FORUMS

Analysis & Opinion

Top Forum Discussions

Root filesystem image.

38 posts
Thanks Meter: 1
 
By zelch, Member on 8th December 2010, 10:08 AM
Post Reply Subscribe to Thread Email Thread
Alright, so the root filesystem image is in /mnt/system/androidmerged.squashfs.secure

So do a temp root, copy to /mnt/storage, and then a adb pull gets it over.

The squashfs itself is offset by 256 bytes, so:

losetup -o 256 /dev/loop0 ./androidmerged.squashfs.secure

At this point, the FS can be mounted or unsquashfs can be used to extract it.

So, what's the first 256 bytes? The secure implies some type of signature, but what kind, and what else is in all those bytes?

I'm not feeling brave enough to try just grabbing the first 256 bytes and appending a modified squashfs image to it on my device just yet, but if others try please report back. (On both if it works, and if not what it takes to recover the unit.)
 
 
8th December 2010, 11:01 AM |#2  
chrulri's Avatar
Senior Member
Thanks Meter: 276
 
Donate to Me
More
how big is it? can you upload it somewhere? (or would this be illegal?)

damm.. i need my 101!
8th December 2010, 04:35 PM |#3  
krohnjw's Avatar
Recognized Developer
Flag Plainfield
Thanks Meter: 535
 
More
Quote:
Originally Posted by chulri

how big is it? can you upload it somewhere? (or would this be illegal?)

damm.. i need my 101!

75 MB - uploading now

Edit: And up: http://hotfile.com/dl/88050103/f99f3...fs.secure.html
Last edited by krohnjw; 8th December 2010 at 04:43 PM.
8th December 2010, 06:24 PM |#4  
chrulri's Avatar
Senior Member
Thanks Meter: 276
 
Donate to Me
More
thx!
8th December 2010, 07:51 PM |#5  
chrulri's Avatar
Senior Member
Thanks Meter: 276
 
Donate to Me
More
how would you replace the root fs image on the device?
Last edited by chrulri; 8th December 2010 at 08:16 PM.
8th December 2010, 08:27 PM |#6  
OP Member
Thanks Meter: 1
 
More
Quote:
Originally Posted by chulri

how would you replace the root fs image on the device?

Connect via ADB, do a temproot, put the file in /mnt/storage, then copy it into /mnt/system overwriting the existing file. /mnt/storage is an ext3 filesystem mounted read/write, however I simply do not know if it will be possible to recover the unit if there is some kind of signature verification and we fail due to a modified image.

Again, someone braver then I should make this attempt and let us know how it goes.

The source did not give all that many hints, but I need to dig through in some more detail.
8th December 2010, 08:57 PM |#7  
krohnjw's Avatar
Recognized Developer
Flag Plainfield
Thanks Meter: 535
 
More
Quote:
Originally Posted by zelch

Connect via ADB, do a temproot, put the file in /mnt/storage, then copy it into /mnt/system overwriting the existing file. /mnt/storage is an ext3 filesystem mounted read/write, however I simply do not know if it will be possible to recover the unit if there is some kind of signature verification and we fail due to a modified image.

Again, someone braver then I should make this attempt and let us know how it goes.

The source did not give all that many hints, but I need to dig through in some more detail.

If the unit will still boot to recovery could a full wipe and reinstall of the base AOS over USB get it back up and running?
8th December 2010, 09:12 PM |#8  
kenyu73's Avatar
Senior Member
Flag Upstate NY
Thanks Meter: 82
 
More
Quote:
Originally Posted by krohnjw

If the unit will still boot to recovery could a full wipe and reinstall of the base AOS over USB get it back up and running?

Recovery shouldn't be part of the FS so at worst, you'd have to do a format/firmware install.
8th December 2010, 09:17 PM |#9  
L0$t$0ul's Avatar
Member
Thanks Meter: 6
 
More
You can do a full system wipe/format from recovery. it's not in any damageable storage by us without flashing a new recovery image.

Interesting about the front 256 bytes. It must be a signature. Not sure what good rebuilding the squashfs will do as it'll still be read only but it's a start. We could at least update the system properly and install the appropriate apps. Maybe in make some of the system dirs symlinks to writable locations possibly.
8th December 2010, 09:32 PM |#10  
OP Member
Thanks Meter: 1
 
More
Permroot, giving us a filesystem mounted RW and not no-suid.

Ideally, I'd like to have decent support for the internal storage being ext3 without nosuid, but first we need to be able to replace the root filesystem image.

Other notes..

Looking at the hexdumps, the 256 byte chunk does not contain the start of the md5, sha1, sha224, sha256, sha384, or sha512 checksums.

The most troubling option which comes to mind is that it is the right size for a RSA 2048 bit block, hopefully not.

Anyone have ideas on how to find the initramfs image that the bootloader is feeding the kernel?

For that matter, has anyone tried taking apart the OS update images?
8th December 2010, 11:02 PM |#11  
chrulri's Avatar
Senior Member
Thanks Meter: 276
 
Donate to Me
More
Quote:
Originally Posted by zelch

For that matter, has anyone tried taking apart the OS update images?

I think the aos file or the responsible installer/updater should give us a lot of information about how this stuff can be updated.

Read More
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes