Hi all,
I am serching the whole internet to findout how to build a Clockworkmod for LG P920.
This is what i got so far:
P920's boot.img and recovery.img are uImage format. it loads by uboot. and i can get info from it using uboot's mkimage -l command.
the uImage using by LG P920 is a Multi-File format.
this is the info of Clockworkmod 4.0.0.9 for LGP920:
PHP:
[email protected]:~/temp$ ./mkimage -l recovery-clockwork-4.0.0.9-p920.img.backup
Image Name: Image
Created: Sun Jul 10 03:55:14 2011
Image Type: ARM Linux Multi-File Image (uncompressed)
Data Size: 5149182 Bytes = 5028.50 kB = 4.91 MB
Load Address: 0x80008000
Entry Point: 0x80008000
Contents:
Image 0: 3325552 Bytes = 3247 kB = 3 MB
Offset = 00000050
Image 1: 1823618 Bytes = 1780 kB = 1 MB
Offset = 0032BEC0
i already get the Image 0 and Image 1 using dd withe command below:
PHP:
2018 dd if=recovery-clockwork-4.0.0.9-p920.img.backup of=ramdisk.img skip=3325632 bs=1 count=1823618
2019 dd if=recovery-clockwork-4.0.0.9-p920.img.backup of=kernel.img skip=80 bs=1 count=3325552
so am i right? and how to extra the ramdisk.img?
what i want to do is add external sd card support for this clockworkmod recovery. why the original clockwokmod just support for internal sdcard?
I am also try to find the kernel source for this device. where can i find it?
any help will do.... Thanks!
why do you ever need to build one when it already has one in Rom Manager? Just 2 cents, no expert here
precsmo said:
why do you ever need to build one when it already has one in Rom Manager? Just 2 cents, no expert here
Click to expand...
Click to collapse
the one in rommanager dont support external sdcard....
Calling all developers with extensive knowledge of NVflash
I know NVflash commands but I have never tried to run NVflash on a device with an encrypted bootloader nor have I had to try to source all the necessary files so I have some questions.
1. Would the following command be correct? Because even this simple sync command is exiting with a failure.
nvflash --bl bootloader.bin --sbk [boot key here] --sync
2. Is the bootloader.bin file universal or is it device specific? Where do I find one, can I edit one to work, etc?
I am working with the Acer Iconia A200 which is relatively new so no one has cracked NVflash on it yet so any help at all would be greatly appreciated.
Thanks!
I don't have extensive knowledge, but I did watch a youtube video once. Nvflash is used on several devices, so check out the acer/zoom/transformer forums. I think it also has some roots in graphics cards, so some of the tweaker forums might have some useful insight about syntax.
Code:
Nvflash started
nvflash action [options]
action (one or more) =
--help (or -h)
displays this page
--cmdhelp cmd(or -ch)
displays command help
--resume (or -r)
send the following commands to an already-running bootloader
--quiet (or -q)
surpress excessive console output
--wait (or -w)
waits for a device connection (currently a USB cable)
--create
full initialization of the target device using the config file
--download N filename
download partition filename to N
--setboot N
sets the boot partition to partition N
--format_partition N
formats contents of partition N
--read N filename
reads back partition N into filename
--getpartitiontable filename
reads back the partition table into filename
--getbit filename
reads back BIT into filename
--getbct
reads back the BCT from mass storage
--odm C Data
ODM custom 32bit command 'C' with associated 32bit data
--go
continues normal execution of the downloaded bootloader
options =
--configfile filename
indicates the configuration file used with the following commands:
--create, --format_all
--bct filename
indicates the file containing the BCT
--sbk 0x00000000 00000000 00000000 00000000
indicates the secure boot key for the target device
--bl filename
downloads and runs the bootloader specified by filename
--odmdata N
sets 32bit customer data into a field in the BCT, either hex or
decimal
--diskimgopt N
sets 32bit data required for disk image convertion tool
--format_all
formats all existing partitions on the target device using the config file,
including partitions and the bct
--setbootdevtype S
sets the boot device type fuse value for the device name.
allowed device name string mentioned below:
emmc, nand_x8, nand_x16, nor, spi
--setbootdevconfig N
sets the boot device config fuse value either hex or decimal
--verifypart N
verifies data for partition id = N specified. N=-1
indicates all partitions
Intended to be used with --create command only.
--setbct
updates the chip specific settings of the BCT in mass storage to
the bct supplied,used with --create, should not be with --read,and
--format(delete)_all,format(delete)_partition,--download, and--read
--sync
issues force sync commad
--rawdeviceread S N filename
reads back N sectors starting from sector S into filename
--rawdevicewrite S N filename
writes back N sectors from filename to device starting from sector S
Here's what I use
nvflash --bct transformer.bct --setbct --configfile flash.cfg --bl bootloader.bin --odmdata [device specific odm data] --sbk [mysterious sbk] --sync
All the files are device specific and the flash.cfg is where all the partitions and sizes are specified. Nvidia used to have a developers website that had a generic HC and GB rom. I flashed it, but was configured for different screen sizes/trackpad, etc.
