Thread: Clara HD Firmware 4.20.14627 [HOAX -ed.]
View Single Post
Old 01-06-2020, 07:32 PM   #31
geek1011
Wizard
geek1011 ought to be getting tired of karma fortunes by now.geek1011 ought to be getting tired of karma fortunes by now.geek1011 ought to be getting tired of karma fortunes by now.geek1011 ought to be getting tired of karma fortunes by now.geek1011 ought to be getting tired of karma fortunes by now.geek1011 ought to be getting tired of karma fortunes by now.geek1011 ought to be getting tired of karma fortunes by now.geek1011 ought to be getting tired of karma fortunes by now.geek1011 ought to be getting tired of karma fortunes by now.geek1011 ought to be getting tired of karma fortunes by now.geek1011 ought to be getting tired of karma fortunes by now.
 
Posts: 2,808
Karma: 7423683
Join Date: May 2016
Location: Ontario, Canada
Device: Kobo Mini, Aura Edition 2 v1, Clara HD
This is a hoax (but I have to admit, it was relatively well done). Even though the hashes are different, the file size and actual instructions are identical. In addition, the new (fake) "sphinx" codename in the CSS doesn't match up with libnickel, so there is no way this could be an unreleased version.

I really don't understand the point of doing this. Although, I'd much rather this person used their knowledge to work on the patches rather than invent firmware versions.

Here's how I did the checks (surprisingly, I didn't even need to touch a disassembler):

Spoiler:
Code:
patrick@dpc01:~/kp/14627-probablynot$ wget https://www116.zippyshare.com/d/6mq2vEsX/20084/kobo.tar
--2020-01-06 17:58:39--  https://www116.zippyshare.com/d/6mq2vEsX/20084/kobo.tar
Resolving www116.zippyshare.com (www116.zippyshare.com)... 46.166.139.235
Connecting to www116.zippyshare.com (www116.zippyshare.com)|46.166.139.235|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 56893440 (54M) [application/x-download]
Saving to: ‘kobo.tar’

kobo.tar            100%[===================>]  54.26M  4.39MB/s    in 13s     

2020-01-06 17:58:53 (4.28 MB/s) - ‘kobo.tar’ saved [56893440/56893440]

patrick@dpc01:~/kp/14627-probablynot$ tar xf kobo.tar 
patrick@dpc01:~/kp/14627-probablynot$ cp usr/local/Kobo/{libnickel.so.1.0.0,nickel,librmsdk.so.1.0.0} .
patrick@dpc01:~/kp/14627-probablynot$ function elfsum() { for sect in .text .rodata; do echo -e "\n--- $1 --- $sect"; arm-linux-gnueabihf-objcopy --only-section "$sect" "$1" "elf$sect" && sha1sum "elf$sect" && wc -c "elf$sect"; rm "elf$sect"; done; }
patrick@dpc01:~/kp/14627-probablynot$ elfsum libnickel.so.1.0.0 

--- libnickel.so.1.0.0 --- .text
arm-linux-gnueabihf-objcopy: libnickel.so.1.0.0: warning: empty loadable segment detected at vaddr=0x1063914, is this intentional?
c4e2e90ccd254d9fc22694c0d58a2f2da58cf24d  elf.text
9629748 elf.text

--- libnickel.so.1.0.0 --- .rodata
arm-linux-gnueabihf-objcopy: libnickel.so.1.0.0: warning: empty loadable segment detected at vaddr=0x1063914, is this intentional?
d80a2630d4917741a10731023cb89fb264970bc2  elf.rodata
1346500 elf.rodata
patrick@dpc01:~/kp/14627-probablynot$ elfsum ../14123/libnickel.so.1.0.0 

--- ../14123/libnickel.so.1.0.0 --- .text
arm-linux-gnueabihf-objcopy: ../14123/libnickel.so.1.0.0: warning: empty loadable segment detected at vaddr=0x1063914, is this intentional?
c4e2e90ccd254d9fc22694c0d58a2f2da58cf24d  elf.text
9629748 elf.text

--- ../14123/libnickel.so.1.0.0 --- .rodata
arm-linux-gnueabihf-objcopy: ../14123/libnickel.so.1.0.0: warning: empty loadable segment detected at vaddr=0x1063914, is this intentional?
d2bf3fcefc52aa6c112ff7fd8d5468df1a397f89  elf.rodata
1346500 elf.rodata
patrick@dpc01:~/kp/14627-probablynot$ arm-linux-gnueabihf-objcopy --only-section .rodata libnickel.so.1.0.0 new
arm-linux-gnueabihf-objcopy: libnickel.so.1.0.0: warning: empty loadable segment detected at vaddr=0x1063914, is this intentional?
patrick@dpc01:~/kp/14627-probablynot$ arm-linux-gnueabihf-objcopy --only-section .rodata ../14123/libnickel.so.1.0.0 old
arm-linux-gnueabihf-objcopy: ../14123/libnickel.so.1.0.0: warning: empty loadable segment detected at vaddr=0x1063914, is this intentional?
patrick@dpc01:~/kp/14627-probablynot$ diff <(xxd old) <(xxd new)
18767,18768c18767,18768
< 000494e0: 3329 0000 4d6f 6269 6c65 0000 342e 3139  3)..Mobile..4.19
< 000494f0: 2e31 3431 3233 0000 4e41 0000 5e28 6769  .14123..NA..^(gi
---
> 000494e0: 3329 0000 4d6f 6269 6c65 0000 342e 3230  3)..Mobile..4.20
> 000494f0: 2e31 3436 3237 0000 4e41 0000 5e28 6769  .14627..NA..^(gi
patrick@dpc01:~/kp/14627-probablynot$ # hmmm... seems suspicious, doesn't it
patrick@dpc01:~/kp/14627-probablynot$ rm old new
patrick@dpc01:~/kp/14627-probablynot$ elfsum ../14123/nickel

