Requesting expert help on collecting MD5 on Xoom (virgin) Wifi image files

[Scourge1024]

So, I've picked up my replacement Xoom after bricking my first. I decided to rip my system and recovery partitions again for completeness, after discovering BeagleBoy's system.img was different from mine. I've posted my Xoom WiFi (MZ604) recovery.img in another thread. Anyway, I can confirm the WiFi recovery partition on both my old Xoom and new Xoom have an MD5 of 1f853c8636ab22b5d651a5512f0865c0. Great success! I hope others with a virgin Xoom Wi-Fi can confirm with me.

And here's something interesting... After ripping a new system.img (MD5 4b7b974a0cc8cdc00521de970b7fc611) from my new Xoom, I did a compare against my first system.img from my bricked Xoom. And also against BeagleBoy's. ALL 3 ARE DIFFERENT. I think I may have compromised my first system.img from my bricked Xoom by doing an "adb remount" before ripping the partition.

Now to confirm... With system.img having been extracted (and backed up) from my new Xoom. I performed an "adb remount" and immediately ripped the system partition again. Did a new MD5 check and... It changed... It's looking like a RW remount does compromise the "virginity" of the system.img file.

One more thing... I'm hoping someone with a factory locked WiFi Xoom can replicate BeagleBoy's boot.img file (MD5 051d1f7e150d4077adb388b5f8e53462). He flashed the Tiamat kernel onto the recovery partition instead of the boot partition (to maintain its integrity) and booted into recovery (Beagle, if you can elaborate on how to do this, please do).

I asked for expert help so I will not be doing step-by-step instructions.
Testing method 1 (retrieving system.img and recovery.img):
1. Put virgin Xoom in fastboot mode (if you can't do this, you shouldn't be helping)
2. Do a "fastboot oem unlock" and "fastboot flash boot.img" where boot.img is the Tiamat boot image to give you basic root. Reboot into normal mode.
3. With USB debugging on, do an "adb shell". Do not do a remount during test!
4. At the root (#) prompt, extract your system and recovery using the following commands (do recovery first, much faster):

dd if=/dev/block/platform/sdhci-tegra.3/by-name/recovery of=/mnt/sdcard/recovery_wifi_virgin.img

dd if=/dev/block/platform/sdhci-tegra.3/by-name/system of=/mnt/sdcard/system_wifi_virgin.img

5. Do an "adb pull" of the two .img files you created in /mnt/sdcard/.
6. Run a MD5 on the two files and report here.
7. ???
8. Profit

Test method 2 (install Tiamat into recovery partition and extract boot.img and system.img)
1. I will edit this section as needed. But the gist of it is to install Tiamat into recovery partition and then extract boot.img and system.img using a similar method to above...
...
8. In fastboot, reflash the recovery partition I saved on


References:
BeagleBoy's thread for his boot.img and system.img (http://forum.xda-developers.com/showthread.php?t=1017398)
My thread for the recovery.img file I first extracted (and hoping is consistant between all Xoom WiFi's of varying regions) at http://forum.xda-developers.com/showthread.php?t=1036574

 

[Scourge1024]

Placeholder for an external link to my system.img file (when I have time to upload it somewhere for hosting)

 

[Scourge1024]

Scourge1024's MD5 test results on old Xoom (fail?):
boot.img - (not tested)
system.img - 203465c9fb9d6bc926dd0dea9b85ebc4 (not valid as a clean image after remount)
recovery.img - 1f853c8636ab22b5d651a5512f0865c0 (matches my new Xoom; may not)

Scourge1024 new Xoom (Win?):
boot.img - (not tested)
system.img - 4b7b974a0cc8cdc00521de970b7fc611 (never RW mounted, hoping this is consistant)
recovery.img - 1f853c8636ab22b5d651a5512f0865c0 (matches my new Xoom; may not)

BeagleBoy:
boot.img - 051d1f7e150d4077adb388b5f8e53462 (trying to find out if this is consistent)
system.img - fd78a2297290c3fdc7377ded6090e2ae (does not match either of mine)
recovery.img - (not tested; overwritten)

Now to see if people can get a consistant MD5 for boot.img...

 

[ydaraishy]

My expectation is that the kernel images (not the entire boot images) should be identical across devices and between boot and recovery.

The system image differences you're experiencing are probably expected -- remember *access* times are logged within the file system, it is ext4 after all -- and because you're pulling a system image, rather than the files themselves, you see a difference. Things like that are going to be difficult to eliminate.

 

[Scourge1024]

My expectation is that the kernel images (not the entire boot images) should be identical across devices and between boot and recovery.

The system image differences you're experiencing are probably expected -- remember *access* times are logged within the file system, it is ext4 after all -- and because you're pulling a system image, rather than the files themselves, you see a difference. Things like that are going to be difficult to eliminate.

If system is left in read-only access, would the access times be affected? I'm thinking this is possibly the reason why my "fastboot oem lock" failed. I had been able to relock my device before touching the boot, system and recovery partitions. Userdata was obviously changed the moment I booted up normally so I think that can be taken out of the equation. Plus, it gets wiped each lock/unlock anyway.

Anyway, I'm NOT going to try relocking my new Xoom... One heart attack was enough. And Best Buy might catch on I'm doing something I shouldn't be.

Can someone grab their MZ604 recovery partition? I'd like to see if they get the same MD5 I do. I doubt anyone has a modified recovery partition besides BeagleBoy. I'm trying to isolate if there's any difference between Canadian Wi-Fi Xooms (like my own) and the US ones. I already know my recovery partition is different than the MZ600 Verizon Xoom.

Think about this people... If Moto isn't going to give us Wi-Fi guys official img files, we'll have to get them ourselves.

 

[ydaraishy]

If system is left in read-only access, would the access times be affected? I'm thinking this is possibly the reason why my "fastboot oem lock" failed. I had been able to relock my device before touching the boot, system and recovery partitions. Userdata was obviously changed the moment I booted up normally so I think that can be taken out of the equation. Plus, it gets wiped each lock/unlock anyway.

Anyway, I'm NOT going to try relocking my new Xoom... One heart attack was enough. And Best Buy might catch on I'm doing something I shouldn't be.

Can someone grab their MZ604 recovery partition? I'd like to see if they get the same MD5 I do. I doubt anyone has a modified recovery partition besides BeagleBoy. I'm trying to isolate if there's any difference between Canadian Wi-Fi Xooms (like my own) and the US ones. I already know my recovery partition is different than the MZ600 Verizon Xoom.

Think about this people... If Moto isn't going to give us Wi-Fi guys official img files, we'll have to get them ourselves.

I'd say mounting ro might help, but I'm not sure. It's possible filesystem metadata might change even if mounted read-only. I'd need to know more about ext4 to make a firm call.

One really needs to know what the "fastboot oem lock" procedure is using to validate the currently written images -- I have a feeling a signature check is being made, but I can't be sure of that. It might be fruitful to diff the Moto-provided images with ones dd'd off a running MZ600, perhaps. All just guesses though.

(let alone how cruddily designed it is to be only transitioned between lock and unlock states with correct firmware and no validation being made -- ie., it's very nicely easy to brick)