If you are going to format the device, then you will use the --create flag and I think you need the flash.cfg file.
Thanks! I am primarily after --read and --getpartitiontable so that I can create a stock backup so those that brick have a recovery option. Sounds like the most important part now for me is getting the correct files together. I have the SBK though unconfirmed.
I personally have never used --odmdata, do you have any insite into that command?
My previous device, the Dell Streak 7, had a fully unlocked NVflash so there was no SBK or anything like that to worry about. I miss those times
I thought the omdata were device specific things like memory configuration? Not sure how important it is for reading partitions.
The other thing with nvflash is once you start it, you can send more commands with the resume command:
Nvflash sbk bootloader etc
Nvflash -r --read 6 blah blah
Nvflash -r -- read 7 blah blah
...
Nvflash -r --go
Or something like that...
sent while running with scissors
I don't really know because at least on the Dell Streak 7 it was a command I never used and I never saw used by others either. Hopefully someone has incite somewhere on how to get the files I need.
If you have root you should be able to read the BCT and bootloader from the device with dd and then decrypt them.
I have root and an unlocked bootloader. Please explain. DD? I have Windows 7 and Linux at my disposal.
Thanks!
Wetzel402 said:
I have root and an unlocked bootloader. Please explain. DD? I have Windows 7 and Linux at my disposal.
Thanks!
Click to expand...
Click to collapse
Yes, dd.
Copy some raw data from the block device on the device, something like
Code:
# /system/bin/dd if=/dev/block/mmcblk0 bs=512 count=13312 of=/sdcard/data.raw
Then transfer the dump to the computer and extract the BCT and boot loader.
I started writing a description but it quickly started to get long and it is late...
So you get a small ugly script that shows the steps instead.
This requires openssl, dd and hexdump.
Code:
#!/bin/bash
#This script extracts the BCT and bootloader out of a dd dump of the block device on a tegra 2 device
#The first 6.5M should be enough, something like:
#/system/bin/dd if=/dev/block/mmcblk0 bs=512 count=13312 of=/sdcard/data.raw
#SBK written together
#e.g. 0xDEADBEEF 0xBAADF00D 0xCAFEFEED 0xBADDCAFE => "DEADBEEFBAADF00DCAFEFEEDBADDCAFE"
SBK="DEADBEEFBAADF00DCAFEFEEDBADDCAFE"
#Input file
raw_file="data.raw"
#Output files
bct_file="out.bct"
bl_file="bootloader.bin"
echo "Extrating the BCT data"
dd if=$raw_file of=bct_encrypted.bin bs=16 count=254 skip=1 2> /dev/null
echo "Decrypting the BCT data"
openssl aes-128-cbc -K $SBK -iv 0 -d -in bct_encrypted.bin -out bct_decrypt.tmp -nopad
dd if=bct_decrypt.tmp of=out.bct bs=16 count=254 seek=1 2> /dev/null
rm bct_decrypt.tmp
rm bct_encrypted.bin
#Read some general information
bct_version="$(hexdump -n 4 -s 0x20 -e '1/4 "0x%x\n"' $bct_file)"
block_size=$((2 ** $(hexdump -n 4 -s 0x24 -e '1/4 "%u"' $bct_file)))
page_size=$((2 ** $(hexdump -n 4 -s 0x28 -e '1/4 "%u"' $bct_file)))
odm_data=$(hexdump -n 4 -s 0xFE4 -e '1/4 "0x%08x\n"' $bct_file)
#Boot loader 1
bl_start_block=$(hexdump -n 4 -s 0xA98 -e '1/4 "%u\n"' $bct_file)
bl_length=$(hexdump -n 4 -s 0xAA0 -e '1/4 "%u\n"' $bct_file)
if [ "$bct_version" != "0x20001" ]; then
echo "ERROR: Unexpected BCT version: $bct_version"
exit 1
fi
echo "Block size: $block_size"
echo "Page size: $page_size"
echo "Boot loader 1 start block: $bl_start_block"
echo "Boot loader 1 length $bl_length"
echo "ODM Data: $odm_data"
echo "Extracting the booot loader"
bl_start_byte=$(( $(($bl_start_block - 64)) * $block_size ))
bl_padded_length=$(( $bl_length + $((16 - $(($bl_length % 16)) ))))
echo "Extracting $bl_padded_length starting at offset $bl_start_byte"
dd bs=1 if=$raw_file of="bootloader.enc" skip=$bl_start_byte count=$bl_padded_length 2> /dev/null
echo "Decrypting boot loader"
openssl aes-128-cbc -K $SBK -iv 0 -d -in bootloader.enc -out bootloader.tmp -nopad
dd if=bootloader.tmp of=$bl_file bs=$bl_length count=1 2> /dev/null
I may have gotten the block to byte convertion wrong, it is correct for the offsets on the device I have, but we will see.
