Database Info

[HOW-TO]Create Custom ODIN Images for Backup/Restore

I'm sure several people will be wanting this information, so I figured I would post it here for everyone. This will allow you to backup your system and create custom Odin images for restore purposes. For anyone unfamiliar with the Samsung system, they use Odin to flash things to the device, much like HTC has RUU and Moto has SBF. Odin files are either .tar files, or .tar.md5 files.
The .tar.md5 files are .tar files with the md5 checksum added to the end of the file. If you attempt to flash a .tar.md5 file, Odin will automatically check that the contents are what they should be before flashing and proceed with the flash if the md5 is valid, otherwise it will stop.
In Odin, you should use the PDA button for all flashing. The PIT button may be used as well, if we can get a valid .pit file for the device, but for now, PIT won't be used either. Other than PDA, Start/Reset are the only other buttons you need to worry about.
Now, on to creating the backup files. First, you will need your device to be rooted (perm or temp root will work), and you also need to have access to terminal on the phone, either via an emulator or adb shell access. To create the backup files, you won't need a Linux/UNIX system, but you will if you want to create a flashable Odin package. The following will output the files on the root of the SDCard, adjust the "of=" path if you want them somewhere else. It will also create the files for the proper filename for Odin as well. So to create the files, here are the commands you will use from root shell (#):
System:
Code:
dd if=/dev/block/stl10 of=/sdcard/factoryfs.rfs bs=4096
Kernel:
Code:
dd if=/dev/block/bml8 of=/sdcard/zImage bs=4096
Recovery:
Code:
dd if=/dev/block/bml9 of=/sdcard/recovery.bin bs=4096
DO NOT INCLUDE THE FOLLOWING IN ANYTHING BUT A PERSONAL BACKUP
Cache:
Code:
dd if=/dev/block/mmcblk0p3 of=/sdcard/cache.rfs bs=4096
DBData:
Code:
dd if=/dev/block/stl11 of=/sdcard/dbdata.rfs bs=4096
Data:
Code:
dd if=/dev/block/mmcblk0p1 of=/sdcard/movinand.bin bs=4096
The last three files (cache, dbdata, data) may contain personal information, so do not include these 3 files in anything but a personal backup/recovery package.
To create a flashable Odin package, you need to pull all of the files off of the phone/sdcard and onto your computer. From there, you use the following to create the package:
Code:
tar -H ustar -c factoryfs.rfs recovery.bin zImage > package_name.tar
md5sum -t package_name.tar >> package_name.tar
mv package_name.tar package_name.tar.md5
If you want to include cache/dbdata/data in the above for personal use, just add them after the "-c" and before the ">".
There are other files that may be in Odin packages, but they are protected by Samsung and cannot be dumped properly. The files are the bootloader, secondary bootloader, modems, and .lfs partitions. The files would be boot.bin, Sbl.bin, modem.bin (not sure what it would be for the CDMA/LTE dual modem here), and param.lfs. It however isn't that big of an issue that these can't be dumped as the can't really be altered by normal flashing of the device, and are usually only altered via OTA updates.

Thanks for this info imnuts! I unfortunately updated to the new update and would like to go back to rooted but cant until I downgrade.

Thanks!
Thanks for posting this. I'm going to attempt to make a personal backup and then I can factory reset the phone and make a stock version for people to use. I'm haven't installed the update yet either, so I'm hoping this will let people get back to ED1. I've also been playing around with theming using the fascinate community rom theme and ninjamorph to swap files. It'll take a while, but it's currently the only way I feel safe messing with framework-res.

wynalazca said:
Thanks for posting this. I'm going to attempt to make a personal backup and then I can factory reset the phone and make a stock version for people to use. I'm haven't installed the update yet either, so I'm hoping this will let people get back to ED1. I've also been playing around with theming using the fascinate community rom theme and ninjamorph to swap files. It'll take a while, but it's currently the only way I feel safe messing with framework-res.
Click to expand...
Click to collapse
I'm definitely looking forward to having a downgrade ROM image to get back to ED1!

So how do you add the last personal 3 i just got the droid charge and i am not very familiar with samsung files i had a droid x and a thunderbolt very shortly and am familiar with ruu and sbf but how do you add cache dbdata and the other one. I meab like the actual command not the instruction to put it after c

rami98 said:
So how do you add the last personal 3 i just got the droid charge and i am not very familiar with samsung files i had a droid x and a thunderbolt very shortly and am familiar with ruu and sbf but how do you add cache dbdata and the other one. I meab like the actual command not the instruction to put it after c
Click to expand...
Click to collapse
The only thing that would change would be the tar command. If you want to include the other files, it would be:
Code:
tar -H ustar -c cache.rfs dbdata.rfs factoryfs.rfs movinand.bin recovery.bin zImage > package_name.tar
md5sum -t package_name.tar >> package_name.tar
mv package_name.tar package_name.tar.md5
You just need to pull the files from your phone and have them in the same directory that you're in in terminal, and have them named appropriately. It also doesn't matter what order they are in (that I know of), I just have them in alphabetical order for ease of reading.

