Z3 dual D6633 BackupTA_V2 failed. Why? - Xperia Z3 Q&A, Help & Troubleshooting

Can not backup TA with BackupTA_V2 on Z3 dual with stock ROM. Will someone please help find out what is going wrong? Here are the details:
Code:
$ adb devices -l
List of devices attached
CB5A25TMFR device usb:2-1.1 product:D6633 model:D6633 device:D6633
$ adb shell getprop ro.build.description
D6633-user 5.0.2 23.1.1.E.0.1 937646546 release-keys
$ adb shell cat /proc/version
Linux version 3.4.0-perf-g72984dd ([email protected]) (gcc version 4.8 (GCC) ) #1 SMP PREEMPT Fri Feb 27 18:06:32 2015
$ ./backupTA.sh
Running on D6633 on 32-bit platform
Pushing files
127 KB/s (13644 bytes in 0.104s)
109 KB/s (5364 bytes in 0.047s)
185 KB/s (9512 bytes in 0.050s)
98 KB/s (5416 bytes in 0.053s)
109 KB/s (5364 bytes in 0.047s)
23 KB/s (1094 bytes in 0.046s)
Running scripts to dump ta to "TA_D6633_CB5A25TMFR_20171203-1843.img" on device
Overwriting run-as
Attempting to dirtycow
Done dirtycowing
Overwriting secondary payload (screenrecord)
Attempting to dirtycow
Done dirtycowing
Reading dumpta from stdin...
Read dumpta from stdin at 0 bytes
Attempting exploit with buf of length 0
Error loading source file: No such file or directory
Error dirtycowing, trying again...
Attempting exploit with buf of length 0
Error loading source file: No such file or directory
Error dirtycowing, trying again...
Attempting exploit with buf of length 0
Error loading source file: No such file or directory
Error dirtycowing, trying again...
Attempting exploit with buf of length 0
Error loading source file: No such file or directory
Error dirtycowing, trying again...
Attempting exploit with buf of length 0
Error loading source file: No such file or directory
Error dirtycowing, trying again...
Attempting exploit with buf of length 0
Error loading source file: No such file or directory
Error dirtycowing, trying again...
Attempting exploit with buf of length 0
Error loading source file: No such file or directory
Error dirtycowing, trying again...
Attempting exploit with buf of length 0
Error loading source file: No such file or directory
Error dirtycowing, trying again...
Attempting exploit with buf of length 0
Error loading source file: No such file or directory
Error dirtycowing, trying again...
Attempting exploit with buf of length 0
Error loading source file: No such file or directory
Error dirtycowing, trying again...
Dumped TA as TA_D6633_CB5A25TMFR_20171203-1843.img
File: /data/local/tmp/TA_D6633_CB5A25TMFR_20171203-1843.img with size: 0x0 is not a valid dump!
Sorry trim area dump is corupted and not a safe, please try again!
Pulling image
remote object '/data/local/tmp/TA_D6633_CB5A25TMFR_20171203-1843.img' does not exist
Cleaning up
TA Backup Failed!! Please reboot and try again.
NOTE: If you are running Android Nougat, you need to downgrade to use this tool.
$

The solution was to update to Android 6.0.1
$ adb shell getprop ro.build.description
D6633-user 6.0.1 23.5.A.1.291 2769308465 release-keys
$ adb shell cat /proc/version
Linux version 3.4.0-perf-gc14c2d5 ([email protected]) (gcc version 4.9.x-google 20140827 (prerelease) (GCC) ) #1 SMP PREEMPT Tue Jun 28 11:15:51 2016
Now the backupTA_v2 workes.
Meanwhile I found out that backupTA.sh leaves two files (particularly dumpta and checkta) on the device:
Code:
echo "Cleaning up"
adb shell "rm -f /data/local/tmp/dirtycow /data/local/tmp/run-as /data/local/tmp/exploitta /sdcard/dumpta /data/local/tmp/backupTA.sh"
If you think that this information worth mentioning, please copy it to TA Backup v2 thread, cause I still can not

Related

[Q] Problems booting kernel

Hi, hopefully this is the correct place to post this.
I´m developing a device on a beagleboard and have some problems starting the kernel.
I´m using yaffs2 as root filesystem and the version of the kernel is 2.6.29.
We have the latest yaffs2 code compiled into the kernel, not from googles kernel but from yaffs git sources.
We come so far as it has finished uncompressing the kernel and tried booting it but after that it freezes without no output what so ever.
The uBoot enviroment is as following:
OMAP3_Kajsa # printenv
bootdelay=10
baudrate=115200
loadaddr=0x82000000
usbtty=cdc_acm
console=ttyS0,115200n8
loadbootscript=fatload mmc 0 ${loadaddr} boot.scr
bootscript=echo Running bootscript from mmc ...; source ${loadaddr}
loaduimage=fatload mmc 0 ${loadaddr} uImage
netmask=255.255.255.0
gatewayip=192.168.0.99
dieid#=1d5a0004000000000403643203019007
ethact=smc911x-0
ethaddr=00:11:22:33:44:55
ipaddr=10.0.0.2
serverip=10.0.0.1
echo=Booting from nand ...
nandargs=console=ttyS0,115200n8 root=/dev/mtdblock4 opamfb.mode=lcd vram=32M omapfb.vram=0:8M rdinit=/init rootwait rootfstype=yaffs2
nandboot=echo Booting from NAND...; nand read ${loadaddr} 280000 400000; bootm ${loadaddr}
bootfile=uMulti-2
bootargs=console=ttyS0,115200n8 root=/dev/mtdblock4 rw opamfb.mode=lcd vram=32M omapfb.vram=0:8M init=/init rootwait rootfstype=yaffs2
stdin=serial
stdout=serial
stderr=serial
Environment size: 1175/131068 bytes
And the output when we start to boot the kernel is:
OMAP3_Kajsa # set ethaddr 00:11:22:33:44:55 ; set ipaddr 10.0.0.2 ; set serverip 10.0.0.1 ; tftp 0x82000000 uImage-yaffs
smc911x: detected LAN9220 controller
smc911x: phy initialized
smc911x: MAC 00:11:22:33:44:55
Using smc911x-0 device
TFTP from server 10.0.0.1; our IP address is 10.0.0.2
Filename 'uImage-yaffs'.
Load address: 0x82000000
Loading: T #################################################################
#################################################################
###############################
done
Bytes transferred = 2360952 (240678 hex)
OMAP3_Kajsa # bootm
## Booting kernel from Legacy Image at 82000000 ...
Image Name: Linux-2.6.29-rc3-omap1-gb7a2014-
Image Type: ARM Linux Kernel Image (uncompressed)
Data Size: 2360888 Bytes = 2.3 MB
Load Address: 80008000
Entry Point: 80008000
Verifying Checksum ... OK
Loading Kernel Image ... OK
OK
Starting kernel ...
Uncompressing Linux...................................................................................................................................................... done, booting the kernel.
We have also tried to write the kernel to NAND and booted from there with the same result.
Any input will be appriciated.
Best regards.
Eric

[Q]I can't installCl ockworkMod Recovery

I was trying to install ClockworkMod Recovery I follow the step but for some reason I'm keep getting the following.
Code:
D:\Epic 4g\one.click.clockworkmod2.5.1.0-flasher>adb shell
$ su
su
# remount rw
remount rw
Remounting /system (/dev/stl9) in read/write mode
# exit
exit
$ exit
exit
D:\Epic 4g\one.click.clockworkmod2.5.1.0-flasher>run-try-first
one click installer and Clockworkmod Recovery v2.5.1.0 made by noobnl, skeeters
lint, and koush
Press any key to continue . . .
remove stock recovery patcher
mount: Operation not permitted
rm failed for /system/etc/install-recovery.sh, No such file or directory
rm failed for /system/recovery-from-boot.p, No such file or directory
copy kernel and flasher
1509 KB/s (0 bytes in 313888.000s)
2458 KB/s (0 bytes in 5820868.002s)flashing kernel
RedBend Update Agent 6,1,14,1
FOTA : Make Block Device Nodes
lcd_init(498): start!
lcd_init(507): fb0 open success
lcd_init(514): width = 480, height = 800
open device file: Permission denied
bmldevice_get_size: bmldevice_open failed!src: /sdcard/zImage
dst: /dev/block/bml8 partition size: 0x0
part_size: 0x0
reboot: Operation not permitted
wait 60 second
cleanup
rm failed for /data/local/tmp/rageagainstthecage-arm5.bin, No such file or direc
tory
rm failed for /data/local/root.sh, No such file or directory
done
Press any key to continue . . .
I've searched other thread someone did post the same issue but all they ask was "did you remount as rw?" or "Make sure your looking at your phone, superuser will ask you permission to for the process to run as root"
I did remount as rw and no superuser did not ask me anything during the install.
What should I do?
Please help!
Thank you