Currently way over my head considering I just finally figured out mount commands
I will start doing some research on the topic to learn more and before you know it I should have the files I need
I did get the bct file but the bootloader.bin file is not working. With this line:
openssl aes-128-cbc -K $SBK -iv 0 -d -in bootloader.enc -out bootloader.tmp -nopad
I keep getting an error "option 0 doesn't exist". Any ideas? Also when you have some time could you please explain what exactly all of this is doing? I understand very little of this syntax because I am quite noobish with Linux.
Thanks!
Wetzel402 said:
I did get the bct file but the bootloader.bin file is not working. With this line:
openssl aes-128-cbc -K $SBK -iv 0 -d -in bootloader.enc -out bootloader.tmp -nopad
I keep getting an error "option 0 doesn't exist". Any ideas?
Click to expand...
Click to collapse
That looks like you don't have SBK set (so it is trying to use "-iv" as key, and then don't know what to do with the leftover 0).
The steps must be performed in order and in the same shell as some of them are depending on variables set by previous steps.
Wetzel402 said:
Also when you have some time could you please explain what exactly all of this is doing? I understand very little of this syntax because I am quite noobish with Linux.
Click to expand...
Click to collapse
Sure, it is mostly just about reading some values at known offsets.
Code:
dd if=$raw_file of=bct_encrypted.bin bs=16 count=254 skip=1
Will read 254 blocks of 16 bytes, skiping one block from $raw_file into bct_encrypted.bin. So we are reading bytes 16-4080 into bct_encrypted.bin.
We are skipping the first 16 bytes since this is a checksum (CMAC) and not part of the encrypted data, so bringing that along would mess up the decryption of the next 16 byte due to the cipher block chaining.
Code:
openssl aes-128-cbc -K $SBK -iv 0 -d -in bct_encrypted.bin -out bct_decrypt.tmp -nopad
Decrypt the content of bct_encrypted.bin using the SBK and store the decryped data in bct_decrypt.tmp.
Code:
dd if=bct_decrypt.tmp of=out.bct bs=16 count=254 seek=1
We skipped the first 16 bytes previously, so the decrypted data is a bit incorretly offset.
So this takes bct_decrypt.tmp and writes it to out.bct offset 16 bytes so that we get a 4080 bytes file again.
Code:
bct_version="$(hexdump -n 4 -s 0x20 -e '1/4 "0x%x\n"' $bct_file)"
Reads the version field of the BCT, this is a 32bit integer at offset 0x20.
I would expect the version to be 0x20001.
Code:
block_size=$((2 ** $(hexdump -n 4 -s 0x24 -e '1/4 "%u"' $bct_file)))
Reads the block size field in the BCT, also a 32bit integer, at offset 0x24.
The block and page size is stored in log2, so then we need to raise 2 to the value we found to get the actual block/page size.
For example, if we found the value 14 the block size is 2**14 = 16384.
Code:
#Boot loader 1
bl_start_block=$(hexdump -n 4 -s 0xA98 -e '1/4 "%u\n"' $bct_file)
bl_length=$(hexdump -n 4 -s 0xAA0 -e '1/4 "%u\n"' $bct_file)
Read start block and size of the first boot loader (the BCT file have space for four boot loaders)
Code:
bl_start_byte=$(( $(($bl_start_block - 64)) * $block_size ))
We have the start position of the boot loader in blocks, but we need it in bytes.
So multiply the block number with the block size. Unfortunatly this is not quite right, so we need to offset it a bit.
Code:
bl_padded_length=$(( $bl_length + $((16 - $(($bl_length % 16)) ))))
The encryption used, AES 128, works on blocks of 16 bytes, but there is no guarantee that the length of the boot loader is a multiple of 16 so we need to pad it to make sure it is.
Code:
dd bs=1 if=$raw_file of="bootloader.enc" skip=$bl_start_byte count=$bl_padded_length
Cut the encrypted boot loader out of the $raw_file.
Code:
openssl aes-128-cbc -K $SBK -iv 0 -d -in bootloader.enc -out bootloader.tmp -nopad
Decrypt it
Code:
dd if=bootloader.tmp of=$bl_file bs=$bl_length count=1
And take only the actual length of the decrypted data, discarding the extra padding data we took just to make it an even number of 16 byte blocks.
Very impressive
Prior to this I have messed mostly with kitchens, cd, and mount so this is definitely a learning experience for me. After you described these commands I am convinced I could use most of these minus the fact I would have no clues what values to use in them
Thanks! I will have to try rerunning everything and see if I can get the bootloader.bin to come out.
Here is my terminal output after copying and pasting in your script.
