If you interested in extracting the kernel image from the Samsung Galaxy S5 ROM, you should follow the following steps.
This is was tested with the G900VVRU1ANCG_G900VVZW1ANCG_VZW stock ROM firmware.
The first is extracting the files from the ROM firmware file, this is explained in many places and won't be covered here.
Extract the boot.img to some directory, using the Android unpackbootimg utility:
Code:
unpackbootimg -i boot.img -o boot/
After extracting the boot.img file you will usually end up with the following file list:
Code:
boot.img-base
boot.img-cmdline
boot.img-pagesize
boot.img-ramdisk.gz <- this includes the root (/) files, like init*.rc and SELinux policy files
boot.img-zImage <- compressed image of the Android Linux kernel
Next step will be extracting the compressed kernel image from the zImage file. The Android kernel is a self-extracting compressed file, while different devices use different compression methods. While looking at the file contents using hex editor, you can see the decompression code at the beginning, and then at some point the compressed data begins. The compressed image begins where you find the LZO magic header.
Code:
static const unsigned char lzop_magic[9] = {
0x89, 0x4c, 0x5a, 0x4f, 0x00, 0x0d, 0x0a, 0x1a, 0x0a
};
Save the data from the LZO magic header to the end of the file with the zImage.kernel file name.
This firmware and kernel are using LZO compression, and there is an easy to use utility called lzop that is used for the decompression of the file. Just run the following command to decompress the kernel from the zImage.kernel file:
Code:
lzop -d -c zImage.kernel > zImage.kernel.decompressed
And now you have the decompressed kernel for the device ready for exploration, which is also attached to this post.
Note:
I've tried using different scripts that do the job, including galaxys2_kernel_repack and http://forum.xda-developers.com/showthread.php?t=901152 but both failed while extracting the kernel image, although were able to extract the begin position for the LZO compression header.
But it does trip KNOX after flashing, doesn't it?
roman.blachman said:
If you interested in extracting the kernel image from the Samsung Galaxy S5 ROM, you should follow the following steps.
This is was tested with the G900VVRU1ANCG_G900VVZW1ANCG_VZW stock ROM firmware.
The first is extracting the files from the ROM firmware file, this is explained in many places and won't be covered here.
Extract the boot.img to some directory, using the Android unpackbootimg utility:
Code:
unpackbootimg -i boot.img -o boot/
After extracting the boot.img file you will usually end up with the following file list:
Code:
boot.img-base
boot.img-cmdline
boot.img-pagesize
boot.img-ramdisk.gz <- this includes the root (/) files, like init*.rc and SELinux policy files
boot.img-zImage <- compressed image of the Android Linux kernel
Next step will be extracting the compressed kernel image from the zImage file. The Android kernel is a self-extracting compressed file, while different devices use different compression methods. While looking at the file contents using hex editor, you can see the decompression code at the beginning, and then at some point the compressed data begins. The compressed image begins where you find the LZO magic header.
Code:
static const unsigned char lzop_magic[9] = {
0x89, 0x4c, 0x5a, 0x4f, 0x00, 0x0d, 0x0a, 0x1a, 0x0a
};
Save the data from the LZO magic header to the end of the file with the zImage.kernel file name.
This firmware and kernel are using LZO compression, and there is an easy to use utility called lzop that is used for the decompression of the file. Just run the following command to decompress the kernel from the zImage.kernel file:
Code:
lzop -d -c zImage.kernel > zImage.kernel.decompressed
And now you have the decompressed kernel for the device ready for exploration, which is also attached to this post.
Note:
I've tried using different scripts that do the job, including galaxys2_kernel_repack and http://forum.xda-developers.com/showthread.php?t=901152 but both failed while extracting the kernel image, although were able to extract the begin position for the LZO compression header.
Click to expand...
Click to collapse
I tried that and was given a warning of trailing bytes by `lzop`. Later when i do a `file` command on the resulting uncompressed file, it is not a vmlinux ELF image, rather it is a data file. How are we able to repack this image back into zImage? Any advise is appreciated thanks.
What i do if i have boot.img-kernel and boot.img-kernel_offset?
DGKG said:
What i do if i have boot.img-kernel and boot.img-kernel_offset?