[TOOL] rkflashtool for Linux and rk2808, rk2818 and rk2918 based tablets

Hi,
Because I don't run Windows nor NetBSD, I rewrote rkflash from scratch with the use of libusb-1.0, so you can now read and write your rk2818-based tablet's flash memory under Linux (also w/o the need to root your tablet). Credit for reverse-engineering the protocol goes to the original author of rkflash (see source).
Small guide
- unzip the file
- compile
Linux (Debian, Ubuntu, ...)
Code:
sudo apt-get install libusb-1.0-0-dev
gcc -o rkflashtool rkflashtool.c -lusb-1.0 -O2 -W -Wall -s
Mac OS X (thanks to surfer63, binary here)
Code:
sudo port install libusb
gcc -I/opt/local/include -I/opt/local/include/libusb-1.0 \
-L/opt/local/lib -o rkflashtool rkflashtool.c -lusb-1.0 -O2 -W -Wall
Preparation
- powerdown your tablet
- disconnect all cables
To get into flash mode differs for many tablets. Google around or use trial and error
- insert the USB cable in computer
- hold vol+ (or put on/off/locked-switch in the locked position)
- insert the other end of your cable in the tablet
- wait a few seconds
- release vol+
Now if you run lsusb, the following line should appear:
Bus 001 Device 044: ID 2207:281a (290a for rk2918 based tablets)
Bus and device number may be different. The screen of your tablet stays black.
The USB device must be readable and writable for the user running rkflashtool. If that's not the case, you'll see an error like this:
Code:
$ ./rkflashtool b
libusb couldn't open USB device /dev/bus/usb/001/048: Permission denied.
libusb requires write access to USB device nodes.
rkflashtool: fatal: cannot open device
This can be fixed in several ways (chmod, run as root, udev rules) but that's beyond the scope of this posting. For now, chmod 666 the device mentioned in the error message.
Usage of rkflashtool
Code:
$ ./rkflashtool
rkflashtool: fatal: usage:
rkflashtool b reboot device
rkflashtool r offset size >file read flash
rkflashtool w offset size <file write flash
offset and size are in units of 512 bytes
On my tablet, the boot partition starts at offset 0x8000 (in blocks of 512 bytes)
Its size is 0x2000 blocks
To backup the partition, issue:
Code:
$ ./rkflashtool r 0x8000 0x2000 >boot.img.backup
rkflashtool: info: interface claimed
rkflashtool: info: reading flash memory at offset 0x00008000
rkflashtool: info: reading flash memory at offset 0x00008020
.......
rkflashtool: info: reading flash memory at offset 0x00009fe0
To write a new boot.img or an old backup back to the device:
Code:
$ ./rkflashtool w 0x8000 0x2000 <boot.img.backup
rkflashtool: info: interface claimed
rkflashtool: info: writing flash memory at offset 0x00008000
rkflashtool: info: writing flash memory at offset 0x00008020
.......
rkflashtool: info: writing flash memory at offset 0x00009fe0
You can find a list of all partitions of your tablet in the HWDEF file, which is inside the update.img for your tablet. If no such file is available, you can also look at /proc/cmdline on a running device (either through adb or a terminal app running on the device itself). Depending on the tablet, you might need root access to view /proc/cmdline. Another option is dumping the first 0x2000 blocks of nand flash by issuing rkflashtool r 0x0000 0x2000 >parm. View the file with hexedit, xxd, or a similar program. The kernel parameters contain a description of several mtd partitions (sizes and offsets).
After reading and writing at will, you can reboot your tablet by issuing
./rkflashtool b
Note that if your tablet has an on/off/locked-switch and it is still in the locked position, rebooting won't work.
If the file you are writing is smaller than the specified size, the rest is padded with zeroes. If it's bigger, it will be truncated. This is different from rkflash, which will overwrite blocks beyond the partition size.
rkflashtool does not support flashing a new bootloader directly.
If you have a different tablet, please try rkflashtool b and r first before flashing (w) something new.
Standard DISCLAIMER with regard to bricking your tablet applies.
Enjoy!
EDIT: better build instructions, clean up text
EDIT2: works on rk2918 tablets too (tested on Arnova 7 G2) if you change the USB product id from 0x281a to 0x290a before compilation
EDIT3: released version 2 of rkflashtool. now supports rk2918 tablets out of the box. if it doesn't find one, it falls back to rk2808/rk2818. also, updated the wording a bit.
EDIT4: new mac osx binary
EDIT5: more ways to find offsets and sizes of partitions on your tablet
EDIT6: small emphasis changes above and...
version 1 is here ONLY for archival purposes or if version 2 does not work on your rk28xx tablet. In all other cases, you need to download rkflashtool-v2.zip
Thanks a lot for this flash tool. I'm on MacOSX and Ubuntu and don't have Windows either. I tried the original rkflash as well but couldn't get it to work. On my Ubuntu boxes your rkflashtool compiles and works fine.
My Archos 7 HT V2 presents itself also as:
Code:
Bus 002 Device 004: ID 2207:281a
Reading partitions works fine and so does writing.
I did a quick modification of a system.img (left some files out) of my custom froyo rom and wrote it to my tablet.
That works fine. As /data is a separate partition I even have all my downloaded apps, data, settings, etc. This makes modifying a new rom much faster then building a complete update.img, flashing it, restore some data and then start testing.
Nice work.
great! finally I can remove one line from my todo list
thank you!
EDIT:
random notes (I don't see your code yet so it may be fixed, then sorry)
* I always specify b(reboot) for rk2818 tablets with my rkflash because it hanged easily if I try to write multiple times without b
* parameter file need to be converted with rkcrc -p. official RKAndroid tools flashed it 5 times with offsets. (read & check 1st 0x0-0x2000 block)
* I logged how to update bootloader, but it's complicated and I could not understand probably bootloader can be updated via misc partition. see update-script in update.img. (but not recommended/no reason to do it)
EDIT2:
there is libusb for Windows and OS X. rkflashtool may work on them.
on Windows, there is RKAndroidTool.exe (not batchupgrade). but "read" function in rkflash/rkflashtool may be useful on some case on Windows
Good to hear it works for others, too! I have not had a hanging tablet after several writes in one session, but this might depend on the tablet.
Thanks for mentioning that it should also work on other platforms supported by libusb. I'd forgotten to do that.
About using update.img to flash a new bootloader, this can be done, but if you brick the tablet by flashing a wrong/faulty bootloader, you can only unbrick it with the Windows tools
Which leads me to the question: could you send me the snooped log of updating the bootloader? Two people see more than one and perhaps we can eventually manage to do this through libusb too.
ivop said:
About using update.img to flash a new bootloader, this can be done, but if you brick the tablet by flashing a wrong/faulty bootloader, you can only unbrick it with the Windows tools
Click to expand...
Click to collapse
probably you also need a needle to short pins of NAND chip
so I don't recommend to flash bootloader
ivop said:
Which leads me to the question: could you send me the snooped log of updating the bootloader? Two people see more than one and perhaps we can eventually manage to do this through libusb too.
Click to expand...
Click to collapse
I made that log several months ago with another windows machine which is not used lately. I'm not sure log is still exist... if I find it, I'll send it to you (but please don't expect)
probably you may also get log on Windows on VM on Linux. it seems VMware has log function (refer http://vusb-analyzer.sourceforge.net/tutorial.html) or there is "usbmon" function in Linux.
actually I didn't try this way myself so it may be wrong, sorry.
I've tryed a couple of firmwares, cooking my own.
Every time after flashing, tablet shows boot animation and after few seconds display becomes dark.
My investigation led me to following:
Log shows:
Code:
ERROR/Lights(865): write_int failed to open /sys/class/backlight/rk28_button_light/brightness
in /sys/class/backlight I found symlink (rk28_bl):
rk28_bl -> ../../devices/platform/rk28_backlight/backlight/rk28_bl
Shouldn't be there another symlink named r28_button_light ?
I'm using MANTA MID001 from Poland.
fun_ said:
EDIT2:
there is libusb for Windows and OS X. rkflashtool may work on them.
Click to expand...
Click to collapse
ivop said:
Good to hear it works for others, too! I have not had a hanging tablet after several writes in one session, but this might depend on the tablet.
Click to expand...
Click to collapse
I did a couple of successive writes as well from ubuntu.
ivop said:
Thanks for mentioning that it should also work on other platforms supported by libusb. I'd forgotten to do that.
Click to expand...
Click to collapse
My main platform is OSX and I immediately added libusb. So far I have not been able to compile rkflashtool despite declaring all kind of CFLAGS, CXXFLAGS and/or LDFLAGS.
Trying a little bit more.
Could you post the compiler warnings/errors here? I might be able to help out.
ivop said:
Could you post the compiler warnings/errors here? I might be able to help out.
Click to expand...
Click to collapse
I managed to compile it. It took a lot of hurdles. I used the build environment I also use for Hugin for which I'm the OSX maintainer.
I now built a single combined 32/64bit (i386/x86_64) rkflashtool that will run on 10.4.x/10.5.x/10.6.x/10.7.x (building multi-architecture, multi-version binaries/libraries in one binary/library is possible on OSX. I'm not going to explain that here but it's a feature of OSX).
The compiled version is attached. You can also attach it to your first post if you like.
It works fine. I did some reading/writing of images without issues.
If you are on OSX and have macports installed, you can do the following to build rkflashtool.
Install libusb from Macports:
Code:
sudo port install libusb
cd into the folder where your rkflashtool.c is is and run the following command:
Code:
gcc -I/opt/local/include -I/opt/local/include/libusb-1.0 \
-L/opt/local/lib -o rkflashtool rkflashtool.c -lusb-1.0 -W -Wall
This will build rkflashtool for your native environment (OSX version, hardware and config).
--- removed the rest of the post as well as the attachments. He/She who is interested in building a complete universal distributable rkflashtool can ask via this thread ---
UPDATE: Works on rk2918 tablet too
Yesterday I have tested the tool on an Arnova 7 G2 tablet, which has an rk2918 CPU. If you change the ProductID before compilation, like this:
... libusb_open_device_with_vid_pid(c, 0x2207, 0x281a) ...
to
... libusb_open_device_with_vid_pid(c, 0x2207, 0x290a) ...
it'll work, except for rebooting the device if the tablet is still locked. To boot the tablet in bootloader mode, turn off the tablet completely, put the on/off-switch in the locked position and connect it to your computer. It should be visible now with lsusb. For further instructions, see first post. I advise dumping the first 0x2000 blocks at offset 0x0000 first as this contains the parameter block in which you can see where each partition starts and how big it is.
ivop said:
UPDATE: Works on rk2918 tablet too
Yesterday I have tested the tool on an Arnova 7 G2 tablet, which has an rk2918 CPU. If you change the ProductID before compilation, like this:
