Database Develop

[HACK] compiled mkbootimg and unpack/repack linux scripts for boot.img

want to edit your boot.img?
included files in zip: mkbootimg (i compiled this file from android source), unpack-bootimg.pl, repack-bootimg.pl
i edited the repack script to compile the nexus s img correctly.
Code:
--base 0x30000000 --pagesize 4096
first dump original boot.img:
Code:
cat /dev/mtd/mtd2 > /sdcard/boot.img
then drag/drop to your linux box to edit file.
use unpack script:
Code:
./unpack-bootimg.pl boot.img
you will end up with 2 compressed files and 1 folder.
finished editing and want to repack boot.img, for example:
Code:
./repack-bootimg.pl <kernel> <ramdisk-directory> <outfile>
most info and scripts pulled from here: http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack,_Edit,_and_Re-Pack_Boot_Images, thanks to the original author.
test your new boot.img:
Code:
fastboot boot boot.img

Two things:
1. if you have any bad blocks in your boot partition, this method will fail to extract the boot.img (you need to skip bad blocks, but cat will just get an error)
2. you can replace just the kernel (leaving the ramdisk and parameters intact) using:
Code:
% fastboot flash zimage zImage
The bootloader will read-modify-write the boot partition, replacing the kernel only.

how would you skip bad blocks? i never thought of a phone as having bad blocks.

k0mpresd said:
i never thought of a phone as having bad blocks.
Click to expand...
Click to collapse
All flash devices can have bad blocks. But it usually isn't something the end user would notice, unless there are so many and something is wrong that you're losing drive space.
edit: more info here if your curious http://en.wikipedia.org/wiki/Flash_memory

hmm, very strange thing happening to me. I've only gotten my boot.img to compile and boot successfully once with this method, but now I can't seem to get it to compile? I keep getting errors of the file name or file type. I'm using the correct usage.. If I compile manually with mkbootimg on the cmd line it'll compile but it won't boot. Just bootloops at the Google splash..

Jroid try my Matr1x kernel and see what happens
Sent from my Nexus S using XDA App

The problem seems to be compiling the boot with the perl scripts, not the kernel itself.

Try manually:
Once unpacked do the boot.img-ramdisk.cpio.gz with the following command (moved to the ramdisk folder):
Code:
#sudo find . | cpio -o -H newc | gzip > ../<your boot name>.img-ramdisk.cpio.gz
Then cd ../
And repack:
Code:
#./mkbootimg --kernel <your boot name>.img-kernel.gz --ramdisk <your boot name>.img-ramdisk.cpio.gz --base 0x30000000 --pagesize 4096 -o boot.img

you can replace just the kernel (leaving the ramdisk and parameters intact) using:
Code:
% fastboot flash zimage zImage
The bootloader will read-modify-write the boot partition, replacing the kernel only.
Click to expand...
Click to collapse
It won't work on the Nexus S.

python08 said:
It won't work on the Nexus S.
Click to expand...
Click to collapse
exactly, i'd love to be able to do this for some testing but it doesn't allow me.
EDIT: yes it does. Swetland is right

Chamb' said:
Try manually:
Once unpacked do the boot.img-ramdisk.cpio.gz with the following command (moved to the ramdisk folder):
Code:
#sudo find . | cpio -o -H newc | gzip > ../<your boot name>.img-ramdisk.cpio.gz
Then cd ../
And repack:
Code:
#./mkbootimg --kernel <your boot name>.img-kernel.gz --ramdisk <your boot name>.img-ramdisk.cpio.gz --base 0x30000000 --pagesize 4096 -o boot.img
Click to expand...
Click to collapse
I've tied compiling a boot both manually (with cmdline) and with the perl scripts and have used a simple kernel.gz and ramdisk.cpio.gz for my file names.. doesn't really matter what I name it as long as it has the correct file format in this .gz and .cpio.gz right? the manual compile goes fine with base 0x30000000 and pagesize 4096
however, it does not boot and will bootloop at the Google splash

Used boot.img extracted from (what ROM ?) cat /dev/mtd/mtd2 ?
Is the phone start with this boot.img (unchanged) if you flash it by typing "fastboot flash..." ?
After that, just try to unpack and repack the boot.img without changes on ramdisk or kernel, if it works that means your changes suck (^^).
These commands (or perl scripts) work perfectly for me.

Lol I will try doing that. The boot.img I used is from stock 2.3.4, edited the ramdisk (specifically init.rc & init.herring.rc)
Like I said, first time I used the perl scripts I edited my ramdisk, threw in a netarchy kernel, it compiled fine and booted. Now if I use the perl script to repack with an aosp kernel, it gives me an error about file name and/or extension being wrong. Or complains it can't find mkbootimg when its there and executable. I'll re run it again and post errors
Sent from my Nexus S

he guys where is the boot image located? not the animation, the google logo at the start of the booting!
Sent from my Nexus S using XDA Premium App

ok so when I used the repack-bootimg.pl script, it kept giving me this error:
Code:
boot.img-kernel.gz Not a directory at ./repack-bootimg.pl line 13.
So I ran mkbootimg manually, without a cmdline comment as stated above. It compiled
and booted beautifully all stock with no init.rc or init.herring.rc edits.
however when I compile a boot.img coupled with a stock kernel and a modified ramdisk, I get a non-booting boot.img. One came out at 2.9 mb and the other at 5.6 mb neither boots using the same cmd that compiled the working boot. Must be my edits.. I literally only changed about 1 line in init.rc and another line in init.herring.rc that causing it not to boot.
By the way, I got some info on a stock boot.img using the unpackbootimg binary (not the perl script) and here's what it outputs:
Code:
#BOARD_KERNEL_CMDLINE console=ttyFIQ0 no_console_suspend
BOARD_KERNEL_BASE 30000000
BOARD_PAGE_SIZE 00001000
I enter that pagesize and it says it's not a valid value when I compile boot.img's

