Database Develop

[HOWTO] Create your own boot/recovery images

After releasing my custom recovery and boot images several people have messaged me about how to create these images.
First, you need to read this article, carefully: http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack%2C_Edit%2C_and_Re-Pack_Boot_Images. It explains the format of these images. I suggest you try to extract the kernel and the ramdisk with a hex editor, as it will help you understand how the format works.
Afterwards, for convenience, you can use the two scripts provided in that page: unpack-bootimg.pl and repack-bootimg.pl.
You should now have two files, the kernel and the ramdisk.
Extract the contents of the ramdisk with:
Code:
gunzip -c ramdisk.cpio.gz | cpio -i
You can now proceed to alter what you wish, in the ramdisk.
For repacking, I use the tools provided in the Android 1.6 SDK. You need to download it from http://developer.htc.com/. After compiling the SDK, you should have (among others) these two tools: mkbootfs and mkbootimg.
To recreate the ramdisk, use the following command (assumes ramdisk in ramdisk folder):
Code:
mkbootfs ramdisk | gzip > ramdisk.gz
And now, to recreate the image:
Code:
mkbootfs [b]--base 0x2e00000[/b] --cmdline 'cmdline: no_console_suspend=1 console=null' --kernel kernel.gz --ramdisk ramdisk.gz -o my_new_boot_image.img
The only tricky part, and where I guess everyone is having problems, is with the --base 0x2e00000 option. This is the base address for the kernel and, without this, your Tattoo will hang at boot.
Do not try to create custom images unless you are fully aware of what you're doing. YOU CAN BRICK YOUR DEVICE
Best of luck

Thanks a lot mainfram3!
I'll base CoburnROM's boot.img off yours, and then we'll go from there.
All we need now is a how to on make your own system.img (either taking a RUU system and gutting the crap out of it or using one that a member has precompiled as a base) and we'll be set for cookin' ROMs with gas. Want fries with dat?
Thanks a million!

Cool! You have dispeled the clouds.
mf3: How did you know that base address of the kernel? I repacked the boot.img file without the option '--base xxx', that's why this one bricked my tattoo i think.

Thanks, you did the great job.
BTW, I break through this cloud by using HEX editor to comparing your image and mime and found that the kernel address, ramdisk address are different. But I don't know why... Would you mind to tell us why and how you find it??

huchengtw said:
Thanks, you did the great job.
BTW, I break through this cloud by using HEX editor to comparing your image and mime and found that the kernel address, ramdisk address are different. But I don't know why... Would you mind to tell us why and how you find it??
Click to expand...
Click to collapse
See at kernel sources at the file:
arch\arm\mach-msm\include\mach\memory.h
.....
/* physical offset of RAM */
#if defined(CONFIG_ARCH_MSM7225) || defined(CONFIG_ARCH_MSM7625)
#define PHYS_OFFSET UL(0x02E00000)
.....
I think there it is ......
cya

Well, actually I got the base address from looking at bootimg.h, to understand the structure of the header in the image files.
I then figured out the the kernel base address in the boot.img and recovery.img from the rom.zip (from the RUU) and compared it against the kernel address in the images I was creating. After that, I adjusted the arguments to mkbootimg so that it would generate a file with the same address as the originals.

i am trying to put together a recovery for the Sholes XT701. obviously i am missing this base offset because it hangs at boot. i was looking in the memory.h file and see the following but this is for the ram. where can i find the base offset for the kernel? that is what i need right?
Code:
#elif defined(CONFIG_MACH_SHOLES_UMTS) || defined(CONFIG_MACH_MAPPHONE)
#define PHYS_OFFSET UL(0x80C00000)

do you have a bootimg.h ? mainfram3 got his information from there...

Did you tried to put all in a rom.zip and replace the one that comes with Ruu WWE? IF the addresses are the same maybe it will flash your custom rom.
mainfram3 said:
Well, actually I got the base address from looking at bootimg.h, to understand the structure of the header in the image files.
I then figured out the the kernel base address in the boot.img and recovery.img from the rom.zip (from the RUU) and compared it against the kernel address in the images I was creating. After that, I adjusted the arguments to mkbootimg so that it would generate a file with the same address as the originals.
Click to expand...
Click to collapse

sorry,but how to create recovery.img?
is boot.img==recovery.img?

mainfram3 said:
And now, to recreate the image:
Code:
mkbootfs [b]--base 0x2e00000[/b] --cmdline 'cmdline: no_console_suspend=1 console=null' --kernel kernel.gz --ramdisk ramdisk.gz -o my_new_boot_image.img
Click to expand...
Click to collapse
Hi,
isn't it mkbootimg instead of mkbootfs to create an image?
Moreover, the script repack-bootimg.pl doesn't work for me. But your method using mkbootfs works well.
Thanks.

can an expert help me out? I have 2 recoveries, both of which can be flashed to my phone without any problem, except I have troubles using them.
Recovery X can be used without any problem, all the options work and I can perform nandroid backup and restore perfectly fine. However, it's missing the option to flash a custom rom from the memory card.
Recovery Y supports all the options, including the option to flash a custom rom from the memory card. However, it's not made specifically for my phone, which means that none of the buttons on my phone work. Therefore, I can only navigate through the options up or down, but I can't select it or go back.
My phone is a chinese clone btw, the brand is STAR A1000. That's why there aren't many properly made recoveries available for it. Anyway, since Recovery X works, I was wondering if someone could just compare the 2 recoveries and just change the button mappings on Recovery Y, as you can simply take the button mapping from Recovery X and that's it?
I dunno how to do it and don't wanna risk bricking my phone or anything, so if someone can kindly help me out that would be great.

I don't have this phone, but isn't there a keychars.pl file under /usr/"don't know the name anymore"/? there are files assigning an action to a pressed key - you just have to compare the keychars file from X and Y and change the Y keychars accordingly. Hope that helps, since I also never did this before.

Oh well I didn't know that
I dunno anything about creating a recovery or boot image. All I know is how to flash it and root the phone, i.e just the basic stuff.......
would you be able to help me compare the files and make the changes?
Here's the link to the files:
http://forum.xda-developers.com/attachment.php?attachmentid=740516&d=1317801095
http://forum.xda-developers.com/attachment.php?attachmentid=737495&d=1317534773
the first link is the recovery that is currently working for me, but doesn't have the option to flash a firmware from the memory card. It's a modified version of the ClockworkMod Recovery v4.0.0.5.
as for the 2nd link, please extract just the "a1000.img" recovery. My phone is the STAR A1000 and that's the recovery that contains all the options, except the buttons don't work on it. It's also in chinese but I can read it. So ya, I just need someone to remap the buttons that work in the "cw.img" recovery and copy that to the "a1000.img" recovery....

[APP] Flash Image GUI - Flash Kernels and Recoveries from normal Android mode!

Credits:
birbeck for the usual random java guidance, slushpupie for his previous java guidance, dodgejcr for extreme amounts of testing, and one_love_420 and shift for some great graphics!
testers: JT-, couga6442, happytweak and many others I might have forgot in the furry of three days I built the initial app from scratch!
HTC Vivid Testers: PirateGhost and IanWizard - thank you!!
Thanks to SDX
Device must be "unlocked"
HTC Unlock:
If you have a device which has successfully completed the HTC unlock method, this application will work to flash kernels and assist in flashing the kernels for ROMs!
Please see the guides at the bottom of this post!
Background:
flash_image (bmlwrite) is an extremely useful utility for flashing custom kernels, boot logos and recoveries. This binary has made it possible to easily flash all these items and is used almost everywhere behind the scenes (i.e. in custom recoveries, packaged into kernel /sbin, etc).
Description:
This android application, FlashImageGUI, is basically a GUI interface for the linux binary, flash_image provided by google in AOSP for loading custom kernels and recovery images onto the phone.
This app allows the flashing of kernels and custom recovery images in normal android mode!
Current Device Support:
Full Kernel, Logo and Recovery flashing: Samsung Moment, Transform, Intercept and Acclaim - the s3c6410 series of devices
Full Kernel (Anykernel and boot.img) Flashing and Recovery (zip file or image) flashing: HTC Vivid/Holiday, HTC EVO 3D CDMA and GSM, HTC EVO, HTC EVO Shift, Nexus S/Nexus S 4G & LG Optimus
Full Kernel (zImage) Flashing: Samsung Epic
Check application version for updates
Future Support:
Will continue to test kernels as they are released to ensure compatibility!
Install Directions:
Install process is the same as any other .apk. Download to computer and adb push or mount sdcard on computer and copy over or download directly to the phone. Use any file manager, adb, connectbot/terminal emulator to install.
My preferred method, maybe a bit technical: ./adb install c:\downloads\FlashImageGUI.apk
Download Locations
Market (99 cents!): Flash Image GUI
Release version (free from my personal hosting): Flash Image GUI
Contact:
Any questions, comments, concerns, or issues, please post in this thread, PM, tweet, IRC or send me an email! Thanks for all the help and support!
Screenshots:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Feedback:
Please post any helpful feedback. I'm always looking to improve the application!
HTC Unlock - User Guides for Flash Image GUI!!
HTC Unlock - Users Guide for ROMs with a Kernel (boot.img file):
1) Unlock using HTC method
2) Load this application, Flash Image GUI, onto the device, either through the Market or the link provided in this OP.
3) Download ROM .zip file to the sdcard on the device.
4) Open up Flash Image GUI, select Browse and select the ROM .zip file, downloaded to /sdcard in the previous step.
5) Flash Image GUI will provide a warning, reminding that the ROM .zip file will *need* to be flashed in the custom recovery afterward.
6) Flash Image GUI will index the full ROM .zip file searching for the kernel and kernel modules. Once located, the Flash Image button should be enabled.
7) Select the Flash Image button and Flash Image GUI will load the kernel and kernel modules from inside the ROM zip file.
8) Once completed, turn off the device. (Assuming you've already loaded a custom recovery)
9) Hold volume down + power to boot into the bootloader. Select recovery.
9) Inside the custom recovery, load/flash the ROM zip file.
10) Reboot to normal Android mode and all should work including Wifi!
HTC Unlock -Users Guide for flashing ONLY a Kernel (zip file):
1) Make sure the selected Kernel is compatible with the currently loaded ROM. If not, this will result in a lot of frustration!!! See troubleshooting steps below.
2) Download kernel zip file to /sdcard.
3) Open Flash Image GUI, browse and select kernel zip file, downloaded/loaded to sdcard in previous step.
3) Flash Image GUI will validate the kernel zip file is contains the minimum required files
4) Select the Flash Image button and Flash Image GUI will load the kernel and the kernel modules from the source kernel zip file.
5) Reboot
Troubleshooting after Rebooting:
First step, when experiencing issues flashing is to RE FLASH the files again. Many times, re flashing again will clear up any issues. If not, see the issues/solutions below.
Issue #1: If the device hangs or reboots while on the splash screen, the kernel (or packaged ramdisk in the kernel) is NOT compatible with your device!!!
Solution for #1: Have to boot into fastboot and load the custom recovery to flash a known good kernel or restore a previously known good nandroid backup. Command: fastboot boot c:\downloads\cwm-recovery.img
Issue #2: If the device hangs or reboots while on the boot animation, the ROM is likely NOT compatible with the kernel!!!
Solution for #2: Have to boot into fastboot and load the custom recovery to flash a known good ROM/kernel combination either from a zip file or restore from a nandroid backup.

Very cool, this will take away a lot of the headaches in the superguide thread lol.

Pleasure working with you again joeykrim and with pirateghost. Glad you got this phone supported with the quickness. Great work!

App worked flawlessly for me. I love that we're simplifying this process.

okay so im coming from the samsung captivate, so Im new to the htc. looking at the op, I still have to go to the htc site and unlock my phone first before I can do any of the other steps in the post right?

djfrost40 said:
okay so im coming from the samsung captivate, so Im new to the htc. looking at the op, I still have to go to the htc site and unlock my phone first before I can do any of the other steps in the post right?
Click to expand...
Click to collapse
Yes, good point. I added a note to the OP for that.
Unfortunately, HTC is not as simple as Samsung when it comes to allowing customization. There are other upsides though and with everything in life, it is a trade off! Welcome!

I unlocked my brand new AT&T Vivid today. Followed the superguide and rooted the phone, put on CWM 5.5.0.4.. Now I cannot figure out how to flash that boot image. I know I am suppose to extract the boot.img out of the zip, tried flashing it in HBoot, but didn't see it, This tool found it but warned me not to flash it. Is there something else that goes with the boot.img? want to flash Wild Childs rom

dudeluv said:
I unlocked my brand new AT&T Vivid today. Followed the superguide and rooted the phone, put on CWM 5.5.0.4.. Now I cannot figure out how to flash that boot image. I know I am suppose to extract the boot.img out of the zip, tried flashing it in HBoot, but didn't see it, This tool found it but warned me not to flash it. Is there something else that goes with the boot.img? want to flash Wild Childs rom
Click to expand...
Click to collapse
remember how you unlocked the phone?
exactly like that, only you need the boot.img and a slightly different command
fastboot flash boot boot.img
if you dont have fastboot in your environment path, then you need to be IN the same folder as fastboot.exe. the path to boot.img has to be exact, so if boot.img is NOT in the same folder as fastboot.exe you need to specify its path....
fastboot flash boot c:\users\username\desktop\boot.img

Pirateghost said:
remember how you unlocked the phone?
exactly like that, only you need the boot.img and a slightly different command
fastboot flash boot boot.img
if you dont have fastboot in your environment path, then you need to be IN the same folder as fastboot.exe. the path to boot.img has to be exact, so if boot.img is NOT in the same folder as fastboot.exe you need to specify its path....
fastboot flash boot c:\users\username\desktop\boot.img
Click to expand...
Click to collapse
Oh, okay, so put the Boot.img with the fastboot.exe in the same folder, run cmd with the with the phone in Bootloader and direct it to where the folder is located at on your PC.run this command if the folder is on your desktop fastboot flash boot c:\users\username\desktop\boot.img
I got it, Thanks.

dudeluv said:
Oh, okay, so put the Boot.img with the fastboot.exe in the same folder, run cmd with the with the phone in Bootloader and direct it to where the folder is located at on your PC.run this command if the folder is on your desktop fastboot flash boot c:\users\username\desktop\boot.img
I got it, Thanks.
Click to expand...
Click to collapse
if you have boot.img in the same folder as fastboot.exe, then no, just open a command prompt where fastboot.exe is, and run the command
fastboot flash boot boot.img

