Database Info

The Ultimate Guide to put Hero Builds and other Builds to your G1/Magic Android

The Ultimate Guide to put Hero Builds and other Builds to your G1/Magic Android Phones by hellogadgetman from Greece
or download from here for best structure and more
http://rapidshare.com/files/2522727..._Builds_and_other_Builds_to_your_G1_best.docx
for ROOTED Phones
I have no responsibility for mistakes and problems through this guide
1) Find your SPL and Radio Versions
• Radio
o Next you will want to confirm your Radio Baseband.
To Confirm this Press Menu - Settings - About Phone - Scroll down till you see Baseband version.
Compare the Baseband value to the value below to see if you are using the correct radio for your build or if you need to update.
o You will need 2.22.19.26I
• Currently there are three SPLs available. The G1 variant is the SPL that is installed in stock T-Mobile G1 phones. The Engineering variant is found in the Android Dev Phone 1. Finally, the HardSPL is a modification of the Engineering variant by cmonex, with additional hacker-friendly functionality.
• HardSPL
• VER: HSPL10.95.3000
• HardSPL is a modification of the Engineering SPL by cmonex. In addition to the functionality of the Engineering SPL, HardSPL also allows NBH files to be used without matching the CID (carrier ID) check.
• Engineering SPL
• VER: HBOOT-0.95.3000
• The Engineering SPL is a custom SPL installed in devices intended for Android development. It has existed since before the launch of the G1 and is now available to the general public as preinstalled on the Android Dev Phone 1.
• G1 Original SPL
• VER: HBOOT-0.95.0000
• This is the original SPL which is installed in a stock G1. It is easily distinguished by the "trademark" red-green-blue bootloader screen which appears in many HTC phones. This SPL does not support the fastboot protocol and thus will not allow the user to flash nand backup images.
2) Update the Radio to the Latest
• Download the Radio zip.
• http://android-roms.googlecode.com/files/ota-radio-2_22_19_26I.zip
• Rename it to "update.zip".
• Copy it to the root of your phone's SD card.
• Turn your phone off.
• Start up in recovery mode by holding Home and pressing Power.
• Press ALT+S to apply the update.
• Once the update is applied press Home+Back to reboot the phone. The Phone will start to boot up and then continue applying the update. Once this is completed the Recovery menu will ask you for the second time to reboot the phone via Home + Back
3) Update the SPL to the Latest
IF YOU HAVE ONE SD CARD:
• Upload new SPL on your microSD and rename to "update.zip"
• Reboot your phone into recovery mode. I ASSUME YOU MEAN HOLDING POWER AND HOME BUTTONS>>>RIGHT?
• THIS IS IMPORTANT (perform a nandroid backup, of course) APPLY THE UPDATE USING ALT-S..., and once complete DON'T DO ANYTHING.. read step 4.
• WITHOUT PRESSING ANY BUTTONS remove your microSD card from your phone, and plug it into your microSD card adapter/SD card reader
• Remove/rename the SPL update (to something other than "update.zip") and upload the update file of the build you are currently using onto your microSD card. Put your microSD card back in your phone AGAIN WITHOUT PUSHING ANY BUTTONS I KNOW THIS IS STUPID, BUT WE RENAME THE BUILD TO UPDATE.ZIP AS WELL
• Press Alt + x to go to the console. If your phone does not reboot automatically, press enter, type "reboot recovery", then press enter again.
• If you boot up in recovery, you have done everything correctly. Now APPLY THE UPDATE USING ALT-S, reboot, and you're done
4) Performing a NANDROID Backup
At this point you should backup your phone via NANDROID
1 Turn your phone off.
2 Hold Home, press Power button to boot into Recovery Mode
3 Press ALT+B to start the backup.
4 Once the backup has completed press Home + Back
Next your phone will reboot and load the OS, at this point you should copy the files your just backed up to your PC incase you need to recover your phone
1 Mount your SDCard to your PC
2 On your SDCard change to the nandroid/HT840GZ30985
3 Inside this folder you will see another folder the first 8 digits of this folder name is the date it was created in the YYYYMMDD format and the last four are the time.
4 Copy this entire folder to your PC and save it. As you make more backups to your phone repeat this process.
5) Format your sd card to Fat32 and Ext2/Ext3 Partitions
• Install the sdsplit executable to your phone. To so this, open the 'terminal' application / ADB Shell and type the following commands at the prompts:$ su
# cd /data
# wget http://64.105.21.209/bin/lib/droid/sdsplit
# chmod 555 sdsplit
# exit
• Decide the size of your FAT partition:
You should use one of two approaches to decide the size of your FAT partition. The first one involves simply directly deciding this size (i.e. I want a 5G FAT partition). In this case, the EXT2 partition will be the remainder of the card.
size_of_fat_partition = size
The second method is based upon the fact that you want to decide the size of the EXT2 partition and would like the FAT partition to be the remainder of the card. In this case, the size of the FAT partition will be based on the size of your sdcard and the size of the EXT2 partition that you want. Use this formula to calculate it:
size_of_sdcard - size_of_ext2_partition = size
So, if you have an 8GB sdcard and want 1GB of space for apps on your EXT2 partition, use 7000M for the FAT size.
No matter which method you use, you will need to specify either bytes (no parameter), kilobytes (K) or megabytes (M) . So, for a 5G partition would use a 5000M size parameter.
Note: The size parameter is currently case sensitive, use 7500M, not 7500m!
• Backup your SDCard onto your PC
Note: To figure out how much data (in K) you have on you FAT partition, you can type the following in your terminal / ADB Shell (the sdcard can not be mounted for this cmd to work):
$ du -s /sdcard
Note: to find out how much free space is left on your /data partition type (see available)
$ df /data
• Run sdsplit. Use the size from step 3 below (do not forget the "M" in size if you are specifying megabytes): (Note: you will need an internet connection on your phone for this step)
Note: If you are using the JF1.5 update, you should put a -nc at the end of the commands below since system configuration is not needed!
Non JF1.5 Build:
$ su
# /data/sdsplit -nd -fs size
# exit
JF1.5 Build:
$ su
# /data/sdsplit -nd -fs size -nc
# exit
Please, remember to record the output of this stage if you run into a problem. There will be a permanent record of it in, /data/sdsplit.log.
• Reboot your phone, via terminal:
reboot
• Restore your data from your PC to your Fat partition of your SDCard.
• You're done! You should have two partitions now on your sdcard. The FAT one mounted at /sdcard and the EXT2 one mounted at /system/sd.
6) Put the Cyanogen Recovery image 1.2
http://n0rp.chemlab.org/android/cm-recovery-1.2.img
To install raw image: copy it to your sdcard and run from a terminal:
flash_image recovery /sdcard/cm-recovery-1.2.img
It is suggested to fully shutdown the device and power it back up.
Check Recovery IMG by rebooting phone and pressing Home + Power to see the new Recovery IMG
If you have problems with a "no space on device" error, try using fastboot and erasing first:
fastboot erase recovery
fastboot flash recovery cm-recovery-1.3.1.img
7) Upload JACHero 2.2.3 or any other to sd card and rename them as update.zip
8)Last steps to finalize
• wipe
• run apps2sd from recovery image menu
• then run fix filesystems
• then run update.zip
• then run apps2sd from recovery image menu again
• then reboot
• when phone reboots, give it about a minute after the screen comes on and chose deny on swapper in SU permissions pop up.
• then go thru the setup for gmail and android..
• after you get logged in to everything, do your settings for backlight and whatever else,
• then go to programs and do the swapper settings -
• SWAPPER SETTING:
/system/sd/swapfile.swp
Change swapper size
i did 20mb / 32mb ( i think thats right )
• then reboot ( after Gmail has finished syncing your contacts )
• when it comes back up choose always allow on swapper ( in su permission popup )
• then do you market and flickr( disable wifi for a sec ) to accept the terms..
• then give it a few seconds, and in about 1 min the phone will be running faster like cupcake
Many thanks to JACHero,Cyanogen,Robpet2,Jesus Freke,Jon Pezz, xmoo, Haykuro, Stericson, dapro, The Dude, Darkrift, and many others!

very nice guide thank you...also very nice guide structure
gonna try this and see if i can really get this to run as fast as cupcake

Just a side note;
Http://twistedumbrella.googlepages.com/index.htm
The guide there has all the resources loaded to the site already and no longer requires you to have to use fastboot because the recovery there has restore built in.

pretty good guide...but this has nothing to do with porting builds -- only installing builds that have already been "ported"
porting (in the context you used it) means to change a build to work on another system / device:
http://en.wikipedia.org/wiki/Porting
also...Recovery 1.3.1 is the latest and greatest
cheers

alapapa said:
pretty good guide...but this has nothing to do with porting builds -- only installing builds that have already been "ported"
porting (in the context you used it) means to change a build to work on another system / device:
http://en.wikipedia.org/wiki/Porting
also...Recovery 1.3.1 is the latest and greatest
cheers
Click to expand...
Click to collapse
I know but 1.2 Cyanogen has Apps to sd and fix filesystems

alapapa said:
pretty good guide...but this has nothing to do with porting builds -- only installing builds that have already been "ported"
porting (in the context you used it) means to change a build to work on another system / device:
http://en.wikipedia.org/wiki/Porting
Click to expand...
Click to collapse
Yes, the title of this post is rather misleading. I was expecting a guide to porting. This is a well organized collection of instructions to prepare your phone for most modern builds, and will surely be useful to some, but the title should really be changed to better reflect the content of the post.

hellogadgetman said:
I know but 1.2 Cyanogen has Apps to sd and fix filesystems
Click to expand...
Click to collapse
1.3.1 does too, but much like fix_permissions its executed through concole instead of menu

If someone made the guide please post his thoughts
Thanks

Anyone or better None

thanx for your instructions!
and, is the Cyanogen Recovery Image the necessary part for flashing Hero roms on G1?
thanx again.

thanx for your instructions!
and, is the Cyanogen Recovery Image the necessary part for flashing Hero roms on G1?
thanx again.

