Hello everyone,
I'm new to low-level Android hacking, so I guess I need some help.
What I am trying to do is getting the stock files from an LG E400, and modify 1-2 things, repack, flash, and see if it works for me.
My first step:
1) Rooting the LG E400
2) Flash CWM Recovery
3) Create a backup
4) Get boot.img from the backup.
So I have a boot.img (which I think is stock, because rooting does not modify the contents of the boot image as far as I know.)
After that, I followed this tutorial to extract the kernel and the ramdisk.
I used a hex editor for this. I saved the kernel and the ramdisk as separate files, and I tried to gunzip the ramdisk. That seemed to work. However, after that, when I try to run cpio on the file, I get a lot of "Malformed number" errors, and only two empty folders are extracted.
And that is where I'm stuck at.
Are the LG phone boot.img-s encrypted somehow? Am I doing something wrong?
If anyone can help me, I would be really grateful.
Thanks in advance
I want to modify the Saihon X6 ROM, but the system.img is different from I've ever met, they put the system.img into 8 img, now do not know how to load, don't know how to modify it, I need help, need a detailed tutorial. Thank you
ht tp://pan.baidu.com/s/1pJAvLer
if u wanna extract system.img then use dsixda kitchen.
put the img file in update original update folder then go to cygwin and choose make a working folder from rom.
it will identify your img file and then give an opt to extract it.
Hi,
I've been searching a lot and I couldn't find a way to install this particular ROM, in the format it's been given to me. I have installed custom ROMs in the past, but all of them in ZIP file format.
It's a chinese tablet, model number MZ7061H1C2W1-LFH, QuadCore 1.3Ghz, 1Gb RAM and running on Android 4.4.2.
The ROM folder contains the following files:
- database folder
- boot.img, cache.img, recovery.img, secro.img, system.img, userdata.img
- MBR, EBR1, EBR2
- lk.bin, logo.bin, preloader_mr706.bin
- MT6582_Android_scatter.txt
Now, I have found some posts about how to install a ROM with boot, recovery and system img files, but none of them say anything about the rest of the files and I know from the source that the preloader file is particularly important since it's based on the hardware specs of my tablet.
The tablet is already Rooted.
Is there any way to generate the ZIP file, or what would be the way to install it?
I appreciate any help you can provide. If you need any other information please let me know.
Thanks.
Hi,
Thanks for using XDA Assist.
I didn't find anything relating to your question, please ask here:
Android Q&A, Help & Troubleshooting
Good luck!
Hi guys, i have a question...
Is possible create a custom rom (remove vendor apps) from XXXXXXXX.tar.md5 file downloaded from sammobile and make your own tar.md5 flasheable Odin file?
For example:
Original firmware:
XXXXXX.tar.md5
1.5 Gb
Removing vendor apps:
XXXXXX_my_firm.tar.md5
800 mb
I am interested in doing this without custom recovery, not zip flashable file, and not root.
xTxMIGUELxTx said:
Hi guys, i have a question...
Is possible create a custom rom (remove vendor apps) from XXXXXXXX.tar.md5 file downloaded from sammobile and make your own tar.md5 flasheable Odin file?
For example:
Original firmware:
XXXXXX.tar.md5
1.5 Gb
Removing vendor apps:
XXXXXX_my_firm.tar.md5
800 mb
I am interested in doing this without custom recovery, not zip flashable file, and not root.
Click to expand...
Click to collapse
Yes, you can do this, but things have changed a bit since this guide was written, you'll have to do some research to see what things have changed in this process from kit kat up to the current available android version. There have been some stock security changes that this guide doesn't cover and won't work with these new securities, but you should be able to figure out how to make this work with those securities if you learn to look in the right places.
https://www.rwilco12.com/forum/showthread.php?tid=92
This will help you create the .tar, you'll just have to figure out how to make the changes you want to make. You'll mostly be working with your system.img once you get it extracted.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
So, some of you may have seen my work from the Android TV Platform, as i have done with AMLogic based devices im in the process of doing the same for MTK based devices, im making a full functional tool to disassemble and reassemble MTK firmware, suprisingly the firmware structure is very similar.
If anyone is interested in learning more about MTK firmware i made a video on manually splitting MTK dumped firmware HERE, so check it out, like and subscribe to my channel for more content!
What i have done
- Made a program to split an MTK firmware dump
- Split the ramdisk header to allow unpacking
- Unpack the kernel/recovery
- Unpack system
- Unpack cache
What i need help with?
i need the following info
- How to make an MTK scatter file manually
- How to repack the system with the proper partition length
- How to unpack logo.bin manually
- How to dump a firmware manually over USB without SP flash tool
Ive done some research already and dug in abit myself with no success, if needed i can provide code, binaries ive built etc to help with this
Ricky Divjakovski said:
So, some of you may have seen my work from the Android TV Platform, as i have done with AMLogic based devices im in the process of doing the same for MTK based devices, im making a full functional tool to disassemble and reassemble MTK firmware, suprisingly the firmware structure is very similar.