Pirateghost said:
if you have boot.img in the same folder as fastboot.exe, then no, just open a command prompt where fastboot.exe is, and run the command
fastboot flash boot boot.img
Click to expand...
Click to collapse
Oh okay, that sounds easier

dudeluv said:
Now I cannot figure out how to flash that boot image. I know I am suppose to extract the boot.img out of the zip, tried flashing it in HBoot, but didn't see it, This tool found it but warned me not to flash it.
Click to expand...
Click to collapse
Since we are in the Flash Image GUI thread, I feel inclined to answer the question regarding the application, Flash Image GUI.
There are a handful of warnings in the application because the HTC EVO 3D released in August of 2011 had this same HTC unlock method and I've been assisting people now for 6 months. There a handful of pitfalls which confuse many users and result in errors on their device. If you carefully read the warnings and follow the directions, you will prevent the common pitfalls and known issues.
1) This tool will warn you, but the warning doesn't say to NOT flash, it only warns you that you will be missing kernel modules if you ONLY flash the boot.img.
2) If you're wanting to load a ROM, as mentioned, select the whole ROM .zip file from Flash Image GUI. Flash Image GUI will handle all the logistics by scanning the file, locating the modules and kernel, and loading both of this. Make sure, after flashing the ROM .zip file in Flash Image GUI, the same ROM .zip file is flashed from recovery mode. Recovery mode will install the "system" portion of the ROM .zip while Flash Image GUI installs the "kernel" portion of the ROM .zip. If both portions are not loaded, many times the device will not boot.
3) When using Flash Image GUI, you don't need to extract the boot.img. It is better to select the whole kernel .zip file. The reason why is whenever you flash a kernel, boot.img or zImage, you MUST flash the accompanying modules, including WiFi. If not, most of the time, Wifi will NOT work.
If you find a warning to be incomplete or misguiding, please post up at least a portion of the exact text you see. I'm more than happy to revisit and working on improving wording but is hard for me to understand mis communications w/o exact feedback!
Let me explain why there is the warning for only flashing the boot.img. The modules (WiFi, etc) must match the kernel as they are compiled/setup at the same time. If the kernel mismatches with the modules, then the modules will not work. This is the main reason why there are posts saying, "Help, my Wifi stopped working".
Hope that helps clarify any confusion! Appreciate the support!

joeykrim said:
Since we are in the Flash Image GUI thread, I feel inclined to answer the question regarding the application, Flash Image GUI.
There are a handful of warnings in the application because the HTC EVO 3D released in August of 2011 had this same HTC unlock method and I've been assisting people now for 6 months. There a handful of pitfalls which confuse many users and result in errors on their device. If you carefully read the warnings and follow the directions, you will prevent the common pitfalls and known issues.
1) This tool will warn you, but the warning doesn't say to NOT flash, it only warns you that you will be missing kernel modules if you ONLY flash the boot.img.
2) If you're wanting to load a ROM, as mentioned, select the whole ROM .zip file from Flash Image GUI. Flash Image GUI will handle all the logistics by scanning the file, locating the modules and kernel, and loading both of this. Make sure, after flashing the ROM .zip file in Flash Image GUI, the same ROM .zip file is flashed from recovery mode. Recovery mode will install the "system" portion of the ROM .zip while Flash Image GUI installs the "kernel" portion of the ROM .zip. If both portions are not loaded, many times the device will not boot.
3) When using Flash Image GUI, you don't need to extract the boot.img. It is better to select the whole kernel .zip file. The reason why is whenever you flash a kernel, boot.img or zImage, you MUST flash the accompanying modules, including WiFi. If not, most of the time, Wifi will NOT work.
If you find a warning to be incomplete or misguiding, please post up at least a portion of the exact text you see. I'm more than happy to revisit and working on improving wording but is hard for me to understand mis communications w/o exact feedback!
Let me explain why there is the warning for only flashing the boot.img. The modules (WiFi, etc) must match the kernel as they are compiled/setup at the same time. If the kernel mismatches with the modules, then the modules will not work. This is the main reason why there are posts saying, "Help, my Wifi stopped working".
Hope that helps clarify any confusion! Appreciate the support!
Click to expand...
Click to collapse
Thanks for the clarification. I flashed a kernel last night Pirates way.
I have Flash Image GUI on my ROM. Correct me if I am wrong, some roms do not have the boot.img included in the rom, they have it separate, From what I understand is I would just include the boot.img, taken out of the zip and drop it into the rom, Then browse to where the rom is on the sd card with Flash Image GUI and then flash the boot.img..... go into recovery then flash the rom,
My original question, If I have the Boot.img out of the zip, drag it onto the sd card, is it okay just to flash the Boot.img alone? then turn the phone off and go into recovery, flash the rom?
When I tried it this way, I got warnings. So I posted that question.

dudeluv said:
Thanks for the clarification. I flashed a kernel last night Pirates way.
I have Flash Image GUI on my ROM. Correct me if I am wrong, some roms do not have the boot.img included in the rom, they have it separate, From what I understand is I would just include the boot.img, taken out of the zip and drop it into the rom, Then browse to where the rom is on the sd card with Flash Image GUI and then flash the boot.img..... go into recovery then flash the rom,
My original question, If I have the Boot.img out of the zip, drag it onto the sd card, is it okay just to flash the Boot.img alone? then turn the phone off and go into recovery, flash the rom?
When I tried it this way, I got warnings. So I posted that question.
Click to expand...
Click to collapse
Yes to all of the above.
Flash Image GUI will flash basically all the combinations you can create. I've added warnings though to caution uses who aren't familar with the process as I prefer not to see the Flash Image GUI bricked my phone posts/emails/market comments.
Well historitcally, most ROMs if requiring a kernel with either include it or link to a flashable .zip of it.
With this whole HTC unlock issue and confusion, some ROM devs are providing their ROM required kernel separately as a boot.img file.
The warning you received when attempting to flash just the boot.img file was only to inform you that you must immediately flash the associated ROM .zip file from recovery mode or the device might not boot properly.
Thanks for requesting clarification and I'll revisit the wording to verify the clarity. Appreciate the support!

joeykrim said:
Yes to all of the above.
Click to expand...
Click to collapse
Cool, next ROM I flash I am going to try this.

where can i find a kernal for my stock velocity 4g? (says in bootloader that its a holiday)

WinterKnights said:
where can i find a kernal for my stock velocity 4g? (says in bootloader that its a holiday)
Click to expand...
Click to collapse
Majority of customized kernels will be found in the Development board.
If you're looking for the 100% stock kernel, the best source is to extract them from the stock RUU files. These are generally leaked and posted by a user named Football. His threads are also usually in the Development board.
Good luck and appreciate the support!

