So, some of you may have seen my work from the Android TV Platform, as i have done with AMLogic based devices im in the process of doing the same for MTK based devices, im making a full functional tool to disassemble and reassemble MTK firmware, suprisingly the firmware structure is very similar.
If anyone is interested in learning more about MTK firmware i made a video on manually splitting MTK dumped firmware HERE, so check it out, like and subscribe to my channel for more content!
What i have done
- Made a program to split an MTK firmware dump
- Split the ramdisk header to allow unpacking
- Unpack the kernel/recovery
- Unpack system
- Unpack cache
What i need help with?
i need the following info
- How to make an MTK scatter file manually
- How to repack the system with the proper partition length
- How to unpack logo.bin manually
- How to dump a firmware manually over USB without SP flash tool
Ive done some research already and dug in abit myself with no success, if needed i can provide code, binaries ive built etc to help with this
Ricky Divjakovski said:
So, some of you may have seen my work from the Android TV Platform, as i have done with AMLogic based devices im in the process of doing the same for MTK based devices, im making a full functional tool to disassemble and reassemble MTK firmware, suprisingly the firmware structure is very similar.
What i have done
- Made a program to split an MTK firmware dump
- Split the ramdisk header to allow unpacking
- Unpack the kernel/recovery
- Unpack system
- Unpack cache
What i need help with?
i need the following info
- How to make an MTK scatter file manually
- How to repack the system with the proper partition length
- How to unpack logo.bin manually
- How to dump a firmware manually over USB without SP flash tool
Ive done some research already and dug in abit myself with no success, if needed i can provide code, binaries ive built etc to help with this
Click to expand...
Click to collapse
Hey mate,
Ive gota fair bit of experience with Mediatek,
Scatters can be manually created using notepad +
All you have to do is lay them out correctly, i can upload a few in a zip if youd like ive got variations of scatters from
MT6572 nand & emmc 4 - 5 diff models
MT6737M emmc from 2 models
With taking a backup also i use NCK_MTK_Dongle theres a cracked version aswell that works takes all partitions and backs them up into singular .file format files which depending on the fs layout are as follows
Preloader
Uboot
Bootimg
Recovery
Secro
Logo
Tee1
Tee2
Simlock
Frp
Scatter_File.txt
Just for some examples,
I use mtk extractor to take the boot/recovery/system.imgs apart and repack but its only compatible with ext4 format, can also compile an ext4 system.img from scratch using it aswell, specifically though i use it for the boot and recoveries as its specifically designed to handle the MTK headers, also has a nice pull layout that consists of the kernel as a whole, ramdisk as a whole, boot.img boot_old.img, bootinfo.txt and then initrd folder containing the entire layout of the boot or recovery with init files and fstab etc but ive also noticed it will unpack and repack Qualcomm, SPD & samsung boot.imgs no problem also,
Unpacking your logo.bin also can be done with the program LogoBuilder lastest version that was released is 1.6 you can decompile the logo.bin edit the pictures etc then use the program to recompile it back into a logo.bin
Hope that helps you out a bit
Matty1993 said:
Hey mate,
Ive gota fair bit of experience with Mediatek,
Scatters can be manually created using notepad +
All you have to do is lay them out correctly, i can upload a few in a zip if youd like ive got variations of scatters from
MT6572 nand & emmc 4 - 5 diff models
MT6737M emmc from 2 models
With taking a backup also i use NCK_MTK_Dongle theres a cracked version aswell that works takes all partitions and backs them up into singular .file format files which depending on the fs layout are as follows
Preloader
Uboot
Bootimg
Recovery
Secro
Logo
Tee1
Tee2
Simlock
Frp
Scatter_File.txt
Just for some examples,
I use mtk extractor to take the boot/recovery/system.imgs apart and repack but its only compatible with ext4 format, can also compile an ext4 system.img from scratch using it aswell, specifically though i use it for the boot and recoveries as its specifically designed to handle the MTK headers, also has a nice pull layout that consists of the kernel as a whole, ramdisk as a whole, boot.img boot_old.img, bootinfo.txt and then initrd folder containing the entire layout of the boot or recovery with init files and fstab etc but ive also noticed it will unpack and repack Qualcomm, SPD & samsung boot.imgs no problem also,
Unpacking your logo.bin also can be done with the program LogoBuilder lastest version that was released is 1.6 you can decompile the logo.bin edit the pictures etc then use the program to recompile it back into a logo.bin
Hope that helps you out a bit
Click to expand...
