Database Develop

Tattoo Custom Recovery Image

I'm starting this thread to document the work on creating a custom recovery image for the Tattoo.
The main goal is to provide a recovery image that will serve as the launchpad for flashing custom roms.
The Tattoo Custom Recovery Image will provide:
1) A way to use an update.zip signed with test-keys (already accomplished);
2) A way to perform a full backup of mtd2,mtd3,mtd4 and mtd5 (boot,system,cache and data).
3) A way to perform a full restore of the backup achieved by 2);
4) Adb support (already accomplished);
4.1) Adb shell support.
I'm open to input about using nandroid. Right now, without a S-OFF/ENG SPL this looks useless.
Also, if you have any other special need for recovery, please feel free to express it

Alpha release
Tattoo's Custom Recovery Image, Alpha Release
This first release includes:
- ADB enabled recovery
- ADB enabled root shell
- Accept update.zip signed with test keys
- All partitions mounted
- Custom recovery program (the last two options are stubs, not really working yet)
- Included in /sbin: busybox, flash_image and BART
- I've not used BART and, at the moment, cannot attest if it works or not.
- Backup script in /sbin/backup.sh
- Restore script in /sbin/restore.sh
With this custom recovery you can now do a full backup of your unit, by dumping the mtd block devices to your sdcard. Afterwards, you can use flash_image to recover your Tattoo to it's previous state.
I'm releasing this image as is. This is not a point-and-click recovery tool. If you don't know what you're doing, you can seriously damage your unit. The only reason I'm releasing this is in an effort to provide other devs with a way to easily recover their units, back to day-to-day configuration, while experimenting with them.
To flash:
Copy TCRI.alpha.img to /sdcard.
Run "flash_image recovery /sdcard/TCRI.alpha.img"
To reboot into recovery (quickest way)
adb reboot recovery
Please comment

thanks for you work

i try to flahs and get permission denied, do you know why?

flash_image: permission denied

chusen said:
i try to flahs and get permission denied, do you know why?
Click to expand...
Click to collapse
Partition remounted writeable from a fresh rebooted system with the tattoo-hack.ko module inserted??
But I'm sure you did that before because of:
I'm releasing this image as is. This is not a point-and-click recovery tool. If you don't know what you're doing...
Click to expand...
Click to collapse
;-)
-bm-

Thank you very much for your excellent job

Someone could install custom alpha recovery?
thx

@-bm-:yes I will try that way since the beginning. i mount with rw permissions /system and /data. i know is not a point-and-click recovery tool but i think i need more permissions but where?

Where did you guys get your flash_image binary from ?
The error you're getting is from flash_image, not from my recovery image.
I'll attach the flash_image I've been using to this post.
Please tell me if this solves your problem. You need tattoo-hack.ko module inserted, if you're using a release kernel.
Edit: You have the correct permissions in your flash_image binary, right ? After pushing it to the device, don't forget to chmod 755

It works I like drawing, jejeje.
Backup and Restore functionality appears to have no further
The adb root shell is perfect
Very good Work
for when the beta version? and the final version? lol

I try to dump the system userdata and boot.img and when i try to extract with unyasffs and i get this when i try to extract system.img
Code:
4 [main] unyaffs 3940 handle_exceptions: Exception: STATUS_ACCESS_VIOLATION
644 [main] unyaffs 3940 open_stackdumpfile: Dumping stack trace to unyaffs.exe.stackdump
and this with others
Code:
broken image file

Code:
[email protected]:~/Tattoo/images/boot/1$ ../../unpack.pl ./boot.1.img
Page size: 2048 (0x00000800)
Kernel size: 1899580 (0x001cfc3c)
Ramdisk size: 160952 (0x000274b8)
Second size: 0 (0x00000000)
Board name:
Command line: no_console_suspend=1 console=null
Writing boot.1.img-kernel ... complete.
Writing boot.1.img-ramdisk.gz ... complete.
528 blocks
[ boot.1.img-ramdisk.gz decompressed to boot.img-ramdisk ]
My image dumping script is OK
Take a look here: http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack%2C_Edit%2C_and_Re-Pack_Boot_Images
The boot.img is not a yaffs2 image. It's a special format, comprised by a 2k header, a kernel image and a ramdisk.
The system.img is a yaffs2 image. From unyaffs's homepage: "Unyaffs is a program to extract files from a yaffs file system image. Now it can only extract images created by mkyaffs2image."
Chusen, I think it would be better to create a new thread for this, since it doesn't concern the custom recovery image directly.

Thank god for custom recovery!
Now we can really start cooking ROMs... gonna break out the tools tonight and get Android 1.6/2.1 sources ready to compile.

leon1984 said:
for when the beta version? and the final version? lol
Click to expand...
Click to collapse
You tell me
Next in line is to tie the backup/restore scripts to the UI, which won't be too hard.
Later, I may mess around with nandroid and bart, to see if they provide something more than my scripts.
Afterwards, when we have some custom roms available, I may create a downloader/updater option, to make it easier to install those.
Also, I'm taking requests for new features

suggestions about scripts
Excellent work, mainfram3. Thank you.
I have extracted the img file, and check backup.sh and restore.sh scripts. The code for checking sdcard remaining space is done. Here it is:
Code:
## TEST: Check free space in sdcard
NEED_KB="200000"
REM_KB=`du /sdcard | awk '{print $6}'`
if [ ${REM_KB%K} -lt $NEED_KB ]; then echo "Not enough space in /sdcard, exiting"; exit; fi
backup space min set to 200MB.
There is another suggestion about restore.sh. Because of backing up img to /sdcard/Backup, $1 might not be needed, right?

mainfram3 said:
Code:
[email protected]:~/Tattoo/images/boot/1$ ../../unpack.pl ./boot.1.img
Page size: 2048 (0x00000800)
Kernel size: 1899580 (0x001cfc3c)
Ramdisk size: 160952 (0x000274b8)
Second size: 0 (0x00000000)
Board name:
Command line: no_console_suspend=1 console=null
Writing boot.1.img-kernel ... complete.
Writing boot.1.img-ramdisk.gz ... complete.
528 blocks
[ boot.1.img-ramdisk.gz decompressed to boot.img-ramdisk ]
My image dumping script is OK
Take a look here: http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack%2C_Edit%2C_and_Re-Pack_Boot_Images
The boot.img is not a yaffs2 image. It's a special format, comprised by a 2k header, a kernel image and a ramdisk.
The system.img is a yaffs2 image. From unyaffs's homepage: "Unyaffs is a program to extract files from a yaffs file system image. Now it can only extract images created by mkyaffs2image."
Chusen, I think it would be better to create a new thread for this, since it doesn't concern the custom recovery image directly.
Click to expand...
Click to collapse
and if you want to extract the boot.img here are the two scripts you need to fully extract the kernel(zImage) and ramdisk
split_bootimg.pl
and
extract-ramdisk.sh
they are attached below

jamezelle:
extract-ramdisk.sh missed #!, and the ramdisk zip file should be passed to $1 of this script.