Very good, indeed.
EDIT:
What happens if you miss a step, but still able to flash the latest 2.3.5 hero rom? (Following these steps reduces the lag?)
That's what exactly what I did:
1. I already had the latest radio update (so I didn't bother downloading again)
2. I installed latest SPL, renamed it to "update" in my sd card, turn off phone, turn-on phone (HOME+END button), hit ALT+S.
(I don't have a SD card reader yet.....but I have another phone (T-Mobile Wing), I removed SD card from G1, put it in T-Mobile Wing, opened folder where SD card is, and deleted "update" (SPL file), rename the 2.3.5 HERO rom to "update", took SD card out of T-Mobile Wing, put it in my G1)
3. Turn on G1 (HOME + END), wipe (ALT+W), then flash (ALT+S)
(Waited until it installed new hero ROM, it was installed, then I went to swapper application and changed settings to " /system/sd/swap.swp "
That's it.
I already had partition my SD card before doing this update. I dont know if it's necessary to do it again.
My G1 is working, and I have 72MB free space in internal phone storage (so far).
My question is:
Do I need to follow these steps to make the rom work better? To allow my apps go to my SD card (like it was before).?
By the way, I installed the OVERCLOCKWIDGET app from market and it won't open. (Launch Error, "Overclockwidget (need root) could not be launched")
Any inputs would be greatly appreciated.
Then I wipe, flash new ROM.

ss1271 said:
thanx for your instructions!
and, is the Cyanogen Recovery Image the necessary part for flashing Hero roms on G1?
thanx again.
Click to expand...
Click to collapse
Yes if you want to be a fast Hero ROM

jay22are said:
very nice guide thank you...also very nice guide structure
gonna try this and see if i can really get this to run as fast as cupcake
Click to expand...
Click to collapse
if it is let me lnow to make the change to hero

FAILURE to install
I followed your guide exactly but when I was flashing the hero update an error came back
"E: Cant't chown/mod /system/xbin
(no such file or directory)
E:Failure at line 14:
set_perm_recursive 0 2000 0755 06755 SYSTEM.xbin
Installation aborted."
Any suggestions???
NVM. Problem fixed. had to download the following spl
https://www.digital-bit.ch/g1devel/6.0-spl-signed.zip

Alt+M (apps2sd option) isn't showing up in v1.3.1
Anyone have any idea why Alt+M (apps2sd option) isn't showing up in Cyanogen's Recovery Image when all the other options that were updated in 1.3.1 are?
twistedumbrella said:
1.3.1 does too, but much like fix_permissions its executed through concole instead of menu
Click to expand...
Click to collapse

Thats the reason I put in my guide the 1.2 Cyanogen recovery

DirectMatrix said:
Anyone have any idea why Alt+M (apps2sd option) isn't showing up in Cyanogen's Recovery Image when all the other options that were updated in 1.3.1 are?
Click to expand...
Click to collapse
app2sd is automatic in version 1.3.1, but that's for new apps installation.

All the hero roms (at least that i know) require not the recommended "HardSPL" but Haykuro's updated SPL
This guide is very misleading esp since you bascially c/p from the other posts.
Dont take it personally, but it really needs to be cleaned up

B-man007 said:
All the hero roms (at least that i know) require not the recommended "HardSPL" but Haykuro's updated SPL
This guide is very misleading esp since you bascially c/p from the other posts.
Dont take it personally, but it really needs to be cleaned up
Click to expand...
Click to collapse
But this is the point of somebody who has to read over 500 posts to understand to have all the things straight away.
I have used it and it is fine and some others also ...(over 100 downloads of the document)
Thanks

[MOD][RECOVERY] Custom MTD Partitions (resize Data,System and Cache ) [ 2010-10-29 ]

