I've been running Linux (debian/ubuntu based on rabits's stuff) on my tablet, with no ability to (easily) boot Android, for a few months now.
My System partition still has 9.4.5.26 on it, and I'd like to reinstall a 9.4.5.26 kernel, without wiping my System partition, so I can switch back to Android.
I've (I think) extracted a kernel image and a ramdisk image from a 9.4.5.26 install image, and I'm trying to create a install image containing just the kernel and ramdisk, and copy it to the Staging partition with dd.
I've created a Makefile to create the blobfile, and (seemingly) successfully created the blobfile, but after I do the dd, and reboot, debian/ubuntu boots as usual, instead of some kind of install process.
I've included the Makefile that I'm using below.
Any idea what I'm doing wrong, or what's wrong with my expectations?
Something I have yet to try is an alternative to dd (such as fastboot or nvflash)
Also, maybe I'd have better luck trying to create something that I could install from TWRP.
Code:
kern = zImage
bootimg_filename = boot.img
blobpack = ./blobpack
blob_img = blob.LNX
recovery_part = /dev/mmcblk0p4
$(bootimg_filename) : initrd.img $(kern)
abootimg --create $(bootimg_filename) -k $(kern) -r initrd.img
blob.LNX: $(bootimg_filename)
$(blobpack) blob.LNX LNX $(bootimg_filename)
install.dd:
dd if=$(blob_img) of=$(recovery_part)
bsammon said:
I've been running Linux (debian/ubuntu based on rabits's stuff) on my tablet, with no ability to (easily) boot Android, for a few months now.
My System partition still has 9.4.5.26 on it, and I'd like to reinstall a 9.4.5.26 kernel, without wiping my System partition, so I can switch back to Android.
I've (I think) extracted a kernel image and a ramdisk image from a 9.4.5.26 install image, and I'm trying to create a install image containing just the kernel and ramdisk, and copy it to the Staging partition with dd.
I've created a Makefile to create the blobfile, and (seemingly) successfully created the blobfile, but after I do the dd, and reboot, debian/ubuntu boots as usual, instead of some kind of install process.
I've included the Makefile that I'm using below.
Any idea what I'm doing wrong, or what's wrong with my expectations?
Something I have yet to try is an alternative to dd (such as fastboot or nvflash)
Also, maybe I'd have better luck trying to create something that I could install from TWRP.
Code:
kern = zImage
bootimg_filename = boot.img
blobpack = ./blobpack
blob_img = blob.LNX
recovery_part = /dev/mmcblk0p4
$(bootimg_filename) : initrd.img $(kern)
abootimg --create $(bootimg_filename) -k $(kern) -r initrd.img
blob.LNX: $(bootimg_filename)
$(blobpack) blob.LNX LNX $(bootimg_filename)
install.dd:
dd if=$(blob_img) of=$(recovery_part)
Click to expand...
Click to collapse
So you just want to install what you have made to your staging partition, so on next boot the tablet will install it on your tablet is that right??
bsammon said:
Any idea what I'm doing wrong, or what's wrong with my expectations?
Click to expand...
Click to collapse
Maybe your blob is missing the signature header. Read my kernel repacking guide here:
http://forum.xda-developers.com/showpost.php?p=36925180&postcount=4
Why is your extracted kernel separated in zImage and ramdisk? After unpacking the 9.4.5.26 blob, you should get blob.LNX directly without needing to recombine with abootimg.
_that said:
Maybe your blob is missing the signature header. Read my kernel repacking guide here:
http://forum.xda-developers.com/showpost.php?p=36925180&postcount=4
Click to expand...
Click to collapse
Yes! -- that was it -- after two tries, I got a working Makefile.
_that said:
Why is your extracted kernel separated in zImage and ramdisk? After unpacking the 9.4.5.26 blob, you should get blob.LNX directly without needing to recombine with abootimg.
Click to expand...
Click to collapse
Well, doing things the (somewhat) harder way is more educational, and I end up with a makefile that I can reuse for kernels and ramdisks that I make/modify myself.
If anyone's interested, here's the Makefile that I ended up with:
Code:
kern = zImage
bootimg_filename = boot.img
blobpack = ./blobpack
unsigned_blob = blob.LNX.in
signature = blob.sign
blob_img = blob.LNX
staging_part = /dev/mmcblk0p4
$(bootimg_filename) : initrd.img $(kern)
abootimg --create $(bootimg_filename) -k $(kern) -r initrd.img
$(unsigned_blob): $(bootimg_filename)
$(blobpack) $(unsigned_blob) LNX $(bootimg_filename)
$(signature):
echo -n "-SIGNED-BY-SIGNBLOB-" > $(signature)
dd if=/dev/zero bs=1 count=8 >> $(signature)
$(blob_img): $(signature) $(unsigned_blob)
cat $(signature) $(unsigned_blob) > $(blob_img)
install.dd:
dd if=$(blob_img) of=$(staging_part)
Related
Could someone point me to some instructions on how to unpack, modify, and repack a boot.blob out of a kernel?
I'm trying to update bryce's kernel to use Data2SD mod, and I'm following the instructions from here:
http://forum.xda-developers.com/showpost.php?p=29532041&postcount=15
However, I tried unpacking and repacking without even modifying anything and I just get bootlooped.
Read this: http://forum.xda-developers.com/showpost.php?p=36925180&postcount=4
Do you want to use the Data2SD mod with CM or with CROMI? For CROMI I posted a kernel with auto-detection of Data2SD in bryce's thread - only for CM you'd have to do it yourself.
Thanks for the help. I actually just figured out a different way right before seeing your reply. I use blobpack and blobunpack from BlobTools git, and abootimg installed from Ubuntu repository. This script has the extracted bryce kernel zip in a directory called result, so I overwrite his boot.blob with my new one.
Code:
#!/bin/bash
#Clean:
rm out boot.img new_boot.img boot2.blob linux_processed.zip -r
mkdir -p out
echo;echo "**** Unpacking boot.blob to boot.img";echo
cp result/boot.blob .
