NOTE: I started few days ago working with the boot image.
I'm not an Android expert. If you find an error in this post, let me know.
Use this information at your own risk. If you brick your tablet, don't blame on me.
Nothing of the tools used here are written by me. I'm not taking credit for another's work.
I have rooted my tf101 with the instructions from the mashi's thread. (http://forum.xda-developers.com/showthread.php?t=1125714)
I was curious about the root process of our beloved tablet.
For add root at the stock firmware you need the su packages and a proper boot image.
I've worked for years on linux machines, so I know that you need the "su" command to become root.
But what about the boot image? What does it need for?
I've googled and found some information that I'd like to share with you:
For using adb as superuser, and push the su package, you need to flash a so called "insecure boot" on your tablet/phone.
The process is easy:
NOTE: Even if I'm on a Windows machine, I prefer to do this work in linux. The entire process has been done in an Ubuntu 11.04 virtual machine.
What you need:
- a PC running linux
- BootTools and BlobTools from Rayman84 (http://androidroot.mobi/)
- mkbootimg (mkbootfs is optional) from the android repository
I assume that you have all the above tools in your $PATH variable.
First of all you need a stock boot image; you can extract one from your tablet (with nvflash) or from the latest stock firmware (US-VERSION - WW-VERSION)
We're going for the official packages from the ASUS website. Download it on your home directory (or wherever you want).
Let's start:
Code:
mkdir stock_firmware
cd stock_firmware
unzip ../UpdateLauncher_WW_epaduser_84411.zip
unzip ASUS/Update/WW_epad-user-8.4.4.11.zip
blobunpack blob
bootunpack blob.LNX
Now we have a lot of "strange" files:
Code:
ASUS
blob
blob.APP
blob.EBT
blob.HEADER
blob.LNX
blob.LNX-config
blob.LNX-kernel.gz
blob.LNX-ramdisk.cpio.gz
blob.PT
blob.SOS
META-INF
For our work, we just need blob.LNX-ramdisk.cpio.gz
Code:
mkdir boot_img
cd boot_img
gunzip -dc ../blob.LNX-ramdisk.cpio.gz | cpio -i
vi default.prop (or "gedit default.prop" if you want a GUI)
Here you have to change the line "ro.secure=1" in "ro.secure=0"
The final file should appears as this:
Code:
#
# ADDITIONAL_DEFAULT_PROPERTIES
#
ro.secure=0
ro.allow.mock.location=0
ro.debuggable=0
persist.service.adb.enable=0
Almost done. Let's repack:
Code:
find . | cpio -o -H newc | gzip > ../newramdisk.cpio.gz
or alternatively:
Code:
mkbootfs ./ | gzip > ../newramdisk.cpio.gz
Finally make the boot.img:
Code:
cd ..
mkbootimg --kernel blob.LNX-kernel.gz --ramdisk newramdisk.cpio.gz -o boot.img
Now you have your boot.img, ready to be flashed with nvflash.
For information on what to do with this file, please refer to the mashi or brk threads.
Again, I've taken this information from google.
All the credits and many thanks to:
Rayman for the BlobTools and the BootTools - http://androidroot.mobi/
Mashi for his thread on rooting the stock kernel - http://forum.xda-developers.com/showthread.php?t=1125714
Brk for his batch script - http://forum.xda-developers.com/showthread.php?t=1185104
If you found this guide useful, hit the "Thanks" button.
For your convenience, you can find the tools used attached in this post (compiled on Ubuntu 11.04).
UPDATE: I have written a script (thanks gnufabio for the idea) that automatically modify a stock boot.img into an insecure one.
ex:
Code:
./insecure.sh boot.img
when the script finishes you will find a file called my_boot.img ready to be flashed with nvflash.
Bootunpack and mkbootimg should be in your $PATH.
This script doesn't do much error checking, so keep your eyes open.
HF
hey thanks very nice guide
Excellent. I've been looking around trying to work out how to package up a kernel build, this helps a great deal.
I'm assuming that I just replace the blob.LNX-kernel.gz with my built zImage?
SammyC said:
Excellent. I've been looking around trying to work out how to package up a kernel build, this helps a great deal.
I'm assuming that I just replace the blob.LNX-kernel.gz with my built zImage?
Click to expand...
Click to collapse
I haven't try but i guess yes.
If you really want to recompile/repackage the kernel, you can refer to this http://www.droidforums.net/forum/rescue-squad-guides/31452-how-compile-your-own-kernel.html ; it's about the Motorola Droid, but some concepts are universal for all the android devices.
HF
Good work, btw give a look to this script i made: mcpio
Unpacking and repacking the ramdisk will be easier:
Code:
mcpio -c ramdisk-folder/
mcpio -e ramdis-archive.cpio.gz
Thanks - Very useful to have this in this section. I tried the example, and it all worked fine on an old Ubuntu dist.
gnufabio said:
Good work, btw give a look to this script i made: mcpio
Unpacking and repacking the ramdisk will be easier:
Code:
mcpio -c ramdisk-folder/
mcpio -e ramdis-archive.cpio.gz
Click to expand...
Click to collapse
Well, that's a lot easier...
I didn't know your script, thanks for sharing.
Updated the first post with a bash script to automate the entire process.
Yesterday I've succesfully recompiled the stock kernel and I'm thinking on write another guide like this one on the subject.
The process is a little complicate, i'm looking for an easy way to explain but it's hard.
Anyway I'm working on it in my spare time.
That would be great if you could.
ASUS haven't (yet) released the source for the kernel in their latest 3.2 build. If you've updated to 3.2, you can still root and repackage using this method. Just use nvflash to save off the kernel from your running device as per the backup/restore thread, then use bootunpack on that and follow the rest of the instructions
raypou said:
ASUS haven't (yet) released the source for the kernel in their latest 3.2 build. If you've updated to 3.2, you can still root and repackage using this method. Just use nvflash to save off the kernel from your running device as per the backup/restore thread, then use bootunpack on that and follow the rest of the instructions
Click to expand...
Click to collapse
it's exactly the method used here: http://forum.xda-developers.com/showthread.php?t=1198303
If anyone interested, here're win32 binaries of BlobTools and BootTools
Just compiled from git repo.
I unpacked a rom with a kernelblob in the root directory, and edited init.rc. Which command should I use to repackage it? If I follow the guide (instead of boot.img I used kernelblob, no extension) I get the EEE Pad logo then scrambled, colored lines all over.
If I, however, install the base rom, then the one where I changed something in the kernelblob, it boots up.
theMIROn said:
If anyone interested, here're win32 binaries of BlobTools and BootTools
Just compiled from git repo.
Click to expand...
Click to collapse
Hi, makebootimg.exe doesn't work. It gives error saying: error: could not load kernel 'blob.LNX-kernel.gz'
Tried same files in linux and worked fine.
Can you try to fix this?
EDIT: tried to compile myself but got the same issue. I think is related with the need to change source code to make this run on windows.
Working boottools for windows available here: http://forum.xda-developers.com/showpost.php?p=17237701&postcount=443
brk said:
Hi, makebootimg.exe doesn't work. It gives error saying: error: could not load kernel 'blob.LNX-kernel.gz'
Tried same files in linux and worked fine.
Can you try to fix this?
Click to expand...
Click to collapse
yep, it's code issue
attached BootTools-Win32.zip with fixed mkbootimg.exe
is there this guide for tf201?
BR
Maframan
maframan said:
is there this guide for tf201?
BR
Maframan
Click to expand...
Click to collapse
You should probably check the TF201 forum.
Could this method be used to pack a new Splash Screen? (I want to change that annoying ASUS logo to something better) Would I go about the Flash_Image method to flash the image after compiled? (I do Not have NvFlash, but I am rooted with Cwm)
Which blobs would I modify as well, just the EBT?
rebound821 said:
NOTE: I started few days ago working with the boot image.
I'm not an Android expert. If you find an error in this post, let me know.
Use this information at your own risk. If you brick your tablet, don't blame on me.
Nothing of the tools used here are written by me. I'm not taking credit for another's work.
I have rooted my tf101 with the instructions from the mashi's thread. (http://forum.xda-developers.com/showthread.php?t=1125714)
I was curious about the root process of our beloved tablet.
For add root at the stock firmware you need the su packages and a proper boot image.
I've worked for years on linux machines, so I know that you need the "su" command to become root.
But what about the boot image? What does it need for?