Custom MTD Partitions
This is an implimentaion of lbcoder's Custom partition layouts
be sure to checkout that thread for the full history
What does it do?
Well, basically Custom MTD Partitions resizes your MTD partitions
for instance this is a CM6.1RC1, ( heavily customised )
Code:
Filesystem Size Used Available Use% Mounted on
/dev/block/mtdblock3 73.0M 72.8M 236.0K 100% /system
/dev/block/mtdblock5 134.8M 107.2M 27.6M 80% /data
/dev/block/loop0 896.0K 896.0K 0 100% /system/lib/modules
/dev/block/loop1 4.0M 4.0M 0 100% /system/xbin
/dev/block/mmcblk0p2 457.4M 201.8M 231.1M 47% /sd-ext
/dev/block/mmcblk0p2 457.4M 201.8M 231.1M 47% /cache
/dev/block/mtdblock4 2.0M 776.0K 1.2M 38% /dev/cache
most of my Apps are on sd-ext, dalvik-cache is on data
/dev/cache is where the real cache partition is mounted, /cache is actually a bind mount from /sd-ext/cache
Applicable to..
Probably any device that uses the same kind of nand as the G1 MT3G ( msm_nand )
The intial scripts are geared towards G1 / MT3G. however I have 'rewritten' much of the script for v1.5 , it now reads the partition table in dmesg, so it _should_ be universal **
v1.5.3 confirmed to work on heroc
v1.5.6 confirmed to work on bravo + bravoc ( with S-OFF )
unsure if it will work with your device? checkout the source on github ( or ask your favourite dev to take a look )
The 'Tech' in Breif
This method is beautifully simple...
When booting we give the kernel the mtd partition table we want to use..
Thats it
In practice we need to do this when booting to recovery, and booting the rom.
below are files to make this as simple flashing a rom.
Credits :-
Lbcoder - for coming up with the idea
Skraw ( CM forums ) - for getting lbcoder interested
Koush - for AnyKernel
Cyanogen & Co - for giving us all such great ROMs to play with
Amon_RA and Koush - for giving us something to patch
Techjosh - for fixing the patchers for use with Rogers (EBi1)
Mblaster - for pointing out my nasty habit of using -r zip flag at the end of command ( breaks compatibility with older zip versions, fixed in AutoPatcher v1.5 )
Safety First
This method is safe, however it is not without risk
Two things could potentially go wrong
Recovery flash corrupt
This is extremely unlikely, and tbh could happen anytime you flash recovery
If in the very unlikely event that you find you can't reboot to recovery you have three options
re-flash recovery via fastboot ( the preferred option )
re-flash recovery via ROM ( not a great option with cm5.0.x/cm6 )
Do the whole root thing all over again ( no one wants to do that )
system, cache , data partition unmountable - corrupt
Under the right ( or wrong ) circumstances it is possible to get 'junk' files stuck in system ( or cache,data ), and in such away that recovery can not delete them, more serious corruption can render the partitions unmountable.
It is actually quite straight forward to fix this, but it does require fastboot
Code:
fastboot erase system -w
Clockwork Recovery 2.0.2.0 and later has erase_image binary, if you can adb shell in then
Code:
for i in system cache userdata;do erase_image $i;done
and reboot
I would advise you seek out how to 'fastboot', which tbh is a good thing to have regardless of using this 'hack' as it can get you out of so much trouble
*NB* don't use a patched recovery to flash SPL or RADIO ( you should avoid using recovery to flash these anyway, feel free to ask for current advice on spl / radio flashing )
Prevention is better than cure
I have only managed to corrupt partitions when switching partition layouts while having files on cache or data, for example going from System 67.5 Cache 67.5 to System 90 cache 5 with
cache approx 80% 'used'...
I have not been able to repeat this if I wipe Cache before rebooting,
therefore I advise that you wipe both cache and data * after patching recovery ( and rebooting )
* along with system if you are using clockwork
OK, now lets patch recovery and a ROM
Install Instuctions
It really is quite simple
download FR-recovery-v1.5.6-CustomMTD_S.zip and FR-boot-v1.5.6-CustomMTD_S.zip
create mtdpartmap.txt and put on /sdcard/ see configuration *
reboot to recovery
nandbackup
wipe cache + data
flash FR-recovery-v1.5.6-CustomMTD_S.zip
reboot to recovery ( reboot and hold Home )
Either : -
Nandrestore
Flash ROM + extras
flash FR-boot-v1.5.6-CustomMTD_S.zip
reboot
* configuration
The script in the recovery patcher checks for /sdcard/mtdpartmap.txt and reads that to override the default sizes.
e.g. for system 90mb and cache 2mb
NB make sure you mount sdcard first, else you won't write to sdcard/mtdpartmap.txt !
Code:
echo "mtd 90 2" > /sdcard/mtdpartmap.txt
data would be 117.8mb ( 116.7 useable )
e.g. for system 55mb and cache 2mb ( Purhaps a nice 'sugar free' Donut )
Code:
echo "mtd 55 2" > /sdcard/mtdpartmap.txt
data would be 152.8mb ( 151.7 useable )
NB, above data sizes are for G1s, MT3Gs should add ~78mb
All In One Patch runner ( New to v1.5.3 )
new option to run the All In One Patch script ( versions 1.3.6 and higher )
the format is
Code:
aio <option1> <option2> <option3>...
e.g.
Code:
aio swap remount shabang lwp
By default it will install the sd-ext mount ( option sdext )
so a line just reading aio will be fine
Note: the patch must be on the root of the sdcard, and its file name must start with "fr-patch" and end with ".txt"
if you have several versions the newest ( as per files datetime stamp ) will be used
Faking your SPL
If your using an SPL that is not officially supported by your ROM and that ROM checks your SPL you can 'patch' to fake it.
Code:
echo "spl 1.33.2005" >> /sdcard/mtdpartmap.txt
note that we are using ">>" here, this is to append to the file ( ">" would overwrite it )
you can by all means use any text editor you like, the script will automatically convert to unix format
NOTE : you are dodging the checks the ROM dev put in place, do not complain to them if this doesn't workout for you
in post 2 I have some 'CM6' Kernels I compiled for (1)0.95.xxxx SPLs
but I will only likely do these for RCs and Finals ( and there maybe a delay ).
In that post I point you towards the 'SafeSPL' ( 1.33.2003 ) this SPL is compatible with the current CM6 kernels ( so no need to wait for me or someone else to compile with bluetooth as modules ), but 1.33.2003 is not 'officially' supported ( its stock at 67.5mb system ) so you need to Fake your SPL ( say 1.33.2005 ) and resize to 90mb system ( or whatever you feel is optimum )
.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:.
Downloads
.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:.
http://tinyurl.com/customMTD
aab0fadf658ed275954aea8d0aed9c8f FR-AutoMTD_partitionPatcher_v1.5.6.tar.bz2
8857194cdbe34a52d173def4441ad2ae FR-AutoMTD_partitionPatcher_v1.5.6.zip
1f84a5ec50684a7830a93a8d455bc159 FR-boot-rpp-v1.5.6-CustomMTD_S.zip
bca0360f91aed0acf6e2dc82dfe01b56 FR-boot-v1.5.6-CustomMTD_S.zip
94b4238c2668cbe7cd52fb8ad5a2ee12 FR-recovery-v1.5.6-CustomMTD_S.zip
5404f1a41dbc60105d59c7fa0c335a70 FR-remove-v1.5.6-CustomMTD_S.zip
NB New Config option !!! to automatically run fr-patch136+
e.g.
Code:
mtd 90 2
spl 1.33.2005
aio swap remount shabang lwp a2sd
.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:.
ROM Zip Patcher for Devs
To make life even simpler for end users it is possible to integrate the 'patch' within a ROM
AutoMTD_partitionPatcher_v1.5.6.zip
currently Linux only,
within the zip is a tarball, untar that.
get that directory into your PATH, ( or just cd into it )
and then execute
Code:
PatchUpdateScript.sh <zip file to patch>
it will then
create a temp directory ( in your current directory )
copy your zip to it
extract required files
patch update(r)-script
zip and sign.
It simply saves the user from flashing the boot patch after flashing your ROM
The Future....
lbcoder has already suggested ways in which we can implement this 'on the fly'
so for instance it would be possible for a ROM , to instruct recovery what MTD partition layout is required, reload mtd kernel modules, and then flash ROM + boot.img
for those with huge partitions
Hey, you could go all silly and dual boot between ROMs ..
Anyway, enjoy and feel free to modify/improve on these
Changelog
v1-5-6 : 2010-10-28
Calculate userdata size, greatly improves compatibility
Added a version to patch a boot.img ( boot-rpp ) with run-parts
didn't want to , but some are using roms which don't have run-parts, so the 06BindCache script wasn't running
Added a remove version ( remove )
flashing this will return the recovery to SPL's layout
I may well integrate that better, so you don't need a separate zip
AutoMTD_partitionPatcher can convert a recovery.img to a AutoMTD flashable zip
PatchUpdateScript.sh <full path to>/recovery.img
boot patcher is much cleaner, it just uses the cmdline of the running recovery
removed the default 90 2 sizing, you *must* set your own size in mtdpartmap.txt
v1-5-4/5
added stuff
removed stuff
moved stuff
see v1-5-6
v1-5-3 : 2010-08-13
This should be last version we need
greater compatibility with none dreams/sapphires
option to launch All in One Patcher
v1-5-2 : 2010-08-0
Bug fixes
recovery was getting written to boot ( flash_image <partition> is now a variable )
typo in env variable was causing cache and data calculations to fail
AutoMTD now prints version number ( when flashing patched Zip )
tided up system "0x" 'fudge' ( to be compatible with trout/sapphire fall back )
removes temp files from memory when done
v1-5-1 : 2010-08-06
Bug fixes, had an extra '0x' on the system start + functions had wrong env var for the location of dmesg derived partition map
v1-5 : 2010-08-06
Version numbers brought into sync
Zipe Filename - 'reordered' ( easier to see version numbers in CWR )
AutoMTD Patcher - changes as per boot Patcher + zip recursion fix ( my bad habit, thanks go to mblaster for pointing this out )
Boot Patcher - cleaned up cache bind mount
Now supports leagcy /system/sd mount point
[*]supports ROM Manager ( real cache partition mounted on /dev/cache, recovery dir symlinked from 'fake' to 'real' cache )
Recovery Patcher - can 'fake' your SPL ( see configuration )
Recovery Patcher - creates more noise ( advise wipe and reboot )
Single Patcher script ( so I don't have make the same changes to three different files that essentially do the same job )
No longer 'Hardcoded' to 32[a/b] Partition Layout ( figures out SPL layout via dmesg ) **
uses original boot/recovery img's base configuration ( i.e. EBi0 and EBi1 compatible )
=< v1.4
Recovery Patcher v1.3, added SPL faker
Boot Patcher v1.2, fixed oversite where boot.img was not 'dumped'
Recovery Patcher v1.1 initial
Boot Patcher v1.1 ( was a fail, it didn't patch boot.img on CM roms as the tmp boot.img was deleted, my fault for just using the AutoMTD Patcher's script ( which runs before the tmp boot.img is deleted )
Boot Patcher v1 initial
Todo
- 2010-08-13 redundent ( launching AIO script ) - I might add some stuff to cm5/6's backup routine via the Auto patcher, things like the "All in One" installed scripts: 05mountsd and remount
windows compatible AutoMTD script ( meh, I hate batch scripts )
- 2010-08-13 DONE - thinking of adding a config option to launch the "all in one" script, but have to make that recovery compatible first
.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:.
Downloads
.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:.
mediafire downloads
http://tinyurl.com/customMTD
aab0fadf658ed275954aea8d0aed9c8f FR-AutoMTD_partitionPatcher_v1.5.6.tar.bz2
8857194cdbe34a52d173def4441ad2ae FR-AutoMTD_partitionPatcher_v1.5.6.zip
1f84a5ec50684a7830a93a8d455bc159 FR-boot-rpp-v1.5.6-CustomMTD_S.zip
bca0360f91aed0acf6e2dc82dfe01b56 FR-boot-v1.5.6-CustomMTD_S.zip
94b4238c2668cbe7cd52fb8ad5a2ee12 FR-recovery-v1.5.6-CustomMTD_S.zip
5404f1a41dbc60105d59c7fa0c335a70 FR-remove-v1.5.6-CustomMTD_S.zip
The attached files are OLD

Custom MTD FAQ
FAQ
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Q my SPL starts with 0 or 10, and I want to try CM5.0.8 or/and CM6. DO I need to do anything extra?[/b]
A yeap, it seems the newer kernels are just a bit too big for x0.95.x00x SPLs, you can get round it with the below kernels. And to flash CM6 you need to 'fake' your SPL ( see configuration in OP ) or edit the updater-script. faking is easier.
However, I would recommend the 1.33.2003 SPL ( you still need to fake your SPL, but you won't need the 'special' kernels )
guide for flashing 1.33.2003 SPL by Ezterry
#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#
2010-07-11
I have compiled a kernel, which I hope is NoneDanger compatible
the source is simply CyanogenMod's github, I have taken the config from cm6rc1, and simply changed the bluetooth to modules
this approach has worked in the past
It is pre-patched with AutoMTD, so just flash cm6rc1, then flash this
FR-CM6RC1-bootimg4NoneD-AutoMTD.zip(MD5: 386D9A05A3C0FFC08E5B3F844D437AA7)
mirrors
http://rapidshare.com/files/406402016/FR-CM6RC1-bootimg4NoneD-AutoMTD.zip
http://www.mediafire.com/?152jnqwyme3
#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#
2010-07-27
NoneDanger compatible Kernel for RC2
FR-CM6RC2-bootimg4NoneD-AutoMTD.zip (MD5: 7858a8a8d126919318d1718c6e5167ec )
http://www.mediafire.com/file/ttxfcocsti3mma3/FR-CM6RC2-bootimg4NoneD-AutoMTD.zip
I'll have to dig out the src
#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#
2010-08-15
NoneDanger compatible Kernel for RC3
2010-08-17 ( Sorry, old one had a status6 bug )
New one here
87F160F08FCD2233DDD40FBFC50D3711 FR-CM6RC3-bootimg4NoneD-AutoMTD.zip
src = http://github.com/CyanogenMod/cm-kernel/tree/48c57f11abaaf3de6c81f6f5c44cfe2637251184
no modifications its straight cm ( besides the config, which you can get from the compiled kernel or zcat /proc/config.gz )
#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#
*NB* don't use a patched recovery to flash SPL or RADIO ( you should avoid using recovery to flash these anyway, feel free to ask for current advice on spl / radio flashing )
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Q do I need to flash both of the files each time I install a new rom?
A No, you only need to flash the recovery patcher once, unless you want to resize or you install a new recovery.
the boot patcher *must* be flashed after you have installed a new ROM or Kernel update
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Q my cache looks odd in df, I see two and its the same size as data or sd-ext, is something wrong?
A everything is fine, since we shrunk cache its no good for things like the Market, so a script is installed to 'bind mount' cache with /sd-ext/cache or data if sd-ext is not mounted.
it actually turns out that /cache is not actually used in CM6, so I might adapt the script a little in a future release.
EDIT: as of version 1.5 the cache bind mount script mount 'real cache' separately, which should reduce confusion
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Q When I tell ROM Manger to do something in recovery, it just reboots to recovery and does nothing. it used to do the action but not since I installed CustomMTD
A yeah, nearly forgot about that, I was going to fix it last week, basically ROM Manger writes commands to /cache, but its writing it to our bind mount so.. when recovery boots it doesn't see the commands.
In all honesty that one hasn't been pointed out to me yet, but yeah I can fix it..
EDIT: as of version 1.5 the cache bind mount is compatible with ROM Manager
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The Scripts
'source' is now available on github
http://github.com/Firerat/CustomMTD
errm, tbh I'm not all that clued up on it yet