... libusb_open_device_with_vid_pid(c, 0x2207, 0x281a) ...
to
... libusb_open_device_with_vid_pid(c, 0x2207, 0x290a) ...
Click to expand...
Click to collapse
Feature request :
I's nice but could you also make it a startup option, like the b,r,w options, with an if-else option in the source code? Something like (RK)2818 and (RK)2918 and maybe even for the older ones: (RK)2808.
In that case you only need one binary. Users who are going to use the tool will definitely know what CPU they have.
surfer63 said:
Feature request :
I's nice but could you also make it a startup option, like the b,r,w options, with an if-else option in the source code? Something like (RK)2818 and (RK)2918 and maybe even for the older ones: (RK)2808.
In that case you only need one binary. Users who are going to use the tool will definitely know what CPU they have.
Click to expand...
Click to collapse
I released a new version and updated the first post. It now tries to connect to an rk2918 tablet and if it doesn't find one, it falls back to rk2818.
The V2 version works fine too on MacOSX. The compilation is still the same for a "my machine only" version.
I compiled a universal Intel 32bit/64bit 10.4/10.5/10.6/10.7 V2 version as well.
See attached.
Note: I don't have a RK2918 so I can only test for a RK2818 tablet.
Hi,
Thanks for your thread it's very intersting.
I succeed flashing my boot partition with your tool but I don't success in remount,rw my system partition. It's cramFS and in init.rk28board.rc you can see those line :
Code:
# Mount /system rw first to give the filesystem a chance to save a checkpoint
mount cramfs [email protected] /system
mount cramfs [email protected] /system ro remount
I tried everything like replacing ro by rw, deleting the second line but my system stills in ReadOnly, don't understand why. I also tried deleting those lines to test if my flash process works properly and it's worked... So I'm lost. Any idea ?
----
Other thing, if I want to do same as flashing boot partition but with system partition is it possible with the same process ? Unfortunately I don't know the beginning offset of the partition. I don't know where to find HWDEF file. The size of partition is 00038000 (hex) bytes => 229376 (dec) bytes
Here is my /proc/mtd :
Code:
dev: size erasesize name
mtd0: 00002000 00000010 "misc"
mtd1: 00004000 00000010 "kernel"
mtd2: 00002000 00000010 "boot"
mtd3: 00004000 00000010 "recovery"
mtd4: 00038000 00000010 "system"
mtd5: 0003a000 00000010 "backup"
mtd6: 0003a000 00000010 "cache"
mtd7: 00080000 00000010 "userdata"
mtd8: 00534000 00000010 "user"
mtd9: 00020000 00000010 "pagecache"
mtd10: 00020000 00000010 "swap"
Thank you for your great job
My problem is solved. I was searching for a while but ivop gave the answer in a previous post
I advise dumping the first 0x2000 blocks at offset 0x0000 first as this contains the parameter block in which you can see where each partition starts and how big it is.
Click to expand...
Click to collapse
So I did it, after I opened an Hex Editor like GHex on Ubuntu and I can saw this :
Code:
[email protected](misc),
[email protected](kernel),
[email protected](boot),
[email protected](recovery),
[email protected](system),
[email protected](backup),
[email protected](cache),
[email protected](userdata),
[email protected](user)
So system partition starts at E000 and has a length of 38000 (hex) bytes.
Thanks for your help this thread is now in my bookmarks
And really nice job with this flashtool
I pushed latest my rkutils to https://github.com/naobsd/rkutils
rkunpack can unpack RKFW image used in RK2918 ROM, RKAF image (update.img), KRNL/PARM image used in some single partition image. unpack will be done recursively.
rkcrc can make KRNL/PARM images with -k/-p.
rkafpack can make RKAF image. (I need to write docs/howtos...)
little off-topic,
latest RK2918 ROMs which is based on "SDK2.0", new format for boot.img/recovery.img is introduced. it's almost same as common boot.img format for android. unpackbootimg/mkbootimg can be used to unpack/repack it with one exception...
there is SHA1 hash value in header of boot.img (offset 0x240 bytes). Rockchip changes it by some unknown way. normal mkbootimg can't generate same hash value as Rockchip, so we can't make custom boot.img with new format
fortunately, we can split new boot.img, and we can make separate kernel.img and boot.img(ramdisk) like as pre-SDK2.0 RK2918 ROMs, which is loadable with new bootloader in SDK2.0 ROMs.
--
btw I just found interesting one: https://github.com/jhonxie/rk2918_tools
relsyou said:
My problem is solved. I was searching for a while but ivop gave the answer in a previous post
So I did it, after I opened an Hex Editor like GHex on Ubuntu and I can saw this :
Code:
[email protected](misc),
[email protected](kernel),
[email protected](boot),
[email protected](recovery),
[email protected](system),
[email protected](backup),
[email protected](cache),
[email protected](userdata),
[email protected](user)
So system partition starts at E000 and has a length of 38000 (hex) bytes.
Thanks for your help this thread is now in my bookmarks
And really nice job with this flashtool
Click to expand...
Click to collapse
I'll add that to my first post. Also, you can view /proc/cmdline to see a list of partitions. It's part of the kernel command line.
Note that the lengths are not in bytes but in blocks of 512 bytes. This happens to be the same as the requirements of the rkflashtool btw (length in blocks).
As for having a writable system partition, currently the system partition is cramfs which cannot be written to. Ever. If you want a writable system partition, you need to change it to ext3 for example. That means unpacking fun_'s system.img and recreating it as an ext3 partition.
In short:
Unpack cramfs img with cramfsck -x (as root, so you preserve permissions and uid/gid)
Create an empty file the size of your system partition (dd if=/dev/null of=fubar.img bs=512 count=...... et cetera, do the math)
mkfs.ext3 fubar.img
mount -o loop fubar.img /someplacemountable
copy contents of old image to /someplacemountable (use cp -a to preserve ownership etc)
umount
flash fubar.img to system partition
change init.rk28board.rc to reflect the changes
reflash boot.img
reboot device
This is untested, but should work in theory.
Another option is to keep the system partition read-only and use unionfs to overlay a writable partition. I'm not sure if this can be a file on your userdata partition mounted with -o loop, but I suppose it can. This depends on your kernel having unionfs and loopback support though.
fun_ said:
I pushed latest my rkutils to https://github.com/naobsd/rkutils
Click to expand...
Click to collapse
Nice! I was thinking about creating an rkpack(tool ) myself, but I see it's not necessary anymore.
here is an example for rkafpack
Code:
$ rkunpack N3NET-2.3-20110722.img
[COLOR="Red"][B]FIRMWARE_VER:1.0.0[/B][/COLOR]
[COLOR="Red"][B]MACHINE_MODEL:rk2818sdk[/B][/COLOR]
MACHINE_ID:
[COLOR="Red"][B]MANUFACTURER:rock-chips[/B][/COLOR]
unpacking 12 files
-------------------------------------------------------------------------------
00000800-00000fff [COLOR="Red"][B]HWDEF:HWDEF[/B][/COLOR] 797 bytes
00001000-000017ff [COLOR="Red"][B]package-file:package-file[/B][/COLOR] 532 bytes
00001800-00021fff [COLOR="Red"][B]bootloader:RK28xxLoader(L).bin[/B][/COLOR] 131700 bytes
00022000-000227ff [COLOR="Red"][B]parameter:parameter:[email protected][/B][/COLOR] 506 bytes
00022800-0002e7ff [COLOR="Red"][B]misc:Image/misc.img:[email protected][/B][/COLOR] 49152 bytes
0002e800-0066bfff [COLOR="Red"][B]kernel:Image/kernel.img:[email protected][/B][/COLOR] 6541946 bytes
0066c000-006947ff [COLOR="Red"][B]boot:Image/boot.img:[email protected][/B][/COLOR] 163844 bytes
00694800-008e8fff [COLOR="Red"][B]recovery:Image/recovery.img:[email protected][/B][/COLOR] 2441220 bytes
008e9000-085fc7ff [COLOR="Red"][B]system:Image/system.img:[email protected][/B][/COLOR] 131149828 bytes
----------------- [COLOR="Red"][B]backup:SELF:[email protected][/B][/COLOR] (N3NET-2.3-20110722.img) 140498948 bytes
085fc800-085fcfff [COLOR="Red"][COLOR="Red"][B]update-script:update-script[/B][/COLOR][/COLOR] 1294 bytes
085fd000-085fd7ff [COLOR="Red"][B]recover-script:recover-script[/B][/COLOR] 266 bytes
-------------------------------------------------------------------------------
unpacked
$ rkafpack \
[COLOR="Red"][B]FIRMWARE_VER:1.0.0[/B][/COLOR] \
[COLOR="Red"][B]MACHINE_MODEL:rk2818sdk[/B][/COLOR] \
[COLOR="Red"][B]MANUFACTURER:rock-chips[/B][/COLOR] \
[COLOR="Red"][B]HWDEF:HWDEF[/B][/COLOR] \
[COLOR="Red"][B]package-file:package-file[/B][/COLOR] \
'[COLOR="Red"][B]bootloader:RK28xxLoader(L).bin[/B][/COLOR]' \
[COLOR="Red"][B]parameter:parameter:[email protected][/B][/COLOR] \
[COLOR="Red"][B]misc:Image/misc.img:[email protected][/B][/COLOR] \
[COLOR="Red"][B][B]kernel:Image/kernel.img:[email protected][/B][/B][/COLOR] \
[COLOR="Red"][B]boot:Image/boot.img:[email protected][/B][/COLOR] \
[COLOR="Red"][B]recovery:Image/recovery.img:[email protected][/B][/COLOR] \
[COLOR="Red"][B]system:Image/system.img:[email protected][/B][/COLOR] \
[COLOR="Red"][B]backup:SELF:[email protected][/B][/COLOR] \
[COLOR="Red"][B]update-script:update-script[/B][/COLOR] \
[COLOR="Red"][B]recover-script:recover-script[/B][/COLOR] \
> new.img
$ sha1sum N3NET-2.3-20110722.img new.img
e758a6c47dca7f09f0b8a82ad89b0cd7c7c8e826 N3NET-2.3-20110722.img
e758a6c47dca7f09f0b8a82ad89b0cd7c7c8e826 new.img
some values are empty in RK2818 ROM.
--
here is how to make RKFW image
Code:
$ rkunpack N50-2.3-20111103-ZZ-SDK2.0.img
VERSION:2.0.3
unpacking
00000000-00000065 N50-2.3-20111103-ZZ-SDK2.0.img-HEAD 102 bytes
00000066-00022623 N50-2.3-20111103-ZZ-SDK2.0.img-BOOT 140734 bytes
00022624-0c342627 update.img 204603396 bytes
unpacking update.img
================================================================================
FIRMWARE_VER:0.2.3
MACHINE_MODEL:rk29sdk
MACHINE_ID:007
MANUFACTURER:RK29SDK
unpacking 10 files
-------------------------------------------------------------------------------
00000800-00000fff package-file:package-file 540 bytes
00001000-000237ff bootloader:RK29xxLoader(L)_V2.08.bin 140734 bytes
00023800-00023fff parameter:parameter:[email protected] 610 bytes
00024000-0002ffff misc:Image/misc.img:[email protected] 49152 bytes
00030000-006a3fff boot:Image/boot.img:[email protected] 6766592 bytes
006a4000-01167fff recovery:Image/recovery.img:[email protected] 11288576 bytes
01168000-0c31efff system:Image/system.img:[email protected] 186346496 bytes
----------------- backup:SELF:[email protected] (update.img) 204603396 bytes
0c31f000-0c31f7ff update-script:update-script 933 bytes
0c31f800-0c31ffff recover-script:recover-script 266 bytes
-------------------------------------------------------------------------------
================================================================================
00022624-0c342627 N50-2.3-20111103-ZZ-SDK2.0.img-MD5 32 bytes
unpacked
$ cat N50-2.3-20111103-ZZ-SDK2.0.img-HEAD N50-2.3-20111103-ZZ-SDK2.0.img-BOOT update.img > new.img
$ md5sum new.img
[COLOR="Red"][B]5191abc65649eacf8d2476e37d84a046[/B][/COLOR] new.img
$ cat N50-2.3-20111103-ZZ-SDK2.0.img-MD5
5191abc65649eacf8d2476e37d84a046
$ echo -n [COLOR="Red"][B]5191abc65649eacf8d2476e37d84a046[/B][/COLOR] >> new.img
$ sha1sum N50-2.3-20111103-ZZ-SDK2.0.img new.img
3120b13df8886e0ddfae0e35379443c27c925572 N50-2.3-20111103-ZZ-SDK2.0.img
3120b13df8886e0ddfae0e35379443c27c925572 new.img

