Difference between revisions of "Sony Update Downloads"

From Exploitee.rs
Jump to navigationJump to search
 
(4 intermediate revisions by 2 users not shown)
Line 31: Line 31:
[http://android.clients.google.com/packages/ota/sony_eagle/59a98856c00f.package_list_DMA-1_EAGLE_2012012601_WWV_ORSC.59a98856.zip Sony Eagle 2012.01.26] (Android 3.2) - Exploitable
[http://android.clients.google.com/packages/ota/sony_eagle/59a98856c00f.package_list_DMA-1_EAGLE_2012012601_WWV_ORSC.59a98856.zip Sony Eagle 2012.01.26] (Android 3.2) - Exploitable


[http://android.clients.google.com/packages/ota/sony_eagle/a6623739e0e0.package_list_20120222_EAGLE_2012022201_WWV_ORSC.a6623739.zip] - Patches previous version exploit
[http://android.clients.google.com/packages/ota/sony_eagle/a6623739e0e0.package_list_20120222_EAGLE_2012022201_WWV_ORSC.a6623739.zip Sony Eagle 2012.02.22] - Patches previous version exploit
 
[http://android.clients.google.com/packages/ota/sony_eagle/bd4b061a5a65.package_list_DB1-1_EAGLE_2012052001_WWV_ORSC.bd4b061a.zip Sony Eagle 2012.05.20] - BL Exploitable
 
[http://android.clients.google.com/packages/ota/sony_asura/965b3e97a482.package_list_DB1-1_ASURA_2012052001_AAV_ORSC.965b3e97.zip Sony Asura 2012.05.20] - BL Exploitable
 
[http://android.clients.google.com/packages/ota/sony_asura/3afb3c87b4ee.package_list_DMA-1_ASURA_2012091701_AAV_ORSC.zip Sony Asura 2012.09.17] - Adds Google Play Movies
 
[http://android.clients.google.com/packages/ota/sony_eagle/c38489fc1f6e.package_list_DMA-1_EAGLE_2012091701_WWV_ORSC.zip Sony Eagle 2012.09.17] - Adds Google Play Movies


== Release Notes ==
== Release Notes ==

Latest revision as of 21:45, 30 January 2013


Download Links

Sony Asura 2010.10.21

Sony Eagle 2010.10.21

Sony Eagle 2010.12.15 (Current as of Feb 6, 2011)

Unknown update on Mar 13, 2011.

Sony Eagle 2011.03.02 (Missed link on Mar 15, 2011)

Sony Eagle 2011.03.24 (Missed link on April 10, 2011)

Sony Eagle 2011.04.20 (Appeared on April 29, 2011)

Sony Eagle 2011.05.20 (Appeared on June 1, 2011)

Sony Eagle 2011.10.23 (Android 3.1 - Appeared on November 1, 2011)

Sony Asura 2011.10.23

Sony Asura 2011.11.14

Sony Eagle 2011.11.14

Sony Asura 2012.01.26 (Android 3.2) - Exploitable

Sony Eagle 2012.01.26 (Android 3.2) - Exploitable

Sony Eagle 2012.02.22 - Patches previous version exploit

Sony Eagle 2012.05.20 - BL Exploitable

Sony Asura 2012.05.20 - BL Exploitable

Sony Asura 2012.09.17 - Adds Google Play Movies

Sony Eagle 2012.09.17 - Adds Google Play Movies

Release Notes

Sony Eagle 2011.03.02

OGM (2011030201ON)

  • Music Unlimited powered by Qriocity has been supported
  • The Media Player now supports WMA format
  • WiFi connection stability has been improved
  • Blu-ray disc compatibility has been improved

Sony Eagle 2011.03.24

OGM1.3.1 (2011032401ON)

  • Security Patch.

Sony Eagle 2011.04.20

OGM (2011042002ON)

  • Security patch.
  • Music Unlimited powered by Qriocity has been improved.