So im going to try and do the voodoo lagfix for the first time ever but I wanted to make a backup. Im on ED2 and NOT rooted so how would I go about making these backups?

imnuts said:
The only thing that would change would be the tar command. If you want to include the other files, it would be:
Code:
tar -H ustar -c cache.rfs dbdata.rfs factoryfs.rfs movinand.bin recovery.bin zImage > package_name.tar
md5sum -t package_name.tar >> package_name.tar
mv package_name.tar package_name.tar.md5
You just need to pull the files from your phone and have them in the same directory that you're in in terminal, and have them named appropriately. It also doesn't matter what order they are in (that I know of), I just have them in alphabetical order for ease of reading.
Click to expand...
Click to collapse
I tried the above and I keep getting this error message in the command prompt:
'tar' is not recognized as an internal or external command, operable program or batch file.
(I'm trying this on windows 7 professional)
Any help would be appreciated, thanks!

mypantsaretorn said:
I tried the above and I keep getting this error message in the command prompt:
'tar' is not recognized as an internal or external command, operable program or batch file.
(I'm trying this on windows 7 professional)
Any help would be appreciated, thanks!
Click to expand...
Click to collapse
You wouldn't by any chance be trying the "tar" command at a windows command prompt, would you?
imnuts said:
To create the backup files, you won't need a Linux/UNIX system, but you will if you want to create a flashable Odin package.
To create a flashable Odin package, you need to pull all of the files off of the phone/sdcard and onto your computer. From there, you use the following to create the package:
Code:
tar -H ustar -c factoryfs.rfs recovery.bin zImage > package_name.tar
md5sum -t package_name.tar >> package_name.tar
mv package_name.tar package_name.tar.md5
If you want to include cache/dbdata/data in the above for personal use, just add them after the "-c" and before the ">".
Click to expand...
Click to collapse
Course you might be running Linux in a vmware or Hyper-V environment....hint?
HTH

Damn! I didn't pay attention to the second part of that sentence! Lol
Thanks for the "hint"..
Sent from my SCH-I510 using XDA App

The other option would be using Cygwin, but I've never tried it, so it may or may not work.

imnuts said:
The other option would be using Cygwin, but I've never tried it, so it may or may not work.
Click to expand...
Click to collapse
cygwin works!
Edit: Here is how:
1. Search google for cygwin - download
2. Run - you will be prompted to get packages - I assumed "archive" was a good place to start - not sure if you need this or not...
3. When complete you will see a new icon on your desktop - double-click
4. Be patient as it loads
5. Copy the files output'ed from first post to same folder on PC
6. Back in cygwin:
a. cd x: (where x: is the drive letter of the drive that has the folder with the files)
b. tar -H ustar -c cache.rfs dbdata.rfs movinand.bin factoryfs.rfs recovery.bin zImage > package_name.tar
c: md5sum -t package_name.tar >> package_name.tar
d: mv package_name.tar package_name.tar.md5
Complete output of commands:
These files are for the users to personalise their cygwin experience.
They will never be overwritten nor automatically updated.
`./.bashrc' -> `/home/UWINKET//.bashrc'
`./.bash_profile' -> `/home/UWINKET//.bash_profile'
`./.inputrc' -> `/home/UWINKET//.inputrc'
`./.profile' -> `/home/UWINKET//.profile'
Your group is currently "mkgroup". This indicates that neither
your gid nor your pgsid (primary group associated with your SID)
is in /etc/group.
The /etc/group (and possibly /etc/passwd) files should be rebuilt.
See the man pages for mkpasswd and mkgroup then, for example, run
mkpasswd -l [-d] > /etc/passwd
mkgroup -l [-d] > /etc/group
Note that the -d switch is necessary for domain users.
[email protected] ~
$ cd h:
System Volume Information
[email protected] /cygdrive/h
$ cd downloads
[email protected] /cygdrive/h/downloads
$ cd charge
[email protected] /cygdrive/h/downloads/charge
$ cd tarbackup/
[email protected] /cygdrive/h/downloads/charge/tarbackup
$ tar -H ustar -c cache.rfs dbdata.rfs movinand.bin factoryfs.rfs recovery.bin
zImage > package_name.tar
[email protected] /cygdrive/h/downloads/charge/tarbackup
$ md5sum -t package_name.tar >> package_name.tar
[email protected] /cygdrive/h/downloads/charge/tarbackup
$ mv package_name.tar package_name.tar.md5
[email protected] /cygdrive/h/downloads/charge/tarbackup
$

Hmm flash did not work with my personal data in it - got an error. Created a new .tar file with just factoryfs.rfs recovery.bin and zImage and was able to flash that. TG for TiBu!

jism31 said:
Thanks for this info imnuts! I unfortunately updated to the new update and would like to go back to rooted but cant until I downgrade.
Click to expand...
Click to collapse
How do you start doing this. How do I get to root shell (#)... Thanks
AD

I plan to get rooted on ED1 so I can get a stock image backed up, and have a clean base to work from. Still getting my head around the odin stuff first.

RaptorMD said:
I plan to get rooted on ED1 so I can get a stock image backed up, and have a clean base to work from. Still getting my head around the odin stuff first.
Click to expand...
Click to collapse
you dont have to do that its already done
http://forum.xda-developers.com/showthread.php?t=1085190

Well, I successfully followed all the instructions and have created my first ODIN flashable file, I have not tried to flash it yet. I'm just curious, I pull all the different .rfs, .bin, and zImage on this file and noticed it's about 1.8gb file. Is this normal?
Also, before I try to flash this. Should I have dissable voodoo lagfix and converted back to rfs before I dumped the files?
Thanks for all the help!

