Database Info

[GUIDE] Howto create an insecure boot image for asus tf101

NOTE: I started few days ago working with the boot image.
I'm not an Android expert. If you find an error in this post, let me know.
Use this information at your own risk. If you brick your tablet, don't blame on me.
Nothing of the tools used here are written by me. I'm not taking credit for another's work.
I have rooted my tf101 with the instructions from the mashi's thread. (http://forum.xda-developers.com/showthread.php?t=1125714)
I was curious about the root process of our beloved tablet.
For add root at the stock firmware you need the su packages and a proper boot image.
I've worked for years on linux machines, so I know that you need the "su" command to become root.
But what about the boot image? What does it need for?
I've googled and found some information that I'd like to share with you:
For using adb as superuser, and push the su package, you need to flash a so called "insecure boot" on your tablet/phone.
The process is easy:
NOTE: Even if I'm on a Windows machine, I prefer to do this work in linux. The entire process has been done in an Ubuntu 11.04 virtual machine.
What you need:
- a PC running linux
- BootTools and BlobTools from Rayman84 (http://androidroot.mobi/)
- mkbootimg (mkbootfs is optional) from the android repository
I assume that you have all the above tools in your $PATH variable.
First of all you need a stock boot image; you can extract one from your tablet (with nvflash) or from the latest stock firmware (US-VERSION - WW-VERSION)
We're going for the official packages from the ASUS website. Download it on your home directory (or wherever you want).
Let's start:
Code:
mkdir stock_firmware
cd stock_firmware
unzip ../UpdateLauncher_WW_epaduser_84411.zip
unzip ASUS/Update/WW_epad-user-8.4.4.11.zip
blobunpack blob
bootunpack blob.LNX
Now we have a lot of "strange" files:
Code:
ASUS
blob
blob.APP
blob.EBT
blob.HEADER
blob.LNX
blob.LNX-config
blob.LNX-kernel.gz
blob.LNX-ramdisk.cpio.gz
blob.PT
blob.SOS
META-INF
For our work, we just need blob.LNX-ramdisk.cpio.gz
Code:
mkdir boot_img
cd boot_img
gunzip -dc ../blob.LNX-ramdisk.cpio.gz | cpio -i
vi default.prop (or "gedit default.prop" if you want a GUI)
Here you have to change the line "ro.secure=1" in "ro.secure=0"
The final file should appears as this:
Code:
#
# ADDITIONAL_DEFAULT_PROPERTIES
#
ro.secure=0
ro.allow.mock.location=0
ro.debuggable=0
persist.service.adb.enable=0
Almost done. Let's repack:
Code:
find . | cpio -o -H newc | gzip > ../newramdisk.cpio.gz
or alternatively:
Code:
mkbootfs ./ | gzip > ../newramdisk.cpio.gz
Finally make the boot.img:
Code:
cd ..
mkbootimg --kernel blob.LNX-kernel.gz --ramdisk newramdisk.cpio.gz -o boot.img
Now you have your boot.img, ready to be flashed with nvflash.
For information on what to do with this file, please refer to the mashi or brk threads.
Again, I've taken this information from google.
All the credits and many thanks to:
Rayman for the BlobTools and the BootTools - http://androidroot.mobi/
Mashi for his thread on rooting the stock kernel - http://forum.xda-developers.com/showthread.php?t=1125714
Brk for his batch script - http://forum.xda-developers.com/showthread.php?t=1185104
If you found this guide useful, hit the "Thanks" button.
For your convenience, you can find the tools used attached in this post (compiled on Ubuntu 11.04).
UPDATE: I have written a script (thanks gnufabio for the idea) that automatically modify a stock boot.img into an insecure one.
ex:
Code:
./insecure.sh boot.img
when the script finishes you will find a file called my_boot.img ready to be flashed with nvflash.
Bootunpack and mkbootimg should be in your $PATH.
This script doesn't do much error checking, so keep your eyes open.
HF

hey thanks very nice guide

Excellent. I've been looking around trying to work out how to package up a kernel build, this helps a great deal.
I'm assuming that I just replace the blob.LNX-kernel.gz with my built zImage?

SammyC said:
Excellent. I've been looking around trying to work out how to package up a kernel build, this helps a great deal.
I'm assuming that I just replace the blob.LNX-kernel.gz with my built zImage?
Click to expand...
Click to collapse
I haven't try but i guess yes.
If you really want to recompile/repackage the kernel, you can refer to this http://www.droidforums.net/forum/rescue-squad-guides/31452-how-compile-your-own-kernel.html ; it's about the Motorola Droid, but some concepts are universal for all the android devices.
HF

Good work, btw give a look to this script i made: mcpio
Unpacking and repacking the ramdisk will be easier:
Code:
mcpio -c ramdisk-folder/
mcpio -e ramdis-archive.cpio.gz

Thanks - Very useful to have this in this section. I tried the example, and it all worked fine on an old Ubuntu dist.

gnufabio said:
Good work, btw give a look to this script i made: mcpio
Unpacking and repacking the ramdisk will be easier:
Code:
mcpio -c ramdisk-folder/
mcpio -e ramdis-archive.cpio.gz
Click to expand...
Click to collapse
Well, that's a lot easier...
I didn't know your script, thanks for sharing.

Updated the first post with a bash script to automate the entire process.
Yesterday I've succesfully recompiled the stock kernel and I'm thinking on write another guide like this one on the subject.
The process is a little complicate, i'm looking for an easy way to explain but it's hard.
Anyway I'm working on it in my spare time.

That would be great if you could.