Borky_16 said:
he guys where is the boot image located? not the animation, the google logo at the start of the booting!
Sent from my Nexus S using XDA Premium App
Click to expand...
Click to collapse
part of the kernel
to change-https://github.com/morfic/Samsung-logo

ogdobber said:
part of the kernel
to change-https://github.com/morfic/Samsung-logo
Click to expand...
Click to collapse
yeah i know thanks for the link a helping source though!
Sent from my Nexus S using XDA Premium App

Sorry for the Control C Control V of it, but I just found this topic now..
I`m facing this problem when I try to unpack boot.img..
I have done it 2 days ago but dunno why, now I can`t..
Follows what is happening..
Code:
[email protected]:~/NS-bootwork$ ./unpack-bootimg.pl boot.img
Found a secondary file after the ramdisk image.
According to the spec (mkbootimg.h) this file can exist,
but this script is not designed to deal with this scenario.
The Kernel is built, as a zImage and the WLAN as a bmc3429.ko..
Just repeating, I have built this Kernel 2 days ago in the same way, without any problems, but now I`m struggling on the message after inputting ./unpack-bootimg.pl boot.img..
Dunno what else to try, I re-downloaded the unpack-bootimg.pl from 2 different sources, and still the same error..
Any ideas?
Many thanks..
P.S.: Ubuntu 11.04 x64..
EDIT
Well, I already solve it!
That is what I did..
As unpack-bootimg.pl was not working (don`t know why) I used split_bootimg.pl script, splitting the boot.img and created new ramdisk img..
Code:
./split_bootimg.pl boot.img
mkdir ramdisk
cd ramdisk
gzip -dc ../boot.img-ramdisk.gz | cpio -i
find . | cpio -o -H newc | gzip > ../newramdisk.cpio.gz
Then after just compiled the Kernel with
Code:
./mkbootimg --kernel zImage --ramdisk newramdisk.cpio.gz --base 0x30000000 --pagesize 4096 --cmdline _console_suspend=1 console=bull's -o newtestboot.img'no
Witches includes " --cmdline _console_suspend=1 console=bull's" to not break BT functionality, in the case of Nexus S..

I found the tools here work well: http://glandium.org/blog/?p=2214
...if you then use the code originally posted above:
Code:
sudo find . | cpio -o -H newc | gzip > ../<your boot name>.img-ramdisk.cpio.gz
./mkbootimg --kernel <your boot name>.img-kernel.gz --ramdisk <your boot name>.img-ramdisk.cpio.gz --base 0x30000000 --pagesize 4096 -o boot.img

Editing boot logo (initlogo.rle)

Hi,
As some of you know it's possible to change the bootlogo in boot.img, named initlogo.rle. I've made a new bootlogo and converted it to rle. I tried these methods:
1. Make in photoshop > save as raw > convert with "to565" to initlogo.rle > hang at samsung logo
2. Open background in paint.net > save as RGB565 file (with plugin) > convert with "to565" to initlogo.rle > hang at samsung logo
method used to convert raw to rle
Code:
$ tools_cygwin/to565 -rle < logo/initlogo.raw > logo/initlogo.rle
method used to repack the img
Code:
$ tools_cygwin/mkbootimg --kernel unpack/boot.img-zImage --ramdisk unpack/boot.img-ramdisk-new.gz -o target_img/boot.img --base "cat unpack/boot.img-base"
I actually also tried to NOT change the logo and leave all the files intact, then repacked it. This also got me a corrupted boot.img file which means that the packing method probably isn't correct.
If someone knows the right way could you please change the initlogo.rle from boot.img provided in the zip with the one in the zip (attached: boot.img, initlogo.png, initlogo.raw, initlogo.rgb565, logo2.psd)
If this is working correctly for me i completely remove/disable the boot animation for faster boot
I would greatly appreciate it if someone wants to make it (and tell me what i did wrong)
edit: the actual bootlogo
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

I would also like to know this!
Please keep us posted if you get it right!
good luck!
Sent from my GT-I9000 using Tapatalk

pzayx said:
I would also like to know this!
Please keep us posted if you get it right!
good luck!
Sent from my GT-I9000 using Tapatalk
Click to expand...
Click to collapse
Ok I will

thanks too much dude. i search this

erdemsaid said:
thanks too much dude. i search this
Click to expand...
Click to collapse
If you don't get a bootloop when trying it, would you please download my attached file and replace the initlogo.rle file then repack?

Great idea, i was searching a way to totally get rid of the boot animation, will keep an eye on this one...
Thanks

If anyone knows how to fix it please reply... threads like this one get lost in the Q&A section very quick.