JKChad said:
Well, I successfully followed all the instructions and have created my first ODIN flashable file, I have not tried to flash it yet. I'm just curious, I pull all the different .rfs, .bin, and zImage on this file and noticed it's about 1.8gb file. Is this normal?
Also, before I try to flash this. Should I have dissable voodoo lagfix and converted back to rfs before I dumped the files?
Thanks for all the help!
Click to expand...
Click to collapse
Yes, that's normal for it to be so large as dd will dump the partition, including empty space. If you were to compress it with zip or lzma, it'd drop down considerably.
Not sure about the voodoo part as I've never dumped files from an ext4 partition. I don't see any reason why it wouldn't work, but I'd flash with caution and have another working image ready just in case.

imnuts said:
Not sure about the voodoo part as I've never dumped files from an ext4 partition. I don't see any reason why it wouldn't work, but I'd flash with caution and have another working image ready just in case.
Click to expand...
Click to collapse
Shouldn't be an issue as long as he keeps the voodoo kernel.
Sent from my SCH-I510 using Tapatalk

Anybody try this with voodoo yet ?

[ROOT] [i8160] [Ace2] Advanced rooting procedure WITHOUT increasing the Flash counter

SAMSUNG GALAXY ACE 2 i8160/i8160P
This could be complicated if you never used any Linux os, however with this method you can root your phone without increasing the flash counter.
Kernel, recovery, etc. will be the same as in original samsung roms, we will flash a modified (pre-rooted) system.img.
For prerooted system images and csc files see 2nd post!
Requirements:
Linux - Ubuntu 12 recommended (a virtual one will also do the job)
Windows with Odin for flashing
Patience
References:
Ext4Utils
Insipred by: Expert root method which does not increase the flash counter
First of all download your original rom from: http://www.sammobile.com/firmware/?page=3
1, Create a "samsung" directory on your linux filesystem -> "home/username" folder where username is your linux username.
2, Extract the downloaded firmware, then move system.img.md5 and cache.img.md5 to home/username/samsung dir.
(root_package.zip and ext4utils.zip also extract here)
3, Open a terminal window, and enter:
Code:
sudo mkdir /mnt/system
Type the root password and enter.
4, Now set current dir to samsung directory and mount the system image:
Code:
cd /home/username/samsung
mv system.img.md5 system.img.ext4
make
./simg2img system.img.ext4 system.img
sudo mount system.img /mnt/system
if you get error when executiong "make" type:
Code:
sudo apt-get install zlib1g-dev
5, The original system image has been mounted, now extract su binary and superuser.apk to samsung dir then, enter:
I suggest only su binary to include in /system, SuperUser can be installed later!
Code:
sudo cp su /mnt/system/bin/su
6, Now we have to adjust the permissions:
For SU binary:
Code:
sudo chown root:root /mnt/system/bin/su
sudo chmod 06755 /mnt/system/bin/su
For SuperUser app:
Code:
sudo chmod 644 /mnt/system/app/superuser.apk
7, Unmount the image:
Code:
sudo umount /mnt/system
or if it's not working:
Code:
sudo umount system.img
8, Now create md5 hashes:
Code:
md5sum -t system.img>>system.img
mv system.img system.img.md5
if you get "permission denied" first:
Code:
sudo chown username:username system.img
9, Create falshable tar and md5 hashes for odin package:
Code:
tar cf system_rooted.tar system.img.md5
md5sum -t system_rooted.tar>>system_rooted.tar
mv system_rooted.tar system_rooted.tar.md5
As you remember we copied the cache.img.md5 also, that's because we need to flash this as a separated CSC package.
10, Creating CSC package.
Code:
tar cf csc.tar cache.img.md5
md5sum -t csc.tar>>csc.tar
mv csc.tar csc.tar.md5
11, Now open Odin and select system_rooted.tar.md5 as PDA, and csc.tar as csc.
Check: Auto reboot and F. Reset Time.
Enjoy your rooted phone.
NOTES:
After flashing phone will boot in recovery mode to apply csc, then reboots automatically to normal mode.
If you download different rom than already have on the device first flash the unmodified samsung tar as PDA.

PRE-ROOTED ROMs
(Only modified system and csc - if Superuser not included download manually from Play store or install from sdcard)
PDA: XXLD8 | CSC: I8160DBTLD2 -> -> DOWNLOAD <-
Thanks to: powermetza
PDA: XXLD8 | CSC: XXLD3 | Product code: XEO -> Mirror 1 | Mirror 2
Thanks to: mastermid | szczepan2
For i8160P - Galaxy Ace 2 NFC model
PDA: I8160PXXLE6 | CSC: I8160PDBTLE5 -> Mirrors
Thanks to: soraxx
SuperUser FIX for pre-rooted rom (only if you have problems): View
FLASHING INSTRUCTIONS
0, Download odin from 1st post, extract the downloaded (pre-rooted) rom.
1, Open odin and select csc.tar.md5 (or something like that it's a smaller file max. 20 MB) as CSC.
2, Select the other file (possibly system.tar.md5 or pda.tar.md5, it's 500+ MB) as PDA.
3, Check, Auto reboot and F. Reset Time then start.
(of course first switch to download mode and connect the phone )

mount: must specify filesystem (this is error)
My OS - Linux Mint 13 with MATE, run natively.