Sony Eagle 2011.05.20

OGM (2011052001ON)

  • Fix to be able to launch NBA Game Time.
  • Playback compatibility for BD/CD was improved.

Sony Eagle 2011.10.23

3.1_2011102306

The Android 3.1 platform introduces many new and exciting features for users:

- Experience a brand new, easy to navigate and customizable Home Screen.

- Improve your ability to search for what you want to watch with Google TV's new "TV and Movies" application.

- Enjoy YouTube in HD-quality channels created directly from your search queries.

- Access to the new Android Market for TV. Download new forms of entertainment directly to your big screen with a variety of free and pay apps.

Format

Download is a conventional zip file, containing a directory structure with a collection of tgz files as well as various others. Contents are mostly obfuscated using a simple xor of some sort. A pattern has yet to be found, but the mask for one file will apply byte-for-byte to any other obfuscated file in the zip.

Obfuscation

Here are the first 1557 bytes of the Sony obfuscation hash. It's applied as an xor. I haven't put much work into finding a pattern yet. Here's what I do know:

  • It isn't just a static repeating pattern, or if it is then it's longer than 1095 (haven't check again as more found) bytes before repeat.
  • The mask for any given byte position is the same across all files, so a static mask that works for one file will work for all files.
  • I tried applying the first 1024 bytes of the mask starting at every byte position in the RfHid_v0156_2010091601_NL.hex and only found valid content when applied to the start of the file. This pretty well establishes that there's no repetition of the mask.
00000000  38 cf 4f aa 7a 8a 2e 3e  2b 41 82 9a ad 31 e9 dc  |8.O.z..>+A...1..|
00000010  ef 47 2f 0b 26 76 12 fe  5f 5b 58 e1 10 18 7d e6  |.G/.&v.._[X...}.|
00000020  ad 92 1b 91 8e 90 69 f7  8a 9b 68 d8 98 58 fa 95  |......i...h..X..|
00000030  63 81 d6 5f 04 7d 29 8b  09 cf b9 21 b8 d9 df dd  |c.._.})....!....|
00000040  c4 7e 71 d9 3f 35 ea 7b  0d ec 7f d1 a3 76 64 88  |.~q.?5.{.....vd.|
00000050  a5 8e 27 49 60 c0 a0 bc  77 54 31 e3 d6 6a bf e5  |..'I`...wT1..j..|
00000060  1b 42 25 da a3 97 b8 e1  ba 54 13 5b 68 31 da ff  |.B%......T.[h1..|
00000070  1c 5c 15 46 4e 32 f1 76  50 e0 4e f3 ab 9a 28 bb  |.\.FN2.vP.N...(.|