This is an embarrassingly rudimentary question.
I HTC-Unlocked my Vivid (running GB 2.3.4), and successfully installed FlashGUI. However, after launching it, it wants root before going any further. I would have thought that would be necessary, but the instructions on the OP make no mention of it. They just state HTC Unlock as a pre-req.
Given everyone else's success in using the app, it's painfully obvious that I'm missing something. Any pointers ?
-RKA

rasar42 said:
This is an embarrassingly rudimentary question.
I HTC-Unlocked my Vivid (running GB 2.3.4), and successfully installed FlashGUI. However, after launching it, it wants root before going any further. I would have thought that would be necessary, but the instructions on the OP make no mention of it. They just state HTC Unlock as a pre-req.
Given everyone else's success in using the app, it's painfully obvious that I'm missing something. Any pointers ?
-RKA
Click to expand...
Click to collapse
Wow, over 10k users and for some reason this was never pointed out as clearly as you've mentioned. You're definitely right as root access is not mentioned in the OP. In the Android Market, I have it at the top, but on the forum made the assumption people knew root access was required.
Due to Android's security architecture, root access is required before being Android grants write access to the kernel or recovery partition.
Quickest way, is probably to use fastboot to load a custom recovery and flash the superuser.zip file. This will install the Superuser application along with the su binary and setup the correct permissions.
Once root access is properly setup, everything should be good to go!
In summary, as security changes, the most consistent method after using HTC's official unlock will be to use fastboot to load a custom recovery and flash the superuser.zip file.
Hope that helps!

Will it work using on an Inspire 4G?

[Tut] building a kernel

Hi guys,
This guide teaches how to make a new kernel for your device, it works in most of the cases but doesnt mean it will work for everyone
You need a minimal linux experice to know WTF you are doing
If you have any questions, post Belloowww
Download the required files
You will need a linux machine with the basic development tools or a virtualbox machine running a linux distribution (ubuntu 64bits will do fine)
I use the codesourcery package [http://www.mentor.com/embedded-soft...ourcery-codebench/editions/lite-edition/form]
Download the IA32 GNU/Linux TAR[https://sourcery.mentor.com/sgpp/li...9-69-arm-none-eabi-i686-pc-linux-gnu.tar.bz2]
The tar package is the easier to install
You will also need your kernel source from your manufacturer, for samsung the sources are available here[http://opensource.samsung.com/]
Install the cross compiler
Enter the folder were you downloaded the package and extract it, you will get something like arm-2011.03
Move that folder to some location, i use opt
ex: mv arm-2011.03 /opt/
or
sudo mv arm-2011.03 /opt
Done!
Extract and prepare the kernel sources
I will use the samsung sources as example, but anything can be used
For the samsung sources, after you extract the zip, you will get something like DEVICE_Platform.tar and DEVICE_Kernel.tar.gz
Extract the kernel:
tar zxvf DEVICE_Kernel.tar.gz
Enter the kernel folder and list the folder contents
ls
The structure is something like this:
[http://www.madteam.co/wp-content/uploads/2012/02/kernel-sources.png]
Most devices contain the config file inside the device
You can extract it like this:
adb shell
su
cp /proc/config.gz /sdcard/
exit
exit
adb pull /sdcard/config.gz
Good, now we have the sources, compiler and configuration
Compiling the kernel
To compile ther kernel, i usually clean the sources first, with this i know for sure nothing will go wrong (usually )
make ARCH=arm CROSS_COMPILE=/opt/arm-2011.03/bin/arm-none-eabi- distclean (Remember to replace acordingly the compiler folder)
Sources cleaned, time to load the config file
gunzip config.gz
cp config ./.config
Good, now lets check the menuconfig (menuconfig is a menu to choose the kernel options, created to make it easy to select)
make ARCH=arm CROSS_COMPILE=/opt/arm-2011.03/bin/arm-none-eabi- menuconfig
Change whatever you want and exit and save
good, now its time to build
make ARCH=arm CROSS_COMPILE=/opt/arm-2011.03/bin/arm-none-eabi- -j2
Now wait for it to finish!
Your compiled kernel will be located inside arch/arm/boot/zImage
Extracting a boot.img
Good, now we have the zImage, but WTF to do with it?
Well, android usually (some samsung devices use a different boot.img method, ex: I9000) has the boot.img, inside of it we contain:
- ramdisk (required files to load the /system partition and continue the boot sequence)
- zImage (our kernel)
- pagesize
- base
- cmdline (some kernel paremetes used on boot)
To create your own boot.img, you need one from a nandroid backup that was made from CWM or AmonRA custom recoveries (there are other methods, but for those use the madteam forum )
The boot.img is located inside your /sdcard/clockworkmod/backup/somedate/boot.img
You will also need the unpackbootimg and mkbootimg binaries, i this link there is the 64 bit version (wont work on 32 bit linux)
create an empty folder, copy the downloaded file inside, enter it and do:
tar zxvf bootimgtools.tar.gz
chmod 755 *
now copy the boot.img you got from the backup
and extract the boot.img with:
./unpackbootimg -i boot.img
this will create the files as explained above
Creating the boot.img
Before making the boot.img, we need some information from the files extracted
cat boot.img-base ( save the output #1)
cat boot.img-pagesize (save the output , place the value inside the Hex Value of this site, and copy the decimal value and save it #2)
cat boot.img-cmdline (save the output #3)
Good, now copy the compiled kernel (zImage) inside the current folder and do:
mkbootimg –kernel zImage –ramdisk boot.img-ramdisk.gz –cmdline “(replace with output#3)” –base (replace withoutput #1) –pagesize (replace with output#2) -o /tmp/boot.img
Good, the boot.img is created!
Now test on your device!
If you dont know how to flash the boot.img, enter the madteam forum and request help (its too difficult to explain the flashing of boot.img if you dont know how to do it )
PLZ hit the thanks button if u like it

thanks man worked great
Sent from my SPH-M930BST using xda premium

jdogrambo said:
thanks man worked great
Sent from my SPH-M930BST using xda premium
Click to expand...
Click to collapse
plz hit the THANKS button if u like my work

good job
nyc wrk

ICS_XD said:
plz hit the THANKS button if u like my work
Click to expand...
Click to collapse
have u build any kernal yet before posting here ?

punjprateek said:
have u build any kernal yet before posting here ?
Click to expand...
Click to collapse
i tried it
but was getting a error
so i let it go
but i post it here
bcz i wanna know sumone is also having errorz?

thanks for the guide. pls add some format to it to enhance readability.

me_max said:
thanks for the guide. pls add some format to it to enhance readability.
Click to expand...
Click to collapse
ok
m working on it
will try to have a short way

Nice guide, but use toolchains arm 4.4.3 none linux gnueabi instead of arm 2011q3 eabi..because 2011q3 wont works.and I9100G is only using zImage compile into boot.img is not necessary

now i come to know why i was gettin error
hey thanks man

ICS_XD said:
now i come to know why i was gettin error
hey thanks man
Click to expand...
Click to collapse
i think u shld make a good kernel first then u are eligible to make a tutorial

Rather than post instructions before you can do it yourself, focus on managing to do it first, THEN go posting.
And quit begging for thanks, it just makes you look desperate and stupid.

[boot.img] obsolete please lock

Hi all. Quick notice:
Usual disclaimers apply.
This is an Unsecure boot.img I made for Android 4.2 on the Nexus 4.
Okay cool... but what is an insecure boot.img?
An insecure boot.img allows the device to be booted with permissions to be mounted as root. This is a way of being able to push SuperSU/Superuser.apk to /system/app and the Su Binaries to /bin
adb shell
su
mount -o remount,rw /system
exit​
See more here: External Link
_____________________________________________________________________________________________________________
To use this you must be unlocked, not familar with unlocking a Nexus device? Easy. In fastboot mode type "fastboot oem unlock" this wipes all data on the device (virtual sd included).
A nice article regarding this thread was published here: http://www.addictivetips.com/android/root-google-nexus-4-install-clockworkmod-recovery/
To boot this boot.img:
must be in the platform-tools folder in the android-sdk
must be in fastboot mode (power+vol-)
First use: fastboot boot "boot.img" (no ")
Why boot? I have not tested this image as I don't have a Nexus 4 as of yet.**
**Some users report flashing the image makes the phone in need of a fastboot stock flashing session, stick to booting for now.​
Thank you for helping!
-fkrone
-Ranguvar
-USSENTERNCC1701E
This is mainly for development purposes to obtain root on this device, it will be an easier process when a recovery is published and you can flash a su.zip. (see attached)
DOWNLOAD HERE: http://www.androidfilehost.com/?fid=9390169635556426389
Note, this is in Nexus 7 folder as Nexus 4 does not have its own atm.​
Click to expand...
Click to collapse
Please Lock!

Placeholder reserve

Harry GT-S5830 said:
Anyone able to get me recovery.fstab from recovery image and ill try make a cwm6 touch recovery for us.
I wouldn't be lazy and do it myself but PC is off
Sent from a phone
Click to expand...
Click to collapse
sgs2ext4 doesn't work on the recovery.img and the image isn't mountable by itself in Windows.
Too lazy to reboot into Linux, for now.. any other way to crack it open?

Ranguvar said:
sgs2ext4 doesn't work on the recovery.img and the image isn't mountable by itself in Windows.
Too lazy to reboot into Linux, for now.. any other way to crack it open?
Click to expand...
Click to collapse
Pull it apart in hex editor
Sent from my HTC Explorer A310e using xda app-developers app

Harry GT-S5830 said:
Anyone able to get me recovery.fstab from recovery image and ill try make a cwm6 touch recovery for us.
Sent from a phone
Click to expand...
Click to collapse
I've got the recovery.img, can I get the .fstab out without loop mounting? I don't have a linux machine set up right now.

USSENTERNCC1701E said:
I've got the recovery.img, can I get the .fstab out without loop mounting? I don't have a linux machine set up right now.
Click to expand...
Click to collapse
Old fashioned HxD
See here: http://forum.xda-developers.com/showthread.php?t=443994
I could probably do it without this, but it probably wouldn't mount data/media (what emulates the SD) so it would be relatively useless as that's where zips are
Also this might prove useful: http://forum.xda-developers.com/showthread.php?t=1494036 (requires Cygwin or Linux environment)

Harry GT-S5830 said:
Old fashioned HxD
See here: http://forum.xda-developers.com/showthread.php?t=443994
Click to expand...
Click to collapse
Hell, I wouldn't trust myself to rip it out with a hex editor. I'm setting up a VM right now, but I could just upload the recovery.img for you. I pulled it out of the stock image that google uploaded today.

USSENTERNCC1701E said:
Hell, I wouldn't trust myself to rip it out with a hex editor. I'm setting up a VM right now, but I could just upload the recovery.img for you. I pulled it out of the stock image that google uploaded today.
Click to expand...
Click to collapse
Cheers, that's where I had mine but I corrupted it :/ ill try pull it apart on the 600MHz wonder pico
Or perhaps not... 3.2" is too small for hex

Harry GT-S5830 said:
Cheers, that's where I had mine but I corrupted it :/ ill try pull it apart on the 600MHz wonder pico
Or perhaps not... 3.2" is too small for hex
Click to expand...
Click to collapse
Lol, I'm having a hell of a time getting Slax as a cooperative VM, might have to go all out with ubuntu

Got it!
Thanks for the tutorials. It was just fun to to something short after midnight (Germany). I was a little bit bored Would be nice if you can mention me in the people helped to create this recovery
http://www.mediafire.com/?mlv72phch1tgd5y Mediafire-Mirror

Dammit, beat me to it!
Serves me right for making dinner first
http://ompldr.org/vZ2ExYQ/recovery.fstab

Can i ask something as a future buyer of nexus 4 and older user of another phone...the fastboot is the "bootloader" (pink screen on my older phone) the state of the phone where i can connect it to my computer and see the folder containing the recovery.img boot.img...etc???

pikachukaki said:
Can i ask something as a future buyer of nexus 4 and older user of another phone...the fastboot is the "bootloader" (pink screen on my older phone) the state of the phone where i can connect it to my computer and see the folder containing the recovery.img boot.img...etc???
Click to expand...
Click to collapse
That's not quite how it works. These .img files we are talking about are pictures of the stock version of those paritions. Try reading this article for an explanation of Android partitioning.
There is also a great graphic here. The site is in Spanish, I haven't used Google to translate it, but the picture there is in English. Take your time with it, there's a lot of info there.

To get into Fastboot mode, do you just hold the volume down button while powering on? Never used a Nexus device before. Have been strictly on HTC up until now. I'm picking up my Nexus 4 in the morning and don't mind trying, as long as there's a way to undo anything in case something goes wrong.

Stryder5 said:
To get into Fastboot mode, do you just hold the volume down button while powering on? Never used a Nexus device before. Have been strictly on HTC up until now. I'm picking up my Nexus 4 in the morning and don't mind trying, as long as there's a way to undo anything in case something goes wrong.
Click to expand...
Click to collapse
Or you can enable adb and
Code:
adb reboot bootloader
The command
Code:
fastboot boot boot.img
is temporary. All it does is boot, one time only, the image you specify. Once you've mounted system as rw however, everything you do in /system before rebooting is permanent.

USSENTERNCC1701E said:
Or you can enable adb and
Code:
adb reboot bootloader
The command
Code:
fastboot boot boot.img
is temporary. All it does is boot, one time only, the image you specify. Once you've mounted system as rw however, everything you do in /system before rebooting is permanent.
Click to expand...
Click to collapse
So does adding the su binaries and the superuser apk give you permanent root after this then?
And exactly what binaries are needed to gain root? I've never gained root using that method before so am a little unfamiliar in this territory.

Stryder5 said:
So does adding the su binaries and the superuser apk give you permanent root after this then?
And exactly what binaries are needed to gain root? I've never gained root using that method before so am a little unfamiliar in this territory.
Click to expand...
Click to collapse
Woops, wrong thread.
Yes, if you push the su binary from a superuser flashable zip to /system/bin/ and chmod 0655, plus the superuser apk, you will have permanent root after.
Also, there is a recovery.img now, so you can test that out, if it works, flash it from fastboot, then flash a superuser zip from that recovery.

Thank you for getting it (recovery.fstab), looks like someone beat me to it though!
Sorry for late response I have to sleep as I'm in last school year
Ill cook up a recovery just to make your efforts worthwhile
It's in OP, its probably 99.9% the same as the other guys so i'm not going to make duplicate thread, use who evers recovery you wish.
____________________________________________________________________________________________________________________________________
Reason I say fastboot boot first is because it allows you to boot the image without permanently (well, unless you flash another over) flashing a partition without knowing it works.

Booted fine when I ran fastboot boot boot.img, but when I actually flashed it, it's giving me a boot loop now Booting back into fastboot shows secure boot still enabled. Any suggestions? Or do you have the original bootloader image?

