Here I consolidate the custom tools necessary to unpack, modify, repack and loki your JB 4.2.2 ROM zip boot.img!
These Windows/cygwin tools invoke the djrbliss loki bootloader exploit for your rooted SGS4!
See my Instructional Demo below! Results are tested working on my AT&T SGH-I337 running Liquid Smooth v2.8 (JB 4.2.2) and TWRP Recovery 2.5.0.2.
SGS4 Boot Image Toolset (sgs4-boot-tools.zip): http://www.mediafire.com/?6sp3pp33lxgm3ua
Contents
Executive shell script: modify-boot-sgs4.sh to unpack boot image to kernel and ramdisk, thus enabling user to modify boot image
Perl scripts: unpack-bootimg-sgs4.pl and repack-bootimg-sgs4.pl
mkbootimg.exe (make boot image from kernel and ramdisk)
loki-boot directory with ROM-like directory structure --- contains all files needed to “loki” your boot.img
The loki-boot directory also contains two boot files: boot-ref.img (extracted directly from Liquid Smooth ROM zip) and a modified boot.img (generated using the Instructional Demo further below).
My custom repack-bootimg-sgs4.pl invokes the following command string:
./mkbootimg.exe --cmdline 'androidboot.hardware=qcom user_debug=31 zcache' --base 0x80200000 --kernel boot.img-kernel --ramdisk ramdisk-repack.cpio.gz -o $boot-repack.img
Detail:
--cmdline 'androidboot.hardware=qcom user_debug=31 zcache' (command line tellback from unpack-bootimg-sgs4.pl)
--base 0x80200000 (from Liquid Smooth /proc/config.gz: CONFIG_PHYS_OFFSET=0x80200000)
--kernel $boot.img-kernel (ROM kernel file)
--ramdisk ramdisk-repack.cpio.gz (gzipped cpio of/ramdisk)
-o $boot-repack.img (output file)
Click to expand...
Click to collapse
Preliminaries
If you don’t have cygwin, you can download it here: http://www.cygwin.com/ and install.
Cygwin packages installed on my XP workstation are shown below. You probably don’t need all of them, though I believe many come with the base cygwin.
But you definitely need perl
Code:
$ cygcheck -c
Cygwin Package Information
Package Version Status
_autorebase 000199-1 OK
_update-info-dir 01102-1 OK
alternatives 1.3.30c-10 OK
base-cygwin 3.1-1 OK
base-files 4.1-1 OK
bash 4.1.10-4 OK
bzip2 1.0.6-2 OK
coreutils 8.15-1 OK
cpio 2.11-2 OK
crypt 1.2-1 OK
cygutils 1.4.10-2 OK
cygwin 1.7.17-1 OK
cygwin-doc 1.7-1 OK
dash 0.5.7-1 OK
diffutils 3.2-1 OK
dos2unix 6.0.3-1 OK
editrights 1.01-2 OK
file 5.11-1 OK
findutils 4.5.9-2 OK
gawk 4.0.2-1 OK
gettext 0.18.1.1-2 OK
grep 2.6.3-1 OK
groff 1.21-2 OK
gzip 1.4-1 OK
ipc-utils 1.0-1 OK
less 444-1 OK
libattr1 2.4.46-1 OK
libbz2_1 1.0.6-2 OK
libdb4.5 4.5.20.2-3 OK
libexpat1 2.1.0-1 OK
libgcc1 4.5.3-3 OK
libgdbm4 1.8.3-20 OK
libgmp3 4.3.2-1 OK
libiconv2 1.14-2 OK
libintl8 0.18.1.1-2 OK
liblzma5 5.0.2_20110517-1 OK
libncurses10 5.7-18 OK
libncursesw10 5.7-18 OK
libopenssl100 1.0.1c-2 OK
libpcre0 8.21-2 OK
libpopt0 1.6.4-4 OK
libreadline7 6.1.2-3 OK
libsigsegv2 2.10-1 OK
libssp0 4.5.3-3 OK
libstdc++6 4.5.3-3 OK
libxml2 2.9.0-1 OK
login 1.10-10 OK
man 1.6g-1 OK
mintty 1.1.2-1 OK
perl 5.14.2-3 OK
perl_vendor 5.14.2-3 OK
rebase 4.4.0-1 OK
run 1.1.13-1 OK
sed 4.2.1-2 OK
tar 1.26-1 OK
terminfo 5.7_20091114-14 OK
texinfo 4.13-4 OK
tzcode 2012j-1 OK
vim 7.3.762-1 OK
vim-common 7.3.762-1 OK
which 2.20-2 OK
xxd 7.3.762-1 OK
xz 5.0.2_20110517-1 OK
zlib0 1.2.7-1 OK
Instructional Demo
1. Boot SGS4 to recovery and Nandroid backup existing ROM for peace of mind
2. (One time) Create a cygwin working directory (e.g. ~/cygwin/home/modify-boot-sgs4) and unzip the SGS4 Boot Image Toolset files to it
3. On Windows, extract ROM boot.img (e.g. from Liquid-JB-v2.8-OFFICIAL-jflteatt.zip) and place boot.img in cygwin working directory.