looks very promising
So, will i need to change the values everytime i flash a different rom? or can i just set them to a large size and everything will work?

asb123 said:
looks very promising
So, will i need to change the values everytime i flash a different rom? or can i just set them to a large size and everything will work?
Click to expand...
Click to collapse
most roms have a target of 90mb system ( DangerSPL )
so 90 2 config will basically give you an extra 28mb on data than you would have with stock DangerSPL MTD map
so yeah
90 2 is a good all rounder

Firerat said:
most roms have a target of 90mb system ( DangerSPL )
so 90 2 config will basically give you an extra 28mb on data than you would have with stock DangerSPL MTD map
so yeah
90 2 is a good all rounder
Click to expand...
Click to collapse
is it okay if I make system 70mb?
The rom im using is only using 66 out of 90, i want more space for data instead. I remember you said something about it being a miltiple of 128K.

With this, could Devs stop skimping on stuff like wallpapers and ringtones or additional apps, and surpass the 90MB danger spl mark? It would seem so. Also, I do not make roms so I do not know how it works but if there is compression or lower quality stuff they would now be able to use up as much space as wanted correct?

Ace42 said:
is it okay if I make system 70mb?
The rom im using is only using 66 out of 90, i want more space for data instead.
Click to expand...
Click to collapse
yeap, should be fine
personally I would be tempted to use clockwork, since you can erase system ( part of partition options )
.img files can be found here
http://www.koushikdutta.com/2010/02/clockwork-recovery-image.html
I don't recommend flashing via ROM Manager with CM5 or CM6
fastboot it over, or flash via recovery
I may be a little over cautious recommending a full wipe, but I have never had problems when system, cache and data are clean.
if you are 'growing' system make sure cache and data are clean
if your 'shrinking' make sure system is clean ( so 'hangovers don't mess up /cache or data )

asb123 said:
With this, could Devs stop skimping on stuff like wallpapers and ringtones or additional apps, and surpass the 90MB danger spl mark? It would seem so. Also, I do not make roms so I do not know how it works but if there is compression or lower quality stuff they would now be able to use up as much space as wanted correct?
Click to expand...
Click to collapse
yes, you can 'grow' or 'shrink' at will
just hope it doesn't get used to be lazy and not trim bloat

Hi firerat,
you mentioned once before something about market data on the cahe... or something so downloads would be ok if a certain partition was big enough?....something like that... I am having a prob that might be related since it started when I tried to change from default to system 80 5 for data. now I cant sign in to google and after flashing gaaps there is no market? everything else in the gaaps zip is there...? It could be google i know but i remembered you saying that somewhere.

TheNewGuy said:
Hi firerat,
you mentioned once before something about market data on the cahe... or something so downloads would be ok if a certain partition was big enough?....something like that... I am having a prob that might be related since it started when I tried to change from default to system 80 5 for data. now I cant sign in to google and after flashing gaaps there is no market? everything else in the gaaps zip is there...? It could be google i know but i remembered you saying that somewhere.
Click to expand...
Click to collapse
I very much doubt it is related in anyway
/cache is where the market downloads apks to prior to install
it should be bind mounted to /sd-ext/cache or /data/cache if sd-ext is not mounted
your missing Market is related to something else

Firerat said:
I very much doubt it is related in anyway
/cache is where the market downloads apks to prior to install
it should be bind mounted to /sd-ext/cache or /data/cache if sd-ext is not mounted
your missing Market is related to something else
Click to expand...
Click to collapse
On my sdcard, why were my market Dls going to /Sdcard/Download folder?
I never seen them go there before, I'm used to seeing them in /cache.

Ace42 said:
On my sdcard, why were my market Dls going to /Sdcard/Download folder?
I never seen them go there before, I'm used to seeing them in /cache.
Click to expand...
Click to collapse
Because he bind mounted it.

Ace42 said:
On my sdcard, why were my market Dls going to /Sdcard/Download folder?
I never seen them go there before, I'm used to seeing them in /cache.
Click to expand...
Click to collapse
JAguirre1231 said:
Because he bind mounted it.
Click to expand...
Click to collapse
sorry for confusion
When I download stuff with dolphin HD it goes to /sdcard/download
maybe its different with stock browser
the cache bind mount is
added a few extra comments to make it easier to follow
/system/etc/init.d/06BindCache
Code:
#!/system/bin/sh
# check we don't already have a bind mount
# ( so if ran manually multiple times we don't end up with strange things happening )
if [ "`awk '/\/cache/' /proc/mounts |sed -n '$='`" -gt "1" ];
then
echo "cache already bind mounted"
echo `awk '/\/cache/' /proc/mounts`
exit
fi
# check if /sd-ext mounted, if yes then bind to /sd-ext/cache, if not /data/cache
if [ "`grep -q sd-ext /proc/mounts;echo $?`" = "0" ];
then
CacheDir=/sd-ext/cache
else
CacheDir=/data/cache
fi
# check we have something to bind mount, and create if not
if [ ! -d $CacheDir ];
then
install -m 771 -o 1000 -g 2001 -d $CacheDir
fi
mount -o bind $CacheDir /cache
# check dalvik-cache exists ( this is really for magics )
# so they don't end up in bootloop because dex files can not be created
if [ ! -d $CacheDir/dalvik-cache ];
then
install -m 771 -o 1000 -g 1000 -d $CacheDir/dalvik-cache
fi
actually, errm yeah it is d/l to /sdcard/downloads
not my doing
I guess cache really is pointless on froyo

hey firerat great job bro! again ive been really busy and i still didnt get to try this or the earlier betas you made...hell i havent even tried a froyo rom yet. ima try this right now and let you know how it goes!

speedysilwady said:
hey firerat great job bro! again ive been really busy and i still didnt get to try this or the earlier betas you made...hell i havent even tried a froyo rom yet. ima try this right now and let you know how it goes!
Click to expand...
Click to collapse
Froyo has been nice so far
but you may run into issues
for one the updater-script is actively 'kicking' NoneDanger
you can just remove the getprop checks
I have had problems booting cm5.0.8's kernel, I did get round it by compiling a new one from cm github,
I
'm not sure is cm6's kernel has the same issue
it does seem SPL related, I flashed Danger and it was fine, I plan to go back to NoneDanger and confirm it still doesn't work.
but figured that while I was on Danger I might as well put this (Custom MTD) through its paces with a DangerSPL

Firerat said:
Froyo has been nice so far
but you may run into issues
for one the updater-script is actively 'kicking' NoneDanger
you can just remove the getprop checks
I have had problems booting cm5.0.8's kernel, I did get round it by compiling a new one from cm github,
I
'm not sure is cm6's kernel has the same issue
it does seem SPL related, I flashed Danger and it was fine, I plan to go back to NoneDanger and confirm it still doesn't work.
but figured that while I was on Danger I might as well put this (Custom MTD) through its paces with a DangerSPL
Click to expand...
Click to collapse
lol yeah i was just gonna say the get prop error occured lemme remove those asserts resign and see what happens

hmm oddly everything flashed fine on the latest nightly build but when it gets past the g1 screen it keeps rebooting to recovery? ima rewipe and try again and see if i can get a logcat if it happens again
edit: no dice when i run logcat =/
-exec '/system/bin/sh/' failed: permission denied (13) -"
double edit: i get the same error for any rom i try to flash when i look at the logcat. the only difference is cm's latest nightly build rebooted on the g1, super e freezes at the g1 screen...ima try to modify the .txt to go back to the stock layout so i can nandroid my cachehacked cm5.08 back if not...idk what to do..

speedysilwady said:
hmm oddly everything flashed fine on the latest nightly build but when it gets past the g1 screen it keeps rebooting to recovery? ima rewipe and try again and see if i can get a logcat if it happens again
edit: no dice when i run logcat =/
-exec '/system/bin/sh/' failed: permission denied (13) -"
Click to expand...
Click to collapse
Odd, but at leasat the kernel is booting, I wasn't getting anywhere with cm5.0.8
It could be a general error
Which build are you using
I'm on a nightly, but I know Defcon works
If its still not working, try the older v1 version of boot patcher in lbcoders thread
I did change boot v1.1 to the script I use in the automtd one
I'm on the nightly 0704 (944 I think ) btw

Firerat said:
Odd, but at leasat the kernel is booting, I wasn't getting anywhere with cm5.0.8
It could be a general error
Which build are you using
I'm on a nightly, but I know Defcon works
If its still not working, try the older v1 version of boot patcher in lbcoders thread
I did change boot v1.1 to the script I use in the automtd one
I'm on the nightly 0704 (944 I think ) btw
Click to expand...
Click to collapse
noo this wasnt cm5.08 this was the latest nightly, same one youre 0704 on.
it got to the g1 screen and right when its abt to hit the boot animation it reboots.
i tried super e but it froze on the g1 screen
trying to get back to 67 67 for cache and system so i can nandroid but its weird that the logcat wont show no matter what rom i use.