[Q] Error when try downgrade htc legend

Hello,
I try to downgrade my htc legend with this tutor : http://forum.xda-developers.com/showthread.php?t=725430
But i get the next line :
cr--rw---- 1 1001 2002 90, 0 Jan 13 21:11 /dev/mtd/mtd0
how can i fix this?
Hello,
I just whiped my phone but still :
Microsoft Windows [versie 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. Alle rechten voorbehouden.
C:\Users\Administrator\Desktop\android-sdk-windows\platform-tools>crackin.bat
"Copying tools"
adb server is out of date. killing...
* daemon started successfully *
1619 KB/s (698452 bytes in 0.421s)
1190 KB/s (76044 bytes in 0.062s)
1641 KB/s (655360 bytes in 0.390s)
"Freeing primary PERM linker"
rm failed for /data/DxDrm/fuse/*, No such file or directory
rm failed for /data/DxDrm/fuse, No such file or directory
rmdir failed for /data/DxDrm/fuse/, No such file or directory
cannot create /data/DxDrm/fuse: directory nonexistent
Unable to chmod /data/DxDrm/fuse: No such file or directory
"Freeing secondary PERM linker"
rmdir failed for /data/DxDrm/fuse/, No such file or directory
rmdir failed for /data/DxDrm, No such file or directory
link failed Permission denied
"Rebooting to normal mode to unlock CHMOD links"
rmdir failed for /data/dontpanic, Permission denied
rm failed for /data/DxDrm, No such file or directory
link failed File exists
link failed Permission denied
"Rebooting to normal mode to downgrade ROM"
/dev/mtd/mtd0: Permission denied
cr--rw---- 1 1001 2002 90, 0 Jan 14 00:51 /dev/mtd/mtd0
error writing misc: Permission denied
"Freeing links"
rm failed for /data/DxDrm, No such file or directory
rm failed for /data/dontpanic, Permission denied
What to do ?
mij boot loader is 1.01
You missed a step or something that's why it says no file or directory,make sure files where pushed into the Data folder
adb shell
cd data
ls
and you should see the dxdrm
Hello,
If i do that i get this :
C:\androidSDK\tools>adb shell
$ cd data
cd data
$ ls
ls
opendir failed, Permission denied
edit :
I finaly managed to roll back to 2.1 what to do now ?
Code:
C:\androidSDK\tools>crackin.bat
"Copying tools"
1256 KB/s (698452 bytes in 0.543s)
589 KB/s (76044 bytes in 0.126s)
1155 KB/s (655360 bytes in 0.554s)
"Freeing primary PERM linker"
rm failed for /data/DxDrm/fuse/*, No such file or directory
rm failed for /data/DxDrm/fuse, Is a directory
"Freeing secondary PERM linker"
rmdir failed for /data/DxDrm/fuse/, Not a directory
rmdir failed for /data/DxDrm, Directory not empty
link failed File exists
"Rebooting to normal mode to unlock CHMOD links"
rmdir failed for /data/dontpanic, Permission denied
rm failed for /data/DxDrm, Permission denied
link failed File exists
link failed File exists
"Rebooting to normal mode to downgrade ROM"
crwxrwxrwx 1 1001 2002 90, 0 Jan 14 19:25 /dev/mtd/mtd0
"Freeing links"
rm failed for /data/DxDrm, Permission denied
rm failed for /data/dontpanic, Permission denied
I Did this whit RUU Legend
but can i root now?
RUU say's i have : image version : 1.31.405.5
edit : r4-lagend-root keeps on : writing "zip"
question to ericosman
ericosman how did you managed to fix the cr--rw---- 1 1001 2002 90, 0 Jan 13 21:11 /dev/mtd/mtd0 part and get it right? iv been working on it for so long i have no idea how to fix it and cant downgrade

[GUIDE][Build|Mod|Update][kernel-ranchu][goldfish][5.4][5.10][GKI][ramdisk.img][modules][rootAVD][Android 11(R) 12(S)][AVD][Google Play Store API]

