b33r

Hi people.

Just got my galaxy yesterday. Have to say I'm very impressed.

Anyway had a quick question about firmware versions and installing before I start trying to update. Is there like a hierarchical list available of the versions and what changes there were etc? I have a read a few things which seem to suggest I7500XXIH8 is the latest? My phone currently shows it has I7500XXII4, is this a particularly old version? what am I missing out on?

Also what is the easiest method to install, through PC suite or this Odin i have been reading about?

Cheers

KlaymenDK

Yes, H8 is the latest. I bought my Galaxy two months ago, it had an ever older version (G-something; it's a code that can somehow be converted straight to a date).

I would say the easiest thing is to use Odin -- but then again I only had the PC suite installed for like 15 minutes, I was appalled by its "blingy" and child-like style. Mind you, to go to H8 you need to apply the H7 update with a bunch of files, then once more with a single H8 file.

I have no idea what exactly you're missing, as I couldn't find a change log, but there are bound to be a number of bug fixes and suchlike issues.

Good luck with it!

__________________

b33r

Yeh i wondered if the letter near the end was increasing hence why it doesn't make sense to me that mine is "I4"? Still a bit confused

I've just installed the PC suite, first opinions.... its rubbish! Something happens when I plug it in but my device doesn't show in the update tool, strange. Will give Odin a go tomorrow as can't see me using the functions of PC suite.

Cheers!

cpwood

That's interesting, seems you have a newer version than IH8! I=2009 H=August 8=8th release/build. A=1, B=2, C=3, etc... So you have the 4th release from September 2009.

How's your phone performing with the firmware?

Chris

hollowroom

Are you sure it isn't there in the drop down menu? My PC suite gives me the "Device not recognised" error, but I can update it fine.

Rastaman-FB

mate dont flash that,
it seems you are running newer firmware than the h8
where is this device from (country/operator)
actually you dont, you just need odin, the orion file and use the one package option in odin and you can go straight to h8 from any version

however i would avoid this for now as it seems you are running a firmware people are not aware of and seems to be new

Last edited by Rastaman-FB; 09-19-2009 at 03:34 AM.

b33r

Extremely well, it has rebooted itself once on me and the battery life is.. OK, it died within 24 hours but that was with heavy use of all the "wireless functions".

I've spent the last couple of evenings just learning how to use it and doing a lot of reading, only today am I actually gonna start installing some apps lol

Yeh just the drives (I and H) appear in PC suite, nothing else seems to think the phone is there.

UK, O2, bought in store on 17th (they said the delivery had arrived about an hour before i came in)

Rastaman-FB

thats brand new firmware. prior to the one you were on o2 had h6 software

can you go to settings and about and give the firmware, base etc

i think we need to get this man to do a nandroid backup :P

Last edited by Rastaman-FB; 09-19-2009 at 04:47 AM.

b33r

Fireware version: 1.5

Baseband version: I7500XXII4

Kernal version: 2.6.27 hudson@andy #1

Build Number: 76XXCSDCBALUM6375

This probably explains why i got no results googling my basband version lol

Sure if ya tell me what to do, lol. Would the backup get all my settings, contacts, messages etc?

Last edited by b33r; 09-19-2009 at 04:53 AM.

hollowroom

Hmm thats weird. Can you post what is in the Update section of PC suite (both NPS and Phone Update) as this will tell us if it's a new version of PC suite too.

Rastaman-FB

you need to put the device into development mode (settings>applications>development) then pc suite will see it
make sure when its connected, you pull down the notification bar on the galaxy and click mount.

nandroid is a little more than a backup utility it makes an img of your device.
we need someone who knows how to pull and image and convert it so people can flash their phones with it.
next level stuff though and i wont recommend it at all if you dont know what you are doing.
i dont know what im doing lol, jus wanting the latest firmware

ressu

If someone can get me the boot.img, system.img and possibly the original recovery.img (optional), it should be a piece of cake to whizz up an OTA package which should be flashable by the modified recovery image.

data.img, userdata.img and dbdata.img are the ones containing your data.

So, nandroid away! I'd love to see the new firmware as well.

sephail

I think it'd be great if we could get the UK O2 (not VIA) CSC file. I haven't seen it around yet. (If anyone else has, please correct me!)

I've seen NPS download the update file even when the phone doesn't need to be updated. So, b33r, here's something you could try:
Start NPS, connect your phone, and keep NPS running with your phone detected in its silly interface. Then, browse to C:\Program Files\Samsung\Samsung New PC Studio and run NPSMitsBinaryUpgrade.exe manually. It'll detect your phone and attempt to download the update file (it won't actually do anything until after the file is downloaded and will prompt you before it flashes). Don't let it flash your phone! If you get to that prompt after the download, stop! Browse to C:\Documents and Settings\[your user]\Application Data\Samsung\New PC Studio\LinuxMitsBU\x\[some long funky string]\ and copy the .tar file out of there! (NPS will try to delete it after you close the updater.)

If you actually get to that point, let us know! (And kindly upload the file somewhere ;-))

P.S.
It may or may not help to have the latest version of NPS:

Download Center SAMSUNG

or

Download Center SAMSUNG

sephail

I've confirmed that NPC 1.3.0 does NOT let me download the firmware upgrade, while 1.2.0IF2_2 does. (1.3.0 tells me I can upgrade, but fails at downloading the file.) I don't know why, perhaps 1.3.0 has added some type of locality check (I'm doing this from the US). Either way, try this before upgrading, if you haven't already.

Either way, it doesn't look to have II4 as an update with the CSC files I have. Can someone in the UK with the UK CSC files try this?

cpwood

b33r - any chance you could let me know your current CSC version? You can find this by using New PC Studio (see an example screenshot here: http://www.talkandroid.com/wp-content/uploads/2009/09/samsung_galaxy_update.jpg)

I think I've worked out how to construct the URLs for Galaxy firmware downloads direct from Samsung (i.e. where NPS / NPSMitsBinaryUpgrade.exe gets its download from). I'll not post it here just yet in case I've got it all wrong!

Chris

b33r

Right, apologies for my slow response, have just been doing a lot of playing with the new toy!

hollowroom: Version is 1.3.0 IH4 and I can't bring up other tab

Rastaman-FB: Have tried every combination I can think of, the device appears now in NPS but just get the unsupported device messages like I've posted at the bottom

sephail: Have tried the manual update with NPSMitsBinaryUpgrade.exe, but when it tries to download it just says 'No file to download' and exits and the LinuxMitsBU folder never appears.

cpwood: I've upgraded my version of PC studio to 1.3.0 IH4 and enabled USB debugging on the device and hacked the android SDK inf so I can install the extra driver that windows wants but am still having my earlier issue of 'device not supported' in NPS so I can't bring up that tab you sent a screen of. All I get is:





What is a CSC version exactly, would it be something I'd be able to get off the device?

Last edited by b33r; 09-19-2009 at 02:23 PM.

cpwood

Drat!!

Does it have your CSC code in "Settings" on your phone? Perhaps near your baseband?

Thanks!!

sephail

Most people seem to get that "Device not supported" error in the NPS GUI. I don't know how to reproduce a case where it works.

Out of curiosity, have you tried updating (manually) with NPS 1.2.0 to see if you can get past that "No file to download" error?

ressu

You can find out the information people are craving for by entering *#*#44336#*#* as a phone number. It's the easiest way to find out the CSC version.

b33r

Cool, that seems to work, is there like a directory of all these codes? I know about the 4636 one for the advanced battery information view.

Anyway the CSC version code is: I7500O2UII3. It has a build time of Sep 12th 01:12:21 KST so they were bloody quick getting it to the shops as I only got it on the 17th.

HTH

ressu

There is a partial reference to the codes here: Galaxy Essentials - Android Wiki

Rastaman-FB

does anyone know any way or anyone to get that CSC build and firmware version.
takes the piss that there is no way to get it.
im on h8 with via csc (o2 germany) on a uk device, im raging a little as people say csc doesnt affect much but it does, it affects the market

it confuses me that recently all the csc's coming out are euro builds and not uk

Last edited by Rastaman-FB; 09-19-2009 at 03:52 PM.

ressu

You can get it by dialing *#*#44336#*#* (see my post above)

CSC Mostly affects the presets on the phone. Market data appears to be collected from the phone properties (like the network you are on and so forth). You can fake these properties (assuming you have rooted your phone) with Market Enabler. It allows you to access Market content targeted for different areas.

market-enabler - Project Hosting on Google Code

Rastaman-FB

i meant to get a flash build of this software as previously uk software has been ignored and pressumed that via (o2 germany) is the same when its not
uk people will benefit from a uk csc rom.

before the flash i could access stuff on the market that i cannot now as i was told the csc didnt really matter as it only held settings. its not the case as now i cannot access certain market apps that i could before.

im not planning on rooting my phone yet, i just want some uk software to put back on my phone as ill never be able to update to a uk rom via NPS cos of the german CSC

cpwood

Well I managed to figure out how to download different firmwares directly from Samsung without using NPS, but they're encrypted zip files so I can't get into them.

There doesn't seem to be a download for I4 yet.

In case there's another programmer that wants to pick up the pieces:

- here's an example file: http://fus.samsungmobile.com/Phone_Binary/6/GT-i7500I7500VIAIH4I7500XXIH8I7500XXIH8_500.zip.enc
- as you can see, the URL consists of the CSC code and the firmware version, followed by _500.zip.enc . If you change it to use other known combinations of CSC and firmware, you get a download. If you try something that doesn't exist, you get a 404.
- given a list of known mobile operators (e.g. O2U, VIA, ITV) and awareness of how Samsung numbers its releases (e.g II4 is the 4th release in September 2009), you could brute force checks for new firmware in nested loops based on HTTP response codes (i.e. 200 = found, 404 = not found).
- FUSCrypt.dll seems to be used to decrypt the files. This is a COM+ DLL. I managed to get it to encrypt a file and then decrypt it again, but I can't get it to decrypt the Samsung file. It needs a public key and a symmetric key to work, but the Import key routines don't seem to work The only way I could decrypt my own encrypted files was to regenerate the keys again using the exact same known values as during encryption.
- You might be able to use Fiddler2 to monitor the HTTP traffic between NPS and the update server, but it seems to be RSA-encrypted so I'm not sure how much you'd be able to glean.

Ho hum.. Guess we just wait for firmware updates via the usual routes: NPS and the various files that the good folks here post every now and then.

Chris

sephail

Are you sure it's using FUSCrypt.dll? I didn't see that in the import table of NPSMitsBinaryUpgrade.exe.

cpwood

Another techie post, sorry..

Not sure there would be anything in the import table if it's COM+? Wouldn't it load it via its CLSID? I didn't notice any imports for other NPS files either.

The downloads come from fus.samsungmobile.com, so it's a logical assumption that it's the correct DLL, but not guaranteed to be right of course.

If it's definitely using FUSCrypt.dll and the Import routines don't work, it would suggest that the crypto keys are hard-coded rather than communicated to the client. Windbg might be useful whilst performing a genuine NPSMitsBinaryUpgrade.exe download if so. Might give away the secret keys...

Since my last post, I wrote a brute force checker as I described. Nothing showing up for September yet, but it did find the following August releases (all of which we already know about). The download links are useless of course as we can't decrypt the files....

Operator: O2 UK, CSC: I7500O2UIH2, Firmware: I7500XXIH6
http://fus.samsungmobile.com/Phone_Binary/6/GT-i7500I7500O2UIH2I7500XXIH6I7500XXIH6_500.zip.enc

Operator: O2 DE, CSC: I7500VIAIH4, Firmware: I7500XXIH8
http://fus.samsungmobile.com/Phone_Binary/6/GT-i7500I7500VIAIH4I7500XXIH8I7500XXIH8_500.zip.enc

Operator: Vodafone IT, CSC: I7500ITVIH2, Firmware: I7500XXIH7
http://fus.samsungmobile.com/Phone_Binary/6/GT-i7500I7500ITVIH2I7500XXIH7I7500XXIH7_500.zip.enc

All of academic interest really than practical usefulness

Chris

sephail

Chris,

It definitely uses FUSCrypt.

I'm at the same stage here. The GeneratePasswordSymmetricKey() function seems to work just fine. However, it looks like both a symmetric key and public key pair need to be loaded before DecryptFileThread() will work. Hmm.

Under the assumption that they're using that (and since it throws an error message to the window handler you specify if the decryption fails), I'm going to try to brute force it with all the strings (about 3000 unique -- should be done in ~4 hours) from the executable tonight. I'm probably grasping at straws, but... whatever. I'll let you know when that fails... ;-)

Strangely enough, it's running now and matching on very weird strings like: )]"\"] and 0<<,_
but of course, the .zip files decrypted with the keys generated from those passwords aren't valid.

Really, though, it seems kind of silly to think that the key would be hard-coded. If I had to guess, I'd say it's sent somewhere in the GetBinaryInfo.php exchange with fus.samsungmobile.com.

For completeness' sake, I've also come up with a few more firmware releases from July:

GT-i7500I7500BOGIG2I7500XXIG1I7500XXIG1
GT-i7500I7500BOGIG8I7500XXIG8I7500XXIG8
GT-i7500I7500ITVIG1I7500XXIG1I7500XXIG1
GT-i7500I7500ITVIG6I7500XXIG8I7500XXIG8
GT-i7500I7500MSRIG4I7500XXIG6I7500XXIG6
GT-i7500I7500MSRIG5I7500XXIG7I7500XXIG7
GT-i7500I7500MSRIG6I7500XXIG8I7500XXIG8
GT-i7500I7500O2UIG5I7500XXIG8I7500XXIG8
GT-i7500I7500VIAIG6I7500XXIG8I7500XXIG8

some of which I've already seen floating around. I haven't bothered going back further than that.

::sigh:: Now for some sleep.

Last edited by sephail; 09-20-2009 at 01:23 AM.

m4j3r

You must hack their site to get latest firmware.
Only in Samsung

cpwood

Sephail,

Good luck with that! I agree that it's difficult to believe that the strings are hardcoded, but worth a crack. I too had a moment where I saw the file decrypting and thought "I've cracked it!", only just to get an invalid zip file!

Are you finding that the ImportPublicKeyBase64 and ImportSymmetricKeyBase64 methods don't work too? I captured some public keys and symmetric keys via Fiddler2 and whilst they're valid base64, it just refuses to load them. Same if I generate my own key/symmetric key, export them (ExportPublicKeyBase64 / ExportSymmetricKeyBase64) and then try and import them again. Completely refuses.

Interesting that there was an O2 UK firmware for the UK back in July. Must have been what they did their accreditation testing with (I believe it failed initially).

If nothing else we can produce a complete history of firmwares now. That kind of thing has been done by piecing together pieces of information from the community up to now.

Good luck!

Chris

coipu

im no clever dude but I couldnt even download the the stuff you said I just got this come up in my browser:
GETPUBKEY=BgIAAACkAABSU0ExAAQAAAEAAQBLkRxedbb7YE15 wHuDYnVNmzD/RRXRAQ8HMu+q7fkQ7TQNckTKID3cp+rxcUBRJ9Eu2os4IL6sO+ +e58yZkCTAJp5Rfa5jwDQS0dtvpEXyHpwMPdT/s5RqVLmy+abiJ3BErnkoFLmhXgkBLNJWsLOC77gWyj5xi0VoUn jyALFtvQ==

Rastaman-FB

use chrome or IE


wow guys good find, i wish i could help out some how but im low skilled when it comes to stuff like what you are talking.

its nice to see that you can pull a list though and that o2uk is there prior to this new update.
if only for the csc.
how did people obtain these software versions for use with odin before ?

