signing update.zip for stock recovery

[Daniel Grießhaber]

Hey guys,
I'm currently trying to apply an update over the stock android recovery.
I created the zip contents and my own keys for the android build but it failes with a signature verification error.
I have now found this piece of code in the `bootable/recovery/verifier.cpp`

#define FOOTER_SIZE 6

if (fseek(f, -FOOTER_SIZE, SEEK_END) != 0) {
     LOGE("failed to seek in %s (%s)\n", path, strerror(errno));
     fclose(f);
     return VERIFY_FAILURE;
}

     unsigned char footer[FOOTER_SIZE];
if (fread(footer, 1, FOOTER_SIZE, f) != FOOTER_SIZE) {
     LOGE("failed to read footer from %s (%s)\n", path, strerror(errno));
     fclose(f);
     return VERIFY_FAILURE;
}

if (footer[2] != 0xff || footer[3] != 0xff) {
     LOGE("failed check of footer bytes 2 & 3 match 0xff");
     fclose(f);
     return VERIFY_FAILURE;
}

Which expects the 4th and 3rd last byte in the zip to be `0xff`. The verification failes at this point. If I open the zip with a HexEditor I can see that both bytes are not `0xff`.
If I open a zip from the `/bootable/recovery/testdata/otasigned*.zip` I can see that they are `0xff`.

I signed the zip with following command: `jdk1.6.0_35/bin/java -jar Android/prebuilts/sdk/tools/lib/signapk.jar Android/build/target/product/security/testkey.x509.pem Android/build/target/product/security/testkey.pk8 testupdate.zip update.zip` wich adds some certificate data in the `META-INF` folder.

I couldn't find any information that theese bytes have to be `oxff` on the zip spec either.

What is going wrong here?

[Daniel Grießhaber]

Ok, now I know I forgot the -w parameter for SignApk.jar. But now it failes with:

I:1 key(s) loaded from /res/keys

Verifying update package...

I:comment is 1691 bytes; signature 1673 bytes from end

E:failed to verify whole-file signature

But I use the testkey from /build/target/product/secutity wich is also used by the otapackage build rule and the zip build there gets verified correctly... Any explanation for this?

[Bartosz Jankowski]

Are you sure it's the same key? Check if its singed by the same certificate using jdk's keytool:

1. extract CERT.RSA from .zip

2. keytool -printcert -file CERT.RSA

[Daniel Grießhaber]

Thanks, that actuall was the Problem. My keys geht overwritten by a makefileentry

[Lodovico Graziano]

hello,
i need help
i have a chineese android tv box with cpu rk3188
perhaps it is bricked because can no more be seen by my windows pc after the last firmware update done with the RkBatchTool
the only thing that works is the recovery menu, that is stock recovery version 4.2.01
so now i need to make a zip with the firmware to be loaded via stock recovery
i found only a zip that passes the validity check of my device, that is the zip file for generic cwm i found here:
http://androtab.info/clockworkmod/rockchip/rk3188/
http://files.androtab.info/rockchip/rk3066/20130427/RK30GENERIC_CWM.zip

this zip has an updater script wrong because at the beginning there is an assert for a device rk3066, but the directory is for rk3188
so i suppose that this is an error and i would like to fix it
the problem is that i dont know how to sign the package after the modification...i tried with auto-sign version 0.65
but it does not work...it does not pass the validity check...
how can i sign it?
thank you!!

[fastludeh22]

First off are you sure that recovery is compatible with your device? Do you have root access though adb in recovery. If yes to both questions, you can use the dd if= command to force replacement of any partition including recovery. Be careful though, miss type or non compatible .img and you will have a true brick, good luck.

[Aaron David Secor]

what exactly do you type to use this dd command? Is the dd command included in adb or fastboot?