I've googled and found some information that I'd like to share with you:
For using adb as superuser, and push the su package, you need to flash a so called "insecure boot" on your tablet/phone.
The process is easy:
NOTE: Even if I'm on a Windows machine, I prefer to do this work in linux. The entire process has been done in an Ubuntu 11.04 virtual machine.
What you need:
- a PC running linux
- BootTools and BlobTools from Rayman84 (http://androidroot.mobi/)
- mkbootimg (mkbootfs is optional) from the android repository
I assume that you have all the above tools in your $PATH variable.
First of all you need a stock boot image; you can extract one from your tablet (with nvflash) or from the latest stock firmware (US-VERSION - WW-VERSION)
We're going for the official packages from the ASUS website. Download it on your home directory (or wherever you want).
Let's start:
Code:
mkdir stock_firmware
cd stock_firmware
unzip ../UpdateLauncher_WW_epaduser_84411.zip
unzip ASUS/Update/WW_epad-user-8.4.4.11.zip
blobunpack blob
bootunpack blob.LNX
Now we have a lot of "strange" files:
Code:
ASUS
blob
blob.APP
blob.EBT
blob.HEADER
blob.LNX
blob.LNX-config
blob.LNX-kernel.gz
blob.LNX-ramdisk.cpio.gz
blob.PT
blob.SOS
META-INF
For our work, we just need blob.LNX-ramdisk.cpio.gz
Code:
mkdir boot_img
cd boot_img
gunzip -dc ../blob.LNX-ramdisk.cpio.gz | cpio -i
vi default.prop (or "gedit default.prop" if you want a GUI)
Here you have to change the line "ro.secure=1" in "ro.secure=0"
The final file should appears as this:
Code:
#
# ADDITIONAL_DEFAULT_PROPERTIES
#
ro.secure=0
ro.allow.mock.location=0
ro.debuggable=0
persist.service.adb.enable=0
Almost done. Let's repack:
Code:
find . | cpio -o -H newc | gzip > ../newramdisk.cpio.gz
or alternatively:
Code:
mkbootfs ./ | gzip > ../newramdisk.cpio.gz
Finally make the boot.img:
Code:
cd ..
mkbootimg --kernel blob.LNX-kernel.gz --ramdisk newramdisk.cpio.gz -o boot.img
Now you have your boot.img, ready to be flashed with nvflash.
For information on what to do with this file, please refer to the mashi or brk threads.
Again, I've taken this information from google.
All the credits and many thanks to:
Rayman for the BlobTools and the BootTools - http://androidroot.mobi/
Mashi for his thread on rooting the stock kernel - http://forum.xda-developers.com/showthread.php?t=1125714
Brk for his batch script - http://forum.xda-developers.com/showthread.php?t=1185104
If you found this guide useful, hit the "Thanks" button.
For your convenience, you can find the tools used attached in this post (compiled on Ubuntu 11.04).
UPDATE: I have written a script (thanks gnufabio for the idea) that automatically modify a stock boot.img into an insecure one.
ex:
Code:
./insecure.sh boot.img
when the script finishes you will find a file called my_boot.img ready to be flashed with nvflash.
Bootunpack and mkbootimg should be in your $PATH.
This script doesn't do much error checking, so keep your eyes open.
HF
Click to expand...
Click to collapse
Hi Sir,
First of all thankyou for you guide because I did follow you guide and created the insecure boot.image succesfully. I still have one problem, after flashing the boot.image, I still could not root the android device. Why is that? Do I need to change something else in the boot.img?
Related
heres where im at now. im trying to edit the init.rc
i have extracted the boot.img using unpack-bootimg.pl and have got the follwing
empty folder called ramdisk
boot.img-ramdisk.cpio.gz
boot.img-ramdisk.gz
boot.img-kernell.gz
i am now stuck extracting the ramdisk to edit init.rc
i also get error gunzip is not a recognied command
any help??
add.thebad said:
i am trying to edit the init.rc but have problems extracting boot.img-ramdisk.gz
i have made a rom dump
then extracted boot.img
got boot.img-ramdisk.gz so extracted that
and now i have a file called boot.img-ramdisk nothing else
so how can i edit ramdisk?
thanks in advance. any help welcome
Click to expand...
Click to collapse
add.thebad,
Been a while since I've done this, lol, but these are the instructions I followed:
http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack%2C_Edit%2C_and_Re-Pack_Boot_Images
There's links to the Perl scripts in that page too.
Hope this helps.
Cheers!
thanks but the link to the scripts is broke. dont suppose you know where to get another
add.thebad said:
thanks but the link to the scripts is broke. dont suppose you know where to get another
Click to expand...
Click to collapse
Adam (that's right, right? ),
I found an XDA version of the "How To" link I posted above: http://forum.xda-developers.com/showthread.php?t=443994 and the files are at the bottom of the first post and they are still available.
By the way, I used these instructions (along with lots of help from Amon_RA himself) for unpacking and repacking Amon_RA's custom recovery .img file (I built a version that doesn't require the use of a trackball for the Eris).
I think after you unpack the ramdisk, you'll just replace / update your init.rc file and then repack everything before doing the mkbootfs on your ramdisk directory (followed by your particular mkbootimg command).
Good luck!
Cheers!
thanks for you help i have the scripts now and i can get it to extract however i get the error "gunzip is not recognised" and the files it does extract are emply
add.thebad said:
thanks for you help i have the scripts now and i can get it to extract however i get the error "gunzip is not recognised" and the files it does extract are emply
Click to expand...
Click to collapse
Are you on a Linux system?
The gzip / gunzip utilities should be on your system and/or referenced in you PATH environment variable.
Do a find / -name 'gzip' 2> /dev/null or find / -name gunzip 2> /dev/null or whereis gunzip or which gunzip (one of these should reveal the utility's location).
The unpack-bootimg.pl does use the gunzip command to extract the files, so you will need this utility.
Cheers!
after a bit of reading i think the way i have got my boot.img is wrong could this be why the folder is empty?
add.thebad said:
after a bit of reading i think the way i have got my boot.img is wrong could this be why the folder is empty?
Click to expand...
Click to collapse
Not sure... Like I said, I started with a known, good recovery.img file... I never have (yet) played with a boot.img file...
scary alien said:
Not sure... Like I said, I started with a known, good recovery.img file... I never have (yet) played with a boot.img file...
Click to expand...
Click to collapse
i managed to extract a boot.img from an official system image and tried that and got the same result. could i have anything to do with gunzip not being recognised
add.thebad said:
i managed to extract a boot.img from an official system image and tried that and got the same result. could i have anything to do with gunzip not being recognised
Click to expand...
Click to collapse
lol...I think we cross-posted a little bit ago...see above ^^^ for my post about your gunzip utility.
scary alien said:
lol...I think we cross-posted a little bit ago...see above ^^^ for my post about your gunzip utility.
Click to expand...
Click to collapse
haha so we did.
no im on windows and cant get gunzip to work. think i have gzip working tho
any ideas?
add.thebad said:
haha so we did.
no im on windows and cant get gunzip to work. think i have gzip working tho
any ideas?
Click to expand...
Click to collapse
Yeah, you'll have to grab some Windows versions of the Unix commands.
I can't remember where I got mine, but a quick search yielded this as a possible starting place:
http://www.cyberciti.biz/faq/unix-command-line-utilities-for-windows/
There's a couple of links to sets of tools. After you download and install these, make sure you point / change your Windows PATH to point to the utilities or just do all of your work in the same directory.
You really just need the utilities that are referenced in the Perl script... Not sure I'd bother with the whole Cygwin thing (your call, of course).
Cheers!
scary alien said:
Yeah, you'll have to grab some Windows versions of the Unix commands.
I can't remember where I got mine, but a quick search yielded this as a possible starting place:
http://www.cyberciti.biz/faq/unix-command-line-utilities-for-windows/
There's a couple of links to sets of tools. After you download and install these, make sure you point / change your Windows PATH to point to the utilities or just do all of your work in the same directory.
You really just need the utilities that are referenced in the Perl script... Not sure I'd bother with the whole Cygwin thing (your call, of course).
Cheers!
Click to expand...