00000080  b5 cf 2f 50 24 45 f7 ed  b3 5d c8 f6 21 fa aa d8  |../P$E...]..!...|
00000090  42 4d 49 89 7f 76 c9 72  d8 30 1c 38 cd 09 d5 b7  |BMI..v.r.0.8....|
000000a0  b0 69 ae 32 bd 0b db 1b  4a fc b5 77 cb 18 ff 32  |.i.2....J..w...2|
000000b0  7b c6 aa 83 5d 94 22 e3  4c a1 ef bb 56 66 79 63  |{...].".L...Vfyc|
000000c0  56 43 00 87 b4 69 f4 7c  18 ce 53 c6 3d fd e4 11  |VC...i.|..S.=...|
000000d0  0e 6e a7 65 60 b2 66 dc  6b d7 01 4a e4 9f d7 84  |.n.e`.f.k..J....|
000000e0  3c 87 b6 6a 67 ec 8e a3  36 2c ce c0 ab 2e e2 4e  |<..jg...6,.....N|
000000f0  4f ab 77 f3 0c da d8 e2  b1 98 fe a4 cf 20 a3 6f  |O.w.......... .o|
00000100  27 cc f9 2b 47 09 e1 f8  a8 f5 a3 84 cd 53 b3 aa  |'..+G........S..|
00000110  12 cb 95 dc c2 7f 76 df  84 24 83 c8 60 fe dc 99  |......v..$..`...|
00000120  3c 61 5c d5 4a bd 4b 19  10 ea 2b a9 ed 94 4e 08  |<a\.J.K...+...N.|
00000130  2e 1e 0b 31 90 b7 47 76  55 40 1b 42 e5 cd 82 07  |[email protected]....|
00000140  6c 75 61 3d 51 6f 91 ed  4e 3b e7 d0 68 7b ab 93  |lua=Qo..N;..h{..|
00000150  b9 64 e7 82 80 0b b0 7a  1b da d0 70 a8 65 95 da  |.d.....z...p.e..|
00000160  8b 06 37 34 0f 78 a2 35  87 f5 81 6b 0a ce 7d 28  |..74.x.5...k..}(|
00000170  15 97 8c 8a 84 df b0 17  c7 ef 88 b3 41 61 3a a9  |............Aa:.|
00000180  83 2f b8 7d 0e 9f 93 d9  2e 63 21 0e eb 81 64 a6  |./.}.....c!...d.|
00000190  b7 f0 db ab dc cd fc 15  d5 4f fb 96 dd 28 fe d7  |.........O...(..|
000001a0  17 be 8f 96 f0 3e 84 bc  d6 2e 80 d4 60 62 05 0a  |.....>......`b..|
000001b0  f9 12 87 b1 56 7e 46 47  19 1f 84 73 df 42 ca cf  |....V~FG...s.B..|
000001c0  f8 ff 96 de 87 ba 13 2b  12 c8 f8 76 ea 2d 56 23  |.......+...v.-V#|
000001d0  44 32 93 84 a4 5b 78 8a  1c 00 fb 82 9d 91 3c f4  |D2...[x.......<.|
000001e0  5c 2a 7f 13 f8 4a 74 2f  e4 5a 8e 34 28 51 c3 04  |\*...Jt/.Z.4(Q..|
000001f0  c5 aa db 93 62 8b 92 41  bc 18 a5 47 94 06 b3 ed  |....b..A...G....|
00000200  fb 8c 5b 08 d1 62 0d 59  9e 37 26 ff a9 40 63 a7  |..[..b.Y.7&..@c.|
00000210  d3 f3 e6 30 ea 22 bc 3a  64 9c d9 fe 94 7c f2 3b  |...0.".:d....|.;|
00000220  34 4d ce 2c b4 c5 22 56  b4 e8 ad 31 ed 3b 66 b8  |4M.,.."V...1.;f.|
00000230  38 86 e3 0d fa 77 8a 79  35 0a 7c 23 95 9f 15 2c  |8....w.y5.|#...,|
00000240  9b c9 95 86 40 cf 92 7c  bd 37 36 c2 33 4b 09 c2  |....@..|.76.3K..|
00000250  5c b1 a6 23 b2 ef d4 0c  f5 a5 24 90 12 85 6a 03  |\..#......$...j.|