What i have done
- Made a program to split an MTK firmware dump
- Split the ramdisk header to allow unpacking
- Unpack the kernel/recovery
- Unpack system
- Unpack cache
What i need help with?
i need the following info
- How to make an MTK scatter file manually
- How to repack the system with the proper partition length
- How to unpack logo.bin manually
- How to dump a firmware manually over USB without SP flash tool
Ive done some research already and dug in abit myself with no success, if needed i can provide code, binaries ive built etc to help with this
Click to expand...
Click to collapse
Hey mate,
Ive gota fair bit of experience with Mediatek,
Scatters can be manually created using notepad +
All you have to do is lay them out correctly, i can upload a few in a zip if youd like ive got variations of scatters from
MT6572 nand & emmc 4 - 5 diff models
MT6737M emmc from 2 models
With taking a backup also i use NCK_MTK_Dongle theres a cracked version aswell that works takes all partitions and backs them up into singular .file format files which depending on the fs layout are as follows
Preloader
Uboot
Bootimg
Recovery
Secro
Logo
Tee1
Tee2
Simlock
Frp
Scatter_File.txt
Just for some examples,
I use mtk extractor to take the boot/recovery/system.imgs apart and repack but its only compatible with ext4 format, can also compile an ext4 system.img from scratch using it aswell, specifically though i use it for the boot and recoveries as its specifically designed to handle the MTK headers, also has a nice pull layout that consists of the kernel as a whole, ramdisk as a whole, boot.img boot_old.img, bootinfo.txt and then initrd folder containing the entire layout of the boot or recovery with init files and fstab etc but ive also noticed it will unpack and repack Qualcomm, SPD & samsung boot.imgs no problem also,
Unpacking your logo.bin also can be done with the program LogoBuilder lastest version that was released is 1.6 you can decompile the logo.bin edit the pictures etc then use the program to recompile it back into a logo.bin
Hope that helps you out a bit
Matty1993 said:
Hey mate,
Ive gota fair bit of experience with Mediatek,
Scatters can be manually created using notepad +
All you have to do is lay them out correctly, i can upload a few in a zip if youd like ive got variations of scatters from
MT6572 nand & emmc 4 - 5 diff models
MT6737M emmc from 2 models
With taking a backup also i use NCK_MTK_Dongle theres a cracked version aswell that works takes all partitions and backs them up into singular .file format files which depending on the fs layout are as follows
Preloader
Uboot
Bootimg
Recovery
Secro
Logo
Tee1
Tee2
Simlock
Frp
Scatter_File.txt
Just for some examples,
I use mtk extractor to take the boot/recovery/system.imgs apart and repack but its only compatible with ext4 format, can also compile an ext4 system.img from scratch using it aswell, specifically though i use it for the boot and recoveries as its specifically designed to handle the MTK headers, also has a nice pull layout that consists of the kernel as a whole, ramdisk as a whole, boot.img boot_old.img, bootinfo.txt and then initrd folder containing the entire layout of the boot or recovery with init files and fstab etc but ive also noticed it will unpack and repack Qualcomm, SPD & samsung boot.imgs no problem also,
Unpacking your logo.bin also can be done with the program LogoBuilder lastest version that was released is 1.6 you can decompile the logo.bin edit the pictures etc then use the program to recompile it back into a logo.bin
Hope that helps you out a bit
Click to expand...
Click to collapse
This info is somewhat useful, however im looking more towards a way of making a scatter file from a dumped firmware from a device, i see /proc/dumchar_info has some decent info, however some info i have no idea how its obtained
would you still be able to upload the scatter files for comparison?
As for the backup, what i wanna do is similar to what SP flash tool does, read from one memory address to another, i dont wanna use 3rd party tools either, i prefer to code them myself
I can unpack all that, and i can also repack the kernel, but the system im not sure how the size is defined, i may just recursively loop until a system.img larger than 2mb is created
Unfortunately that tool doesnt work with my logo.bin, ive tried but its pretty much a distorted image, and id like to code this myself aswell
Thank you for the info, if you can please upload those scatter files and ill keep you posted on the progress
Ricky Divjakovski said:
This info is somewhat useful, however im looking more towards a way of making a scatter file from a dumped firmware from a device, i see /proc/dumchar_info has some decent info, however some info i have no idea how its obtained
would you still be able to upload the scatter files for comparison?
As for the backup, what i wanna do is similar to what SP flash tool does, read from one memory address to another, i dont wanna use 3rd party tools either, i prefer to code them myself
I can unpack all that, and i can also repack the kernel, but the system im not sure how the size is defined, i may just recursively loop until a system.img larger than 2mb is created
Unfortunately that tool doesnt work with my logo.bin, ive tried but its pretty much a distorted image, and id like to code this myself aswell
Thank you for the info, if you can please upload those scatter files and ill keep you posted on the progress
Click to expand...