[DEV][TWRP/CWM/...] Backing up the boot (kernel/LNX) partition !

Hello folks,
it's me again (RaymanFX aka Chris Hesse) and I want to introduce you to a little, but important project.
​ My goal is to finally be able to backup the 'boot' partition of our device in CWM and TWRP or others !
​
How can we get to that ?
Well, I already have an exact plan on how to do it.
1. Step : examining the boot partition (LNX) size and offsets
2. Step : invoke a kernel hack to parse the partition layers to the system at runtime (WARNING : This will only work on a hack-enabled kernel) - I will provide one.
3. Step : re-enable 'boot' partition backup (in TWRP, e.g.) I will recompile TWRP with newest code when the time is right
Ok, so what do we have ?
1. To examine these partition layout sizes and offsets, we have to strip of the hex value of !ANDROID or ANDROID! of /dev/block/mmcblk0 using the dd command.
I already did this.
Here's how to do it :
Code:
iMac21:~ RaymanFX$ adb shell
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
~ # dd if=/dev/block/mmcblk0 of=/sdcard/20m.bin bs=1M count=20
20+0 records in
20+0 records out
20971520 bytes (20.0MB) copied, 1.271406 seconds, 15.7MB/s
~ # exit
iMac21:~ RaymanFX$ adb pull /sdcard/20m.bin /Users/RaymanFX/Desktop
2413 KB/s (20971520 bytes in 8.487s)
Then open a hex editor and search for the sring value 'ANDROID!' and copy that value.
Mine is :
Code:
0x37FFED
Now we have to convert this to get the sizes and offsets we need (I work together with Dees_Troy to resolve this).
-> To be fixed soon !
2. When we proceed, we need to invoke a kernel hack at compile time, so every old kernel needs to be recompiled.
-> I will provide a recompiled and hack-enabled harmony kernel soon
Code:
Here will be the required code fix; commit at my GitHub
3. And last but not least :
A new version of TWRP needs to be compiled to re-include the boot partition for the nandroid system, i will compile one with the newest updates once the previous steps are made.
As always, I need assistance to proceed faster with your help.
I can do everything on my own, but it will take time. What I need the most urgent is someone to convert the hex values to get the offset and size values.

One for me
The recompiled harmony kernel and information for kernel devs will be posted here.

Last one, open disscussion now !
NOTE : THIS IS A [DEV] THREAD, SO PLEASE DON'T CLUTTER IT WITH QUESTIONS THAT DON'T BELONG IN HERE. IF YOU WANT TO SUPPORT ME, HIT THE 'THANKS' BUTTON TO KEEP ME MOTIVATED !

Hmm, sounds intriguing. Why would we want to backup our boot partition exactly? Sorry, I just had to ask. Why wouldn't we be able to poll the partition via adb, or is this to make it possible via a GUI? Or are you talking about the boot loader? Argh, I'm confused...

hanthesolo said:
Hmm, sounds intriguing. Why would we want to backup our boot partition exactly? Sorry, I just had to ask. Why wouldn't we be able to poll the partition via adb, or is this to make it possible via a GUI? Or are you talking about the boot loader? Argh, I'm confused...
Click to expand...
Click to collapse
so we can back up kernel, each time we restore a rom from CWM it does not restore kernel so we have to reflash that.

hanthesolo said:
Hmm, sounds intriguing. Why would we want to backup our boot partition exactly? Sorry, I just had to ask. Why wouldn't we be able to poll the partition via adb, or is this to make it possible via a GUI? Or are you talking about the boot loader? Argh, I'm confused...
Click to expand...
Click to collapse
The 'boot' partition (LNX, in our case) stores the whole kernel and the ramdisk, combined as a boot image.
This means if I am successful, we can just backup the kernel in recovery along with the rom, like other android devices already do.
E.g. when you flash a new rom, but backed up the old one first, you have to flash a kernel compatible with the rom manually when going back to your backup as of now.
After my work has succeeded, you can just restore the old android, which restores the kernel automatically.

RaymanFX said:
The 'boot' partition (LNX, in our case) stores the whole kernel and the ramdisk, combined as a boot image.
This means if I am successful, we can just backup the kernel in recovery along with the rom, like other android devices already do.
E.g. when you flash a new rom, but backed up the old one first, you have to flash a kernel compatible with the rom manually when going back to your backup as of now.
After my work has succeeded, you can just restore the old android, which restores the kernel automatically.
Click to expand...
Click to collapse
Okay, I thought so, I just needed confirmation. Bad question #3: why can't we did the kernel partition, and restore it that way?

hanthesolo said:
Okay, I thought so, I just needed confirmation. Bad question #3: why can't we did the kernel partition, and restore it that way?
Click to expand...
Click to collapse
Ask this to ASUS !
Those guys gave us a crappy partition layout, meaning we only have /staging for flashing boot and recovery blobs, NO REAL PARTITIONS holding those files. -> UNITL NOW ! I examined the boot offset and size ...
Seems like the recovery ad boot partition share the same offsets and sizes .. will check this
EDIT : Progress : I have the offsets and sizes right at my hands !
See : My hex offset is 0x37ffed, I take this and convert it to decimal ()10 ... then I get 3669997, which fits our definitions perfectly (7chars).
Now, we have to divide this by the block layer size (512), we get 7167.962890625, which is ugly.
The second one has hex offset at 0x87ffe8, decimal at 8912872, decided by 512 makes 17407.953125

Very nice work, seems like more and more people are learning to dev.

RaymanFX said:
Ask this to ASUS !
Those guys gave us a crappy partition layout, meaning we only have /staging for flashing boot and recovery blobs, NO REAL PARTITIONS holding those files. -> UNITL NOW ! I examined the boot offset and size ...
Seems like the recovery ad boot partition share the same offsets and sizes .. will check this
EDIT : Progress : I have the offsets and sizes right at my hands !
See : My hex offset is 0x37ffed, I take this and convert it to decimal ()10 ... then I get 3669997, which fits our definitions perfectly (7chars).
Now, we have to divide this by the block layer size (512), we get 7167.962890625, which is ugly.
The second one has hex offset at 0x87ffe8, decimal at 8912872, decided by 512 makes 17407.953125
Click to expand...
Click to collapse
Oh, okay, ouch, this sounds like it is going to be a LOT if fun to do . I thought it would be possible because the uodater-script flashes kernels to mmcblk0p4, but I guess that was staging, not the actual kernel partition (this also explains why I got a fliesize if 500ish MB the other day when I dd'ed the partition). Good luck to you, and I will try to help the next time I am bored/have free time.

The important stuff is in the header (raw?) of mmcblk0, so it should be possible to just use dd.

K900 said:
The important stuff is in the header (raw?) of mmcblk0, so it should be possible to just use dd.
Click to expand...
Click to collapse
... so ?
Look at my first post, this is exactly what I did. Stripped off the first 20M and found the offsets. I am getting assistance from Dees_Troy and the TF300 devs to ensure everything is going the right way.

RaymanFX said:
... so ?
Look at my first post, this is exactly what I did. Stripped off the first 20M and found the offsets. I am getting assistance from Dees_Troy and the TF300 devs to ensure everything is going the right way.
Click to expand...
Click to collapse
What I mean is patching the kernel to make it a 'partition' is dangerous and can cause unexpected results, so dd and a modified recovery should be used instead.

K900 said:
What I mean is patching the kernel to make it a 'partition' is dangerous and can cause unexpected results, so dd and a modified recovery should be used instead.
Click to expand...
Click to collapse
Believe me, they can't be used. We need the kernel patch. The guys from tf300 tried anything, but using the kernel hack was the only way to make this possible.
And if (not possible in theory) the hack would cause problems, we can always flash a different one since the /staging-flash is not affected at all

RaymanFX said:
Believe me, they can't be used. We need the kernel patch. The guys from tf300 tried anything, but using the kernel hack was the only way to make this possible.
And if (not possible in theory) the hack would cause problems, we can always flash a different one since the /staging-flash is not affected at all
Click to expand...
Click to collapse
There should be other solutions that don't involve uber ugly kernel hacks. I'll see if I can get more info since I have some docs regarding the boot process on generic Tegra boards and reusing same methods (likely bypassing ASUS bootloaders altogether) should be possible, at least now that we have nvflash access for all.

