Thursday, July 4, 2019

How to tell if phone's ROM is original or tampered?


I have bought a new phone which seems to be used. The manufacturer checked my IMEI and confirmed that the phone has been purchased/activated before.


The body looks new so I don't mind keeping it but I am worry about malicious software/apps. I know I can factory reset the phone, but is there any way to tell if the ROM is original?


FYI, the phone is a Moto G 2nd gen w/ 5.0.1 lollipop.



Answer



I am assuming your device is NOT rooted by you


You can




  • Factory reset your device (of course after taking back up of data )

  • Root your device, flash a custom recovery and take a complete back up of your device with TWRP

  • Generate MD5 check sum using TWRP or alternate apps like Hash Stamp MD5 & SHA1 generator

  • Download stock lollipop (assuming that your device variant matches with that mentioned and the ROM version on your device matches)

  • Generate and verify stock MD5 and SHA1 with TWRP nandroid back up

  • If it matches, it is confirmed both are same and no tampering took place

  • If not flash only kernel from TWRP, and generate MD5 and SHA1. Repeat with downloaded image and verify

  • Repeat above with /sys and /data

  • This should pinpoint the tampering that happened



It is a little tedious but IMO, worth the effort as it proves beyond doubt that either present ROM has not been tampered with or if tampered, in which portion (s) of the ROM it happened. This may not be a practical solution but is based on the premise that (near) fool proof validation is only possible when compared with original stock ROM. Other variations of this could be see if OTA updates work or comparing partition sizes


No comments:

Post a Comment

samsung galaxy s 2 - Cannot restore Kies backup after firmware upgrade

I backed up my Samsung Galaxy S2 on Kies before updating to Ice Cream Sandwich. After the upgrade I tried to restore, but the restore fails ...