Code:
[email protected]:~# cd /root/Desktop
[email protected]:~/Desktop# SBK="B8A4C201EB6FF106EB00150430772103"
[email protected]:~/Desktop#
[email protected]:~/Desktop# #Input file
[email protected]:~/Desktop# raw_file="data.raw"
[email protected]:~/Desktop#
[email protected]:~/Desktop# #Output files
[email protected]:~/Desktop# bct_file="out.bct"
[email protected]:~/Desktop# bl_file="bootloader.bin"
[email protected]:~/Desktop#
[email protected]:~/Desktop# echo "Extrating the BCT data"
Extrating the BCT data
[email protected]:~/Desktop# dd if=$raw_file of=bct_encrypted.bin bs=16 count=254 skip=1 2> /dev/null
[email protected]:~/Desktop#
[email protected]:~/Desktop# echo "Decrypting the BCT data"
Decrypting the BCT data
[email protected]:~/Desktop# openssl aes-128-cbc -K $SBK -iv 0 -d -in bct_encrypted.bin -out bct_decrypt.tmp -nopad
[email protected]:~/Desktop# dd if=bct_decrypt.tmp of=out.bct bs=16 count=254 seek=1 2> /dev/null
[email protected]:~/Desktop# rm bct_decrypt.tmp
[email protected]:~/Desktop# rm bct_encrypted.bin
[email protected]:~/Desktop#
[email protected]:~/Desktop#
[email protected]:~/Desktop# #Read some general information
[email protected]:~/Desktop# bct_version="$(hexdump -n 4 -s 0x20 -e '1/4 "0x%x\n"' $bct_file)"
[email protected]:~/Desktop# block_size=$((2 ** $(hexdump -n 4 -s 0x24 -e '1/4 "%u"' $bct_file)))
[email protected]:~/Desktop# page_size=$((2 ** $(hexdump -n 4 -s 0x28 -e '1/4 "%u"' $bct_file)))
I don't understand the page size line enough to know what is going wrong or to change things but after that line displays the terminal exists without errors.
Any ideas?
Wetzel402 said:
I don't understand the page size line enough to know what is going wrong or to change things but after that line displays the terminal exists without errors.
Any ideas?
Click to expand...
Click to collapse
You are probably hitting the exit in BCT version check, since you are running it directly in the shell that would make the terminal dissapear.
What does out.bct look like?
What does
Code:
hexdump -n 4 -s 0x20 -e '1/4 "0x%x\n"' out.bct
give?
That was the problem.
Code:
[email protected]:~# cd /root/Desktop
[email protected]:~/Desktop# hexdump -n 4 -s 0x20 -e '1/4 "0x%x\n"' out.bct
0xf16cb00b
So I modified the following line:
Code:
[email protected]:~/Desktop# if [ "$bct_version" != "0xf16cb00b" ]; then
Everything ran and out came the bootloader.bin. This should be the correct file then? Also the other two files (bootloader.enc&.tmp) were stepping stones to the final product (bootloader.bin) and are not needed correct?
When I get home from work if I have time I will try the following and see if life is good
Code:
nvflash --bl bootloader.bin --getbct --bct out.bct --sbk 0xB8A4C201 0xEB6FF106 0xEB001504 0x30772103 --go
nvflash -r --getpartitiontable partition.txt
Wetzel402 said:
That was the problem.
Code:
[email protected]:~# cd /root/Desktop
[email protected]:~/Desktop# hexdump -n 4 -s 0x20 -e '1/4 "0x%x\n"' out.bct
0xf16cb00b
So I modified the following line:
Code:
[email protected]:~/Desktop# if [ "$bct_version" != "0xf16cb00b" ]; then
Everything ran and out came the bootloader.bin. This should be the correct file then?
Click to expand...
Click to collapse
I would not expect a different version, I think it is more likely the decryption failed.
Could you make the data.raw file available to me?
Here it is.
Wetzel402 said:
Here it is.
Click to expand...
Click to collapse
The data looks ok, but it can not be decrypted using that key so you must have the wrong SBK.
Assuming it follows the same format as the Iconia A500 that SBK would belong to a device with UID 042800484400D057, is this the UID of your device?
Yes that is correct. So you think Acer is using a different encryption method?
I tried the NVflash commands anyway and it doesn't run. Exits with the standard failure.
Wetzel402 said:
Yes that is correct. So you think Acer is using a different encryption method?
Click to expand...
Click to collapse
Depending on what you mean, maybe and no. They are maybe allocating the SBK differently, but the encryption in still AES128.
Wetzel402 said:
I tried the NVflash commands anyway and it doesn't run. Exits with the standard failure.
Click to expand...
Click to collapse
Nvflash uses the key you give it to encrypt the command before sending it to the device, then the decrypts the command using the builtin key. If those two does not match the result will not be a recognizable command.
Depending on how you got the UID it may be worth trying a different way, some devices does not report the UID as their USB serial number.
Save this as apxuid.c and compile this using gcc -Wall -pedantic -o apxuid apxuid.c -lusb-1.0. Then run ./apxuid directly after starting the device is in apx-mode and see if you get the same UID.