Click to collapse
Ok will try that. I allready have cygwin to try get the commands i will try ur link tho. Think im getting a bit outa my depth but ive learnt so much so far i dont want to give up so thanks for your help
heres where im at now. im trying to edit the init.rc
i have extracted the boot.img using unpack-bootimg.pl and have got the follwing
empty folder called ramdisk
boot.img-ramdisk.cpio.gz
boot.img-ramdisk.gz
boot.img-kernell.gz
i am now stuck extracting the ramdisk to edit init.rc
i also get error gunzip is not a recognied command
any help??
add.thebad said:
heres where im at now. im trying to edit the init.rc
i have extracted the boot.img using unpack-bootimg.pl and have got the follwing
empty folder called ramdisk
boot.img-ramdisk.cpio.gz
boot.img-ramdisk.gz
boot.img-kernell.gz
i am now stuck extracting the ramdisk to edit init.rc
i also get error gunzip is not a recognied command
any help??
Click to expand...
Click to collapse
Well, I spent some time tonight trying to do this under Windows myself, but I used the split_bootimg.pl Perl script instead to create the *.img-kernel and *.img-ramdisk.gz files (with mixed success). lol, I had a hard time re-finding some good Unix commands that would run under Windows (I've got some good ones on my work PC, but that doesn't help me now).
Here's the relevant section in the original HOWTO link I sent you:
% ./split_bootimg.pl boot.img
Page size: 2048 (0x00000800)
Kernel size: 1388548 (0x00153004)
Ramdisk size: 141518 (0x000228ce)
Second size: 0 (0x00000000)
Board name:
Command line: no_console_suspend=1
Writing boot.img-kernel ... complete.
Writing boot.img-ramdisk.gz ... complete.
Now, extracting the ramdisk under Windows is a little trickier and I couldn't get the whole way there because I couldn't find the cpio command for Windows (you might have it already if you are using Cygwin). Anyway, the documentation explains that you would create a temporary "ramdisk" directory, change to it, use the gzip utility to uncompress and feed the output to the cpio command to actually extract the files and directories:
Extract the ramdisk.
% mkdir ramdisk
% cd ramdisk
% gzip -dc ../boot.img-ramdisk.gz | cpio -i
% cd ..
That should work for you (if you have appropriate utilities) and should give you the various files that comprise the ramdisk for you to modify (i.e., the init.rc).
After modifying them, you would use the mkbootfs utility (not sure if this is actually available in Windows) to re-pack the ramdisk and then use the mkbootimg command to re-pack your boot image.
It might be easier to get a Linux distro installed that you can launch from Windows just to do this.
Good luck!
scary alien said:
It might be easier to get a Linux distro installed that you can launch from Windows just to do this.
Good luck!
Click to expand...
Click to collapse
ahaa managed to get everything extracted and edit the init.rc so thank you for all your help
one the linux side of things i have ubuntu dual boot and use it from time to time im just not familiar with the commands on it so prefer windows. might try it more oftern since it can be a pain finding all the tools for windows
ne way all i need to do now is repackage it which is proving to be a bit of a problem atm.
a sleep less night and ill c how i get on lol
cheers for the help
add.thebad said:
ahaa managed to get everything extracted and edit the init.rc so thank you for all your help
one the linux side of things i have ubuntu dual boot and use it from time to time im just not familiar with the commands on it so prefer windows. might try it more oftern since it can be a pain finding all the tools for windows
ne way all i need to do now is repackage it which is proving to be a bit of a problem atm.
a sleep less night and ill c how i get on lol
cheers for the help
Click to expand...
Click to collapse
Adam,
Glad you are making progress .
Here's the last few bits that I used to re-pack my ramdisk and to rebuild the bootable recovery .img file (i.e., ramdisk + kernel):
# pack-up the ramdisk directory's files to build the new ramdisk .zip
#
mkbootfs ./ramdisk | gzip > ramdisk-new.gz
# now, repack the kernel and ramdisk to make the new recovery image
#
mkbootimg --cmdline 'no_console_suspend=1 console=null' --kernel recovery-RA-eris-v1.6.2.img-kernel --ramdisk ramdisk-new.gz --base 0x11200000 -o new-recovery.img
This is very similar to the instructions in the HOWTO thread.
Also, note the --base parameter in the mkbootimg line, this is unique/specific to each phone/bootable image since it appears to be the boot/load address, so you'll have to know or find-out what this particular value is for your situation.
Good luck and let me know how it goes.
Cheers to you, too!
scary alien said:
Adam,
Glad you are making progress .
Here's the last few bits that I used to re-pack my ramdisk and to rebuild the bootable recovery .img file (i.e., ramdisk + kernel):
# pack-up the ramdisk directory's files to build the new ramdisk .zip
#
mkbootfs ./ramdisk | gzip > ramdisk-new.gz
# now, repack the kernel and ramdisk to make the new recovery image
#
mkbootimg --cmdline 'no_console_suspend=1 console=null' --kernel recovery-RA-eris-v1.6.2.img-kernel --ramdisk ramdisk-new.gz --base 0x11200000 -o new-recovery.img
This is very similar to the instructions in the HOWTO thread.
Also, note the --base parameter in the mkbootimg line, this is unique/specific to each phone/bootable image since it appears to be the boot/load address, so you'll have to know or find-out what this particular value is for your situation.
Good luck and let me know how it goes.
Cheers to you, too!
Click to expand...
Click to collapse
ok gave up in windows cannot find a command or perl script for mkbootfs so now in ubuntu giving it a try
i can do that first bit fine. does it need to be re cpio?
on the next commannd i type
Code:
mkbootimg --cmdline 'no_console_suspend=1 console=null' --boot.img-kernel.gz --boot.img-ramdisk.gz ----base 0x10000000 -o new-boot.img
and get this
Code:
[email protected]:~/Desktop$ mkbootimg --cmdline 'no_console_suspend=1 console=null' --boot.img-kernel.gz --boot.img-ramdisk.gz ----base 0x10000000 -o new-boot.img
usage: mkbootimg
--kernel <filename>
--ramdisk <filename>
[ --second <2ndbootloader-filename> ]
[ --cmdline <kernel-commandline> ]
[ --board <boardname> ]
[ --base <address> ]
-o|--output <filename>
but nothing is outputted on my desktop
add.thebad said:
ok gave up in windows cannot find a command or perl script for mkbootfs so now in ubuntu giving it a try
Click to expand...
Click to collapse
I believe that the mkbootfs utility is available / created as a result of building / compiling the Android open source.
Like I mentioned before, its been a while since I did all this myself, but I had to download and do the base "make" for the Android open source since I was actually changing and recompiling the custom recovery.
So, you'll need to check-out / download the desired AOSP branch / version from the proper location (which eludes me at the moment). Then, I believe doing the base / generic "make" for the AOSP will create or reveal the mkbootfs utility.
One of the threads in the following forum should have a better, starter explanation for doing the above that I could post here:
http://forum.xda-developers.com/forumdisplay.php?f=613
I'd dig into this more with you tonight, but I gotta do my taxes and then go into work for a few hours tonight (ugh on both counts, lol!).
Good luck!
Hi,
I've been trying to get my own kernel with few modifications running on my ASUS Transformer. I've followed few guides around with no luck. What I did:
Tried two source trees:
1) Official from ASUS
2) Roach2010s tree from github (https://github.com/Roach2010/android_kernel_TF101.git)
Used .config from my current kernel which is running fine (Prime kernel) without any changes.
Compiled kernel.
So far looks good, with few modifications to config I got new modules that works so crosscompiler is not misscompiling. Now the part where I'm doing something wrong and can't figure out what.
I started with Prime Kernel from http://forum.xda-developers.com/showthread.php?t=1251044
* Unziped the archive
* blobunpack blob
* created blob.LNX in several ways described bellow
* blobpack blob.HEADER blob LNX blob.LNX
* dd if=blob of=/dev/block/mmcblk0p4
* reboot
How I created blob.LNX
A) Use extracted blob.LNX and use abootimg to replace kernel
* abootimg -u blob.LNX -k zImage
B) Extracted all parts and recreated image using abootimg
* abootimg -x blob.LNX
* abootimg --create blob.LNX -f bootimg.cfg -k zImage -r initrd.img
C) Extracted all parts and recreated image using bootunpack and mkbootimg
* bootunpack blob.LNX
* mkbootimg --kernel zImage --ramdisk ramdisk.gz -o blob.LNX
In addition I tried few modifications:
* enlarging bootsize in bootimg.cfg to make sure everything fits
* passing cmdline my current kernel booted up with as default in .config, as cmdline in bootimg.cfg and both
All my efforts ended up on ASUS boot up screen, no matter what I try. So my question is, am I missing something? Did I skipped some important part? Have I done something wrong? Any ideas appreciated.