mainfram3 said:
1) A way to use an update.zip signed with test-keys (already accomplished);
Click to expand...
Click to collapse
Hi mainfram3,
I don't want to jack your thread - could you add a little elaboration on this point, or provide a URL so I can learn a little more? The SPL on the phone (oem-78 or fastboot mode) accepts updates signed with the test key from the SDK? (Or some other key?) (On the Eris, the "rom.zip" files unpacked by the RUU are prepended with a mystery blob of 256 bytes - s'pose it could be a mic/sig, but if that's what it is, it don't appear to be in a standard DSA/RSA format, and those .zip files are not signed using the .apk/.jar manifest-signing method)
FYI here's an entertaining story of an epic fail in a related area. After reviewing the fastboot sources from the android tree, I decided that I wanted to spy on the (Windows) RUU update program by sniffing the USB bus - in particular to see if it was explicitly passing signatures in .sig files. (That's an undocumented command-line behavior in fastboot.)
Turns out that recent versions of libpcap and Wireshark allow for USB bus capture on Linux - and using the "usbmon" kernel module in Ubuntu 8.04 LTS, sniffing the USB (5k packet size) seems to work without hitch, even at USB 2.0 speeds. So I took it one step further, and installed WIn Xp SP3 in a QEMU VM on the Ubuntu machine, with the intention of running the RUU updater inside the Xp VM and sniffing the USB bus in the host OS (Linux) machine.
The result? QEMU/Win Xp VM can talk to the phone in either fastboot or adb mode, but bluescreens as soon as you start to move data at any appreciable rate. Doesn't seem to be dependent on whether monitoring is taking place. I might try putting the phone behind a cheapo USB 1.1 hub, and see if that helps, but for the moment I am stopped out on this hack.
bftb0

cn.fyodor said:
jamezelle:
extract-ramdisk.sh missed #!, and the ramdisk zip file should be passed to $1 of this script.
Click to expand...
Click to collapse
it works yea sorry about the
#/bin/sh
i didnt write the scripts btw

[Tut] building a kernel

Hi guys,
This guide teaches how to make a new kernel for your device, it works in most of the cases but doesnt mean it will work for everyone
You need a minimal linux experice to know WTF you are doing
If you have any questions, post Belloowww
Download the required files
You will need a linux machine with the basic development tools or a virtualbox machine running a linux distribution (ubuntu 64bits will do fine)
I use the codesourcery package [http://www.mentor.com/embedded-soft...ourcery-codebench/editions/lite-edition/form]
Download the IA32 GNU/Linux TAR[https://sourcery.mentor.com/sgpp/li...9-69-arm-none-eabi-i686-pc-linux-gnu.tar.bz2]
The tar package is the easier to install
You will also need your kernel source from your manufacturer, for samsung the sources are available here[http://opensource.samsung.com/]
Install the cross compiler
Enter the folder were you downloaded the package and extract it, you will get something like arm-2011.03
Move that folder to some location, i use opt
ex: mv arm-2011.03 /opt/
or
sudo mv arm-2011.03 /opt
Done!
Extract and prepare the kernel sources
I will use the samsung sources as example, but anything can be used
For the samsung sources, after you extract the zip, you will get something like DEVICE_Platform.tar and DEVICE_Kernel.tar.gz
Extract the kernel:
tar zxvf DEVICE_Kernel.tar.gz
Enter the kernel folder and list the folder contents
ls
The structure is something like this:
[http://www.madteam.co/wp-content/uploads/2012/02/kernel-sources.png]
Most devices contain the config file inside the device
You can extract it like this:
adb shell
su
cp /proc/config.gz /sdcard/
exit
exit
adb pull /sdcard/config.gz
Good, now we have the sources, compiler and configuration
Compiling the kernel
To compile ther kernel, i usually clean the sources first, with this i know for sure nothing will go wrong (usually )
make ARCH=arm CROSS_COMPILE=/opt/arm-2011.03/bin/arm-none-eabi- distclean (Remember to replace acordingly the compiler folder)
Sources cleaned, time to load the config file
gunzip config.gz
cp config ./.config
Good, now lets check the menuconfig (menuconfig is a menu to choose the kernel options, created to make it easy to select)
make ARCH=arm CROSS_COMPILE=/opt/arm-2011.03/bin/arm-none-eabi- menuconfig
Change whatever you want and exit and save
good, now its time to build
make ARCH=arm CROSS_COMPILE=/opt/arm-2011.03/bin/arm-none-eabi- -j2
Now wait for it to finish!
Your compiled kernel will be located inside arch/arm/boot/zImage
Extracting a boot.img
Good, now we have the zImage, but WTF to do with it?
Well, android usually (some samsung devices use a different boot.img method, ex: I9000) has the boot.img, inside of it we contain:
- ramdisk (required files to load the /system partition and continue the boot sequence)
- zImage (our kernel)
- pagesize
- base
- cmdline (some kernel paremetes used on boot)
To create your own boot.img, you need one from a nandroid backup that was made from CWM or AmonRA custom recoveries (there are other methods, but for those use the madteam forum )
The boot.img is located inside your /sdcard/clockworkmod/backup/somedate/boot.img
You will also need the unpackbootimg and mkbootimg binaries, i this link there is the 64 bit version (wont work on 32 bit linux)
create an empty folder, copy the downloaded file inside, enter it and do:
tar zxvf bootimgtools.tar.gz
chmod 755 *
now copy the boot.img you got from the backup
and extract the boot.img with:
./unpackbootimg -i boot.img
this will create the files as explained above
Creating the boot.img
Before making the boot.img, we need some information from the files extracted
cat boot.img-base ( save the output #1)
cat boot.img-pagesize (save the output , place the value inside the Hex Value of this site, and copy the decimal value and save it #2)
cat boot.img-cmdline (save the output #3)
Good, now copy the compiled kernel (zImage) inside the current folder and do:
mkbootimg –kernel zImage –ramdisk boot.img-ramdisk.gz –cmdline “(replace with output#3)” –base (replace withoutput #1) –pagesize (replace with output#2) -o /tmp/boot.img
Good, the boot.img is created!
Now test on your device!
If you dont know how to flash the boot.img, enter the madteam forum and request help (its too difficult to explain the flashing of boot.img if you dont know how to do it )
PLZ hit the thanks button if u like it

thanks man worked great
Sent from my SPH-M930BST using xda premium

jdogrambo said:
thanks man worked great
Sent from my SPH-M930BST using xda premium
Click to expand...
Click to collapse
plz hit the THANKS button if u like my work

good job
nyc wrk

ICS_XD said:
plz hit the THANKS button if u like my work
Click to expand...
Click to collapse
have u build any kernal yet before posting here ?

punjprateek said:
have u build any kernal yet before posting here ?
Click to expand...
Click to collapse
i tried it
but was getting a error
so i let it go
but i post it here
bcz i wanna know sumone is also having errorz?

thanks for the guide. pls add some format to it to enhance readability.

me_max said:
thanks for the guide. pls add some format to it to enhance readability.
Click to expand...
Click to collapse
ok
m working on it
will try to have a short way

Nice guide, but use toolchains arm 4.4.3 none linux gnueabi instead of arm 2011q3 eabi..because 2011q3 wont works.and I9100G is only using zImage compile into boot.img is not necessary

now i come to know why i was gettin error
hey thanks man

ICS_XD said:
now i come to know why i was gettin error
hey thanks man
Click to expand...
Click to collapse
i think u shld make a good kernel first then u are eligible to make a tutorial

Rather than post instructions before you can do it yourself, focus on managing to do it first, THEN go posting.
And quit begging for thanks, it just makes you look desperate and stupid.