Code:
#include <libusb-1.0/libusb.h>
#include <stdio.h>
#include <stdint.h>
int main(void)
{
unsigned char data[64];
int received_length;
int r = 1;
libusb_context* ctx = NULL;
libusb_device_handle* dev_handle = NULL;
libusb_init(&ctx);
dev_handle = libusb_open_device_with_vid_pid(ctx, 0x0955, 0x7820);
if(dev_handle)
{
r = libusb_bulk_transfer(dev_handle, 0x81, data, sizeof(data), &received_length, 10000);
if (r == 0)
{
if(received_length == 8)
{
printf("uid: %#016lx\n", *(uint64_t*)data);
}
else
{
r = 1;
printf("Error: We got %d bytes of data insetad of the 8 bytes we expected...\n", received_length);
}
}
else
{
printf("Error: USB read failed!\n");
}
libusb_release_interface(dev_handle, 0);
}
else
{
printf("Error: Failed to open device!\n");
}
libusb_exit(ctx);
return r;
}
I've been running Linux (debian/ubuntu based on rabits's stuff) on my tablet, with no ability to (easily) boot Android, for a few months now.
My System partition still has 9.4.5.26 on it, and I'd like to reinstall a 9.4.5.26 kernel, without wiping my System partition, so I can switch back to Android.
I've (I think) extracted a kernel image and a ramdisk image from a 9.4.5.26 install image, and I'm trying to create a install image containing just the kernel and ramdisk, and copy it to the Staging partition with dd.
I've created a Makefile to create the blobfile, and (seemingly) successfully created the blobfile, but after I do the dd, and reboot, debian/ubuntu boots as usual, instead of some kind of install process.
I've included the Makefile that I'm using below.
Any idea what I'm doing wrong, or what's wrong with my expectations?
Something I have yet to try is an alternative to dd (such as fastboot or nvflash)
Also, maybe I'd have better luck trying to create something that I could install from TWRP.
Code:
kern = zImage
bootimg_filename = boot.img
blobpack = ./blobpack
blob_img = blob.LNX
recovery_part = /dev/mmcblk0p4
$(bootimg_filename) : initrd.img $(kern)
abootimg --create $(bootimg_filename) -k $(kern) -r initrd.img
blob.LNX: $(bootimg_filename)
$(blobpack) blob.LNX LNX $(bootimg_filename)
install.dd:
dd if=$(blob_img) of=$(recovery_part)
bsammon said:
I've been running Linux (debian/ubuntu based on rabits's stuff) on my tablet, with no ability to (easily) boot Android, for a few months now.
My System partition still has 9.4.5.26 on it, and I'd like to reinstall a 9.4.5.26 kernel, without wiping my System partition, so I can switch back to Android.
I've (I think) extracted a kernel image and a ramdisk image from a 9.4.5.26 install image, and I'm trying to create a install image containing just the kernel and ramdisk, and copy it to the Staging partition with dd.
I've created a Makefile to create the blobfile, and (seemingly) successfully created the blobfile, but after I do the dd, and reboot, debian/ubuntu boots as usual, instead of some kind of install process.
I've included the Makefile that I'm using below.
Any idea what I'm doing wrong, or what's wrong with my expectations?
Something I have yet to try is an alternative to dd (such as fastboot or nvflash)
Also, maybe I'd have better luck trying to create something that I could install from TWRP.
Code:
kern = zImage
bootimg_filename = boot.img
blobpack = ./blobpack
blob_img = blob.LNX
recovery_part = /dev/mmcblk0p4
$(bootimg_filename) : initrd.img $(kern)
abootimg --create $(bootimg_filename) -k $(kern) -r initrd.img
blob.LNX: $(bootimg_filename)
$(blobpack) blob.LNX LNX $(bootimg_filename)
install.dd:
dd if=$(blob_img) of=$(recovery_part)
Click to expand...
Click to collapse
So you just want to install what you have made to your staging partition, so on next boot the tablet will install it on your tablet is that right??
bsammon said:
Any idea what I'm doing wrong, or what's wrong with my expectations?
Click to expand...
Click to collapse
Maybe your blob is missing the signature header. Read my kernel repacking guide here:
http://forum.xda-developers.com/showpost.php?p=36925180&postcount=4
Why is your extracted kernel separated in zImage and ramdisk? After unpacking the 9.4.5.26 blob, you should get blob.LNX directly without needing to recombine with abootimg.
_that said:
Maybe your blob is missing the signature header. Read my kernel repacking guide here:
http://forum.xda-developers.com/showpost.php?p=36925180&postcount=4
Click to expand...
Click to collapse
Yes! -- that was it -- after two tries, I got a working Makefile.
_that said:
Why is your extracted kernel separated in zImage and ramdisk? After unpacking the 9.4.5.26 blob, you should get blob.LNX directly without needing to recombine with abootimg.
Click to expand...
Click to collapse
Well, doing things the (somewhat) harder way is more educational, and I end up with a makefile that I can reuse for kernels and ramdisks that I make/modify myself.