4. Launch cygwin command window in working directory and enter script command:
sh modify-boot-sgs4.sh boot.img (produces ramdisk directory: boot.img-ramdisk/)
CNTL-C out of shell script and back to cygwin prompt.
5. Edit boot.img-ramdisk/default.prop, set: ro.secure=0 and save and close.
Note: The setting: ro.secure=0 instructs Android to grant root to ADB so user does not have to keep entering “su” at the beginning of each ADB session.
6. At cygwin terminal enter:
perl repack-bootimg-sgs4.pl boot.img
This yields boot-repack.img.
Here’s a dump of my cygwin session…
Code:
[email protected] /home
$ mkdir modify-boot-sgs4
[email protected] /home
$ cd modify-boot-sgs4
[email protected] /home/modify-boot-sgs4
$ pwd
/home/modify-boot-sgs4
[email protected] /home/modify-boot-sgs4
$ sh modify-boot-sgs4.sh boot.img
Unpack/Repack SGS4 ROM Boot Image
Initial Release (14 Jul 2013)
sendust7 @ xda developers
Current directory: /home/modify-boot-sgs4
Unpacking boot image...
Page size: 2048 (0x00000800)
Kernel size: 4961224 (0x004bb3c8)
Ramdisk size: 488535 (0x00077457)
Second size: 0 (0x00000000)
Board name:
Command line: androidboot.hardware=qcom user_debug=31 zcache
Writing boot.img-kernel ... complete.
Writing boot.img-ramdisk.gz ... complete.
Unzipping: boot.img-ramdisk.gz to boot.img-ramdisk
1708 blocks
Press ENTER to repack boot image or CNTL C to exit (and modify ramdisk offline):
[COLOR="Blue"](Modify /ramdisk/default.prop then resume cygwin session)[/COLOR]
[email protected] /home/modify-boot-sgs4
$ perl repack-bootimg-sgs4.pl boot.img
find . | cpio -o -H newc | gzip > /home/modify-boot-sgs4/ramdisk-repack.cpio.gz
1708 blocks
./mkbootimg.exe --cmdline 'androidboot.hardware=qcom user_debug=31 zcache' --base 0x80200000 --kernel boot.img-kernel --ramdisk ramdisk-repack.cpio.gz -o boot-repack.img
Repacked boot image written to boot-repack.img
[email protected] /home/modify-boot-sgs4
$
7. Exit cygwin and drop boot-repack.img into loki-boot directory and rename to boot.img. Then 7-zip contents of loki-boot directory to loki-boot.zip (CNTL-A (Select All) then right-click > 7-zip > Add to “loki-boot.zip”).
8. Connect SGS4 to your ADB-enabled computer, then
adb push loki-boot.zip /external_sd/Download (or your favorite flash directory)
9. Boot to recovery and flash loki-boot.zip (takes a few seconds)
10. Reboot system and achieve “pre-rooted” ADB sessions on Liquid Smooth!
C:\Program Files\Android\android-sdk\platform-tools>adb kill-server
C:\Program Files\Android\android-sdk\platform-tools>adb shell
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
[email protected]:/ #
Click to expand...
Click to collapse
BTW here's a nice little app: https://play.google.com/store/apps/details?id=com.siriusapplications.quickboot&hl=en
With Quick Boot, you can reboot to recovery via soft key, which is easier than booting to recovery from cold start.
Blessings. Enjoy!
Credits:
djrbliss @ xda developers and other contributors for the loki exploit: https://github.com/djrbliss/loki)
William Enck (split_bootimg): http://www.enck.org/
Android Development Team (Unpack, Edit, Repack Boot Images): http://www.android-dls.com/wiki/?title=HOWTO:_Unpack,_Edit,_and_Re-Pack_Boot_Images
Cygwin Project Team: http://cygwin.com/who.html
sendust7 said:
If you don’t have cygwin, you can
Click to expand...
Click to collapse
use native Linux
svs57 said:
use native Linux
Click to expand...
Click to collapse
L.O.L, I totally agree
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=10
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT
C:\wubildr.mbr="Ubuntu"
Click to expand...