I don't know what's the problem, the filesystem should be ext4, but in Ubuntu mounted without any errors.

any chance to reset counter? mine just rooted yesterday. damn

Thank you! It would be a good solution can be used under Windows ...
GT-I8160-ról küldve

@Szaby59
Three simple questions:
1. Can I use this method to cook pre-rooted ROM (that doesn't increase flash counter), but without samsungs bloatware? In other words: Can I somehow remove any APK that comes from samsung and still have valid warranty?
2. Did you tried this method with flash_counter=0 or did you already voided warranty and then NOT increased flash_counter?
3. Are both values "Custom Binary Download=NO" and "Current Binary: Samsung Official" still intact after this root method?
Anyway... Thank you for this... I was waiting for something like this since I bought I8160.

1, I think you can remove apps and modify some other things if you want I didn't test it but 99% it's possible (or you can remove aps later with root explorer from /system/app)
But for warranty purposes (removing root, restoring original apps) reflash the original unmodified samsung tar.
2-3, No, I didn't tried any other methods, the custom binary downloads is 0 (NO) and I have "Samsung Official".
I think the counter only observing kernel flashes, with this method the flash counter will be the same as before the flash.
Also I noticed when you reboot from adb or terminal to download mode it doesn't shows the odin mode... stuffs, only when you use the hardware keys (vol down+home+power). !Maybe! in this way we can flash a modified kernel but it's not 100% and first you need to root the phone somehow to enable "su reboot download" command.

By the way... There is no way to download the ROM from THIS site... Loading, loading, and... loading...

szczepan2 said:
By the way... There is no way to download the ROM from THIS site... Loading, loading, and... loading...
Click to expand...
Click to collapse
Login first -> blank screen -> go back and refresh > download firmware.

Do I need to create CSC file again if I want to flash back to stock-non rooted firmware? Or should I use stock PDA file only, without CSC?
Can you write down a simple "Going back to stock ROM procedure without touching Flash Counter". Many noobs (including me) would be grateful for complete solution.

Maybe the editing ROM is not working because it's Polish? I can't open it too with any archive manager...

arroyo said:
Do I need to create CSC file again if I want to flash back to stock-non rooted firmware? Or should I use stock PDA file only, without CSC?
Can you write down a simple "Going back to stock ROM procedure without touching Flash Counter". Many noobs (including me) would be grateful for complete solution.
Click to expand...
Click to collapse
Just flash back the original tar with all files as pda no csc or phone needed it's included in the tar.
@szczepan2: you can't use any know archiver to open img.md5 files.
For extracting the tar use winrar or 7zip.

Szaby59 said:
@szczepan2: you can't use any know archiver to open img.md5 files.
For extracting the tar use winrar or 7zip.
Click to expand...
Click to collapse
Ahh, got it. So if it impossible to open it, so how it's possible to mount it?
Ehh, i'm really angry because I can't root my phone... You use Ubuntu in VM or native? Or maybe LiveCD?

szczepan2 said:
Ahh, got it. So if it impossible to open it, so how it's possible to mount it?
Ehh, i'm really angry because I can't root my phone... You use Ubuntu in VM or native? Or maybe LiveCD?
Click to expand...
Click to collapse
I installed on a virtualbox virtual machine, (with 8 GB vhd) for mounting and rooting follow the steps from 1st post.

@Szaby59
I have also the problem that I need to specify type of mounting filesystem, but I have an idea.
If you are able to mount succesfuly system.img, then could you in console just type:
Code:
mount
It will give you the list with all mounted devices/images and their types - I would be grateful if you could check what type is /mnt/system.
Thanks in advance.

mastermid said:
@Szaby59
I have also the problem that I need to specify type of mounting filesystem, but I have an idea.
If you are able to mount succesfuly system.img, then could you in console just type:
Code:
mount
It will give you the list with all mounted devices/images and their types - I would be grateful if you could check what type is /mnt/system.
Thanks in advance.
Click to expand...
Click to collapse
It shows ext4 filesystem.

mastermid said:
@Szaby59
I have also the problem that I need to specify type of mounting filesystem, but I have an idea.
If you are able to mount succesfuly system.img, then could you in console just type:
Code:
mount
It will give you the list with all mounted devices/images and their types - I would be grateful if you could check what type is /mnt/system.
Thanks in advance.
Click to expand...
Click to collapse
cloudm33 samsung # mount -t ext4 system.img /mnt/system/
mount: Filesystem error, wrong superblock at /dev/loop0 etc.

Tutorial updated with additional tools and instructions.

Szaby59 said:
Tutorial updated with additional tools and instructions.
Click to expand...
Click to collapse
Can you upload also a pre-rooted rom?
For example the polish or the germany stock rom?
Thanks in advance!