ASUS haven't (yet) released the source for the kernel in their latest 3.2 build. If you've updated to 3.2, you can still root and repackage using this method. Just use nvflash to save off the kernel from your running device as per the backup/restore thread, then use bootunpack on that and follow the rest of the instructions

raypou said:
ASUS haven't (yet) released the source for the kernel in their latest 3.2 build. If you've updated to 3.2, you can still root and repackage using this method. Just use nvflash to save off the kernel from your running device as per the backup/restore thread, then use bootunpack on that and follow the rest of the instructions
Click to expand...
Click to collapse
it's exactly the method used here: http://forum.xda-developers.com/showthread.php?t=1198303

If anyone interested, here're win32 binaries of BlobTools and BootTools
Just compiled from git repo.

I unpacked a rom with a kernelblob in the root directory, and edited init.rc. Which command should I use to repackage it? If I follow the guide (instead of boot.img I used kernelblob, no extension) I get the EEE Pad logo then scrambled, colored lines all over.
If I, however, install the base rom, then the one where I changed something in the kernelblob, it boots up.

theMIROn said:
If anyone interested, here're win32 binaries of BlobTools and BootTools
Just compiled from git repo.
Click to expand...
Click to collapse
Hi, makebootimg.exe doesn't work. It gives error saying: error: could not load kernel 'blob.LNX-kernel.gz'
Tried same files in linux and worked fine.
Can you try to fix this?
EDIT: tried to compile myself but got the same issue. I think is related with the need to change source code to make this run on windows.

Working boottools for windows available here: http://forum.xda-developers.com/showpost.php?p=17237701&postcount=443

brk said:
Hi, makebootimg.exe doesn't work. It gives error saying: error: could not load kernel 'blob.LNX-kernel.gz'
Tried same files in linux and worked fine.
Can you try to fix this?
Click to expand...
Click to collapse
yep, it's code issue
attached BootTools-Win32.zip with fixed mkbootimg.exe

is there this guide for tf201?
BR
Maframan

maframan said:
is there this guide for tf201?
BR
Maframan
Click to expand...
Click to collapse
You should probably check the TF201 forum.

Could this method be used to pack a new Splash Screen? (I want to change that annoying ASUS logo to something better) Would I go about the Flash_Image method to flash the image after compiled? (I do Not have NvFlash, but I am rooted with Cwm)
Which blobs would I modify as well, just the EBT?

rebound821 said:
NOTE: I started few days ago working with the boot image.
I'm not an Android expert. If you find an error in this post, let me know.
Use this information at your own risk. If you brick your tablet, don't blame on me.
Nothing of the tools used here are written by me. I'm not taking credit for another's work.
I have rooted my tf101 with the instructions from the mashi's thread. (http://forum.xda-developers.com/showthread.php?t=1125714)
I was curious about the root process of our beloved tablet.
For add root at the stock firmware you need the su packages and a proper boot image.
I've worked for years on linux machines, so I know that you need the "su" command to become root.
But what about the boot image? What does it need for?
I've googled and found some information that I'd like to share with you:
For using adb as superuser, and push the su package, you need to flash a so called "insecure boot" on your tablet/phone.
The process is easy:
NOTE: Even if I'm on a Windows machine, I prefer to do this work in linux. The entire process has been done in an Ubuntu 11.04 virtual machine.
What you need:
- a PC running linux
- BootTools and BlobTools from Rayman84 (http://androidroot.mobi/)
- mkbootimg (mkbootfs is optional) from the android repository
I assume that you have all the above tools in your $PATH variable.
First of all you need a stock boot image; you can extract one from your tablet (with nvflash) or from the latest stock firmware (US-VERSION - WW-VERSION)
We're going for the official packages from the ASUS website. Download it on your home directory (or wherever you want).
Let's start:
Code:
mkdir stock_firmware
cd stock_firmware
unzip ../UpdateLauncher_WW_epaduser_84411.zip
unzip ASUS/Update/WW_epad-user-8.4.4.11.zip
blobunpack blob
bootunpack blob.LNX
Now we have a lot of "strange" files:
Code:
ASUS
blob
blob.APP
blob.EBT
blob.HEADER
blob.LNX
blob.LNX-config
blob.LNX-kernel.gz
blob.LNX-ramdisk.cpio.gz
blob.PT
blob.SOS
META-INF
For our work, we just need blob.LNX-ramdisk.cpio.gz
Code:
mkdir boot_img
cd boot_img
gunzip -dc ../blob.LNX-ramdisk.cpio.gz | cpio -i
vi default.prop (or "gedit default.prop" if you want a GUI)
Here you have to change the line "ro.secure=1" in "ro.secure=0"
The final file should appears as this:
Code:
#
# ADDITIONAL_DEFAULT_PROPERTIES
#
ro.secure=0
ro.allow.mock.location=0
ro.debuggable=0
persist.service.adb.enable=0
Almost done. Let's repack:
Code:
find . | cpio -o -H newc | gzip > ../newramdisk.cpio.gz
or alternatively:
Code:
mkbootfs ./ | gzip > ../newramdisk.cpio.gz
Finally make the boot.img:
Code:
cd ..
mkbootimg --kernel blob.LNX-kernel.gz --ramdisk newramdisk.cpio.gz -o boot.img
Now you have your boot.img, ready to be flashed with nvflash.
For information on what to do with this file, please refer to the mashi or brk threads.
Again, I've taken this information from google.
All the credits and many thanks to:
Rayman for the BlobTools and the BootTools - http://androidroot.mobi/
Mashi for his thread on rooting the stock kernel - http://forum.xda-developers.com/showthread.php?t=1125714
Brk for his batch script - http://forum.xda-developers.com/showthread.php?t=1185104
If you found this guide useful, hit the "Thanks" button.
For your convenience, you can find the tools used attached in this post (compiled on Ubuntu 11.04).
UPDATE: I have written a script (thanks gnufabio for the idea) that automatically modify a stock boot.img into an insecure one.
ex:
Code:
./insecure.sh boot.img
when the script finishes you will find a file called my_boot.img ready to be flashed with nvflash.
Bootunpack and mkbootimg should be in your $PATH.
This script doesn't do much error checking, so keep your eyes open.
HF
Click to expand...
Click to collapse
Hi Sir,
First of all thankyou for you guide because I did follow you guide and created the insecure boot.image succesfully. I still have one problem, after flashing the boot.image, I still could not root the android device. Why is that? Do I need to change something else in the boot.img?

