I am poking around the latest official OTA update (get it here).
I am trying to see if there is anything useful for aftermarket roms. I will post
here my findings, if any, and all the questions that pop to my mind. Hopefully
someone in the community will have answers.
The updating script does the following:
1) several checks on bootloader/recovery/cid/device version
2) copy fotaBoot to /data/system/fotaBoot to trigger some changes at reboot
3) checks on files to be patched
4) delete several files from /data (notably adio_checksum, DxDr,
SuplRootCert_injected)
5) delete lots of files form /system
6) apply patches
7) copy files into /system
8) set permissions
9) flash firmware.zip via
Among the files being modified there are a couple of firmwares (yamato_pfp.fw
yamato_pm4.fw). I do not have them on my system (I run CM7) and I have no idea
which piece of hardware they refer to. There is also an app whose purpose I
ignore (HTC-DPM-GB-2.3-48637-11.1.apk) and a mysterious recovery.img in /system
(more on this later).
Does anyone know the exact procedure by which firmware.zip is flashed? Will any
check be performed on it? Its content is the following:
* android-info.txt: ASCII file with some version numbers.
* boot.img: should be the new kernel+ramdisk; I tried booting it with few
expectations and indeed it wont boot with a non-sense /system
* hboot_8x60_DOT_1.45.0013_20111121_signedbyaa.nb0: the new bootloader; I see no
reason to flash this unless it provides some new features.
* radio.img: fat image with radio files (should be safe to flash)
* rcdata.img: ???
* recovery.img: this won't boot; may it require the above mentioned recovery.img?
Anyway this is completely useless
* rpm.img: ???
* sbl1.img: ???
* sbl2.img: ???
* sbl3.img: ???
* tz.img: ???
Anyone has ideas on what the other files are? I assume that if we avoid flashing
hboot we will always have fastboot available to us and S-OFF to flash anything
we would like to, correct? Revolutionary team can you please explain how you
make the phone S-OFF once your exploit gives you the right privileges? Will any
of those files affect it? Has anyone here any idea of which partitions should
they be flashed to?
As I said I tried to boot both recovery.img and boot.img to get a config.gz and
kernel version with scarce success. I'd like to see whether they made some modifications to the
kernel which improved battery life. I think I will repack the new kernel with
CWM recovery and get the info from there.
Ideas of things to poke at? Comments? Helpful insights?
I am trying to see if there is anything useful for aftermarket roms. I will post
here my findings, if any, and all the questions that pop to my mind. Hopefully
someone in the community will have answers.
The updating script does the following:
1) several checks on bootloader/recovery/cid/device version
2) copy fotaBoot to /data/system/fotaBoot to trigger some changes at reboot
3) checks on files to be patched
4) delete several files from /data (notably adio_checksum, DxDr,
SuplRootCert_injected)
5) delete lots of files form /system
6) apply patches
7) copy files into /system
8) set permissions
9) flash firmware.zip via
Code:
write_firmware_image("PACKAGE:firmware.zip", "zip");
Among the files being modified there are a couple of firmwares (yamato_pfp.fw
yamato_pm4.fw). I do not have them on my system (I run CM7) and I have no idea
which piece of hardware they refer to. There is also an app whose purpose I
ignore (HTC-DPM-GB-2.3-48637-11.1.apk) and a mysterious recovery.img in /system
Does anyone know the exact procedure by which firmware.zip is flashed? Will any
check be performed on it? Its content is the following:
* android-info.txt: ASCII file with some version numbers.
* boot.img: should be the new kernel+ramdisk; I tried booting it with few
expectations and indeed it wont boot with a non-sense /system
* hboot_8x60_DOT_1.45.0013_20111121_signedbyaa.nb0: the new bootloader; I see no
reason to flash this unless it provides some new features.
* radio.img: fat image with radio files (should be safe to flash)
* rcdata.img: ???
* recovery.img: this won't boot; may it require the above mentioned recovery.img?
Anyway this is completely useless
* rpm.img: ???
* sbl1.img: ???
* sbl2.img: ???
* sbl3.img: ???
* tz.img: ???
Anyone has ideas on what the other files are? I assume that if we avoid flashing
hboot we will always have fastboot available to us and S-OFF to flash anything
we would like to, correct? Revolutionary team can you please explain how you
make the phone S-OFF once your exploit gives you the right privileges? Will any
of those files affect it? Has anyone here any idea of which partitions should
they be flashed to?
As I said I tried to boot both recovery.img and boot.img to get a config.gz and
kernel version with scarce success. I'd like to see whether they made some modifications to the
kernel which improved battery life. I think I will repack the new kernel with
CWM recovery and get the info from there.
Ideas of things to poke at? Comments? Helpful insights?