If anyone's interested, here's the Makefile that I ended up with:
Code:
kern = zImage
bootimg_filename = boot.img
blobpack = ./blobpack
unsigned_blob = blob.LNX.in
signature = blob.sign
blob_img = blob.LNX
staging_part = /dev/mmcblk0p4
$(bootimg_filename) : initrd.img $(kern)
abootimg --create $(bootimg_filename) -k $(kern) -r initrd.img
$(unsigned_blob): $(bootimg_filename)
$(blobpack) $(unsigned_blob) LNX $(bootimg_filename)
$(signature):
echo -n "-SIGNED-BY-SIGNBLOB-" > $(signature)
dd if=/dev/zero bs=1 count=8 >> $(signature)
$(blob_img): $(signature) $(unsigned_blob)
cat $(signature) $(unsigned_blob) > $(blob_img)
install.dd:
dd if=$(blob_img) of=$(staging_part)
I had many problems trying to use the flash-all.sh script provided with the Stock image.
Problems included while flashing:
FAILED (remote: 'Partition should be flashed in fastbootd')
FAILED (remote : variable not found)
extracting product.img (1985 MB) to disk...W/ziparchive( 6677): Zip: unable to truncate file to ........: File too large error:
failed to extract 'system.img': I/O error
Solution:
I was able to finally get my phone flashed by downloading the official crosshatch image and Extracting it to a folder with the official platform-tools located inside.
1) Install the updated adb tool files from google official framework website: (platform-tools-latest-linux.zip)
2) download the factory image file and unzip it inside a folder. (PIXEL_FLASH)
3) after unzipping the rom file, you will find another rom file, unzip it also to the same folder (PIXEL_FLASH)
4) unzip the adb tool downloaded from step 1 and put them in the same folder (PIXEL_FLASH)
5) chmod +x Custom_Flash.sh
6) ./Custom_Flash.sh
7) Happy Flashing (.)(.)
## vim Custom_Flash.sh (i for insert mode, & paste the code block <ESC> :wq)
## chmod +x Custom_Flash.sh
## ./Custom_Flash.sh
Code:
#!/bin/bash
YLW='\e[93m' #${WHT}
WHT='\e[97m' #${YLW}
NC='\e[0m' #${NC}
BLD='\e[1m' #${BLD}
NRM='\e[0m' #${NRM}
RST='\e[22m' #${RST}
clear
echo -e "${YLW}#############################################################################"
echo -e "# ${BLD}Custom Flashin Script${RST} #"
echo -e "#############################################################################"
echo -e "#${WHT} Flashing Notes:${YLW} #"
echo -e "#${WHT} FASTBOOTD --> fastboot reboot fastboot${YLW} #"
echo -e "#${WHT} SIDELOAD --> Enter Recovery --> Update via ADB${YLW} #"
echo -e "#${WHT} adb sideload <zipfile>.zip${YLW} #"
echo -e "${YLW}#############################################################################${WHT} "
files=( adb fastboot )
for i in "${files[@]}"; do
if [ -f "$i" ]; then
echo -e "[\xE2\x9C\x94] $i exists";
else
echo -e "[\xE2\x9D\x8C] $i missing"
err="$err $i"
fi
done
if [ -z "$err" ]; then
echo "Found Dependencies, Moving on...";
else
echo -e "Could not find dependencies: $err \nPlease place in $(pwd)\n"
while true; do
read -p "Would you like for me to retrieve it for you?" yn
case $yn in
[Yy]* ) curl -O https://dl.google.com/android/repository/platform-tools_r29.0.5-linux.zip && unzip platform*.zip && mv platform-tools/* ./ && rmdir platform-tools;break;;
[Nn]* ) exit;;
* ) echo "Please answer yes or no.";;
esac
done
fi
factory="crosshatch-qp1a.*.zip"
if test -n "$(find . -maxdepth 1 -name $factory -print -quit)";then
echo -e "[\xE2\x9C\x94] $factory exists ... Continuing with script"
files=( boot.img bootloader* dtbo.img product.img radio* system.img system_other.img vbmeta.img vendor.img )
for i in "${files[@]}"; do
if [ -f "$i" ]; then
echo -e "[\xE2\x9C\x94] $i exists";
else
echo -e "[\xE2\x9D\x8C] $i missing"
err="$err $i"
fi
done
if [ -z "$err" ]; then
echo "Found images, Moving on...";
else
echo -e "Could not find all images: $err \nPlease place in $(pwd)\n"
sleep 5
echo -e "Trying to extract them for you!"
unzip $factory && mv crosshatch*/* ./ && unzip image-crosshatch*.zip && rmdir crosshatch*
fi
else
echo -e "Unable to locate $factory.\nPlease make sure that file is in: $(pwd)."