[Q] Is there an easy way to apply the patch files from the OTA on a PC?

I'm looking for a way to apply the patch files to the TF system image on a PC. This is not about how to get the ota to flash- I got that covered. This is about repacking roms or making flashable updates that don't rely on stock firmware.
I found a few ways, but none of them seem "easy."
The dirty way- apply the OTA and grab the system image.
From the PC command line - Linux has diff/patch, but that doesn't work for some of the patches in "IMGDIFF2" format. Besides, I'm not sure I ever got the regular BSDIFF40 patches to work.
The git option- There is the apply_patch source code in github. This works great, but I have to run it on the TF. Is it possible to compile this to work on my ubuntu box?
Maybe there is some magic script out there called apply_ota?
Thanks in advance

gee one said:
I'm looking for a way to apply the patch files to the TF system image on a PC. This is not about how to get the ota to flash- I got that covered. This is about repacking roms or making flashable updates that don't rely on stock firmware.
I found a few ways, but none of them seem "easy."
The dirty way- apply the OTA and grab the system image.
From the PC command line - Linux has diff/patch, but that doesn't work for some of the patches in "IMGDIFF2" format. Besides, I'm not sure I ever got the regular BSDIFF40 patches to work.
The git option- There is the apply_patch source code in github. This works great, but I have to run it on the TF. Is it possible to compile this to work on my ubuntu box?
Maybe there is some magic script out there called apply_ota?
Thanks in advance
Click to expand...
Click to collapse
I recently wrote some code for a ARM basestation (basically like a Freescale cell-phone board), and had to be able to supply some updates over time. Before the project ended, I'd also found bsdiff and bspatch and tested them on linux, where they worked fine (as long as you'd created either an ARM bsdiff/patch version or somehow took the big/little endianness of the hardware into account).
At first I thought it wasn't working but it seemed to do OK on standard cross-compiled-for-ARM files. (well, they still ran and performed the same stunt..).
The thing that worried me about this method is that they'd never have the same md5sum before as after, likely because they had a different amount of bytes. (e.g. you make your own before and after and build each, then create the patch file using bsdiff, then patch the old file using the patch file, and create a 'newtestfile', but look at the number of bytes (or md5sum it) difference between the original stage 2 file and the stage 1 + the patch file via bspatch).
Sorry that is pretty confusing the way I just tried to explain it.. I'll look this over again tomorrow and figure out if I said anything worthwhile

For inputs, the applypatch binary takes the file names, sha1 checksums of the before and after, and the final target size. Chance are high that the patch would only work if everything went in and came out properly.
Code:
apply_patch("/system/framework/framework-res.apk", "-",
99b382b5886e505508fa3f730d778a1bed4bc04e, 9761707,
a4798fb8d61d08b6f067e522e67107f6dd556148, package_extract_file("patch/system/framework/framework-res.apk.p"));
I think that bsdiff/patch will generally work on most of the OTA (BSDIFF40 files), but some of the files are IMGDIFF2, which targets binary/data files.
The applypatch binary works on both and as far as I can tell, is the same binary that the TF uses. Here is a snippet from the AOSP recovery... TF binary included Use the binary on your TF, not applypatch.sh! I suppose you can put it in system/xbin/
It would resolve the issue if I could compile this to run on my desktop from ubuntu. Short of that, I'm working on a script for the TF to parse the updater script.

gee one said:
For inputs, the applypatch binary takes the file names, sha1 checksums of the before and after, and the final target size. Chance are high that the patch would only work if everything went in and came out properly.
Code:
apply_patch("/system/framework/framework-res.apk", "-",
99b382b5886e505508fa3f730d778a1bed4bc04e, 9761707,
a4798fb8d61d08b6f067e522e67107f6dd556148, package_extract_file("patch/system/framework/framework-res.apk.p"));
I think that bsdiff/patch will generally work on most of the OTA (BSDIFF40 files), but some of the files are IMGDIFF2, which targets binary/data files.
The applypatch binary works on both and as far as I can tell, is the same binary that the TF uses. Here is a snippet from the AOSP recovery... TF binary included Use the binary on your TF, not applypatch.sh! I suppose you can put it in system/xbin/
It would resolve the issue if I could compile this to run on my desktop from ubuntu. Short of that, I'm working on a script for the TF to parse the updater script.
Click to expand...
Click to collapse
I'm not sure I understand the intent. I've just awoken and that's probably part of the problem..
'applypatch' is part of the standard (say 10.04 ubuntu) repo and is in a package called makepatch. Did you want to be able to run it "from" a standard x86 Ubuntu dist but have it targeting "armle" files or just be able to run it both on Ubuntu & Android correctly?
The files I tested were a) both binaries in different stages of evolution, and b) both built for armle(droids) and x86_64 and didn't behave differently, worked, and the checksum could be pre-calculated.
I'm going to mess around with applypatch when I'm out of my morning coma and get back to this in a bit.
Hah -- I do wonder if there's already a script (maybe it's a binary though) that lives in the dm* app on the tf101 that just does this already. You may have been right about that. Something has to apply those OTA patches. There's a few mechanisms for detecting them but I hadn't thought about how they're applied.
I'm trying to think if there's any scenario where the market applies 'patches' rather than always downloads the next version in entirety. Not sure about that.
Anyway, I'll see if I can get anywhere with applypatch.
Edit:: After a little messing around :
I finally see what you are trying to do and why what I'm doing is totally useless for that. I'm going to spend a little time looking over the imgdiff2 (apk) deal, and probably end up now figuring out a thing.