--- ../14123/nickel --- .text
arm-linux-gnueabihf-objcopy: ../14123/nickel: warning: empty loadable segment detected at vaddr=0x145d000, is this intentional?
947516badf680d88b17df6af96d167ed7d93c274  elf.text
85440 elf.text

--- ../14123/nickel --- .rodata
arm-linux-gnueabihf-objcopy: ../14123/nickel: warning: empty loadable segment detected at vaddr=0x145d000, is this intentional?
6102832e413f5055d7ba05ac4f877ad94afcf924  elf.rodata
21148604 elf.rodata
patrick@dpc01:~/kp/14627-probablynot$ elfsum nickel

--- nickel --- .text
arm-linux-gnueabihf-objcopy: nickel: warning: empty loadable segment detected at vaddr=0x145d000, is this intentional?
947516badf680d88b17df6af96d167ed7d93c274  elf.text
85440 elf.text

--- nickel --- .rodata
arm-linux-gnueabihf-objcopy: nickel: warning: empty loadable segment detected at vaddr=0x145d000, is this intentional?
8531322cb0bc6d722f2ac6446d8a453303b3b5e0  elf.rodata
21148604 elf.rodata
patrick@dpc01:~/kp/14627-probablynot$ cssextract ../14123/nickel && mv cssextract.out.css old.css
patrick@dpc01:~/kp/14627-probablynot$ cssextract nickel && mv cssextract.out.css new.css
patrick@dpc01:~/kp/14627-probablynot$ diff {old,new}.css | head
1,3059c1,794
< /* zlib stream: offset_hex(0x6B41D4) offset_int32(7029204) len_int32(78741) sha1(6404e28464b2b83cca224c84e1539a40982076d3) */
< * {
<   background-color: white;
< }
< QWidget[smallIconHeight=true][qApp_deviceIsTrilogy=true] {
<   min-height: 18px;
<   max-height: 18px;
< }
< QWidget[smallIconHeight=true][qApp_deviceIsPhoenix=true] {
patrick@dpc01:~/kp/14627-probablynot$ diff -u {old,new}.css | tail
 #title[qApp_deviceIsPhoenix=true] {
@@ -19241,7 +14331,7 @@
 #buttonContainer[showPageButton=true] {
   qproperty-visible: true;
 }
-#quickTourButton[TasteProfileStyle=true][qApp_deviceIsTrilogy=true] {
+#quickTourButton[TasteProfileStyle=true][qApp_deviceIsSphinx=true] {
   min-width: 180px;
 }
 #quickTourButton[TasteProfileStyle=true][qApp_deviceIsPhoenix=true] {
patrick@dpc01:~/kp/14627-probablynot$ diff -u {old,new}.css | grep -E '^[+-]' | tail
-#image[qApp_deviceIsTrilogy=true] {
+#image[qApp_deviceIsSphinx=true] {
-#image[ReadABookStyle=true][qApp_deviceIsTrilogy=true] {
+#image[ReadABookStyle=true][qApp_deviceIsSphinx=true] {
-#image[TasteProfileStyle=true][qApp_deviceIsTrilogy=true] {
+#image[TasteProfileStyle=true][qApp_deviceIsSphinx=true] {
-#title[qApp_deviceIsTrilogy=true] {
+#title[qApp_deviceIsSphinx=true] {
-#quickTourButton[TasteProfileStyle=true][qApp_deviceIsTrilogy=true] {
+#quickTourButton[TasteProfileStyle=true][qApp_deviceIsSphinx=true] {
patrick@dpc01:~/kp/14627-probablynot$ diff -u {old,new}.css | grep -E '^[+-]' | grep -ve Sphinx -e Trilogy -e stream | tail
-#fallbackFeaturedList[qApp_deviceIsDragon=true] {
-  max-height: 444px;
-}
-#fallbackFeaturedList[qApp_deviceIsDaylight=true] {
-  max-height: 581px;
-}
-#fallbackFeaturedList[qApp_deviceIsStorm=true] {
-  max-height: 520px;
-}
-
patrick@dpc01:~/kp/14627-probablynot$ diff -u {old,new}.css | grep -E '^[+-]' | tr -d " " | grep -ve Sphinx -e Trilogy -e stream | tail
-#fallbackFeaturedList[qApp_deviceIsDragon=true]{
-max-height:444px;
-}
-#fallbackFeaturedList[qApp_deviceIsDaylight=true]{
-max-height:581px;
-}
-#fallbackFeaturedList[qApp_deviceIsStorm=true]{
-max-height:520px;
-}
-
patrick@dpc01:~/kp/14627-probablynot$ diff -u {old,new}.css | grep -E '^[+-]' | tr -d " \n" | grep -ve Sphinx -e Trilogy -e stream | tail
patrick@dpc01:~/kp/14627-probablynot$ ### HMMMM, the **only** changes are adding the Sphinx codename...
patrick@dpc01:~/kp/14627-probablynot$ rm {old,new}.css
patrick@dpc01:~/kp/14627-probablynot$ elfsum ../14123/librmsdk.so.1.0.0 