[HOW-TO][TUTORIAL]Building Kernel from source

Hi all,
I am a developer in GT-I9100G sub-section. I made a tutorial over there for I9100G on building a kernel. Since the method is very similar, I thought of posting a tutotial here for N7000 too so that it will help many new and aspiring developers to build their own kernel for GT-N7000.
Okay. Let's learn how to build kernel for Galaxy Note N7000. There are many ways to build. I am just presenting here the way I build and make kernel.
NOTE 1: Follow the instructions exactly.
NOTE 2: Kernel is opensource. If you make any changes to it, you're expected to share your source. (Usually people share it over github )
NOTE 3: FLASHING KERNEL IS RISKY AND DANGEROUS. BE CAREFUL. BUILD AND FLASH ON YOUR OWN RISK.
What you need to have:
Ubuntu 10.04 and above (I use 10.04 )
ARM tool chain (Download HERE. Click on IA32 GNU/Linux TAR under Advanced Packages)
Samsung's opensource kernel for N7000 (Download HERE. Go to Mobile->Mobile Phone-> Select GT-N7000 and download the zip)
Setting up toolchain:
Extract the tar you downloaded(Suggestion: Extract to one folder where you can have everything. In my case /home/superatmos/build_kernel).
After extracting, you'll see a folder named arm-2010q1. Inside there will be many folders (ex. bin, lib and so on.)
Folder structure will be: /home/<your_name>/build_kernel/arm-2010q1
Setting up kernel:
Extract the zip you've downloaded from samsung's opensource.
You'll find two zips.
Extract GT-N7000_Kernel.tar.gz to /home/<your_name>/build_kernel/
Folder structure: /home/<your_name>/build_kernel/GT-N7000_Kernel
Setting up initramfs:
Samsung's zImage is divided into two parts: Opensource kernel (which you downloaded from samsung's website) and initramfs (which is root file system to boot up the device).
Since I don't have the device, I don't have initramfs either. :-( (If some kernel developer for GT-N7000 can provide a sample initramfs for reference, I can attach it here and give credits to him )
The initramfs(let the folder name too be initramfs) folder need to be copied to /home/<your_name>/build_kernel/
Folder structure: /home/<your_name>/build_kernel/initramfs
Now the entire setup is ready. Let's start modifying kernel configuration.
Setting up kernel config:
Go to /home/<your_name>/build_kernel/GT-N7000_Kernel/arch/arm/configs folder.
Copy c1_rev02_q1_defconfig file and paste it in kernel root folder (/home/<your_name>/build_kernel/GT-N7000_Kernel/).
Rename c1_rev02_q1_defconfig to .config in kernel root folder.
Now open Makefile which is in your kernel root folder(/home/<your_name>/build_kernel/GT-N7000_Kernel/).
Modify the below lines (I guess line 195 and 196).
Code:
ARCH ?= arm
CROSS_COMPILE ?= /home/<your_name>/build_kernel/arm-2010q1/bin/arm-none-linux-gnueabi-
Save and close.
Modifying kernel configuration:
Now open .config file(which you renamed). If its not seen, it might be hidden. Go to View->Show hidden files and there you go.
Do the below things:
Adding local version:
Change CONFIG_LOCALVERSION=" " to anything you like. I add this way:
CONFIG_LOCALVERSION="-N7000-superatmos"
Adding initramfs path:
You need to let kernel know the path from which it needs to take initramfs.
Change CONFIG_INITRAMFS_SOURCE=" " to ../initramfs (In this tutorial it's the path. If you had copied anywhere else, give the path properly).
Enough for now. Once you get experience, you can modify many configurations as per your liking and save. This configuration can be changed by GUI too with the command make menuconfig.
The Important part: Building the kernel:
Open terminal.
Go to path /home/<your_name>/build_kernel/GT-N7000_Kernel/
Type make.
THAT'S ALL. YOUR zImage is ready and is available in /home/<your_name>/build_kernel/GT-N7000_Kernel/arch/arm/boot/zImage.
Install the zImage on the device:
Go to the path where zImage is present and type the below line in command line.
Code:
tar cvf N7000_kernel.tar zImage
Flash the tar using odin.
DONE. CONGRATULATIONS. NOW YOU'VE YOUR OWN KERNEL.
Give me your feedback so that I can improve this tutorial and make modifications to the tutorial if necessary. And of course do post here about how your build went. All the best.

Reserved

Reserved

Last one

Superatmos good too see you in N7000 forum.Wil you launch Superatmos Rom for N7000
Sent from my LG-P500 using xda premium

Been using windows all the time. Seems its good time to learn linux and ubuntu

muhamet said:
Superatmos good too see you in N7000 forum.Wil you launch Superatmos Rom for N7000
Sent from my LG-P500 using xda premium
Click to expand...
Click to collapse
Not as of now. I don't have the device. But I have plans to extend this tutorial to deodexing, modifying initramfs, building custom rom and more.

looks interesting.
i just want to make sure.. if for some reason i used odin to flash the tarred zImage and it's a broken zImage. or corrupted file or false configuration that will break the booting process. will i see be able to go to download move or cwm mode ?
what are the risks here besides the regular odin risks ?

ufk said:
i just want to make sure.. if for some reason i used odin to flash the tarred zImage and it's a broken zImage. or corrupted file or false configuration that will break the booting process. will i see be able to go to download move or cwm mode ?
what are the risks here besides the regular odin risks ?
Click to expand...
Click to collapse
The risks are considerable, to say the least. Read what happened with one b0rked kernel here:
http://forum.xda-developers.com/showthread.php?t=1526852
The end result: about 40-50 hard bricked devices.

ufk said:
i just want to make sure.. if for some reason i used odin to flash the tarred zImage and it's a broken zImage. or corrupted file or false configuration that will break the booting process. will i see be able to go to download move or cwm mode ?
what are the risks here besides the regular odin risks ?
Click to expand...
Click to collapse
Yes. Flashing kernels is always risky. But as per my experience, its very hard to brick the device unless you do something unusual.
so it depends on you. BUILD AND FLASH AT YOUR OWN RISK.

thanks and ok for this part ^^
but i have a question....
do you know the way for mod a stock kernel to add root / cwr when source code not avalable??
for exemple the lp6 kernel... do you know a way for extract the zimage for look on it and include root / crw on the Zimage directly...
if you have some idea please help comunauty for found a way for this ^^ (i have send pm to chainfire to take information for this mod but no response..)