Last edited by Rastaman-FB; 09-20-2009 at 05:22 AM.

cpwood

Hey coipu,

That's actually quite interesting that you got that. Which web browser are you using?

Chris

sephail

That key comes straight from GetPUBKEY.php. Here's the whole exchange:

POST /GetPUBKEY.php HTTP/1.1
Accept: */*
Cache-Control: no-cache
Ryeol-Magic: My Magic Header
User-Magic: User's Magic Header
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: fus.samsungmobile.com
Content-Length: 0
Connection: Keep-Alive

HTTP/1.1 200 OK
Date: Sat, 19 Sep 2009 18:50:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.1.6
Content-type: text/html
Via: 1.1 s0-kt10-sel (jaguar/3.0-11), 1.1 usls02slh009 (jaguar/3.0-11)
Connection: close

GETPUBKEY=BgIAAACkAABSU0ExAAQAAAEAAQBLkRxedbb7YE15 wHuDYnVNmzD/RRXRAQ8HMu+q7fkQ7TQNckTKID3cp+rxcUBRJ9Eu2os4IL6sO+ +e58yZkCTAJp5Rfa5jwDQS0dtvpEXyHpwMPdT/s5RqVLmy+abiJ3BErnkoFLmhXgkBLNJWsLOC77gWyj5xi0VoUn jyALFtvQ==

Presumably that's then used to send the public key of the pair generated by FUSCrypt, but we'd need to know the decrypted content in order to re-generate the requests. Maybe we can grab the keys from memory after they're generated to decrypt the session, but... what a pain.

As expected, my attempt from last night failed. Interestingly, here are the passwords it reports to have worked on one of the .zip.enc files I tested with. (It may be possible that each binary has a different key, too.):

Success: )]\"\\\"]
Success: \t0\t@\t
Success: 0<<,_
Success: -455
Success: 5drD
Success: *\tA\t(\t
Success: .?AUIRegistrarBase@@
Success: D$4PU
Success: D$lPQ
Success: g?w&
Success: [hmm
Success: !jD}
Success: +\t<\tK\t(\t
Success: Kb:gck(W
Success: L&177
Success: *\tM\t0\t>\t
Success: W0~0[0
Success: wcstol

sephail

Another thought:

IF all of the software revisions use the same key, here's a way that's likely to work:
- Use NPSMitsBinaryUpgrade.exe and get to the stage where it's downloading the zip.enc
- Pause the process until it timeouts or kill the net connection
- It'll ask if you want to retry. Meanwhile, set up a quick webserver and either modify the hosts file (if it does another DNS lookup) or set up an iptables rule on your router to forward the resolved IP to your webserver
- It should grab your .zip.enc instead and perform the decryption for you.

If it successfully grabs the file but can't decrypt it, this will tell us that we're going to have to decrypt the exchange between the client and fus to get the key...

Last edited by sephail; 09-20-2009 at 08:33 AM.

sephail

I'm having the same issue with ImportPublicKeyBase64/ImportSymmetricKeyBase64. Neither of them seem to work. I can gen the pairs randomly or from a password and successfully use the crypto, but that's not particularly useful unless the sever is providing a password or the key is fixed. I wonder if we're missing something here...

sephail

Also, the SYMKEY values from each of our client_login captures is different. This makes me think they're using GenerateRandomSymmetricKey().

pegasus21

Interesting. BTW does the update program send your firmware version to the server then the server returns with the firmware to update to or is there a list that the program checks to see if there's an update?

sephail

Well, since I'm using an IFx release of NPS to get IHx firmware, it's clearly getting a list of releases from the server (unless someone at Samsung is really good at predicting the future). Hehe.