[TUTORIAL] How to repackage ODIN files

First the disclaimer:
I am not responsible for what you do to your phone. Following these directions could cause you to brick, locust plague, or end of times. You assume ALL responsibility for what you do with this information.
Now, on to the fun stuff. I take *NO* credit for this information at all. I am a student of people far more knowledgeable about these things. However, I've managed to take what I've learned and apply it in really fun ways. For example, I have a script that takes an OTA and builds a new full ODIN image from it...with all partitions fully signed except system. Many people have asked me to "repackage it" with various requests. This tutorial is going to show how to do that.
Requirements:
o) You will need to install Cygwin. A default installation should suffice for this exercise.
o) You will need one of the ODIN TAR Full Rooted Restore images. They are gzipped to make them smaller.
Process:
o) You need to unpack the files stored inside the gzip. 7 Zip is a handy program for doing that. We need the individual partition files extracted to a work directory that can be accessed from a Cygwin command prompt. I create a C:\Android\S4_GPE directory for my own image creation tasks.
o) Once the individual files are unpacked, we need to repack them. Open a Cygwin command prompt and navigate to the directory you extracted the files to. In my case, that would be cd c:/Android/S4_GPE
Follow the directions below to repack the files as needed. I give a few examples here to show you the basics of how it's done. Basically you run each command in your Cygwin command prompt. Or you can add them to an SH script and run it that way. Whatever you feel most comfortable with.
The output of these commands is an ODIN flashable file that will install what you choose.
BOOT
filename=boot
tar -H ustar -c boot.img > $filename.tar
md5sum -t $filename.tar >> $filename.tar
mv $filename.tar $filename.tar.md5
RECOVERY
filename=recovery
tar -H ustar -c recovery.img > $filename.tar
md5sum -t $filename.tar >> $filename.tar
mv $filename.tar $filename.tar.md5
MODEM
filename=modem
tar -H ustar -c NON-HLOS.bin modem.bin > $filename.tar
md5sum -t $filename.tar >> $filename.tar
mv $filename.tar $filename.tar.md5
FULL ODIN IMAGE
filename=I9505GUEUB_FULL_ROOTED
tar -H ustar -c boot.img recovery.img NON-HLOS.bin modem.bin system.img.ext4 > $filename.tar
md5sum -t $filename.tar >> $filename.tar
mv $filename.tar $filename.tar.md5
gzip $filename.tar.md5
Those are some of the common ones. What if I wanted a "semi-full rooted image"? For instance, without the modems? You just modify this line:
tar -H ustar -c boot.img recovery.img NON-HLOS.bin modem.bin system.img.ext4 > $filename.tar
so that it becomes:
tar -H ustar -c boot.img recovery.img system.img.ext4 > $filename.tar
Of if you don't want recovery, either, and just want boot and system:
tar -H ustar -c boot.img system.img.ext4 > $filename.tar
And the rest stays the same. I really hope this helps people. I will update this post to clarify anything that's confusing and will try to help people in this thread to create whatever they need. Again, you take responsibility for anything you create using these instructions and flash to your phone.

whats the command to create a system dump to an odin compatible system.img file? been a while. i forget

This is how I do it in my script:
adb shell "su -c 'cd /sdcard; dd if=/dev/block/platform/msm_sdcc.1/by-name/system of=/sdcard/system.img.ext4'"
adb pull /sdcard/system.img.ext4
adb shell rm /sdcard/system.img.ext4

SamuriHL said:
This is how I do it in my script:
adb shell "su -c 'cd /sdcard; dd if=/dev/block/platform/msm_sdcc.1/by-name/system of=/sdcard/system.img.ext4'"
adb pull /sdcard/system.img.ext4
adb shell rm /sdcard/system.img.ext4
Click to expand...
Click to collapse
I'm a relative noob and just learning as much as I can and this is alot of great info. I am able to pull system dump and pull recovery.img from my but when I create an odin flashable recovery image (for back-up purposes) it fails auth. Is there a way to pull a signed recovery image from system? Thanks.

No. When you dd extract a partition it adds padding to it which messes with the signature. I create a signed recovery img file by patching the boot img with the recovery-from-boot.p in the OTA update. That's a lot more involved than what's in this tutorial, however.

SamuriHL said:
No. When you dd extract a partition it adds padding to it which messes with the signature. I create a signed recovery img file by patching the boot img with the recovery-from-boot.p in the OTA update. That's a lot more involved than what's in this tutorial, however.
Click to expand...
Click to collapse
Got it, thank you. I found the thread on hexediting the partition file. I will see if that works.

muniz_ri said:
Got it, thank you. I found the thread on hexediting the partition file. I will see if that works.
Click to expand...
Click to collapse
My initial results weren't very conclusive on that. I tried it with the NON-HLOS.bin file just to see if I could make it consistent with the one I create by patching, and the results were not good. There's no way to know exactly how long to make the cut. It seems like all you do is remove the trailing 00's when hexediting, but, I can tell you that's not enough to make it match. I've got more research to do on this as it would be extremely useful to be able to edit the dd extracted files to make them match the signed files. So far, that doesn't seem possible.

SamuriHL said:
My initial results weren't very conclusive on that. I tried it with the NON-HLOS.bin file just to see if I could make it consistent with the one I create by patching, and the results were not good. There's no way to know exactly how long to make the cut. It seems like all you do is remove the trailing 00's when hexediting, but, I can tell you that's not enough to make it match. I've got more research to do on this as it would be extremely useful to be able to edit the dd extracted files to make them match the signed files. So far, that doesn't seem possible.
Click to expand...
Click to collapse
That's too bad, I was also hoping removing the trailing zeros would work. Can you point me to a tutorial, etc where i can learn how to patch using the OTA files? thanks again.

muniz_ri said:
That's too bad, I was also hoping removing the trailing zeros would work. Can you point me to a tutorial, etc where i can learn how to patch using the OTA files? thanks again.
Click to expand...
Click to collapse
It's not quite as simple as that. There isn't a tutorial on it. I learned what I know from Matt Groff. It started with a thread here:
http://forum.xda-developers.com/showthread.php?t=1702233
But that thread isn't going to teach nearly enough to learn how to do this. It involves parsing the update scripts from the OTA to find the command they use to patch the actual partition and then converting that to a command to patch the file. So if you look at this command from install-recovery.sh:
applypatch EMMC:/dev/block/platform/msm_sdcc.1/by-name/boot:8036608:1ad324cf48a6e19fd402603477cd0ed8472ed863 EMMC:/dev/block/platform/msm_sdcc.1/by-name/recovery f4579fa7099942ec2f214cff81014b8e8b1a550f 8632576 1ad324cf48a6e19fd402603477cd0ed8472ed863:/system/recovery-from-boot.p
What that's doing is taking 8036608 bytes from the boot partition, ensuring it has a sha1 hash of 1ad324cf48a6e19fd402603477cd0ed8472ed863, patching it with the contents of the recovery-from-boot.p file, and then writing it to the recovery partition.
Each time an OTA comes out for our phones, I create signed recovery, modem, and non-hlos files using this process. Then I use the process outlined in this tutorial to create the ODIN tar md5 files that I post.