ReDroiD™ said:
thanks and ok for this part ^^
but i have a question....
do you know the way for mod a stock kernel to add root / cwr when source code not avalable??
for exemple the lp6 kernel... do you know a way for extract the zimage for look on it and include root / crw on the Zimage directly...
if you have some idea please help comunauty for found a way for this ^^ (i have send pm to chainfire to take information for this mod but no response..)
Click to expand...
Click to collapse
you need to have crosscompiler, kernel repacker, busybox and su
1.Copy the original zImage to de directory where you extracted the kernel repacker
Rename it to zImage.org
create a temp directory in the kernel repacker directory
Open a linux shell and go to kernel repacker directory
./extracter.sh -s zImage.org -d temp (hit enter)
2.Go to the temp directory and edit init.rc with your favourite editor and put this on a new line at the end off the file.
service install_su /sbin/install_su.sh
user root
oneshot
Save the file and exit
3.copy busybox and su to the tmp folder in your extracted kernel folder
make sure they are markt als executable.
4.copy install_su.sh to the sbin folder in your extracted kernel folder
5.Open a linux shell and go to kernel repacker directory
./repacker.sh -s zImage.org -d zImage -r temp -c gzip
congratulations you must cooked your first modified kernel
6.tar the kernel using this command tar -H ustar -c zImage >code.tar
code need to be enterd in initd_support.sh
#!/tmp/busybox sh
if cd /system/etc/init.d >/dev/null 2>&1 ; then
for file in S* ; do
if ! ls "$file" >/dev/null 2>&1 ; then continue ; fi
/system/bin/sh "$file"
done
fi
code need to be enterd in init.rc
service initd_support /sbin/initd_support.sh
user root
oneshot
tools needed for cross compiler and kernel repacker
cross compiler
https://sourcery.mentor.com/public/...eabi/arm-2009q3-67-arm-none-linux-gnueabi.bin
Kernel repacker tool
https://github.com/project-voodoo/kernel_repack_utils
This will add busybox and SU (that means u will get root)...i dont know how to add recovery though...may be somewhere in intrafms we need to install the script...

perfect...i test this

Good!
Inviato dal mio GT-N7000 con Tapatalk 2

Could someone post ZCLP6's zimage i wanted to try in the beginning of the week but i have a very very slow connection, i'm not enough motivated to download the whole zip.
Thanks
One confirmation superatmos : bootloader and kernel are two different things, i mean bootloader is not included in zimage ?

mohamed454 said:
Could someone post ZCLP6's zimage i wanted to try in the beginning of the week but i have a very very slow connection, i'm not enough motivated to download the whole zip.
Thanks
One confirmation superatmos : bootloader and kernel are two different things, i mean bootloader is not included in zimage ?
Click to expand...
Click to collapse
Here you go.

no problem for extract
but when i whant extract old lp5 with recovery or other one i canot extract without error... the rebuild kernel have security form is creator?

ReDroiD™ said:
no problem for extract
but when i whant extract old lp5 with recovery or other one i canot extract without error... the rebuild kernel have security form is creator?
Click to expand...
Click to collapse
Try dsixda kitchen to extract and then follow the other procedures

Thanks for the zimage. It's telling me 2 hours for the cross compiler (i told you very slow connection :-/ )
Where is install_su.sh, i found a similar one for i9000 i think so :
#!/tmp/busybox sh
source='/tmp/su-2.3.6.1-ef'
dest='/system/xbin/su'
if /tmp/busybox [ ! -f /system/xbin/su ];
then
/tmp/busybox mount -o remount,rw /system
/tmp/busybox mkdir -p /system/xbin
/tmp/busybox cp $source $dest
# make sure it's owned by root
/tmp/busybox chown 0.0 $dest
# sets the suid permission
/tmp/busybox chmod 06755 $dest
/tmp/busybox mount -o remount,ro /system
fi;
Click to expand...
Click to collapse
Grgsiocl, what about bootloader ?

mohamed454 said:
Thanks for the zimage. It's telling me 2 hours for the cross compiler (i told you very slow connection :-/ )
Where is install_su.sh, i found a similar one for i9000 i think so :
Grgsiocl, what about bootloader ?
Click to expand...
Click to collapse
That's the superuser script...tomorrow I will update with new procedures and in detail..I think now I know how to add the recovery as well after doing some reverse engineering on cf kernels...will update tomorrow

[Q] Repacking Boot Image for P7-L00

Hi,
I am trying to build a custom boot image to get rid of the immutable files of my P7-L00.
Specifically I haved done this : At a specific point in the boot process the rc scripts execute the set_immutable command with a 1 parameters that sets the immutable bits in all the files mentioned in the set_immutable.list file. If this command is changed to a 0 it clears the immutable bit for all the files. I have buit the custom ramfs necesary for this but when I repack the boot image it will not boot.
I am using the following command for mkbootimg ....
mkbootimg --kernel mykernel.img --ramdisk ramdisk.cpio.gz --ramdisk_offset 0x04000000 --base 0x07000000 --cmdline "k3v2mem k3v2_ion=1 vmalloc=448M maxcpus=4 initcall_debug=n" -o newimg.img
The resulting first page looks ok, it has the same offsets as my original working boot image, but as I mentioned before, it does not boot, but just cycles back to fastboot mode after about 1 minute.
Any help will be appreciated,
Thanks

The most probable that there's a problem with permissions.
Make
Code:
chown 0:0 init.rc
chmod 750 init.rc
before packing ramdisk.