Here's what the request to GetPatch.php looks like:

BODYR=e509iKAdVgRyfihAtWM%2BRpq5x5WMM%2Bamn55MPJpM 4HQh66faOiZRF6aFsJSOH5Elns2PVLNtzlBYXbCvjL3VuDQpcB sOXg3JDROQ3irCmq62JrzpO0QXl4NYgE9f6PJmhq6G3VTiEu1W xohzOvFZ4TFwsEyM1KuorAhCIuX06pTiMV8IhsfczT1bX81SaE ZtEmIkKxaMsDD7ow0K%2F%2B4sZmJeZRu3KhEdMZLx0zdTAdcu JrUTMcZCPNlXp%2BjzTkqLGWcdoL7hRNo8p9yOMpTV5A%3D%3D &MODEL=I7500VIAIH4%7EI7500XXIH8%7EI7500XXIH8&TEMPI D=f3815af7260063634cbd0e69a7ccd261

As you can see, it sends the CSC and firmware versions.

ressu

TEMPID is gotten from login.php and BODYR doesn't make any sense (to me) if you decode it. It's base64 encoded, which is easy to identify from the == in the end (urldecode it first).

It's pretty hard to understand why the secrecy, most other operators freely provide the firmwares, it's cheaper for them that way. Oh well..

sephail

There's a function in FUSCrypt called DecryptTextBase64, which I'm pretty sure is how you're supposed to decode that. But if we can't get the keys loaded, we can't use it...

GalaxyMeh

Don't mean to hijack the thread, but I see some knowledgeable Galaxy firmware discussion here, and I thought someone could help me flash the original camera firmware version. In fact, I'm willing to contribute $50 for instructions on how to do that (returning the phone would be more expensive and would benefit some shipping company rather than a hacker).

koy

Another way to do it, is to flash your ROM with some old firmware, so that it will recognize the device and want to update it. After it downloads the update (h8 in that case), you don-t click "next" but you replace the tar file it downloaded with the new tar file (rename it). That way it'll decrypt the file for you.

sephail

Yes, but in this case I don't have the UK O2 CSCs (and haven't seen that anyone else does, either), so that method is not possible for when I4 becomes available (which it is not yet), unless someone who already has UK firmware does it and sends us the unencrypted .zip/.tar...

b33r

Sorry i half stopped following the thread as went into an area I had no idea about lol, is that something I could help with?

EDIT: Actually I've just read what you were referring to, don't think I'd really wanna do that...

Last edited by b33r; 09-21-2009 at 12:52 PM.

sephail

Once the firmware is released on Samsung's servers, sure!

sephail

It's pretty simple and doesn't involve flashing your device at all. Basically, you just pretend you want to update and grab the .tar after it downloads/decrypts/unzips it then cancel the update. It's your choice, of course.

sephail

Okay, it looks like the crypto functions are actually pretty straightforward. As far as I can tell at this point, this is what's happening:

The public key crypto functions look like they're strictly there to support the symmetric key import/export functions. First, you import the server's public key. Then, you generate your own public key pair, the public portion of which you can then export. (This is what I believe is sent to fus in client_login.)

Then, the symmetric key import/export functions become available to import/export encrypted symmetric keys. You can import a symmetric key (that was encrypted with your public key) from the server. You can also export the symmetric key encrypted with the server's public key, which the server can then import. Or, you can just generate one with a passphrase.

Chris,
I was previously under the assumption that we could import/export "cleartext" symmetric keys, which I don't believe we can. Judging by your previous post, I think that was the assumption you were under as well.

webants

XEN XEB I7500XXIH2 is what they updated my i7500 with today, havent heard anything about this version..

Had to send my i7500 in because it died. got a new mainboard and a software 'update' to XEN XEB I7500XXIH2 ehum.. sounds not like an update to me but i will check when i get the phone back..

sephail

Okay, I can obtain whatever firmware is available on fus and decrypt it. If anyone has any requests, let me know. I know the UK CSC was wanted, so I'll post that soon.