SamuriHL said:
It's not quite as simple as that. There isn't a tutorial on it. I learned what I know from Matt Groff. It started with a thread here:
http://forum.xda-developers.com/showthread.php?t=1702233
But that thread isn't going to teach nearly enough to learn how to do this. It involves parsing the update scripts from the OTA to find the command they use to patch the actual partition and then converting that to a command to patch the file. So if you look at this command from install-recovery.sh:
applypatch EMMC:/dev/block/platform/msm_sdcc.1/by-name/boot:8036608:1ad324cf48a6e19fd402603477cd0ed8472ed863 EMMC:/dev/block/platform/msm_sdcc.1/by-name/recovery f4579fa7099942ec2f214cff81014b8e8b1a550f 8632576 1ad324cf48a6e19fd402603477cd0ed8472ed863:/system/recovery-from-boot.p
What that's doing is taking 8036608 bytes from the boot partition, ensuring it has a sha1 hash of 1ad324cf48a6e19fd402603477cd0ed8472ed863, patching it with the contents of the recovery-from-boot.p file, and then writing it to the recovery partition.
Each time an OTA comes out for our phones, I create signed recovery, modem, and non-hlos files using this process. Then I use the process outlined in this tutorial to create the ODIN tar md5 files that I post.
Click to expand...
Click to collapse
Success! Thanks so much, just created my first signed odin image!

Theres two more ways the get signed images. One is using dd if=of with the right bs and count. For example, I extracted the stock signed PIT file for the S4 using
Code:
su
dd if=/dev/block/mmcblk0 of=/sdcard/sch1545.pit bs=8 count=580 skip=2176
you can see the thread and md5 comparisonhere The other method is hexediting but it was easier on 4.2.2 but still very doable on 4.3. You have to know what signatures look like though. Hexediting can also be useful for manually extracting the zimage and ramdisk from a boot.img
Sent from my SCH-I545 using XDA Premium 4 mobile app

Surge1223 said:
Theres two more ways the get signed images. One is using dd if=of with the right bs and count. For example, I extracted the stock signed PIT file for the S4 using
Code:
su
dd if=/dev/block/mmcblk0 of=/sdcard/sch1545.pit bs=8 count=580 skip=2176
you can see the thread and md5 comparisonhere The other method is hexediting but it was easier on 4.2.2 but still very doable on 4.3. You have to know what signatures look like though. Hexediting can also be useful for manually extracting the zimage and ramdisk from a boot.img
Sent from my SCH-I545 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
I'm also going to play around more with hexediting, if it will work it seems much more straightforward. Thanks again for all of the good info!

SamuriHL said:
My initial results weren't very conclusive on that. I tried it with the NON-HLOS.bin file just to see if I could make it consistent with the one I create by patching, and the results were not good. There's no way to know exactly how long to make the cut. It seems like all you do is remove the trailing 00's when hexediting, but, I can tell you that's not enough to make it match. I've got more research to do on this as it would be extremely useful to be able to edit the dd extracted files to make them match the signed files. So far, that doesn't seem possible.
Click to expand...
Click to collapse
Sam, id be glad to try hexediting the NON-HLOS.bin file and then send you the md5.
Sent from my SCH-I545 using XDA Premium 4 mobile app

Surge1223 said:
Sam, id be glad to try hexediting the NON-HLOS.bin file and then send you the md5.
Sent from my SCH-I545 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
I'll pm one to you tomorrow. I definitely am curious if you're able to md5 hash it correctly.

Pm sent. Good luck.
Sent from my SM-P600 using Tapatalk 4

SamuriHL said:
Pm sent. Good luck.
Sent from my SM-P600 using Tapatalk 4
Click to expand...
Click to collapse
How do you limit the number of bytes extracted for the mdm.bin to match the updater script's parameters? Thank you.

muniz_ri said:
How do you limit the number of bytes extracted for the mdm.bin to match the updater script's parameters? Thank you.
Click to expand...
Click to collapse
I didn't. The first signed modem bin I made was done by looking at the size in the updater script and using cygwin to copy that many bytes to a new file. From then on I just patched the previous version's modem bin and NON-HLOS bin files.
Sent from my SM-P600 using Tapatalk 4

SamuriHL said:
I didn't. The first signed modem bin I made was done by looking at the size in the updater script and using cygwin to copy that many bytes to a new file. From then on I just patched the previous version's modem bin and NON-HLOS bin files.
Sent from my SM-P600 using Tapatalk 4
Click to expand...
Click to collapse
First time quickly hexediting it I got
md5: 9616e85b765e0365e8ccd57550a715b8

Surge1223 said:
First time quickly hexediting it I got
md5: 9616e85b765e0365e8ccd57550a715b8
Click to expand...
Click to collapse
Which doesn't match the digital signature. This is what I was afraid of and what I was running into.
Sent from my SM-P600 using Tapatalk 4

