See Rooting new hardware FIRST if you have a nook original with a 1003* serial# or above.
Belated congratulations to [mbm] and pokey9000 for rooting the Nook Color. Check out our Nook Color portal also.
User:TimRiker has been re-despamming. New user registration disabled for a while. Need wiki help? Contact an Administrator.

Firmware Update

From nookDevs

Jump to: navigation, search



We are going to quote parts of the iPhone dev team here. GOLDEN RULE: Do not update until you hear from @nookDevs that it is OK TO UPDATE!

We don't know what kinda muscle B&N could pack in the update, it could lockout all rooted devices from using root. Just to be safe DO NOT UPDATE IF A SOFTWARE UPDATE GOES OUT UNLESS WE TELL YOU.

There is one small catch.... B&N can force a update on you with a 5 minute countdown clock. If this happens, delay the clock and shut off the device ASAP. This should (although unconfirmed) give you enough time to remove the update from the system or go into airplane mode to block out any connection attempts home.


For the information on how to force an OTA (over the air) update or how to update the nook manually, please visit B&N nook support site.

Oficial firmwares (09/oct/2010)

Version Release date Alt download SHA1
1.0.0 2010 October 20 84287d73b70e98da6a6af9f362b31e96d4e6eea4
1.1.0 2009 December 21
1.1.1 2009 December 21 megaupload af14c085d0debb342148b39a106a8ac416d08fb8
1.2.0 2010 February 5 megaupload d69ac8af8a475d936e082a3d9f3e2858f2621f27
1.3.0 2010 April 23 megaupload 582a8708bbb725db716dcbde689126ba76451a62
1.4.0 2010 June 21 megaupload c0a5da025472933eb41dcac36425426848d5384a
1.4.1 2010 August
1.5.0 2010 November 22 174395788aac8ea851821de8343c806ced285466
1.6.0 (buggy) 2011 June 3b214e78984d09dc0894c02a023bafccda4f5027
1.7.0 Last release 2011 June 21 hotfile 98534a34cdf19cbbc3c164de534cfba83bf7ced2

Firmware update format

The firmware update is a gzipped tar archive with an additional header.

Firmware update header

Bytes 0-6: Empty
Byte 7: Offset from this byte to the start of the gzip header
Bytes 8-14: Empty
Bytes 15: Length of the following block, in bytes (128 in the current update)
Bytes 16-143: Signature?
Bytes 144-158: Empty
Byte 159: Length of the following block, in bytes (5, in the current update)
Bytes 160-164: Version string in ascii, including decimal points
Bytes 165-168: Empty
Bytes 169-172: Unknown
Bytes 173-end: Gzipped tarball

Firmware update contents

The tar archive contains an update script that is interpreted by the flasher and an optional set of the following files, all under the Firmware_Update directory:

  • kernel.bin: A replacement kernel.
  • u-boot.bin: A replacement first-stage bootloader
  • turboboot.img: A replacement second-stage bootloader
  • root.tgz: A replacement root filesystem. wpa_supplicant.conf will be backed up from the existing root, which will then be formatted and the contents of root.tgz extracted to it. wpa_supplicant.conf will then be restored.
  • delta_android_remove.list: A list of files to be deleted from the root filesystem
  • delta_android_add.tgz: A tar archive containing a subset of the root filesystem. This will be extracted over the top of the existing root filesystem.
  • delta_user_remove.list: A list of files to be deleted from the FAT filesystem that is used for user storage
  • delta_user_add.tgz: A tar archive containing new files to be extracted to the user storage filesystem

There are also md5sums and sha1sums files containing the md5 and sha1 of each of the update files. The update files are processed if they exist, and then the Firmware_Update directory and its contents are deleted.

Possibility of using the Update for our purposes

Quite high, in fact. Travis has looked at the key in (/system/etc/security), and has found it to be the same testkey as the one in the stock android project available from git source.

So, in short "we have the same key that the B&N devs sign with".

This has not been tested, but this should work fine.

Nook's Firmware update service don't use this certs to check sign validity, it's uses hardcoded public key instead (12..821 = 1024bit rsa modulus):

RSAPublicKey rsapublickey = createPublicKey("12..821", "65537");
Personal tools
Nook Classic
Nook Simple Touch
Nook Tablet
Google AdSense