Hey Rayman, any word on this getting up and going? It will kick tail if you do. No more multiple zips then which means more space for me.

According to my research with others in the #asus-transformer channel on Freenode, the correct values are 0x380000 and 0x880000
380000 to decimal becomes: 3670016
3670016 / 512 = 7168 so 7168 is your first offset
880000 to decimal becomes: 8912896
8912896 / 512 = 17408 so 17408 is your second offset
The difference between the 2 values is hex 500000, decimal 5242880.
5242880 / 512 = 10240 which is your size for both.
Of course, after you build a kernel with the correct source and offsets, you'll want to dd dump the partitions and verify with a hex editor that you're getting the right stuff. Both partitions should start with "ANDROID!". You'll also want to unpack the contents of the dd images with unpackbootimg or something and determine which one is recovery and which one is boot. Most likely the first one is recovery.
Technically some of the other people are right. You can probably use dd with the right seek and size values to flash and dump the partitions without modifying the kernel, but modifying the kernel makes for a cleaner, simpler setup. We've used the kernel approach on the TF201, TF300T, and TF700T with much success.
Hope that helps.

Dees_Troy said:
According to my research with others in the #asus-transformer channel on Freenode, the correct values are 0x380000 and 0x880000
380000 to decimal becomes: 3670016
3670016 / 512 = 7168 so 7168 is your first offset
880000 to decimal becomes: 8912896
8912896 / 512 = 17408 so 17408 is your second offset
The difference between the 2 values is hex 500000, decimal 5242880.
5242880 / 512 = 10240 which is your size for both.
Of course, after you build a kernel with the correct source and offsets, you'll want to dd dump the partitions and verify with a hex editor that you're getting the right stuff. Both partitions should start with "ANDROID!". You'll also want to unpack the contents of the dd images with unpackbootimg or something and determine which one is recovery and which one is boot. Most likely the first one is recovery.
Technically some of the other people are right. You can probably use dd with the right seek and size values to flash and dump the partitions without modifying the kernel, but modifying the kernel makes for a cleaner, simpler setup. We've used the kernel approach on the TF201, TF300T, and TF700T with much success.
Hope that helps.
Click to expand...
Click to collapse
From my research
Code:
Position 3670016 / 512 = 7168
Position 8912896 / 512 = 17408
Diff
5242880
10240
From nvflash flash.cfg
SOS Size 5242880 / 512 = 10240
LNX Size 8388608 / 512 = 16384
Also, I already have a kernel compiled. I'll test later.

Just thinking about this thing and wondering about the linux-based (or are they also based on other architectures?) blob tools as a possible workaround? Ignore this if it seems silly. I haven't thought about this sort of thing for a long time and not at all on the transformer.
-
When any of the many kernel/ROM installer scripts take off and do their thing, they use the compiled (usually for linux, but some sort of combo binary and script) blob tools , I thought from Rayman as well (but it's been awhile since I've played with the source and the tools themselves.
Is there any reason why an android version of those couldn't be built and used inside either cwm or tw* to perform both the backup and retrieval of the kernel? I realize it would have to churn out an installer type script somewhere in the backup directory and run it upon restore, but would something like this be one of the multiple possible solutions? I'm guessing there is some obvious reason I've not looked into yet, like a dependency upon some other API or utility that is in a full linux system, but not in an android OS.. (but I don't know).
I suppose the good news of this would be that numbers tied to the partition wouldn't be of much importance since blobbing works OK without them, but there might also be a down side to adding a completely different type of backup/restore paradigm just for the kernel to a nice little piece of code (cwm/tw*) that works for everything else.

hachamacha said:
Just thinking about this thing and wondering about the linux-based (or are they also based on other architectures?) blob tools as a possible workaround? Ignore this if it seems silly. I haven't thought about this sort of thing for a long time and not at all on the transformer.
-
When any of the many kernel/ROM installer scripts take off and do their thing, they use the compiled (usually for linux, but some sort of combo binary and script) blob tools , I thought from Rayman as well (but it's been awhile since I've played with the source and the tools themselves.
Is there any reason why an android version of those couldn't be built and used inside either cwm or tw* to perform both the backup and retrieval of the kernel? I realize it would have to churn out an installer type script somewhere in the backup directory and run it upon restore, but would something like this be one of the multiple possible solutions? I'm guessing there is some obvious reason I've not looked into yet, like a dependency upon some other API or utility that is in a full linux system, but not in an android OS.. (but I don't know).
I suppose the good news of this would be that numbers tied to the partition wouldn't be of much importance since blobbing works OK without them, but there might also be a down side to adding a completely different type of backup/restore paradigm just for the kernel to a nice little piece of code (cwm/tw*) that works for everything else.
Click to expand...
Click to collapse
That would be an option as well I suppose. Take the image and call blobpack and build a blob to be flashed on reboot. Although, if we could 'dd' it cleanly without causing issues with other devices, that would be an ideal solution. Until then, this kernel change will work.

64 Bit OS Development

Edit 25/10/2020: OK its been a while guys, if you want to try a ROM I'd highly recommend following LineageOS's wiki for instructions. Then if u want to try other ROMs keep an eye out in these forums, ill have a build up every now and then. See ya around guys
==========================================================================================
Rather than having random comments in random parts of the forum here is a thread for everything 64 bit on G7 Play.
CURRENT STATUS
WE DID IT!!!! CHECK SyberHexen's ANDROIDFILEHOST FOR DOWNLOAD!
OLD POST ARCHIVED BELOW
And here is what is available so far:
A nice selection of ROMs for the other G7's, but they dont actually boot on the Play, although should do something in theory
postmarketOS is aarch64, but that is mobile linux, and no phone interface works (x.org doesnt work with the current drivers)
Here is what I've tried:
crDroid from ocean:
I got it to install by: repartitioning device using ocean gpt.bin
Then flashing stock rom from channel
Booting TWRP
Flashing ROM, with modified zip accepting channel
Doesnt boot
Also tried a flash using ocean firmware completely, doesn't boot, but got the logos and bootloader works lol
If anyone has any tips or progress drop it here, eta kids go away. Read the status above if you want the up-to-date answer

00p513 said:
Rather than having random comments in random parts of the forum here is a thread for everything 64 bit on G7 Play.
CURRENT STATUS
NO 64-BIT ANDROID ROM AVAILABLE
And here is what is available so far:
A nice selection of ROMs for the other G7's, but they dont actually boot on the Play, although should do something in theory
postmarketOS is aarch64, but that is mobile linux, and no phone interface works (x.org doesnt work with the current drivers)
Here is what I've tried:
crDroid from ocean:
I got it to install by: repartitioning device using ocean gpt.bin
Then flashing stock rom from channel
Booting TWRP
Flashing ROM, with modified zip accepting channel
Doesnt boot
Also tried a flash using ocean firmware completely, doesn't boot, but got the logos and bootloader works lol
If anyone has any tips or progress drop it here, eta kids go away. Read the status above if you want the up-to-date answer
Click to expand...
Click to collapse
You have to compile the kernel from source and use a 64bit gsi and flash a 64 bit vendor partition I'm pretty sure everythi
---------- Post added at 04:44 AM ---------- Previous post was at 04:42 AM ----------
00p513 said:
Rather than having random comments in random parts of the forum here is a thread for everything 64 bit on G7 Play.
CURRENT STATUS
NO 64-BIT ANDROID ROM AVAILABLE
And here is what is available so far:
A nice selection of ROMs for the other G7's, but they dont actually boot on the Play, although should do something in theory
postmarketOS is aarch64, but that is mobile linux, and no phone interface works (x.org doesnt work with the current drivers)
Here is what I've tried:
crDroid from ocean:
I got it to install by: repartitioning device using ocean gpt.bin
Then flashing stock rom from channel
Booting TWRP
Flashing ROM, with modified zip accepting channel
Doesnt boot
Also tried a flash using ocean firmware completely, doesn't boot, but got the logos and bootloader works lol
If anyone has any tips or progress drop it here, eta kids go away. Read the status above if you want the up-to-date answer
Click to expand...
Click to collapse
You have to compile the kernel from source and use a 64bit gsi and flash a 64 bit vendor partition I'm pretty sure everything else will work fine. I'm working on getting a new dev environment set up I'll give it a shot... This phone is reeeeealy under developed. Proly cause the g6 play is a way better phone and much cheaper to boot

mrsurge said:
You have to compile the kernel from source and use a 64bit gsi and flash a 64 bit vendor partition I'm pretty sure everythi
---------- Post added at 04:44 AM ---------- Previous post was at 04:42 AM ----------
You have to compile the kernel from source and use a 64bit gsi and flash a 64 bit vendor partition I'm pretty sure everything else will work fine. I'm working on getting a new dev environment set up I'll give it a shot... This phone is reeeeealy under developed. Proly cause the g6 play is a way better phone and much cheaper to boot
Click to expand...
Click to collapse
We have a 64-bit kernel and 64-bit Lineage OS testing builds but porting 64-bit vendor partition for it to flash in g7 play hasn't been achieved yet.

