7

When we download a .FTF or ROM file as a stock ROM, is there a way to verify that it is really the stock ROM and is not modified by someone?

ale
  • 19,723
  • 34
  • 110
  • 159
hpn
  • 173
  • 2
  • 6
  • If you downloaded it from "official" sites such as Sony's own, or Samsung, you are ok that it is not modified - look at xda, modaco, pda4net.ru - completely modified ROMs... just saying, common sense, along with MD5/SHA1 checksums... – t0mm13b Jul 23 '13 at 14:55
  • @t0mm13b, I downloaded it from xda-developers forum. – hpn Jul 23 '13 at 16:05
  • @t0mm13b By "completely modified ROMs", do you mean that they contain malware? – hpn Jul 23 '13 at 18:31
  • 1
    Modified ROMs does not imply malware! It very well means, tweaks to system scripts, UI tweaks, bloat removed! As for malware, hmmm... try a chinese warez site and download from there, then yes, probability very very high! – t0mm13b Jul 23 '13 at 18:46
  • I know meaning of modified ROM! but since I'm asking about ROMs provided as stock, then if they are modified and also provided as stock, they should contain malware:) – hpn Jul 23 '13 at 19:53
  • How do you know that they should contain malware? Have you flashed it and run it to see what happens? Stock ROMs are the official ones found on official sites, you are not going to see stock roms on other un-official sites, modified yes, tweaked yes, but not re-distributed as "Stock ROM". If you are so worried about it, why not use Cyanogenmod, Cafogen, LegacyXperia, CAF, AOSP, AOKP? The point I am making is, you seem to jump to wrong conclusion, like as I have said, common sense and know your way around in understanding various ROMs will help. – t0mm13b Jul 23 '13 at 20:19
  • I'm looking for an official Lineage build, which is no longer hosted on the lineage servers. But I found this one: https://lineageosroms.com/ is there any registry of md5sum of images that have been official releases in the past? – white_gecko Dec 26 '20 at 18:09

1 Answers1

6

Yes, you can check the SHA1 or MD5 checksum.

You didn't specify which ROM you are downloading. Let's have a look at the Nexus stock ROMs:

https://developers.google.com/android/nexus/images#mantaray

There is a download link and a version number and checksums listed like that:

To verify a checksum you can do it via command line:

$ md5sum mantaray-jdq39-factory-d79f489e.tgz
b7a1162fb4e617143306ef6c4ca6c040

Or:

$ openssl sha1 mantaray-jdq39-factory-d79f489e.tgz 
SHA1(mantaray-jdq39-factory-d79f489e.tgz)= d79f489e1001d183b31d8a407b47cd5b8e9505cd

If it matches with the one stated at the google page, you can assume the file is not corrupted or modified.

Note: Linux, MacOS, Windows

The terminal commands only work out of the box in MacOS or Linux. To verify checksums in Windows there is a tool by Microsoft called Checksum Integrity Verifier.

ale
  • 19,723
  • 34
  • 110
  • 159
q9f
  • 525
  • 3
  • 8
  • 23
  • Thanks. Is there somewhere to find md5sums for sony(xperia z) official ROMs? I have downloded Xperia_Z_C6602_10.3.A.0.423_Generic US – hpn Jul 23 '13 at 13:55
  • Well, Sony is neither offering direct download links nor telling anything about file integrity. The only thing you can do is doing it like described here: Download via official Sony Software. In future, don't buy Sony devices :p – q9f Jul 23 '13 at 18:31