Is it working yet?
Sent from my GT-i9001 @ LionROM

broodplank1337 said:
Hi,
As some of you know it's possible to change the bootlogo in boot.img, named initlogo.rle. I've made a new bootlogo and converted it to rle. I tried these methods:
1. Make in photoshop > save as raw > convert with "to565" to initlogo.rle > hang at samsung logo
2. Open background in paint.net > save as RGB565 file (with plugin) > convert with "to565" to initlogo.rle > hang at samsung logo
method used to convert raw to rle
Code:
$ tools_cygwin/to565 -rle < logo/initlogo.raw > logo/initlogo.rle
method used to repack the img
Code:
$ tools_cygwin/mkbootimg --kernel unpack/boot.img-zImage --ramdisk unpack/boot.img-ramdisk-new.gz -o target_img/boot.img --base "cat unpack/boot.img-base"
I actually also tried to NOT change the logo and leave all the files intact, then repacked it. This also got me a corrupted boot.img file which means that the packing method probably isn't correct.
If someone knows the right way could you please change the initlogo.rle from boot.img provided in the zip with the one in the zip (attached: boot.img, initlogo.png, initlogo.raw, initlogo.rgb565, logo2.psd)
If this is working correctly for me i completely remove/disable the boot animation for faster boot
I would greatly appreciate it if someone wants to make it (and tell me what i did wrong)
edit: the actual bootlogo
Click to expand...
Click to collapse
I downloaded you rar file, checked and looklike all file ok I dont have this i9000 .. I thinks this is galaxy S. Unpack your boot.img
Code:
$unpack-bootimg.pl boot.img
we will have additional 3 files boot.img-kernel.gz boot.img-ramdisk.cpio.g and Folder boot.img-ramdisk. Well in this folder boot.img-ramdisk I presumed all went well. Take out initlogo.rle in the ramdisk folder and change with yours (?) from unrared folder
create new ramdisk >
Code:
$mkbootfs boot.img-ramdisk | gzip > bootimg-ramdisk [ENTER]
Now we have kernel.gz and gziped ramdisk (with new initlogo.rle file) ... repack into boot image flashable via fastboot >
Code:
$mkbootimg --kernel boot.img-kernel.gz --ramdisk bootimg-ramdisk --pagesize 4096 --cmdline "console=ttyFIQ0,115200 init=/init no_console_suspend" --base 0x32000000 -o samgalaxysxda.img
samgalaxysxda.img is flashable via fastboot in this post or download HERE
Code:
$sudo fastboot flash boot samgalaxysxda.img
if something wrong I thing you can modify the command during create boot image
Code:
mkbootimg --kernel boot.img-kernel.gz --ramdisk bootimg-ramdisk --pagesize 4096 [B][COLOR="Red"]--board aries[/COLOR][/B] --cmdline "console=ttyFIQ0,115200 init=/init no_console_suspend" --base 0x32000000 -o samgalaxysxda-1.img
I tried to split your boot image to know the parameter
Code:
$split_bootimg.pl boot.img
OUTPUT FILE FOR OUR INFO
Code:
Page size: 4096 (0x00001000)
Kernel size: 3632644 (0x00376e04)
Ramdisk size: 650135 (0x0009eb97)
Second size: 0 (0x00000000)
Board name:
Command line:
Writing boot.img-kernel ... complete.
Writing boot.img-ramdisk.gz ... complete.
...
usually Command line (kernel command line) is very important. I toke cmdline from cm7 tree using galaxysmtd .. this probably I choose wrong device
Just test and post here the result

9000 and 9001 work different when it comes to the kernel. And their hardware is significantly different. I don't know if even fastboot works, have never tried it.

[GUIDE] Making Dump Files Out of Android Device Partitions

Use:
The main purpose is to make a file that contains all data in android specific partition. This is really handy in case of dumping leak firmwares.
Pr-requirement:
- Rooted device.
- Knowledge of how to use adb or Terminal Emulator.
The first step of making dump files out of device partitions is to locate its mounting points..!!
So in our tutorial, we will make it in 2 sections. Section 1 for how to get mounting points, and section 2 for how to get partition dumped..
Keep in mind that this is xda-university; so my target is to show beginners how to do that manually, without the aid of any tool, so they can get the concept behind it.. OK let's begin..!!
Section 1:
Getting mounting points​There are several methods to achieve this, but we will discuss the easiest methods that give efficient information about the partition that you want to know its mounting point.
All these methods will be described using adb shell.
Way #1
Code:
adb shell
cat /proc/partitions
This one needs from you to figure out which block belong to which partition name.!!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Way #2
Code:
adb shell
ls -al /dev/block/platform/[B][COLOR="Blue"]dw_mmc[/COLOR][/B]/by-name
This one will give you info about the dev block names WITH their familiar names (i.e, boot, recovery, system... etc)
This command is not universal between devices, and you will need to gather its pieces (/dev/block/platform/dw_mmc/by-name).
How?
- In your device, use any explorer that can get you to the device root (personally I use ES Explorer, by pressing on "/" on navigation bar).
- Go to "/dev/block/platform/" folder
- Here you will see some files and folders, we need to open folders and search for the folder called "by-name" inside one of them; in my situation it was "dw_mmc" folder which has the folder "by-name" inside it.
- At the end, my targeted piece info will be (/dev/block/platform/dw_mmc/by-name)
- Now open adb shell and put that command..
Way #3
By pushing parted binary to /system/bin folder and run it (you can find it in attachment).
Code:
adb remount
adb shell "su" "" "mount -o remount,rw /system"
adb push parted /system/bin/parted
adb shell
chmod 0755 /system/bin/parted
parted /dev/block/[B][COLOR="Blue"]mmcblk0[/COLOR][/B]
print
Here, your mounting points will start with /dev/block/mmcblk0p* where (*) is the number shown in the table above for each partition.
example:
The hidden partition mounting point will be mmcblk0p10
The radio partition mounting point will be mmcblk0p7
The system partition mounting point will be mmcblk0p9
The recovery partition mounting point will be mmcblk0p6
and so on
Don't forget to "quit" the parted action after grasping your device mounting points.
N.B:
- You may need to run first:
Code:
adb shell
cat /proc/partitions
to know what is the initial name for your device partition.. In the example above, it was mmcblk0.
- Also to be able to do adb push to /system partition for parted binary, you will need insecure boot.img used in your ROM or adbd insecure installed in your device (Check this thread for that app), or just push parted binary manually by any root explorer and then fix permissions to rwxr-xr-x (755).
***​
Section 2:
Dumping ROM partition​After locating the mounting point of the partition you want to dump, open adb shell command prompt and type:
Code:
adb shell
su
dd if=[B][COLOR="Blue"]/yourMountingPoint[/COLOR][/B] of=[B][COLOR="Green"]/yourDestination[/COLOR][COLOR="Red"]/partitionType[/COLOR][/B]
Let's say I want to take a dump out of system partition from above example. So the adb commands will be:
Code:
adb shell
su
dd if=[B][COLOR="Blue"]/dev/block/mmcblk0p9[/COLOR][/B] of=[B][COLOR="Green"]/sdcard[/COLOR][COLOR="Red"]/system.img[/COLOR][/B]
This may take a while to complete the dumping process, depending on the size of your dumped partition; so be patient..
Note:
If the partition is formatted as ext3/4 then the dumped partition will have .img as an extension.
Other partition dumps have different extensions; examples:
radio.bin
param.lfs
Sbl.bin
zImage (without extension)
***​
Optional:
Read Partition Image​After dumping an image from android partition, you can mount it to extract a particular file for sharing, or the whole dump content in case the ROM chief wants to make a ROM out of dump files..
For Linux Users:
- Open terminal and type:
Code:
su -
mkdir -p /mnt/disk
mount -o loop [B][COLOR="Red"]yourImage.img[/COLOR][/B] /mnt/disk
cd /mnt/disk
ls -l
For Windows Users:
- Download LinuxReader from this site here.
- Open it -> Drives -> Mount Image -> Then choose your dumped image and hit Mount. A new driver will appear that contains all files inside the dumped image called "Linux native Volume 1". Just double click it to get inside the dumped image.
I hope you will find this tutorial beneficial,,,
Yours;