../linux/blobunpack boot.blob
mv boot.blob.LNX boot.img
cd out
# now in out
echo;echo "**** Unpacking boot.img";echo
abootimg -x ../boot.img
#zcat initramfs|cpio -tiv
echo;echo "**** Extracting initrd.img";echo
mkdir -p initramfs
cp initrd.img initramfs/initramfs.gz
mv initrd.img old_initrd.img
cd initramfs
# now in old/initramfs
gzip -d initramfs.gz
cpio -i < initramfs
echo;echo "**** Modifying boot information";echo
perl -pi -e 's/mmcblk0p2/mmcblk1p3/g' *
perl -pi -e 's/mmcblk0p8/mmcblk1p2/g' *
echo;echo "**** Recompressing initrd.img";echo
find | cpio -H newc -o | lzma -9 > ../initrd.img
cd ..
# now in out
echo;echo "**** Creating new_boot.img";echo
abootimg --create ../new_boot.img -f bootimg.cfg -k zImage -r initrd.img
cd ..
#now out of out
echo;echo "**** Pack boot2.blob";echo
../linux/blobpack boot2.blob LNX new_boot.img
cp boot2.blob result/boot.blob
cd result
echo;echo "**** Zip it all up";echo
zip ../linux_processed.zip * -r
cd ..
I am trying to get bryce's CM10.1 kernel working with Data2SD. I thought all I needed to do was change the mount commands in fstab.cardhu so that data (and I'm trying to do cache too) moved to external partitions.
Those perl pie commands in the middle were supposed to change internal data partition and internal cache partition into the external SD card partition 2 and 3, respectively. As far as I can tell, the changes were made correctly and the blob and zip were re-created, but it didn't work when I booted with the new blob.
Any ideas why it doesn't seem to have worked? Are there other changes I'm missing?
Edit:
Looks like my boot.blob is not being applied. I've tried both flashing the zip and dd'ing it to mmcblk0p4, but in both cases, I do not get the bootloader update screen on reboot, it just boots straight into my old settings. What am I missing?
Edit again:
Oops, I had stopped adding the signature on the blobs for some reason, looks like I'm off a few steps, because now I get bootloops again.
AW: [Q] Need help modifying boot blob
oblib__ said:
Thanks for the help. I actually just figured out a different way right before seeing your reply. I use blobpack and blobunpack from BlobTools git, and abootimg installed from Ubuntu repository. This script has the extracted bryce kernel zip in a directory called result, so I overwrite his boot.blob with my new one.
Code:
#!/bin/bash
#Clean:
rm out boot.img new_boot.img boot2.blob linux_processed.zip -r
mkdir -p out
echo;echo "**** Unpacking boot.blob to boot.img";echo
cp result/boot.blob .
../linux/blobunpack boot.blob
mv boot.blob.LNX boot.img
cd out
# now in out
echo;echo "**** Unpacking boot.img";echo
abootimg -x ../boot.img
#zcat initramfs|cpio -tiv
echo;echo "**** Extracting initrd.img";echo
mkdir -p initramfs
cp initrd.img initramfs/initramfs.gz
mv initrd.img old_initrd.img
cd initramfs
# now in old/initramfs
gzip -d initramfs.gz
cpio -i < initramfs
echo;echo "**** Modifying boot information";echo
perl -pi -e 's/mmcblk0p2/mmcblk1p3/g' *
perl -pi -e 's/mmcblk0p8/mmcblk1p2/g' *
echo;echo "**** Recompressing initrd.img";echo
find | cpio -H newc -o | lzma -9 > ../initrd.img
cd ..
# now in out
echo;echo "**** Creating new_boot.img";echo
abootimg --create ../new_boot.img -f bootimg.cfg -k zImage -r initrd.img
cd ..
#now out of out
echo;echo "**** Pack boot2.blob";echo
../linux/blobpack boot2.blob LNX new_boot.img
cp boot2.blob result/boot.blob
cd result
echo;echo "**** Zip it all up";echo
zip ../linux_processed.zip * -r
cd ..
I am trying to get bryce's CM10.1 kernel working with Data2SD. I thought all I needed to do was change the mount commands in fstab.cardhu so that data (and I'm trying to do cache too) moved to external partitions.
Those perl pie commands in the middle were supposed to change internal data partition and internal cache partition into the external SD card partition 2 and 3, respectively. As far as I can tell, the changes were made correctly and the blob and zip were re-created, but it didn't work when I booted with the new blob.
Any ideas why it doesn't seem to have worked? Are there other changes I'm missing?
Edit:
Looks like my boot.blob is not being applied. I've tried both flashing the zip and dd'ing it to mmcblk0p4, but in both cases, I do not get the bootloader update screen on reboot, it just boots straight into my old settings. What am I missing?
Edit again:
Oops, I had stopped adding the signature on the blobs for some reason, looks like I'm off a few steps, because now I get bootloops again.
Click to expand...
Click to collapse
I had a hard time getting this done too. I couldn't find working blob tools at first. So I ended up using blob tools for windows. They also sign them directly. But I am also running Ubuntu in a vm
Sent from my Nexus 4 using xda premium
Here I consolidate the custom tools necessary to unpack, modify, repack and loki your JB 4.2.2 ROM zip boot.img!
These Windows/cygwin tools invoke the djrbliss loki bootloader exploit for your rooted SGS4!
See my Instructional Demo below! Results are tested working on my AT&T SGH-I337 running Liquid Smooth v2.8 (JB 4.2.2) and TWRP Recovery 2.5.0.2.