Click to collapse
Hey mate sorry for late reply im on aus time
Ahh i see what you mean now, im not to sure on how the system is defined to be honest mediatek is some what uniqe to say the least to me compared to everything else ive worked on before, ive noticed that aswell with fuzzy images in logobuilder inparticular on MT6979 the scatter though also had a very strange layout,
Speaking of which ive zipped up a few diff ones for you to use as reference, youll see some of the ways they are layed out is very different to one another as you will see defined within them,
https://drive.google.com/file/d/189H5EXS0ZqNuqn75A7ZNEOLo-Efq0T_h/view?usp=drivesdk
Ill be keen to try your tool once done aswell, are you going GUI based or Terminal command line based with it
Matty1993 said:
Hey mate sorry for late reply im on aus time
Ahh i see what you mean now, im not to sure on how the system is defined to be honest mediatek is some what uniqe to say the least to me compared to everything else ive worked on before, ive noticed that aswell with fuzzy images in logobuilder inparticular on MT6979 the scatter though also had a very strange layout,
Speaking of which ive zipped up a few diff ones for you to use as reference, youll see some of the ways they are layed out is very different to one another as you will see defined within them,
https://drive.google.com/file/d/189H5EXS0ZqNuqn75A7ZNEOLo-Efq0T_h/view?usp=drivesdk
Ill be keen to try your tool once done aswell, are you going GUI based or Terminal command line based with it
Click to expand...
Click to collapse
ah, im in aus time aswell
ill get this together one way or another, might just take a little time
it will be GUI based
Thanks for the upload!
Ricky Divjakovski said:
ah, im in aus time aswell
ill get this together one way or another, might just take a little time
it will be GUI based
Thanks for the upload!
Click to expand...
Click to collapse
All mate good to see another aussie on here
All sweet for things to work it takes time to figure out how they work first before anything is even built then debugged, completely understand im just happy to see some more MTK support happening as most of my tools are 4-5 years old for mtk so i think its great
Ill be waiting patiently cheers
Matty1993 said:
All mate good to see another aussie on here
All sweet for things to work it takes time to figure out how they work first before anything is even built then debugged, completely understand im just happy to see some more MTK support happening as most of my tools are 4-5 years old for mtk so i think its great
Ill be waiting patiently cheers
Click to expand...
Click to collapse
as i was saying most of the unpacking is done, the firmware structure is very similar to AMLogics(split the file from the start address to the file size in bytes), its pretty much just those few things i need, then repacking and i can dig into the GUI, id like to know more about how MTK droid tools creates a scatter file via ADB, it seems it uses some info from /proc/dumchar_info but that doesnt specify much, maybe the parameters are guessed???
ive attached a picture of my basic attempt to programatically create a scatter file, the highlighted lines are lines i dont know where this information comes from, nor do i know if those lines are the same for every MTK device
Ricky Divjakovski said:
as i was saying most of the unpacking is done, the firmware structure is very similar to AMLogics(split the file from the start address to the file size in bytes), its pretty much just those few things i need, then repacking and i can dig into the GUI, id like to know more about how MTK droid tools creates a scatter file via ADB, it seems it uses some info from /proc/dumchar_info but that doesnt specify much, maybe the parameters are guessed???
ive attached a picture of my basic attempt to programatically create a scatter file, the highlighted lines are lines i dont know where this information comes from, nor do i know if those lines are the same for every MTK device
Click to expand...
Click to collapse
I think mtk droid tools also pulls info from
cat proc/mounts & cat proc/partitions
Aswell as cat proc/dumchar_info as ive noticed some mtk devices even MT6737M dont have dumchar_info available if that helps a bit, some mtk structures slightly can differ also in certain areas, will your tool support UBIFS also ? Forgot to ask been trying to find a tool to dissasemble ubifs
Matty1993 said:
I think mtk droid tools also pulls info from
cat proc/mounts & cat proc/partitions
Aswell as cat proc/dumchar_info as ive noticed some mtk devices even MT6737M dont have dumchar_info available if that helps a bit, some mtk structures slightly can differ also in certain areas, will your tool support UBIFS also ? Forgot to ask been trying to find a tool to dissasemble ubifs
Click to expand...
Click to collapse
over time i can only hope the MTK community is like the amlogic community and have people send me devices for testing purposed, with AMLogic it was easy to obtain the info i needed because it resided in the firmware itself, i do however think this may be able to be done because mtk droid tools includes a feature where its able to split the firmware and create a scatter
As for ubifs, link me to the firmware and ill see what i can do, i should be able to do this
I just updated the thread with more information on how to manually split MTK dumped firmware, i will add more when i get around to it
Just an update, tools are coming along good, ive made substantial progress and upacking is done, generating the scatter file is coming together, repacking is almost done aswell, should have a release in about a week
Unpack/Repack Logo.bin https://forum.xda-developers.com/showthread.php?t=1953726
Any advancement with this?
good morning my friends I dedicate myself mainly to hardware I have some phones with dead emmc I want to change it the question the question have you worked with the preloader? For example I have the mt6592 and I want to mount the emmc (emcp) KMRX1000BM-B614 with 3gb of ram and 32gb of rom EMMC NAME: RX1BMB and it is CSD rev: 1.8 (MMC 5.1) it cannot be changed in name, who could edit the preloader.bin