News:

NOTICE: This forum is mostly an archive, though new posts are allowed. Registration may require manual admin activation. After registering visit https://bitsum.com/contact/ to request account activation.

Main Menu

extract & build changes filesystem and checksums

Started by Samweis, September 11, 2013, 01:32:14 PM

Previous topic - Next topic

Samweis

Hi,

I have tried this with all vendor firmware files for the Huawei E970/B970 I could find:
./extract-firmware.sh /tmp/original.bin /tmp/extracted
./build-firmware.sh /tmp/extracted

I have not changed the extracted firmware, neither *.img nor the filesystem.
But the resulting new-firmware.bin differs from the original. The CRCs are different, and there are numerous differences in the filesystem. The vendor's firmware uploader rejects the new firmware as invalid.
Binwalk reports:
original:
DECIMAL    HEX        DESCRIPTION
-------------------------------------------------------------------------------------------------------------------
92        0x5C      TRX firmware header, little endian, header size: 28 bytes,  image size: 182 bytes, CRC32: 0x1 flags/version: 0x30354345
274        0x112      TRX firmware header, little endian, header size: 28 bytes,  image size: 172032 bytes, CRC32: 0xC9A46F4F flags/version: 0x10005
302        0x12E      CramFS filesystem, little endian size 167936 version #2 sorted_dirs CRC 0x287a60a6, edition 0, 155 blocks, 143 files 

new-firmware.bin
DECIMAL    HEX        DESCRIPTION
-------------------------------------------------------------------------------------------------------------------
92        0x5C      TRX firmware header, little endian, header size: 28 bytes,  image size: 182 bytes, CRC32: 0x6893E33 flags/version: 0x30354345
274        0x112      TRX firmware header, little endian, header size: 28 bytes,  image size: 172032 bytes, CRC32: 0xC95A033E flags/version: 0x10005
302        0x12E      CramFS filesystem, little endian size 167936 version #2 sorted_dirs CRC 0x29131798, edition 0, 155 blocks, 143 files 

The CRC of the first header in the vendor's  firmware always is 0x1.

What am I doing wrong?
Is this fmk's fault?
Or is this a trick to protect the (open source based) firmware?

P.S.: My computer runs Debian wheezy.