Database Info

[GUIDE] Changing the Bootloader Graphic

WARNING: This guide involves modifying your phone's boot loader and may brick your phone if done incorrectly. It is most likely to soft brick your phone if something goes wrong, meaning it should be recoverable.
NOTE: This guide instructs how to replace the boot graphic in the boot loader but does not modify the kernel graphic. Doing this requires compiling the kernel.
Prerequisites:
Heimdall or Odin, with appropriate drivers. (The guide is for Heimdall)
A replacement.jpg graphic that is not greater than 68,849 bytes. The file should be 480x800.
A copy of param.lfs for your phone. This file is included in the Heimdall one-click packages, and probably other places.
Running Gingerbread bootloaders.
Steps:
Open both replacement.jpg and param.lfs in a hex editor.
Go to offset 532480 in param.lfs. At this location, there should be a JPG beginning of file (BOF) marker FF D8.
Verify that offset 601327 contains the JPG end of file (EOF) marker, FF D9. There are other JPG BOF and EOF markers between these two offsets because this JPG file contains embedded thumbnails for some stupid reason.
Go back to offset 532480. Use your hex editor to paste the contents of replacement.jpg into param.lfs at offset 532480 in overwrite mode. Use of overwrite mode will ensure that the file does not change size and other offsets are not affected. Use of a replacement.jpg less than 68,849 bytes ensures that other data within param.lfs is not overwritten.
Save new file as param2.lfs. Verify it is the same size as param.lfs
Heimdall:
Ensure that Heimdall, the Heimdall front-end, and appropriate drivers are installed.
Connect your phone via USB and start the Heimdall front-end.
Under the Utilities tab, click Save As and save your PIT as device.pit.
Click Download.
Under Flash tab, in the PIT subwindow, click Browse and select device.pit.
Click Add in the Partitions (Files) subwindow, and select PARAM from the Partition Details subwindow. NOTE: if you do not select the PARAM partition, there is potential to hard brick your device when you flash.
Click Browse in the File subwindow, and select your modified param2.lfs. NOTE: If your param2.lfs is corrupted, or if the flash otherwise fails, your device will be soft bricked and your device will be in download mode (although it will not have the familiar yellow screen). Attempt to reflash the PARAM partition with param.lfs.
Verify that PARAM is selected in the Partition Details subwindow. Click Start to flash param2.lfs with Heimdall to the PARAM partition.
Credit:
hexedit method: http://forum.xda-developers.com/showthread.php?t=1315401

These are some handy utility functions I wrote in Python.
This script finds most of the JPG files in param.lfs. It will choke on JPG files with embedded images.
Code:
import re
jpg = re.compile(b'\xff\xd8.*?\xff\xd9', re.DOTALL);
data = open('param.lfs','rb').read()
jpgs = re.findall(jpg, data)
for i,image in enumerate(jpgs):
open( str(i)+'.jpg', 'wb' ).write(image)
This lists all the JPG BOF and EOF file markers. Helps for spotting images with embedded thumbnails.
Code:
import re
import binascii
jpg = re.compile(b'\xff[\xd8\xd9]', re.DOTALL);
data = open('param.lfs','rb').read()
markers = re.findall(jpg, data)
for i, m in enumerate(markers):
print "%i: %s" % (i, binascii.hexlify(m))

An update to this post. I have written a script which is run on your desktop with a Python installation that perofrms the modification of the param.lfs binary. Attached to this post is a package containing (1) logoreplace.py, (2) param.lfs [from GB bootloader], (3) Sgs4g.pit [also from GB bootloader].
Also, I have attached a param_acid.lfs with the Team Acid logo. This will go well with your team acid kernels.
(1) ./logoreplace.py logo.jpg param.lfs
(2) adb reboot download
(3) Run heimdall-frontend
(4) Click "Flash" tab.
(5) Browse to Sgs4g.pit. Add.
(6) Select PARAM partition.
(7) Browse to param_acid.lfs
(8) Click "Start" to flash.
Here is the code:
Code:
#!/usr/bin/env python
import sys,os
if __name__ == "__main__":
if len(sys.argv) != 3:
print "Usage: %s <logo.jpg> <param.lfs>" % (sys.argv[0],)
else:
image = open(sys.argv[1],'rb').read()
fw = open(sys.argv[2],'rb+')
if len(image) <= 68849:
fw.seek(532480)
fw.write(image)
else:
print "Image file is too long. Must be <= 68849 bytes."