Click to collapse
This info is somewhat useful, however im looking more towards a way of making a scatter file from a dumped firmware from a device, i see /proc/dumchar_info has some decent info, however some info i have no idea how its obtained
would you still be able to upload the scatter files for comparison?
As for the backup, what i wanna do is similar to what SP flash tool does, read from one memory address to another, i dont wanna use 3rd party tools either, i prefer to code them myself
I can unpack all that, and i can also repack the kernel, but the system im not sure how the size is defined, i may just recursively loop until a system.img larger than 2mb is created
Unfortunately that tool doesnt work with my logo.bin, ive tried but its pretty much a distorted image, and id like to code this myself aswell
Thank you for the info, if you can please upload those scatter files and ill keep you posted on the progress
Ricky Divjakovski said:
This info is somewhat useful, however im looking more towards a way of making a scatter file from a dumped firmware from a device, i see /proc/dumchar_info has some decent info, however some info i have no idea how its obtained
would you still be able to upload the scatter files for comparison?
As for the backup, what i wanna do is similar to what SP flash tool does, read from one memory address to another, i dont wanna use 3rd party tools either, i prefer to code them myself
I can unpack all that, and i can also repack the kernel, but the system im not sure how the size is defined, i may just recursively loop until a system.img larger than 2mb is created
Unfortunately that tool doesnt work with my logo.bin, ive tried but its pretty much a distorted image, and id like to code this myself aswell
Thank you for the info, if you can please upload those scatter files and ill keep you posted on the progress
Click to expand...
Click to collapse
Hey mate sorry for late reply im on aus time
Ahh i see what you mean now, im not to sure on how the system is defined to be honest mediatek is some what uniqe to say the least to me compared to everything else ive worked on before, ive noticed that aswell with fuzzy images in logobuilder inparticular on MT6979 the scatter though also had a very strange layout,
Speaking of which ive zipped up a few diff ones for you to use as reference, youll see some of the ways they are layed out is very different to one another as you will see defined within them,
https://drive.google.com/file/d/189H5EXS0ZqNuqn75A7ZNEOLo-Efq0T_h/view?usp=drivesdk
Ill be keen to try your tool once done aswell, are you going GUI based or Terminal command line based with it
Matty1993 said:
Hey mate sorry for late reply im on aus time
Ahh i see what you mean now, im not to sure on how the system is defined to be honest mediatek is some what uniqe to say the least to me compared to everything else ive worked on before, ive noticed that aswell with fuzzy images in logobuilder inparticular on MT6979 the scatter though also had a very strange layout,
Speaking of which ive zipped up a few diff ones for you to use as reference, youll see some of the ways they are layed out is very different to one another as you will see defined within them,
https://drive.google.com/file/d/189H5EXS0ZqNuqn75A7ZNEOLo-Efq0T_h/view?usp=drivesdk
Ill be keen to try your tool once done aswell, are you going GUI based or Terminal command line based with it
Click to expand...
Click to collapse
ah, im in aus time aswell
ill get this together one way or another, might just take a little time
it will be GUI based
Thanks for the upload!
Ricky Divjakovski said:
ah, im in aus time aswell
ill get this together one way or another, might just take a little time
it will be GUI based
Thanks for the upload!
Click to expand...
Click to collapse
All mate good to see another aussie on here
All sweet for things to work it takes time to figure out how they work first before anything is even built then debugged, completely understand im just happy to see some more MTK support happening as most of my tools are 4-5 years old for mtk so i think its great
Ill be waiting patiently cheers
Matty1993 said:
All mate good to see another aussie on here
All sweet for things to work it takes time to figure out how they work first before anything is even built then debugged, completely understand im just happy to see some more MTK support happening as most of my tools are 4-5 years old for mtk so i think its great
Ill be waiting patiently cheers
Click to expand...
Click to collapse
as i was saying most of the unpacking is done, the firmware structure is very similar to AMLogics(split the file from the start address to the file size in bytes), its pretty much just those few things i need, then repacking and i can dig into the GUI, id like to know more about how MTK droid tools creates a scatter file via ADB, it seems it uses some info from /proc/dumchar_info but that doesnt specify much, maybe the parameters are guessed???
ive attached a picture of my basic attempt to programatically create a scatter file, the highlighted lines are lines i dont know where this information comes from, nor do i know if those lines are the same for every MTK device
Ricky Divjakovski said:
as i was saying most of the unpacking is done, the firmware structure is very similar to AMLogics(split the file from the start address to the file size in bytes), its pretty much just those few things i need, then repacking and i can dig into the GUI, id like to know more about how MTK droid tools creates a scatter file via ADB, it seems it uses some info from /proc/dumchar_info but that doesnt specify much, maybe the parameters are guessed???
ive attached a picture of my basic attempt to programatically create a scatter file, the highlighted lines are lines i dont know where this information comes from, nor do i know if those lines are the same for every MTK device
Click to expand...
Click to collapse
I think mtk droid tools also pulls info from
cat proc/mounts & cat proc/partitions
Aswell as cat proc/dumchar_info as ive noticed some mtk devices even MT6737M dont have dumchar_info available if that helps a bit, some mtk structures slightly can differ also in certain areas, will your tool support UBIFS also ? Forgot to ask been trying to find a tool to dissasemble ubifs
Matty1993 said:
I think mtk droid tools also pulls info from
cat proc/mounts & cat proc/partitions
Aswell as cat proc/dumchar_info as ive noticed some mtk devices even MT6737M dont have dumchar_info available if that helps a bit, some mtk structures slightly can differ also in certain areas, will your tool support UBIFS also ? Forgot to ask been trying to find a tool to dissasemble ubifs
Click to expand...
Click to collapse
over time i can only hope the MTK community is like the amlogic community and have people send me devices for testing purposed, with AMLogic it was easy to obtain the info i needed because it resided in the firmware itself, i do however think this may be able to be done because mtk droid tools includes a feature where its able to split the firmware and create a scatter
As for ubifs, link me to the firmware and ill see what i can do, i should be able to do this
I just updated the thread with more information on how to manually split MTK dumped firmware, i will add more when i get around to it
Just an update, tools are coming along good, ive made substantial progress and upacking is done, generating the scatter file is coming together, repacking is almost done aswell, should have a release in about a week
Unpack/Repack Logo.bin https://forum.xda-developers.com/showthread.php?t=1953726
Any advancement with this?
good morning my friends I dedicate myself mainly to hardware I have some phones with dead emmc I want to change it the question the question have you worked with the preloader? For example I have the mt6592 and I want to mount the emmc (emcp) KMRX1000BM-B614 with 3gb of ram and 32gb of rom EMMC NAME: RX1BMB and it is CSD rev: 1.8 (MMC 5.1) it cannot be changed in name, who could edit the preloader.bin
Related
I want to unpack the img but don't want to use in my pc(too confused).
so I want to unpack by the phone,
thank you
ytyyutianyun said:
I want to unpack the img but don't want to use in my pc(too confused).
so I want to unpack by the phone,
thank you
Click to expand...
Click to collapse
I don't think there is. Maybe I'm wrong too.
Basically all these boot.img tools are written in shell/bash and is made specifically to run in Linux distros.
Anyways there is an Android app called, Complete Linux Installer that lets you install any Linux OS in your phone. But I doubt whether boot.img tools work, as it needs various library files for it to work.
On a side note, I guess it would be more complex to do it in phone rather than in PC, if there is some way for it to work.
coolsandie said:
I don't think there is. Maybe I'm wrong too.
Basically all these boot.img tools are written in shell/bash and is made specifically to run in Linux distros.
Anyways there is an Android app called, Complete Linux Installer that lets you install any Linux OS in your phone. But I doubt whether boot.img tools work, as it needs various library files for it to work.
On a side note, I guess it would be more complex to do it in phone rather than in PC, if there is some way for it to work.
Click to expand...
Click to collapse
Thank you for your reply, but do you feel strange that the IMG is created by the recovery, so it is rational that there is a tool about IMG building. then why there is no apk. I mean some professional can extract just from the CWM recovery, I think.
need root
if you wanna get boot.img i think you must be rooted.
k0tsompakos said:
if you wanna get boot.img i think you must be rooted.
Click to expand...
Click to collapse
yes, I root, so I can use the recovery to back and restore,
I think any app that can access zip files in the internal and external memory can extract boot.img.
Like ASTRO File Manager and stuff...
recovery?
You wanna install a rom?
or recovery??
or we speak about boot.img? (Boot img is the boot animation when you turn on your phone.)
k0tsompakos said:
You wanna install a rom?
or recovery??
or we speak about boot.img? (Boot img is the boot animation when you turn on your phone.)
Click to expand...
Click to collapse
Nooooo
boot.img is the kernel (zImage + Ramdisk packed into an image file) that lies in the /boot partition
@ OP - If you want to extract boot.img itself, there are various methods and from CWM recovery like you said. I thought you were mentioning about how to unpack the contents of the boot.img say like zImage, Ramdisk and other files.
0ops
0ops yeah... :silly:
Searching for 1 minute and found this tool :good:
--> [TOOL] Boot.img tools [unpack, repack, ramdisk] <--
( I do not send link cause i am new here and can't :angel: )
It works. Have a nice day
k0tsompakos said:
0ops yeah... :silly:
Searching for 1 minute and found this tool :good:
--> [TOOL] Boot.img tools [unpack, repack, ramdisk] <--
( I do not send link cause i am new here and can't :angel: )
It works. Have a nice day
Click to expand...
Click to collapse
Yes, that's the tool and it works :good:
But as OP mentioned, he wanted to do it within phone, I highly doubt though.
coolsandie said:
Yes, that's the tool and it works :good:
But as OP mentioned, he wanted to do it within phone, I highly doubt though.
Click to expand...
Click to collapse
It could be done using this post http://forum.xda-developers.com/showpost.php?p=20227868&postcount=1124 and a hex editor from play store on your phone. But would be even more fiddly than on pc I would imagine, unless your phone has a largish screen. It could be done though.
If editing the ramdisk, you would need to unpack and repack after editing, which usually requires linux. I recently found http://forum.xda-developers.com/showthread.php?t=2036528 for PC, but have not had a chance to try it yet, seems best solution for OP
coolsandie said:
Yes, that's the tool and it works :good:
But as OP mentioned, he wanted to do it within phone, I highly doubt though.
Click to expand...
Click to collapse
thank you coolsandie, the android is based on linux, isn't it, and if I can, I can install busybox.and using the terminal like Android Terminal Emulator, but I do not know the procedure. like you, it's more complex,
Robbie P said:
It could be done using this post http://forum.xda-developers.com/showpost.php?p=20227868&postcount=1124 and a hex editor from play store on your phone. But would be even more fiddly than on pc I would imagine, unless your phone has a largish screen. It could be done though.
If editing the ramdisk, you would need to unpack and repack after editing, which usually requires linux. I recently found http://forum.xda-developers.com/showthread.php?t=2036528 for PC, but have not had a chance to try it yet, seems best solution for OP
Click to expand...
Click to collapse
it's good tool, it can unpack the boot.img, but as to the kernel, I don't know how to unpack. but this tool add to my favorite, thanks Robbie.