SGS4 Boot Image Toolset (sgs4-boot-tools.zip): http://www.mediafire.com/?6sp3pp33lxgm3ua
Contents
Executive shell script: modify-boot-sgs4.sh to unpack boot image to kernel and ramdisk, thus enabling user to modify boot image
Perl scripts: unpack-bootimg-sgs4.pl and repack-bootimg-sgs4.pl
mkbootimg.exe (make boot image from kernel and ramdisk)
loki-boot directory with ROM-like directory structure --- contains all files needed to “loki” your boot.img
The loki-boot directory also contains two boot files: boot-ref.img (extracted directly from Liquid Smooth ROM zip) and a modified boot.img (generated using the Instructional Demo further below).
My custom repack-bootimg-sgs4.pl invokes the following command string:
./mkbootimg.exe --cmdline 'androidboot.hardware=qcom user_debug=31 zcache' --base 0x80200000 --kernel boot.img-kernel --ramdisk ramdisk-repack.cpio.gz -o $boot-repack.img
Detail:
--cmdline 'androidboot.hardware=qcom user_debug=31 zcache' (command line tellback from unpack-bootimg-sgs4.pl)
--base 0x80200000 (from Liquid Smooth /proc/config.gz: CONFIG_PHYS_OFFSET=0x80200000)
--kernel $boot.img-kernel (ROM kernel file)
--ramdisk ramdisk-repack.cpio.gz (gzipped cpio of/ramdisk)
-o $boot-repack.img (output file)
Click to expand...
Click to collapse
Preliminaries
If you don’t have cygwin, you can download it here: http://www.cygwin.com/ and install.
Cygwin packages installed on my XP workstation are shown below. You probably don’t need all of them, though I believe many come with the base cygwin.
But you definitely need perl
Code:
$ cygcheck -c
Cygwin Package Information
Package Version Status
_autorebase 000199-1 OK
_update-info-dir 01102-1 OK
alternatives 1.3.30c-10 OK
base-cygwin 3.1-1 OK
base-files 4.1-1 OK
bash 4.1.10-4 OK
bzip2 1.0.6-2 OK
coreutils 8.15-1 OK
cpio 2.11-2 OK
crypt 1.2-1 OK
cygutils 1.4.10-2 OK
cygwin 1.7.17-1 OK
cygwin-doc 1.7-1 OK
dash 0.5.7-1 OK
diffutils 3.2-1 OK
dos2unix 6.0.3-1 OK
editrights 1.01-2 OK
file 5.11-1 OK
findutils 4.5.9-2 OK
gawk 4.0.2-1 OK
gettext 0.18.1.1-2 OK
grep 2.6.3-1 OK
groff 1.21-2 OK
gzip 1.4-1 OK
ipc-utils 1.0-1 OK
less 444-1 OK
libattr1 2.4.46-1 OK
libbz2_1 1.0.6-2 OK
libdb4.5 4.5.20.2-3 OK
libexpat1 2.1.0-1 OK
libgcc1 4.5.3-3 OK
libgdbm4 1.8.3-20 OK
libgmp3 4.3.2-1 OK
libiconv2 1.14-2 OK
libintl8 0.18.1.1-2 OK
liblzma5 5.0.2_20110517-1 OK
libncurses10 5.7-18 OK
libncursesw10 5.7-18 OK
libopenssl100 1.0.1c-2 OK
libpcre0 8.21-2 OK
libpopt0 1.6.4-4 OK
libreadline7 6.1.2-3 OK
libsigsegv2 2.10-1 OK
libssp0 4.5.3-3 OK
libstdc++6 4.5.3-3 OK
libxml2 2.9.0-1 OK
login 1.10-10 OK
man 1.6g-1 OK
mintty 1.1.2-1 OK
perl 5.14.2-3 OK
perl_vendor 5.14.2-3 OK
rebase 4.4.0-1 OK
run 1.1.13-1 OK
sed 4.2.1-2 OK
tar 1.26-1 OK
terminfo 5.7_20091114-14 OK
texinfo 4.13-4 OK
tzcode 2012j-1 OK
vim 7.3.762-1 OK
vim-common 7.3.762-1 OK
which 2.20-2 OK
xxd 7.3.762-1 OK
xz 5.0.2_20110517-1 OK
zlib0 1.2.7-1 OK
Instructional Demo
1. Boot SGS4 to recovery and Nandroid backup existing ROM for peace of mind
2. (One time) Create a cygwin working directory (e.g. ~/cygwin/home/modify-boot-sgs4) and unzip the SGS4 Boot Image Toolset files to it
3. On Windows, extract ROM boot.img (e.g. from Liquid-JB-v2.8-OFFICIAL-jflteatt.zip) and place boot.img in cygwin working directory.
4. Launch cygwin command window in working directory and enter script command:
sh modify-boot-sgs4.sh boot.img (produces ramdisk directory: boot.img-ramdisk/)
CNTL-C out of shell script and back to cygwin prompt.
5. Edit boot.img-ramdisk/default.prop, set: ro.secure=0 and save and close.
Note: The setting: ro.secure=0 instructs Android to grant root to ADB so user does not have to keep entering “su” at the beginning of each ADB session.
6. At cygwin terminal enter:
perl repack-bootimg-sgs4.pl boot.img
This yields boot-repack.img.
Here’s a dump of my cygwin session…
Code:
[email protected] /home
$ mkdir modify-boot-sgs4
[email protected] /home
$ cd modify-boot-sgs4
[email protected] /home/modify-boot-sgs4
$ pwd
/home/modify-boot-sgs4
[email protected] /home/modify-boot-sgs4
$ sh modify-boot-sgs4.sh boot.img
Unpack/Repack SGS4 ROM Boot Image
Initial Release (14 Jul 2013)
sendust7 @ xda developers
Current directory: /home/modify-boot-sgs4
Unpacking boot image...
Page size: 2048 (0x00000800)
Kernel size: 4961224 (0x004bb3c8)
Ramdisk size: 488535 (0x00077457)
Second size: 0 (0x00000000)
Board name:
Command line: androidboot.hardware=qcom user_debug=31 zcache
Writing boot.img-kernel ... complete.
Writing boot.img-ramdisk.gz ... complete.