If nobody has any idea, can somebody please create kernel with enabled kexec for my ASUS Transformer? That was the ultimate goal of trying to get my own kernel, but if I can't get working just recompiled one...
-miska- said:
Hi,
I've been trying to get my own kernel with few modifications running on my ASUS Transformer. I've followed few guides around with no luck. What I did:
Tried two source trees:
1) Official from ASUS
2) Roach2010s tree from github (https://github.com/Roach2010/android_kernel_TF101.git)
Used .config from my current kernel which is running fine (Prime kernel) without any changes.
Compiled kernel.
So far looks good, with few modifications to config I got new modules that works so crosscompiler is not misscompiling. Now the part where I'm doing something wrong and can't figure out what.
I started with Prime Kernel from http://forum.xda-developers.com/showthread.php?t=1251044
* Unziped the archive
* blobunpack blob
* created blob.LNX in several ways described bellow
* blobpack blob.HEADER blob LNX blob.LNX
* dd if=blob of=/dev/block/mmcblk0p4
* reboot
How I created blob.LNX
A) Use extracted blob.LNX and use abootimg to replace kernel
* abootimg -u blob.LNX -k zImage
B) Extracted all parts and recreated image using abootimg
* abootimg -x blob.LNX
* abootimg --create blob.LNX -f bootimg.cfg -k zImage -r initrd.img
C) Extracted all parts and recreated image using bootunpack and mkbootimg
* bootunpack blob.LNX
* mkbootimg --kernel zImage --ramdisk ramdisk.gz -o blob.LNX
In addition I tried few modifications:
* enlarging bootsize in bootimg.cfg to make sure everything fits
* passing cmdline my current kernel booted up with as default in .config, as cmdline in bootimg.cfg and both
All my efforts ended up on ASUS boot up screen, no matter what I try. So my question is, am I missing something? Did I skipped some important part? Have I done something wrong? Any ideas appreciated.
If nobody has any idea, can somebody please create kernel with enabled kexec for my ASUS Transformer? That was the ultimate goal of trying to get my own kernel, but if I can't get working just recompiled one...
Click to expand...
Click to collapse
Here is what I've done. If you have successfully built a kernel with the resulting zImage, then you are part way there, I believe there is a kernel config option to enable kexec support but I haven't tried that. Next, you can take some other kernel's .zip file (CWM flashable) and unzip it. You may need to download a zip utility. You'll have 2 folders and a kernel blob. If you bootunpack this kernel blob, you'll end up with the kernel blob and a some *.LNX file. This *.LNX file is the same as a boot.img file. You can use dsixda's Android kitchen to split this into the initrd and the kernel (zImage) parts. Replace the zImage with your own and move any modules you may have also built if necessary into the initrd part, join them back together into a boot.img in the kitchen.
copy this boot.img back to where you unzipped the kernel.zip, delete the original *.LNX file, rename the boot.img to the same name as the previous *.LNX file and then bootpack it together and flash it through CWM. Zip the 2 folders and the kernel blob you just made back together with whatever name you want. You can edit the text in the updater script before you zip it all up, but whether you do or not it should boot.
Yes, there is kexec config option, but I haven't suceeded even without changing anything so enabling it doesn't make kernel boot :-D I tried Android Kitche to split boot image and I ended up with the same files (compared the content to check) as with abootimg -x. Tried recreating update.zip and sign it using Android Kitchen, just to be sure, that something in android is not in the way to the actualization from running system. Still no luck :-(
-miska- said:
Yes, there is kexec config option, but I haven't suceeded even without changing anything so enabling it doesn't make kernel boot d:-D I tried Android Kitche to split boot image and I ended up with the same files (compared the content to check) as with abootimg -x. Tried recreating update.zip and sign it using Android Kitchen, just to be sure, that something in android is not in the way to the actualization from running system. Still no luck :-(
Click to expand...
Click to collapse
I didn't even sign mine as I have signature verification turned off in CWM recovery. Didn't change the text either as I was mostly experimenting and learning. I know kexec works under linux, but I think it requires separate package(s) and configuration to do so. I got a bit confused with blobpack, blobunpack info, but figured out that with just the kernel you don't seem to need the mentioned header file, just the .LNX which is the same as boot.img which is the combined kernel zImage and initramfs. If the kernel blob is still there and you use the same name for the output file then it doesn't matter because it will get overwritten anyway. Worked for me at least using source of kernel I've booted before and my running .config.
sidneyk said:
I didn't even sign mine as I have signature verification turned off in CWM recovery. Didn't change the text either as I was mostly experimenting and learning. I know kexec works under linux, but I think it requires separate package(s) and configuration to do so. I got a bit confused with blobpack, blobunpack info, but figured out that with just the kernel you don't seem to need the mentioned header file, just the .LNX which is the same as boot.img which is the combined kernel zImage and initramfs. If the kernel blob is still there and you use the same name for the output file then it doesn't matter because it will get overwritten anyway. Worked for me at least using source of kernel I've booted before and my running .config.
Click to expand...
Click to collapse
hmmm, zip file I had as an example was using blobed boot image going through mmcblk0p4. Do you have some link to .zip file that does it differently?
kexec is a way how to boot something else from linux directly without need to fiddle with bootloader. To use it, two parts are needed - kernel that supports it (that's what I can't get) and tool to actually use it/call it. Tool is not a problem, got that one hopefully ready, but without the kernel...
-miska- said:
hmmm, zip file I had as an example was using blobed boot image going through mmcblk0p4. Do you have some link to .zip file that does it differently?
kexec is a way how to boot something else from linux directly without need to fiddle with bootloader. To use it, two parts are needed - kernel that supports it (that's what I can't get) and tool to actually use it/call it. Tool is not a problem, got that one hopefully ready, but without the kernel...
Click to expand...
Click to collapse
Have you tried Koush's "anykernel.zip" code (probably requires a few mods)? It appears to be trying to replace the blob based updater-scripts that are all over the place.
I've used it successfully, but it has mostly been on other devices, and it is very easy to use. I think some of the templates are too generic and maybe confusing, and without figuring out how edify scripting actually works, it is mysterious, but I'd look at this code, git it and try to use it:
I'll try to provide a working example since I just added a few modules to one of the kernels 2.6.36-4 that're out there for the tf101, but I need to be sure it's working first. I think there's perhaps one difference at least between what Koush shows for the xoom and the tf101 so am working on it.
https://github.com/koush/AnyKernel
Good luck -
-miska- said:
hmmm, zip file I had as an example was using blobed boot image going through mmcblk0p4. Do you have some link to .zip file that does it differently?
kexec is a way how to boot something else from linux directly without need to fiddle with bootloader. To use it, two parts are needed - kernel that supports it (that's what I can't get) and tool to actually use it/call it. Tool is not a problem, got that one hopefully ready, but without the kernel...
Click to expand...
Click to collapse
I was using clemsyn-blades_kernel_ver22a zip file. I don't know if it was doing it different or not, haven't checked that far into it.
sidneyk said:
I was using clemsyn-blades_kernel_ver22a zip file. I don't know if it was doing it different or not, haven't checked that far into it.
Click to expand...
Click to collapse
hmmm, checked that one, uses blobed image and 'dd if=/tmp/blob of=/dev/block/mmcblk0p4' as well. Maybe I'll try different crosscompiler anyway, that's the one thing I haven't altered yet :-/
hachamacha said:
Have you tried Koush's "anykernel.zip" code (probably requires a few mods)? It appears to be trying to replace the blob based updater-scripts that are all over the place.
I've used it successfully, but it has mostly been on other devices, and it is very easy to use. I think some of the templates are too generic and maybe confusing, and without figuring out how edify scripting actually works, it is mysterious, but I'd look at this code, git it and try to use it:
I'll try to provide a working example since I just added a few modules to one of the kernels 2.6.36-4 that're out there for the tf101, but I need to be sure it's working first. I think there's perhaps one difference at least between what Koush shows for the xoom and the tf101 so am working on it.
Click to expand...
Click to collapse
Haven't tried that one, looks interesting... This one doesn't use blobed update and wites image directly somewhere. Just would require to check that that somewhere is the right place :-D Thanks, will take a look at that and what other edify commands are availble in updater, sounds like interesting alternative approach...
-miska- said:
Haven't tried that one, looks interesting... This one doesn't use blobed update and wites image directly somewhere. Just would require to check that that somewhere is the right place :-D Thanks, will take a look at that and what other edify commands are availble in updater, sounds like interesting alternative approach...
