This is the initial public release of my ‘fwtool’ firmware manipulation tool. The utility can be used to ‘unpack’ a firmware update “.bin” file into the component pieces (kernel, rootfs, (optional)wifi firmware), or to ‘pack’ these files back into a “.bin” firmware update file.
Here is a link to the code (source code, Linux x86, MacOS x86 binaries inside): fwtools_20100826c.tgz
WARNING: Patching/modifying firmware is not for everyone! You could very easily BRICK your iSpot if you make a mistake! Also, loading custom/patched firmware into your iSpot will likely VOID your warranty! Proceed with caution!
The simplest use case is to unpack the “.bin” file to a directory which will contain the component files. For example (use “-unpack infile.bin outdir” args):
$ ./fwtool -unpack iSpot_Software_080510.bin 080510_expanded Wrote '080510_expanded/kernel.bin' successfully Wrote '080510_expanded/rootfs.bin' successfully Wrote '080510_expanded/wifi.bin' successfully Wrote '080510_expanded/fwinfo.txt' successfully
“kernel.bin” is a Linux compressed kernel image (with ‘header app’ that decompresses it) targetted for an ARM CPU.
“rootfs.bin” is a JFFS2 root filesystem image (“kernel.bin” and “rootfs.bin” go together)
“wifi.bin” (not always part of “.bin” file) contains the firmware for the WiFi daughterboard. It is a Linux compressed kernel image (with built-in initrd ramdisk) targetted for a MIPS CPU.
At this point, you can inspect/patch/replace files in the output directory. Once you are finished, you can pack them back up into a new “.bin” file. For example (use “-pack indir outfile.bin” args):
$ ./fwtool -pack 080510_expanded iSpot_Software_080510_new.bin Loaded '080510_expanded/fwinfo.txt' successfully Loaded '080510_expanded/kernel.bin' successfully Loaded '080510_expanded/rootfs.bin' successfully Loaded '080510_expanded/wifi.bin' successfully Wrote iSpot_Software_080510_new.bin successfully
As described in “Why don’t firmware ‘downgrades’ work on the iSpot?“, the iSpot will refuse to install a firmware “.bin” file if the “svn version” is less than or equal to the current firmware’s version, or if the kernel/rootfs md5sum is found in a ‘blacklist’ table in the current firmware.
In order to allow for downgrading to old/blacklisted software, I’ve added a couple of options to the “-pack” process:
- -svn-ver #### : Sets the output “.bin” file’s “svn version” value to “####”
- -tweak-md5 : If specified, fwtool will modify the kernel/rootfs images in such a way that their md5sums will be different. This will allow them to get past the ‘blacklist’ test.
So, in order to modify an ‘illegal’ (old/blacklisted) “.bin” file in such a way that it will be accepted by the iSpot, first unpack the “.bin” to a directory. Then, pack the directory back into a new “.bin” – specifying “-svn-ver ####” with a value that is larger than the currently running firmware’s version, and “-tweak-md5”:
$ ./fwtool -unpack iSpot_Software_080510.bin 080510_expanded Wrote '080510_expanded/kernel.bin' successfully Wrote '080510_expanded/rootfs.bin' successfully Wrote '080510_expanded/wifi.bin' successfully Wrote '080510_expanded/fwinfo.txt' successfully $ ./fwtool -pack -svn-ver 1822 -tweak-md5 080510_expanded iSpot_Software_080510_allow_downgrade.bin Loaded '080510_expanded/fwinfo.txt' successfully Loaded '080510_expanded/kernel.bin' successfully Loaded '080510_expanded/rootfs.bin' successfully Loaded '080510_expanded/wifi.bin' successfully Wrote iSpot_Software_080510_allow_downgrade.bin successfully
Disclaimer: information on this site is for educational purposes only, and intended to help iSpot owners experiment with their own devices. I do not condone any hacking for illegal purposes, such as stealing service, etc.
Pingback: iSpot – Updates, Firmware Versions and more – iSpot Unrestricted
Pingback: iSpot firmware download image file format | Hacking the iSpot
That’s super awesome that you were able to figure out how to unpack it… mad props to you.
Pingback: [PROJECT] M9 firmware extraction - Page 5 - Meizu Me