@tablador How do I use the script that performs the modification of the param.lfs binary (logoreplace.zip)?
I tired running the logoreplace.py after inserting my replacement.jpg in the directory on my phone and got:
Code:
/sdcard/logoreplace.py
import: not found
/sdcard/logoreplace.py 5:syntax error word unexpected (expecting ")")
I used both methods listed in the OP as well with no luck (Did not find the offsets mentioned in the first method and was a little lost on what to copy from the replacement.jpg).
I did read both OPs that you linked to in the credits.
I using the alternate method, I received an error when trying to copy replacement.jpg (In both ADB and Terminal):
Code:
cp: can't create '/mnt/.lfs/logo_T759.jpg': file exists
I am using vb final, and bh's rc1.

thomas.raines said:
@tablador How do I use the script that performs the modification of the param.lfs binary (logoreplace.zip)?
Click to expand...
Click to collapse
Are you running the script on your phone? The script runs on your desktop via Python. Sorry if that wasn't clear. Once you create the file, you flash it using Heimdall.
Also, I removed the alternate method information. As I noted, that method was untried and untested on this phone, and from what I can tell after trying it, does not seem to work. My best guess is that phone's bootloader has the offset of that information stored directly (e.g. bypasses the filesystem) so renaming the file does not work. OP all revised to reflect this.

Yes, I ran it in python. But it didn't change anything. I also renamed my image (replacement.jpg) to logo.jpg.
I added a raw_input() to see if I could see an error or something to indicate any kind of activity.
This is the output I got:
Code:
Usage: C:\Users\mydirectory\desktop\logoreplace\logoreplace.py <logo.jpg> <param.lfs>
Which is what you have set to print. Otherwise, there are no errors. I have my logo.jpg in the same directory as the logoreplace.py. What can I possibly be doing wrong?

How exactly are you running the script? And what OS?

tablador said:
How exactly are you running the script? And what OS?
Click to expand...
Click to collapse
Windows 7 (32)
I have double clicked on it, and tried running it manually using python.exe terminal and no errors. Am I suppose to copy my logo.jpg to /mtn/.lfs?
Would it be easier to just send you my logo and you could hook it up? lol...

How exactly are you running the script? If you don't tell me, I can't figure out what the problem is. Are you typing something into the commandline in windows? If so, what?

tablador said:
How exactly are you running the script? If you don't tell me, I can't figure out what the problem is. Are you typing something into the commandline in windows? If so, what?
Click to expand...
Click to collapse
I have tried typing the code you wrote in a python terminal for windows.
I have tried just running it by double clicking on it.
I just tried it in portable ubuntu by double clicking on it, but cannot get it to run (only open in text editor). I also changed it to open with python and I Usage: /home/pubunto/Desktop/logoreplace/logoreplace.py <logo.jpg> <param.lfs>.
I would think I would need to add my logo.jpg to .mnt/.lfs so it knew what image to look for.
I just tried running the logoreplace.py via pubuntu terminal. Here is the output:
Code:
[email protected]:/home/pubuntu/Desktop/logoreplace# ./logoreplace.py <logo.jpg> param.lfs
bash: ./logoreplace.py: Permission denied
[email protected]:/home/pubuntu/Desktop/logoreplace#

thomas.raines said:
I have tried typing the code you wrote in a python terminal for windows.
I have tried just running it by double clicking on it.
I just tried it in portable ubuntu by double clicking on it, but cannot get it to run (only open in text editor). I also changed it to open with python and I Usage: /home/pubunto/Desktop/logoreplace/logoreplace.py <logo.jpg> <param.lfs>.
I would think I would need to add my logo.jpg to .mnt/.lfs so it knew what image to look for.
I just tried running the logoreplace.py via pubuntu terminal. Here is the output:
Code:
[email protected]:/home/pubuntu/Desktop/logoreplace# ./logoreplace.py <logo.jpg> param.lfs
bash: ./logoreplace.py: Permission denied
[email protected]:/home/pubuntu/Desktop/logoreplace#
Click to expand...
Click to collapse
This is what you need to type:
Code:
./logoreplace.py logo.jpg param.lfs

tablador said:
This is what you need to type:
Code:
./logoreplace.py logo.jpg param.lfs
Click to expand...
Click to collapse
Yep. Just figured that out right after I sent the output. But now it change the param.lfs icon from a text icon to an blank icon with "usage" on the top. I flahsed it with heimdall which said heimdall crashed and got a oddly colorful strip on the top of the screen and now the phone is soft bricked... lol... I checked the size of my jpeg and see that it is 3 bytes over the allocated size...lol... Going to shrink it and try again... Will keep you posted...
EDIT
I got it to work! YAY!
Thanks for your help man!
The only thing, it displays before the normal boot splash logo (logo_vibrantplus.jpg). Is there a way to either replace logo_vibrantplus.jpg, or make it display after the default boot splash?