Click to collapse
But my past experience is that most users prefer Windows
I am not sure, but I don't think this will work on a fresh install of Cygwin. When i installed cygwin i selected "all" for packages. The directory structure does not match your script, /bin is not under /usr but in the root of cygwin directory. Also, i checked the installed packages, many are missing, and when i search cygwin.com for the missing, i cant find quite a few. Im new to cygwin, as in this op, but not new to software. i tried several boot.img (4.3) thinking it might be the image, but it was a strech and all failed the same. I dont find the .dll your script is looking for, so the error is correct.
I get this error:
$ sh modify-boot-sgs4.sh boot.img
Unpack/Repack SGS4 ROM Boot Image
Initial Release (14 Jul 2013)
sendust7 @ xda developers
Current directory: /home/modify-boot-sg4
Unpacking boot image...
/usr/bin/perl.exe: error while loading shared libraries: cygssp-0.dll: cannot open shared object file: No such file or directory
UPDATE: well I went through the cygwin install/update again and after searching for each package you listed, installing everything associated with each package, your scripts WORK. I have unpacked/edited/repacked and loaded. ADB as root......profit
Thanks for this
Thanks
sendust7 said:
Here I consolidate the custom tools necessary to unpack, modify, repack and loki your JB 4.2.2 ROM zip boot.img!
These Windows/cygwin tools invoke the djrbliss loki bootloader exploit for your rooted SGS4!
See my Instructional Demo below! Results are tested working on my AT&T SGH-I337 running Liquid Smooth v2.8 (JB 4.2.2) and TWRP Recovery 2.5.0.2.
SGS4 Boot Image Toolset (sgs4-boot-tools.zip): http://www.mediafire.com/?6sp3pp33lxgm3ua
Contents
Executive shell script: modify-boot-sgs4.sh to unpack boot image to kernel and ramdisk, thus enabling user to modify boot image
Perl scripts: unpack-bootimg-sgs4.pl and repack-bootimg-sgs4.pl
mkbootimg.exe (make boot image from kernel and ramdisk)
loki-boot directory with ROM-like directory structure --- contains all files needed to “loki” your boot.img
The loki-boot directory also contains two boot files: boot-ref.img (extracted directly from Liquid Smooth ROM zip) and a modified boot.img (generated using the Instructional Demo further below).
My custom repack-bootimg-sgs4.pl invokes the following command string:
Preliminaries
If you don’t have cygwin, you can download it here: http://www.cygwin.com/ and install.
Cygwin packages installed on my XP workstation are shown below. You probably don’t need all of them, though I believe many come with the base cygwin.
But you definitely need perl
Code:
$ cygcheck -c
Cygwin Package Information
Package Version Status
_autorebase 000199-1 OK
_update-info-dir 01102-1 OK
alternatives 1.3.30c-10 OK
base-cygwin 3.1-1 OK
base-files 4.1-1 OK
bash 4.1.10-4 OK
bzip2 1.0.6-2 OK
coreutils 8.15-1 OK
cpio 2.11-2 OK
crypt 1.2-1 OK
cygutils 1.4.10-2 OK
cygwin 1.7.17-1 OK
cygwin-doc 1.7-1 OK
dash 0.5.7-1 OK
diffutils 3.2-1 OK
dos2unix 6.0.3-1 OK
editrights 1.01-2 OK
file 5.11-1 OK
findutils 4.5.9-2 OK
gawk 4.0.2-1 OK
gettext 0.18.1.1-2 OK
grep 2.6.3-1 OK
groff 1.21-2 OK
gzip 1.4-1 OK
ipc-utils 1.0-1 OK
less 444-1 OK
libattr1 2.4.46-1 OK
libbz2_1 1.0.6-2 OK
libdb4.5 4.5.20.2-3 OK
libexpat1 2.1.0-1 OK
libgcc1 4.5.3-3 OK
libgdbm4 1.8.3-20 OK
libgmp3 4.3.2-1 OK
libiconv2 1.14-2 OK
libintl8 0.18.1.1-2 OK
liblzma5 5.0.2_20110517-1 OK
libncurses10 5.7-18 OK
libncursesw10 5.7-18 OK
libopenssl100 1.0.1c-2 OK
libpcre0 8.21-2 OK
libpopt0 1.6.4-4 OK
libreadline7 6.1.2-3 OK
libsigsegv2 2.10-1 OK
libssp0 4.5.3-3 OK
libstdc++6 4.5.3-3 OK
libxml2 2.9.0-1 OK
login 1.10-10 OK
man 1.6g-1 OK
mintty 1.1.2-1 OK
perl 5.14.2-3 OK
perl_vendor 5.14.2-3 OK
rebase 4.4.0-1 OK
run 1.1.13-1 OK
sed 4.2.1-2 OK
tar 1.26-1 OK
terminfo 5.7_20091114-14 OK
texinfo 4.13-4 OK
tzcode 2012j-1 OK
vim 7.3.762-1 OK
vim-common 7.3.762-1 OK
which 2.20-2 OK
xxd 7.3.762-1 OK
xz 5.0.2_20110517-1 OK
zlib0 1.2.7-1 OK
Instructional Demo
1. Boot SGS4 to recovery and Nandroid backup existing ROM for peace of mind
2. (One time) Create a cygwin working directory (e.g. ~/cygwin/home/modify-boot-sgs4) and unzip the SGS4 Boot Image Toolset files to it
3. On Windows, extract ROM boot.img (e.g. from Liquid-JB-v2.8-OFFICIAL-jflteatt.zip) and place boot.img in cygwin working directory.