Hello Fellows,
with this Guide I would like to show you a much more easier and reliable way,
on how to build, mod and update your AVDs Kernel with its modules.
By using the official AOSP Build ENV.
The "classic" guide will remain at the end of this thread within a spoiler.
The Development Environment:
Apple Macbook Pro 2015 Dualboot
Linux Mint 19
Android Studio 4.1.3 (Mac OS/Darwin)
Android emulator version 30.5.4.0 (build_id 7243153)
Android SDK Platform-Tools (revision: 31.0.2)
AVDs:
Android 10 (Q) API 29 Google Apis Play Store x86_64 r08 Darwin/MacOS Production Build
Kernel 4.14.112+ -> 4.14.175
Android 11 (R) API 30 Google Apis Play Store x86_64 r10 Darwin/MacOS Production Build
Kernel 5.4.61 -> 5.4.113
Android 12 (S) API 30 Google Apis Play Store x86_64 r02 Darwin/MacOS Production Build
Kernel 5.10.15 -> 5.10.31
rootAVD - To install Magisk and the Kernels Modules into the ramdisk.img
Spoiler: dependencies and repo
Bash:
#############################################|#############################################
###### Build an AVD Kernel and its Ramdisk Modules ######
###### with the official AOSP Build ENV ######
#############################################|#############################################
#############################################|#############################################
###### Install build dependencies, libs and tools ######
#############################################|#############################################
sudo apt-get install -y build-essential libssl-dev kernel-package libncurses5-dev bzip2 \
lib32z1 bison flex libelf-dev qt5-default qttools5-dev-tools qttools5-dev meld geany \
gtk+-2.0 libgtk-3-dev libwebkit2gtk-4.0-dev autogen libgtk2.0-dev libglade2-dev
#############################################|#############################################
###### Get the AOSP repo bin ######
#############################################|#############################################
sudo wget https://storage.googleapis.com/git-repo-downloads/repo -O /usr/bin/repo
sudo chmod a+x /usr/bin/repo
Spoiler: Android 10 (Q) Kernel 4.14
Bash:
#############################################|#############################################
##### Android 10 (Q) Kernel 4.14 #####
##### BRANCH=q-goldfish-android-goldfish-4.14-dev #####
#############################################|#############################################
#############################################|#############################################
### Download Sources, Toolchain, Buildtools etc. (approx. 17GB) ###
#############################################|#############################################
BRANCH=q-goldfish-android-goldfish-4.14-dev
ROOTDIR=AVD-kernel-$BRANCH
mkdir $ROOTDIR && cd $ROOTDIR
repo init --depth=1 -u https://android.googlesource.com/kernel/manifest -b $BRANCH
repo sync --force-sync --no-clone-bundle --no-tags -j$(nproc)
#############################################|#############################################
### Make changes and enable features via the Menuconfig ###
### changes will be saved into the gki_defconfig ###
### i.e. USB 3.0, UHCI HCD for USB-Serial Adapters ###
### or USB Block Devices like /dev/block/sda1 ###
### Device Drivers -> USB support -> <*> xHCI HCD (USB 3.0) support ###
### -*- Generic xHCI driver for a platform device ###
### <*> UHCI HCD (most Intel and VIA) support ###
### <*> USB Mass Storage support ###
### <*> USB Attached SCSI ###
#############################################|#############################################
BUILD_CONFIG=goldfish/build.config.goldfish.x86_64 \
build/config.sh
#############################################|#############################################
### 1st run ###
### Building the Kernel (bzImage) ###
#############################################|#############################################
BUILD_CONFIG=goldfish/build.config.goldfish.x86_64 \
SKIP_CP_KERNEL_HDR=1 \
build/build.sh -j$(nproc)
Files copied to /home/newbit/workdir/AVD-kernel-q-goldfish-android-goldfish-4.14-dev/out/x86_64/dist
#############################################|#############################################
### (1+n)th Build run ###
### Building only changes, not everything ###
#############################################|#############################################
BUILD_CONFIG=goldfish/build.config.goldfish.x86_64 \
SKIP_CP_KERNEL_HDR=1 \
SKIP_MRPROPER=1 \
build/build.sh -j$(nproc)
#############################################|#############################################
### Copy bzImage as kernel-ranchu into the AVDs directory ###
#############################################|#############################################
mv ~/path-to-avd-system-images/android-29/kernel-ranchu ~/path-to-avd-system-images/android-29/kernel-ranchu.backup
cp out/x86_64/dist/bzImage ~/path-to-avd-system-images/android-29/kernel-ranchu
#############################################|#############################################
### Install Magisk with the rootAVD script, ###
### download the USB HOST Permissions Module Zip ###
### patch the fstab.ranchu to automount Block Devices like /dev/block/sda1 ###
#############################################|#############################################
./rootAVD.sh ~/Android/Sdk/system-images/android-29/google_apis_playstore/x86_64/ramdisk.img GetUSBHPmodZ PATCHFSTAB
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Spoiler: Android 11 (R) Kernel 5.4
Bash:
#############################################|#############################################
##### Android 11 (R) Kernel 5.4 #####
##### BRANCH=common-android11-5.4-lts #####
#############################################|#############################################
#############################################|#############################################
### Download Sources, Toolchain, Buildtools etc. (approx. 22GB) ###
#############################################|#############################################
BRANCH=common-android11-5.4-lts
ROOTDIR=AVD-kernel-$BRANCH
mkdir $ROOTDIR && cd $ROOTDIR
repo init --depth=1 -u https://android.googlesource.com/kernel/manifest -b $BRANCH
repo sync --force-sync --no-clone-bundle --no-tags -j$(nproc)
#############################################|#############################################
### Preparing and modding the build.config ###
### add these lines to the BUILD_CONFIG file ###
### common-modules/virtual-device/build.config.goldfish.x86_64 ###
#############################################|#############################################
BUILD_INITRAMFS=1
LZ4_RAMDISK=1
SKIP_CP_KERNEL_HDR=1
#############################################|#############################################
### Make changes and enable features via the Menuconfig ###
### changes will be saved into the gki_defconfig ###
### i.e. USB 3.0 or UHCI HCD for USB-Serial Adapters ###
### Device Drivers -> USB support -> <*> xHCI HCD (USB 3.0) support ###
### -*- Generic xHCI driver for a platform device ###
### <*> UHCI HCD (most Intel and VIA) support ###
#############################################|#############################################
BUILD_CONFIG=common-modules/virtual-device/build.config.goldfish.x86_64 \
FRAGMENT_CONFIG=common/arch/x86/configs/gki_defconfig \
build/config.sh
#############################################|#############################################
### 1st run ###
### Building the Modules and Kernel ###
#############################################|#############################################
BUILD_CONFIG=common-modules/virtual-device/build.config.goldfish.x86_64 \
build/build.sh -j$(nproc)
Files copied to ~/workdir/AVD-kernel-common-android11-5.4-lts/out/android11-5.4/dist
#############################################|#############################################
### Copy bzImage & initramfs.img into the rootAVD directory ###
### and run rootAVD ###
#############################################|#############################################
cp out/android11-5.4/dist/initramfs.img ~/rootAVD/
cp out/android11-5.4/dist/bzImage ~/rootAVD/
./rootAVD.sh ~/path-to-avd-system-images/android-30/ramdisk.img InstallKernelModules
[!] Installing new Kernel Modules
[*] Copy initramfs.img /data/data/com.android.shell/Magisk/tmp/initramfs
[-] Extracting Modules from initramfs.img
Detected format: [lz4_legacy]
Decompressing to [initramfs.cpio]
[*] Removing Stock Modules from ramdisk.img
[!] 5.4.61-android11-2-00064-g4271ad6e8ade-ab6991359
[!] Android (6443078 based on r383902)
[-] Installing new Modules into ramdisk.img
[!] 5.4.113-android11-2-g926c4200b8fc-dirty
[!] Android (7211189, based on r416183)
[*] Adjusting modules.load and modules.dep
[*] Repacking ramdisk ..
#############################################|#############################################