Click to expand...
Click to collapse
I'm modifying the script I've seen passed around (not quite Koush's git repo version) passed around to see if I can get it to work on the tf101. The 'write it somewhere' edify command is the question mark, but I think it is going on it's (the device's) internal partition table and vectored to 'boot', which is either a terrific generic idea, or terrible depending upon what edify does. I can't really find a heck of a lot explaining anything about the individual edify commands. I'm just getting rid of the 'showstoppers' where partition names like mmc0p* are used that are clearly wrong for the tf101. I made the mistake of trying one that I only later realized thought that partition 1 was data, when it is actually partition 7. Good thing I can make nvflash backups on my 'old' transformer.
I'll post back later today with any results I get. I'm not concerned about whether my kernel worked since it is completely experimental , just that it got written there, so I might use a working version with a different kernel name (in Makefile) just so I can get 'proof of concept' .
On a slightly different note but having to do with what you're doing, I tried the blob route this week, and for some reason, blobunpack/pack right from Rayman's git repo do not unpack the blobs correctly for say 'clemsyms' or 'Prime's' blobs, which has me wondering about some change that maybe took place. In any case, it forces me down this other path anyway.
If they are working OK for you, could you tell me a couple things?
1) Your linux distro and architecture (x86/x86_64)
2) did you build them from Rayman's repo? Did you get binaries from somewhere, if so where?
3) parameters? I don't think mine take any but the blob name.
4) Output suffixes. I only get .LNX from any of the above blobs which is useless.
EDIT: I was recalling that 'edify' in CWM came into being somewhere (maybe) past the only version that works with the tf101 (we're on ~v3.x and edify ~v4/5+). If that's the case, then we're all stuck with blobs because that one write command is edifi(ed) most likely. I'll stare at the git CWM source today too to figure out if it used the edify stuff in this version. I think Solarnz had it in his git hub.
hachamacha said:
I'm modifying the script I've seen passed around (not quite Koush's git repo version) passed around to see if I can get it to work on the tf101. The 'write it somewhere' edify command is the question mark, but I think it is going on it's (the device's) internal partition table and vectored to 'boot', which is either a terrific generic idea, or terrible depending upon what edify does. I can't really find a heck of a lot explaining anything about the individual edify commands. I'm just getting rid of the 'showstoppers' where partition names like mmc0p* are used that are clearly wrong for the tf101. I made the mistake of trying one that I only later realized thought that partition 1 was data, when it is actually partition 7. Good thing I can make nvflash backups on my 'old' transformer.
I'll post back later today with any results I get. I'm not concerned about whether my kernel worked since it is completely experimental , just that it got written there, so I might use a working version with a different kernel name (in Makefile) just so I can get 'proof of concept' .
On a slightly different note but having to do with what you're doing, I tried the blob route this week, and for some reason, blobunpack/pack right from Rayman's git repo do not unpack the blobs correctly for say 'clemsyms' or 'Prime's' blobs, which has me wondering about some change that maybe took place. In any case, it forces me down this other path anyway.
If they are working OK for you, could you tell me a couple things?
1) Your linux distro and architecture (x86/x86_64)
2) did you build them from Rayman's repo? Did you get binaries from somewhere, if so where?
3) parameters? I don't think mine take any but the blob name.
4) Output suffixes. I only get .LNX from any of the above blobs which is useless.
EDIT: I was recalling that 'edify' in CWM came into being somewhere (maybe) past the only version that works with the tf101 (we're on ~v3.x and edify ~v4/5+). If that's the case, then we're all stuck with blobs because that one write command is edifi(ed) most likely. I'll stare at the git CWM source today too to figure out if it used the edify stuff in this version. I think Solarnz had it in his git hub.
Click to expand...
Click to collapse
Blobs are used on the tf101 because they are the ONLY way of flashing boot/recovery, there is no block device mapping of them on our device
lilstevie said:
Blobs are used on the tf101 because they are the ONLY way of flashing boot/recovery, there is no block device mapping of them on our device
Click to expand...
Click to collapse
OK: Thanks lilstevie,
That takes care of that. Time for me to make peace with blobs.
After steve's reply, I just went to using blobs. I've got my own kernel running fine on the tf101 using that method.
For the best reference I've seen on using blobs and boottools , try this post:
http://forum.xda-developers.com/showthread.php?t=1193737
---
Just got back from work, will ply with it some more, but I'll start with answering the questions...
hachamacha said:
1) Your linux distro and architecture (x86/x86_64)
Click to expand...
Click to collapse
Gentoo x86-64
hachamacha said:
2) did you build them from Rayman's repo? Did you get binaries from somewhere, if so where?
Click to expand...
Click to collapse
Compiled from git repo. I always tried to find the most upstream repo for each tool and then compiled it by myself.
hachamacha said:
3) parameters? I don't think mine take any but the blob name.
4) Output suffixes. I only get .LNX from any of the above blobs which is useless.
Click to expand...
Click to collapse
These two comes together:
'blobunpack blob' - takes a blob as input and ouptuts blob.HEADER and blob.LNX
'bootunpack blob.LNX' - takes blob.LNX as input and outputs blob.LNX-kernel.gz, blob.LNX-ramdisk.cpio.gz and blob.LNX-config
'abootimg -x blob.LNX' - takes blob.LNX as input and outputs zImage, initrd.img and bootimg.cfg
Resulting files from bootunpack and abootimg are almost same, only difference is the configuration file
To repack:
'abootimg --create newblob/blob.LNX -f bootimg.cfg -k zImage -r initrd.img'
or
'mkbootimg --kernel zImage --ramdisk blob.LNX-ramdisk.cpio.gz -o newblob/blob.LNX'
and then
'blobpack blob.HEADER newblob/blob LNX newblob/blob.LNX'
Unless I change kernel, everything works just fine :-D
-miska- said:
Just got back from work, will ply with it some more, but I'll start with answering the questions...
Gentoo x86-64
Compiled from git repo. I always tried to find the most upstream repo for each tool and then compiled it by myself.
These two comes together:
'blobunpack blob' - takes a blob as input and ouptuts blob.HEADER and blob.LNX
'bootunpack blob.LNX' - takes blob.LNX as input and outputs blob.LNX-kernel.gz, blob.LNX-ramdisk.cpio.gz and blob.LNX-config
'abootimg -x blob.LNX' - takes blob.LNX as input and outputs zImage, initrd.img and bootimg.cfg
Resulting files from bootunpack and abootimg are almost same, only difference is the configuration file
To repack:
'abootimg --create newblob/blob.LNX -f bootimg.cfg -k zImage -r initrd.img'
or
'mkbootimg --kernel zImage --ramdisk blob.LNX-ramdisk.cpio.gz -o newblob/blob.LNX'
and then
'blobpack blob.HEADER newblob/blob LNX newblob/blob.LNX'
Unless I change kernel, everything works just fine :-D
Click to expand...
Click to collapse
Pretty similar, although the kernel zImage itself is always a mystery unless you've not changed anything, but even then, getting it built with the right toolchain, etc isn't guaranteed. So lets assume that just works for now since it'll become obvious as it goes along.
I guess I have not heard of 'abootimg' as a tool for this, so I've been using the more manual way of dissecting the initrd as follows:
Code:
gunzip -dc ../blob.LNX-ramdisk.cpio.gz | cpio -i
If you need to change something , for example, in default.prop like ro.secure=0, then you'd do it there.
Then repack into a new ramdisk:
Code:
find . | cpio -o -H newc | gzip > ../newramdisk.cpio.gz
Finally I just had a somewhat heavily modified zImage from my build, so did this to make the blob (I'd copied zImage to blob.LNK-zImage.gz below):
Code:
./mkbootimg --kernel blob.LNX-zImage.gz --ramdisk newramdisk.cpio.gz -o boot.img
./blobpack blob.HEADER newblob LNX boot.img
zip -r imagename.zip blob MET* system // whatever the syntax was.
NOTE: I did this on a native 64 bit ubuntu LTS 10.04 box.
Unless I typo'd up there, that 'should' work. If it does boot, then first thing, take a look at settings, and kernel info so you can verify that you're running the kernel you desired (hopefully you renamed it in Makefile the first 4-5 lines).
Solved
Ok, got it working!!! Problem was bad crosscompiler :-( Modules I crosscompiled worked fine, so I ruled crosscompiler out :-/ Looks like I was too quick in judgement :-( Now I have kernel recompiled with original settings and evne the modified one and it still works and boot. Now I'm going to play with new features I got! Thanks a lot for all help!!!