kD said:
We have a 64-bit kernel and 64-bit Lineage OS testing builds but porting 64-bit vendor partition for it to flash in g7 play hasn't been achieved yet.
Click to expand...
Click to collapse
I think maybe you can just pick out driver binaries from 64 bit /vendor and use all the configs scripts and frameworks from the original vendor
Try backing up/vendor pieceing the drivers from another device of the same model but diff carrier and a combo as such would work. If not mistaken the. Vendor from the Verizon g6 play worked for sprint except data and wifi or radio in general didn't work.. that's a start right there
I think the modem is going to be the same architecture no matter what so you wouldn't have to worry to much about that

64bit Test
Okay so this sh*t probably totally won't boot up at all, but if someone is feeling brave, you can test this out.
1. From your active slot, with root access, you'll need to dd these images to the correct partitions. It's easiest to do this from the internal sdcard using termux. Use the following as a template. These commands assume you're installing it to slot b.
Code:
su
dd if=/sdcard/boot64.img of=/dev/block/by-name/boot_b
dd if=/sdcard/dtbo64.img of=/dev/block/by-name/dtbo_b
dd if=/sdcard/vendor64.img of=/dev/block/by-name/vendor_b
dd if=/sdcard/oem64.img of=/dev/block/by-name/oem_b
2. Reboot into fastboot, swap active slots, and wipe userdata + DDR. Then flash an arm64 AB GSI. I'd recommend trying Phh's AOSP Vanilla to maximize the chances of success.
To swap slots and wipe user data...
Code:
fastboot --set-active=_b
fastboot erase userdata
fastboot erase DDR
3. Reboot system, and tell me what happens.
**Do NOT attempt to use TWRP with this. You'll probably have to reflash stock firmware to the slot you tampered with to get everything back to normal afterwards.**
Link: 64bit Folder
This is not source built, and it's very much a hack job, so I'm really not expecting anything to work. I did get Ubuntu installed this morning, so I will attempt to build from source in the near future.

Please don't use this if you don't know what a "brick" is or how to recover from one

PS: it probably wont work cause vendor is twice the size xD

The G7 play is coming so far little by little it was like yesterday we never thought we would have twrp and magisk and now in fact we do on a GSI
([emoji88]Havoc GSI[emoji88])

00p513 said:
PS: it probably wont work cause vendor is twice the size xD
Click to expand...
Click to collapse
You are correct. She's way too hefty. It's ~164mb too large. I tried resizing last night, but I can only shrink it to 433mb. I can probably remove the modem files and replace them with the ones from stock. I think it's where most of the extra weight is from. The 64bit libs are about 1.5x bigger, but I don't think that accounts for all of it. The Muppets have a tree for sdm632, so all I need to do is look at it, and delete everything in vendor that's not in there. It should help but I'm not sure if it'll be enough. I could repartition it, but I'm not a fan of resizing partitions because I'm very fearful of bricks.

Spaceminer said:
You are correct. She's way too hefty. It's ~164mb too large. I tried resizing last night, but I can only shrink it to 433mb. I can probably remove the modem files and replace them with the ones from stock. I think it's where most of the extra weight is from. The 64bit libs are about 1.5x bigger, but I don't think that accounts for all of it. The Muppets have a tree for sdm632, so all I need to do is look at it, and delete everything in vendor that's not in there. It should help but I'm not sure if it'll be enough. I could repartition it, but I'm not a fan of resizing partitions because I'm very fearful of bricks.
Click to expand...
Click to collapse
I can get a bit more space with an ocean gpt.bin btw. i suppose we could see how those files work i guess and make a bigger vendor?

00p513 said:
I can get a bit more space with an ocean gpt.bin btw. i suppose we could see how those files work i guess and make a bigger vendor?
Click to expand...
Click to collapse
Have you flashed the gpt.bin from ocean before? If so I'll definitely try using that with the slightly smaller vendor I made. I'm thinking most things from Ocean should work natively. The only difference is screen size by a few pixels, ram, and battery capacity. Otherwise they're essentially the same.

Spaceminer said:
Have you flashed the gpt.bin from ocean before? If so I'll definitely try using that with the slightly smaller vendor I made. I'm thinking most things from Ocean should work natively. The only difference is screen size by a few pixels, ram, and battery capacity. Otherwise they're essentially the same.
Click to expand...
Click to collapse
yeah i use channel firmware extracted, then i use motoflash2sh to generate a bashscript from the flashfile. I then replace gpt .bin and remove it from the md5 checks at the beginning of the script. run the script and im repartitioned!

00p513 said:
yeah i use channel firmware extracted, then i use motoflash2sh to generate a bashscript from the flashfile. I then replace gpt .bin and remove it from the md5 checks at the beginning of the script. run the script and im repartitioned!
Click to expand...
Click to collapse
That's awesome! I'll try working with this.

Spaceminer said:
That's awesome! I'll try working with this.
Click to expand...
Click to collapse
ill send a repartition kit later. just unzip and run the script

00p513 said:
ill send a repartition kit later. just unzip and run the script
Click to expand...
Click to collapse
I already found it. So I'd just remove 61863ba7dac0c512d610ffa6406a50f8 and it'll flash correct?
Code:
md5sum --check <<EOF || exit 1
[B]61863ba7dac0c512d610ffa6406a50f8[/B] *gpt.bin

Spaceminer said:
I already found it. So I'd just remove 61863ba7dac0c512d610ffa6406a50f8 and it'll flash correct?
Code:
md5sum --check <<EOF || exit 1
[B]61863ba7dac0c512d610ffa6406a50f8[/B] *gpt.bin
Click to expand...
Click to collapse
that whole line needs deleting. That is just to stop it failing on md5 verification ,as it is a dfiferent file

Spaceminer said:
I already found it. So I'd just remove 61863ba7dac0c512d610ffa6406a50f8 and it'll flash correct?
Code:
md5sum --check <<EOF || exit 1
[B]61863ba7dac0c512d610ffa6406a50f8[/B] *gpt.bin
Click to expand...
Click to collapse
Did it work? Any update on the vendor image?

00p513 said:
Did it work? Any update on the vendor image?
Click to expand...
Click to collapse
I haven't tried it yet. I got side tracked compiling twrp. I'm 3 errors away from success. Something about unknown compiler flags.

As an FYI, I'm out of a computer for the next several months, possibly up to a year. I'm going through a nasty divorce at the moment, and that's all I'm going to say about that. I'll get back into the game as soon as I can, but for now, you should not expect me to put out anything new for quite awhile. I can and will help people as much as possible during this time. But my ability to do so is going to be hindered without an PC.

I'm sorry to hear that. My divorce lasts since two years.
However, that's not why I registered. I received a Moto G7 Play for app security testing just a few days ago and found this forum when trying to install GSI to the phone. Everything works fine, but I'm interested to upgrade the OS to 64bit. Therefore, I'd like to try out the work already present in this thread. Unfortunately, I have neither found the repartition kit nor gained enough information about gpt.bin file format yet in order to repartition the flash memory of the G7 Play.
I'd really appreciate if anybody could either post or send me the repartition kit or supply information about the partition table format, because I failed to google for that kind of information.
[edit] Ok, I found out how to change partition size to the size of ocean. I flashed the following images:
* Partition table from ocean
* Everything else except system_a from channel
* system_a from phh (binder64)
Everything worked just fine.
Then I proceeded to flash the files posted in this thread earlier. The vendor64.img fits into the new partition layout just fine. After flashing all 4 files, I proceeded to flash phh 64bit version. Then I rebooted, but the boot failed:
First, the device showed up some very long hexadecimal number (maybe some UUID?) on a black screen, where it had shown "bad key" before when everything went right.
Afterwards, it ran into fastboot:
Start Up Failed:
Your device didn't start up successfully.
Use Software Repair Assistant on computer to repair your device.
Connect your device to your computer to get the Software Repair Assistant.
AP Fastboot Flash Mode (Secure)
Failed to verify hab image boot_a
Error: failed to load kernel!
No bootable A/B slot
Failed to boot Linux,falling back to fastboot
Fastboot Reason: Fall-through from normal boot mode
Click to expand...
Click to collapse
So, I'm back on binder64 again.
Please, could you provide any help for fixing the images, or at least the information how you have built the 64bit images?

[PX5][Android 10] Patched recovery

This is the Android 10 recovery image by HCT (version 10.3.1) patched to skip signature checking on .zip files
Tested on MTCE_LM (Eunavi). Use at your own risk
It can be flashed from a root shell (either adb or via terminal emulator) by performing the following steps
1. upload recovery via adb
Code:
adb push hct_recovery_patched.img /sdcard/
2. flash recovery
Code:
# backup current recovery
dd if=/dev/block/by-name/recovery of=/sdcard/recovery_backup.img
# write new recovery
dd if=/sdcard/hct_recovery_patched.img of=/dev/block/by-name/recovery
NOTE: If you do not disable the "flash_recovery" service in /init.rc, AND you have a stock kernel, recovery will be restored to the original version after rebooting.
There are 3 ways to avoid this:
- Flash magisk (or a modified kernel) while in recovery. The patch will then fail to apply and recovery won't be overwritten
- Disable "flash_recovery" by doing "adb remount" and editing /init.rc (comment out the following)
Code:
service flash_recovery /system/bin/install-recovery.sh
class main
oneshot
- Neuter the service by either:
- removing /system/bin/install-recovery.sh​- replacing /system/bin/install-recovery.sh with a dummy script​- removing /system/recovery-from-boot.p​

Woo-hoo, after hundreds of rubbish posts in the MTCD forums, we have a real development post!
Great work and thanks for sharing this, these forums need more like you.