--- ../14123/librmsdk.so.1.0.0 --- .text
arm-linux-gnueabihf-objcopy: ../14123/librmsdk.so.1.0.0: warning: empty loadable segment detected at vaddr=0x7a116c, is this intentional?
2d2574cc591205c4b85b53408b83e38475241543  elf.text
4728680 elf.text

--- ../14123/librmsdk.so.1.0.0 --- .rodata
arm-linux-gnueabihf-objcopy: ../14123/librmsdk.so.1.0.0: warning: empty loadable segment detected at vaddr=0x7a116c, is this intentional?
9630a329d469ebb85cf3d77bfbfa97bdd3817efc  elf.rodata
913552 elf.rodata
patrick@dpc01:~/kp/14627-probablynot$ elfsum librmsdk.so.1.0.0 

--- librmsdk.so.1.0.0 --- .text
arm-linux-gnueabihf-objcopy: librmsdk.so.1.0.0: warning: empty loadable segment detected at vaddr=0x7a116c, is this intentional?
2d2574cc591205c4b85b53408b83e38475241543  elf.text
4728680 elf.text

--- librmsdk.so.1.0.0 --- .rodata
arm-linux-gnueabihf-objcopy: librmsdk.so.1.0.0: warning: empty loadable segment detected at vaddr=0x7a116c, is this intentional?
9630a329d469ebb85cf3d77bfbfa97bdd3817efc  elf.rodata
913552 elf.rodata
patrick@dpc01:~/kp/14627-probablynot$ ### and nothing different here but the mod date
patrick@dpc01:~/kp/14627-probablynot$ file ../14123/{nickel,libnickel.so.1.0.0,librmsdk.so.1.0.0}
../14123/nickel:             ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, for GNU/Linux 2.6.31, BuildID[sha1]=a2e86e116c2662be83e14b27ac74b6f06dfccbf8, stripped
../14123/libnickel.so.1.0.0: ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, BuildID[sha1]=e3e1a9afc81cc04d8e4565461286c4ef0cf05911, stripped
../14123/librmsdk.so.1.0.0:  ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, BuildID[sha1]=d6be3d4b0a45c4886e32e2681f8ba095ecadcf41, stripped
patrick@dpc01:~/kp/14627-probablynot$ file {nickel,libnickel.so.1.0.0,librmsdk.so.1.0.0}
nickel:             ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, for GNU/Linux 2.6.31, BuildID[sha1]=a2d28a9b2432afddeeafd23e4cc2b6f0cdf7cbf8, stripped
libnickel.so.1.0.0: ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, BuildID[sha1]=70bbc33d391cc60e13a3b85ed343014c05186011, stripped
librmsdk.so.1.0.0:  ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, BuildID[sha1]=e8d695c0fe8acf86b8853534f8fab73f3a8cbd41, stripped
patrick@dpc01:~/kp/14627-probablynot$ ### the BuildID did change, but that's about it
patrick@dpc01:~/kp/14627-probablynot$ ### so, the only things which have been changed are the: BuildID, putting Sphinx into the CSS, changing the version and revinfo, and possibly a few other trivial changes, but NOTHING in the actual code itself at all
patrick@dpc01:~/kp/14627-probablynot$ ### thus, this firmware version is fake
patrick@dpc01:~/kp/14627-probablynot$ ### although, it is possible there were just third-party lib changes or kernel updates, but it's extremely unlikely as the binaries show signs of manual modification rather than a rebuild (rebuilds always change at least something in the binary, as Kobo doesn't do reproducible builds)
patrick@dpc01:~/kp/14627-probablynot$ ### so it's pretty certain this version is fake
patrick@dpc01:~/kp/14627-probablynot$ ### but they did put quite a bit of thought into this, and they are probably smarter than they let on in their posts


P.S. But, in case you're still insistent on continuing this hoax, here are the patches (but, I think you probably would already have realized this by now). They should apply perfectly to your modded firmware . You now have everything you originally requested in the thread.

I think this was honestly a bit amusing...
Last edited by geek1011; 01-06-2020 at 07:37 PM.
geek1011 is offline   Reply With Quote