Bspatch. Trying to get ICS stuck CDMA Razrs back on the path.

---

So... a lot of us are stuck on a certain firmware and need to get off of it. A solution to us all (hopefully), is a program called "bspatch" (usually comes with bsdiff). We have a boot.img file (compiled android img) and a boot.img.p (from an OTA update, zip, which we know 100% works and people have updated with the OTA zip).

We need bspatch to stop checking for corruption like it does now and to just force the patch to go. This would help save a lot of users stuck on firmware and we would all appreciate a point in the right direction.

We tried compiling the source of bspatch from many sites, but none seem to compile correctly or even run. We get them to run from binary pre-compiled versions, but those won't help us since it sees the patch as corrupt.

If we can get boot.img from the 6.12.181 fastboot files to patch with the boot.img.p from an ICS like the most current (6.16.206 as of 5/20/2012) we can make a fastboot files that is flashable onto someone stuck on 6.14.84 so they can upgrade to 206 with Moto Recovery.

Also if this magically can be done by the help of the XDA community, we can create a boot.img from 6.12.181 patched with a 4.0.3 boot.img.p (like from 84 or 85, since 79 and below aren't flashable on newer ICS), we can also have a root method for 4.0.4 like the GSM users have.

Best of luck to those who try to help with this!

http://www.daemonology.net/bsdiff/

https://launchpad.net/ubuntu/+source...+build/2960721

Files(s): http://rombot.droidhive.com/ROMs/spy...tchProject.zip
alt link: http://www.filefactory.com/file/1xj6...tchProject_zip

Note: My friend tried this already and we got Pre-flash validation errors when trying to fastboot it. Just throwing this idea out there.... best of luck.
EDIT: Added as an attachment.

Thanks to dhacker29 for trying this idea out first

Err.. Doesn't the /system/bin/applypatch can do this already??
I've always used it to patch OTA manualy..

example usage:

Code:

applypatch boot.img boot_new.img X Y Z:boot.img.p

where

Code:

X is the target(boot_new.img) sha1sum
Y is the target(boot_new.img) new size
Z is the source(boot.img) sha1sum

Obviously it will failed the cert test,
if the patch(boot.img.p) is not intended for the base(boot.img)

Information can be extracted from OTA update-script

example

Quote:

assert(apply_patch("MTD:boot:8388608:5fff8425560eb 1002b467062de2b355b45090ad7:8388608:2997ddb421e1d4 4b026410339e343f60b3bb65bd",
"-", 2997ddb421e1d44b026410339e343f60b3bb65bd, 8388608,
5fff8425560eb1002b467062de2b355b45090ad7, package_extract_file("patch/boot.img.p")));

X = 2997ddb421e1d44b026410339e343f60b3bb65bd
Y = 8388608
Z = 5fff8425560eb1002b467062de2b355b45090ad7

easily done via adb

Code:

adb.exe push boot.img /tmp/
adb.exe push boot.img.p /tmp/
adb.exe shell /system/bin/applypatch /tmp/boot.img /tmp/boot_new.img X Y Z:/tmp/boot.img.p
adb.exe pull /tmp/boot_new.img

Quote:

Originally Posted by whirleyes

Err.. Doesn't the /system/bin/applypatch can do this already??
I've always used it to patch OTA manualy..

example usage:

Code:

applypatch boot.img boot_new.img x y z:boot.img.p

where

Code:

x is the target(boot_new.img) sha1sum
y is the target(boot_new.img) new size
z is the source(boot.img) sha1sum

Obviously it will failed the cert test,
if the patch(boot.img.p) is not intended for the base(boot.img)

I can confirm that applypatch does have at least some success in patching a boot.img once you can figure out the information required from updater-script found in the OTA you are trying to make fastboot images for. I patched the file obtained by

Code:

dd if=/dev/block/mmcblk1p14 of=/sdcard-ext/b/boot.bin

on a 6.12.181 successfully using the code

Code:

applypatch ./boot.bin ./boot.bin.2 dd9310794842a4908aff55979a9fe97f825e8748 8388608 8e21cfa5d9be4dd08427b079fbff9a80d6e04560:boot.img.p

the code i ripped apart from 6.16.206 is

Code:

assert(apply_patch("MTD:boot:8388608:8e21cfa5d9be4dd08427b079fbff9a80d6e04560:8388608:dd9310794842a4908aff55979a9fe97f825e8748",
       "-", dd9310794842a4908aff55979a9fe97f825e8748, 8388608,
       8e21cfa5d9be4dd08427b079fbff9a80d6e04560, package_extract_file("patch/boot.img.p")));

to figure out the apply patch code i looked at the info above and compared it to this
[qoute]adb shell applypatch
usage: applypatch <src-file> <tgt-file> <tgt-sha1> <tgt-size> [<src-sha1>:<patch> ...]
or applypatch -c <file> [<sha1> ...]
or applypatch -s <bytes>
or applypatch -l

