Checking the checksum on a Nexus factory image (and why you should)

Take a few easy steps to verify that the file you downloaded is the file you wanted

Having a Nexus means you're provided with factory restore images should you want to revert anything you might have done to the system software. It's a failsafe, and the easiest way to return everything to the way it's "supposed" to be. More than a few people with Nexus phones use them — both for their intended purpose and as a way to get an update without waiting.

What we need to remember is that means one more thing that can (and eventually will) go wrong. You're downloading a large and intricate set of bits and bytes. You should take a few minutes and verify the bits and bytes you downloaded are an exact copy of the bits and bytes that were uploaded.

The easiest way to do this is to verify the file checksum.

What is a file checksum?

Simply put, it's a digital signature for the file. If the copy you have (the one you downloaded) has the same signature as is provided by the people hosting the file (in this case, Google) you have an exact copy of the file.

Google provides both the MD5 checksum and the SHA-1 checksum for Nexus factory images. It's worth noting that neither of these signatures is 100 percent "secure" — they can be manipulated after the fact by people wth plenty of time and dedication. If you're in need of a way to verify something important that more than one person had access to before it landed in your hands, use a stronger algorithm. But to verify a download that you downloaded directly, either MD5 or SHA-1 is more than sufficient.

Why use a checksum at all?


In our case, we're using the checksum to verify that the file we downloaded is a bit-for-bit copy of the file provided by Google. Downloads can become corrupt for various reasons, and it only takes a second or two to verify that your download is good.

Chances are that a corrupt file simply wouldn't flash, and no harm will come to your phone or tablet. But — there's always a but — when dealing with bootloader files and device radio firmware, you always want the file to be good before you try to flash it. A Nexus phone or tablet is very hard to brick, but flashing a bad radio or bootloader is the best way to brick one.

An unlocked bootloader that will flash anything means that you can flash anything — even files that will ruin your device. Take the time to verify the checksum of the file you've downloaded using the instructions below. If the vaules match, you know your download is good. If the values do not match, try downloading the file again.

How to check the file integrity using a checksum

MD5 sums check out!

It's actually pretty easy to check that the file you downloaded is "good." Folks using (most modern versions) Linux or OS X have a tool built in to check either the MD5 or the SHA-1 sum. Windows users can download a great free tool that checks both via an easy to use interface.

Download the archive file conatining the factory image for your device. Place it in a folder that's easy to get to, but don't uncompress it.

To check the file on OS X

  • Open the terminal app and navigate to the folder where you stored the downloaded file.
  • To check the MD5 type: md5 "name-of-file"
  • To check the SHA-1 type: openssl sha1 "name-of-file"
  • Compare the output to the values provided.

To check the file on Linux

  • Open the terminal app and navigate to the folder where you stored the downloaded file.
  • To check the MD5 type: md5sum "name-of-file"
  • To check the SHA-1 type: sha1sum "name-of-file"
  • Compare the output to the values provided.

To check the file on Windows

These methods will work for any file you've downloaded from the Internet, not just Nexus factory restore images. Hopefully, this little bit of knowledge and a few easy tools will help make sure you don't go from a fancy Nexus phone or tablet to a fancy brick.

Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.