Just for the record, crosscompiler I was originally using was codesourcery 2011.03 and to make it work I switched to official crosscompiler from NDK. Rest of the commands was Ok, I was just suspecting wrong step as I was quite familiar with kernel building and quite unfamiliar with the blob stuff :-(
Congrats!
For some reason I avoid the codesourcery stuff and stick with either the prebuilt toolchains or else just build my own from gnu source.
Anyway, glad you figured it out.
I have been following a few different instructions for the tools and was concentrated on just learning to rebuild a kernel on my own setup - Ubuntu 11.10. I only installed Ubuntu since it was the distro mostly referenced in the tutorials. I've also tried a couple different tool chains, some work, some don't.
I then find an existing *.zip CWM flashable kernel to work with, usually trying to use one I've successfully ran before, and unzip it. This gives 2 folders and a blob file. Whenever I run bootunpack on the blob I only get a resultant blob.LNX file and, so far never any blob.HEADER file. I understood that the blob.LNX was the same as boot.img from reading through and use dsixda's kitchen to split up the .LNX file I've renamed to boot.img. I then replace the zImage with the one I've just built and repack to boot.img in the kitchen. Then I move that boot.img back to unzipped kernel directory and rename to blob.LNX and run bootpack with blob as output and just ignore the .HEADER part. I then rezip the 2 folders (after replacing any modules in there) and blob into a new zip file and reflash in CWM. If it was based on a kernel I've booted before then it usually works without any problems. I can replace text in the updater-script, if I want and am just reusing the initramfs from the original zip. I have signature verification turned off in CWM, so that doesn't choke it. I need to read more about building initramfs before I do it. So far, this works for me, but I haven't really done any modification to the source, other than rebuilding it with my running config.
sidneyk said:
I have been following a few different instructions for the tools and was concentrated on just learning to rebuild a kernel on my own setup - Ubuntu 11.10. I only installed Ubuntu since it was the distro mostly referenced in the tutorials. I've also tried a couple different tool chains, some work, some don't.
I then find an existing *.zip CWM flashable kernel to work with, usually trying to use one I've successfully ran before, and unzip it. This gives 2 folders and a blob file. Whenever I run bootunpack on the blob I only get a resultant blob.LNX file and, so far never any blob.HEADER file. I understood that the blob.LNX was the same as boot.img from reading through and use dsixda's kitchen to split up the .LNX file I've renamed to boot.img. I then replace the zImage with the one I've just built and repack to boot.img in the kitchen. Then I move that boot.img back to unzipped kernel directory and rename to blob.LNX and run bootpack with blob as output and just ignore the .HEADER part. I then rezip the 2 folders (after replacing any modules in there) and blob into a new zip file and reflash in CWM. If it was based on a kernel I've booted before then it usually works without any problems. I can replace text in the updater-script, if I want and am just reusing the initramfs from the original zip. I have signature verification turned off in CWM, so that doesn't choke it. I need to read more about building initramfs before I do it. So far, this works for me, but I haven't really done any modification to the source, other than rebuilding it with my running config.
Click to expand...
Click to collapse
The architecture really seems to make a big difference in some configurations.
I have one native linux box with 64 bit 10.04 LTS on it, and it always behaves as well as possible, so I did this blob/boot/tools work on it, and it went as it should (creating HEADER and LNX) files, etc.
Then in addition I use several linux distros in VMs, one of them being more like yours, an 11.10 distro with just the androidSDK and all the build tools, prebuilt chains, etc. That will do exactly as you said. I actually built those blobtools/boottools from Koush's git, and they don't work correctly in that one environment. What is different to make that happen? I'm just guessing that something important like the native x86_64 gcc world is different enough to foul things up. It really doesn't matter. Once I got the tools working on the native box, I just transferred them to the other boxes including 11.10 and they work fine.
If you're using 64 bit and would like them I can probably stick them into a .tar.bz2 or whatever and stick up a link to them, or maybe if you can find working binaries to download, you might get those working. Once the blobunpack is returning only the .LNX file, you've pretty well had it as far as progress.
Good luck
hachamacha said:
The architecture really seems to make a big difference in some configurations.
I have one native linux box with 64 bit 10.04 LTS on it, and it always behaves as well as possible, so I did this blob/boot/tools work on it, and it went as it should (creating HEADER and LNX) files, etc.
Then in addition I use several linux distros in VMs, one of them being more like yours, an 11.10 distro with just the androidSDK and all the build tools, prebuilt chains, etc. That will do exactly as you said. I actually built those blobtools/boottools from Koush's git, and they don't work correctly in that one environment. What is different to make that happen? I'm just guessing that something important like the native x86_64 gcc world is different enough to foul things up. It really doesn't matter. Once I got the tools working on the native box, I just transferred them to the other boxes including 11.10 and they work fine.
If you're using 64 bit and would like them I can probably stick them into a .tar.bz2 or whatever and stick up a link to them, or maybe if you can find working binaries to download, you might get those working. Once the blobunpack is returning only the .LNX file, you've pretty well had it as far as progress.
Good luck
Click to expand...
Click to collapse
If by 'native' you mean a hard disk install as opposed to a VM install, then that's where I'm at. I have Ubuntu 11.10 x86_64 installed to a separate partition. I have the recommended stuff installed including the ia32 libs, but I never see a blob.HEADER file with either kernel.zips or ROM zips. I can unpack and repack kernels without the HEADER though and they boot just fine.
But, yes, if you don't mind posting a link with your files I'll give them a try sometime. Thanks.
I following the instructions found from here:
Building Kernels
and download the kernel from here:
INDEX of ROMS/RECOVERY/ROOT/GUIDES/FIRMWARE/KERNEL/VIDEOS/etc..
I am using TF300TG, so I just followed the link to my tablet kernel source from the thread. I have successfully built the kernel by using the config.gz found in the tablet /proc/config.gz (is great that Asus is providing such info). I also enable a kernel module for my old USB ethernet dongle and able to use it to get online. :victory:
After poking around the kernel configuration, and reading the thread TF300T kernel source repository, I am curious about enabling OC and possible other features. I had downloaded the update.zip from the thread, and trying to understand the whole process of how to flash kernel to the tablet. My idea is to modify the update.zip to make use of it to update my tablet. But before I start doing something serious, I have questions...
I found the following kernel file: kernel.blob in update.zip. Is this the same file as 'zImage' in arch/arm/boot/ after built successful?
The next question is on how to backup my existing kernel? I notice from the update-script, the kernel is flash using the following command:
run_program("/sbin/busybox", "dd", "if=/tmp/kernel.blob", "of=/dev/block/mmcblk0p4");
Click to expand...
Click to collapse
Does this mean, I can run the same command in reverse to keep a copy of my current kernel?
I had done kernel compiling before, but those were in PC/x86 platform. ARM platform seems to be different from what I used to.
I found the following kernel file: kernel.blob in update.zip. Is this the same file as 'zImage' in arch/arm/boot/ after built successful?
Click to expand...
Click to collapse
Not exactly...
A blob file is a sort of archive that can contain several files.
For example, the kernel.blob you mention above contains the actual kernel (zImage) but also a ram disk.
As far as I understand a blob file is the only type of file that can be flashed to different partitions of your TF300T(G) using fastboot method.
To flash using CWM or TWRP you will need to pack blob file(s) into a special kind of zip package.
Below I have shared my script that I use to create a TWRP flashable zip package including a custom built kernel.
Hopefully it may shed some light in the steps required to go from zImage to blob file and TWRP flashable zip package.
The script takes the root path to your kernel source directory as first (and only) argument.
In same directory as script I have unpacked update.zip (from untermensch's kernel repository thread) as parts of this zip file are re-used.
---
#!/bin/sh
KERNEL_HOME=$1
KERNEL_NAME=my_kernel_$$
# Repack new kernel and old ram disk into blob file
cp ${KERNEL_HOME}/arch/arm/boot/zImage boot.blob.lnx-kernel.gz
repack-bootimg.pl boot.blob.lnx-kernel.gz boot.blob.lnx-ramdisk out.blob.lnx
blobpack out.blob LNX out.blob.lnx
# Prepend magic header
cat signblob_magic out.blob > kernel.blob
# Add kernel modules to ensure kernel and modules always match.
# If mismatch e.g WiFi might not work.
find ${KERNEL_HOME} -name "*.ko" -exec cp {} system/lib/modules \;
# Save kernel config in case it needs to be rebuilt some day.
cp ${KERNEL_HOME}/.config kernel_config
# Zip everything
zip -9 -r ${KERNEL_NAME}.zip kernel_config kernel.blob system/ META-INF/
# Sign zip using SignApk
java -Xmx1024m -jar signapk.jar -w testkey.x509.pem testkey.pk8 ${KERNEL_NAME}.zip ${KERNEL_NAME}-signed.zip
---
The next question is on how to backup my existing kernel? I notice from the update-script, the kernel is flash using the following command:
Does this mean, I can run the same command in reverse to keep a copy of my current kernel?