4. Launch cygwin command window in working directory and enter script command:
sh modify-boot-sgs4.sh boot.img (produces ramdisk directory: boot.img-ramdisk/)
CNTL-C out of shell script and back to cygwin prompt.
5. Edit boot.img-ramdisk/default.prop, set: ro.secure=0 and save and close.
Note: The setting: ro.secure=0 instructs Android to grant root to ADB so user does not have to keep entering “su” at the beginning of each ADB session.
6. At cygwin terminal enter:
perl repack-bootimg-sgs4.pl boot.img
This yields boot-repack.img.
Here’s a dump of my cygwin session…
Code:
[email protected] /home
$ mkdir modify-boot-sgs4
[email protected] /home
$ cd modify-boot-sgs4
[email protected] /home/modify-boot-sgs4
$ pwd
/home/modify-boot-sgs4
[email protected] /home/modify-boot-sgs4
$ sh modify-boot-sgs4.sh boot.img
Unpack/Repack SGS4 ROM Boot Image
Initial Release (14 Jul 2013)
sendust7 @ xda developers
Current directory: /home/modify-boot-sgs4
Unpacking boot image...
Page size: 2048 (0x00000800)
Kernel size: 4961224 (0x004bb3c8)
Ramdisk size: 488535 (0x00077457)
Second size: 0 (0x00000000)
Board name:
Command line: androidboot.hardware=qcom user_debug=31 zcache
Writing boot.img-kernel ... complete.
Writing boot.img-ramdisk.gz ... complete.
Unzipping: boot.img-ramdisk.gz to boot.img-ramdisk
1708 blocks
Press ENTER to repack boot image or CNTL C to exit (and modify ramdisk offline):
[COLOR="Blue"](Modify /ramdisk/default.prop then resume cygwin session)[/COLOR]
[email protected] /home/modify-boot-sgs4
$ perl repack-bootimg-sgs4.pl boot.img
find . | cpio -o -H newc | gzip > /home/modify-boot-sgs4/ramdisk-repack.cpio.gz
1708 blocks
./mkbootimg.exe --cmdline 'androidboot.hardware=qcom user_debug=31 zcache' --base 0x80200000 --kernel boot.img-kernel --ramdisk ramdisk-repack.cpio.gz -o boot-repack.img
Repacked boot image written to boot-repack.img
[email protected] /home/modify-boot-sgs4
$
7. Exit cygwin and drop boot-repack.img into loki-boot directory and rename to boot.img. Then 7-zip contents of loki-boot directory to loki-boot.zip (CNTL-A (Select All) then right-click > 7-zip > Add to “loki-boot.zip”).
8. Connect SGS4 to your ADB-enabled computer, then
adb push loki-boot.zip /external_sd/Download (or your favorite flash directory)
9. Boot to recovery and flash loki-boot.zip (takes a few seconds)
10. Reboot system and achieve “pre-rooted” ADB sessions on Liquid Smooth!
BTW here's a nice little app: https://play.google.com/store/apps/details?id=com.siriusapplications.quickboot&hl=en
With Quick Boot, you can reboot to recovery via soft key, which is easier than booting to recovery from cold start.
Blessings. Enjoy!
Credits:
djrbliss @ xda developers and other contributors for the loki exploit: https://github.com/djrbliss/loki)
William Enck (split_bootimg): http://www.enck.org/
Android Development Team (Unpack, Edit, Repack Boot Images): http://www.android-dls.com/wiki/?title=HOWTO:_Unpack,_Edit,_and_Re-Pack_Boot_Images
Cygwin Project Team: http://cygwin.com/who.html
Click to expand...
Click to collapse
Hi,
When I understand more I can't wait to revisit this instruction. But I love that it's here for me.