Click to expand...
Click to collapse
The boot.img-kernel is your zimage file
What Source you used for Unpack?
Can you share link for you Scripts? or can you provide link to scripts for unpacking and repacking Note 9 Exynos Kernel?
Thanks
Greetings
I followed these procedures, and pushed the boot.img with Odin, but the phone goes into download mode stating: "Could not do normal boot." Can anyone see what I am doing wrong? How can I troubleshoot the issue? Is there some way I can look at some logs somewhere? I did save my recovery.log file from twrp to the sdcard before I loaded the backedup files and rebooted the phone. I put them here is there anything else I can do?
I tried the same thing with boot.img and I got the following:
Code:
[email protected]:~/xiaolu/mkbootimg_tools$ ./mkboot boot.img ksumag
Unpack & decompress boot.img to ksumag
kernel : zImage
ramdisk : ramdisk
page size : 2048
kernel size : 8262680
ramdisk size : 1064985
dtb size : 1300480
base : 0x00000000
kernel offset : 0x00008000
ramdisk offset : 0x02000000
second_offset : 0x00f00000
tags offset : 0x01e00000
dtb img : dt.img
cmd line : console=null androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x37 ehci-hcd.park=3
ramdisk is gzip format.
Unpack completed.
[email protected]:~/xiaolu/mkbootimg_tools$ cd ksumag/
[email protected]:~/xiaolu/mkbootimg_tools/ksumag$ ls
dt.img img_info ramdisk ramdisk.gz zImage
[email protected]:~/xiaolu/mkbootimg_tools/ksumag$
I put the scsi_wait.ko ( name? ) file in ramdisk /dev folder, and replaced the zImage and dt.img file with the ones I made, and packed them into my own boot.img file.
Here is the output:
Code:
[email protected]:~/xiaolu/mkbootimg_tools$ ./mkboot ksumag/ boot.img
mkbootimg from ksumag//img_info.
kernel : zImage
ramdisk : new_ramdisk.gz
page size : 2048
kernel size : 8262680
ramdisk size : 1082259
dtb size : 1300480
base : 0x00000000
kernel offset : 0x00008000
ramdisk offset : 0x02000000
tags offset : 0x01e00000
dtb img : dt.img
cmd line : console=null androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x37 ehci-hcd.park=3
Kernel size: 8262680, new ramdisk size: 1082259, boot.img: 10893312.
boot.img has been created.
...
Then I put all files in a tar file. I did make a couple of mistakes with files names, which I hope did not damage the boot.img file.
Code:
[email protected]:~/xiaolu/mkbootimg_tools$ tar -H ustar -c boot.img >> boot.img
tar: boot.img: file is the archive; not dumped
[email protected]:~/xiaolu/mkbootimg_tools$ ls
ARM dtbToolCM ksumag mkbootimg recovery.img
boot.img dtbtool.txt lz4 MyKernel.tar.md5 recovery.tar.md5
commands dtc mkboot oldfiles shahin
dtbTool ksuamg mkbootfs README.md sm-n900p-test1
[email protected]:~/xiaolu/mkbootimg_tools$ tar -H ustar -c boot.img > boot.img
tar: boot.img: file is the archive; not dumped
[email protected]:~/xiaolu/mkbootimg_tools$ tar -H ustar -c boot.img > boot.tar
[email protected]:~/xiaolu/mkbootimg_tools$
Then I took the hash of the entire thing:
Code:
[email protected]:~/xiaolu/mkbootimg_tools$ md5sum -t boot.tar >> boot.tar
[email protected]:~/xiaolu/mkbootimg_tools$ mv boot.tar boot.tar.md5
[email protected]:~/xiaolu/mkbootimg_tools$
What are you trying to get
kenny1991 said:
What are you trying to get
Click to expand...
Click to collapse
I am trying to get a flashable image. The file I get from the above procedure goes on my phone, but the kernel does not seem to be loaded. I am still learning about the boot process, and I do not know if my phone just has a bootloader or a bootstrap also; regardless it seems to not load the kernel since it goes into download mode. The recovery.log does not show anything either. I posted in pastebin. I can put link to it here if you think it would help. My goal is to flash my phone with a copy of the kernel which I built myself.