### (1+n)th Build run ###
### Building only changes, not everything ###
#############################################|#############################################
BUILD_CONFIG=common-modules/virtual-device/build.config.goldfish.x86_64 \
SKIP_MRPROPER=1 \
build/build.sh -j$(nproc)
#############################################|#############################################
### Copy bzImage as kernel-ranchu into the AVDs directory ###
### Once the modules are installed, just the kernel is needed ###
#############################################|#############################################
cp out/android11-5.4/dist/bzImage ~/path-to-avd-system-images/android-30/kernel-ranchu
Spoiler: Android 12 (S) Kernel 5.10
Bash:
#############################################|#############################################
##### Android 12 (S) Kernel 5.10 #####
##### BRANCH=common-android12-5.10-lts #####
#############################################|#############################################
#############################################|#############################################
### Download Sources, Toolchain, Buildtools etc. (approx. 22GB) ###
#############################################|#############################################
BRANCH=common-android12-5.10-lts
ROOTDIR=AVD-kernel-$BRANCH
mkdir $ROOTDIR && cd $ROOTDIR
repo init --depth=1 -u https://android.googlesource.com/kernel/manifest -b $BRANCH
repo sync --force-sync --no-clone-bundle --no-tags -j$(nproc)
#############################################|#############################################
### Preparing and modding the build.config ###
### add these lines to the BUILD_CONFIG file ###
### common-modules/virtual-device/build.config.virtual_device.x86_64 ###
#############################################|#############################################
SKIP_CP_KERNEL_HDR=1
FILES="
arch/x86/boot/bzImage
vmlinux
System.map
"
MAKE_GOALS="
bzImage
modules
"
#############################################|#############################################
### Open the Menuconfig, make changes and enable features ###
### changes will be saved into the gki_defconfig ###
### i.e. UHCI HCD for USB-Serial Adapters ###
### USB 3.0 is finally standard built in the ranchu-kernel since Android 12 (S) ###
### Device Drivers -> USB support -> <*> UHCI HCD (most Intel and VIA) support ###
#############################################|#############################################
BUILD_CONFIG=common-modules/virtual-device/build.config.virtual_device.x86_64 \
FRAGMENT_CONFIG=common/arch/x86/configs/gki_defconfig \
build/config.sh
#############################################|#############################################
### 1st Build run ###
### Building the modules and kernel ###
#############################################|#############################################
time BUILD_CONFIG=common-modules/virtual-device/build.config.virtual_device.x86_64 \
build/build.sh -j$(nproc)
Files copied to ~/workdir/AVD-kernel-common-android12-5.10-lts/out/android12-5.10/dist
real 33m16,742s
user 79m12,894s
sys 11m33,474s
#############################################|#############################################
### Copy bzImage & initramfs.img into the rootAVD directory ###
### and run rootAVD ###
### the AVD is running with the new Kernel and Modules ###
### complete the Magisk installation with EnvFixTask ###
#############################################|#############################################
cp out/android12-5.10/dist/initramfs.img ~/rootAVD/
cp out/android12-5.10/dist/bzImage ~/rootAVD/
./rootAVD.sh ~/path-to-avd-system-images/android-S/ramdisk.img InstallKernelModules
[!] Installing new Kernel Modules
[*] Copy initramfs.img /data/data/com.android.shell/Magisk/tmp/initramfs
[-] Extracting Modules from initramfs.img
Detected format: [lz4_legacy]
Decompressing to [initramfs.cpio]
[*] Removing Stock Modules from ramdisk.img
[!] 5.10.15-android12-0-00490-gfca78df78ef2-ab7137072
[!] Android (7037181, based on r407598)
[-] Installing new Modules into ramdisk.img
[!] 5.10.31-android12-1-gb0c3c31639b2-dirty
[!] Android (7211189, based on r416183)
[*] Adjusting modules.load and modules.dep
[*] Repacking ramdisk ..
./rootAVD.sh EnvFixTask
#############################################|#############################################
### (1+n)th Build run ###
### Building only changes, not everything ###
#############################################|#############################################
time BUILD_CONFIG=common-modules/virtual-device/build.config.virtual_device.x86_64 \
SKIP_MRPROPER=1 \
build/build.sh -j$(nproc)
#############################################|#############################################
### Copy bzImage as kernel-ranchu into the AVDs directory ###
### Once the modules are installed, just the kernel is needed ###
#############################################|#############################################
cp out/android12-5.10/dist/bzImage ~/path-to-avd-system-images/android-S/kernel-ranchu
Spoiler: "classic" Guide
with this Guide I would like to show some steps on how to build your own Kernel for an Android Studio Device with CLANG.
The Development Environment:
Apple Macbook Pro 2011 Dualboot
Linux Mint 20 Ulyana
Android Studio 4.1.1 (Software Manager)
KVM -> Cosmic (18.10) or later
Android emulator version 30.3.5.0 (build_id 7033400)
Android SDK Platform-Tools (revision: 30.0.5)
AVD: Android 11 (R) API 30 Google Apis Play Store x86_64 Linux Production Build (revision: 10)
Target: Kernel 5.4.61
### Install the following tools to work with and to build the kernel
Bash:
sudo apt-get install -y build-essential libssl-dev kernel-package libncurses5-dev bzip2 lib32z1 bison flex
sudo apt-get install -y libelf-dev libelf-devel or elfutils-libelf-dev
sudo apt-get install -y qt5-default qttools5-dev-tools qttools5-dev
sudo apt-get install -y geany git
### Gathering Informations about the Target Kernel
By starting the AVD over the command line, we can append some kernel and verbose options:
emulator -netdelay none -netspeed full -no-snapstorage -avd Pixel_4_API_30 -show-kernel -verbose
The terminal will show the kernel information which are important:
Code:
[ 0.000000] Linux version 5.4.61-android11-2-00064-g4271ad6e8ade-ab6991359 ([email protected]) (Android (6443078 based on r383902) clang version 11.0.1 (https://android.googlesource.com/toolchain/llvm-project b397f81060ce6d701042b782172ed13bee898b79), LLD 11.0.1 (/buildbot/tmp/tmp6_m7QH b397f81060ce6d701042b782172ed13bee898b79)) #1 SMP PREEMPT Mon Nov 23 17:45:44 UTC 2020
ValueMeaningLinux version 5.4.61​Kernel VERSION.PATCHLEVEL.SUBLEVEL​android11-2​retagged Kernel branch and KMI generation number -> android11-5.4​-g4271ad6e8ade​Local Version String (very important to avoid: disagrees about version of symbol module_layout)​-ab6991359​Automatically append version information to the version string​build-user​KBUILD_BUILD_USER​build-host​KBUILD_BUILD_HOST​Android (6443078 based on r383902) clang version 11.0.1​Android Clang/LLVM Prebuilt Version r383902​
### Gathering more Informations about what is needed to build the kernel
To figure out what we need to build the kernel, one just needs to look into the build.config file inside the kernel source.
https://android.googlesource.com/kernel/common/+/refs/heads/android11-5.4
build.config.gki.x86_64
build.config.common
build.config.x86_64
build.config.gki
Inside the three build.config files we will find what we need to know.
Makefile:
BRANCH=android11-5.4
KMI_GENERATION=2
CC=clang
LD=ld.lld
NM=llvm-nm
OBJCOPY=llvm-objcopy
DEPMOD=depmod
CLANG_PREBUILT_BIN=prebuilts-master/clang/host/linux-x86/clang-r383902/bin
BUILDTOOLS_PREBUILT_BIN=build/build-tools/path/linux-x86
EXTRA_CMDS=''
STOP_SHIP_TRACEPRINTK=1
IN_KERNEL_MODULES=1
DO_NOT_STRIP_MODULES=1
Makefile:
ARCH=x86_64
CLANG_TRIPLE=x86_64-linux-gnu-
CROSS_COMPILE=x86_64-linux-androidkernel-
LINUX_GCC_CROSS_COMPILE_PREBUILTS_BIN=prebuilts/gcc/linux-x86/x86/x86_64-linux-android-4.9/bin
FILES="arch/x86/boot/bzImage
vmlinux
System.map"
Makefile:
DEFCONFIG=gki_defconfig
POST_DEFCONFIG_CMDS="check_defconfig"
Apparently we don't need the build.config.gki
Without further ado, the gathered informations from above will eventually lead up to:
### Download the kernel source, CLANG toolchain, Buildtools and GCC
Bash:
mkdir avdkernel5.4compile && cd avdkernel5.4compile
git clone -b android11-5.4 --single-branch https://android.googlesource.com/kernel/common
mkdir clang-r383902 && cd clang-r383902
wget https://android.googlesource.com/platform/prebuilts/clang/host/linux-x86/+archive/android-11.0.0_r28/clang-r383902.tar.gz
tar -xzf clang-r383902.tar.gz && cd ..
git clone https://android.googlesource.com/kernel/prebuilts/build-tools
git clone \
-b android-11.0.0_r28 \
--single-branch https://android.googlesource.com/platform/prebuilts/gcc/linux-x86/x86/x86_64-linux-android-4.9
### Pull the Kernel .config from the AVD
Bash:
adb pull /proc/config.gz
gunzip -k config.gz
### Exports: (must be done in kernel-source directory)
Bash:
cd common
export ARCH=x86_64
export CLANG_TRIPLE=x86_64-linux-gnu-
export CROSS_COMPILE=x86_64-linux-androidkernel-
export LINUX_GCC_CROSS_COMPILE_PREBUILTS_BIN=$(pwd)/../x86_64-linux-android-4.9/bin
export CLANG_PREBUILT_BIN=$(pwd)/../clang-r383902/bin
export BUILDTOOLS_PREBUILT_BIN=$(pwd)/../build-tools/linux-x86/bin
DEVEXPS="CC=clang LD=ld.lld NM=llvm-nm OBJCOPY=llvm-objcopy DEPMOD=depmod EXTRA_CMDS='' STOP_SHIP_TRACEPRINTK=1 DO_NOT_STRIP_MODULES=1"
export KBUILD_BUILD_USER=build-user
export KBUILD_BUILD_HOST=build-host
export PATH=$LINUX_GCC_CROSS_COMPILE_PREBUILTS_BIN:$CLANG_PREBUILT_BIN:$BUILDTOOLS_PREBUILT_BIN:$PATH
make $DEVEXPS mrproper
cp ../config .config
### add -g4271ad6e8ade to LOCALVERSION -> otherwise modules won't load => module xy disagrees about version of symbol module_layout
Bash:
make $DEVEXPS xconfig
If you come back here later, this is the right place to mod your kernel.
I like the GUI Interface because you have a better overview and a search function.
### build it
Bash:
time make $DEVEXPS -j$(nproc)
### Boot the AVD ...
#### ... from the command line
Bash:
emulator -netdelay none -netspeed full -no-snapstorage -avd Pixel_4_API_30 \
-no-snapshot-load \
-show-kernel \
-verbose \
-ranchu \
-kernel ~/avdkernel5.4compile/common/arch/x86/boot/bzImage
#### ... by replacing the stock kernel-ranchu
Code:
mv ~/Android/Sdk/system-images/android-30/google_apis_playstore/x86_64/kernel-ranchu \
~/Android/Sdk/system-images/android-30/google_apis_playstore/x86_64/kernel-ranchu-backup
cp ~/avdkernel5.4compile/common/arch/x86/boot/bzImage \
~/Android/Sdk/system-images/android-30/google_apis_playstore/x86_64/kernel-ranchu
### Compare the Kernel Verbose Messages
Code:
[ 0.000000] Linux version 5.4.61-g4271ad6e8ade-00014-g158eae717346 ([email protected]) (Android (6443078 based on r383902) clang version 11.0.1 (https://android.googlesource.com/toolchain/llvm-project b397f81060ce6d701042b782172ed13bee898b79), LLD 11.0.1 (/buildbot/tmp/tmp6_m7QH b397f81060ce6d701042b782172ed13bee898b79)) #1 SMP PREEMPT Mon Jan 11 12:58:18 CET 2021
Thanks for reading
Cheers NewBit
Thanks and Credits to @nathanchance, for his wonderful
[REFERENCE] How to compile an Android kernel
brought me a lot of ideas and inspirations
Hello newbit,
I am currently following your guide but when I try to run
Bash:
make $DEVEXPS xconfig
and it resulted in the following error
Bash:
clang: error: no such file or directory: 'LD=ld.lld'
clang: error: no such file or directory: 'NM=llvm-nm'
clang: error: no such file or directory: 'OBJCOPY=llvm-objcopy'
clang: error: no such file or directory: 'DEPMOD=depmod'
clang: error: no such file or directory: 'EXTRA_CMDS='
clang: error: no such file or directory: 'STOP_SHIP_TRACEPRINTK=1'
clang: error: no such file or directory: 'DO_NOT_STRIP_MODULES=1'
clang: error: no such file or directory: 'LD=ld.lld'
clang: error: no such file or directory: 'NM=llvm-nm'
clang: error: no such file or directory: 'OBJCOPY=llvm-objcopy'
clang: error: no such file or directory: 'DEPMOD=depmod'
clang: error: no such file or directory: 'EXTRA_CMDS='
clang: error: no such file or directory: 'STOP_SHIP_TRACEPRINTK=1'
clang: error: no such file or directory: 'DO_NOT_STRIP_MODULES=1'
clang: error: no such file or directory: 'LD=ld.lld'
clang: error: no such file or directory: 'NM=llvm-nm'
clang: error: no such file or directory: 'OBJCOPY=llvm-objcopy'
clang: error: no such file or directory: 'DEPMOD=depmod'
clang: error: no such file or directory: 'EXTRA_CMDS='
clang: error: no such file or directory: 'STOP_SHIP_TRACEPRINTK=1'
clang: error: no such file or directory: 'DO_NOT_STRIP_MODULES=1'
clang: error: no such file or directory: 'LD=ld.lld'
clang: error: no such file or directory: 'NM=llvm-nm'
clang: error: no such file or directory: 'OBJCOPY=llvm-objcopy'
clang: error: no such file or directory: 'DEPMOD=depmod'
clang: error: no such file or directory: 'EXTRA_CMDS='
clang: error: no such file or directory: 'STOP_SHIP_TRACEPRINTK=1'
clang: error: no such file or directory: 'DO_NOT_STRIP_MODULES=1'
clang: error: no such file or directory: 'LD=ld.lld'
clang: error: no such file or directory: 'NM=llvm-nm'
clang: error: no such file or directory: 'OBJCOPY=llvm-objcopy'
clang: error: no such file or directory: 'DEPMOD=depmod'
clang: error: no such file or directory: 'EXTRA_CMDS='
clang: error: no such file or directory: 'STOP_SHIP_TRACEPRINTK=1'
clang: error: no such file or directory: 'DO_NOT_STRIP_MODULES=1'
clang: error: no such file or directory: 'LD=ld.lld'
clang: error: no such file or directory: 'NM=llvm-nm'
clang: error: no such file or directory: 'OBJCOPY=llvm-objcopy'
clang: error: no such file or directory: 'DEPMOD=depmod'
clang: error: no such file or directory: 'EXTRA_CMDS='
clang: error: no such file or directory: 'STOP_SHIP_TRACEPRINTK=1'
clang: error: no such file or directory: 'DO_NOT_STRIP_MODULES=1'
clang: error: no such file or directory: 'LD=ld.lld'
clang: error: no such file or directory: 'NM=llvm-nm'
clang: error: no such file or directory: 'OBJCOPY=llvm-objcopy'
clang: error: no such file or directory: 'DEPMOD=depmod'
clang: error: no such file or directory: 'EXTRA_CMDS='
clang: error: no such file or directory: 'STOP_SHIP_TRACEPRINTK=1'
clang: error: no such file or directory: 'DO_NOT_STRIP_MODULES=1'
clang: error: no such file or directory: 'LD=ld.lld'
clang: error: no such file or directory: 'NM=llvm-nm'
clang: error: no such file or directory: 'OBJCOPY=llvm-objcopy'
clang: error: no such file or directory: 'DEPMOD=depmod'
clang: error: no such file or directory: 'EXTRA_CMDS='
clang: error: no such file or directory: 'STOP_SHIP_TRACEPRINTK=1'
clang: error: no such file or directory: 'DO_NOT_STRIP_MODULES=1'
clang: error: no such file or directory: 'LD=ld.lld'
clang: error: no such file or directory: 'NM=llvm-nm'
clang: error: no such file or directory: 'OBJCOPY=llvm-objcopy'
clang: error: no such file or directory: 'DEPMOD=depmod'
clang: error: no such file or directory: 'EXTRA_CMDS='
clang: error: no such file or directory: 'STOP_SHIP_TRACEPRINTK=1'
clang: error: no such file or directory: 'DO_NOT_STRIP_MODULES=1'
init/Kconfig:34:warning: 'GCC_VERSION': number is invalid
init/Kconfig:45:warning: 'CLANG_VERSION': number is invalid
did you encounter this?
reeferman said:
Hello newbit,
I am currently following your guide but when I try to run
Bash:
make $DEVEXPS xconfig
and it resulted in the following error
Bash:
clang: error: no such file or directory: 'LD=ld.lld'
clang: error: no such file or directory: 'NM=llvm-nm'
clang: error: no such file or directory: 'OBJCOPY=llvm-objcopy'
clang: error: no such file or directory: 'DEPMOD=depmod'
clang: error: no such file or directory: 'EXTRA_CMDS='
clang: error: no such file or directory: 'STOP_SHIP_TRACEPRINTK=1'
clang: error: no such file or directory: 'DO_NOT_STRIP_MODULES=1'
...
init/Kconfig:34:warning: 'GCC_VERSION': number is invalid
init/Kconfig:45:warning: 'CLANG_VERSION': number is invalid
did you encounter this?
Click to expand...
Click to collapse
Hmm, looks weird. No I didn't. Also it is a bit taken out of context. It seems that your $DEVEXPS content gets repeated many times.
Do you have more background infos for me? Like your development environment and If you did change little things? Maybe a typo in the $PATH?
Pretty weird, but I was using kali to do it before and when I switched Linux Mint eveerything worked!
Hi newbit!
Thanks for some great tutorials, unfortunately for me I can't get it to work properly. Hopefully, you're able to help me
I'm trying to build and install a custom kernel in an AOSP built emulator. I've been trying out the "official" guide at https://source.android.com/setup/build/building-kernels#customize-build, your rootAVD guide for Android 11 and the "classic" guide for Android 11. All of the guides give me the same result:
Code:
[ 0.610588] Run /init as init process
[ 0.611985] init: init first stage started!
[ 0.612930] init: Loading module /lib/modules/dummy-cpufreq.ko with args ""
[ 0.613579] dummy_cpufreq: disagrees about version of symbol module_layout
[ 0.614170] init: Failed to insmod '/lib/modules/dummy-cpufreq.ko' with args ''
[ 0.614793] init: LoadWithAliases was unable to load dummy_cpufreq
[ 0.615366] init: [libfs_mgr]ReadFstabFromDt(): failed to read fstab from dt
[ 0.616164] init: Using Android DT directory /proc/device-tree/firmware/android/
[ 0.629196] init: bool android::init::BlockDevInitializer::InitDevices(std::set<std::string>): partition(s) not found in /sys, waiting for their uevent(s): metadata, super, vbmeta
After that, the emulator hangs for a short while and the it reboots to try again..
