ROMs Convert ZIP sum in MD5 Sum

[riebmeister]

Hello I try to test a custom ROM. But the md5 sum is not correct. When I try to install the custom ROM, via the recovery menu I get the message failed: failed to vertify whole files. I would now like to change the file sum. So that I have a md5 sum. My question is: is it possible?

 

[HasH_BrowN]

Hope this helps, there were more. These are the ones that caught my eye.

• http://www.georgejopling.co.uk/md5check/md5check.html

See first attachment. Windows​

• http://www.heatware.net/linux-unix/how-to-create-md5-checksums-and-validate-a-file-in-linux/

• http://winmd5.com/

See second attachment. Windows.​

• https://www.raymond.cc/blog/7-tools-verify-file-integrity-using-md5-sha1-hashes/

Great information. Worth a good look at.​

• http://www.md5summer.org/

Here is downloadables link
http://www.md5summer.org/download.html​

 

[HasH_BrowN]

@WarrantyVoider might be able to help further. He's pretty knowledgeable on md5.

 

[WarrantyVoider]

There are two separate checks for flashable zips -- md5 checksum and zip signature check. The "failed to vertify whole files" message seems to come from failed zip signature check. To fix it, you need to sign the zip with a valid key/certificate.

Custom recoveries shouldn't require signed zips nor md5 checksums, unless you turn the features on in settings. Are you using the stock recovery? If so, whether you can install a privately signed zip depends on the manufacturer. If the stock recovery accepts Google's test key, then you can sign the zip with that certificate. Otherwise, you would need to sign the zips with the manufacturer's key, but I don't think that's public knowledge. I think most people just install a custom recovery instead.

 

[HasH_BrowN]

There are two separate checks for flashable zips -- md5 checksum and zip signature check. The "failed to vertify whole files" message seems to come from failed zip signature check. To fix it, you need to sign the zip with a valid key/certificate.

Custom recoveries shouldn't require signed zips nor md5 checksums, unless you turn the features on in settings. Are you using the stock recovery? If so, whether you can install a privately signed zip depends on the manufacturer. If the stock recovery accepts Google's test key, then you can sign the zip with that certificate. Otherwise, you would need to sign the zips with the manufacturer's key, but I don't think that's public knowledge. I think most people just install a custom recovery instead.

How or is it possible to pull the key from the zip?

Edit: from the "official" manufacturer zip.

 

[WarrantyVoider]

How or is it possible to pull the key from the zip?
Edit: from the "official" manufacturer zip.

Can't, because the private key is not in the zip, unless there's a way break the cryptosystem. The public key is in the certificate. The private key is a secret. So, as far as I know, if a manufacturer's private key ever becomes public knowledge, it's because it's leaked or stolen.