Unzipping: boot.img-ramdisk.gz to boot.img-ramdisk
1708 blocks
Press ENTER to repack boot image or CNTL C to exit (and modify ramdisk offline):
[COLOR="Blue"](Modify /ramdisk/default.prop then resume cygwin session)[/COLOR]
[email protected] /home/modify-boot-sgs4
$ perl repack-bootimg-sgs4.pl boot.img
find . | cpio -o -H newc | gzip > /home/modify-boot-sgs4/ramdisk-repack.cpio.gz
1708 blocks
./mkbootimg.exe --cmdline 'androidboot.hardware=qcom user_debug=31 zcache' --base 0x80200000 --kernel boot.img-kernel --ramdisk ramdisk-repack.cpio.gz -o boot-repack.img
Repacked boot image written to boot-repack.img
[email protected] /home/modify-boot-sgs4
$
7. Exit cygwin and drop boot-repack.img into loki-boot directory and rename to boot.img. Then 7-zip contents of loki-boot directory to loki-boot.zip (CNTL-A (Select All) then right-click > 7-zip > Add to “loki-boot.zip”).
8. Connect SGS4 to your ADB-enabled computer, then
adb push loki-boot.zip /external_sd/Download (or your favorite flash directory)
9. Boot to recovery and flash loki-boot.zip (takes a few seconds)
10. Reboot system and achieve “pre-rooted” ADB sessions on Liquid Smooth!
C:\Program Files\Android\android-sdk\platform-tools>adb kill-server
C:\Program Files\Android\android-sdk\platform-tools>adb shell
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
[email protected]:/ #
Click to expand...
Click to collapse
BTW here's a nice little app: https://play.google.com/store/apps/details?id=com.siriusapplications.quickboot&hl=en
With Quick Boot, you can reboot to recovery via soft key, which is easier than booting to recovery from cold start.
Blessings. Enjoy!
Credits:
djrbliss @ xda developers and other contributors for the loki exploit: https://github.com/djrbliss/loki)
William Enck (split_bootimg): http://www.enck.org/
Android Development Team (Unpack, Edit, Repack Boot Images): http://www.android-dls.com/wiki/?title=HOWTO:_Unpack,_Edit,_and_Re-Pack_Boot_Images
Cygwin Project Team: http://cygwin.com/who.html
sendust7 said:
If you don’t have cygwin, you can
Click to expand...
Click to collapse
use native Linux
svs57 said:
use native Linux
Click to expand...
Click to collapse
L.O.L, I totally agree
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=10
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT
C:\wubildr.mbr="Ubuntu"
Click to expand...
Click to collapse
But my past experience is that most users prefer Windows
I am not sure, but I don't think this will work on a fresh install of Cygwin. When i installed cygwin i selected "all" for packages. The directory structure does not match your script, /bin is not under /usr but in the root of cygwin directory. Also, i checked the installed packages, many are missing, and when i search cygwin.com for the missing, i cant find quite a few. Im new to cygwin, as in this op, but not new to software. i tried several boot.img (4.3) thinking it might be the image, but it was a strech and all failed the same. I dont find the .dll your script is looking for, so the error is correct.
I get this error:
$ sh modify-boot-sgs4.sh boot.img
Unpack/Repack SGS4 ROM Boot Image
Initial Release (14 Jul 2013)
sendust7 @ xda developers
Current directory: /home/modify-boot-sg4
Unpacking boot image...
/usr/bin/perl.exe: error while loading shared libraries: cygssp-0.dll: cannot open shared object file: No such file or directory
UPDATE: well I went through the cygwin install/update again and after searching for each package you listed, installing everything associated with each package, your scripts WORK. I have unpacked/edited/repacked and loaded. ADB as root......profit
Thanks for this
Thanks
sendust7 said:
Here I consolidate the custom tools necessary to unpack, modify, repack and loki your JB 4.2.2 ROM zip boot.img!
These Windows/cygwin tools invoke the djrbliss loki bootloader exploit for your rooted SGS4!
See my Instructional Demo below! Results are tested working on my AT&T SGH-I337 running Liquid Smooth v2.8 (JB 4.2.2) and TWRP Recovery 2.5.0.2.
SGS4 Boot Image Toolset (sgs4-boot-tools.zip): http://www.mediafire.com/?6sp3pp33lxgm3ua
Contents
Executive shell script: modify-boot-sgs4.sh to unpack boot image to kernel and ramdisk, thus enabling user to modify boot image
Perl scripts: unpack-bootimg-sgs4.pl and repack-bootimg-sgs4.pl
mkbootimg.exe (make boot image from kernel and ramdisk)
loki-boot directory with ROM-like directory structure --- contains all files needed to “loki” your boot.img
The loki-boot directory also contains two boot files: boot-ref.img (extracted directly from Liquid Smooth ROM zip) and a modified boot.img (generated using the Instructional Demo further below).
My custom repack-bootimg-sgs4.pl invokes the following command string:
Preliminaries
If you don’t have cygwin, you can download it here: http://www.cygwin.com/ and install.
Cygwin packages installed on my XP workstation are shown below. You probably don’t need all of them, though I believe many come with the base cygwin.