thomas.raines said:
Yep. Just figured that out right after I sent the output. But now it change the param.lfs icon from a text icon to an blank icon with "usage" on the top. I flahsed it with heimdall which said heimdall crashed and got a oddly colorful strip on the top of the screen and now the phone is soft bricked... lol... I checked the size of my jpeg and see that it is 3 bytes over the allocated size...lol... Going to shrink it and try again... Will keep you posted...
EDIT
I got it to work! YAY!
Thanks for your help man!
The only thing, it displays before the normal boot splash logo (logo_vibrantplus.jpg). Is there a way to either replace logo_vibrantplus.jpg, or make it display after the default boot splash?
Click to expand...
Click to collapse
That image is in the kernel. You would have to do your own compile. I know how to do it but it involves setting up a toolchain. I will make a guide when I have time...
Also, it is interesting that the script didn't give you an error when the filesize was bigger than it should have been. I will check that out.

tablador said:
That image is in the kernel. You would have to do your own compile. I know how to do it but it involves setting up a toolchain. I will make a guide when I have time...
Also, it is interesting that the script didn't give you an error when the filesize was bigger than it should have been. I will check that out.
Click to expand...
Click to collapse
Oh... I have no idea about setting up a toolchain or doing anything related to the kernel... yet...lol

thomas.raines said:
Oh... I have no idea about setting up a toolchain or doing anything related to the kernel... yet...lol
Click to expand...
Click to collapse
http://forum.xda-developers.com/wiki/Samsung_Galaxy_S/SGH-T959V/Building_From_Source

@FBis251 Thanks man, but still a little above my knowledge/experience level...lol...

I have attached a modified param.lfs file. I gzipped it. This should match the latest teamacid logo pretty well. Also attached is the jpg I used, which hopefully is viewable.

tablador said:
I have attached a modified param.lfs file. I gzipped it. This should match the latest teamacid logo pretty well. Also attached is the jpg I used, which hopefully is viewable.
Click to expand...
Click to collapse
not bad. gotta love plugins that modify already made images. plus if you're using team acid's latest kernel, you'll notice that they're already using the logo i made them.
sent from within pure darkness

tablador said:
I have attached a modified param.lfs file. I gzipped it. This should match the latest teamacid logo pretty well. Also attached is the jpg I used, which hopefully is viewable.
Click to expand...
Click to collapse
I was meaning to ask you for this. I really liked the video you linked us to on IRC. It makes it look so sleek.

droidmyst said:
not bad. gotta love plugins that modify already made images. plus if you're using team acid's latest kernel, you'll notice that they're already using the logo i made them.
sent from within pure darkness
Click to expand...
Click to collapse
This image will display for the one second or two before the kernel image you made loads up. Yep, used a simple Photoshop plugin because I am not much artistically inclined, at least with photoshop. Still, this kinda gives a fade-in effect when combined with your image used as the kernel image.
http://www.youtube.com/watch?v=kxBpKKDmnFY
FB, I was thinking this could be put into any one clicks you guys made if you wanted to get this in somewhere.

[TOOL][OTA][Delta Updates] DeltaJen [CyboLabs]

What is DeltaJen?
DeltaJen is a tool for quickly making an incremental update based on two update zips. It is simple to use, and easy to extend for devices that don't use a straight up method of flashing a rom.
Click to expand...
Click to collapse
Why should I use it?
Have you ever hated having to download a full rom just to do a simple update? This tool can take a 200mb rom, take out all the changes, and squish the final package to less than 10mb.
Click to expand...
Click to collapse
But what if I use CWM instead of TWRP?
No issues here. DeltaJen produces updates that even your stock recovery can apply.
Click to expand...
Click to collapse
The Geeky parts
The script uses two binaries to efficiently build an update zip. bsdiff and imgdiff. bsdiff can also be replaced by the python module bsdiff4.
No threading or multiprocessing is used currently. as it stands, barely any cpu is used, so threading will be a huge bonus.
Hooks have been added to allow you to easily change how the script adds files, or to add extra lines in the updater-script
Click to expand...
Click to collapse
How do I use this?
For a straight update zip, which has no extra files or scripts other than what is in /system and boot.img, you run this.
Note that this will change when I update the cli function.
Code:
python DeltaJen.py -b <base_zip> -i <new_zip> -o <output_zip>
# Or from python
from DeltaJen import DeltaJen
dj = DeltaJen("<old_zip.zip>", "<new_zip.zip>", "<output_zip.zip>")
dj.generate()
Click to expand...
Click to collapse
I want to include this in the build steps of a custom rom
I'm working on it for a team already
Click to expand...
Click to collapse
Requirements
Linux (untested on OSX but should work)
python 2.7 or python 3.2+ (all other versions are untested and may not work)
imgdiff (supplied below or build from source)
bsdiff (sudo apt-get install bsdiff) or python module bsdiff4 (sudo pip install bsdiff4)
at least 500mb free ram (sorry, it dumps the files to ram. sorting it out soon).
Click to expand...
Click to collapse
It does NOT fully support windows yet, due imgdiff not supporting it. You can still run it, but it will only use bsdiff
More detailed instructions will be included soon, and the docs will be improved.
If you want direct help/to contribute/generally chat, come on down to the freenode channel #CyboLabs
last but not leased.
The source
XDA:DevDB Information
DeltaJen, Tool/Utility for all devices (see above for details)
Contributors
cybojenix, @GermainZ
Version Information
Status: Alpha
Created 2014-08-06
Last Updated 2014-08-09

