54 45 |MSM-RADIO-UPDATE|
00000010 00 00 01 00 3c 00 00 00 3c 00 00 00 01 00 00 00 |....<...<.......|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000030 00 00 00 00 00 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
00000040 4c 00 00 00 [color=red]4c c2 20 00[/color] 01 00 00 00 |L...L. .....|
0000004c
nakasi-JDQ39-from-JZO54K.da55f917 bootloader.raw (v 4.18)
00000000 4d 53 4d 2d 52 41 44 49 4f 2d 55 50 44 41 54 45 |MSM-RADIO-UPDATE|
00000010 00 00 01 00 3c 00 00 00 3c 00 00 00 01 00 00 00 |....<...<.......|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000030 00 00 00 00 00 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
00000040 4c 00 00 00 [color=red]4c c2 20 00[/color] 01 00 00 00 |L...L. .....|
0000004c
nakasi-JWR66V-from-JDQ39.ab67ca07 bootloader.raw (v "4.23" rev0)
00000000 4d 53 4d 2d 52 41 44 49 4f 2d 55 50 44 41 54 45 |MSM-RADIO-UPDATE|
00000010 00 00 01 00 3c 00 00 00 3c 00 00 00 01 00 00 00 |....<...<.......|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000030 00 00 00 00 00 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
00000040 4c 00 00 00 [color=red]50 d2 20 00[/color] 01 00 00 00 |L...P. .....|
0000004c
The differences that appear in these preambles are the 4-bytes sequence (shown highlighted above) which are exactly the (little-endian) length of the corresponding (non-preamble-prefixed) bootloader of the same "version".
Recommendations:
- Be extremely aware of where you get bootloader files from. The authoritative place to get the unadorned (no preamble) bootloaders are from the Google Factory Images. In the event you need older factory images which are not available from Google any longer, oldblue910 maintains a historical archive of both the factory images and individual OTA patch bundles.
- "bootloader.raw" files should NEVER be flashed with fastboot.
- bootloader ".img" files from the factory full-image distros won't do anything if flashed to the USP - they don't have the preamble that the (pre-existing) bootloader looks for.
- If you must flash a bootloader, avoid the "4.23" bootloader .img files from the JWR66Y and KOT49H factory images. A valid 4.23 bootloader ".img" file has an MD5 signature of df53028033c9eccf4fe5ba7bc198ce24
cheers
* not sure what this file is; but it isn't a bootloader. While there is plenty of arm object code in there, It has almost 0% overlap of ascii strings greater than length 8 with the valid 4.23 bootloader from (e.g.) JWR66V. Possibly worth a look by folks that enjoy disassembly?
Last edited: