I'd hope no one ever accidentally leaks their phone, but I don't think the Eris roms are based on the OTA (I don't think they were able to scrape the "real" OTA), but instead on leak V3 because it was an identical OS if I am understanding this correctly, but of course, I have been known to be wrong a few times in my life?
When the OTA runs, it does several different things, under control of the
factory recovery partition ( All the commands can be examined in META-INF/com/google/android/update-script ):
- deletes old files that will be unused in the newer release
- drops in place new files that were not there before
- performs
binary patching on many, many files (371, iirc) that have changed
- other cleanups like file permissions, creating symbolic links, etc
That means, among other things, that a lot of what is distributed in the OTA download are binary patch files - not the completed files that result when patching is finished.
When it is finished, however, a dev that knows what they are doing (batery pull trick) can root the phone without blowing away the OTA-2.1 OS and boot partitions - at that point they just boot into (Amon_RA's) recovery, mount the /data and /system partitions, and do something like
Code:
C:\Phooey> adb pull /system ./OTA21/system
C:\Phooey> adb pull /data ./OTA21/data
("adb pull" works recursively if you give it a directory name, so you can back up everything. You have to do this with the recovery boot, though, because the adb shell with the OTA-21 is not root privileged... and because those partitions would be "live" at that point).
(They can also just use the "mkyaffs2image" program in the recovery shell - that would actually be better, because it would preserve the file permissions and ownership info as well as the file contents themselves)
That gives them more or less exact copies of the (offline) /system and /data partitions from the OTA-2.1. (A liitle cleanup of /data is necessary because it has stuff from prior usage of the phone on 1.5; but that can be mostly avoided, too by running the OTA-2.1 immediately after a 1.5 rollback)
But, that
is a little bit of work - you are right that they may have punted and just used the contents of the "Leak-V3" system.img and userdata.img files to extract whole files, acting with the belief that the OS contents (not the bootloader!) of OTA-2.1 and Leak-V3 are identical.
eu1