Oh you need a developer to respond for that.
kenny1991 said:
Oh you need a developer to respond for that.
Click to expand...
Click to collapse
Do you know if I can move this thread myself or perhaps request it from one of the admins? I do not know how effective it would be if I put a link to this discussion in the developer forum.
You may ask as you can't move it. You should move it to developers discussion forum
Preliminary requirements:
1. Phone rooted.
2. CWM recovery installed.
3. Full backup created using CWM.
Actions:
1. Download the mkbootimg tools.
2. Get the current boot.img by using:
adb pull sdcard/clockworkmod/backup/xxx/boot.img
if sdcard symlink does not exist grab it from: /data/media/0/clockworkmod/backup/xxx/boot.img
3. use umkbootimg to extract boot.img:
./umkbootimg boot.img
you suppose to get two files:
1. zImage - kernel
2. initramfs.cpio.gz - ramdisk filesystem
4. build samsung kernel with dtb support:
4.1. Download kernel version from samsung website.
4.2 Do make exynos5422-k3g_00_defconfig
4.3 manually edit the .config created by adding the following lines:
CONFIG_BUILD_ARM_APPENDED_DTB_IMAGE=y
CONFIG_BUILD_ARM_APPENDED_DTB_IMAGE_NAMES="exynos5422-k3g_eur_open_10"
CONFIG_ARM_APPENDED_DTB=y
CONFIG_ARM_ATAG_DTB_COMPAT=y
CONFIG_ARM_ATAG_DTB_COMPAT_CMDLINE_FROM_BOOTLOADER=y
4.4 run: make -j8
5. Take the build product from:
arch/arm/boot/zImage-dtb and copy it to the folder where you extracted the boot.img
6. Run the following to create a new boot.img:
./mkbootimg --kernel zImage-dtb --ramdisk initramfs.cpio.gz -o new_boot.img
7. Push the new_boot.img to the sdcard:
adb push new_boot.img sdcard/
8. Get into adb shell and run from there:
su -c dd if=/sdcard/new_boot.img of=/dev/block/platform/12200000.dwmmc0/by-name/BOOT
9. Get out of adb shell, and run adb reboot.
10. Wait for the phone to upload.. And you've get your own kenrel running on Samsung galaxy s5 sm-g900h!!
Hello mates!
I've been playing with XT1097's boot.img and need some help as my boot.img fails to boot if I repack ramdisk.
Using abootimg
Extracting boot.img contents:
Code:
abootimg -x boot.img ==> produces bootimg.cfg, initrd.img and zImage files in the current directory
Updating boot.img contents without touching ramdisk (using the one extracted in the previous step):
Code:
abootimg -u boot.img -r initrd.img
If I extract initrd.img and try to repack it, then system fails at boot:
Extracting ramdisk (initrd.img) contents:
Code:
abootimg-unpack-initrd ==> produces a ramdisk subdir
Repacking without modyfing ramdisk folder contents:
Code:
abootimg-pack-initrd newramdisk.img
Updating boot.img with newramdisk.img
Code:
abootimg -u boot.img -r newramdisk.img
Even though the generated boot.img's size matches the original one - 10444800 bytes - system gets stuck at boot logo.
The same issue happens if I use these tools combined:
mkbootimg, unmkbootimg, gzip and cpio
Any ideas are welcome
I tried to root android in AVD Emulator.
Google APIs 27 x86 Revision 8
MagiskManager 7.1.1
My attempt:
1. Make a boot.img with kernel and ramdisk.img in system-images:
Code:
mkbootimg --kernel kernel-ranchu --ramdisk ramdisk.img -o boot.img
2. Patch boot.img in MagiskManager;
3. Separate ramdisk.img from patched boot.img:
Code:
split_boot patched_boot.img
4. Replace the ramdisk.img.
But this won't work, the MagiskManager show Magisk is not installed.
I need to do what else?
@goddade
You can try this https://github.com/shakalaca/MagiskOnEmulator
HemanthJabalpuri said:
@goddade
You can try this https://github.com/shakalaca/MagiskOnEmulator
Click to expand...
Click to collapse
Thank you for your reply.