Poking at latest OTA update for fun and profit

Search This thread
By:
Advanced…
E

Etn40ff

Senior Member
Jul 11, 2010
70
42
I am poking around the latest official OTA update (get it here).
I am trying to see if there is anything useful for aftermarket roms. I will post
here my findings, if any, and all the questions that pop to my mind. Hopefully
someone in the community will have answers.

The updating script does the following:
1) several checks on bootloader/recovery/cid/device version
2) copy fotaBoot to /data/system/fotaBoot to trigger some changes at reboot
3) checks on files to be patched
4) delete several files from /data (notably adio_checksum, DxDr,
SuplRootCert_injected)
5) delete lots of files form /system
6) apply patches
7) copy files into /system
8) set permissions
9) flash firmware.zip via
Code: 
write_firmware_image("PACKAGE:firmware.zip", "zip");

Among the files being modified there are a couple of firmwares (yamato_pfp.fw
yamato_pm4.fw). I do not have them on my system (I run CM7) and I have no idea
which piece of hardware they refer to. There is also an app whose purpose I
ignore (HTC-DPM-GB-2.3-48637-11.1.apk) and a mysterious recovery.img in /system
(more on this later).

Does anyone know the exact procedure by which firmware.zip is flashed? Will any
check be performed on it? Its content is the following:

* android-info.txt: ASCII file with some version numbers.
* boot.img: should be the new kernel+ramdisk; I tried booting it with few
expectations and indeed it wont boot with a non-sense /system
* hboot_8x60_DOT_1.45.0013_20111121_signedbyaa.nb0: the new bootloader; I see no
reason to flash this unless it provides some new features.
* radio.img: fat image with radio files (should be safe to flash)
* rcdata.img: ???
* recovery.img: this won't boot; may it require the above mentioned recovery.img?
Anyway this is completely useless
* rpm.img: ???
* sbl1.img: ???
* sbl2.img: ???
* sbl3.img: ???
* tz.img: ???

Anyone has ideas on what the other files are? I assume that if we avoid flashing
hboot we will always have fastboot available to us and S-OFF to flash anything
we would like to, correct? Revolutionary team can you please explain how you
make the phone S-OFF once your exploit gives you the right privileges? Will any
of those files affect it? Has anyone here any idea of which partitions should
they be flashed to?

As I said I tried to boot both recovery.img and boot.img to get a config.gz and
kernel version with scarce success. I'd like to see whether they made some modifications to the
kernel which improved battery life. I think I will repack the new kernel with
CWM recovery and get the info from there.


Ideas of things to poke at? Comments? Helpful insights?
 
  • Like
Reactions: yogi2010
E

Etn40ff

Senior Member
Jul 11, 2010
70
42
Related info: here .
sbl*.img might be the boot loader. (secured/secondary boot loader???) but why in 3 separate chunks?
 
E

Etn40ff

Senior Member
Jul 11, 2010
70
42
More info: here

rcdata.img is text; it should be the configuration of the radio but if I check the content of the corresponding partition (mmcblk0p18) on my phone there is a lot of binary junk together with the small amount of text. The options are the same except for one (AGPSNVSetting) that is missing in the updated rcdata.img

Code: 
# cat /dev/block/mmcblk0p18 | strings | tail -n 9
QCT_UMTS_RADIO_VER=1
DisH=2
AGPSNVSetting=1
EnDTM=0
MSCMode=10
HSDPACat=10
HSUPACat=6
GEA3=0
QCT_UMTS_RADIO_END=1
 
Last edited:
  • Like
Reactions: yogi2010
Y

yogi2010

Senior Member
Dec 22, 2010
2,120
319
Los Angeles, CA
I know probably the biggest request from the community is to figure out how to root the update; it seems that the Rev. team has been notified that the exploit they used before seems to have been patched in this update.

Also very profitable would probably be zips for the new kernel and radio, if possible. Early reports have indeed been of better battery life, and also higher quadrant scores.

Anyway, many thanks for this thread, and for looking at the update :)
 
Litesorrows

Litesorrows

Senior Member
May 19, 2011
264
26
Elgin
www.facebook.com
There's a Pre Rooted Version of the OTA Update on Rootzwiki. I would imagine those on XDA would be rooted all ready. I understand trying to find a way to Root the OTA Update for those who had it before they could root. But wouldn't a simple Temp Root, then Downgrade work? That's what I had to do with my G2 and G1.

