Author Topic: extract & build changes filesystem and checksums  (Read 5496 times)

Offline Samweis

  • New
  • *
  • Posts: 1
extract & build changes filesystem and checksums
« on: September 11, 2013, 01:32:14 PM »
Hi,

I have tried this with all vendor firmware files for the Huawei E970/B970 I could find:
Code: [Select]
./extract-firmware.sh /tmp/original.bin /tmp/extracted
./build-firmware.sh /tmp/extracted
I have not changed the extracted firmware, neither *.img nor the filesystem.
But the resulting new-firmware.bin differs from the original. The CRCs are different, and there are numerous differences in the filesystem. The vendor's firmware uploader rejects the new firmware as invalid.
Binwalk reports:
original:
Code: [Select]
DECIMAL    HEX        DESCRIPTION
-------------------------------------------------------------------------------------------------------------------
92        0x5C      TRX firmware header, little endian, header size: 28 bytes,  image size: 182 bytes, CRC32: 0x1 flags/version: 0x30354345
274        0x112      TRX firmware header, little endian, header size: 28 bytes,  image size: 172032 bytes, CRC32: 0xC9A46F4F flags/version: 0x10005
302        0x12E      CramFS filesystem, little endian size 167936 version #2 sorted_dirs CRC 0x287a60a6, edition 0, 155 blocks, 143 files 
new-firmware.bin
Code: [Select]
DECIMAL    HEX        DESCRIPTION
-------------------------------------------------------------------------------------------------------------------
92        0x5C      TRX firmware header, little endian, header size: 28 bytes,  image size: 182 bytes, CRC32: 0x6893E33 flags/version: 0x30354345
274        0x112      TRX firmware header, little endian, header size: 28 bytes,  image size: 172032 bytes, CRC32: 0xC95A033E flags/version: 0x10005
302        0x12E      CramFS filesystem, little endian size 167936 version #2 sorted_dirs CRC 0x29131798, edition 0, 155 blocks, 143 files 
The CRC of the first header in the vendor's  firmware always is 0x1.

What am I doing wrong?
Is this fmk's fault?
Or is this a trick to protect the (open source based) firmware?

P.S.: My computer runs Debian wheezy.