Thread: Tools Snapshots of NiLuJe's hacks
View Single Post
Old 11-26-2019, 05:48 PM   #694
ezdiy
Zealot
ezdiy can grok the meaning of the universe.ezdiy can grok the meaning of the universe.ezdiy can grok the meaning of the universe.ezdiy can grok the meaning of the universe.ezdiy can grok the meaning of the universe.ezdiy can grok the meaning of the universe.ezdiy can grok the meaning of the universe.ezdiy can grok the meaning of the universe.ezdiy can grok the meaning of the universe.ezdiy can grok the meaning of the universe.ezdiy can grok the meaning of the universe.
 
Posts: 121
Karma: 156515
Join Date: Oct 2019
Device: KT, KPW4, PB740-2
Quote:
Originally Posted by NiLuJe View Post
@ezdiy: Yup, timing was key .
Fudging the version string is deliciously lo-fi, if that actually works, I like it .
The wart is that you need to edit initrd, ie the whole abootimg dance. Further, it nukes the ability to OTA update *entirely* (save for manual dd to nand). All amazon pushed updates are via initrd flash. There are about 3 different ways something named update*.bin can land on the fs mainly thanks to overall messiness of the userspace. I'd deem attempts to catch all such events as futile as amazon has ample venue to creatively introduce more such "covert" updates (as it happened just now). Meanwhile that initrd flasher is singular point that can be disabled and forced to manual mode, for instance:

Hex edit the update*.bin search mask of /bin/recovery-util to something like usrstr*.bin, thus allowing the user to still manually force OTA. USRSTR is chosen by the JB user, thus amazon has no way of knowing what to name the file like to sneaky-push JB wipe.
ezdiy is offline   Reply With Quote