OK, I find the app, names: yaffs, the author I don't know because I found in the search engine. so I also cannot find the course
then the app,
I saw a few people post that they built ROMs for this device using dsixda's kitchen. Just wanted to know if you had to create a 'hammerhead' file for the storage mount points since this isn't included in the supported devices (obviously because the tool isn't being updated anymore).
If you created a mount point file, can you please post the contents so I can reuse (fyi... I've installed this on a Mac, but should be able to reverse engineer one from a different OS)? I'm a bit of a noob using this kitchen and just got it configured on my mac yesterday. Just looking to mess around with it a bit for lack of a better thing to do.
I´ve also created device files for several devices, it´s not as hard as it sounds, as long as you´ve read the OP in this thread ?
http://forum.xda-developers.com/showthread.php?t=633246
You need to unpack one Stock Kernel of the device you want to add the support to the kitchen, check the contents of the RAMdisk for the required mounting points and add them yourself ?
teknomar7 said:
I saw a few people post that they built ROMs for this device using dsixda's kitchen. Just wanted to know if you had to create a 'hammerhead' file for the storage mount points since this isn't included in the supported devices (obviously because the tool isn't being updated anymore).
If you created a mount point file, can you please post the contents so I can reuse (fyi... I've installed this on a Mac, but should be able to reverse engineer one from a different OS)? I'm a bit of a noob using this kitchen and just got it configured on my mac yesterday. Just looking to mess around with it a bit for lack of a better thing to do.
Click to expand...
Click to collapse
Gorgtech said:
I´ve also created device files for several devices, it´s not as hard as it sounds, as long as you´ve read the OP in this thread ?
http://forum.xda-developers.com/showthread.php?t=633246
You need to unpack one Stock Kernel of the device you want to add the support to the kitchen, check the contents of the RAMdisk for the required mounting points and add them yourself ?
Click to expand...
Click to collapse
That's how I got to this point to begin with was by going through that thread. I just don't want to get the syntax wrong and I'm not 100% sure what all those parms mean in that template file. Plus the info in the recovery.fstab file seemed to be quite different from the ones already in that folder. I was hoping someone would be able to just give me a copy so I can check my syntax. Sort of a learning experience for me.
i will try
Hi folks.
I have an unusual smartphone from a Brazilian manufacturer, CCE, who have been bought for Lenovo.
This manufacturer are not exactly knowed for their support our product quality and I'm prety sure my device will not be updated or suported for any longer.
It's the SK504 and I want to try to customize the rom, build tunning apps (battery consumption sucks) and things like that. I have a good programming backgroung but not for mobile devices so I'm stepping on eggs for now.
The first thing I tried to do was get a backup from my actual rom so if I mess with something I shouldn't I would be able to come back to a working version through fastboot.
long story short, I managed to obtain through romdump 5 files; checksum.md5, config.gz, system.info.gz and system.tar
but, in the posts I been reading, it gives me the idea that I should get a boot.img, a recovery.img and a system.tar.gz
And with this I would be able to generate my own system.img through a different process.
Since I'm not being able to find what I did wrong, can anyone tell me if there are a different way to get those boot.img and recovery.img?
I tried the "adb backup -f boot.img boot" but it generates a 1kb .img file and I don't believe this is a valid boot.img.
rhodesbauer said:
Hi folks.
I have an unusual smartphone from a Brazilian manufacturer, CCE, who have been bought for Lenovo.
This manufacturer are not exactly knowed for their support our product quality and I'm prety sure my device will not be updated or suported for any longer.
It's the SK504 and I want to try to customize the rom, build tunning apps (battery consumption sucks) and things like that. I have a good programming backgroung but not for mobile devices so I'm stepping on eggs for now.
The first thing I tried to do was get a backup from my actual rom so if I mess with something I shouldn't I would be able to come back to a working version through fastboot.
long story short, I managed to obtain through romdump 5 files; checksum.md5, config.gz, system.info.gz and system.tar
but, in the posts I been reading, it gives me the idea that I should get a boot.img, a recovery.img and a system.tar.gz
And with this I would be able to generate my own system.img through a different process.