echo -e "You can manually download factory image & place in current folder with Custom_Flash.sh"
echo -e "Factory download location: https://developers.google.com/android/images\n"
while true; do
read -p "Would you like for me to retrieve it for you?" yn
case $yn in
[Yy]* ) link=$(curl -s https://developers.google.com/android/images | egrep "crosshatch-qp1a.*-factory-.*.zip" | cut -d '"' -f 2 | tail -n 1); curl -O $link;find . -maxdepth 1 -name "crosshatch*.zip" -exec unzip {} \;mv crosshatch*/* ./ && rmdir crosshatch*;break;;
[Nn]* ) exit;;
* ) echo "Please answer yes or no.";;
esac
done
fi
export PATH=$PATH:$(pwd)
mkdir tmp
TMPDIR="$PWD/tmp"
echo -e '#############################################################################'
echo -e '# Checking Variables & free space #'
echo -e '#############################################################################'
echo "PATH: ";echo $PATH
df -h /tmp
echo -e '#############################################################################'
echo -e '# Enviroment Checks out - Staring the procedure #'
echo -e '#############################################################################'
echo -e '#############################################################################'
echo -e '# Flashing BOOTLOADER A #'
echo -e '#############################################################################'
sleep 5
fastboot flash bootloader_a bootloader*.img
fastboot reboot-bootloader
echo -e '#############################################################################'
echo -e '# Flashing BOOTLOADER B #'
echo -e '#############################################################################'
sleep 5
fastboot flash bootloader_b bootloader*.img
fastboot reboot-bootloader
echo -e '#############################################################################'
echo -e '# Flashing RADIO A #'
echo -e '#############################################################################'
sleep 5
fastboot flash radio_a radio*.img
fastboot reboot-bootloader
echo -e '#############################################################################'
echo -e '# Flashing RADIO B #'
echo -e '#############################################################################'
sleep 5
fastboot flash radio_b radio*.img
fastboot reboot-bootloader
sleep 7
echo -e '#############################################################################'
echo -e '# Prepping Slot A #'
echo -e '#############################################################################'
sleep 3
fastboot --set-active=_a
fastboot --set-active=a
echo -e '#############################################################################'
echo -e '# Flashing Slot A #'
echo -e '#############################################################################'
sleep 3
##Flashing Slot A
fastboot flash abl_a abl.img
fastboot flash aop_a aop.img
fastboot flash boot_a boot.img
fastboot flash cmnlib_a cmnlib.img
fastboot flash cmnlib64_a cmnlib64.img
fastboot flash devcfg_a devcfg.img
fastboot flash dtbo_a dtbo.img
fastboot flash hyp_a hyp.img
fastboot flash keymaster_a keymaster.img
fastboot flash modem_a modem.img
fastboot flash qupfw_a qupfw.img
fastboot flash tz_a tz.img
fastboot flash vbmeta_a vbmeta.img
fastboot flash xbl_a xbl.img
fastboot flash xbl_config_a xbl_config.img
echo -e '#############################################################################'
echo -e '# Prepping Slot B #'
echo -e '#############################################################################'
sleep 3
fastboot --set-active=_b
fastboot --set-active=b
echo -e '#############################################################################'
echo -e '# Flashing Slot B #'
echo -e '#############################################################################'
sleep 3
##Flashing Slot B
fastboot flash abl_b abl.img
fastboot flash aop_b aop.img
fastboot flash boot_b boot.img
fastboot flash cmnlib_b cmnlib.img
fastboot flash cmnlib64_b cmnlib64.img
fastboot flash devcfg_b devcfg.img
fastboot flash dtbo_b dtbo.img
fastboot flash hyp_b hyp.img
fastboot flash keymaster_b keymaster.img
fastboot flash modem_b modem.img
fastboot flash qupfw_b qupfw.img
fastboot flash tz_b tz.img
fastboot flash vbmeta_b vbmeta.img
fastboot flash xbl_b xbl.img
fastboot flash xbl_config_b xbl_config.img
sleep 3
echo -e '#############################################################################'
echo -e '# Rebooting to fastbootd #'
echo -e '#############################################################################'
sleep 10
fastboot reboot fastboot
sleep 4
echo -e '#############################################################################'
echo -e '# Flashing PRODUCT, VENDOR & SYSTEM A #'
echo -e '#############################################################################'
fastboot flash product_a product.img
fastboot flash vendor_a vendor.img
fastboot flash system_a system.img
echo -e '#############################################################################'
echo -e '# Flashing PRODUCT, VENDOR & SYSTEM B #'
echo -e '#############################################################################'
fastboot flash product_b product.img
fastboot flash system_b system_other.img
fastboot flash vendor_b vendor.img
echo -e '#############################################################################'
echo -e '# Switching to Slot A #'
echo -e '#############################################################################'
fastboot --set-active=_a
fastboot --set-active=a
sleep 4
echo -e '#############################################################################'
echo -e '# Reboot Device #'
echo -e '#############################################################################'
fastboot reboot
rmdir tmp
sleep 10
Those errors mean your adb and fastboot are out of date...
fastbootd is a new userspace fastboot that is used for the newer Pixel partitioning. Updating those tools will allow you to use the factory images as intended.
as we known, there's a famous tool called Tiny Script Tool to flash our custom systems. but i hate windows, is there a way to flash images in linux? at lease in linux there's no driver needs to all adb devices, thats perfect!
this guid will led you to do it in linux.
as Moto edge s is a dynamic partition device, these options suite to all devices with super block.
maybe YOU HAVE TO USE ROOT OR SUDO TO ACCESS YOUR DEVICE. change to root user if you can't access your device in linux.