Kostyan_nsk said:
The most probable that there's a problem with permissions.
Make
Code:
chown 0:0 init.rc
chmod 750 init.rc
before packing ramdisk.
Click to expand...
Click to collapse
Thanks a lot ! .... I had not checked the user/groups for the extracted files ...

gguemez said:
Hi,
I am trying to build a custom boot image to get rid of the immutable files of my P7-L00.
Specifically I haved done this : At a specific point in the boot process the rc scripts execute the set_immutable command with a 1 parameters that sets the immutable bits in all the files mentioned in the set_immutable.list file. If this command is changed to a 0 it clears the immutable bit for all the files. I have buit the custom ramfs necesary for this but when I repack the boot image it will not boot.
I am using the following command for mkbootimg ....
mkbootimg --kernel mykernel.img --ramdisk ramdisk.cpio.gz --ramdisk_offset 0x04000000 --base 0x07000000 --cmdline "k3v2mem k3v2_ion=1 vmalloc=448M maxcpus=4 initcall_debug=n" -o newimg.img
The resulting first page looks ok, it has the same offsets as my original working boot image, but as I mentioned before, it does not boot, but just cycles back to fastboot mode after about 1 minute.
Any help will be appreciated,
Thanks
Click to expand...
Click to collapse
I suggest, use kitchen.

gguemez said:
Hi,
I am trying to build a custom boot image to get rid of the immutable files of my P7-L00.
Specifically I haved done this : At a specific point in the boot process the rc scripts execute the set_immutable command with a 1 parameters that sets the immutable bits in all the files mentioned in the set_immutable.list file. If this command is changed to a 0 it clears the immutable bit for all the files. I have buit the custom ramfs necesary for this but when I repack the boot image it will not boot.
I am using the following command for mkbootimg ....
mkbootimg --kernel mykernel.img --ramdisk ramdisk.cpio.gz --ramdisk_offset 0x04000000 --base 0x07000000 --cmdline "k3v2mem k3v2_ion=1 vmalloc=448M maxcpus=4 initcall_debug=n" -o newimg.img
The resulting first page looks ok, it has the same offsets as my original working boot image, but as I mentioned before, it does not boot, but just cycles back to fastboot mode after about 1 minute.
Any help will be appreciated,
Thanks
Click to expand...
Click to collapse
You are correct in saying that modifying the setimmutable binary flag from 1 to 0 in the boot image solves the set_immutable.list problem referred to many times in various posts in this forum..
I have a P7-L07 emui2.3 B125 and a P7-L10 emui3.0 B609. I had no trouble modifying the boot.img for the L07 using
linux-kernelkitchen-0.002 under xubuntu. The L10 is a different story but the main problem is faulty flash memory.
At any rate, you don't really need to worry about the boot.img file at all. A simple and easy work around is to replace the file set_immutable.list with another empty file of the same name. This works quite well on my L10. I used the file manager FX to achieve this. As long as you have root access and can change file permissions correctly this method will work for you.

arthios said:
You are correct in saying that modifying the setimmutable binary flag from 1 to 0 in the boot image solves the set_immutable.list problem referred to many times in various posts in this forum..
I have a P7-L07 emui2.3 B125 and a P7-L10 emui3.0 B609. I had no trouble modifying the boot.img for the L07 using
linux-kernelkitchen-0.002 under xubuntu. The L10 is a different story but the main problem is faulty flash memory.
At any rate, you don't really need to worry about the boot.img file at all. A simple and easy work around is to replace the file set_immutable.list with another empty file of the same name. This works quite well on my L10. I used the file manager FX to achieve this. As long as you have root access and can change file permissions correctly this method will work for you.
Click to expand...
Click to collapse
Thank your for the info. In the P7-L00 with a KingUser Root I could not change the set_immutable.list to anything. Any attempt to modify the file, replace or change the permissions would fail, since the immutable bit was set.
Having fixed the problem I mentioned above I now find myself with the situation that if I change some, I can't say all files, in the system directory the phone reboot immediately. I dont know if this is due to the "partial" root some people say kinguser provides or to some other issue.
I will keep playing around, thanks for the help.

gguemez said:
Thank your for the info. In the P7-L00 with a KingUser Root I could not change the set_immutable.list to anything. Any attempt to modify the file, replace or change the permissions would fail, since the immutable bit was set.
Having fixed the problem I mentioned above I now find myself with the situation that if I change some, I can't say all files, in the system directory the phone reboot immediately. I dont know if this is due to the "partial" root some people say kinguser provides or to some other issue.
I will keep playing around, thanks for the help.
Click to expand...
Click to collapse
changing the 1 to 0 of set_immutable in rc won't work. i already tried that thing. i used 609 boot.img, unpack and repack it successfully but it wont work.

majcomtech said:
changing the 1 to 0 of set_immutable in rc won't work. i already tried that thing. i used 609 boot.img, unpack and repack it successfully but it wont work.
Click to expand...
Click to collapse
Thanks, do you also get the same effect of an immediate reboot when you modify system files? That is what I am really after, since I can't change anything I can't even update the SU or change any files ...

gguemez said:
Thanks, do you also get the same effect of an immediate reboot when you modify system files? That is what I am really after, since I can't change anything I can't even update the SU or change any files ...
Click to expand...
Click to collapse
if you want full root, i already made tut for that. http://forum.xda-developers.com/ascend-p7/general/rooted-p7-l10-609-t3003605

majcomtech said:
changing the 1 to 0 of set_immutable in rc won't work. i already tried that thing. i used 609 boot.img, unpack and repack it successfully but it wont work.
Click to expand...
Click to collapse
Thanks, I have tried this but in my case it has not worked. Everytime I reboot the phone the files are all back, as if there is a backup partition or something. I an now trying to do this via a UPDATE with CWM...
Thanks again.

gguemez said:
Thanks, I have tried this but in my case it has not worked. Everytime I reboot the phone the files are all back, as if there is a backup partition or something. I an now trying to do this via a UPDATE with CWM...
Thanks again.
Click to expand...
Click to collapse
I expect you are quite fed up by now and I offer my commiserations. There may be however be another solution to your problem. Have you considered downloading a custom ROM for your L00 created (say) by KangVIP or Killprocess, and then extracting the boot image from the zip file and flashing that? These boot images have the set_immutable flag set to 0. As I recall, the ROMs from KangVIP are password protected so a Killprocess ROM or one from someone else might be better. If you do decide to try this out, make sure the build number of the downloaded ROM is similar to yours. The boot images differ between emui2.3 and emui3.0. Good luck!

gguemez said:
Thanks, I have tried this but in my case it has not worked. Everytime I reboot the phone the files are all back, as if there is a backup partition or something.
Click to expand...
Click to collapse
Seems like you have locked bootloader.

Kostyan_nsk said:
Seems like you have locked bootloader.
Click to expand...
Click to collapse
No, the bootloader is unlocked. I can change the boot partition at will, I have many times letf it unbootable and restored it with no problem. I will try to do something via the recovery parition but, the only one I have found that worked in my phone, always gives me errors when running my scripts (so I am obviously doing something wrong).
I got to the point of sending a script that says ... ui_print ("Hello World"); ... but that gives me an error too!
I will keep trying to figure this out, thanks for your help.
Guillermo

What value has "fblock=" parameter in "/proc/cmdline"?