00000260  7b e5 61 48 d8 2f e6 1e  de 7e bb 18 e6 f5 b1 69  |{.aH./...~.....i|
00000270  f1 f3 d1 32 dc e2 8f 99  1b f2 a6 71 90 3d 08 ed  |...2.......q.=..|
00000280  05 c1 fe c1 c7 12 f9 33  a2 18 3f 52 76 9e 0e 6e  |.......3..?Rv..n|
00000290  3d 94 dd cb 04 b7 4b 40  93 96 8f 01 df e1 57 d2  |[email protected].|
000002a0  0e e9 20 e2 bb c6 b6 36  27 d6 82 91 48 90 87 9f  |.. ....6'...H...|
000002b0  23 ea d5 78 2d 93 80 0a  ca 37 e3 40 85 6a 01 ad  |#[email protected]..|
000002c0  c2 e7 5b d8 da 17 71 97  65 0a 00 4b 2f 3d ea 3c  |..[...q.e..K/=.<|
000002d0  a0 06 ce 9a 3a d7 5d de  c0 82 4b 02 85 c7 36 bb  |....:.]...K...6.|
000002e0  72 18 b1 0c 5b 39 73 1c  4c d0 cf 1a 70 fa 76 ba  |r...[9s.L...p.v.|
000002f0  55 c5 ce dd 51 6c 38 a7  74 c5 e2 d6 e1 fb 01 1b  |U...Ql8.t.......|
00000300  c2 e3 d4 ff 3b 0c 9e 53  eb 67 e1 ce 80 65 ec d9  |....;..S.g...e..|
00000310  95 e5 f7 8e 45 64 fd 5d  29 6a c4 fe cc ce f0 61  |....Ed.])j.....a|
00000320  97 58 97 82 d5 69 b6 af  34 fe d1 ff 9c 4f b9 01  |.X...i..4....O..|
00000330  0e 27 92 f8 60 52 ee 03  e7 9a e7 42 f0 62 f6 87  |.'..`R.....B.b..|
00000340  cd 3b d2 de d4 57 29 15  d2 9b 6e 8f 8a 37 8d 1e  |.;...W)...n..7..|
00000350  98 3e d0 b7 a1 83 a5 cb  7c c4 d4 60 1f 61 ea a6  |.>......|..`.a..|
00000360  56 fc b3 75 e5 fc c2 1e  cd 6f a9 1b 82 25 41 97  |V..u.....o...%A.|
00000370  16 d1 13 e3 90 c2 e8 48  ce 20 cc dc 91 d6 95 12  |.......H. ......|
00000380  d2 bd c6 94 8e 65 16 7f  da a4 64 11 95 76 b9 30  |.....e....d..v.0|
00000390  11 c8 d9 96 ef d6 b7 ea  d9 c1 a9 85 b7 d5 36 5f  |..............6_|
000003a0  c7 84 24 67 98 56 7a 2e  98 6c 14 7f de 5e 79 bf  |..$g.Vz..l...^y.|
000003b0  b1 10 1a 6f 64 ba 3b 05  ea 7a f0 57 a2 de d9 9b  |...od.;..z.W....|
000003c0  9b 1c 36 c8 2c 6a 31 b5  80 66 e8 0f c3 dc d3 84  |..6.,j1..f......|
000003d0  08 09 f2 11 74 6e 01 a4  74 c6 7d 70 f4 92 0f 63  |....tn..t.}p...c|
000003e0  c2 b2 5f bc e9 ba bd 76  56 ff 6b 69 90 a3 a1 a8  |.._....vV.ki....|
000003f0  4c 68 2d 53 06 63 14 87  b6 b6 a1 95 a6 98 40 33  |Lh-S.c........@3|
00000400  f5 1e 8a 22 fe 24 ff b6  d3 29 98 17 c4 af e0 06  |...".$...)......|
00000410  50 ee eb b2 40 be a9 45  e8 45 69 cb cf be e6 73  |[email protected]|
00000420  09 5a 63 58 45 21 53 61  f1 b3 7f 4c 36 0f a6 70  |.ZcXE!Sa...L6..p|
00000430  d0 5e 80 c0 3b f1 89 ba  0f 5e e2 33 01 83 b9 c9  |.^..;....^.3....|