SamuriHL said:
Which doesn't match the digital signature. This is what I was afraid of and what I was running into.
Sent from my SM-P600 using Tapatalk 4
Click to expand...
Click to collapse
what are you comparing the sig to?
Sent from my SCH-I545 using XDA Premium 4 mobile app

Extract files from stock firmware images

Hi,
when I still hadn't the device, I wanted to know exactly what's included in stock ROMs to have a better idea of what to expect. I hence downloaded a stock firmare and the stock system.img (see below for the steps).
Ok, so what? Well, when KK was released I decided to do the same (I was still waiting for the device), but I couldn't. Unlike before, I didn't find a single system.img, but multiple files (3 to be exact, maybe it's too big to be flashed at once with fastboot, I don't know, I'm new to this) and couldn't understand how the original image was splitted to generate those files.
Did anyone see something similar already and sucesfully merged splitted filesystems?
I know I could simply ask for a system dump (or wait for KK), but now I'm curious to know on how to do this. I tried few things but I couldn't find any way to do it. Maybe I could see how fastboot treat these files, but I wonder if anyone already knows the answer.
Anyway, here the steps to mount the system.img of our stock JB firmwares. Maybe there's an easier way, I honestly don't know. As far as I know, converting the sparge image should be enough, but I had to do more:
Code:
#Convert sparse image with simg2img
simg2img system.img system.img.raw.tmp
#UTF8 may slow down grep, switch to C
export LANG=C
#Look for the ext4 magic and calculate its position
magic=`grep -aobP -m1 '\x53\xEF' system.img.raw.tmp | head -1 | cut -d":" -f1`
offset=$(($magic-1080))
#Remove extra header with dd
dd if=system.img.raw.tmp of=system.img.raw ibs=$offset skip=1
#Remove temp file
rm system.img.raw.tmp
Now you can mount system.img.raw as a normal ext4 filesystem.

Just concatenate the three chunks together like so:
Code:
cat system.img_sparsechunk1 system.img_sparsechunk2 system.img_sparsechunk3 > system.img
Then apply the steps from the OP and voilà!
Edit: Scratch that: the image is accessible, some files are visible but others are missing. To be continued...

Darkshado said:
Just concatenate the three chunks together like so:
Code:
cat system.img_sparsechunk1 system.img_sparsechunk2 system.img_sparsechunk3 > system.img
Then apply the steps from the OP and voilà!
Edit: Scratch that: the image is accessible, some files are visible but others are missing. To be continued...
Click to expand...
Click to collapse
As you have found that doesn't work, remember that each file will have metadata headers so that may be one reason you can't just cat them together.
To OP - can't you just mount each img as a filesystem and copy all the files from each mounted filesystem to another entirely separate directory. At least that way you have all the files in one place, eg copy
/sparsechunk1/system/file1 to /newdir/system/file1
And so on.

scott_doyland said:
As you have found that doesn't work, remember that each file will have metadata headers so that may be one reason you can't just cat them together.
To OP - can't you just mount each img as a filesystem and copy all the files from each mounted filesystem to another entirely separate directory. At least that way you have all the files in one place, eg copy
/sparsechunk1/system/file1 to /newdir/system/file1
And so on.
Click to expand...
Click to collapse
Only the first chunk can be mounted, the other two are not recognized as filesystem and there's no way to mount them.
It's not as if /system was divided in three parts and then an image for each one was created, so that you can treat them as separate files (what you said would work in this case).
One image is created and then it's splitted in three in some unknown way. The first image is the one that holds the informations to access the files, the other two just pieces of files that can't be accessed without the informations in the first chunk.
mfastboot knows how to correctly copy the data from the separate images with the right offsets inside the phone so that in the end all the files can be accessed. Concatenating the files using dd using the correct offsets could maybe work, but after a few attempts I gave up.

There is method to extract files under Windows

Al936 said:
There is method to extract files under Windows
Click to expand...
Click to collapse
Any change you happen to be willing to share the contents of or principles behind `sparse2img.exe`?

HolySid said:
Any change you happen to be willing to share the contents of or principles behind `sparse2img.exe`?
Click to expand...
Click to collapse
What kind of principles you expect from me? I just posted the link to one of the method to extract all files and folders from stock firmware's system partition. The tools were not developed by me - I just informed XDA community about it. As you can see from the tread several persons already confirmed that it works.

Al936 said:
What kind of principles you expect from me? I just posted the link to one of the method to extract all files and folders from stock firmware's system partition. The tools were not developed by me - I just informed XDA community about it. As you can see from the tread several persons already confirmed that it works.
Click to expand...
Click to collapse
Oh, I'm sorry, I thought it was your work. I just want to know how to merge the system files. I know the exe is working, but I'm running Linux, so my question it is both out of curiosity and simply because I cannot run the code.