Click to expand...
Click to collapse
In theory this should work but if not mistaken mmcblk0p4 is just a sort of staging partition.
During bootup whatever is in mmcblk0p4 is copied to another partition (mmcblk0p0?).
(I guess this is the blue bar you can observe when flashing custom roms/kernels)
Someone more familiar with the details please correct me.
Instead of trying to backup your current kernel I would suggest to try to get the original
kernel by unpacking the official update packages from ASUS support web page.
I had done kernel compiling before, but those were in PC/x86 platform. ARM platform seems to be different from what I used to.
Click to expand...
Click to collapse
Not that much different really, just need to search the google.com and XDA forums and you shall find answers...
gaze57 said:
Not exactly...
A blob file is a sort of archive that can contain several files.
For example, the kernel.blob you mention above contains the actual kernel (zImage) but also a ram disk.
As far as I understand a blob file is the only type of file that can be flashed to different partitions of your TF300T(G) using fastboot method.
To flash using CWM or TWRP you will need to pack blob file(s) into a special kind of zip package.
Below I have shared my script that I use to create a TWRP flashable zip package including a custom built kernel.
Hopefully it may shed some light in the steps required to go from zImage to blob file and TWRP flashable zip package.
The script takes the root path to your kernel source directory as first (and only) argument.
In same directory as script I have unpacked update.zip (from untermensch's kernel repository thread) as parts of this zip file are re-used.
---
#!/bin/sh
KERNEL_HOME=$1
KERNEL_NAME=my_kernel_$$
# Repack new kernel and old ram disk into blob file
cp ${KERNEL_HOME}/arch/arm/boot/zImage boot.blob.lnx-kernel.gz
repack-bootimg.pl boot.blob.lnx-kernel.gz boot.blob.lnx-ramdisk out.blob.lnx
blobpack out.blob LNX out.blob.lnx
# Prepend magic header
cat signblob_magic out.blob > kernel.blob
# Add kernel modules to ensure kernel and modules always match.
# If mismatch e.g WiFi might not work.
find ${KERNEL_HOME} -name "*.ko" -exec cp {} system/lib/modules \;
# Save kernel config in case it needs to be rebuilt some day.
cp ${KERNEL_HOME}/.config kernel_config
# Zip everything
zip -9 -r ${KERNEL_NAME}.zip kernel_config kernel.blob system/ META-INF/
# Sign zip using SignApk
java -Xmx1024m -jar signapk.jar -w testkey.x509.pem testkey.pk8 ${KERNEL_NAME}.zip ${KERNEL_NAME}-signed.zip
---
In theory this should work but if not mistaken mmcblk0p4 is just a sort of staging partition.
During bootup whatever is in mmcblk0p4 is copied to another partition (mmcblk0p0?).
(I guess this is the blue bar you can observe when flashing custom roms/kernels)
Someone more familiar with the details please correct me.
Instead of trying to backup your current kernel I would suggest to try to get the original
kernel by unpacking the official update packages from ASUS support web page.
Not that much different really, just need to search the google.com and XDA forums and you shall find answers...
Click to expand...
Click to collapse
Whoa... Thanks for the info. I go read up more on this.
I have not seen this posted anywhere, so I thought I would post it here. This is NOT purely my work, and I do not take credit for it as such.
Included in the attached ZIP are the following files:
boot_info - prints information about the boot.img passed to it, including the base address and ramdisk address. This tool prints out everything needed to repack the boot.img correctly.
split_boot - More commonly known as split_bootimg.pl, this rips apart the boot.img to extract the ramdisk and zImage. It has been modified by me to split the boot.img into a separate folder (specified by the file name of the boot.img passed to it) and to extract the ramdisk into a sub-folder as well (extracts the cpio from the gz and then extracts the actual files from the cpio archive)
unpack_ramdisk - unpacks the given ramdisk file.
Code:
Usage: unpack_ramdisk <ramdiskFile>
repack_ramdisk - repacks the ramdisk from the given directory (found online and modified slightly to take a directory)
Code:
Usage: repack_ramdisk <ramdiskDirectory> [outputFile]
mkbootimg - mkbootimg binary that creates a boot.img file from the given ramdisk and zImage. Updated to a version compiled by me to support the --ramdiskaddr option (ramdisk address) so that even nonstandard boot.img's can be repacked correctly (Use with boot_info for best results).
umkbootimg - included for convenience. Not made by me. Original thread here.
unpack - wrapper script made by me for the umkbootimg binary^ to unpack the boot.img into a separate directory and then unpack the ramdisk into a sub-directory.
Note: These tools were made for Linux. They may also work on Cygwin, but I have not personally tested them.
ANYONE is free to use / modify / kang these files as they see fit. No need to ever ask or do anything more than download.
Enjoy.
UPDATE: If you downloaded, please redownload. There was an error with my repack_ramdisk script, but it's fixed now.
Updated tools with a new boot_info script, also added my own mkbootimg binary compiled with the ramdisk address option.
Boot_info now displays the following information:
Commandline
Pagesize
Base address
Ramdisk address.
Which is everything you need to make a functional boot.img, even when the original boot.img is packed with a non-standard mkbootimg (ie, the ramdisk offset is different than the normal offset).
How exactly do we use these files to unpack and repack?
I've tried running the scripts with chmod at 755 but it doesn't work.
I am i missing something?
All the scripts must be in a folder in your path (~/bin for example)
Then it should work, because they call on each other. I keep all of them in my ~/bin folder, but they can be anywhere in your PATH
Sent from my buttered S3
if Android Magic Word not found at offset 0, it fail.
twins.7 said:
if Android Magic Word not found at offset 0, it fail.
Click to expand...
Click to collapse
No, if you use unmkbootimg instead split_boot, it also finds embedded images.
CNexus said:
No, if you use unmkbootimg instead split_boot, it also finds embedded images.
Click to expand...
Click to collapse
OK, it work. But .... sorry to much complain
My boot.img has magic word in offset 2048. so it mean, there is additional header in first 2048 byte.
umkbootimg succesfully extract embedded boot.img, but in repacking, I lost the first 2048 byte, because magic header placed in offset 0.
Actually, what is the additional header for? really asking...
I fail to fastboot flash if the image have no additional header.
And it will fail to verify, if the additional header is wrong. or is it called signed boot.img?
If I change the content of boot.img, I can't flash it to device. It always said verify fail. I though, the additional header has CRC or hash or anything.
If you have spare time and want to help me, I'll post my image
Thanks for this tools
Send from my AMOI N828 using Xda Premium
twins.7 said:
OK, it work. But .... sorry to much complain
My boot.img has magic word in offset 2048. so it mean, there is additional header in first 2048 byte.
umkbootimg succesfully extract embedded boot.img, but in repacking, I lost the first 2048 byte, because magic header placed in offset 0.
Actually, what is the additional header for? really asking...
I fail to fastboot flash if the image have no additional header.
And it will fail to verify, if the additional header is wrong. or is it called signed boot.img?
If I change the content of boot.img, I can't flash it to device. It always said verify fail. I though, the additional header has CRC or hash or anything.
If you have spare time and want to help me, I'll post my image
Click to expand...
Click to collapse
I'm not sure. No tool will work for all devices, and since I've never had a device that has this special packing, it would be best if you asked one of your kernel devs for help unpacking/repacking
CNexus said:
I'm not sure. No tool will work for all devices, and since I've never had a device that has this special packing, it would be best if you asked one of your kernel devs for help unpacking/repacking
Click to expand...
Click to collapse
ok thank's
CNexus said:
I have not seen this posted anywhere, so I thought I would post it here. This is NOT purely my work, and I do not take credit for it as such.
