• Welcome, Guest. Please login.
 

What is Radio.img; why downgrades fail

Started by ZduneX25, July 30, 2010, 12:09:29 am

previous topic - next topic

0 Members and 1 Guest are viewing this topic.

ZduneX25

Since I see many questions about the radio.img; I'll try to explain it:

radio.img is a image of partition table + several partitions, which are defined in the header.

You can open the file in hex editor and see it (starting at 0x18 offset):

MAGIC-NOTHING2DO: does nothing
OTA-QCSBL-UPDATE: updates qcsblhd_cfgdata.mbn and qcsblsec.mbn
OTA-OMSBL-UPDATE: updates oemsblhd.mbn and oemsblsec.mbn
OTA-RADIO-UPDATE: updates amsshd.mbn and amsssec.mbn (the actual baseband firmware)
OTA-APSBL-UPDATE: updates appsboothd.mbn and appsbootsec.mbn
OTA-CEFS--UPDATE: updates cefs.mbn (on some radio.img files this is done implicitly)

!BE AWARE THAT THE BOOTLOADERS ARE SIGNED!

Not all have to be present in the radio.img, but so far I always found oemsblhd.mbn and oemsblsec.mbn in it.

The oemsblhd.mbn and oemsblsec.mbn is the blue bootloader and it will prevent downgrading to a lower version. This will prevent you from flashing old radio.img. In the firmware superthread, I called these firmwares "STICKY". Bootloaders with version 05.15+ will prevent you from using the old RAMDLD with exploit and won't let you to downgrade back to 04.CC bootloader (or we have not achieved that yet (without root permissions)).

The new Mbn (De)packer (version 1.1g) is also able tho extract the radio.img into the partitions. They are named as if you were extracting them from the shx / sbf.

All credits to: Skrilax_CZ
Z.d.u.n.e.X's Stuff: Personal Site | My skins