In your "classic" guide, you're warning about this:
### add -g4271ad6e8ade to LOCALVERSION -> otherwise modules won't load => module xy disagrees about version of symbol module_layout
Click to expand...
Click to collapse
When I checked the version of my running emulator i got this:
Code:
Linux version 5.4.50-01145-g056684c0d252-ab6656030 ([email protected]) (Android (6443078 based on r383902) clang version 11.0.1 (https://android.googlesource.com/toolchain/llvm-project b397f81060ce6d701042b782172ed13bee898b79), LLD 11.0.1 (/buildbot/tmp/tmp6_m7QH b397f81060ce6d701042b782172ed13bee898b79)) #1 SMP PREEMPT Mon Jul 6 18:09:10 UTC 2020
So I used xconfig to add the "-g056684c0d252" string and also made sure to use the r383902 clang toolchain to compile, but no luck.. After compilation and running with the new kernel, I get this version print:
Code:
[ 0.000000] Linux version 5.4.162-g056684c0d252-android11-2-00102-gfe0ed45e42fe-dirty ([email protected]) (Android (6443078 based on r383902) clang version 11.0.1 (https://android.googlesource.com/toolchain/llvm-project b397f81060ce6d701042b782172ed13bee898b79), LLD 11.0.1 (/buildbot/tmp/tmp6_m7QH b397f81060ce6d701042b782172ed13bee898b79)) #1 SMP PREEMPT Fri Nov 26 10:38:38 UTC 2021
Can you see anything obvious from that?
When I tried with rootAVD, I'm getting this output when running the script:
Code:
./rootAVD.sh /aosp/out/target/product/myproduct/ramdisk.img InstallKernelModules
[!] and we are NOT in an emulator shell
[*] Set Directorys
[-] Test if ADB SHELL is working
[-] In any AVD via ADB, you can execute code without root in /data/data/com.android.shell
[-] Magisk installer Zip exists already
[*] Cleaning up the ADB working space
[*] Creating the ADB working space
[*] Push Magisk.zip into /data/data/com.android.shell/Magisk
[-] ./Magisk.zip: 1 file pushed, 0 skipped. 254.4 MB/s (6874374 bytes in 0.026s)
[*] create Backup File of ramdisk.img
[*] Push ramdisk.img into /data/data/com.android.shell/Magisk
[-] /ramdisk.img: 1 file pushed, 0 skipped. 1006.6 MB/s (903723 bytes in 0.001s)
[*] Push initramfs.img into /data/data/com.android.shell/Magisk
[-] ./initramfs.img: 1 file pushed, 0 skipped. 299.9 MB/s (2256062 bytes in 0.007s)
[*] Push rootAVD.sh into /data/data/com.android.shell/Magisk
[-] rootAVD.sh: 1 file pushed, 0 skipped. 243.4 MB/s (7826127 bytes in 0.031s)
[-] run the actually Boot/Ramdisk/Kernel Image Patch Script
[*] from Magisk by topjohnwu and modded by NewBit XDA
[!] We are in an emulator shell
[-] Api Level Arch Detect
[-] Device Platform: x64
[-] ARCH32 x86
[-] Device SDK API: 30
[-] First API Level: 28
[-] Switch to the location of the script file
[*] Extracting busybox and Magisk.zip ...
[-] Checking AVDs Internet connection...
[!] AVD is offline
[*] Re-Run rootAVD in Magisk Busybox STANDALONE (D)ASH
[!] We are in an emulator shell
[-] We are now in Magisk Busybox STANDALONE (D)ASH
[*] rootAVD with Magisk '23.0' Installer
[-] Get Flags
[*] System-as-root, keep dm/avb-verity
[-] Encrypted data, keep forceencrypt
[*] RECOVERYMODE=false
[-] KEEPVERITY=true
[*] KEEPFORCEENCRYPT=true
[*] No 64-Bit Binarys found, please consider Magisk Alpha
[-] copy all x86 files from /data/data/com.android.shell/Magisk/lib/x86 to /data/data/com.android.shell/Magisk
[*] Detecting ramdisk.img compression
[!] Ramdisk.img uses gzip compression
[-] taken from shakalaca's MagiskOnEmulator/process.sh
[*] executing ramdisk splitting / extraction / repacking
[-] API level greater then 30
[*] Check if we need to repack ramdisk before patching ..
[*] After decompressing ramdisk.img, magiskboot will work
Detected format: [gzip]
[-] Test patch status and do restore
[-] Checking ramdisk status
[-] STATUS=0
[-] Stock boot image detected
[-] Patching ramdisk
[*] adding overlay.d/sbin folders to ramdisk
Loading cpio: [ramdisk.cpio]
Create directory [overlay.d] (0750)
Create directory [overlay.d/sbin] (0750)
Dump cpio: [ramdisk.cpio]
[!] PATCHFSTAB=false
[!] Skipping fstab.ranchu patch with /dev/block/sda
[?] If you want fstab.ranchu patched, Call rootAVD with PATCHFSTAB
[!] AddRCscripts=false
[!] Skip adding *.rc scripts into ramdisk.img/sbin/*.rc
[?] If you want *.rc scripts added into ramdisk.img/sbin/*.rc, Call rootAVD with AddRCscripts
[!] patching the ramdisk with Magisk Init
Loading cpio: [ramdisk.cpio]
Add entry [init] (0750)
Add entry [overlay.d/sbin/magisk32.xz] (0644)
Add entry [overlay.d/sbin/magisk64.xz] (0644)
Patch with flag KEEPVERITY=[true] KEEPFORCEENCRYPT=[true]
Loading cpio: [ramdisk.cpio.orig]
Backup mismatch entry: [init] -> [.backup/init]
Record new entry: [overlay.d] -> [.backup/.rmlist]
Record new entry: [overlay.d/sbin] -> [.backup/.rmlist]
Record new entry: [overlay.d/sbin/magisk32.xz] -> [.backup/.rmlist]
Record new entry: [overlay.d/sbin/magisk64.xz] -> [.backup/.rmlist]
Create directory [.backup] (0000)
Add entry [.backup/.magisk] (0000)
Dump cpio: [ramdisk.cpio]
[*] repacking back to ramdisk.img format
[!] Rename Magisk.zip to Magisk.apk
[*] Pull ramdiskpatched4AVD.img into ramdisk.img
[-] /data/data/com.android.shell/Magisk/ramdiskpatched4AVD.img: 1 file pulled, 0 skipped. 294.3 MB/s (1270228 bytes in 0.004s)
[*] Pull Magisk.apk into
[-] /data/data/com.android.shell/Magisk/Magisk.apk: 1 file pulled, 0 skipped. 358.8 MB/s (6342346 bytes in 0.017s)
[*] create Backup File of kernel-ranchu
[*] Copy ./bzImage (Kernel) into kernel-ranchu
[-] Clean up the ADB working space
[-] Install all APKs placed in the Apps folder
[*] Trying to install Apps/Magisk.apk
[*] Performing Streamed Install
[*] Success
[-] Shut-Down & Reboot (Cold Boot Now) the AVD and see if it worked
[-] Root and Su with Magisk for Android Studio AVDs
[-] Modded by NewBit XDA - Jan. 2021
[!] Huge Credits and big Thanks to topjohnwu, shakalaca and vvb2060
[-] Trying to shut down the AVD
[!] If the AVD doesn't shut down, try it manually!
Which is not the same as the one you're showing in the rootAVD guide. Is it anything I'm doing incorrect here or has the prints just changed?
Would be really awesome if you're able to help in any way let me know if you need more info!
I was a little quick on asking questions Got it working! It was the Linux version that was off, the one running in the emulator was 5.4.50 while I was compiling 5.4.162.
When I checked out the commit that had 5.4.50, it all worked like a charm doing it with your "classic" guide!
Thanks again for the awesome guides!
rkull said:
I was a little quick on asking questions Got it working! It was the Linux version that was off, the one running in the emulator was 5.4.50 while I was compiling 5.4.162.
When I checked out the commit that had 5.4.50, it all worked like a charm doing it with your "classic" guide!
Thanks again for the awesome guides!
Click to expand...
Click to collapse
I am glade it worked for you. Sometimes you need some luck. I had quite some issues with the module versions, even If I added the local version right. So the best solutions so far is, to build the modules as well.
I see that your AVD is offline, make sure the Magisk Version is compatible with your AVD API Level.
Occasionally, even with the module versions right, the AVD boot looped, and I had to wipe the AVD and then
it worked. I don't have an explanation for this, just my observations.
Yeah I'm building/installing a custom kernel for an AOSP build, so I'm not using an AVD. Just running the AOSP emulator build:
Code:
source build/envsetup.sh
lunch
emulator
Not packing the build into an AVD but maybe we'll do that in the future
When you say
So the best solutions so far is, to build the modules as well.
Click to expand...
Click to collapse
How's that done exactly? Do I need to do something more that just running
Code:
make $DEVEXPS -j$(nproc)
Or am I still stuck with version 5.4.50 of the kernel?
Not that I see the need for me to update the version, but it would be fun to know how it could be done
rkull said:
Yeah I'm building/installing a custom kernel for an AOSP build, so I'm not using an AVD. Just running the AOSP emulator build:
Click to expand...
Click to collapse
rkull said:
When you say
How's that done exactly? Do I need to do something more that just running
Code:
make $DEVEXPS -j$(nproc)
Or am I still stuck with version 5.4.50 of the kernel?
Not that I see the need for me to update the version, but it would be fun to know how it could be done
Click to expand...
Click to collapse
With the AOSP Build ENV I had to set
Code:
BUILD_INITRAMFS=1
to get the modules build and packed. Don't know how this is done the classical way. Checkout your output directory if you can find
any modules or initramfs.img
rootAVD provides you an option to download prebuild kernels and its modules from AOSP.
You can try this to get a higher Kernel version.
Thank you very much!good job!

Categories

Resources