Included in the attached ZIP are the following files:
boot_info - prints information about the boot.img passed to it, including the base address and ramdisk address. This tool prints out everything needed to repack the boot.img correctly.
split_boot - More commonly known as split_bootimg.pl, this rips apart the boot.img to extract the ramdisk and zImage. It has been modified by me to split the boot.img into a separate folder (specified by the file name of the boot.img passed to it) and to extract the ramdisk into a sub-folder as well (extracts the cpio from the gz and then extracts the actual files from the cpio archive)
unpack_ramdisk - unpacks the given ramdisk file.
Code:
Usage: unpack_ramdisk <ramdiskFile>
repack_ramdisk - repacks the ramdisk from the given directory (found online and modified slightly to take a directory)
Code:
Usage: repack_ramdisk <ramdiskDirectory> [outputFile]
mkbootimg - mkbootimg binary that creates a boot.img file from the given ramdisk and zImage. Updated to a version compiled by me to support the --ramdiskaddr option (ramdisk address) so that even nonstandard boot.img's can be repacked correctly (Use with boot_info for best results).
umkbootimg - included for convenience. Not made by me. Original thread here.
unpack - wrapper script made by me for the umkbootimg binary^ to unpack the boot.img into a separate directory and then unpack the ramdisk into a sub-directory.
Note: These tools were made for Linux. They may also work on Cygwin, but I have not personally tested them.
ANYONE is free to use / modify / kang these files as they see fit. No need to ever ask or do anything more than download.
Enjoy.
Click to expand...
Click to collapse
is it possible to make these run on the device?
i have tried
adb root
adb remount
adb push * /sdcard/tmp/
adb push * /system/xbin/
adb push * /system/bin/
adb shell
cd /sdcard/tmp/
for f in $(ls)
do
chmod 755 /system/bin/$f
chmod 775 /system/xbin/$f
done
cd /
rm -r /sdcard/tmp
cd /sdcard/working
split_bootimg.pl boot.img
returns "Permission denied"
hmmmmm???????? what could be the problem????????
ricky310711 said:
is it possible to make these run on the device?
i have tried
adb root
adb remount
adb push * /sdcard/tmp/
adb push * /system/xbin/
adb push * /system/bin/
adb shell
cd /sdcard/tmp/
for f in $(ls)
do
chmod 755 /system/bin/$f
chmod 775 /system/xbin/$f
done
cd /
rm -r /sdcard/tmp
cd /sdcard/working
split_bootimg.pl boot.img
returns "Permission denied"
hmmmmm???????? what could be the problem????????
Click to expand...
Click to collapse
The Perl script should work if you have Perl (compiled for ARM x86) on your device.
The binaries will not work as they are not compiled for ARM. The scripts (at least some of them) should work if you change all instances of "#!/bin/bash" and "#!/usr/bin/env bash" to "#!/system/bin/sh".
CNexus said:
The Perl script should work if you have Perl (compiled for ARM x86) on your device.
The binaries will not work as they are not compiled for ARM. The scripts (at least some of them) should work if you change all instances of "#!/bin/bash" and "#!/usr/bin/env bash" to "#!/system/bin/sh".
Click to expand...
Click to collapse
will see if i can get it working tonight! this could be pretty good if i can get it to unpack on device!
ricky310711 said:
will see if i can get it working tonight! this could be pretty good if i can get it to unpack on device!
Click to expand...
Click to collapse
No need...download this zip and extract http://www12.zippyshare.com/v/37266634/file.html
It already contains an unmkbootimg binary compiled for ARM. Then you would just need to unpack the ramdisk to finish it off.
CNexus said:
No need...download this zip and extract http://www12.zippyshare.com/v/37266634/file.html
It already contains an unmkbootimg binary compiled for ARM. Then you would just need to unpack the ramdisk to finish it off.
Click to expand...
Click to collapse
no way, ive been looking for something like this for ages, who is the author?
ricky310711 said:
no way, ive been looking for something like this for ages, who is the author?
Click to expand...
Click to collapse
I don't know who originally compiled that unmkbootimg binary for ARM.
CNexus said:
I don't know who originally compiled that unmkbootimg binary for ARM.
Click to expand...
Click to collapse
hmm, gotta findout! i wanna use it in my tool!
Is this boot.img tool compatible with Microsoft windows as well?
Sent from my SPH-L710 using XDA Premium 4 mobile app
shakim24 said:
Is this boot.img tool compatible with Microsoft windows as well?
Sent from my SPH-L710 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Read the OP.
Since so many people are asking, I figured I would write up a quick tutorial on how to modify a boot image. A boot image is a kernel, and an initrd packaged together along with some other information.
This will only concentrate on tearing one apart, modifying it, and putting it back together -- making your own kernel and packaging it is outside the scope.
So, the big thing going around right now is the fact that the lovely carriers have this process (rctd) that runs and chews up CPU. rctd stands for Root Check Toolkit Daemon -- and it does what it sounds like. It checks if you have root, it checks if the system partition has been modified, it checks if the kernel has been modified, etc...etc... Most importantly, it chews up a LOT of CPU and disk IO to do this.
For this to work, you need to have a Linux install, or WLS on Windows 10.
Ubuntu comes packaged with abootimg:
Code:
apt install abootimg
abootimg is used to extract / create / update the Android Boot Image, but first we need out boot image.
adb reboot recovery
adb pull /dev/block/bootdevice/by-name/boot boot.img
Now we extract it.
abootimg -x boot.img
This will give you 3 files:
bootimg.cfg // feel free to take a look if you want, but do not change anything in this file or your kernel probably won't boot.
zImage // This is the Linux kernel. If you grab the sources, and compile a kernel, this is what you get. Again, leave it alone.
initrd.img // This is the initrd (Initial Ramdisk). It is loaded by the kernel to give you a working environment before anything else is loaded. This is what we need to modify
Before we modify initrd, we have to extract it. It is a compressed cpio file. There are several ways to extract it, but this is the method I use:
Code:
mkdir initrd_temp
cd initrd_temp
zcat ../initrd.img | cpio -idv
zcat cats the file while decompressing it. cpio -idv ... -i means extract (yea, wtf), -d means create the directory tree, and -v just means verbose
So now we are in a directory (initrd_temp) with all the files that are in the initrd. The one we care about is init.lge.rc -- we need to edit this file.
If you open it up in an editor, search for this section:
Code:
# LG RCT(Rooting Check Tool)
service rctd /sbin/rctd
class late_start
user root
group root
seclabel u:r:rctd:s0
service ccmd /system/bin/ccmd
class core
user system
group system
socket ccmd stream 0660 root system
seclabel u:r:ccmd:s0
Delete all of that, or comment it out using # signs
Now we need to package everything back up.
Code:
find . | cpio --create --format='newc' | gzip -9 > ../newinitrd.img
cd ..
abootimg --create newboot.img -f bootimg.cfg -k zImage -r newinitrd.img
When you are done, you will have newboot.img, and you need to flash it.
Since we are still in recovery:
Code:
adb push newboot.img /sdcard
adb shell
cd /sdcard
dd if=newboot.img of=/dev/block/bootdevice/by-name/boot
Reboot and enjoy your new -- faster -- rctd and ccmd free kernel.
If doing it this manual way isn't for you, @Zacharee1 has created a script to automate the procedure. I wrote this for people that like to know exactly what is going on. Feel free to poke around in the other files that are in your initrd. You may find other things that you want to tweak. However, be careful, you could make a kernel that won't boot. If that happens, just get into recovery and flash one that does
-- Brian
Did anyone ever figure out what ccmd is?
I am 99% sure it allows remote command execution. Pull it, and take a hex editor to it...
It is nothing good, that is for sure.
It listens on a socket: socket ccmd stream 0660 root system
and
Code:
Unable to start CommandListener (%s)
No permission to run ccmd ccmode commands
Usage: ccmode enable
Usage: ccmode getflag
Usage: ccmode setflag <flag>
-- Brian
Im no good installing anything on windows ciao!!
It would be nice if someone with brains. Not me. Lol can figure out a new kernel for 10p h918 with no rctd and only kcal. ?
Sorry to hijack this thread, but I've made a Telegram thread for this subject https://t.me/joinchat/EkE57g6dCLopBy8xVQRT9w
With LG G5 h850 im not able to boot the image anymore. I always only get the fastboot screen. Maybe there is a difference?
@DMOEdetc If you pull your kernel and send me a link, I will take a look. As far as I know, the Android boot image hasn't changed since the first version.
The init that Android uses may not like files with CR/LF if you are editing it in Windows and not specifying LF only. init may think it is a corrupt file and therefore refuse to load it...
-- Brian