Actions Explanation
★ Tutorial Legends ★​
In this post, I will try to explain the use of each binary used in the tutorial, so you can make sense of each action taken.
#1
Code:
adb shell
Run remote shell interactively, as if you are in linux terminal.
Click to expand...
Click to collapse
#2
Code:
cat /proc/partitions
cat binary is used to concatenate file(s) and print them to standard output display. In our example, it prints the content of partitions file which is found in proc folder to screen display.
Click to expand...
Click to collapse
#3
Code:
ls -al /dev/block/platform/dw_mmc/by-name
ls binary is used to list directory contents.
-al is the used option for ls which means to include entries that started with "." in long listing format. There are a lot of options for ls binary. You can always print ls --h to display help menu for other options available.
Click to expand...
Click to collapse
#4
Code:
adb remount
Remounts the /system partition on the device read / write. This has been disabled in some devices (those with secure boot image); so you need to make sure that you have patched adbd that can run this command effectively.
Click to expand...
Click to collapse
#5
Code:
su
Used to get super-user privilege.
Click to expand...
Click to collapse
#6
Code:
mount -o remount,[B][COLOR="Red"]rw[/COLOR][/B] /system
Specific command to mount the /system partition on the device read / write (rw).
If you change rw to ro, you will get /system partition mounted as read only.
Click to expand...
Click to collapse
#7
Code:
adb push parted /system/bin/parted
adb push is used to copy file/dir from your local computer to android device. The usual format is adb push <local> <remote>
Click to expand...
Click to collapse
#8
Code:
chmod 0755 /system/bin/parted
chmod binary is used to set permissions for the specified file/dir.
The number after chmod is the permission used. See the next box for better understanding of chmod formatting:
Code:
[CENTER][B][COLOR="Red"]----------------
| CHMOD SCHEME |
----------------[/COLOR][/B][/CENTER]
[B] r w x[/B]
[B]4 2 1 [COLOR="Green"]= 7 (Full Permissions)[/COLOR][/B]
User ( ) ( ) ( ) [B][COLOR="Green"]--> 2nd digit[/COLOR][/B]
Group ( ) ( ) ( ) [B][COLOR="Green"]--> 3rd digit[/COLOR][/B]
Other ( ) ( ) ( ) [B][COLOR="Green"]--> 4th digit[/COLOR][/B]
Special UID GID STK
( ) ( ) ( ) [B][COLOR="Green"]--> 1st digit, ignored on most cases or put 0[/COLOR][/B]
In the above example, it is set to 0755 which means the following scheme:
Code:
[B] r w x[/B]
[B]4 2 1[/B]
User ([B][COLOR="Red"]*[/COLOR][/B]) ([B][COLOR="Red"]*[/COLOR][/B]) ([B][COLOR="Red"]*[/COLOR][/B]) [B][COLOR="Green"]--> This equals to 7 (rwx)[/COLOR][/B]
Group ([B][COLOR="Red"]*[/COLOR][/B]) ( ) ([B][COLOR="Red"]*[/COLOR][/B]) [B][COLOR="Green"]--> This equals to 5 (r-x)[/COLOR][/B]
Other ([B][COLOR="Red"]*[/COLOR][/B]) ( ) ([B][COLOR="Red"]*[/COLOR][/B]) [B][COLOR="Green"]--> This equals to 5 (r-x)[/COLOR][/B]
Special UID GID STK
( ) ( ) ( ) [B][COLOR="Green"]--> This equals to 0 (---)[/COLOR][/B]
As you can see, if you said 0755, it will be as same as saying ---rwxr-xr-x
Click to expand...
Click to collapse
#9
Code:
dd if=/dev/block/mmcblk0p9 of=/sdcard/system.img
dd binary is used to copy a file with converting and formatting.
if means input file; here we pointed to the whole partition, not specific file.
of means outputting file to specific destination path; here it is to sdcard with system.img name.
Click to expand...
Click to collapse
#10
Code:
mkdir -p /mnt/disk
mkdir binary is used to make folder dir.
-p is mkdir option which means to create folder with sub-folder at the same time. Here we want to create mnt folder that contains disk sub-folder in it. If the folder and or sub-folder(s) are already exists, it will not give error but nothing will be created.
Click to expand...
Click to collapse
#11
Code:
mount -o loop yourImage.img /mnt/disk
This is linux way to mount images into specific directory (/mnt/disk in this example).
Click to expand...
Click to collapse
#12
Code:
cd /mnt/disk
cd used to get inside specific dir path.
Click to expand...
Click to collapse
#13
Code:
ls -l
ls binary is used to list directory contents as described above.
-l is the used option for ls which means to list contents in long listing format.
Click to expand...
Click to collapse
Cheers