Ms. K:angel:
nevermind
nevermind
hello
Hi! I'm trying...but my ramdisk folder remains empty!
dump:
$ sh modify-boot-sgs4.sh boot.img
Unpack/Repack SGS4 ROM Boot Image
Initial Release (14 Jul 2013)
sendust7 @ xda developers
Current directory: /cygdrive/c/cygwin64/home/modify-boot-sgs4
Unpacking boot image...
Page size: 2048 (0x00000800)
Kernel size: 7157864 (0x006d3868)
Ramdisk size: 1142288 (0x00116e10)
Second size: 0 (0x00000000)
Board name:
Command line: console=null androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x3F ehci-hcd.park=3
Writing boot.img-kernel ... complete.
Writing boot.img-ramdisk.gz ... complete.
Unzipping: boot.img-ramdisk.gz to boot.img-ramdisk
modify-boot-sgs4.sh: line 23: cpio: command not found
_____________________________________________________
I'm doing this on 4.3 MJ7 I9505 kernel.
I assume I can unzip myself boot.img-ramdisk.gz, right?
ocaldini said:
Hi! I'm trying...but my ramdisk folder remains empty!
dump:
$ sh modify-boot-sgs4.sh boot.img
Unpack/Repack SGS4 ROM Boot Image
Initial Release (14 Jul 2013)
sendust7 @ xda developers
Current directory: /cygdrive/c/cygwin64/home/modify-boot-sgs4
Unpacking boot image...
Page size: 2048 (0x00000800)
Kernel size: 7157864 (0x006d3868)
Ramdisk size: 1142288 (0x00116e10)
Second size: 0 (0x00000000)
Board name:
Command line: console=null androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x3F ehci-hcd.park=3
Writing boot.img-kernel ... complete.
Writing boot.img-ramdisk.gz ... complete.
Unzipping: boot.img-ramdisk.gz to boot.img-ramdisk
modify-boot-sgs4.sh: line 23: cpio: command not found
_____________________________________________________
I'm doing this on 4.3 MJ7 I9505 kernel.
I assume I can unzip myself boot.img-ramdisk.gz, right?
Click to expand...
Click to collapse
Make sure you install the cpio packages for cygwin.
You can install additional packages by running the setup/install again.
You can also search for cpio via the search bar at the top left when presented with the list of packages.
Hope that helps.
Hello
Can anyone tell what is wrong? it keeps saying its doing it, but it does nothing...
[email protected] ~
$ cd modify-boot-sgs4
[email protected] ~/modify-boot-sgs4
$ pwd
/home/Home/modify-boot-sgs4
[email protected] ~/modify-boot-sgs4
$ sh modify-boot-sgs4.sh boot.img
Unpack/Repack SGS4 ROM Boot Image
Initial Release (14 Jul 2013)
sendust7 @ xda developers
Current directory: /home/Home/modify-boot-sgs4
Unpacking boot image...
Page size: 2048 (0x00000800)
Kernel size: 7195952 (0x006dcd30)
Ramdisk size: 1144962 (0x00117882)
Second size: 0 (0x00000000)
Board name:
Command line: console=null androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x3F ehci-hcd.park=3
Writing boot.img-kernel ... complete.
Writing boot.img-ramdisk.gz ... complete.
Directory: boot.img-ramdisk already exists
Press ENTER to repack boot image or CNTL-C to exit (and modify ramdisk offline):
Repacking boot image...
find . | cpio -o -H newc | gzip > /home/Home/modify-boot-sgs4/ramdisk-repack.cpio.gz
4560 blocks
./mkbootimg.exe --cmdline 'androidboot.hardware=qcom user_debug=31 zcache' --base 0x80200000 --kernel boot.img-kernel --ramdisk ramdisk-repack.cpio.gz -o boot-repack.img
sh: ./mkbootimg.exe: Permission denied
Althoug, now it is telling me Permission Denied, I don't know why, or how to change that in windows 7, but it wasn't giving me any errors before, it just wasn't writing the image
lijojohnson said:
Make sure you install the cpio packages for cygwin.
You can install additional packages by running the setup/install again.
You can also search for cpio via the search bar at the top left when presented with the list of packages.
Hope that helps.
Click to expand...
Click to collapse
Thank you, you helped me a lot! It worked!
Oh, when I searched for cpio I had to click on "default" ( and select "install" on the windows before clicking "advance"), to install it properly!
A VERY IMPORTANT INFORMATION:
I was trying with Cygwin 64 bit and I had problem repacking it.
I found out mkbootimg only works on Linux 32 bits.
So it is necessary to use Cygwin 32 bit version!
Finally it worked! Thanks a lot!