[GUIDE] Samsung Galaxy TAB A 7.0 SM-T(280/285) Debloat/Stock customization

UPDATE 09/20/2016 - Root is now available for the SM-T285 (custom ROM and SM-T280 to follow) see post for details (http://forum.xda-developers.com/showpost.php?p=68777842&postcount=27)
After some work I've managed to debloat my Galaxy Tab A(6) 7.0 LTE (SM-T285/T280). We all know that with a locked bootloader we
can at least do customizations with the system partition:
Here is a simple guide with hopes that more people with the device can continue to allow for more ROM customizations:
Tools/Requirements:
================
- Ubuntu as my OS
- make sure you have adb installed and running (See the android developers guide on how to do this)
- Heimdall 1.4.1
- A copy of the stock firmware zip from samsung for your device
- 7zip to be able to unzip the firmware from above
- Android AOSP fsutils simg2img and make_ext4fs (Attached) (note that your make_ext4fs needs to be patched to be able to generate samsung patches easily see gist) for some reason samsung chose to use a slightly different sparse file layout for this device. Using the stock make_ext4fs to generate an image will cause heimdall ( ad Odin) to stop data uploads after the first packet stream.
Or if you still want to use stock make_ext4fs you can try using Chainfire's sgs4ext4fs and run this after you generate your system.img, I haven't tried this route personally myself.
Step By Step (Part 1 - Mount stock system.img for modification)
==========
1. Create a folder to do your work like samsing_kitchen for example. Place your
stock firmware package there
Code:
mkdir samsung_kitchen
cd samsung_kitchen
2. Extract your stock firmware's system.img using 7zip
Code:
7z x XTC-T285XXU0APCN-20160421170750.zip
7z x T285XXU0APCN_T285OLB0APC6_T285XXU0APCN_HOME.tar.md5
Should see a couple of image files, one of them is system.img.
3. Create mount point and convert from sparse image to mountable image and then mount it
Code:
mkdir system
simg2img system.img system.img.raw
sudo mount -t ext4 -o loop system.img.raw ./system
The contents of the system image should now be visible inside the system folder you
just created. You can now proceed to modifiying it (e.g. remove apps)
(Part 2 - Repackage image for flashing to device)
=================================================
DISCLAIMER: As always make sure you backup your important files in case
something goes wrong! I will not be responsible for any losses resulting from this
activity. Also this activity may void your warranty.
Prequisites:
- Make sure you have heimdall properly working.
- Make sure you have oem unlock. This should be visible in developer settings
To know if it is enabled/disable FRP protection should be disabled when you go
in Odin mode.
1. pull the file_contexts file from .your device ( or download the attached in this post).
Code:
adb pull file_contexts
on a connected device in developer mode. You will need this file so that the permissions are properly set when building the image
2. Exit from system back to your working folder (e.g. samsing_kitchen ) and run
the following:
Code:
sudo make_ext4fs -s -l 2147483648 -S file_contexts -a system new_system.img ./system
This should create a flashable image called new_system.img
3. Restart your SM-T285 into Odin Mode (Power-off, then hold home vol-down + power until Odin Mode shows up)
4. Flash using Heimdall
Code:
heimdall flash --SYSTEM new_system.img
Your device should automatically restart after this. If something goes wrong you can always flash the original system image back.
Making an ODIN flashable image
----------------------------------------
To create an image compatible with ODIN (tar.md5) make sure you have a copy of the stock image zip from samsung and extract (using 7zip) its contents to a folder:
An extracted file should look like this:
Code:
boot.img
cache.img
hidden.img
nvitem.bin
recovery.img
SPRDCP.img
SPRDGDSP.img
SPRDLTEDSP.img
SPRDWDSP.img
system.img
replace the stock system.img with the one you created from above:
Code:
cp ../new_system.img system.img
tar and md5 it:
Code:
tar -H ustar -c boot.img cache.img hidden.img recovery.img SPRDCP.img SPRDGDSP.img SPRDLTEDSP.img SPRDWDSP.img system.img >T285_CUSTOM.tar
md5sum -t T285_CUSTOM.tar > T285_CUSTOM.tar
mv T285_CUSTOM.tar T285_CUSTOM.tar.md5
as per ashyx this should also work as well:
Code:
tar -H ustar -c system.img > system.tar
md5sum -t system.tar > sytem.tar
mv system.tar system.tar.md5
Optionally Zip it if you want:
Code:
7z a T285_CUSTOM.zip T285_CUSTOM.tar.md5
This guide should work for the T280 as well, though I can't confirm it since I don't have access to that model.
Petition for samsung to unlock the device:
https://www.change.org/p/samsung-unlock-the-bootloader-for-the-samsung-galaxy-tab-a-7-0-2016?recruiter=286570213&utm_source=petitions_share&utm_medium=copylink
Custom ROM to enable move apps to sd (apps2sd like support):
http://forum.xda-developers.com/android/development/rom-samsung-galaxy-tab-7-0-lte-2016-sm-t3455788

@jedld
Nice guide, just a few things though.
I don't think it's really necessary to use the file contexts as we're building a system image and all permissions should remain intact.
Regarding the chunk size, Chainfire created sgs4ext4fs to deal with this, it just needs to be run afterwards on the sparse image to patch the headers.
What is the source for the make_ext4fs patch or did you create this patch?
Lastly some people may prefer to use ODIN to flash.
So maybe you could add to the guide that the image can be repacked into a ODIN flashable tar using 7-zip.
By the way the guide will work for the T280 too, so you may want to add that.
Thanks.

ashyx said:
@jedld
Nice guide, just a few things though.
I don't think it's really necessary to use the file contexts as we're building a system image and all permissions should remain intact.
Regarding the chunk size, Chainfire created sgs4ext4fs to deal with this, it just needs to be run afterwards on the sparse image to patch the headers.
What is the source for the make_ext4fs patch or did you create this patch?
Lastly some people may prefer to use ODIN to flash.
So maybe you could add to the guide that the image can be repacked into a ODIN flashable tar using 7-zip.
By the way the guide will work for the T280 too, so you may want to add that.
Thanks.
Click to expand...
Click to collapse
I don't think it's really necessary to use the file contexts as we're building a system image and all permissions should remain intact.
Click to expand...
Click to collapse
I remember encountering a boot loop without that, let me check again and I'll update the guide.
What is the source for the make_ext4fs patch or did you create this patch?
Click to expand...
Click to collapse
Just applied the following patch on latest aosp sources:
https://gist.github.com/jedld/4f388496bda03b349f5744f367749a67
There is a magic number used which I can't figure out, the value is different between SM-T285 ROMS coming from different regions.
Nice to hear about sgs4ext4fs though, probably wouldn't be able to know based on the problem I encountered that the tool also applies unless someone pointed it out.

https://www.change.org/p/samsung-unl...edium=copyLink
Petition for unlocked bootloader for samsung, please sign

http://samsung4android.ru/?ipub=422
any thoguth on this?

klemen241 said:
http://samsung4android.ru/?ipub=422
any thoguth on this?
Click to expand...
Click to collapse
ashyx already tried everything. CF-auto root requires an unlocked recovery, the tablet won't even accept a repacked recovery image. Besides the guy in the video wasn't even using a SM-T285, if you look closely the files he used were for the SM-T550.

klemen241 said:
https://www.change.org/p/samsung-unl...edium=copyLink
Petition for unlocked bootloader for samsung, please sign
Click to expand...
Click to collapse
link is broken though, you must have used the auto truncated link, use this instead:
https://www.change.org/p/samsung-un...edium=copylink&recuruit_context=copylink_long

What about those custom roms? As far as i can see we can use modified stock rom. Can we go anywhere with that? And can someone explain how to make external storage bigger with SD?

SM-T285M with locked bootloader - research ...
First, I have a SM-T285M which is a Galaxy Tab A6 7.0 LTE with a COO CSC. and is factory unlocked (UB as Samsung notates it these days. It's got North and South America LTE bands, and unfortunately it also has a locked bootloader just like the T285 and the T280.
Hear me out on this theory I have come up with ....
I recently stumbled across mention of Samsung pushing out an OTA at some point that broke root at the kernel level forever. I read Chainfire has created a patch that fixes this on some models. Unfortunately not the T28x's due to the locked BL.
While looking for stock ROMS, I discovered differences in the pit files and the size of hidden.img that occurred between 3/2016 and 4/2016 releases leading me to believe that's when they locked the bootloader and pushed the root killing kernel ota to the T285M. The hidden.img was shrunk to a little more than the boot.img and the PIT was modified beginning with the 4/26 release
My T285M was built on 4/7/2016 and now having the new pit and hidden.img, any attempts at ODIN flashing of the 3/23 factory rom (3/10 build) crashes out at hidden.img. I figure I will be unable to go back to the 3/10 build unless I use the pit for that 3/10 build - I'm not ready to play that deep on this .... yet, I don't even know if I am on to anything at this point. but maybe someone else wants to ....
Take a peek at the contents of the three released roms for the T285M in the capture below and if anyone thinks theres hope in getting to root by going back to 3/10 build and PIT I can point you to the three files for experimentation, or even better to get to chainfire if this is doable.
BTW jedid GREAT debloat for the T285. I'm using the system.img on my T285M , I hated Touchwiz so much, now all we need is root. see if these tell you anything.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

klemen241 said:
What about those custom roms? As far as i can see we can use modified stock rom. Can we go anywhere with that? And can someone explain how to make external storage bigger with SD?
Click to expand...
Click to collapse
There are a number of things we can already do with a custom system.img like debloat, enable universal sd r/w, customizing apps, probably theming and fonts are also possible. Hopefully more people can come up with mods.
Unfortunately we need root/unlocked boot.img to do important things to fix the weakness of this device like changing partition sizes, enable apps2sd support, xposed framework, having customizable cpu performance governors/overclocking etc.

TopTongueBarry said:
First, I have a SM-T285M which is a Galaxy Tab A6 7.0 LTE with a COO CSC. and is factory unlocked (UB as Samsung notates it these days. It's got North and South America LTE bands, and unfortunately it also has a locked bootloader just like the T285 and the T280.
Hear me out on this theory I have come up with ....
I recently stumbled across mention of Samsung pushing out an OTA at some point that broke root at the kernel level forever. I read Chainfire has created a patch that fixes this on some models. Unfortunately not the T28x's due to the locked BL.
While looking for stock ROMS, I discovered differences in the pit files and the size of hidden.img that occurred between 3/2016 and 4/2016 releases leading me to believe that's when they locked the bootloader and pushed the root killing kernel ota to the T285M. The hidden.img was shrunk to a little more than the boot.img and the PIT was modified beginning with the 4/26 release
My T285M was built on 4/7/2016 and now having the new pit and hidden.img, any attempts at ODIN flashing of the 3/23 factory rom (3/10 build) crashes out at hidden.img. I figure I will be unable to go back to the 3/10 build unless I use the pit for that 3/10 build - I'm not ready to play that deep on this .... yet, I don't even know if I am on to anything at this point. but maybe someone else wants to ....
Take a peek at the contents of the three released roms for the T285M in the capture below and if anyone thinks theres hope in getting to root by going back to 3/10 build and PIT I can point you to the three files for experimentation, or even better to get to chainfire if this is doable.
BTW jedid GREAT debloat for the T285. I'm using the system.img on my T285M , I hated Touchwiz so much, now all we need is root. see if these tell you anything.
Click to expand...
Click to collapse
i was wondering the same thing, if ther is any chance of unlocking it on earlier versions.
Also i sent email to samsung support again, maybe they will be sick of us begging and release the lock

klemen241 said:
i was wondering the same thing, if ther is any chance of unlocking it on earlier versions.
Also i sent email to samsung support again, maybe they will be sick of us begging and release the lock
Click to expand...
Click to collapse
http://opensource.samsung.com/reception/receptionSub.do?method=sub&sub=F&searchValue=t285m
---------- Post added at 02:46 AM ---------- Previous post was at 02:36 AM ----------
TopTongueBarry said:
First, I have a SM-T285M which is a Galaxy Tab A6 7.0 LTE with a COO CSC. and is factory unlocked (UB as Samsung notates it these days. It's got North and South America LTE bands, and unfortunately it also has a locked bootloader just like the T285 and the T280.
Hear me out on this theory I have come up with ....
I recently stumbled across mention of Samsung pushing out an OTA at some point that broke root at the kernel level forever. I read Chainfire has created a patch that fixes this on some models. Unfortunately not the T28x's due to the locked BL.
While looking for stock ROMS, I discovered differences in the pit files and the size of hidden.img that occurred between 3/2016 and 4/2016 releases leading me to believe that's when they locked the bootloader and pushed the root killing kernel ota to the T285M. The hidden.img was shrunk to a little more than the boot.img and the PIT was modified beginning with the 4/26 release
My T285M was built on 4/7/2016 and now having the new pit and hidden.img, any attempts at ODIN flashing of the 3/23 factory rom (3/10 build) crashes out at hidden.img. I figure I will be unable to go back to the 3/10 build unless I use the pit for that 3/10 build - I'm not ready to play that deep on this .... yet, I don't even know if I am on to anything at this point. but maybe someone else wants to ....
Take a peek at the contents of the three released roms for the T285M in the capture below and if anyone thinks theres hope in getting to root by going back to 3/10 build and PIT I can point you to the three files for experimentation, or even better to get to chainfire if this is doable.
BTW jedid GREAT debloat for the T285. I'm using the system.img on my T285M , I hated Touchwiz so much, now all we need is root. see if these tell you anything.
Click to expand...
Click to collapse
UPDATE: I was able to get the 3/10 stock factory rom flashed without changing the pit. Replaced the hidden.img file in this rom with a renamed copy of the boot.img from the same rom. Flashing does fail in the very end, but it completes before failing so I simply rebooted immediately into Odin mode again to flash jedid's debloated system.img for the T285. Done this a couple times now and the device comes up just fine. About device and Phone Info Samsung confirm it is running the 3/10 build.
Bad news is the bootloader is locked in this build too. No hope unless someone can do something with the source. See prior post.

is open source same for t280? i have 280 not 285

klemen241 said:
is open source same for t280? i have 280 not 285
Click to expand...
Click to collapse
not sure how having the kernel source would help since we can't even change the kernel on the device which is kinda awkward for samsung. Besides I remember ashyx having compilation issues with spreadtrum kernel sources by samsung and not just for this device.