Sent from my MyTouch_4G_Slide using xda premium
 
Y

yogi2010

Senior Member
Dec 22, 2010
2,120
319
Los Angeles, CA
Litesorrows said:
There's a Pre Rooted Version of the OTA Update on Rootzwiki. I would imagine those on XDA would be rooted all ready. I understand trying to find a way to Root the OTA Update for those who had it before they could root. But wouldn't a simple Temp Root, then Downgrade work? That's what I had to do with my G2 and G1.

Sent from my MyTouch_4G_Slide using xda premium
Click to expand...
Click to collapse

the version on Rootzwiki isn't the newest update, the one that just came out 3 days ago. and the newest update has proven impervious even to temp-root so far. the only way to downgrade is if you were S-OFF before updating. there is a thread on this in the general section.....
 
Last edited:
Blue6IX

Blue6IX

Senior Member
May 20, 2011
1,755
1,139
I had pulled the new google talk app and made it flashable on request, here's the link:

Gtalk update

There are a couple others if anyone wants them - deskclock, wifi calling, t-mo mall and carbon backup, netflix, and two logging utilities.

The rest is all small updates to a lot - what I wanted to look into first were the GPS updates to make sure my patch stays as current as possible.

You can either pull apart the package directly, or flash the update and do an adb pull to grab new stuff - backup guide in my sig tells you all about using the adb pull command.

Now that we know you can rewind the changes and get root back after the update, either should be fine. I've been going through the download zip, but haven't had much time at my workstation.

I have a couple emergency shifts to work, kept me offline yesterday & today, I'll check back on a break later and see if I have anything else to add.

Sent from my Bulletproof_Doubleshot using xda premium
 
  • Like
Reactions: ekoee, daswerk and Droidmoder
D

drboy2692

Member
Aug 12, 2011
19
1
Bethlehem, PA
Blue6IX said:
I had pulled the new google talk app and made it flashable on request, here's the link:

Gtalk update

There are a couple others if anyone wants them - deskclock, wifi calling, t-mo mall and carbon backup, netflix, and two logging utilities.

The rest is all small updates to a lot - what I wanted to look into first were the GPS updates to make sure my patch stays as current as possible.

You can either pull apart the package directly, or flash the update and do an adb pull to grab new stuff - backup guide in my sig tells you all about using the adb pull command.

Now that we know you can rewind the changes and get root back after the update, either should be fine. I've been going through the download zip, but haven't had much time at my workstation.

I have a couple emergency shifts to work, kept me offline yesterday & today, I'll check back on a break later and see if I have anything else to add.

Sent from my Bulletproof_Doubleshot using xda premium
Click to expand...
Click to collapse

could i get deskclock, wifi calling, and netflix :D
 
sykopompos

sykopompos

Recognized Developer
Jun 26, 2008
15,322
29,134
flithydelphia
Yamato is gpu proprietary files. U would use them in a compile against source code for the improvements. I would say kernel fixes would be the main thing if reports are better quadrant and battery life

Sent from my MB525 using XDA App
 
  • Like
Reactions: yogi2010
J

Jaytex24

Member
Aug 10, 2011
49
10
Houston
www.mediafire.com
I flashed the t-mobile signed stock rom PP59IMG.zip through the bootloader then proceeded to download the OTA's. After that I placed the new recovery image in the appropriate place and rebooted bootloader to prepare pushing the recovery through fastboot. What I noticed is that even after installing the OTA in a unrooted totally stock rom, S-off remains, however where "revolutionary" once was written now displays "**Locked**" , so apparently HTC has managed to relock the bootloader even though it shows S-off. It's not totally locked, as I had to reflash the PP59IMG.zip to downgrade hboot again so that I could reuse the revolutionary tool to flash the 4.0.0.8 recovery, then install CWM to update the recovery. As long as "Locked" was sitting where "revolutionary" normally is, I found it impossible to use fastboot, so my guess is security remains off but fastboot is locked. Just my guess anyway.
 