I'll look into the makepatch package later today. Maybe that might be what I'm looking for.
Just to be clear, the intent is to be able to patch a "stock" system without it actually running on the TF. For example, to take the stock 8.6.5.9 image, decompress system/ to the PC, apply the patches from the OTA, and then end up with a stock 8.6.5.13 image. This would all happen on the PC, not the TF. It would streamline the ROM cooking process and make it easier and faster to spit out a complete, flashable update that won't fail sha1 checks because of mods.
sent from my cyanogen(mod) vision

Zombie Thread Alert!!!
You have been warned....
OK, so my C-fu isn't strong enough to figure out how to cross compile the apply patch binary to run on a x86 computer. However, I did notice that the applypatch binary gets built in the aosp/generic_x86 build, specifically in the system/bin folder.
This will be an exectuble file that will run on a x86 linux based system and do the same thing that the applypatch binary does to the ota package during the ota update. In other words, you can apply the ota patch to a system image from the comfort of the linux command line without having to actually flash the ota. This will allow you to be the first one on your block to have the new system image without having to mess up whatever rom you are currently running.
Of course, this might all be moot if we don't see another ota for our tf. Come on ASUS, just one more so I can test this out on a live update.
OK, so if you read this far, repo sync your aosp source and build the generic_x86 branch. The binary is aosp/target/product/generic_x86/system/bin/applypatch_static
edit: then after you've done that, use a script to parse the updater-script to extract the patching commands and then she-bang! I'll post mine a little later- I've got to get some flowers for tonight

Any luck with that? I'm also searching for a way to apply an OTA update to a ROM using Ubuntu.

bgcngm said:
Any luck with that? I'm also searching for a way to apply an OTA update to a ROM using Ubuntu.
Click to expand...
Click to collapse
Yeah, it works like a charm. The binary is compiled in the aosp/generic_x86 build. There is no need to flash, you can just pull it out of the system/bin folder after compiling the source. You can probably use an "mmm" command to make just files you want, but I'm not sure which package it's in. Then, I use a script that converts the OTA patch commands in the updater-script to a script file that runs on my linuxbox that calls the binary and patches the ROM under linux/ubuntu.

Do you mind sharing your applypatch binary? I don't have AOSP source on my Ubuntu installation right now, so if you don't mind sharing I wouldn't need to build it from sources...

bgcngm said:
Do you mind sharing your applypatch binary? I don't have AOSP source on my Ubuntu installation right now, so if you don't mind sharing I wouldn't need to build it from sources...
Click to expand...
Click to collapse
I attached the applypatch binary- it should work on most x86 linux distros, maybe.
As I stated in my earlier post, the binary is built with the x86 build. I'm not so good with the build system, but I think the code is from the bootable/recovery/applypatch. I included the relevant notices for that code.
In the OTA updater-script, there will be a bunch of applypatch commands- you might have to change the name/permissions of the binary, but that syntax should be what you are looking for.
Enjoy!

Thank you very much for your time. It seems we are almost the only one trying this. The thing is that I really need to get this done because OTA update is failing for me by running it the usual way.
I've tried your binary and it works under my Ubuntu installation, however I was trying to manually patch just one file and got this:
Code:
[email protected]:~/Desktop/system/app$ applypatch_static ./ApplicationsProvider.apk - d9023cd58fd055e1ca3c8f8492b2c36aba923c6a 6184 69bea5d5a62980c611b903de8243d980f30e5fb5:../../patch/system/app/ApplicationsProvider.apk.p
applying patch to ./ApplicationsProvider.apk
target 6184 bytes; free space 1080520704 bytes; retry 1; enough 1
chown of "./ApplicationsProvider.apk.patch" failed: Operation not permitted
I got that chown error message although ApplicationsProvider.apk.patch was created. Is this the patched file?
EDIT: Nevermind, I forgot to run the command as superuser.
EDIT2: Would it be too much if I ask you also to share the script that converts OTA commands from updater-script into the correct syntax to run on Ubuntu?

There is no guarantee that this will work on your machine. It's a work in progress and will probably require some editing. This just creates the scripts that extract the commands from the OTA updater-script.
I haven't used it in a while since ASUS hasn't put out any updates lately, but I would copy the updater-script and rename it delete_source. Then I would edit out everything in delete_source except the delete commands. There might be an issue with a trailing ; or similar character. The script runs on the copy of the updater-script to pull out the applypatch commands and the delete_source to pull out the files that need to be deleted from the rom.
Check the syntax, but it will be something like ./tf_file <head of stock rom> <head of patch source>
If you have the donor stock system folder and the patch folder from the OTA at the same dir level, it would be ./tf_file system patch
The script also assumes that the applypatch binary is in your path as apply_patch. You can adjust as needed.
Lastly, my bash skills are probably pretty weak, so if you see ways to improve this script or add error/path checking, feel free to post improvements, etc. There is probably a really slick way to do this with just one script and not a script that makes three other scripts. The historical reason for this is that I used to transfer the files to my transformer and run the script on there. Running in Ubuntu is much faster!
Good luck!
Code:
#!/bin/bash
# extract_source is used to pull files to be patched from source tree
# delete_source is ued to delete unneeded files from the source tree
# tf_file applies the patches to the extracted source files
# don't forget to copy the direct updates in the OTA
# usage is apply_ota
# assumes that updater-script and delete-script are at same directory level
# updater-script is from META-INF folder, delete-script is from updater-script
# add error checking to count number of patches and number of patched files
# parse trailing / in folder names
work_dir=`pwd`
tf_file=$work_dir"/tf_file"
extract_source=$work_dir"/extract_source"
delete_file=$work_dir"/delete_source"
work_file=$work_dir"/work_file"
echo "#!/bin/bash" > $tf_file
sed ':a;N;$!ba;s/\n/\ /g' updater-script | sed -e 's/;/\n/g' -e 's/\ \ */\ /g' | grep "apply_patch(" | sed -e 's/"//g' -e 's/,\ p/\:p/g' -e 's/,//g' -e 's/package_extract_file(/$2\//g' -e 's/(/\ $1/g' -e 's/))//g' >> $tf_file
chmod 755 $tf_file
echo "#!/bin/bash" > $extract_source
#sed ':a;N;$!ba;s/\n/\ /g' updater-script | sed -e 's/;/\n/g' -e 's/\ \ */\ /g' | grep "apply_patch(" | cut -d \" -f 2 |sed -e s'/^/cp\ --parents\ $1/g' -e s'/$/\ \$2"\/\"/g' >> $extract_source
sed ':a;N;$!ba;s/\n/\ /g' updater-script | sed -e 's/;/\n/g' -e 's/\ \ */\ /g' | grep "apply_patch(" | cut -d \" -f 2 |sed -e 's/^/cp\ --parents\ $1/g' -e 's/$/\ \$2"\/\"/g' -e 's:/system::g' >> $extract_source
chmod 755 $extract_source
sed -e 's:",:\n:g' -e 's:\ ::g' delete-script > $delete_file
sort -r $delete_file > $work_file
echo "#!/bin/bash" > $delete_file
grep / $work_file | grep -v /$ | sed -e 's:"/:rm\ \$1/:g' >> $delete_file
grep /$ $work_file | sed -e 's:"/:rmdir\ \$1/:g' >> $delete_file
chmod 755 $delete_file
exit 0