Stryder5 said:
Booted fine when I ran fastboot boot boot.img, but when I actually flashed it, it's giving me a boot loop now Booting back into fastboot shows secure boot still enabled. Any suggestions? Or do you have the original bootloader image?
Click to expand...
Click to collapse
Not at my comp now or I'd upload it, bit of you rip open the fa Tory image from the Google servers you should find it
---------- Post added at 02:44 PM ---------- Previous post was at 02:43 PM ----------
On a side note, what possessed you to do that?

[GUIDE] Samsung Galaxy TAB A 7.0 SM-T(280/285) Debloat/Stock customization

UPDATE 09/20/2016 - Root is now available for the SM-T285 (custom ROM and SM-T280 to follow) see post for details (http://forum.xda-developers.com/showpost.php?p=68777842&postcount=27)
After some work I've managed to debloat my Galaxy Tab A(6) 7.0 LTE (SM-T285/T280). We all know that with a locked bootloader we
can at least do customizations with the system partition:
Here is a simple guide with hopes that more people with the device can continue to allow for more ROM customizations:
Tools/Requirements:
================
- Ubuntu as my OS
- make sure you have adb installed and running (See the android developers guide on how to do this)
- Heimdall 1.4.1
- A copy of the stock firmware zip from samsung for your device
- 7zip to be able to unzip the firmware from above
- Android AOSP fsutils simg2img and make_ext4fs (Attached) (note that your make_ext4fs needs to be patched to be able to generate samsung patches easily see gist) for some reason samsung chose to use a slightly different sparse file layout for this device. Using the stock make_ext4fs to generate an image will cause heimdall ( ad Odin) to stop data uploads after the first packet stream.
Or if you still want to use stock make_ext4fs you can try using Chainfire's sgs4ext4fs and run this after you generate your system.img, I haven't tried this route personally myself.
Step By Step (Part 1 - Mount stock system.img for modification)
==========
1. Create a folder to do your work like samsing_kitchen for example. Place your
stock firmware package there
Code:
mkdir samsung_kitchen
cd samsung_kitchen
2. Extract your stock firmware's system.img using 7zip
Code:
7z x XTC-T285XXU0APCN-20160421170750.zip
7z x T285XXU0APCN_T285OLB0APC6_T285XXU0APCN_HOME.tar.md5
Should see a couple of image files, one of them is system.img.
3. Create mount point and convert from sparse image to mountable image and then mount it
Code:
mkdir system
simg2img system.img system.img.raw
sudo mount -t ext4 -o loop system.img.raw ./system
The contents of the system image should now be visible inside the system folder you
just created. You can now proceed to modifiying it (e.g. remove apps)
(Part 2 - Repackage image for flashing to device)
=================================================
DISCLAIMER: As always make sure you backup your important files in case
something goes wrong! I will not be responsible for any losses resulting from this
activity. Also this activity may void your warranty.
Prequisites:
- Make sure you have heimdall properly working.
- Make sure you have oem unlock. This should be visible in developer settings
To know if it is enabled/disable FRP protection should be disabled when you go
in Odin mode.
1. pull the file_contexts file from .your device ( or download the attached in this post).
Code:
adb pull file_contexts
on a connected device in developer mode. You will need this file so that the permissions are properly set when building the image
2. Exit from system back to your working folder (e.g. samsing_kitchen ) and run
the following:
Code:
sudo make_ext4fs -s -l 2147483648 -S file_contexts -a system new_system.img ./system
This should create a flashable image called new_system.img
3. Restart your SM-T285 into Odin Mode (Power-off, then hold home vol-down + power until Odin Mode shows up)
4. Flash using Heimdall
Code:
heimdall flash --SYSTEM new_system.img
Your device should automatically restart after this. If something goes wrong you can always flash the original system image back.
Making an ODIN flashable image
----------------------------------------
To create an image compatible with ODIN (tar.md5) make sure you have a copy of the stock image zip from samsung and extract (using 7zip) its contents to a folder:
An extracted file should look like this:
Code:
boot.img
cache.img
hidden.img
nvitem.bin
recovery.img
SPRDCP.img
SPRDGDSP.img
SPRDLTEDSP.img
SPRDWDSP.img
system.img
replace the stock system.img with the one you created from above:
Code:
cp ../new_system.img system.img
tar and md5 it:
Code:
tar -H ustar -c boot.img cache.img hidden.img recovery.img SPRDCP.img SPRDGDSP.img SPRDLTEDSP.img SPRDWDSP.img system.img >T285_CUSTOM.tar
md5sum -t T285_CUSTOM.tar > T285_CUSTOM.tar
mv T285_CUSTOM.tar T285_CUSTOM.tar.md5
as per ashyx this should also work as well:
Code:
tar -H ustar -c system.img > system.tar
md5sum -t system.tar > sytem.tar
mv system.tar system.tar.md5
Optionally Zip it if you want:
Code:
7z a T285_CUSTOM.zip T285_CUSTOM.tar.md5
This guide should work for the T280 as well, though I can't confirm it since I don't have access to that model.
Petition for samsung to unlock the device:
https://www.change.org/p/samsung-unlock-the-bootloader-for-the-samsung-galaxy-tab-a-7-0-2016?recruiter=286570213&utm_source=petitions_share&utm_medium=copylink
Custom ROM to enable move apps to sd (apps2sd like support):
http://forum.xda-developers.com/android/development/rom-samsung-galaxy-tab-7-0-lte-2016-sm-t3455788

@jedld
Nice guide, just a few things though.
I don't think it's really necessary to use the file contexts as we're building a system image and all permissions should remain intact.
Regarding the chunk size, Chainfire created sgs4ext4fs to deal with this, it just needs to be run afterwards on the sparse image to patch the headers.
What is the source for the make_ext4fs patch or did you create this patch?
Lastly some people may prefer to use ODIN to flash.
So maybe you could add to the guide that the image can be repacked into a ODIN flashable tar using 7-zip.
By the way the guide will work for the T280 too, so you may want to add that.
Thanks.

ashyx said:
@jedld
Nice guide, just a few things though.
I don't think it's really necessary to use the file contexts as we're building a system image and all permissions should remain intact.
Regarding the chunk size, Chainfire created sgs4ext4fs to deal with this, it just needs to be run afterwards on the sparse image to patch the headers.
What is the source for the make_ext4fs patch or did you create this patch?
Lastly some people may prefer to use ODIN to flash.
So maybe you could add to the guide that the image can be repacked into a ODIN flashable tar using 7-zip.
By the way the guide will work for the T280 too, so you may want to add that.
Thanks.
Click to expand...
Click to collapse
I don't think it's really necessary to use the file contexts as we're building a system image and all permissions should remain intact.
Click to expand...
Click to collapse
I remember encountering a boot loop without that, let me check again and I'll update the guide.
What is the source for the make_ext4fs patch or did you create this patch?
Click to expand...
Click to collapse
Just applied the following patch on latest aosp sources:
https://gist.github.com/jedld/4f388496bda03b349f5744f367749a67
There is a magic number used which I can't figure out, the value is different between SM-T285 ROMS coming from different regions.
Nice to hear about sgs4ext4fs though, probably wouldn't be able to know based on the problem I encountered that the tool also applies unless someone pointed it out.

https://www.change.org/p/samsung-unl...edium=copyLink
Petition for unlocked bootloader for samsung, please sign

http://samsung4android.ru/?ipub=422
any thoguth on this?

klemen241 said:
http://samsung4android.ru/?ipub=422
any thoguth on this?
Click to expand...
Click to collapse
ashyx already tried everything. CF-auto root requires an unlocked recovery, the tablet won't even accept a repacked recovery image. Besides the guy in the video wasn't even using a SM-T285, if you look closely the files he used were for the SM-T550.

klemen241 said:
https://www.change.org/p/samsung-unl...edium=copyLink
Petition for unlocked bootloader for samsung, please sign
Click to expand...
Click to collapse
link is broken though, you must have used the auto truncated link, use this instead:
https://www.change.org/p/samsung-un...edium=copylink&recuruit_context=copylink_long

What about those custom roms? As far as i can see we can use modified stock rom. Can we go anywhere with that? And can someone explain how to make external storage bigger with SD?

SM-T285M with locked bootloader - research ...
First, I have a SM-T285M which is a Galaxy Tab A6 7.0 LTE with a COO CSC. and is factory unlocked (UB as Samsung notates it these days. It's got North and South America LTE bands, and unfortunately it also has a locked bootloader just like the T285 and the T280.
Hear me out on this theory I have come up with ....
I recently stumbled across mention of Samsung pushing out an OTA at some point that broke root at the kernel level forever. I read Chainfire has created a patch that fixes this on some models. Unfortunately not the T28x's due to the locked BL.
While looking for stock ROMS, I discovered differences in the pit files and the size of hidden.img that occurred between 3/2016 and 4/2016 releases leading me to believe that's when they locked the bootloader and pushed the root killing kernel ota to the T285M. The hidden.img was shrunk to a little more than the boot.img and the PIT was modified beginning with the 4/26 release
My T285M was built on 4/7/2016 and now having the new pit and hidden.img, any attempts at ODIN flashing of the 3/23 factory rom (3/10 build) crashes out at hidden.img. I figure I will be unable to go back to the 3/10 build unless I use the pit for that 3/10 build - I'm not ready to play that deep on this .... yet, I don't even know if I am on to anything at this point. but maybe someone else wants to ....
Take a peek at the contents of the three released roms for the T285M in the capture below and if anyone thinks theres hope in getting to root by going back to 3/10 build and PIT I can point you to the three files for experimentation, or even better to get to chainfire if this is doable.
BTW jedid GREAT debloat for the T285. I'm using the system.img on my T285M , I hated Touchwiz so much, now all we need is root. see if these tell you anything.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

klemen241 said:
What about those custom roms? As far as i can see we can use modified stock rom. Can we go anywhere with that? And can someone explain how to make external storage bigger with SD?
Click to expand...
Click to collapse
There are a number of things we can already do with a custom system.img like debloat, enable universal sd r/w, customizing apps, probably theming and fonts are also possible. Hopefully more people can come up with mods.
Unfortunately we need root/unlocked boot.img to do important things to fix the weakness of this device like changing partition sizes, enable apps2sd support, xposed framework, having customizable cpu performance governors/overclocking etc.

TopTongueBarry said:
First, I have a SM-T285M which is a Galaxy Tab A6 7.0 LTE with a COO CSC. and is factory unlocked (UB as Samsung notates it these days. It's got North and South America LTE bands, and unfortunately it also has a locked bootloader just like the T285 and the T280.
Hear me out on this theory I have come up with ....
I recently stumbled across mention of Samsung pushing out an OTA at some point that broke root at the kernel level forever. I read Chainfire has created a patch that fixes this on some models. Unfortunately not the T28x's due to the locked BL.
While looking for stock ROMS, I discovered differences in the pit files and the size of hidden.img that occurred between 3/2016 and 4/2016 releases leading me to believe that's when they locked the bootloader and pushed the root killing kernel ota to the T285M. The hidden.img was shrunk to a little more than the boot.img and the PIT was modified beginning with the 4/26 release
My T285M was built on 4/7/2016 and now having the new pit and hidden.img, any attempts at ODIN flashing of the 3/23 factory rom (3/10 build) crashes out at hidden.img. I figure I will be unable to go back to the 3/10 build unless I use the pit for that 3/10 build - I'm not ready to play that deep on this .... yet, I don't even know if I am on to anything at this point. but maybe someone else wants to ....
Take a peek at the contents of the three released roms for the T285M in the capture below and if anyone thinks theres hope in getting to root by going back to 3/10 build and PIT I can point you to the three files for experimentation, or even better to get to chainfire if this is doable.
BTW jedid GREAT debloat for the T285. I'm using the system.img on my T285M , I hated Touchwiz so much, now all we need is root. see if these tell you anything.
Click to expand...
Click to collapse
i was wondering the same thing, if ther is any chance of unlocking it on earlier versions.
Also i sent email to samsung support again, maybe they will be sick of us begging and release the lock

klemen241 said:
i was wondering the same thing, if ther is any chance of unlocking it on earlier versions.
Also i sent email to samsung support again, maybe they will be sick of us begging and release the lock
Click to expand...
Click to collapse
http://opensource.samsung.com/reception/receptionSub.do?method=sub&sub=F&searchValue=t285m
---------- Post added at 02:46 AM ---------- Previous post was at 02:36 AM ----------
TopTongueBarry said:
First, I have a SM-T285M which is a Galaxy Tab A6 7.0 LTE with a COO CSC. and is factory unlocked (UB as Samsung notates it these days. It's got North and South America LTE bands, and unfortunately it also has a locked bootloader just like the T285 and the T280.
Hear me out on this theory I have come up with ....
I recently stumbled across mention of Samsung pushing out an OTA at some point that broke root at the kernel level forever. I read Chainfire has created a patch that fixes this on some models. Unfortunately not the T28x's due to the locked BL.
While looking for stock ROMS, I discovered differences in the pit files and the size of hidden.img that occurred between 3/2016 and 4/2016 releases leading me to believe that's when they locked the bootloader and pushed the root killing kernel ota to the T285M. The hidden.img was shrunk to a little more than the boot.img and the PIT was modified beginning with the 4/26 release
My T285M was built on 4/7/2016 and now having the new pit and hidden.img, any attempts at ODIN flashing of the 3/23 factory rom (3/10 build) crashes out at hidden.img. I figure I will be unable to go back to the 3/10 build unless I use the pit for that 3/10 build - I'm not ready to play that deep on this .... yet, I don't even know if I am on to anything at this point. but maybe someone else wants to ....
Take a peek at the contents of the three released roms for the T285M in the capture below and if anyone thinks theres hope in getting to root by going back to 3/10 build and PIT I can point you to the three files for experimentation, or even better to get to chainfire if this is doable.
BTW jedid GREAT debloat for the T285. I'm using the system.img on my T285M , I hated Touchwiz so much, now all we need is root. see if these tell you anything.
Click to expand...
Click to collapse
UPDATE: I was able to get the 3/10 stock factory rom flashed without changing the pit. Replaced the hidden.img file in this rom with a renamed copy of the boot.img from the same rom. Flashing does fail in the very end, but it completes before failing so I simply rebooted immediately into Odin mode again to flash jedid's debloated system.img for the T285. Done this a couple times now and the device comes up just fine. About device and Phone Info Samsung confirm it is running the 3/10 build.
Bad news is the bootloader is locked in this build too. No hope unless someone can do something with the source. See prior post.

is open source same for t280? i have 280 not 285

klemen241 said:
is open source same for t280? i have 280 not 285
Click to expand...
Click to collapse
not sure how having the kernel source would help since we can't even change the kernel on the device which is kinda awkward for samsung. Besides I remember ashyx having compilation issues with spreadtrum kernel sources by samsung and not just for this device.

TopTongueBarry said:
http://opensource.samsung.com/reception/receptionSub.do?method=sub&sub=F&searchValue=t285m
---------- Post added at 02:46 AM ---------- Previous post was at 02:36 AM ----------
UPDATE: I was able to get the 3/10 stock factory rom flashed without changing the pit. Replaced the hidden.img file in this rom with a renamed copy of the boot.img from the same rom. Flashing does fail in the very end, but it completes before failing so I simply rebooted immediately into Odin mode again to flash jedid's debloated system.img for the T285. Done this a couple times now and the device comes up just fine. About device and Phone Info Samsung confirm it is running the 3/10 build.
Bad news is the bootloader is locked in this build too. No hope unless someone can do something with the source. See prior post.
Click to expand...
Click to collapse
I remember flashing an earlier build thinking the same thing and yep the bootloader is still locked. Aside from that I ran kingroot to see if there was anything exploitable... did'nt work. What I haven't tried is to see if superuser is disabled in this kernel though.

jedld said:
After some work I've managed to debloat my Galaxy Tab A(6) 7.0 LTE (SM-T285/T280). We all know that with a locked bootloader we
can at least do customizations with the system partition:
Here is a simple guide with hopes that more people with the device can continue to allow for more ROM customizations:
Tools/Requirements:
================
- Ubuntu as my OS
- make sure you have adb installed and running (See the android developers guide on how to do this)
- Heimdall 1.4.1
- A copy of the stock firmware zip from samsung for your device
- 7zip to be able to unzip the firmware from above
- Android AOSP fsutils simg2img and make_ext4fs (Attached) (note that your make_ext4fs needs to be patched to be able to generate samsung patches easily see gist) for some reason samsung chose to use a slightly different sparse file layout for this device. Using the stock make_ext4fs to generate an image will cause heimdall ( ad Odin) to stop data uploads after the first packet stream.
Or if you still want to use stock make_ext4fs you can try using Chainfire's sgs4ext4fs and run this after you generate your system.img, I haven't tried this route personally myself.
Step By Step (Part 1 - Mount stock system.img for modification)
==========
1. Create a folder to do your work like samsing_kitchen for example. Place your
stock firmware package there
Code:
mkdir samsung_kitchen
cd samsung_kitchen
2. Extract your stock firmware's system.img using 7zip
Code:
7z x XTC-T285XXU0APCN-20160421170750.zip
7z x T285XXU0APCN_T285OLB0APC6_T285XXU0APCN_HOME.tar.md5
Should see a couple of image files, one of them is system.img.
3. Create mount point and convert from sparse image to mountable image and then mount it
Code:
mkdir system
simg2img system.img system.img.raw
sudo mount -t ext4 -o loop system.img.raw ./system
The contents of the system image should now be visible inside the system folder you
just created. You can now proceed to modifiying it (e.g. remove apps)
(Part 2 - Repackage image for flashing to device)
=================================================
DISCLAIMER: As always make sure you backup your important files in case
something goes wrong! I will not be responsible for any losses resulting from this
activity. Also this activity may void your warranty.
Prequisites:
- Make sure you have heimdall properly working.
- Make sure you have oem unlock. This should be visible in developer settings
To know if it is enabled/disable FRP protection should be disabled when you go
in Odin mode.
1. pull the file_contexts file from .your device.
Code:
adb pull file_contexts
on a connected device in developer mode. You will need this file so that the permissions are properly set when building the image
2. Exit from system back to your working folder (e.g. samsing_kitchen ) and run
the following:
Code:
sudo make_ext4fs -s -l 2147483648 -S file_contexts -a system new_system.img ./system
This should create a flashable image called new_system.img
3. Restart your SM-T285 into Odin Mode (Power-off, then hold home vol-down + power until Odin Mode shows up)
4. Flash using Heimdall
Code:
heimdall flash --SYSTEM new_system.img
Your device should automatically restart after this. If something goes wrong you can always flash the original system image back.
Making an ODIN flashable image
----------------------------------------
To create an image compatible with ODIN (tar.md5) make sure you have a copy of the stock image zip from samsung and extract (using 7zip) its contents to a folder:
An extracted file should look like this:
Code:
boot.img
cache.img
hidden.img
nvitem.bin
recovery.img
SPRDCP.img
SPRDGDSP.img
SPRDLTEDSP.img
SPRDWDSP.img
system.img
replace the stock system.img with the one you created from above:
Code:
cp ../new_system.img system.img
tar and md5 it:
Code:
tar -H ustar -c boot.img cache.img hidden.img recovery.img SPRDCP.img SPRDGDSP.img SPRDLTEDSP.img SPRDWDSP.img system.img >T285_CUSTOM.tar
md5sum -t T285_CUSTOM.tar > T285_CUSTOM.tar
mv T285_CUSTOM.tar T285_CUSTOM.tar.md5
Optionally Zip it if you want:
Code:
7z a T285_CUSTOM.zip T285_CUSTOM.tar.md5
This guide should work for the T280 as well, though I can't confirm it since I don't have access to that model.
Click to expand...
Click to collapse
Anyway to do this on a windows machine?????

lohtse said:
Anyway to do this on a windows machine?????
Click to expand...
Click to collapse
Not sure though since you need to be able to mount an ext4 image, make modifications to it and then write it back. Plus the tools required to write the image back properly are only available in linux so I doubt there will be one for windows unless someone puts in effort to make something for it. The best I can do is to make a docker image where you can run it under windows with those tools if anyone is interested.

Just a note regarding the guide, it's not really necessary to add all the other partition images when creating the ODIN flashable tar.
All that is required is:
tar cvf system.tar system.img

jedld said:
Not sure though since you need to be able to mount an ext4 image, make modifications to it and then write it back. Plus the tools required to write the image back properly are only available in linux so I doubt there will be one for windows unless someone puts in effort to make something for it. The best I can do is to make a docker image where you can run it under windows with those tools if anyone is interested.
Click to expand...
Click to collapse
is there no way to create a set of files(zip etc) we windows users could flash using odin? would be a huge help if that could be done! also anyone have a link to a stock rom??
and finally I noticed that the US samsung site has a pdf manual for this tablet that refers to marshmallow!!!!!
http://www.samsung.com/us/business/support/owners/product/SM-T280NZWAXAR

lohtse said:
is there no way to create a set of files(zip etc) we windows users could flash using odin? would be a huge help if that could be done! also anyone have a link to a stock rom??
and finally I noticed that the US samsung site has a pdf manual for this tablet that refers to marshmallow!!!!!
http://www.samsung.com/us/business/support/owners/product/SM-T280NZWAXAR
Click to expand...
Click to collapse
I highly doubt this thing will get mm. [emoji52]