00000440  e8 9e 25 43 ce ff 5f a9  d2 f9 52 eb ac 84 4a 5e  |..%C.._...R...J^|
00000450  79 8c 86 34 b8 09 31 66  81 91 6f 33 12 ba 6a 9c  |y..4..1f..o3..j.|
00000460  54 af 85 6c 0a 68 e0 c3  52 76 c4 a0 52 8e ee 42  |T..l.h..Rv..R..B|
00000470  c1 81 ac 2b 5f c2 0a 44  fe c5 41 c9 42 15 72 7f  |...+_..D..A.B.r.|
00000480  f2 2a 1a 4d ac 07 0a 02  ed 15 87 cb f7 f7 ab 5b  |.*.M...........[|
00000490  c3 9a a2 39 9b 18 82 4a  81 a6 0b 40 31 81 64 d2  |[email protected].|
000004a0  75 96 17 c8 1c eb 62 01  25 b7 f2 9b 19 f6 13 4d  |u.....b.%......M|
000004b0  8a 26 61 a8 af ee b7 19  b7 6f 8c fb 4e 99 3a 5a  |.&a......o..N.:Z|
000004c0  46 d6 d9 e7 40 9f d5 7c  b0 25 56 e6 df 1e 36 84  |F...@..|.%V...6.|
000004d0  89 95 0f 79 4d 96 71 17  ca 1b 9f f2 d4 f6 39 f3  |...yM.q.......9.|
000004e0  77 5f 57 c7 1a 1b ee 60  13 58 14 03 38 3f 61 0d  |w_W....`.X..8?a.|
000004f0  95 ef 8f 56 f4 02 df f7  97 8f 4d b6 7b 72 e5 07  |...V......M.{r..|
00000500  82 62 e9 e4 25 4d a7 e3  c9 ab a3 f3 70 e0 2e 58  |.b..%M......p..X|
00000510  8c 3a 91 20 f0 b2 b6 ef  a9 04 0b a8 69 8b 0b 8f  |.:. ........i...|
00000520  e7 e7 21 55 df 3f 7f e4  02 a9 a9 c8 d4 5b 4f fd  |..!U.?.......[O.|
00000530  cb 19 1c ce 7a c0 1b 60  d4 d5 fb 80 29 d7 e8 f9  |....z..`....)...|
00000540  bb 9a 47 c1 79 42 82 e6  be 03 03 e6 45 0e 39 49  |..G.yB......E.9I|
00000550  e5 a6 99 72 eb 1b fb 79  38 38 e7 80 eb 5f 77 78  |...r...y88..._wx|
00000560  a9 31 87 42 14 d8 76 c7  02 94 00 e5 05 52 c7 68  |.1.B..v......R.h|
00000570  62 5a ce 65 ee a0 78 92  c1 16 99 1d d0 0c e4 67  |bZ.e..x........g|
00000580  91 d5 3e df 10 30 fe 38  dc f0 94 c6 f6 55 7d a3  |..>..0.8.....U}.|
00000590  89 57 3c 5e 5c 05 a1 d4  c1 fb 61 4f 51 ab 1c 38  |.W<^\.....aOQ..8|
000005a0  cd 64 a2 46 76 b9 e0 e5  ec 30 0f 98 48 3f 81 b5  |.d.Fv....0..H?..|
000005b0  d1 fc 2a 60 1e 89 cb d6  ef 9d 48 63 d0 6c 3f a8  |..*`......Hc.l?.|
000005c0  89 72 f3 60 03 b4 2b 4d  4c 14 25 4b 6b 73 62 18  |.r.`..+ML.%Kksb.|
000005d0  78 cb 09 66 be 4a 4b ba  b0 ec 5f bd ff 60 8a 05  |x..f.JK..._..`..|
000005e0  8c 32 5d 07 97 8c 63 1d  11 6c 56 af b1 d3 d1 fe  |.2]...c..lV.....|
000005f0  83 15 a9 a4 87 30 a3 09  42 46 46 58 74 1f 84 88  |.....0..BFFXt...|
00000600  97 37 0b 3c 83 95 3c 17  73 16 12 d0 e8 f9 fe 2e  |.7.<..<.s.......|
00000610  82 23 00 4a c0                                    |.#.J.|
00000615