Try running it with wine or in virtual machine.
sent via tapatalk

Thanks, I managed it by using another laptop. But still, I'd rather know what happened
Sent from my XT1032 using xda app-developers app

Darkshado said:
Just concatenate the three chunks together like so:
Code:
cat system.img_sparsechunk1 system.img_sparsechunk2 system.img_sparsechunk3 > system.img
Then apply the steps from the OP and voilà!
Edit: Scratch that: the image is accessible, some files are visible but others are missing. To be continued...
Click to expand...
Click to collapse
I just replaced the first line in the OP's instructions with this to join the system.img_sparsechunk files:
Code:
simg2img system.img_sparsechunk.* system.img.raw.tmp
And then the rest worked fine. Here were the exact steps I took (I shortened it a tiny bit, but it's the same concept):
Code:
simg2img system.img_sparsechunk.* system.img.raw.tmp
offset=`LANG=C grep -aobP -m1 '\x53\xEF' system.img.raw.tmp | head -1 | awk '{print $1 - 1080}'`
dd if=system.img.raw.tmp of=system.img.raw ibs=$offset skip=1
sudo mkdir /mnt/system
sudo mount system.img.raw /mnt/system

SenorChang said:
I just replaced the first line in the OP's instructions with this to join the system.img_sparsechunk files:
Code:
simg2img system.img_sparsechunk.* system.img.raw.tmp
And then the rest worked fine. Here were the exact steps I took (I shortened it a tiny bit, but it's the same concept):
Code:
simg2img system.img_sparsechunk.* system.img.raw.tmp
offset=`LANG=C grep -aobP -m1 '\x53\xEF' system.img.raw.tmp | head -1 | awk '{print $1 - 1080}'`
dd if=system.img.raw.tmp of=system.img.raw ibs=$offset skip=1
sudo mkdir /mnt/system
sudo mount system.img.raw /mnt/system
Click to expand...
Click to collapse
It worked. Thank you!

[Q] Mod a tar.md5 into a pre-rooted one

Question for the more pro users/devs ... just crossed my mind ...
For example we have the XXDMH1 BTU (Android 4.2.2) ODIN firmware for the P3110 which can't be rooted through CF-Auto-Root - and unless the Search button failed me there's also no known "backdoor" to inject root. Therefore... taking apart the XXDMH1 to pre-root it and re-pack it for flashing ... is it _really_ as easy as (in Linux commandline terms) ...
tar xvf ~/Downloads/xxdmh1.tar.md5 -C ./xxdmh1
sudo mount ./xxdmh1/system.img -o loop -t ext4 /mnt
<extract SuperSU ZIP, inject required files into the image mounted at /mnt and adjusting file modes/permissions>
sudo umount /mnt
cd ./xxdmh1
tar cvf ../xxdmh1-rooted.tar .
cd ..
md5sum xxdma1-rooted.tar >> xxdma1-rooted.tar
mv xxdmh1-rooted.tar xxdmh1-rooted.tar.md5
... and flash with ODIN or do I look at from a completely wrong viewpoint?
Some input on the idea if that's the "magic sauce" to root the "unrootable XXDMH1 BTU" would be appreciated (in which case it could even be de-bloated from the get-go).

BoneWithABeagle said:
Question for the more pro users/devs ... just crossed my mind ...
For example we have the XXDMH1 BTU (Android 4.2.2) ODIN firmware for the P3110 which can't be rooted through CF-Auto-Root - and unless the Search button failed me there's also no known "backdoor" to inject root. Therefore... taking apart the XXDMH1 to pre-root it and re-pack it for flashing ... is it _really_ as easy as (in Linux commandline terms) ...
tar xvf ~/Downloads/xxdmh1.tar.md5 -C ./xxdmh1
sudo mount ./xxdmh1/system.img -o loop -t ext4 /mnt
<extract SuperSU ZIP, inject required files into the image mounted at /mnt and adjusting file modes/permissions>
sudo umount /mnt
cd ./xxdmh1
tar cvf ../xxdmh1-rooted.tar .
cd ..
md5sum xxdma1-rooted.tar >> xxdma1-rooted.tar
mv xxdmh1-rooted.tar xxdmh1-rooted.tar.md5
... and flash with ODIN or do I look at from a completely wrong viewpoint?
Some input on the idea if that's the "magic sauce" to root the "unrootable XXDMH1 BTU" would be appreciated (in which case it could even be de-bloated from the get-go).
Click to expand...
Click to collapse
I believe, but not sure that these files are signed and Odin will reject them if the signature is invalid. Correct me if i'm wrong, I haven't done Samsung stock firmware flashing in a while. At Sony's FTF files as example, there's no way to modify them because they are signed and cannot be flashed if the FTF is modified.

Joery360 said:
I believe, but not sure that these files are signed and Odin will reject them if the signature is invalid. Correct me if i'm wrong, I haven't done Samsung stock firmware flashing in a while.
Click to expand...
Click to collapse
I guess I'll give it a try then to see what ODIN has to tell me when trying to open a modded .tar.md5. I wasn't sure about the method itself ... it looks so ridiculously easy to mod the stock firmware (read: pre-root) it makes me wonder no one else thought about it to pre-root the XXDHM1 BTU firmware.
As for the signature: since we can flash Android Andi's various recoveries through ODIN I don't think that's a problem - or I fail to see the digital certificate when combing through the recovery tar.md5 with a hex-editor.
At Sony's FTF files as example, there's no way to modify them because they are signed and cannot be flashed if the FTF is modified.
Click to expand...
Click to collapse
Having dealt with Sony devices myself: Neppers, the FTFs are NOT signed! The only magic of a FTF is that it's a ZIP _WITHOUT_ compression. Just rename a .ftf to .ftf.zip or .zip and extract it ... you'll find the various baseband, kernel, loader, system, data, cache bits inside, all of course in Sony's highly annoying SIN file format. If you re-pack a FTF the only thing you need to be aware of is that you need to create a "store only" / "zero compression" ZIP, or flashtool will not accept the file.