Blue6IX

Blue6IX

Senior Member
May 20, 2011
1,755
1,139
monakh said:
Where did you get the stock/signed T-Mo PP59IMG.zip? Can't find it anywhere here. Thanks.
Click to expand...
Click to collapse

Link in quote below:

yogi2010 said:
sure Blue, it is pretty much the usual...


To undo the update/restore the stock firmware that came with the phone:

(Note: this will only work if you are still S-OFF even tho you have the new HBOOT version. If you are S-ON with the new HBOOT, then at this time there is no known way to revert... hopefully we can get the devs. of Revolutionary, etc, to update the root methods. Also, if you want to update just to check it out, make sure to turn S-OFF first if you'd like to give yourself the option to revert later.)

1. Download the stock firmware package from here: http://xdaforums.com/showthread.php?t=1178082

2. Rename it PG59IMG.zip and put it on the root of your sdcard.

3. Boot into the bootloader('adb reboot bootloader' or power down the phone then hold volume down + power), let it read the update package, and press 'volume up' to update when prompted.

4. At the end it will prompt you to press Power to reboot. It scared me because when i pressed Power, the screen went off and seemed to not come back on, so i pressed power once again, and it booted into the system.

That's it! Just remember that if you do this, it will of course erase all your data... your phone will be like it was out of the box.
Click to expand...
Click to collapse
 
Y

yogi2010

Senior Member
Dec 22, 2010
2,120
319
Los Angeles, CA
I'm not sure if this helps anyone, but here is the boot.img taken from my nandroid of the newest OTA ROM:

http://db.tt/GHfzWNIj

come to think of it, looks like you might already have this in the OTA zip... although this one is a bigger file...
 
Last edited:
Sinfamy

Sinfamy

Senior Member
Aug 15, 2011
234
63
steamcommunity.com
Two questions:

1. How do you flash this update? When I click the HTC Update, it gave me the ~5MB update, however not the ~40MB one. So is there a way to manually flash it?

2. Is there a way to doing so without loosing the recovery and root?
 
HebrewToYou

HebrewToYou

Senior Member
Feb 9, 2010
702
66
Sinfamy said:
Two questions:

1. How do you flash this update? When I click the HTC Update, it gave me the ~5MB update, however not the ~40MB one. So is there a way to manually flash it?

2. Is there a way to doing so without loosing the recovery and root?
Click to expand...
Click to collapse
You can download the update and run it manually. I can't remember if I renamed it update.zip and flashed it through stock recovery or used the bootloader.

If it was the bootloader, rename the downloaded zip to PG59IMG.zip, put it on the root of your sdcard and boot into the bootloader. The device's screen should prompt you with install instructions.

As for keeping root and recovery, no. As long as you are S-OFF *before* doing this, however, you can re-flash a custom recovery and re-root using these instructions: http://xdaforums.com/showthread.php?t=1433805
 
Y

yogi2010

Senior Member
Dec 22, 2010
2,120
319
Los Angeles, CA
Yeah, the update flashed nicely thru the stock recovery. I learned once you get to the recovery screen, you press volume up + power to get the options to show up.
 
You must log in or register to reply here.

Similar threads

kornyone
[ROM][Official]MyTouch4G Slide CyanogenMod 9 Alpha 6 (07/23) - 4.0.4
Replies
2K
Views
269K
S
spiritplumber
tbalden
[ROM][Feb 6 2012] Pyr-o-Ice ICS 1.0.2 (Android 4.0.3,AOSPish desensed)|Cam&Camcorder
Replies
1K
Views
140K
tbalden
tbalden
AgentCherryColla
PokeDroid 1.5.2 PokeDex for Android!
Replies
16
Views
78K
Darkangels6sic6
Darkangels6sic6
jonnycat26
[HowTo] Root the latest OTA when the HTC Unlocker tool doesn't work
Replies
70
Views
37K
SKAm69
SKAm69
tbalden
[ROM][Mar 16 2012] Pyr'o'Ice ICS Desensed 1.1.3 - Android 4.0.3, AOSPish, 1.5GHz OC
Replies
770
Views
92K
tbalden
tbalden

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 3
    Blue6IX
    Blue6IX
    I had pulled the new google talk app and made it flashable on request, here's the link:

    Gtalk update

    There are a couple others if anyone wants them - deskclock, wifi calling, t-mo mall and carbon backup, netflix, and two logging utilities.