It could be a large random pad, as someone previously suggested. Or if we're really lucky it could just be a random number sequence accessed via knowing it's seed and which rand algorithm it's using. Or it could be an output feedback cipher, which could be a bugger if they used a non-zero key in the encryption.

The approach I used was to find all the obfuscated text files I could, then write a small program to iterate over the hash options for each byte, weed out the ones that yield an invalid result in any of those files, and produce a character-by-character list of the possibilities. This was facilitated by knowing that a shell script is only printable characters and whitespace and the .hex file is only hex characters, colons, and CRLFs. If anybody has strong knowledge of limitations in gzip file content beyond the first 96 bytes, that could be used to further filter the options.

Here are the decoded sections of the obfuscated text files I could find. These are the same in all three versions of the Sony update that I have.

history/board_conf.sh (full file) 

#!/bin/sh

chkerr()
{
  ret=$?
  if [ $ret -ne 0 ]; then
    echo "Error!!!"
    exit 1
  fi
}

# arguments
#PRODUCT_TYPE=$1  # asura, eagle, *
#TRIAL_LEVEL=$2   # evt2, dvt, pvt, pp, mp
#PANELID=$3       # MONI-Z, M236H1-L01, LTY(Z)320HM02, LTY(Z)400HM02, LTY(Z)460HM02, 
#                 # T315HW07 V0, LTY(Z)400HM03, LTY(Z)460HM03, unknown

# for old installer support (evt only)
[ ${PRODUCT_TYPE} ]             || PRODUCT_TYPE=$1
[ ${PANELID} ]                  || PANELID="MONI-Z"
[ ${TRIAL_LEVEL} ]              || TRIAL_LEVEL="pvt"
[ ${PRODUCT_TYPE} = "asura_p" ] && PANELID="PANEL"

mount /dev/sda1 /tmp/mnt1 ; chkerr

printf "product_type = $PRODUCT_TYPE\ntrial_level = $TRIAL_LEVEL\nmodelid = $MODELID\npanelid = $PANELID\n" > /tmp/mnt1/etc/board.conf
chown 0:0 /tmp/mnt1/etc/board.conf ; chkerr
chmod 444 /tmp/mnt1/etc/board.conf ; chkerr

umount /tmp/mnt1

exit 0


history/other/check_spectra1_20100929.sh (full file) 

#!/bin/sh

#----------------------------------
# unmount /tmp/mntx
UMOUNT()
{
    mount | grep $1 > /dev/null || return 0

    umount $1 2> /dev/null
    mount | grep $1 > /dev/null || return 0 ; sleep 1

    umount $1 2> /dev/null
    mount | grep $1 > /dev/null || return 0 ; sleep 1

    umount $1 2> /dev/null
    mount | grep $1 > /dev/null || return 0 ; sleep 1

    umount $1 2> /dev/null
    mount | grep $1 > /dev/null || return 0 ; sleep 1

    umount $1 2> /dev/null
    mount | grep $1 > /dev/null || return 0 ; sleep 1

    echo Error!!
    exit ${ERROR_CODE}
}
#----------------------------------
# mount /dev/sdax /tmp/mntx
MOUNT()
{
    mount | grep "$2" > /dev/null && return 0

    mount $1 $2 $3 $4
}

#----------------------------------

mkdir -p /tmp/spe1
MOUNT /dev/Glob_Spectraa1 /tmp/spe1
if [ $? -eq 0 ]; then
    UMOUNT /tmp/spe1
    exit 0
fi

sleep 2
MOUNT /dev/Glob_Spectraa1 /tmp/spe1
if [ $? -eq 0 ]; then
    UMOUNT /tmp/spe1
    exit 0
fi

sleep 2
MOUNT /dev/Glob_Spectraa1 /tmp/spe1
if [ $? -eq 0 ]; then
    UMOUNT /tmp/spe1
    exit 0
fi

echo "spectra1 is not formatted. Start formating of spectra1"

UMOUNT /tmp/spe1
mkfs.ext3 /dev/Glob_Spectraa1

exit 0


history/other/factory_reset_conditional_keepremote_20101012.sh 

#!/bin/sh
# last modified 2010/10/12
#
# conditional factory-reset for asura / eagle on updating.
# keep remote pairing
#
# assuming to be placed before history/other/format_sda_xxx.sh in
# package_list_xxx.txt files.
#
# applies factory-reset effect only when CURRENT_DATE which is exported
# by package_update.sh is the same as or older than BOUNDARY_DATE which
# is defined below.
# CURRENT_DATE reflects the value of ro.build.date.utc in the file
# /system/build.prop on the target.
# the factory-reset itself in this script is the same as one in the
# history/other/factory_reset_20100803.sh which is packaged in the
# GM softoware.