But you definitely need perl
Code:
$ cygcheck -c
Cygwin Package Information
Package Version Status
_autorebase 000199-1 OK
_update-info-dir 01102-1 OK
alternatives 1.3.30c-10 OK
base-cygwin 3.1-1 OK
base-files 4.1-1 OK
bash 4.1.10-4 OK
bzip2 1.0.6-2 OK
coreutils 8.15-1 OK
cpio 2.11-2 OK
crypt 1.2-1 OK
cygutils 1.4.10-2 OK
cygwin 1.7.17-1 OK
cygwin-doc 1.7-1 OK
dash 0.5.7-1 OK
diffutils 3.2-1 OK
dos2unix 6.0.3-1 OK
editrights 1.01-2 OK
file 5.11-1 OK
findutils 4.5.9-2 OK
gawk 4.0.2-1 OK
gettext 0.18.1.1-2 OK
grep 2.6.3-1 OK
groff 1.21-2 OK
gzip 1.4-1 OK
ipc-utils 1.0-1 OK
less 444-1 OK
libattr1 2.4.46-1 OK
libbz2_1 1.0.6-2 OK
libdb4.5 4.5.20.2-3 OK
libexpat1 2.1.0-1 OK
libgcc1 4.5.3-3 OK
libgdbm4 1.8.3-20 OK
libgmp3 4.3.2-1 OK
libiconv2 1.14-2 OK
libintl8 0.18.1.1-2 OK
liblzma5 5.0.2_20110517-1 OK
libncurses10 5.7-18 OK
libncursesw10 5.7-18 OK
libopenssl100 1.0.1c-2 OK
libpcre0 8.21-2 OK
libpopt0 1.6.4-4 OK
libreadline7 6.1.2-3 OK
libsigsegv2 2.10-1 OK
libssp0 4.5.3-3 OK
libstdc++6 4.5.3-3 OK
libxml2 2.9.0-1 OK
login 1.10-10 OK
man 1.6g-1 OK
mintty 1.1.2-1 OK
perl 5.14.2-3 OK
perl_vendor 5.14.2-3 OK
rebase 4.4.0-1 OK
run 1.1.13-1 OK
sed 4.2.1-2 OK
tar 1.26-1 OK
terminfo 5.7_20091114-14 OK
texinfo 4.13-4 OK
tzcode 2012j-1 OK
vim 7.3.762-1 OK
vim-common 7.3.762-1 OK
which 2.20-2 OK
xxd 7.3.762-1 OK
xz 5.0.2_20110517-1 OK
zlib0 1.2.7-1 OK
Instructional Demo
1. Boot SGS4 to recovery and Nandroid backup existing ROM for peace of mind
2. (One time) Create a cygwin working directory (e.g. ~/cygwin/home/modify-boot-sgs4) and unzip the SGS4 Boot Image Toolset files to it
3. On Windows, extract ROM boot.img (e.g. from Liquid-JB-v2.8-OFFICIAL-jflteatt.zip) and place boot.img in cygwin working directory.
4. Launch cygwin command window in working directory and enter script command:
sh modify-boot-sgs4.sh boot.img (produces ramdisk directory: boot.img-ramdisk/)
CNTL-C out of shell script and back to cygwin prompt.
5. Edit boot.img-ramdisk/default.prop, set: ro.secure=0 and save and close.
Note: The setting: ro.secure=0 instructs Android to grant root to ADB so user does not have to keep entering “su” at the beginning of each ADB session.
6. At cygwin terminal enter:
perl repack-bootimg-sgs4.pl boot.img
This yields boot-repack.img.
Here’s a dump of my cygwin session…
Code:
[email protected] /home
$ mkdir modify-boot-sgs4
[email protected] /home
$ cd modify-boot-sgs4
[email protected] /home/modify-boot-sgs4
$ pwd
/home/modify-boot-sgs4
[email protected] /home/modify-boot-sgs4
$ sh modify-boot-sgs4.sh boot.img
Unpack/Repack SGS4 ROM Boot Image
Initial Release (14 Jul 2013)
sendust7 @ xda developers
Current directory: /home/modify-boot-sgs4
Unpacking boot image...
Page size: 2048 (0x00000800)
Kernel size: 4961224 (0x004bb3c8)
Ramdisk size: 488535 (0x00077457)
Second size: 0 (0x00000000)
Board name:
Command line: androidboot.hardware=qcom user_debug=31 zcache
Writing boot.img-kernel ... complete.
Writing boot.img-ramdisk.gz ... complete.
Unzipping: boot.img-ramdisk.gz to boot.img-ramdisk
1708 blocks
Press ENTER to repack boot image or CNTL C to exit (and modify ramdisk offline):
[COLOR="Blue"](Modify /ramdisk/default.prop then resume cygwin session)[/COLOR]
[email protected] /home/modify-boot-sgs4
$ perl repack-bootimg-sgs4.pl boot.img
find . | cpio -o -H newc | gzip > /home/modify-boot-sgs4/ramdisk-repack.cpio.gz
1708 blocks
./mkbootimg.exe --cmdline 'androidboot.hardware=qcom user_debug=31 zcache' --base 0x80200000 --kernel boot.img-kernel --ramdisk ramdisk-repack.cpio.gz -o boot-repack.img
Repacked boot image written to boot-repack.img
[email protected] /home/modify-boot-sgs4
$
7. Exit cygwin and drop boot-repack.img into loki-boot directory and rename to boot.img. Then 7-zip contents of loki-boot directory to loki-boot.zip (CNTL-A (Select All) then right-click > 7-zip > Add to “loki-boot.zip”).
8. Connect SGS4 to your ADB-enabled computer, then
adb push loki-boot.zip /external_sd/Download (or your favorite flash directory)
9. Boot to recovery and flash loki-boot.zip (takes a few seconds)
10. Reboot system and achieve “pre-rooted” ADB sessions on Liquid Smooth!
BTW here's a nice little app: https://play.google.com/store/apps/details?id=com.siriusapplications.quickboot&hl=en
With Quick Boot, you can reboot to recovery via soft key, which is easier than booting to recovery from cold start.
Blessings. Enjoy!
Credits:
djrbliss @ xda developers and other contributors for the loki exploit: https://github.com/djrbliss/loki)
William Enck (split_bootimg): http://www.enck.org/
Android Development Team (Unpack, Edit, Repack Boot Images): http://www.android-dls.com/wiki/?title=HOWTO:_Unpack,_Edit,_and_Re-Pack_Boot_Images
Cygwin Project Team: http://cygwin.com/who.html
Click to expand...
Click to collapse
Hi,
When I understand more I can't wait to revisit this instruction. But I love that it's here for me.