Thanks for the kind comment!
I have to admit that it was frustrating to see the lack of information sharing on this forum, and the pervasive pay-per-use model.
I spent a lot of time just getting Android 10 installed (starting from Android 9), and i had to bring the head unit to my desk as working in the car was rather hard and all i achieved was a brick.
I unfortunately had to bring it back in the car now (can't sit on my desk forever) but, now that i figured out how to make bootable recoveries, i was wondering how hard it could be to have TWRP or at least a hassle-free recovery to install Android 10 from Android 9.
As a first step, this recovery makes it possible to install Magisk or other zip files without doing it manually within adb.
Cheers!

Your work is really good!
Thanks a lot for it.
Now you can also modify ROM's without signatur errors when installing.
Wouldn't it be good if we had an app like the ModInstaller ?
So a one click installation of the recovery without shell or adb.

I have now built an app.
And now need help.
Namely, in the app is the recovery and the script.
Unfortunately, the flash process is not started.
It always comes only the first message from the script.
The app is open source and the script and the recovery are in res/raw.
In the attach you will find the finished app and pictures.
If someone has a solution, he can write me or make a pull request on Github.
Source code:
GitHub - jamal2362/RK33XX-Custom-Recovery-Installer: Application for flashing custom recovery on Rockchip Android Head-Units.
Application for flashing custom recovery on Rockchip Android Head-Units. - GitHub - jamal2362/RK33XX-Custom-Recovery-Installer: Application for flashing custom recovery on Rockchip Android Head-Units.
github.com
The script:
RK33XX-Custom-Recovery-Installer/script at master · jamal2362/RK33XX-Custom-Recovery-Installer
Application for flashing custom recovery on Rockchip Android Head-Units. - RK33XX-Custom-Recovery-Installer/script at master · jamal2362/RK33XX-Custom-Recovery-Installer
github.com

First of all, congrats for the work!
DISCLAIMER:
I don't own ModInstaller, i have never bought a copy of it and i don't intend to do so.
Analysis is purely done from Youtube videos, open source code analysis and existing and openly available binary images.
I was working to figure out how to make a FLOSS alternative to ModInstaller.
The issues i found in all my attempts are the following:
- A6 recovery is the only one that can boot from SD Card (which can then be used to flash A9 -> A10 with the 2SD trick)
- (it took me a long time to pull these information together and unbrick my unit)​- The A6 recovery is unable to directly flash A10 RKAF/RKFW images (sdupdate.img) due to the code being too old
- a failure will be observed while writing super.img. This happens because the device needs to be repartitioned, and the A6 recovery is not doing it correctly​- A9 recovery is buggy. Booting it with no system installed will result in a black screen.
- it will only boot succesfully after being written by the A6 flash tool, which writes the "misc" partition with the recovery commands to run (the "hint" i get from this is that the misc partition is important)​- A10 recovery can't be loaded by the A6 recovery. I always got a black screen after flash. Is it a flash issue? is it an issue with the recovery itself? hard to know
Theory: maybe the recovery could be written over the kernel partition? ("boot")
This way, the recovery will always run after being flashed instead of requiring an explicit "enter recovery" trigger (buttons, misc partition, etc.)
Besides these experiments, in parallel, i did some bug fixing to this repository: https://github.com/liftoff-sr/rockchip-tool/commits/master (i'm "smx-smx")
That allows me to unpack nad repack "sdupdate.img" , "reduced recovery images" and "full IMG files".
With those tools. i tried to swap "recovery.img" in the A6 image, but i always got the black screen upon booting from SD.
Either A9/A10 breaks sdboot or the bootloader crashes before it gets there.
Since this also happens when being flashed, this could either be a bug in the flashing program or a bug in the boot stack (which fails to run recovery perhaps due to a dirty state of the internal flash). It's hard to know for sure without having a UART connection with the board.
BUT, we have an alternative, in the form of the recovery built-in ISP flash tool.
This is the code that reads "sdupdate.img" from the SD Card and flashes it
After reading the recovery source code, i realised that this code can only be triggered correctly when booting from the SD card.
It detects this state by reading /proc/cmdline and probing for specific values (https://github.com/rockchip-android...6f72b7d3123dab27135ac41d55029/sdboot.cpp#L206)
This means the bootloader can (and will) pass those arguments under specific conditions (https://github.com/rockchip-linux/u...c873f178c/arch/arm/mach-rockchip/board.c#L358)
If you check here https://github.com/rockchip-linux/u...3f178c/arch/arm/mach-rockchip/boot_mode.c#L47 you can see the magic word that needs to be written to the "misc" partition in order to trigger that code.
Note that, besides the well known "sdboot", "usbboot" is also possible.
I'm not sure if the ROM can physically boot from USB, but the bootloader and recovery do support (according to code) passing the flag to enable flashing from USB.
So, recapping, there are these ways we can try:
a - try to overwrite "boot" with "recovery" (but it might not work due to the partitioning layout, e.g. jumping from A6 -> A10)
- note: uboot might also need to be written when doing this.
b - making a modified "sdupdate.img" that flashes recovery on top of boot, and all the other core partitions like "misc", "uboot", "trust", "vbmeta"
c - writing "misc" from android in order to triggers the "rkfwupdate" mode
d - taking a dump of the first portion of the flash in various states (A6, A8, A9, A10), and having a "dd" that writes it back to the beginning of the flash (i suspect this is how ModInstaller does it)
Considering cases "b" and "c" depend on a recovery that can write them correctly (and the A6 one is buggy), this leaves us with "a" and "d"
Considering that ModInstaller does it in one shot, and doesn't seem to matter about the partitioning layout, i believe "d" might be the most viable option...
Using the "rockchip-tool" repository i linked from github, the partition table can be dumped from any .img file
You can observe "Image/parameter.txt" from the extracted firmware
This is the partition table from A6's recovery:
[email protected](uboot)
[email protected](trust)
[email protected](misc)
[email protected](resource)
[email protected](kernel)
[email protected](dtb)
[email protected](dtbo)
[email protected](vbmeta)
[email protected](boot)
[email protected](recovery)
[email protected](backup)
[email protected](security)
[email protected](cache)
[email protected](system)
[email protected](metadata)
[email protected](vendor)
[email protected](oem)
[email protected](frp)
[email protected](userdata)
And this is the partition table from A9's recovery
[email protected](uboot)
[email protected](trust)
[email protected](misc)
[email protected](resource)
[email protected](kernel)
[email protected](dtb)
[email protected](dtbo)
[email protected](vbmeta)
[email protected](boot)
[email protected](recovery)
[email protected](backup)
[email protected](security)
[email protected](cache)
[email protected](system)
[email protected](metadata)
[email protected](vendor)
[email protected](oem)
[email protected](frp)
[email protected](userdata)
Notice how uboot, trust, misc, resource, kernel, dtb, and others live in the same space. (2000, 4000, 6000, 8000, 10000, ...)
What we could do is create a raw blob that spans that address range, and "dd" it directly to /dev/mmcblk0 at the right offset.
So i would focus on converting recovery images to raw blobs, with recovery-as-kernel so it boots straight away on the first try.

Bump a real thread.

Is it possible to convert it to a file installed by SDDiskTool?

marchnz said:
Bump a real thread.
Click to expand...
Click to collapse
I created a flashing tool to flash recovery within Android, using Rockchip's own code: https://forum.xda-developers.com/t/...chip-firmware-flash-tool-for-android.4458299/

blala said:
I created a flashing tool to flash recovery within Android, using Rockchip's own code: https://forum.xda-developers.com/t/...chip-firmware-flash-tool-for-android.4458299/
Click to expand...
Click to collapse
This file hct_recovery.patched.img does not appear to be installed via rkupdate

sadaghiani said:
Is it possible to convert it to a file installed by SDDiskTool?
Click to expand...
Click to collapse
It needs to be converted, yes
I'll take a look this afternoon

blala said:
It needs to be converted, yes
I'll take a look this afternoon
Click to expand...
Click to collapse
Is it possible to create a boot image that includes moded recovery & magisk and moded kernel ?

If by image you mean firmware image then yes, it can be done with https://github.com/liftoff-sr/rockchip-tool
But what i would recommend is the modded recovery only, with the magisk .zip to use in Recovery
Otherwise you risk flashing a kernel that doesn't match with kernel modules or is otherwise not fully compatible with the installed system

blala said:
If by image you mean firmware image then yes, it can be done with https://github.com/liftoff-sr/rockchip-tool
But what i would recommend is the modded recovery only, with the magisk .zip to use in Recovery
Otherwise you risk flashing a kernel that doesn't match with kernel modules or is otherwise not fully compatible with the installed system
Click to expand...
Click to collapse
boot.img file included recovery+magisk+kernel

Flashing a boot.img (Kernel, for example) in an Android mobile phone via adb shell
Flashing a boot.img (Kernel, for example) in an Android mobile phone via adb shell - script.sh
gist.github.com

MTCD has separate boot and recovery partitions.
Perhaps you can adapt both recovery/kernel to be in the same image but the bootloader won't know about that (and will always boot from "recovery" partition)