abi>>forums

abi>>forums (http://www.anythingbutipod.com/forum/index.php)
-   Samsung R0 / Q3 / Z3 (http://www.anythingbutipod.com/forum/forumdisplay.php?f=213)
-   -   R0 firmware based on Linux? (http://www.anythingbutipod.com/forum/showthread.php?t=54481)

nik1105 04-21-2010 06:19 AM

R0 firmware based on Linux?
 
After downloading firmware file(v1.17), i opened it with notepad and found there at the beginning the following text:
Version : V1.17
Target : KR
User : trial
Dir : /home/trial/vobs/Muon_BigBang_UCI/MP3_MuonModel/Build/BigBang
BuildTime : 10/03/18 16:15:46
MBoot : size(337824),checksum(a68d6e6c5d638926e9ac34e982e3 3da6)
Linux : size(2192408),checksum(57fe6634cfe646167d745168ad8 70fb8)
RootFS : size(14856192),checksum(478a397c86b88124a83ec42d31 d6dfc9)
Sysdata : size(40879010),checksum(aba16c827dd18bc954d19c5100 d944ec)

Linux is mentioned there as one of the firmware component, so R0 firmware is using Linux kernel?

ricpersi 04-21-2010 09:21 AM

Yes it does. Here you can find kernel's source code for the YP-R0.

http://opensource.samsungmobile.com/index.jsp?page=4

File is: YP-R0_YP-R1_OpenSource.zip

I've tried for some time now to extract the different parts of the firmware (MBoot, Linux, RootFS and Sysdata) but am failing at checksums.

Using an Hex editor I first remove the header, then I split the different parts (making them the size written in the header), but then md5sum fails:

750238fce870eda18c5487ba3b6ae6d2 MBoot
b02d06b4c7d2d349e59c428f6bce4bbc Linux
c3da17999a7086eade84b6576029d16c RootFS
3ea055361bd033622f1c2e4b568286b2 Sysdata

Maybe they're using some other checksum? Maybe Data is reversed? Any help would be appreciated.

Regards,

Riccardo

lebellium 04-21-2010 11:00 AM

That's interesting thanks! I did not know that:)
But as the R0 is checking the ROM file before upgrading, there is no way to hack a firmware :(

ricpersi 04-21-2010 12:40 PM

Hi lebellium,

isn't the player checking the rom against the checksums found in the header?

lebellium 04-21-2010 12:52 PM

I don't know what it does exactly, it's a bit too technical and complex for me :D
I know it checks the file size but not only, otherwise the checking would be faster. If it also checks the file's content, then there is no way to modify the ROM file and get it work on the R0!

ricpersi 04-21-2010 01:27 PM

As I see it, when a firmware is found, the player calculates the checksum for each part of the firmware (that is MBoot, Linux, RootFS and Sysdata) and then it compares the checksums against the ones found in the header of the firmware. If they are the same it goes on by installing the firmware.

So basically if you manage to modify the firmware, you just need to calculate new checksums and put them in the header.

lebellium 04-21-2010 01:47 PM

Okay I understood now ;)

But even if it works, what could we do in concrete terms?
We could modify the Linux layer? But what the final user sees on the R0 is the Samsung layer ...

nik1105 04-21-2010 08:35 PM

There is no use in modifying Linux layer, but if it could be possible to unpack main part of firmaware,we can replace some resource files(such as pictures, fonts and etc)

ricpersi 04-22-2010 05:04 AM

yeah, I know.. since R0 and R1 are very similar, I wanted to add some features of R1 to the R0.. we have to be able to get to the Sysdata partition first.

lebellium 04-24-2010 12:11 PM

And anybody has skills to try to port rockbox?

ricpersi 04-28-2010 03:14 AM

As nick has suggested, once we get access to the different partitions we could add / modify resource files, but also add some features that can be found in the R1.
I'm quite used to linux, the main big problem is getting to the partition contents.

ricpersi 04-28-2010 03:18 AM

To port rockbox we need to identify the hardware and chips mounted on the R0.. Once we get them I'm pretty sure that the guys over at rockbox.org would be willing to help.

lebellium 04-28-2010 03:35 AM

I can help you for hardware (as Samsung Insider :) )
For software I cannot help.

But unfortunately it is not enough. We had much information about the P2's hardware but nobody managed to port rockbox even though it looks like the Cowon D2.
To port rockbox we need motivated rockbox experts and developers who own the R0....

Nikolaus 04-28-2010 04:19 AM

Quote:

Originally Posted by lebellium (Post 466390)
To port rockbox we need motivated rockbox experts and developers who own the R0....

Thats right and will be the main problem with a port to rockbox

nik1105 04-28-2010 06:00 AM

I have tried to unpack firmware components, but all attempts failed. For unpacking i have written small application, which read the amount of bytes specified in header and save them into separate file.
By the way the difference between firmware 1.17 and 1.19 only in RootFS, according to checksum, so unpacking Sysdata part of firmware will allow changing skin.

lebellium 04-28-2010 06:23 AM

That's too technical for a business school student (:D) but even if you could do what you want, I don't understand exactly what we could change/improve from the R1. For instance, how could we add the Radio recording feature of the R1 on the R0?! R0 and R1 interfaces are very different so adding a R1 feature on the R0 would require to fully change the R0 interface and menus! :eek:

Well, R0 UCIs should be coming soon so that may help...

nik1105 04-28-2010 07:09 AM

I mean exchanging r0 skin data (pictures, fonts and so on) with other data(not from R1), because uci changes only some part of interface.In order to change executable code, the firmware source is needed,and i dont think Samsung is going to share it:D

lebellium 04-28-2010 07:16 AM

Quote:

Originally Posted by nik1105 (Post 466427)
and i dont think Samsung is going to share it:D

Indeed. If they put security systems to check ROM files, they won't share the source code meanwhile, that would not make sense! :D

And why did they put such a security system on recent models: probably because at the time we managed to hack the T10 and overall P2 firmwares to change fonts and full skins....

ricpersi 04-28-2010 08:33 AM

hey nick, did you notice that if you look at the ROM contents, between different firmware versions, only the first part of the file changes (i mean the first part after the header)?
MBoot, Linux and RootFS have all the same checksum, so they dont' change from a release to another.. only Sysdata is changing.
So my guess is that file content is saved in "reverse" order.

ricpersi 04-28-2010 08:35 AM

would you mind trying splitting the firmware starting from end of file and see what happens?


All times are GMT -5. The time now is 12:10 PM.