Ms. K:angel:
nevermind
nevermind
hello
Hi! I'm trying...but my ramdisk folder remains empty!
dump:
$ sh modify-boot-sgs4.sh boot.img
Unpack/Repack SGS4 ROM Boot Image
Initial Release (14 Jul 2013)
sendust7 @ xda developers
Current directory: /cygdrive/c/cygwin64/home/modify-boot-sgs4
Unpacking boot image...
Page size: 2048 (0x00000800)
Kernel size: 7157864 (0x006d3868)
Ramdisk size: 1142288 (0x00116e10)
Second size: 0 (0x00000000)
Board name:
Command line: console=null androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x3F ehci-hcd.park=3
Writing boot.img-kernel ... complete.
Writing boot.img-ramdisk.gz ... complete.
Unzipping: boot.img-ramdisk.gz to boot.img-ramdisk
modify-boot-sgs4.sh: line 23: cpio: command not found
_____________________________________________________
I'm doing this on 4.3 MJ7 I9505 kernel.
I assume I can unzip myself boot.img-ramdisk.gz, right?
ocaldini said:
Hi! I'm trying...but my ramdisk folder remains empty!
dump:
$ sh modify-boot-sgs4.sh boot.img
Unpack/Repack SGS4 ROM Boot Image
Initial Release (14 Jul 2013)
sendust7 @ xda developers
Current directory: /cygdrive/c/cygwin64/home/modify-boot-sgs4
Unpacking boot image...
Page size: 2048 (0x00000800)
Kernel size: 7157864 (0x006d3868)
Ramdisk size: 1142288 (0x00116e10)
Second size: 0 (0x00000000)
Board name:
Command line: console=null androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x3F ehci-hcd.park=3
Writing boot.img-kernel ... complete.
Writing boot.img-ramdisk.gz ... complete.
Unzipping: boot.img-ramdisk.gz to boot.img-ramdisk
modify-boot-sgs4.sh: line 23: cpio: command not found
_____________________________________________________
I'm doing this on 4.3 MJ7 I9505 kernel.
I assume I can unzip myself boot.img-ramdisk.gz, right?
Click to expand...
Click to collapse
Make sure you install the cpio packages for cygwin.
You can install additional packages by running the setup/install again.
You can also search for cpio via the search bar at the top left when presented with the list of packages.
Hope that helps.
Hello
Can anyone tell what is wrong? it keeps saying its doing it, but it does nothing...
[email protected] ~
$ cd modify-boot-sgs4
[email protected] ~/modify-boot-sgs4
$ pwd
/home/Home/modify-boot-sgs4
[email protected] ~/modify-boot-sgs4
$ sh modify-boot-sgs4.sh boot.img
Unpack/Repack SGS4 ROM Boot Image
Initial Release (14 Jul 2013)
sendust7 @ xda developers
Current directory: /home/Home/modify-boot-sgs4
Unpacking boot image...
Page size: 2048 (0x00000800)
Kernel size: 7195952 (0x006dcd30)
Ramdisk size: 1144962 (0x00117882)
Second size: 0 (0x00000000)
Board name:
Command line: console=null androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x3F ehci-hcd.park=3
Writing boot.img-kernel ... complete.
Writing boot.img-ramdisk.gz ... complete.
Directory: boot.img-ramdisk already exists
Press ENTER to repack boot image or CNTL-C to exit (and modify ramdisk offline):
Repacking boot image...
find . | cpio -o -H newc | gzip > /home/Home/modify-boot-sgs4/ramdisk-repack.cpio.gz
4560 blocks
./mkbootimg.exe --cmdline 'androidboot.hardware=qcom user_debug=31 zcache' --base 0x80200000 --kernel boot.img-kernel --ramdisk ramdisk-repack.cpio.gz -o boot-repack.img
sh: ./mkbootimg.exe: Permission denied
Althoug, now it is telling me Permission Denied, I don't know why, or how to change that in windows 7, but it wasn't giving me any errors before, it just wasn't writing the image
lijojohnson said:
Make sure you install the cpio packages for cygwin.
You can install additional packages by running the setup/install again.
You can also search for cpio via the search bar at the top left when presented with the list of packages.
Hope that helps.
Click to expand...
Click to collapse
Thank you, you helped me a lot! It worked!
Oh, when I searched for cpio I had to click on "default" ( and select "install" on the windows before clicking "advance"), to install it properly!
A VERY IMPORTANT INFORMATION:
I was trying with Cygwin 64 bit and I had problem repacking it.
I found out mkbootimg only works on Linux 32 bits.
So it is necessary to use Cygwin 32 bit version!
Finally it worked! Thanks a lot!
---------- Post added at 04:09 AM ---------- Previous post was at 03:18 AM ----------
Yeah, I did that...same result...the problem is with permissions, when I run it in compatibility mode, it tells me permission denied. I'm suspecting
it is a Windows 7 problem, mkbootimg.exe is saying permission denied. I appreciate the answer though. maybe an antivirus program is blocking it or something. my cygwin icon is showing the security essentials icon on it for some reason...i dunno, i'll research it some more and figure it out when I have time, thanks again
Keithgordon said:
Yeah, I did that...same result...the problem is with permissions, when I run it in compatibility mode, it tells me permission denied. I'm suspecting
it is a Windows 7 problem, mkbootimg.exe is saying permission denied. I appreciate the answer though. maybe an antivirus program is blocking it or something. my cygwin icon is showing the security essentials icon on it for some reason...i dunno, i'll research it some more and figure it out when I have time, thanks again
Click to expand...
Click to collapse
I'm doing this on windows 8.1 64bit with cygwin 32 bits. It works. I don't use antivirus, turn off security essentials and other system protecting programs, I'm sure you will do it.
Try it with boot.img from I9505 International , unpack and repack without problem , flash it and phone restart and vibrate constantly.
Any ideas how to fix this problem ?