---------- Post added at 04:09 AM ---------- Previous post was at 03:18 AM ----------
Yeah, I did that...same result...the problem is with permissions, when I run it in compatibility mode, it tells me permission denied. I'm suspecting
it is a Windows 7 problem, mkbootimg.exe is saying permission denied. I appreciate the answer though. maybe an antivirus program is blocking it or something. my cygwin icon is showing the security essentials icon on it for some reason...i dunno, i'll research it some more and figure it out when I have time, thanks again
Keithgordon said:
Yeah, I did that...same result...the problem is with permissions, when I run it in compatibility mode, it tells me permission denied. I'm suspecting
it is a Windows 7 problem, mkbootimg.exe is saying permission denied. I appreciate the answer though. maybe an antivirus program is blocking it or something. my cygwin icon is showing the security essentials icon on it for some reason...i dunno, i'll research it some more and figure it out when I have time, thanks again
Click to expand...
Click to collapse
I'm doing this on windows 8.1 64bit with cygwin 32 bits. It works. I don't use antivirus, turn off security essentials and other system protecting programs, I'm sure you will do it.
Try it with boot.img from I9505 International , unpack and repack without problem , flash it and phone restart and vibrate constantly.
Any ideas how to fix this problem ?
lesson-01: HOW t Build kernel ..
i'm using ubuntu 12 32bit .. toolchain linaro ..
- Download source tree .. from git or official web site there is now .. for 4.1.2 and 4.2.2 ..
- Download cross compiler **toolchain** ..
- edit makefile in the kernel tree ..
Code:
ARCH = arm
CROSS-COMPILE = /directery to your compiler **toolchain** /arm-eabi- or **see in bin folder**
- open terminal .and cd to kernel tree .. **cd /home/**yourname**/Deskt...... **
-type :
Code:
make clean
make mrproper
make bcm28155_capri_ss_s2vep_rev05_defconfig
** or you can extract config.gz from phone "cat /proc/config.gz > /sdcard/config.gz" extract file from config.gz rename it like this "blablabla_defconfig" put it in /kerneltree...../arch/arm/configs **
make menuconfig **if you want to add driver or feautre like NTFS support**
make -jX
Click to expand...
Click to collapse
multitask make ..X=2.....10 depance as your computer cpu power
and you will get zImage in "/kerneltree..../arch/arm/boot "
now you have t o make boot.img .. and there is big diffrent between them .. boot.img contain ramdisk and kernel .... pagesize .. base .. to the next lesson.
lesson-02: how to unpack boot.img and get ramdisk
zImage **kernel** is like globel driver and configuration for the device .Ramdisk launch the rom and you can make rooted kernel with it ** you have to unpack ramdisk.gz to add modification and repack it **
you can extract from orginal firmware .. or extract it from phone :
** cat /dev/block/mmcblk0p5 > /sdcard/boot.img **
now how to unpack boot.img
cd to the tools folder ..
Code:
sudo cp mkbootimg /bin/
sudo chmod 755 /bin/mkbootimg
perl split_bootimg.pl boot.img
** boot.img of the rom you will use because off the ramdisk **
will show :
Page size: 4096 (0x00001000) ***we will need this***
Code:
Kernel size: 3132176 (0x002fcb10)
Ramdisk size: 3484496 (0x00352b50)
Second size: 0 (0x00000000)
Board name:
Command line:
Writing boot.img-kernel ... complete.
Writing boot.img-ramdisk.gz ... complete.
** now you can edit your ramdisk --superuser-init..it is like basic files for rom .. becaution **
Lesson-03: packing boot.img .. taring to flash via odin.
now the packing .. we need : cmdline + pagesize + base without them it wont boot ..
how extract cmdline : ** cat /proc/cmdline > /sdcard/cmdline.txt **
you can find base in the cmdline file : [email protected]0xA2000000
for our device i9105p : base = 0xA2000000 pagesize = 4096
now packing :
Code:
./mkbootimg --pagesize 4096 --base 0xa2000000 --kernel zImage --ramdisk ramdisk.gz -o newboot.img
now we have the new boot.img you can use it with flash.zip CWM
or tar the img to flash it via odin.
Code:
$ tar -H ustar -c boot.img > kernel.tar
$ md5sum -t kernel.tar >> kernel.tar
$ mv kernel.tar kernel.tar.md5
:good:
reserved
Hi all folks,
I have some question about the stock android system in this specific box and the format of the dumped partition.