BOUNDARY_DATE=1283319577
# 1283319577 autobuild_trunk-r8602_trunk-r938_asura (20100901.143920)
# above is the latest package before gtv0830 is introduced.
# 1283318267 autobuild_trunk-r8602_trunk-r938_eagle (20100901.141724)
# 1281411575 [GM] 2.1_2010081002U_eagle (20100810.123847)
# 1281092192 [GM] 2.1_2010080602U_asura (20100806.195537)

#SENTINEL_FILE="/tmp/mnt7/.eclair.4"

[ "${BEAGLECMD}" ] || BEAGLECMD=/bin/sony/beaglecmd

chkerr()
{
  if [ $? -ne 0 ]; then
    echo "Error!!"
    exit 1
  fi
}

if [ ! "${CURRENT_DATE}" ]; then
    echo "donot factory reset: no CURRENT_DATE"
    exit 0
fi
if [ "${BOUNDARY_DATE}" -lt "${CURRENT_DATE}" ]; then
    echo "donot factory reset: newer than boundary"
    exit 0
fi
echo "do factory reset"

# wipe data
#
mount /dev/sda7 /tmp/mnt7   ; chkerr
rm -rf /tmp/mnt7/*

# make /data/system for default avsettings.db to be copied
mkdir -m 775 /tmp/mnt7/system    ; chkerr

history/other/format_sda_20100514.sh 

#!/bin/sh

FDISK_HASH_8G="80dd0463e8cf28c0d2c0836408499e03  -"
FDISK_HASH_2G="fdd1d1adb5517785c3e556c9c5966b07  -"

#    /dev/sda1 (boot)   will be 0.5GB
#    /dev/sda2 (misc)   will be   0GB
#    /dev/sda5 (system) will be 1.5GB
#    /dev/sda6 (cache)  will be 1.5GB
#    /dev/sda7 (data)   will be 4.5GB
#
#   Device Boot      Start         End      Blocks  Id System
#/dev/sda1               1        1908      488432  83 Linux
#/dev/sda3            1909       30720     7375872   5 Extended
#/dev/sda5            1909        7631     1465072  83 Linux
#/dev/sda6            7632       13354     1465072  83 Linux
#/dev/sda7           13355       30720     4445680  83 Linux

chkerr()
{
  if [ $? -ne 0 ]; then
    echo "Error!!"
    exit 1
  fi
}

FDISK_HASH_CUR=`fdisk /dev/sda -l | md5sum`
if [ "${FDISK_HASH_CUR}" = "${FDISK_HASH_8G}" ] || [ "`mount | grep "/dev/sda6"`" ]; then

  echo "clean sda1 & sda5"

  umount /dev/sda1  2> /dev/null
  umount /dev/sda5  2> /dev/null

  sleep 2

  mkfs.ext2 /dev/sda1  > /dev/null; chkerr
  mkfs.ext3 /dev/sda5  > /dev/null; chkerr
  exit 0
fi

echo "partition was changed !!"

umount /dev/sda1  2> /dev/null
umount /dev/sda2  2> /dev/null
umount /dev/sda3  2> /dev/null
umount /dev/sda4  2> /dev/null
umount /dev/sda5  2> /dev/null
umount /dev/sda6  2> /dev/null
umount /dev/sda7  2> /dev/null
umount /dev/sda8  2> /dev/null
umount /dev/sda9  2> /dev/null