another way to get common names
on way #2, I've often used:
Code:
cat /proc/emmc
on a few devices to reveal similar info.
Rob

can i able to mount boot.img in android itself...actually i wanted to extract boot.img frm mobile without any tools or without the help of PC...if there be any possibilities..??

hasan4791 said:
can i able to mount boot.img in android itself...actually i wanted to extract boot.img frm mobile without any tools or without the help of PC...if there be any possibilities..??
Click to expand...
Click to collapse
if you mean extract to modify boot.img, then I don't think there is away to do that from device itself in the moment..
if you mean dumping boot.img then yes you can, just install terminal emulator from Google play and you can run adb shell commands directly from the device

Great guide hopefully makes it easier for us to get dumps! if you add logcats etc, i find they have trouble executing "adb logcat >> log.txt" -.-
also you should teach them the easy tar method, so while booted "tar -c /system/* >> /sdcard/system.tar" or via adb shell

ricky310711 said:
Great guide hopefully makes it easier for us to get dumps! if you add logcats etc, i find they have trouble executing "adb logcat >> log.txt" -.-
also you should teach them the easy tar method, so while booted "tar -c /system/* >> /sdcard/system.tar" or via adb shell
Click to expand...
Click to collapse
Yup that is possible and easy to extract but it is only for partitions that is shown in android os,,, you can't use it for boot.img, sbl.bin, modem.bin...etc right

majdinj said:
Yup that is possible and easy to extract but it is only for partitions that is shown in android os,,, you can't use it for boot.img, sbl.bin, modem.bin...etc right
Click to expand...
Click to collapse
ofcoarse, i actually had a project going where it detects all partitions(modems, boot.img, system etc..) that archives itself into a .zip
it was going well until i did something in the script, now it only works on the s3 it shall be continued one day!

Such great tutorial, this is definitely going to come in handy for me. I have a question, how can you dump (extract) a bootloader? Can i use the same method as dumping the ROM?

Could you explain how to extract stock recovery image please?
Sent from my HTC One using xda app-developers app

Where did the parted binary come from?

For Gods Sake
http://forum.xda-developers.com/sho...IDE] Unpack/repack ext4 Android system images
http://forum.xda-developers.com/sho... Creator (deployable over all kernel sources)
http://forum.xda-developers.com/sho...ipt]Backup all paritions on i9505 to odin rom
http://forum.xda-developers.com/sho...al 4.3 TW Custom Rom/ The ORIGINAL WIFI TRICK
... use Forum Search Engine first, then start asking all your 'important' questions
¤ GT-I9505 - powered by KitKat ¤

insink71 said:
on way #2, I've often used:
Code:
cat /proc/emmc
on a few devices to reveal similar info.
Rob
Click to expand...
Click to collapse
Thx for this. On my HTC One there is no "by-name" folder. It only has "by-num". cat /proc/emmc works fine though.
Cheers.

I also wrote a guide, It just using the "by-name"
and needs root
[HOWTO] dump your rom
Code:
dd if=/dev/block/platform/msm_sdcc.1/by-name/system of=/storage/extSdCard/system.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/recovery of=/storage/extSdCard/recovery.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/param of=/storage/extSdCard/param.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/boot of=/storage/extSdCard/boot.img

Hi,
I tried this on my I-9505G. It is NOT rooted, so I thought I could enter the system through Clockworkmod Recovery.
I did it, but at first I didn't mount the DATA partition (later on I did through CWM Recovery); I still ran the command:
dd if=/dev/block/platform/msm_sdcc.1/by-name/system of=/data/media/TEST/system.img
Thought I hadn't mounted anything, the media folder was still there, I only created the TEST folder.
After the image was created I typed the "ls" command and the system.img file was in /data/media/TEST/.
I then rebooted once again in CWM and ran the "adb shell" command once again, I entered /data/media/ e neither the img file nor the TEST folder I had created were there.
My question is: where have they gone?? Are they still occupying some of my space or they just got deleted automatically when I rebooted??
Please let me know as I'd like to free that extra unuseful 1.2 Gb system.img file.
Anyway, just as side information, I later on mounted the /data through CWM interface and was able to see the folders ("/data/media/0/") I can see by plugging the phone normally to the computer. I then dumped the image.
I have some other questions:
I can I mount the /data folder (or the external SD) via command?
What extention should I give to the other partitions? (All of them)
Why did you say that it's MANDATORY that the phone be rooted if it can be done this way?
Are the images I'm dumping flashable through fastboot?
Thank you all for your time!

Anybody? Please.