Since I'm not being able to find what I did wrong, can anyone tell me if there are a different way to get those boot.img and recovery.img?
I tried the "adb backup -f boot.img boot" but it generates a 1kb .img file and I don't believe this is a valid boot.img.
Click to expand...
Click to collapse
Instead of making a backup, have you tried to find original restore image? Usually it is a an .IMG file.
qwertyu123 said:
Instead of making a backup, have you tried to find original restore image? Usually it is a an .IMG file.
Click to expand...
Click to collapse
I used Root Explorer to look for both, recovery.img and *.img.
No result.
try this http://forum.xda-developers.com/showthread.php?t=2450045
I want to make a full copy of a MTK6580 smartwatch firmware before make changes on it, but MTK droid tools I used before with other MTK devices can´t detect this... please, I need a starting point on how to do it with this device...
Thanks
A starting point:
SP FlashTool, a scatter file of similar device and cat /proc/parti*
Then change the starting addresses and sizes to match yours.
CXZa said:
A starting point:
SP FlashTool, a scatter file of similar device and cat /proc/parti*
Then change the starting addresses and sizes to match yours.
Click to expand...
Click to collapse
THANKS. I am not sure if I can access to /proc/ folder, from the device or the PC, or if partitions will list all addresses, but I wil try. I have scatter (and firmware ) of the same device (other brand, but same hardware) but I don´t know if same hardware with different firmware could have different partition addresses., so I didn´t use it to save my actual firm.
Thanks again this is a good starting point. :good::good:
Worked, I´ve got the /proc/par* addresses. I will try to do the backup now. THANKS
Hello all.
I haven't posted here for years. My account is still active, but I am no longer allowed to post in specific forums regarding ROMs, so I am asking here.
[moderators: sorry if this is the wrong topic. It is the closest I could find, since my question is not device specific]
I have an Android 9 box which is signed with AOSP test certificates.
I also have an update.zip file for this box.
This box has A/B OTA support, it is working and verified through fastboot.
I want to edit and repackage the update.zip
I know how to do it on old ROMs, but I could not find any tool that can repackage payload.bin
There are several tools to unpack it, and I used one to extract boot.img and system.img
But I can't find any way to package these files back in to payload.bin format.
I tried various google searches and even analyzing the open source unpacking tools, but building a packaging tool from scratch is too complex for me at this point.
Any advice?
Have you found anything for this? I am trying to repack the payload.bin as well from modified IMG files, but I cant find anything on the web.
I extracted this script from linux-86 tools, pretty sure this is the one that repacks all the images into payload.bin, but donno what's the exact code inside it that makes it possible... Understand the last 100 lines & you might succeed.
MPK99 said:
I extracted this script from linux-86 tools, pretty sure this is the one that repacks all the images into payload.bin, but donno what's the exact code inside it that makes it possible... Understand the last 100 lines & you might succeed.
Click to expand...
Click to collapse
MPK99 said:
I extracted this script from linux-86 tools, pretty sure this is the one that repacks all the images into payload.bin, but donno what's the exact code inside it that makes it possible... Understand the last 100 lines & you might succees
Click to expand...
Click to collapse
Please Teach me, how to repack .img files into payload.bin
Did u Already Know How To Repack .img Files Into Payload.bin?
MPK99 said:
I extracted this script from linux-86 tools, pretty sure this is the one that repacks all the images into payload.bin, but donno what's the exact code inside it that makes it possible... Understand the last 100 lines & you might succeed.
Click to expand...
Click to collapse
Hello do you still have this script trying to repack a QCM6125 with magisk and twrp
Edit: Its advised to use superR's kitchen
SuperR Kitchen
forum.xda-developers.com
Hey
I've also tried everything, how do you pack it back into a payload.bin, I only wanted usb rights in the Platform.xml, I didn't want that anymore, that's enough for me, but how do I pack it again, thanks
I'm asking here as I never got an answer, sorry
don't want root
Thanks