Hello,
I am facing error when flashing image on Xperia Z3. I rooted the device using the link posted on "theunlockr.com"
Now, I am trying to flash a new image on the device. I am extracting the exisiting image from the device, modifying the init.rc file and repacking the image (myboot.img) and then flashing it using fastboot method. This is when it gives me this error.
When I flash the original image that I extracted, it works fine.
I tried following methods: -
1. Changing init.rc file and repacking the .img file and flashing it
When I extract initrd.img (using abootimg), it shows me only these files ( I usually find init.rc file when I extract initrd.img but not in this device, is this expected?): -
- XZ3-AdvStkKernel_DooMLoRD_ramdisk.gz
- logo.rle
- init (linking to sbin/init.sh)
- sbin/bootrec-device
- sbin/ramdisk-recovery-cwm.cpio
- sbin/busybox
- sbin/ramdisk.cpio
- sbin/init.sh
I extracted sbin/ramdisk.cpio file to get the init.rc file using the command: -
cpio -idmv < ramdisk.cpio
After modifying the init.rc file, I repacked the cpio file using the command: -
ls | cpio -ov > ramdisk.cpio
I made sure that none of the extra stuff was not there in the folder before repacking the cpio file.
Now that my ramdisk.cpio file is updated, I created new image using the command: -
find . | cpio -o -H newc | gzip -9 > ../newramdisk.cpio.gz
and created myboot.img using abootimg
When I flashed this image file, I get the "dtb not found" error
2. Second method that I tried was I simply unpacked the boot.img (original image) and repacked it using abootimg in to myboot.img without changing anything.
This also gives the same error.
It looks like there is some issue with the unpacking and repacking of the boot image.
Is there any other way to resolve this issue?
asurion.acc said:
Is there any other way to resolve this issue?
Click to expand...
Click to collapse
use this instruction and tools, but when you will build your boot.img, use this cmd line
Code:
./mkbootimg --base 0x00000000 --kernel zImage --ramdisk_offset 0x02000000 --tags_offset 0x01E00000 --pagesize 2048 --cmdline "androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0xb7 ehci-hcd.park=3 dwc3.maximum_speed=high dwc3_msm.prop_chg_detect=Y" --ramdisk ramdisk.cpio.gz --dt dt.img -o boot.img
with that instruction all work fine. I've tested many times
Thanks for replying to me.
I just want to modify init.rc file to add few lines. The only file that I see is ramdisk.cpio which contains init.rc. I unpacked it , modified it and repacked ramdisk.cpio. Instead of creating new dt.img, I directly flashed the new img file onto the device and that soft bricked the device. :crying: The steps that you suggested mentions creating a new kernel and creating a new dt.img. Do I need to do that even though I just need to modify just init.rc file?
At this point, I am just trying to unbrick the device using flash tool. I tried cwmrecovery but it did not work so trying flashing tool now. once its done, if it is necessary to create a new dt.img and new zImage using toolchains, I will use that method. Please let me know if you think that is the step that I am missing which caused the device to brick.
Thanks a lot.
UPDATE:
Device is unbricked.!
I just need to root it again and follow the steps that you mentioned. Please confirm if I need new ZImage and dt.img even if I just need to edit init.rc.
Thanks a lot.
I've been trying for like hours to unpack and repack a boot.img.
I never made this before, I was reading much (actually too much) on the internet on how getting this done.
So... I downloaded some tools for unpacking and repacking the boot.img and followed this tutorial:
http://whiteboard.ping.se/Android/Unmkbootimg
and I suceeded. But when I repack it (WITHOUT modifying ANYTHING), and try to flash the "new" boot.img to the phone, the phone turns on and then shows up on the upper left corner of the screen "KERNEL IS NOT SEANDROID ENFORCING" and stays there. It goes no further. I simply unpacked it and then repacked it (to see if I made the whole process right, before screwing anything up).
I saw something curious: The original boot.img is 14.3MB and the new boot.img only 14.0MB. Is there anything that got lost in the process? Remember that I set all the "adresses" to the files right.
Unpacking command:
Code:
[email protected]:~/Área de Trabalho/UNPACKTOOLS$ ./umkbootimg boot.img
unmkbootimg version 1.2 - Mikael Q Kuisma <[email protected]>
Kernel size 11073112
Kernel address 0x8000
Ramdisk size 2525114
Ramdisk address 0x1000000
Secondary size 0
Secondary address 0xf00000
Kernel tags address 0x100
Flash page size 2048
Board name is ""
Command line "console=ttyS1,115200n8"
This image is built using standard mkbootimg
Extracting kernel to file zImage ...
Extracting root filesystem to file initramfs.cpio.gz ...
All done.
---------------
To recompile this image, use:
mkbootimg --kernel zImage --ramdisk initramfs.cpio.gz --base 0x0 --cmdline 'console=ttyS1,115200n8' -o new_boot.img
---------------
[email protected]:~/Área de Trabalho/UNPACKTOOLS$
And repacking:
Code:
[email protected]:~/Área de Trabalho/UNPACKTOOLS$ ./mkbootimg --kernel zImage --ramdisk initramfs.cpio --base 0x0 --cmdline 'console=ttyS1,115200n8' -o new_boot.img --pagesize 2048 --ramdiskaddr 0x1000000
[email protected]:~/Área de Trabalho/UNPACKTOOLS$
I also tried without those adresses. Without luck.
The phone is a (Samsung J1) "J120H" with Android 5.1.1.
And the boot image I obtained by downloading the stock rom and unpacking ONLY the "boot.img". Remember: When I flash this file alone, IT WORKS. When I unpack and repack it, it stops working.
Here are the tools which came and my boot.img (unmodified from stock rom): https://volafile.io/get/overPkOTw66W/ToolsWithBootImg.zip
If anyone can direct me in the right way, I would be very happy.
Or maybe even modify the boot.img for me, set "secure=0" and repack it. Because my main goal is to root the device.
Thanks.
Anyone?
Sent from my SM-G925F using XDA-Developers mobile app
Nobody knows how to unpack a boot.img?