•I can I mount the /data folder (or the external SD) via command?
I have not been able to find the SD card in clockwork on the I9505G, hence one of my rooting procedures send the root file vi "adb sideload".
I might be able to pull the data from the phone but the clockwork recovery is still not working 100% when fastbooting it.
•What extention should I give to the other partitions? (All of them)
.img are fine.
•Why did you say that it's MANDATORY that the phone be rooted if it can be done this way?
currently it is required that the phone be unlocked. Something need to be fixed in clockwork to make it work any other way.
•Are the images I'm dumping flashable through fastboot?
They should be, but I have not been able to flash anything on the I9505G vi fastboot because of the secure boot.
without a full official image this make my playing around a little concerning (slowing me down).
I will look into this at my leisure. I would love to be able to pull a rom off a phone with only unlocking it.
I will test some stuff using my old galaxy nexus.

I actually dumped everything WITHOUT being rooted. I only unlocked the bootloader... So it works.
Further, I tried to run "fastboot boot recovery.img" with recovery.img being the image file I dumped. The phone froze and I had to pull the battery... So I assume they're not flashable as well, though I'd like other feedbacks.
I've not clearly understood what "secure boot" means. Any guide or wiki?
Thanks!
---------- Post added at 06:56 PM ---------- Previous post was at 06:55 PM ----------
I actually dumped everything WITHOUT being rooted. I only unlocked the bootloader... So it works.
Further, I tried to run "fastboot boot recovery.img" with recovery.img being the image file I dumped. The phone froze and I had to pull the battery... So I assume they're not flashable as well, though I'd like other feedbacks.
I've not clearly understood what "secure boot" means. Any guide or wiki?
Thanks!

Hey, great guide! I need some help but. I can't retrieve the common names / labels of my devices partitions. It's a GT-i8150 and there is no 'by-name' sub directory. Furthermore, parted does not work on mmcblk0 for some reason (unable to satisfy partition restraints or something). I also have no emmc file in proc.
Does anyone know how some other methods for getting the names of the partitions?
EDIT:
Another question - using ADB shell, is it possible to dump a partition straight from the phone onto the computers hard drive? My little 2GB sd card isn't coping! Thanks

a very basic but good guide
Sent from my GT-P1000 using xda app-developers app

Moto X boot with compiled zImage

Hi All,
I am working on MotoX kernel(3.4.42) , after compilation of kernel source code i am able to generate zImage. I have written zImage to original boot.img using following command
$ abootimg -u boot.img -k zImage
with this boot.img(with custom zImage) I flashed using following command
$fastboot flash boot boot.img
After booting my MotoX phone , my touch screen is not responding. I observed touch screen I2c driver is not initilized because device tree image(dt.img) is not loading by zImage during booting .
Can any one please help how to create dt.img with compiled dtb files and flash in to device???????
Thanks
Ram

516
Any one any help???????

ram1443 said:
Any one any help???????
Click to expand...
Click to collapse
im really surprised you expected most people to know the answer to your question. anyways you can rip t he prebuilt dtb from you stock boot.img using these tools right here : https://github.com/xiaolu/mkbootimg_tools and then use them to repack your zimage. abootimg isnt useful in its current form it seems.
if you wish to compile the dts files into dtb ones youll need to run a script on them, here is teh guide that taught me how to http://www.wiki.xilinx.com/Build+Device+Tree+Blob

shabbypenguin said:
im really surprised you expected most people to know the answer to your question. anyways you can rip t he prebuilt dtb from you stock boot.img using these tools right here : https://github.com/xiaolu/mkbootimg_tools and then use them to repack your zimage. abootimg isnt useful in its current form it seems.
if you wish to compile the dts files into dtb ones youll need to run a script on them, here is teh guide that taught me how to http://www.wiki.xilinx.com/Build+Device+Tree+Blob
Click to expand...
Click to collapse
Hi shabbypenguin,
Thanks for your help,
Now i am able to boot with my custom zImage and default dt.img afeter following above links. but i am unable to generate custom dt.img from my compiled dtb files.
To generate dt.img i am doing below steps:
COMMAND:
-------------
$ ./dtbTool -s 2048 -o ./dt.img -p ../../source/kernel_kitkat/out/target/product/generic/obj/kernel/scripts/dtc/ ../../source/kernel_kitkat/out/target/product/generic/obj/kernel/arch/arm/boot/
OUTPUT :
-----------
Input directory: '../../source/kernel_kitkat/out/target/product/generic/obj/kernel/arch/arm/boot/'
Output file: 'dt.img'
Found file: msm8960ab-ultra-maxx-p1.dtb ... skip, failed to scan for 'qcom,msm-id = <' tag
Found file: msm8960ab-ultram-p3.dtb ... skip, failed to scan for 'qcom,msm-id = <' tag
=> Found 0 unique DTB(s)
Can you please guide me how to generate dt.img from compiled dtb files??
Thanks
Ram

[HOWTO] Build insecure (or permissive) kernels for Nexus 6 Marshmallow

Hi all,
I am trying to get an insecure kernel for Nexus 6, marshmallow 6.0, and I stuck at a bootloop.
The AOSP tag android-6.0.0_r1 builds without any errors. Then I flash the produced insecure boot image on a nexus 6, which had the latest 6.0 factory images.
Has anyone managed to do this procedure?
Btw, I am compiling the AOSP sources, and not the kernel sources.
In AOSP, I think, the kernel/zImage is precompiled, and the aosp build system bundles it into a boot image.
So, if someone has managed to build a working insecure boot.img from any marshmallow branch please let me know.
Or has done the same thing from kernels sources, also let me know.
EDIT:
How to compile an insecure kernel:
0. This will use the precompiled kernel found in aosp sources.
So we are not actually compiling. But this title might help some folks googling the topic.
2. modify device/<maker>/<codename>/fstab.<codename>/, and remove verify tag from system
3. make -jN bootimage
Alternatively, you can follow the procedure by ziddey, and removing the verify tag from fstab.shamu, allows the kernel to be booted!
NOTE: insecure kernel is not permissive.
How to compile a permissive kernel:
0. Now we will actually compile the kernel.
1. Download the kernel sources, and checkout the branch you want. Do these modifications.
Finally compile the kernel. (There are many tutorials for kernel compilation online)
2. copy the kernel (arch/arm/boot/zImage-dtb) to your aosp_dir/device/<maker>/<codename>-kernel/
3. Disable verification (as w/ insecure kernel)
4. make -j8 bootimage
How to compile an insecure and permissive kernel:
Not sure about this. I 'd play with configurations in aosp_dir/device/<maker>/<codename>,
or maybe try an eng build. If anyone knows just post it!
I have tried these with the kernel branch "android-msm-shamu-3.10-marshmallow-mr1",
and the aosp tag "android-6.0.1_r21".

