1. Neph's Avatar
    Had a big break thru today and was able to extract a large amount of files from the firmware cabs. One very important file was the image file for the boot loader. I'm still working on processing the file and what it can and can't do for us, but this is a huge step as it also contains a "key" file in it that may be what is crossed checked again to make sure that updates are signed correctly.

    Even thou both files are exactly the same size, the crc comes up differently for both, so I will assume that somewhere inside each is a slight change. 7-zip seems to be the easiest way to open/extract the files.

    Version 3.02 bootloader :

    Version 4.04 bootloader :
    02-11-2012 09:38 PM
  2. bL33d's Avatar
    Sweet i check here daily for updated info
    02-11-2012 10:10 PM
  3. WaVeS's Avatar
    How's it going Neph? Anything we can do to help?
    02-17-2012 08:28 AM
  4. Neph's Avatar
    If you know anyone that has working knowledge of nandsim in linux, that would be a lot of help at the moment. Quick breakdown of what I've learned since I last updated.

    The .bin file is a full flash of the nand in YAFFS2 file system with ext4 and fat pages (partitions). So far, no one has had any luck reading this file system out side of a developers nand board. I also found out that while reading the raw binary info of the file, I had it laid out wrong. It is 32 bit, not 16, which makes reading the file much easier. It also makes mounting the image that much harder. The S2 apparently uses the same file structure and people have been fighting for ways to mount these images since early last year.

    All known glitches seem to be patched. I may just end up chatting with the guy that did the Droid4 break and see how much he'd want to break this phone.

    As for the nandsim comment, if anyone can find a realiable way to mount a 32bit yaffs2 file system, that would allow us to read all the data from the file and possibly find an exploit. As it stands, only 16bit yaffs1 is supported by ubuntu.
    02-17-2012 09:24 PM
  5. bL33d's Avatar
    I think we got about $100 said to donate for root. maybe we can get more. either way none of us will try to make a big deal about paying for a root method. unlike what I heard about in the d4 root ordeal.
    Alexvin56 likes this.
    02-18-2012 09:20 AM
  6. WaVeS's Avatar
    I'm not sure about mounting yaffs2 files but I did find a program to unpack them. You probably know how to do this already but it might help. unyaffs - unyaffs is a program to extract files from a yaffs image - Google Project Hosting
    You'll need .c patch to unpack yaff2

    Also to change file permissions to unpack this was a link from the unyaffs project.

    I have a friend who knows a linux guru, tier 3 programmer. I'll see if I can get in touch with him.
    02-18-2012 10:15 AM
  7. Ricardas Azbukauskas's Avatar
    i have lark freeme 70.1 but i need bootloader
    04-27-2013 01:00 PM
  8. Ricardas Azbukauskas's Avatar
    i can't turn on the tablet
    04-28-2013 04:23 PM