IMGDIFF Tool Needed...
Hello Sir, i am looking for a tool to generate IMGDIFF patches on windows... i already have a BSDIFF tool, but coudn't find IMGDIFF... Thank You

I have no idea about windows, but the source is here.
https://android.googlesource.com/platform/bootable/recovery/+/master
You could install linux and build it from there. Follow these directions http://source.android.com/source/building.html
There is also lots of great info here http://wiki.cyanogenmod.org/w/Development#Learning_To_Build_CM
Good luck!

gee one said:
Good luck!
Click to expand...
Click to collapse
I am very thankful to you for replying me sir... these guides are awesome, but i dont think my slow internet connection and PC with 1GB RAM will be allowing me to download or compile
actully i was making a tool to apply OTA Updates in PC, it is semi functional for now, it is able to read updater script and apply bsdiff patches, but can't handle imgdiff patches and now i am stuck at this point because of no imgdiff port for windows... :crying:
i will be very thankful if you or @bgcngm can compile imgdiff at least for cygwin? else i will have to postpond this project until someone else compile and port imgdiff for win/cygwin

Sorry- I'm clueless about cygwin. You could try dual booting to linux to compile from there.

gee one said:
You could try dual booting to linux to compile from there.
Click to expand...
Click to collapse
Thanks alot for taking your time to reply me sir now it seems like linux is the only option left
as you are a linux user will it be too much if i ask you to find a right guide to compile ota tools only? cause i don't know much about linux, and it will be difficult for me to find right guide to compile ota tools only...

jawad6233 said:
Hello Sir, i am looking for a tool to generate IMGDIFF patches on windows... i already have a BSDIFF tool, but coudn't find IMGDIFF... Thank You
Click to expand...
Click to collapse
Answer is here - [Tool]imgdiff executable for windows. BTW, anybody have applypatch for Win32?

Hoping this works for lollipop.

[Q] installing dsixda Android kitchen on Mac

Hi i've read the thread regarding dsixda kitchen for Android. However, i currently own a mac, and im more enthusiastic in programming using my mac since it will be my primarily computer when i begin my C++ (Have a minor knowledge of java programming) and programming class in about 3 weeks (College - majoring in computer science). Anyways im having issues installing it since i just recently transfer over from a Windows to a mac a few weeks ago.
http://forum.xda-developers.com/showthread.php?t=633246
Excuse me and forgive me if im writing this in the wrong section, please move if necessary, but please do not close it as im desperately needing your help.
Im trying to focus on creating my own rom however, while reading these instructions below
PHP:
Ensure you have the GNU version of wget. To verify you have the correct version, type wget --version. If this command works without error, and it mentions "GNU" in the output, then it should be good.
If that doesn't work, you might have to build the GNU version of 'wget':
Go to the GNU site to grab the latest tar.gz of wget (I found wget-1.12 worked best).
Go to the folder containing the extracted files, and type: ./configure; make; sudo make install
NOTE for OS X 10.8+: If "./configure" gives errors, then try instead: ./configure --with-ssl=openssl
Confirm that the system defaults to the GNU version of wget, by opening a new terminal and typing "wget --version" again. Otherwise, type: sudo cp /usr/local/bin/wget /usr/bin/wget
Ensure you have the GNU version of sed, as the default Mac OS X version (FreeBSD) of sed is not compatible with the kitchen. To verify you have the correct version, type sed --version. If this command works without error, and it mentions "GNU" in the output, then it should be good.
If that doesn't work, you might have to build the GNU version of 'sed':
Go to the GNU site to grab the latest tar.gz of sed.
Go to the folder containing the extracted files, and type: ./configure; make; sudo make install
Confirm that the system defaults to the GNU version of sed, by opening a new terminal and typing "sed --version" again. Otherwise, type: sudo cp /usr/local/bin/sed /usr/bin/sed
Ensure you have the GNU version of od, as the default Mac OS X version (FreeBSD) of od is not compatible with the kitchen. To verify you have the correct version, type od --version. If this command works without error, and it mentions "GNU" in the output, then it should be good.
If that doesn't work, you might have to build the GNU version of 'od':
Go to the GNU site to grab the latest tar.gz of coreutils.
Go to the folder containing the extracted files, and type: ./configure --disable-acl; make; sudo make install
Confirm that the system defaults to the GNU version of od, by opening a new terminal and typing "od --version" again. Otherwise, type: sudo cp /usr/local/bin/od /usr/bin/od
i find it a bit difficult understanding how to install it on my mac using the guide in this thread
http://forum.xda-developers.com/showthread.php?t=633246
thank you to anyone who can help me thank you
ACTUALLY FOUND THIS OTHER METHOD BUT WONDERING IF I SOULD DO THIS INSTEAD
http://forum.dailymobile.net/index.php?topic=62368.0

[BINWALK] Firmware Forensic Tool

[BINWALK] Firmware Forensic Tool
ReFirm Labs.
https://www.refirmlabs.com
[email protected]
https://github.com/ReFirmLabs
Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
This thread will present two ways to go about installing this Binwalk (Automatically and Manuallly) and both are not without problems. .
If you're using Debain or Ubuntu 20.4 you can bash ./ dep.sh because its been tested on Debain and Ubuntu. I have installed binwalk on Ubuntu-Budgie 20.10, Ubuntu-Budgie 20.04 and windows 10. My theory on Windows 10 is **** windows use linux but just in case you nuts haven't dropped....
PREREQUISITES
1.Download & install Cygwin (place in path C:\cygwin)
https://www.cygwin.com/
2.Download & install latest version of Python3 ( place in path C:\python3)
https://www.python.org/downloads/
INSTALLATION (Auto)
Open your Cygwin terminal and type the following command:
$ lynx -source rawgit.com/transcode-open/apt-cyg/master/apt-cyg > apt-cyg install apt-cyg /bin
$ apt-cyg install git wget unzip
$ apt-cyg install python3 python3-pip
$ wget https://github.com/ReFirmLabs/binwalk/archive$ lynx -source rawgit.com/transcode-open/apt-cyg/master/apt-cyg > apt-cyg install apt-cyg /bin
$ apt-cyg install git wget unzip
$ apt-cyg install python3 python3-pip/master.zip
$ unzip master.zip
$ cd binwalk-master && python3 setup.py install
Debian users can install all optional and suggested extractors/dependencies using the included deps.sh script (recommended):
$ sudo ./binwalk-master/deps.sh
If it installed with no issues then type "binwalk" and try to extract a firmware fill to make sure that you do not get an error. If you do than uninstall and reinstall manually.
(BEFORE installing Cygwin make a note of ALL the packages you will need to manually install Binwalk. You can get them during the installation of Cygwin. CHECK MARK wget, git, lynix and your list.)
If apt-cyg is unable to locate a package TRY THE "pip install <package_name>" COMMAND. If pip is unable locate the package then it's either already installed under a different name or its obsolete.
INSTALLATION (Manual)
$ lynx -source rawgit.com/transcode-open/apt-cyg/master/apt-cyg > apt-cyg install apt-cyg /bin
$ apt-cyg install git wget unzip
$ apt-cyg install python3 python3-pip
$ python3 setup.py install
$ pip3 --upgrade pip
$ pip3 install nose coverage
$ pip3 install pycryptodome
$ apt-cyg install libqt4-opengl python3-opengl python3-pyqt4 python3-pyqt4.qtopengl
$ pip3 install python3-numpy python3-scipy
$ pip3 install pyqtgraph
CAPSTONE
$ pip install capstone
$ apt-cyg install mtd-utils gzip bzip2 tar arj lhasa p7zip p7zip-full cabextract cramfsprogs cramfsswap squashfs-tools sleuthkit default-jdk lzop srecord
SASQUATCH
$ apt-cyg install zlib1g-dev liblzma-dev liblzo2-dev
$ git clone https://github.com/devttys0/sasquatch $ cd sasquatch && ./build.sh
$ pip3 install cstruct $ git clone https://github.com/sviehb/jefferson $ cd jefferson && python3 setup.py install
$ apt-cyg install liblzo2-dev python-lzo $ git clone https://github.com/jrspruitt/ubi_reader $ cd ubi_reader && python3 setup.py install
$ git clone https://github.com/devttys0/yaffshiv $ cd yaffshiv && python3 setup.py install $ wget -O - http://downloads.tuxfamily.org/sdtraces/stuffit520.611linux-i386.tar.g | tar -zxv $ cp bin/unstuff /usr/local/bin/ Note that for Debian/Ubuntu users, all of the above dependencies can be installed automatically using the included $ sudo ./deps.sh Note that I also used command it was the only way to get all the packages. It worked for me but make your own choices. Installing the IDA Plugin If IDA is installed on your system, you may optionally install the binwalk IDA plugin: $ python3 setup.py idainstall --idadir=/home/user/ida Likewise, the binwalk IDA plugin can be uninstalled: $ python3 setup.py idauninstall --idadir=/home/user/ida If all goes well... $ binwalk I believe this was my first tutorial. I gotta be honest, XDA as website is unbeatable. I have spent days upon days sifting through treads and will probably spend many more days doing research!

Thanks for sharing this.
Having made a quick look to https://www.kali.org/tools/binwalk/ it seems to be able to extract binaries from (otherwise) "closed" firmware files.
Then, of course you need to do the real thing to modify what you want to, according to your goals. At this point comes the reversing stuff.
Finally you have to repack everything (and eventually resign it as there might be some integrity check) to be able to use the given firmware.
On devices/roms I dealt with, the unpacking/repacking is done by the flashing program itself. (ie. SPD reserch tool for spreadtrum devices).
Is it able to repack correctly the rom as well ?

By the way, following the link to https : // www . refirmlabs . com we arrive to some microsoft security services.
Very strange.

FranckyGoesToHollywood said:
Thanks for sharing this.
Having made a quick look to https://www.kali.org/tools/binwalk/ it seems to be able to extract binaries from (otherwise) "closed" firmware files.
Then, of course you need to do the real thing to modify what you want to, according to your goals. At this point comes the reversing stuff.
Finally you have to repack everything (and eventually resign it as there might be some integrity check) to be able to use the given firmware.
On devices/roms I dealt with, the unpacking/repacking is done by the flashing program itself. (ie. SPD reserch tool for spreadtrum devices).
Is it able to repack correctly the rom as well ?
Click to expand...
Click to collapse
You are welcome. You know I've never been able to get SP to work or any of them to tell you the truth. Lgup, Odin are more precious than gold. I've been trying for 3 or 4 days to get Salt to flash a kdz, do, zip and images without success. The good thing about Binwalk is it will dissect anything that you feed it BUT like you were saying its definitely a lot of work brother. Do you think you could bless me with a copy of this working SP tool?

FranckyGoesToHollywood said:
By the way, following the link to https : // www . refirmlabs . com we arrive to some microsoft security services.
Very strange.
Click to expand...
Click to collapse
Huh..I will have to check that out.

FranckyGoesToHollywood said:
By the way, following the link to https : // www . refirmlabs . com we arrive to some microsoft security services.
Very strange.
Click to expand...
Click to collapse
Azure. That is strange. I found them on github by accident.

Jackspsychosis said:
You are welcome. You know I've never been able to get SP to work or any of them to tell you the truth. Lgup, Odin are more precious than gold. I've been trying for 3 or 4 days to get Salt to flash a kdz, do, zip and images without success. The good thing about Binwalk is it will dissect anything that you feed it BUT like you were saying its definitely a lot of work brother. Do you think you could bless me with a copy of this working SP tool?
Click to expand...
Click to collapse
You can get it directly from SP (free) :
Research Tool - Official SPD/Unisoc Flash Tool
The SPD Research Tool is mainly used for R&D and debugging, supports reading and writing flash partitions, NV parameters, PhaseCheck and ProdNV partitions (read back and then write to the phone), and supports functions such as packaging downloaded files. But this tool will not initialise ProdNV...
spdflashtool.com
For more convenience, I attached here both latest app and drivers. (compressed smaller)
--> however after 20' I still dont see them appear here...
This variant of the SP flasher can do really a lot of things (however I couldn't find any doc on it, you must be an SPD engineer to understand everything). Some .ini file comments can give a little help.

FranckyGoesToHollywood said:
You can get it directly from SP (free) :
Research Tool - Official SPD/Unisoc Flash Tool
The SPD Research Tool is mainly used for R&D and debugging, supports reading and writing flash partitions, NV parameters, PhaseCheck and ProdNV partitions (read back and then write to the phone), and supports functions such as packaging downloaded files. But this tool will not initialise ProdNV...
spdflashtool.com
For more convenience, I attached here both latest app and drivers. (compressed smaller)
--> however after 20' I still dont see them appear here...
This variant of the SP flasher can do really a lot of things (however I couldn't find any doc on it, you must be an SPD engineer to understand everything). Some .ini file comments can give a little help.
Click to expand...
Click to collapse
Thank you. Brother apparently I lied to ya, it wasn't SP that wouldn't flash. It was a different tool for Samsung devices. What I really need is something similar to LGUPD that will flash modified kdz firmware . I found an old school R&D tool that can make unpack and repack kdz files but can't flash since LGUP was released and LGUP won't flash a kdz file that's modified. Neither will Salt, Salt is more anal than LGUP if truth be told. It goes by LG anti-roll back rules smh. Odin won't flash a modified firmware either. You know what I'm trying do right? Sneak a patched boot image and/or custom recovery through.

Jackspsychosis said:
Thank you. Brother apparently I lied to ya, it wasn't SP that wouldn't flash. It was a different tool for Samsung devices. What I really need is something similar to LGUPD that will flash modified kdz firmware . I found an old school R&D tool that can make unpack and repack kdz files but can't flash since LGUP was released and LGUP won't flash a kdz file that's modified. Neither will Salt, Salt is more anal than LGUP if truth be told. It goes by LG anti-roll back rules smh. Odin won't flash a modified firmware either. You know what I'm trying do right? Sneak a patched boot image and/or custom recovery through.
Click to expand...
Click to collapse
I don't have much knowledge on lgup (other than it didn't even recognize my c299 - lgup+uppercut). During my SP rooting attempt I went into a vbmeta signature issue that blocks any modified boot/recovery. I wrote here a long story about that...
Finally, all this hardly worth the time spent on it (at least, as I'm not a harcore pro ;-)

Can you help with this gzip error, please? Thanks

Software Development FYT Firmware Workbench 2.0

# FYT-Firmware-Workbench
PLEASE DO NOT USE WITH T'EYES CC3 FIRMWARE
Scripts intended to mount the FYT UIS7862 firmware, make modifications and reassemble it back
They can retrieve the firmware from specified location and after modification, they can put the packed and signed firmware into another specified location
Files:
1-) config.ini = A file to setup parameters, paths for the original firmware and patched firmware, temp directory to work with firmware files and mount point to edit the firmware
2-) import_original.sh = Retrieves the ZIP file from the location specified in config.ini
3-) import_patched.sh = Retrieves the same files that 'import_original.sh' but from the patched location specified in the config.ini (normally a firmware that you've already patched before)
4-) unpack.sh = (autorun after import*) Unpack the imported firmware and create the mount moints (as specified in the config.ini file) to work with the firmware
5-) tweaker.sh = Allows change Locale, Language, Country and allows enabling ADB and OTG (if hardware supports it)
6-) inject_mods = Copies all contents of "_mods" folder into system partition, like gps.conf or even bootanimation, up to you to creat the same folder structure with your own files to inject
7-) repack.sh = Unmount the modified firmware from the mount points, delete the mount points, assembly the new ZIP file, sign it and move it to the patched directory as specified in config.ini
clean_local.sh = This script will unmount the firmware and delete it, it will also delete temporary files. as its name says, it cleans the local workbench !
N'joy it !
[CHANGELOG]
2.0 Introduces a different ZIP signature method
1.0 Initial release

Did you already try to flash it? I seed that you sign with the test keys but does that now work on the 7862?
On the previous architectures the recovery did not allow self signed zips.

Yes it works well, of course I flashed a modified 6315_1 befor make this post. You can trust the scripts, take a look at the tweaker.sh who allow you to modify some settings, Locale,Region, Coutry, and more to come !