# automatic tool:
i've wrote it as a script tool, see https://github.com/superiums/TrinyFlashScript
# manually steps:
## 刷机步骤
1. 备份app
Bash:
#!/bin/bash
backdirs='/dev/shm/app_backup/'
if [ ! -d "$backdirs" ]; then
mkdir $backdirs
fi
# user 0
backdir='/dev/shm/app_backup/0/'
if [ ! -d "$backdir" ]; then
mkdir $backdir
fi
adb shell pm list packages --user 0 -3 -f |awk '{ORS="\n";sub(/package:/,"adb pull ");sub(/apk=/,"apk '$backdir'");print($0".apk;");print("")}' >$backdir'dolist.sh'
sh $backdir'dolist.sh'
# ----------back app for user 10, if you have insular installed in your phone, this is needed!!! ********otherwise, skip.*******
backdir='/dev/shm/app_backup/10/'
if [ ! -d "$backdir" ]; then
mkdir $backdir
fi
adb shell pm list packages --user 10 -3 -f |awk '{ORS="\n";sub(/package:/,"adb pull ");sub(/apk=/,"apk '$backdir'");print($0".apk;");print("")}' >$backdir'dolist.sh'
sh $backdir'dolist.sh'
# ---------------------------------------------------------------------------------------------------------------------
2. 备份数据
Bash:
adb pull /sdcard/Downlad .
3. 重启到fastboot模式,刷写非动态分区
> **非动态分区包括**:
>
> - vbmeta
> - vbmeta_system
> - boot
> - vendor_boot
> - dtbo
Bash:
adb reboot bootloader
# 或 volumne- & power 开机
# 验证是否fastbootd模式
fastboot getvar is-userspace
# 应返回 no
fastboot flash [partition][_slot] [image]
# clear userdata and meta
fastboot -w
4. 重启到fastbootd模式,刷新动态分区
> **super分区包括**:
>
> - system
> - system_ext
> - vendor
> - product
Bash:
fastboot reboot fastboot
# 验证是否fastbootd模式
fastboot getvar is-userspace
# 应返回 yes
fastboot flash [partition][_slot] [image]
6. 双清
Bash:
fastboot erase userdata
#或
fastboot -w
#完成,重启到新系统
fastboot reboot
7. 设置系统
Bash:
#-------------for chinese users only, because they are blocked by the GFW and not able to connect to google.--------------
#Android 7及之后的版本输入如下两个命令,设置网络检测地址:
adb shell settings put global captive_portal_http_url http://www.google.cn/generate_204
adb shell settings put global captive_portal_https_url https://www.google.cn/generate_204
#可以输入如下命令, 禁止检测网络连接状态.
adb shell settings put global captive_portal_detection_enabled 0
#---------------------------------
#---------- if you are concern to your private data, this is usefull.
#强制开启分区存储
adb shell sm set-isolated-storage on
9. 恢复软件及数据
Bash:
cd 0
ls -1 *.apk | xargs -ti -n 1 adb install --user 0 {}
#------------- after install insular--------------------
cd 10
ls -1 *.apk | xargs -ti -n 1 adb install --user 10 {}
adb push ./Downloads/* /sdcard/Downloads/
hopes this help.
the insular mentioned above is this package: com.oasisfeng.island.fdroid.apk
which will create sperate user space for your storage , called "work profile".
if you bricked your device, try these options:
(Every flash lover should backup a stock image for future!)
RSA solution, flash back to stock firmware. follow Skip to content for windows, follow these commands for Linux:
Bash:
command
fastboot flash partition gpt.bin
fastboot flash bootloader bootloader.img
fastboot flash vbmeta_system vbmeta_system.img
fastboot flash vbmeta vbmeta.img
fastboot flash radio radio.img
fastboot flash bluetooth BTFM.bin
fastboot flash dsp dspso.bin
fastboot flash logo logo.bin
fastboot flash boot boot.img
fastboot flash vendor_boot vendor_boot.img
fastboot flash dtbo dtbo.img
fastboot flash super super.img_sparsechunk.0
fastboot flash super super.img_sparsechunk.1
fastboot flash super super.img_sparsechunk.2
fastboot flash super super.img_sparsechunk.3
fastboot flash super super.img_sparsechunk.4
fastboot flash super super.img_sparsechunk.5
fastboot flash super super.img_sparsechunk.6
fastboot flash super super.img_sparsechunk.7
fastboot flash super super.img_sparsechunk.8
fastboot flash super super.img_sparsechunk.9
fastboot erase userdata
fastboot erase ddr
fastboot oem fb_mode_clear
fastboot reboot
Blank Flash, both windows and linux tools and image contained.
download stock firmware for motorola edge s (nio, XT2125) here: https://mirrors.lolinet.com/firmwar...ubsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip
download blankFlash tool here:
https://mirrors.lolinet.com/firmware/motorola/nio/blankflash/blankflash_nio_RRTS31.Q1-84-24-3-6.zip
MSM Xextend is very powerfull, so many custom settings, love and great appreciate !
I've wrote a automatic script tool for this, see
https://github.com/superiums/TrinyFlashScript