I have also tried to unpack and repack the boot.img using unpackbootimg and mkbootimg from https://github.com/osm0sis/mkbootimg.
I have extracted ramdisk, edited the default prob, repacked ramdisk, and packed using:
Code:
mkbootimg --kernel su_boot.img-zImage --ramdisk su_boot.img-ramdisk.gz --cmdline 'console=ttyHSL0,115200,n8 androidboot.console=ttyHSL0 androidboot.hardware=shamu msm_rtb.filter=0x37 ehci-hcd.park=3 utags.blkdev=/dev/block/platform/msm_sdcc.1/by-name/utags utags.backup=/dev/block/platform/msm_sdcc.1/by-name/utagsBackup coherent_pool=8M' --base 00000000 --pagesize 2048 --kernel_offset 00008000 --ramdisk_offset 02000000 --tags_offset 01e00000 --board "" -o ins_su_boot.img
Have I missed anything?
*EDIT* also tried w/ 'abootimg'. Still no luck.

Screwing around with random files found on the internet is not going to solve your problem. Use the program from *AOSP*. And make sure your parameters match (I'm not going to verify them for you). Bootloops are always cute, what did you change? Typically running make bootimg should make you a good bootimg from AOSP sources.

Well, turns out that in this case, that assumption is not correct.
The first issue is that the verity keys are not present in a custom built boot.img. At least not ones without also involving an entire system build (not that they would match the system partition that you already have).
So to solve that, edit the fstab file in the shamu device tree to remove the verify parameter from the system partition. Once that is done, it should no longer randomly reboot.
UNFORTUNATELY, that may not be enough to make the whole thing work properly still, since there appears to be some other differences between the AOSP userdebug's boot.img and the google user build. You will be able to adb in, but the android subsystem won't run.

These utilities I have used were the ones that have been successfully used to pack/unpack boot images by others. I have also done this successfully in the past, for another device running earlier versions.
Yeap. That's the problem. A kernel build from AOSP sources does not work out of the box with the rest of the system, if it is a production build. This used to work for Lollipop, but I guess they tighten security up.
Building zImage from kernel sources is still not a solution for me, as I can't properly pack/unpack a Marshmallow boot.img
The problem might be something very stupid, OS specific, and I don't want to waste any more time on this.
For now I will live with SuperSu and adbd insecure.
Maybe at some point I might try to remove the verification to see whether the rest of the stuff play nicely.
Thanks for your time!

[edit]
Answer is root. http://forum.xda-developers.com/showpost.php?p=64110288&postcount=1283
[/edit]
I spent a while tonight trying to figure this out as well. Simply dumping boot.img and recreating it works fine. But something goes wrong when unpacking/repacking the ramdisk. Stripping bootsize from bootimg.cfg so abootimg recalculates it doesn't help.
1. I did find that mkboot "works": https://github.com/ModdingMyMind/mkbootimg_tools
Simply run `mkboot boot.img boot` to dump to dir boot. Make changes to ramdisk, and then run `mkboot boot newboot.img` to create a new image. However, for whatever reason, this causes at least one issue for me. The sbin dir, despite being 755 in the ramdisk is 750 again in Android. Not sure what's going on here since I can redump newboot.img and confirm that sbin is 755.
2. I looked at seSuperuser/super-bootimg and found https://github.com/seSuperuser/super-bootimg/blob/master/scripts/bootimg.sh
The relevant part is in doneBootImgEdit(). Looking at the comments, Husson found that appending the changes to the inflated ramdisk cpio and then deflating it works. I just tested this and indeed it does work.
Husson only appends new/changed files; as a test, I tried appending the entire new ramdisk onto the old one, and sure enough, it bugs out again. Will have to investigate why this happening later, but for now, this is good enough.
As well, abootimg also comes with the tools abootimg-pack-initrd and aboot-unpack-initrd, which takes care of gzip/cpio. Of course, since the packing part doesn't work, we can't use it.
So, here's an example. Say you want to change fstab.shamu (to remove /system verification and/or /data forced encryption):
Code:
# extract boot.img
abootimg -x boot.img
# unpack the extracted initrd.img to ramdisk dir
abootimg-unpack-initrd
cd ramdisk
# make your changes to ramdisk/fstab.shamu here....
echo fstab.shamu | cpio -o -H newc > ../initrd2
cd ..
# inflate initrd.img
cp initrd.img initrd.gz
gunzip initrd.gz
# append and create new initrd.img
cat initrd initrd2 |gzip -9 -c > newinitrd.img
# strip bootsize from bootimg.cfg
sed 1d bootimg.cfg > newbootimg.cfg
# create new boot.img
abootimg --create newboot.img -f newbootimg.cfg -k zImage -r newinitrd.img
newboot.img should be a working boot image. If modifying multiple files, it may be easiest to create a different dir with those files and use find . |cpio -o -H newc > ../initrd2
Hope this helps. And if anyone can explain why this is necessary / how to recreate initrd from scratch, I can continue being lazy.
Thanks @phhusson
[edit]
Damn. I tried applying a different init file and it ate ****.
[/edit]

