Sonstige Motorola CLIQ Firmware gibt es hier

@Meiner Einer

If you split it, and look on the *.header files, do you have any idea what is on the offsets:
0x300
0x304

These two integers vary among all the parts. I identifiied only the one on 0x2e4, that is length of the binary.

 

I will show.
I think, we find this...

 

According to yakk @ motofan, 0x300 value is checksum. of the binary (calculated as inverted 32bit sum), 0x304 is checksum of the header.

 

Subsidy lock request removal will not work (As said in the previous post, more checksums need updating (amsssec.mbn; offset 0x578AFA). btw. it doesn't appear to be signed.

 

Thanks for the Info...

No, i have different values.

I make more tests...

Thanks - I have feared that.

 

It worked fine for me, actually I forgot to post yakk's info:
offset 0x300 - count all bytes in the binary and reverse it (32-bit sum)
offset 0x304 - count all bytes in the header, and put a single byte on the 0x304, so the 8-bit sum of the header is 0x00.

So these two checksums for amsssec.mbn must be updated.

 

OK - now is right....

 

There are gzip images in bootsec.mbn and recoverysec.mbn at offsets:
0x47CC - kernel
0x1e0800 - ramdisk & recovery

==================================================================================

So I would put the question for repacking the CG2.

What is done:
- headers analyzed (ID, name, binary length, checksum for binary, checksum for header)

What needs to be done / verified:
- possibility of removing some of the partitions. (whether requires updating partition.mbn)
- there are pairs of *hd.mbn and *sec.mbn files. *hd.mbn describes the *sec.mbn. So far I know only:
offset 0x10 = lenght of the binary of *sec.mbn
offset 0x14 = position of the signature in binary (if equals length then no signature)
=> analyzing the rest

So yeah fixed-length modding can be done on the CG2 with having it repacked and including all the partitions, however without automatic updating the *hd.mbn files.

I'm making a little tool with GUI (in C#, but there is not much lines of code) to handle the CG2 (made the button usage similar to SBF Recalc)

 

OK, i will see for Analyze.

I will search Into the Header for a spezific Adress - the begin of Adres in Flashchip or a Offset.

 

batwings-hvga.img is Splash image.
amsssec.mbn is MODEM code (I assume that is similar to Flex version on P2K, as it contains subsidy lock request.)

 

Updated the first post with new CLIQ firmware.

 

Users said that the firmware is not locked.

 

Danke Skrilax_CZ. also die Firmware ist nich mit Lock. Sehr wichtig zu wissen, fuer alle, die es ausprobieren moechten. Jedoch ist das Outlay QWERTY und nicht QWERTZ. Und der Weg zurueck bisher nicht gefunden.

 

So we managed to flash modified CG2 on the phone, including CG2 containing only several partitions.

The way how to make CG2 is simple:
- normally append the partitions (first header, then binary)
- first, and always present, must be partition.mbn
- when all partitions are written, write 0xFF 0xFF 0xFF 0xFF as a terminator.

That's all.
I made an application (for .NET 3.5 or Mono if under different OS) with interface and usage very similar to SBF Recalc (Open CG2 -> Split CG2 -> Mod the files -> Open from folder -> Recalc Checksum -> Create CG2 (created under rebuilt folder)). Since the headers are not modded by the user, I put all of them in "firmware.desc" file and don't create the *.headers file anymore.

http://rapidshare.com/files/319957292/MotoAndroidCG2Packer.rar

 

Thanks for the Info
You write a Tool - very good!



Note: I write my Tools with RealBasic.
REAL Software: Programming language, Software Development, Mac Development Tool, Windows Development Tool, Linux Development Tool
RB no needed Framework. And i can compile it for Linux, Win ( Win 98 - Win 7) and Mac. Mono makes more Problems with Linux...

 

Very good News

Is Modding possible in the Future?

 

Mhmmm...

I have tested it with the first Cliq-FW (unmodified CG2).

Whats wrong?

 

That's weird. I just recompiled stock CG2 on the 1.1.4 firmware without problems.

I changed the GUI a bit. It will say why it fails identifying it as the partition table. The CG2.smg, is it not corrupted? The check is that in the header on offset 0x2B there is value 0x20, and on offset 0xE4, there is the string (ansi, null-terminated, case-sensitive) "partition.mbn". Those are also offsets in the CG2 as well, since the partition table header offset is 0x0.

http://rapidshare.com/files/320513553/MotoAndroidCG2Packer_1.1a.rar

Thanks for offer about the RealBasic, but I'm not very familiar with Basic based languages. I actually prefer wxWidgets (which can be statically linked) and C++

 

Thats a little weird...

Your Version 1.1a runs perfect!

I have tested split, recalculate and rebuild with a unchanged CG2 - both files are idendical!

Great works!!! Thank you...

What you have changed?

May i upload Version 1.1a into our downloadbase?


PS - i learn at the moment C#

 

Very very good work.

Since there can at last start to the modder.

But, who has already figured out how to mount it mbn files?


Addendum:

After some back and forth, now works Mono on Linux (only the CG2 Parser to splitt the CG2 on Commandline)

The split means acsp.exe now works.

Here's looking at the same time then to see if the other programs are working properly, if so, then there is at least a temporary solution for Linux.

Would still be nice if there would be a native solution, because this one is extremely power hungry.

The new Tool DONT works with Mono.

See here: