Preventing OTA Updates

From Android Wiki

Revision as of 01:49, 2 August 2009 by Tonyb486 (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, searcha

Short-term fix: Prevent the OTA from validating

OTA updates are all cryptographically signed to prevent you from spoofing the update and installing something on your phone that you shouldn't. Ironically, this signature checking makes it relatively easy for you to prevent OTA updates from being applied once you have gotten root access on your phone.

First obtain root access, mount the filesystem as rw:

mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system

To prevent OTA updates, you can simply move the file from the expected location to another location on your device.

mv /system/etc/security/ /system/etc/security/ 

That one line will move the otakeys to a location the updater can't check for it - and once the OTA update is downloaded, it will be unable to apply.


Note, however, the OTA update will say "failed" and then immediately restart downloading it once the signature check fails - so this fix is less than ideal but will at least prevent you from waking up one day to a phone that doesn't love you as much as it did the day before.

It should also be noted that the "recovery mode" of the phone does NOT use the to check for the signature - currently it uses a compiled-in list of signatures to check for - so moving the has no effect at all on doing an SD Card update.

Note: The RC29 build does not appear to cycle endlessly upon a failed update. (At least not the 4MB update)

Permanent(ish) fix - reflash the recovery image

A more permanent fix to this problem involves reflashing your phone's recovery partition so that only updates that are signed with a specific key that you hold can be loaded onto your phone. For the images and instrutions on how to do this see: Replace Recovery Partition

It IS possible that you could re-sign an update image but not make the necessary changes to give yourself back root access and then subsequently lose it once you flash it... since the update will reflash the recovery image once it reboots - so make sure you have re-packed and re-configured the update the way you want before applying it.

NOTE: You assume any risk when you decide to flash your phone. It is harmful to all of us who want more open phones in the future if people start to brick their phones and then return them to the store and lying about the circumstances. (Ironically, having more open phones with an unlocked bootloader would make it much harder to brick the phone - but this is not the case on the G1)

Personal tools