Hi,
I tried your tools. Nice work.
I first did the "import_original.sh" and then the "unpack.sh". I did use this on a RPi4 running Debian Linux. All my Linux machines are currently RPi boxes and I use my headless server RPi4 for most stuff I do myself on images. (Next to that I have a Chromebook running Linux as well, but that one doesn't allow me to mount images in the linux sandbox.)
In the unpack.sh I get errors after brotli on the resizing of all the images:
Bash:
**********************************************
Processing 'system' image ...
BROTLI -- Handling system.new.dat.br...
Converting system.new.dat file into system.img file
When tring the "Converting .." is where it goes wrong without error message. The sdat2img is using "#!/usr/bin/env python" which, on an python3 only system gives "/usr/bin/env: ‘python’: No such file or directory"
When I change the call to "python3 sdat2img.py <etcetera>" it works. It might be better to use something like
Code:
if [ `which python` ]; then
./tools/sdat2img.py
elif [ `which python3`]; then
python3 ./tools/sdat2img.py
else
printf "\n\nNo python found!!\n\n"
exit 1
fi
Otherwise your created dat file is 0 bytes (simply an echo of 0 bytes to a new file), then giving corrupt empty images of 128 MB when trying to resize them.
And about the resizing/shrinking of the images: Why do you do that?
Simply leave the img as is and mount it read-write, not read-only.
Please use
Code:
mount -t ext4 -o loop,rw $unzippedPath$i.img $MOUNTPOINT/$i
and then simply copy (as root) your stuff in or make the modifications directly (as root). After unmounting you can immediately repack and brotli-compress it again. No extra intermediate steps necessary.
****
And some other remarks (actually a bit of nit-picking, please don't feel offended. I think you did a great job):
You use and pack a 64bit jdk with it, which is of course very convenient in most cases but doesn't work on my ARM raspberry pi.
I would put something in the shell script like
Bash:
echo "Singning '${FIRMWAREZIPFILENAME}' file..."
if [ -n `which java` ]; then
# Not found. Use packed version and hope it is a 64bit system
tools/jdk64/bin/java -jar tools/SignApkv2.jar <etcetera>
else
# Use system version
java -jar <etcetera>
fi
You also use
Bash:
echo " "
echo "READY !!!."
echo " "
Why not use
Code:
printf "\n\nREADY !!!\n\n"

Don't feel offended at all fellow, that's normal you're improving the scripts so suit your needs, that's normal, and your code (above) seems much more adapted than mine, I packed a 64bit java 8 cause java 11 does not sign the ZIP, (or at least I didn't reach the sign correctly)
Y have a giltab at home with that projects (FYT, TS10 etc....) y you want to participate and pull-request your changes, os help me improving that scripts, you're welcome and I'll send you the link via PM

mariodantas said:
I packed a 64bit java 8 cause java 11 does not sign the ZIP, (or at least I didn't reach the sign correctly)
Click to expand...
Click to collapse
Yes, you are right. the signapkv2 is already very old. I forgot that. I just tested and java V11 comes without the sun packages.

Will add and arm64 java 8 and detect the proc architecture by scripts to select the right java

@surfer63 I forgot to tell you that I released FYT Firmware Workbench 2.0 which includes another 6315_1 signature method (no more signapkV2), (as required with lsec6315update after Jul/2/22) thos signs well the new 6315_1 files, so we can still modify their contents and repack again and flash without the message: "Please use legal system"

I finally got my images to mount. (had to sudo)
I used the modifications @surfer63 suggested. (python3 was the trick here)
edit: are the mountpoints supposed to be RO? I'm getting "no space.." error running the tweaker.

j-5 said:
I finally got my images to mount. (had to sudo)
I used the modifications @surfer63 suggested. (python3 was the trick here)
edit: are the mountpoints supposed to be RO? I'm getting "no space.." error running the tweaker.
Click to expand...
Click to collapse
No, they shoud have 128Mb + each uhntil repack
NOTE: before running FYT Firmware Workbench do a "sudo su" (you must run as ROOT) that's why it didn't work flawlessly, I'll modify the scripts to ask for sudo su if needed !

@mariodantas : Your FYT workbench was still in the Android head units section. I had it moved to the FYT forum.

mariodantas said:
No, they shoud have 128Mb + each uhntil repack
NOTE: before running FYT Firmware Workbench do a "sudo su" (you must run as ROOT) that's why it didn't work flawlessly, I'll modify the scripts to ask for sudo su if needed !
Click to expand...
Click to collapse
OK, got it.
I had commented out the "expand' part, my bad .

Is there a github repo for the latest scripts? I'd love to try this out.

No Github, I'll release some fixes soon !

mariodantas said:
I'll release some fixes soon !
Click to expand...
Click to collapse
this is very good, thanks for your hard work!
I am also having trouble parsing the system.new.dat.br file (I only chose to edit it in config). After changing to python3, file began to be mounted and repack. But I get an error on the device in the middle of installation related to "dynamic_partitions_op_list" even though I didn't change anything

Where are the 2.0 tools?

Andy826 said:
Where are the 2.0 tools?
Click to expand...
Click to collapse
In the OP

surfer63 said:
And about the resizing/shrinking of the images: Why do you do that?
Click to expand...
Click to collapse
@surfer63 I do that to allow me to add content inside, if not, the free size is 0Kb after mount

@mariodantas The CC3 Firmware Tools don't seem to work with the January firmware. The error when using them on the January firmware is:
Code:
ext2fs_open2: Bad magic number in super-block
e2fsck: Superblock invalid, trying backup blocks...
e2fsck: Bad magic number in super-block while trying to open _tmp/_firmware/elable.img
Any chance of this being fixed please?

ahmed123 said:
Any chance of this being fixed please?
Click to expand...
Click to collapse
Not compatible with CC3 anymore