Talk:Firmware Update
From nookDevs
Contents |
NookColor Source
Anyone found the NookColor source yet? I can't find *any* reference to the source on B&N's web site. Fake Name 23:29, 1 December 2010 (PST)
1.3 Update
According to the FaceBook Nook account the new update will be coming out this week. Any advice about updating or not? --Gdbear 14:24, 19 April 2010
- It's probably safe to assume the golden rule is still the best policy:
GOLDEN RULE: Do not update until you hear from Devs that it is OK TO UPDATE!
- --Zyrjello 14:36, 19 April 2010 (PDT)
1.5.0 update: Crapbuckets! Didn't have my Nook on Airplane mode, and B&N apparently pushed down the 1.5.0 update over wifi without asking. I've got no battery life now... Going back to stock firmware for the time being, will probably reinstall Softroot at a later date. --AnjeTheNerd 18:49, 1 December 2010 (PST)
firmware update header
Hi,
Bytes 169-172 are the size of the .tar.gz that follows.
-
- This is not true, see 1.0.0 for an instance where this is not the case. the header is like this:
struct header
{
long fwSizeOffset;
long signatureSize;
}
the firmware (tar.gz) starts at fwSizeOffset+8 bytes.
Here's a script to generically unsign signed firmwares:
#!/bin/sh
# NookDevs.com Unsign Firmware Script
# Written by BenB
# Requires hexdump
if test ! -f $1
then
echo "Invalid filename $1"
exit
fi
if test "x$2" = "x"
then
echo "You need to specify an output filename"
fi
FILENAME="$1"
FILE_SIZE_OFFSET=`head -c 8 $FILENAME |hexdump |sed -n 's/^[0]\{7\}[ ][0]\{4\}[ ][0]\{4\}[ ][0]\{4\}[ ]\([a-z0-9]\{2\}\).*$/\1/g p'`
FILE_OFFSET=`printf '%d' 0x$FILE_SIZE_OFFSET`
echo "Decimal offset of unsigned firmware size 0x${FILE_SIZE_OFFSET} = ${FILE_OFFSET}"
FILE_OFFSET=`expr $FILE_OFFSET \+ 9`
echo "Decimal offset of unsigned firmware = ${FILE_OFFSET}"
tail -c +${FILE_OFFSET} $FILENAME > $2
Signature
Firmware is signed with 1024-bit key that is probably SHA1 hash of firmware body, encrypted with RSA. /system/etc/security/otacert.zip has nothing to do with it.
Modulus (hex):
B7A51F628606C6A0D2FE3230A88E606293402CAF0DE3018AF6
A0183C3319A7C57B8591D33C04BFA8A953CA6FE1F3EA320B19
1B7584B11D4A29B0488B3ED8C25FC41988D191A4EE29B61367
E8121F23C1D10C37931EAE661F4B19E9D2E9C9908CEDECA730
601DBAD92DF2E9DD8D4E9AB8CCAAFD5B58928FC6DEFF840067
876B5D
Exponent (hex):
0x10001
Only three ways of creating own signed firmwares exist:
a) get private key from B&N guys
b) spend several thousands years to bruteforce 1024-bit key
c) pad firmware body with some data making its SHA1 hash the same as in original firmware
b) and c) are nearly impossible, so the only hope is to get real private key.
Update: inner function is SHA-256 of data block [(64-bit flags) + (version string) + (unsigned update body)]
--Nomad 05:10, 12 September 2010 (PDT)