Sent from my SM-G925F using XDA-Developers mobile app
Not exactly answer to your problem. I tried same thing - just unpacking and repacking It stuck at boot saying 'fastboot reason fall through normal boot mode'
This SO: has similar post : http://stackoverflow.com/questions/27889621/error-with-repacking-boot-img-android
I suspect the base address is wrong in all three cases.
May be if you are searching for solution we can search together
[[email protected] kitkat]$ ./unmkbootimg boot.img
Kernel size 6022016
Kernel address 0x8000
Ramdisk size 716888
Ramdisk address 0x1000000
Secondary size 0
Secondary address 0xf00000
Kernel tags address 0x100
Flash page size 2048
Board name is ""
Command line "console=ttyHSL0,115200,n8 androidboot.console=ttyHSL0 androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x37 utags.blkdev=/dev/block/platform/msm_sdcc.1/by-name/utags vmalloc=400M"
Extracting kernel.gz ...
Extracting initramfs.cpio.gz ...
All done.
---------------
To recompile this image, use:
mkbooting --kernel kernel.gz --ramdisk initramfs.cpio.gz --base 0x0 --cmdline 'console=ttyHSL0,115200,n8 androidboot.console=ttyHSL0 androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x37 utags.blkdev=/dev/block/platform/msm_sdcc.1/by-name/utags vmalloc=400M' -o new_boot.img
---------------
Click to expand...
Click to collapse
glaks said:
Not exactly answer to your problem. I tried same thing - just unpacking and repacking It stuck at boot saying 'fastboot reason fall through normal boot mode'
This SO: has similar post : http://stackoverflow.com/questions/27889621/error-with-repacking-boot-img-android
I suspect the base address is wrong in all three cases.
May be if you are searching for solution we can search together
Click to expand...
Click to collapse
If you discover why, please let me know
Sent from my SM-G925F using XDA-Developers mobile app
Fusseldieb said:
If you discover why, please let me know
Sent from my SM-G925F using XDA-Developers mobile app
Click to expand...
Click to collapse
Changing --base 0x0 to --base 0x10008000 does the trick. You may need to play around with your device PHYS_OFFSET. For more read this https://lyncd.com/2011/03/android-kernel-mkbootimg-base/
http://k.japko.eu/boot-img-manipulation.html
Fusseldieb said:
I've been trying for like hours to unpack and repack a boot.img.
I never made this before, I was reading much (actually too much) on the internet on how getting this done.
So... I downloaded some tools for unpacking and repacking the boot.img and followed this tutorial:
http://whiteboard.ping.se/Android/Unmkbootimg
and I suceeded. But when I repack it (WITHOUT modifying ANYTHING), and try to flash the "new" boot.img to the phone, the phone turns on and then shows up on the upper left corner of the screen "KERNEL IS NOT SEANDROID ENFORCING" and stays there. It goes no further. I simply unpacked it and then repacked it (to see if I made the whole process right, before screwing anything up).
I saw something curious: The original boot.img is 14.3MB and the new boot.img only 14.0MB. Is there anything that got lost in the process? Remember that I set all the "adresses" to the files right.
Unpacking command:
Code:
[email protected]:~/Área de Trabalho/UNPACKTOOLS$ ./umkbootimg boot.img
unmkbootimg version 1.2 - Mikael Q Kuisma <[email protected]>
Kernel size 11073112
Kernel address 0x8000
Ramdisk size 2525114
Ramdisk address 0x1000000
Secondary size 0
Secondary address 0xf00000
Kernel tags address 0x100
Flash page size 2048
Board name is ""
Command line "console=ttyS1,115200n8"
This image is built using standard mkbootimg
Extracting kernel to file zImage ...
Extracting root filesystem to file initramfs.cpio.gz ...
All done.
---------------
To recompile this image, use:
mkbootimg --kernel zImage --ramdisk initramfs.cpio.gz --base 0x0 --cmdline 'console=ttyS1,115200n8' -o new_boot.img
---------------
[email protected]:~/Área de Trabalho/UNPACKTOOLS$
And repacking:
Code:
[email protected]:~/Área de Trabalho/UNPACKTOOLS$ ./mkbootimg --kernel zImage --ramdisk initramfs.cpio --base 0x0 --cmdline 'console=ttyS1,115200n8' -o new_boot.img --pagesize 2048 --ramdiskaddr 0x1000000
[email protected]:~/Área de Trabalho/UNPACKTOOLS$
I also tried without those adresses. Without luck.
The phone is a (Samsung J1) "J120H" with Android 5.1.1.
And the boot image I obtained by downloading the stock rom and unpacking ONLY the "boot.img". Remember: When I flash this file alone, IT WORKS. When I unpack and repack it, it stops working.
Here are the tools which came and my boot.img (unmodified from stock rom): https://volafile.io/get/overPkOTw66W/ToolsWithBootImg.zip
If anyone can direct me in the right way, I would be very happy.
Or maybe even modify the boot.img for me, set "secure=0" and repack it. Because my main goal is to root the device.
Thanks.
Click to expand...
Click to collapse
Try using Carliv Kitchen Image
I downloaded the Xiaomi ROM, unzipped it, and extracted the boot.img with
abootimg -x boot.img
Then I recreated the boot.img with the modified kernel
abootimg --create boot.img -f bootimg.cfg -k $SCRIPT_DIR/devices/$DEVICE/kernel/k/arch/arm64/boot/Image -r initrd.img
and flashed it
fastboot flash boot boot.img
but then the phone boots right into fastboot mode.
I then reflashed the original boot.img from the ROM and it worked.
Then I thought I had compiled the kernel wrongly somehow, so I tried just unpacking the ORIGINAL boot.img from the ROM and repacking it, without changing the kernel:
abootimg -x boot.img
abootimg --create boot.img -f bootimg.cfg -k zImage -r initrd.img
but it boots right into fastboot mode again. So the problem is not in my kernel but in my repacking method for boot.img
How should I repack the boot.img?