Try to explain, I'm using rkflashtool to interact with the memory of the RK3188
This is the output of the command
rkflashtool r 0 1 | head -n 11
-------------------------------------------------------------------------------------------------
CMDLINE:console=ttyFIQ0 androidboot.console=ttyFIQ0
init=/init initrd=0x62000000,0x00800000 mtdparts=rk29xxnand:
[email protected](misc),
[email protected](kernel),
[email protected](boot),
[email protected](recovery),
[email protected](backup),
[email protected](cache),
[email protected](userdata),
[email protected](kpanic),
[email protected](system),
[email protected](user)
-------------------------------------------------------------------------------------------------
I guess the boot partition is something linke that:
+-------+ <--- 0x00019fe0
| boot |
+-------+ <----0x00012000
With this command i'm able to dump the entrie boot partition on my linux box in a file named b00t.img :
rkflashtool r 0x12000 0x8000 > b00t.img
Now, i have find out that with the tool rkunpack (or simply with dd) i'm able to unpack this b00t.img. The output are two file:
b00t.img-raw
b00t.img-symbol
The first file is no more than a gzip compressed data file, I'm able to extract the data in a directory with this command:
gunzip < ../b00t.img-raw | sudo cpio -i --make-directories
Now in this dir I have all the files of the / partition. I can modify for example the /init.rc.
I want to repack the entrie b00t.img in order to flash it again on the device.
NB:
In this thread these guys work at something like my problem...
http://www.freaktab.com/showthread.p...ull=1#post4055
The difference is that they work on a different partition layout, and the rkunpack of dumped boot.img return they only boot.img-raw.
Obviously I've already tried to repack the modified directory in this two ways:
mkcramfs myboot myboot-temp.img
kcrc myboot-temp.img customboot.img
or
find . ! -name "."| sort | cpio -oa -H newc | gzip -n > ../newboot.gz
kcrc newboot.gz customboot.img
None of these leads to obtain a file large enough to fit the boot partition on the deivice, that I want fill with:
rkflashtool w 0x12000 0x8000 < modifiedb00t.img
Has anyone ever worked with rk3188? Any idea?
Thanks in advance.
Anyone?
Hello,
I own a samsung xcover 3 (sm-g388f, android lollitop) and out of curiosity I start to be interested in the android system. I downloaded the ROM and get back the file boot.img, i try to get the file Image.gz (kernel) with Android Image Kitchen.
Code:
./unpackimg.sh boot.img
I get:
Code:
Android Image Kitchen - UnpackImg Script
by osm0sis @ xda-developers
Supplied image: boot.img
Setting up work folders...
Image type: AOSP-PXA
Footer with "SEAndroid" type detected.
Splitting image to "split_img/"...
BOARD_KERNEL_CMDLINE
BOARD_KERNEL_BASE 0x10000000
BOARD_NAME
BOARD_PAGE_SIZE 2048
BOARD_KERNEL_OFFSET 0x00008000
BOARD_RAMDISK_OFFSET 0x01000000
BOARD_SECOND_OFFSET 0x00f00000
BOARD_TAGS_OFFSET 0x00000100
BOARD_DT_SIZE 475136
BOARD_UNKNOWN 0x03000000
Unpacking ramdisk (as root) to "ramdisk/"...
Compression used: gzip
4739 blocs
Done!
I get the file boot.img-kernel, i use dumpimage:
Code:
./dumpimage -i boot.img-kernel -p 0 Image.gz
The return is:
Code:
./dumpimage: invalid option -- 'i'
Usage: ./dumpimage -l image
-l ==> list image header information
./dumpimage [-T type] [-p position] [-o outfile] image
-T ==> declare image type as 'type'
-p ==> 'position' (starting at 0) of the component to extract from image
-o ==> extract component to file 'outfile'
./dumpimage -h ==> print usage information and exit
./dumpimage -V ==> print version information and exit
I try the command:
Code:
./dumpimage -T boot.img-kernel -p 0 Image.gz
i get:
Code:
./dumpimage: Invalid type
I no longer see what to do, here is the boot.img
If anyone has an idea I’m interested
Thanks
Hello all,
I'd like to braindump how I managed to make android emulator v30 work with mitm, hope that helps someone.
Since it was not possible to neither write nor make writable the /system partition, I decided to roll my own system.img and that actually worked. I'm not going to upload a script because I might not remember 100%, but I'll going to descibe the steps in full, even though they exist elsewhere. The commands might not be exact, too, so if there's a typo you'll need to figure it out yourself.
Also, it will be a bit confusing because I shall refer to 2 files named system.img, one is the 2G file that comes with android, the other is 700M or something file that you will be creating in the process. I'll refer them as #1 and #2.
1. What is needed: android studio and emulator, linux, xattr, https://github.com/LonelyFool/lpunpack_and_lpmake , https://github.com/tytso/e2fsprogs, mitmproxy, parted. Build these github projects, you'll need their binaries in the process.
also, 'mkdir build' somewhere.