TopTongueBarry said:
http://opensource.samsung.com/reception/receptionSub.do?method=sub&sub=F&searchValue=t285m
---------- Post added at 02:46 AM ---------- Previous post was at 02:36 AM ----------
UPDATE: I was able to get the 3/10 stock factory rom flashed without changing the pit. Replaced the hidden.img file in this rom with a renamed copy of the boot.img from the same rom. Flashing does fail in the very end, but it completes before failing so I simply rebooted immediately into Odin mode again to flash jedid's debloated system.img for the T285. Done this a couple times now and the device comes up just fine. About device and Phone Info Samsung confirm it is running the 3/10 build.
Bad news is the bootloader is locked in this build too. No hope unless someone can do something with the source. See prior post.
Click to expand...
Click to collapse
I remember flashing an earlier build thinking the same thing and yep the bootloader is still locked. Aside from that I ran kingroot to see if there was anything exploitable... did'nt work. What I haven't tried is to see if superuser is disabled in this kernel though.

jedld said:
After some work I've managed to debloat my Galaxy Tab A(6) 7.0 LTE (SM-T285/T280). We all know that with a locked bootloader we
can at least do customizations with the system partition:
Here is a simple guide with hopes that more people with the device can continue to allow for more ROM customizations:
Tools/Requirements:
================
- Ubuntu as my OS
- make sure you have adb installed and running (See the android developers guide on how to do this)
- Heimdall 1.4.1
- A copy of the stock firmware zip from samsung for your device
- 7zip to be able to unzip the firmware from above
- Android AOSP fsutils simg2img and make_ext4fs (Attached) (note that your make_ext4fs needs to be patched to be able to generate samsung patches easily see gist) for some reason samsung chose to use a slightly different sparse file layout for this device. Using the stock make_ext4fs to generate an image will cause heimdall ( ad Odin) to stop data uploads after the first packet stream.
Or if you still want to use stock make_ext4fs you can try using Chainfire's sgs4ext4fs and run this after you generate your system.img, I haven't tried this route personally myself.
Step By Step (Part 1 - Mount stock system.img for modification)
==========
1. Create a folder to do your work like samsing_kitchen for example. Place your
stock firmware package there
Code:
mkdir samsung_kitchen
cd samsung_kitchen
2. Extract your stock firmware's system.img using 7zip
Code:
7z x XTC-T285XXU0APCN-20160421170750.zip
7z x T285XXU0APCN_T285OLB0APC6_T285XXU0APCN_HOME.tar.md5
Should see a couple of image files, one of them is system.img.
3. Create mount point and convert from sparse image to mountable image and then mount it
Code:
mkdir system
simg2img system.img system.img.raw
sudo mount -t ext4 -o loop system.img.raw ./system
The contents of the system image should now be visible inside the system folder you
just created. You can now proceed to modifiying it (e.g. remove apps)
(Part 2 - Repackage image for flashing to device)
=================================================
DISCLAIMER: As always make sure you backup your important files in case
something goes wrong! I will not be responsible for any losses resulting from this
activity. Also this activity may void your warranty.
Prequisites:
- Make sure you have heimdall properly working.
- Make sure you have oem unlock. This should be visible in developer settings
To know if it is enabled/disable FRP protection should be disabled when you go
in Odin mode.
1. pull the file_contexts file from .your device.
Code:
adb pull file_contexts
on a connected device in developer mode. You will need this file so that the permissions are properly set when building the image
2. Exit from system back to your working folder (e.g. samsing_kitchen ) and run
the following:
Code:
sudo make_ext4fs -s -l 2147483648 -S file_contexts -a system new_system.img ./system
This should create a flashable image called new_system.img
3. Restart your SM-T285 into Odin Mode (Power-off, then hold home vol-down + power until Odin Mode shows up)
4. Flash using Heimdall
Code:
heimdall flash --SYSTEM new_system.img
Your device should automatically restart after this. If something goes wrong you can always flash the original system image back.
Making an ODIN flashable image
----------------------------------------
To create an image compatible with ODIN (tar.md5) make sure you have a copy of the stock image zip from samsung and extract (using 7zip) its contents to a folder:
An extracted file should look like this:
Code:
boot.img
cache.img
hidden.img
nvitem.bin
recovery.img
SPRDCP.img
SPRDGDSP.img
SPRDLTEDSP.img
SPRDWDSP.img
system.img
replace the stock system.img with the one you created from above:
Code:
cp ../new_system.img system.img
tar and md5 it:
Code:
tar -H ustar -c boot.img cache.img hidden.img recovery.img SPRDCP.img SPRDGDSP.img SPRDLTEDSP.img SPRDWDSP.img system.img >T285_CUSTOM.tar
md5sum -t T285_CUSTOM.tar > T285_CUSTOM.tar
mv T285_CUSTOM.tar T285_CUSTOM.tar.md5
Optionally Zip it if you want:
Code:
7z a T285_CUSTOM.zip T285_CUSTOM.tar.md5
This guide should work for the T280 as well, though I can't confirm it since I don't have access to that model.
Click to expand...
Click to collapse
Anyway to do this on a windows machine?????

lohtse said:
Anyway to do this on a windows machine?????
Click to expand...
Click to collapse
Not sure though since you need to be able to mount an ext4 image, make modifications to it and then write it back. Plus the tools required to write the image back properly are only available in linux so I doubt there will be one for windows unless someone puts in effort to make something for it. The best I can do is to make a docker image where you can run it under windows with those tools if anyone is interested.

Just a note regarding the guide, it's not really necessary to add all the other partition images when creating the ODIN flashable tar.
All that is required is:
tar cvf system.tar system.img

jedld said:
Not sure though since you need to be able to mount an ext4 image, make modifications to it and then write it back. Plus the tools required to write the image back properly are only available in linux so I doubt there will be one for windows unless someone puts in effort to make something for it. The best I can do is to make a docker image where you can run it under windows with those tools if anyone is interested.
Click to expand...
Click to collapse
is there no way to create a set of files(zip etc) we windows users could flash using odin? would be a huge help if that could be done! also anyone have a link to a stock rom??
and finally I noticed that the US samsung site has a pdf manual for this tablet that refers to marshmallow!!!!!
http://www.samsung.com/us/business/support/owners/product/SM-T280NZWAXAR

lohtse said:
is there no way to create a set of files(zip etc) we windows users could flash using odin? would be a huge help if that could be done! also anyone have a link to a stock rom??
and finally I noticed that the US samsung site has a pdf manual for this tablet that refers to marshmallow!!!!!
http://www.samsung.com/us/business/support/owners/product/SM-T280NZWAXAR
Click to expand...
Click to collapse
I highly doubt this thing will get mm. [emoji52]