Filenames may be of the form
MTD:<partition>:<len_1>:<sha1_1>:<len_2>:<sha1_2>: ...
to specify reading from or writing to an MTD partition.[/quote] and with a little trial and error got it to work


EDIT
Let me be clear the patched boot.bin.2 does flash perfectly fine. no preflash validation failure.
Anyone on 6.16.206 want to do me a favor and do?

Code:

dd if=/dev/block/mmcblk1p15 of=/sdcard-ext/b/recovery.bin

and email/upload it to me? I'll hit the thanks button </bribe>

Quote:

Originally Posted by SilentViper

EDIT
Let me be clear the patched boot.bin.2 does flash perfectly fine. no preflash validation failure.
Anyone on 6.16.206 want to do me a favor and do?

Code:

dd if=/dev/block/mmcblk1p15 of=/sdcard-ext/b/recovery.bin

and email/upload it to me? I'll hit the thanks button </bribe>

I asked on the DroidRZR thread for 6.16.206 if anyone could do it, let's see

Edit: By the way which version boot.img is patched and flashable, and could we get a copy?

This is what a user at DroidRzr got when he tryed:

dd if=/dev/block/mmcblk1p15 of=/sdcard-ext/b/recovery.bin

[quote name='Fixter' timestamp='1337690349' post='46825']
Doing it right now Matt.
PS: Cannot Open for Read: Permission Denied
Also, I have root. Let me check now. I forgot to restore root.

Update 2: Cannot Open for Write: No such file or Directory. I copy pasted it, so I know it's right.
[/quote]

Quote:

Originally Posted by dimitri407

This is what a user at DroidRzr got when he tryed:

dd if=/dev/block/mmcblk1p15 of=/sdcard-ext/b/recovery.bin

[quote name='Fixter' timestamp='1337690349' post='46825']
Doing it right now Matt.
PS: Cannot Open for Read: Permission Denied
Also, I have root. Let me check now. I forgot to restore root.

Update 2: Cannot Open for Write: No such file or Directory. I copy pasted it, so I know it's right.

[/QUOTE]

He might need to do

Code:

mkdir /sdcard-ext/b

He might need to do

Code:

mkdir /sdcard-ext/b

[/QUOTE]


http://www.mediafire.com/?iihwd669mdxg740
Recovery.bin from DR user Fixter from 206.
Enjoy!

Quote:

Originally Posted by dimitri407

This is what a user at DroidRzr got when he tryed:

dd if=/dev/block/mmcblk1p15 of=/sdcard-ext/b/recovery.bin

[quote name='Fixter' timestamp='1337690349' post='46825']
Doing it right now Matt.
PS: Cannot Open for Read: Permission Denied
Also, I have root. Let me check now. I forgot to restore root.

Update 2: Cannot Open for Write: No such file or Directory. I copy pasted it, so I know it's right.

[/QUOTE]

Finally, some headway,

But I have a question is in regards to the DD command (kinda off topic but not really). How do you know that p15 is associated with recovery.bin, well at least for Droid Razr XT912-Verizon. I have some tools that show symlinks in an android file browser, but I am looking for a Linux command as well.

Been trying to find access to the devtree partition as well as cdrom, recovery, cdt.bin (p18=true), and now in this case, boot. I found all but devtree. Any ideas,

X

Open the recovery.img in a hex editor and the partitions are listed at the top.

Quote:

Originally Posted by mattlgroff

Quote:

http://www.mediafire.com/?iihwd669mdxg740
Recovery.bin from DR user Fixter from 206.
Enjoy!

AWESOME. I successfully flashed that to my secondary razr that i am playing with these updates on. I used this plus my custom patched boot.bin.2 to successfully boot into recovery. but im currently stuck there because no OTAs will flash from that, and my /system partition isn't the right version, nor anything else for that matter. now I need the rest of the /dev/block files from 206 :/

i'm going to have to figure something out quick