ziddey said:
I spent a while tonight trying to figure this out as well. Simply dumping boot.img and recreating it works fine. But something goes wrong when unpacking/repacking the ramdisk. Stripping bootsize from bootimg.cfg so abootimg recalculates it doesn't help.
1. I did find that mkboot "works": https://github.com/ModdingMyMind/mkbootimg_tools
Simply run `mkboot boot.img boot` to dump to dir boot. Make changes to ramdisk, and then run `mkboot boot newboot.img` to create a new image. However, for whatever reason, this causes at least one issue for me. The sbin dir, despite being 755 in the ramdisk is 750 again in Android. Not sure what's going on here since I can redump newboot.img and confirm that sbin is 755.
2. I looked at seSuperuser/super-bootimg and found https://github.com/seSuperuser/super-bootimg/blob/master/scripts/bootimg.sh
The relevant part is in doneBootImgEdit(). Looking at the comments, Husson found that appending the changes to the inflated ramdisk cpio and then deflating it works. I just tested this and indeed it does work.
Husson only appends new/changed files; as a test, I tried appending the entire new ramdisk onto the old one, and sure enough, it bugs out again. Will have to investigate why this happening later, but for now, this is good enough.
As well, abootimg also comes with the tools abootimg-pack-initrd and aboot-unpack-initrd, which takes care of gzip/cpio. Of course, since the packing part doesn't work, we can't use it.
So, here's an example. Say you want to change fstab.shamu (to remove /system verification and/or /data forced encryption):
Code:
# extract boot.img
abootimg -x boot.img
# unpack the extracted initrd.img to ramdisk dir
abootimg-unpack-initrd
cd ramdisk
# make your changes to ramdisk/fstab.shamu here....
echo fstab.shamu | cpio -o -H newc > ../initrd2
cd ..
# inflate initrd.img
cp initrd.img initrd.gz
gunzip initrd.gz
# append and create new initrd.img
cat initrd initrd2 |gzip -9 -c > newinitrd.img
# strip bootsize from bootimg.cfg
sed 1d bootimg.cfg > newbootimg.cfg
# create new boot.img
abootimg --create newboot.img -f newbootimg.cfg -k zImage -r newinitrd.img
newboot.img should be a working boot image. If modifying multiple files, it may be easiest to create a different dir with those files and use find . |cpio -o -H newc > ../initrd2
Hope this helps. And if anyone can explain why this is necessary / how to recreate initrd from scratch, I can continue being lazy.
Thanks @phhusson
[edit]
Damn. I tried applying a different init file and it ate ****.
[/edit]
Click to expand...
Click to collapse
My guess, and the reason why I tried appending without further thinking, is that the new initramfs files contains SELinux labels, which standard GNU/Linux cpio tool doesn't support.
One would have to investigate the changes in mkbootfs done recently.
Also, I guess mkboot is using Android's mkbootfs, which forces the permissions by itself I think.
Though the fact that extracting back give the result you expected is weird.
In super-bootimg I chose to change init.rc to chmod /sbin

Wow. http://forum.xda-developers.com/showpost.php?p=64110288&postcount=1283
Just tested and sure enough, everything is working.
Thanks @shoey63

Hopefully a final update:
The difference is in ownership. Unpacking (cpio -i) as a regular user will not preserve the ownership. However, repacking (cpio -o) does.
To repack, add -R 0.0 to cpio (i.e. --owner root.root).
e.g.
Code:
find . |cpio -o -H newc -R 0.0 | gzip -9 > ../newinitrd.img
I just tested and this works just fine without being root.

ziddey said:
Hopefully a final update:
The difference is in ownership. Unpacking (cpio -i) as a regular user will not preserve the ownership. However, repacking (cpio -o) does.
To repack, add -R 0.0 to cpio (i.e. --owner root.root).
e.g.
Code:
find . |cpio -o -H newc -R 0.0 | gzip -9 > ../newinitrd.img
I just tested and this works just fine without being root.
Click to expand...
Click to collapse
Erf that's weird, I'm pretty sure I always ran the script as root...
Anyway, thanks for the info! I'll probably update my scripts with it

I just wanted to post that using root to extract the cpio file fixed the boot failure for me on my Nexus 9 with 6.0.1. You also need to use root to find the files and create the cpio file because some files are only accessible by root of course. I guess that should have been obvious (usually needed for /dev nodes) as @phhusson said, but this time I didn't do that until reading here.
To unpack the boot.img file I used: https://github.com/osm0sis/mkbootimg.git
To pack the boot.img file I used: https://android.googlesource.com/platform/system/core/+/master/mkbootimg
I'm not sure you need the official google packer, but I just happened to use when it worked.
EDIT: I needed to update boot.img and I tried it using the osm0sis packer and it worked.

Hey guys. Thanks for the replies!
I needed a permissive kernel this time, and I have played around with the sources and your recommendations and got it working. :good:
The post by ziddey might be the easiest way to make any kernel bootable, by disabling the verification from fstab.
(and uses just one packing/unpacking tool)
You can do the same thing from sources, again by modifying the fstab on aosp.
You can build an insecure kernel by using the pre-built kernel (is aosp),
or compile and then pack a permissive one.
This procedure wasn't working for me back then when I tried it (hence this thread). I am not sure if it was my fault or the initial marshmallow release had differences from the sources. More info on the first post.