    The rest is all small updates to a lot - what I wanted to look into first were the GPS updates to make sure my patch stays as current as possible.

    You can either pull apart the package directly, or flash the update and do an adb pull to grab new stuff - backup guide in my sig tells you all about using the adb pull command.

    Now that we know you can rewind the changes and get root back after the update, either should be fine. I've been going through the download zip, but haven't had much time at my workstation.

    I have a couple emergency shifts to work, kept me offline yesterday & today, I'll check back on a break later and see if I have anything else to add.

    Sent from my Bulletproof_Doubleshot using xda premium
    View
    1
    E
    Etn40ff
    I am poking around the latest official OTA update (get it here).
    I am trying to see if there is anything useful for aftermarket roms. I will post
    here my findings, if any, and all the questions that pop to my mind. Hopefully
    someone in the community will have answers.

    The updating script does the following:
    1) several checks on bootloader/recovery/cid/device version
    2) copy fotaBoot to /data/system/fotaBoot to trigger some changes at reboot
    3) checks on files to be patched
    4) delete several files from /data (notably adio_checksum, DxDr,
    SuplRootCert_injected)
    5) delete lots of files form /system
    6) apply patches
    7) copy files into /system
    8) set permissions
    9) flash firmware.zip via
    Code: 
    write_firmware_image("PACKAGE:firmware.zip", "zip");

    Among the files being modified there are a couple of firmwares (yamato_pfp.fw
    yamato_pm4.fw). I do not have them on my system (I run CM7) and I have no idea
    which piece of hardware they refer to. There is also an app whose purpose I
    ignore (HTC-DPM-GB-2.3-48637-11.1.apk) and a mysterious recovery.img in /system
    (more on this later).

    Does anyone know the exact procedure by which firmware.zip is flashed? Will any
    check be performed on it? Its content is the following:

    * android-info.txt: ASCII file with some version numbers.
    * boot.img: should be the new kernel+ramdisk; I tried booting it with few
    expectations and indeed it wont boot with a non-sense /system
    * hboot_8x60_DOT_1.45.0013_20111121_signedbyaa.nb0: the new bootloader; I see no
    reason to flash this unless it provides some new features.
    * radio.img: fat image with radio files (should be safe to flash)
    * rcdata.img: ???
    * recovery.img: this won't boot; may it require the above mentioned recovery.img?
    Anyway this is completely useless
    * rpm.img: ???
    * sbl1.img: ???
    * sbl2.img: ???
    * sbl3.img: ???
    * tz.img: ???

    Anyone has ideas on what the other files are? I assume that if we avoid flashing
    hboot we will always have fastboot available to us and S-OFF to flash anything
    we would like to, correct? Revolutionary team can you please explain how you
    make the phone S-OFF once your exploit gives you the right privileges? Will any
    of those files affect it? Has anyone here any idea of which partitions should
    they be flashed to?

    As I said I tried to boot both recovery.img and boot.img to get a config.gz and
    kernel version with scarce success. I'd like to see whether they made some modifications to the
    kernel which improved battery life. I think I will repack the new kernel with
    CWM recovery and get the info from there.


    Ideas of things to poke at? Comments? Helpful insights?
    View
    1
    E
    Etn40ff
    More info: here

    rcdata.img is text; it should be the configuration of the radio but if I check the content of the corresponding partition (mmcblk0p18) on my phone there is a lot of binary junk together with the small amount of text. The options are the same except for one (AGPSNVSetting) that is missing in the updated rcdata.img

    Code: 
    # cat /dev/block/mmcblk0p18 | strings | tail -n 9
QCT_UMTS_RADIO_VER=1
DisH=2
AGPSNVSetting=1
EnDTM=0
MSCMode=10
HSDPACat=10
HSUPACat=6
GEA3=0
QCT_UMTS_RADIO_END=1
    View
    1
    sykopompos
    sykopompos
    Yamato is gpu proprietary files. U would use them in a compile against source code for the improvements. I would say kernel fixes would be the main thing if reports are better quadrant and battery life

    Sent from my MB525 using XDA App
    View

New posts