2. Find system.img (#1) in your android studio installation, then extract the system partition:
$ losetup -f system.img
$ losetup -a | grep system.img
/dev/loop5
$ partprobe /dev/loop5
$ ls /dev/loop5p*
/dev/loop5p1 /dev/loop5p2
$ lpunpack_and_lpmake/bin/lpunpack /dev/loop5p2 build
$ ls build
system.img system-ext.img product.img vendor.img
$ losetup -d /dev/loop5
3. Make system.img (#2) writable and usable. This is ext4 crunched with feature shared_blocks, which makes it not really writable even in theory, as it deduplicates identical blocks in the filesystem. You'll need to convert that to a normal ext4, but, there's not enough space to do that operation. So you'll need to expand the partition to accomodate for this. How much? Empirically, I added 30M to a 700M partition:
$ ls -l system.img
700000000 # for example
$ e2fsprogs/resize/resize2fs system.img 730M
$ ls -l system.img
730000000 # for example
$ e2fsprogs/e2fsck/e2fsck -f system.img
$ e2fsprogs/e2fsck/e2fsck -E unshared_blocks system.img
$ e2fsprogs/e2fsck/e2fsck -f system.img
4. Modify the now writable partiton to your heart's content (we're still with system.img #2 here). I needed to add just one file, mitmproxy-ca-cert.cer . According to the mitmproxy docs, the name must be the hash of the certificate:
$ losetup -f system.img
$ losetup -a | grep system.img
/dev/loop6
$ mount /dev/loop6 /mnt
$ hashed_name=`openssl x509 -inform PEM -subject_hash_old -in mitmproxy-ca-cert.cer | head -1
$ echo $hashed_name
c8750f0d
$ cp mitmproxy-ca-cert.cer /mnt/system/ext/security/cacerts/$hashed_name.0
$ cd /mnt/system/ext/security/cacerts/
$ chmod 644 $hashed_name.0
Now check if your android has extra attributes in these certificate files. Mine does:
$ xattr 00abcde.0 # some random certificate
security.selinux
$ xattr -p security.selinux 00abcde.0
ubject_r:system_security_cacerts_file:s0
if yes, you'll need it on this file too:
$ xattr -w security.selinux ubject_r:system_security_cacerts_file:s0 $hashed_name.0
and be done with the partition
$ umount /mnt
$ losetup -d /dev/loop6
5. Create new super-partition, the one we used as /dev/loop5p2. You'll need the file sizes of your .img partitions, and your command to create a super.img file will look like this:
$ cat repack
#!/bin/sh
P=/android/super/1
~/src/lpunpack_and_lpmake/bin/lpmake --metadata-size 65536 --super-name super --metadata-slots 2 --device super:2496462848 --group main:2647101440 \
--partition system:readonly:786432000:main --image system=$P/system.img \
--partition system_ext:readonly:131952640:main --image system_ext=$P/system_ext.img \
--partition product:readonly:1468575744:main --image product=$P/product.img \
--partition vendor:readonly:102739968:main --image vendor=$P/vendor.img \
--output $P/super2.img
the interesting numbers are the corresponding partition sizes (in --partition), and, if f ex you increased the system.img #2 to 30M in the step 3, the number in --device:super should be the size of /dev/loop5p2 in bytes plus at least these 30M (but also okay if a bit more).
6. Finally, create a new system.img #1 . Create a backup copy of it, and then append some 30M there, and fix the partition
$ dd if=/dev/zero of=system-new.img flags=append bs=1M size=30
$ losetup -f system-new.img
$ losetup -a | grep system-new.img
/dev/loop7
$ parted /dev/loop7
GNU Parted 3.3
Using /dev/loop7
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) p
Model: Loopback device (loopback)
Disk /dev/loop7: 2444MB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:
Number Start End Size File system Name Flags
1 1049kB 2097kB 1049kB vbmeta
2 2097kB 2443MB 2441MB super
you will need to expand the partion 2 to the max (plus minus same 30M). If is fails fix the number and retry:
(parted) resizepart 2 24460MB
Error: The location 24460MB is outside of the device /dev/loop7.
and finally copy data back:
$ partprobe /dev/loop7
$ dd if=super.img of=/dev/loop7p2 bs=1M
$ losetup -d /dev/loop7
and that's it. After that, rename system-new.img to system.img, and hopefully the emulator could run this new image.
Also, to check that the certificate is there and recognized, go to the setting/certificates/trusted certificates, the mitmproxy one should be in the list.
Hopefully this will be helpful.
Cheers!
/dk