# delete partitions
printf "d\n 9\n d\n 8\n d\n 7\n d\n 6\n d\n 5\n d\n 4\n d\n 3\n d\n 2\n d\n 1\n w\n" | fdisk /dev/sda -H 16 -S 32 2> /dev/null 1>&2

history/other/RfHid_v0156_2010091601_NL.hex 

:020000040000FA
:0600000091EF1FF0120059
:0600080004EF04F01200F9
:060018000CEF04F01200E1
:0608000091EF1FF0120051
:020806000000F0
:0608080030EF0EF01200BB
:02080E001200D6
:060818009EEF0EF012003D
:06082A00D9CFE6FFE1CF8B
:10083000D9FFE652060EAC6E800EAB6E939E938A85
:10084000330EAF6E900EAB6E0001686BDF6A180E50
:10085000DF5C09E2DF50EA6A690FE96E000EEA2206
:10086000EF6ADF2AF4D70001816BDF6A180EDF5CC4
:1008700009E2DF50EA6AE60FE96E020EEA22EF6A49
:10088000DF2AF4D700018A6B8B6B676B616B626B3D
:10089000606B896B828382950001C26B0001956B4E
:1008A00000D0E552E552E7CFD9FF1200000182A146
:1008B00007D00001CC5104E1010EE66E39DBE552B0
:1008C00081AC27D0000182B305D00001C25102E102
:1008D000EFEC0DF00001DA511BE00001C25118E10C
:1008E0000001CB5105E1DAC0E6FF22DBE5520BD077
:1008F0000D0E0001DA5D07E3DA51180804E3DAC0EF
:10090000E6FF16DBE5521C0E0001DA5D01E0DA6B52
:100910000DD081BC0BD00001C25108E1170E0001BF
:10092000DA5D04E1220EE66E03DBE55200D0120030
:10093000D9CFE6FFE1CFD9FFE6520001010E8C6F5F
:10094000AB50DF6E8D6B060EDF1403E0AECF8DF083
:1009500005D0AECF8DF00BD800018C6F8C0501E176
:1009600064DF00D0E552E552E7CFD9FF1200D9CFBE
:10097000E6FFE1CFD9FF040EE12600018C6BDF6AB0
:10098000010EDB6A6751050A01E1A2D0010A73E09A
:10099000070A5AE0010A44E0030A21E0010A05E0DF
:1009A000D9D80001010E8C6FC0D0020E8D5D0CE114
:1009B0008A51EA6AE60FE96E020EEA228DC0EFFF65
:1009C0008A2B010E676F0AD08D5104E1C3D8000154
:1009D000676B04D0BFD80001010E8C6FA6D0F00E5B
:1009E0008D1530080CE0F00E8D15400808E0F00E73
:1009F0008D15600804E0F00E8D1570080CE18A5129
:100A0000EA6AE60FE96E020E

Here's a small script I wrote to apply the mask to any file. First parameter is the mask file, second is the obfuscated file. Result gets printed. Since it's an xor, you can give it the mask file and plaintext file and it will obfuscate it for you if you'd like to go that way. 

  #!/usr/bin/perl
  
  use strict;
  use warnings;
  
  use IO::File;
  
  my $file1 = shift;
  die "Missing filename parameter.\n" unless defined $file1;
  die "File '$file1' does not exist.\n" unless ( -f $file1 );my $fh1 = IO::File->new("< $file1") or die "Unable to open file '$file1'.\n";
  my $file2 = shift;
  die "Missing filename parameter.\n" unless defined $file2;
  die "File '$file2' does not exist.\n" unless ( -f $file2 );my $fh2 = IO::File->new("< $file2") or die "Unable to open file '$file2'.\n";
  
  while ( defined ( my $c1 = getc($fh1) ) )
  {
          my $c2 = getc($fh2);
          $c2 = "\x00" unless defined $c2;
          my $o = $c1 ^ $c2;
          print $o;
  }
Retrieved from "http://www.Exploitee.rs/index.php?title=Sony_Update_Downloads&oldid=1101"