Reserved
Dependencies
Linux
Python
bsdiff or bsdiff4
imgdiff
DeltaJen
Windows
Python
bsdiff or bsdiff4
imgdiff
DeltaJen
System Requirements
A supported OS
Enough ram to hold both zips (two 100mb zips would need 200+mb ram)
Enough storage to hold both zips

Amazing work mate!
I guess that ROM is SlimRoms. Would be glad to see this kinda awesomeness in Slim.

OMG, another @cybojenix project!!! :victory:
Have become your fan lately...

updates
automatic system and boot info detection has been added, the script is less verbose, and you can execute it directly now.
Documentation still to come

Superb Work Cybojenix
You Rock sir

kudos to @GermainZ for the massive help with cleaning up documentation.
wiki on github is in progress to aid you all.

Woow, nice work man

Any chance this project can be combined with CyanDelta for CM or OpenDelta in OmniROM?
It would be really nice if Cyan/OpenDelta downloads the differential update but creates a small update.zip only containing changed files instead of creating the latest complete ROM zip file.

klenamenis said:
Any chance this project can be combined with CyanDelta for CM or OpenDelta in OmniROM?
It would be really nice if Cyan/OpenDelta downloads the differential update but creates a small update.zip only containing changed files instead of creating the latest complete ROM zip file.
Click to expand...
Click to collapse
CyanDelta: I can't comment on because I've seen no documentation from them, nor can I get access to one of their final delta's.
OpenDelta: basically, DeltaJen and OpenDelta have two entirely different methods of working. Omni is wanting a system that will ensure the output is exactly the same every time, and not fail if the system has been modified (a zip is built and the system is flattened before applying)

This looks great.
I did a quick test using my windows system, running the script gave me the following output.
Code:
C:\Download\DeltaJen>python DeltaJen.py -b SlimSaberKat-jflte-4.4.4-2
-i SlimSaberKat-jflte-4.4.4-20140807.zip -o update_zip
WARNING: boot information not supplied.
MTD boot info found
patching system/priv-app/BackupRestoreConfirmation.apk: 1 of 95
Traceback (most recent call last):
File "DeltaJen.py", line 716, in <module>
cli()
File "DeltaJen.py", line 702, in cli
dj.generate()
File "DeltaJen.py", line 469, in generate
self.create_patches(to_diff)
File "DeltaJen.py", line 378, in create_patches
p_data = self.compute_diff(b_file, n_file)
File "DeltaJen.py", line 584, in compute_diff
if not bs_diff:
NameError: global name 'bs_diff' is not defined
Any tips on what I did wrong

kantjer said:
This looks great.
I did a quick test using my windows system, abd have the following output.
Code:
C:\Download\DeltaJen>python DeltaJen.py -b SlimSaberKat-jflte-4.4.4-2
-i SlimSaberKat-jflte-4.4.4-20140807.zip -o updte_zip
WARNING: boot information not supplied.
MTD boot info found
patching system/priv-app/BackupRestoreConfirmation.apk: 1 of 95
Traceback (most recent call last):
File "DeltaJen.py", line 716, in <module>
cli()
File "DeltaJen.py", line 702, in cli
dj.generate()
File "DeltaJen.py", line 469, in generate
self.create_patches(to_diff)
File "DeltaJen.py", line 378, in create_patches
p_data = self.compute_diff(b_file, n_file)
File "DeltaJen.py", line 584, in compute_diff
if not bs_diff:
NameError: global name 'bs_diff' is not defined
Any tips on what I did wrong
Click to expand...
Click to collapse
Ah, line 44 should be 'bs_diff = None'
On windows, you must have the python bsdiff4 installed btw

cybojenix said:
Ah, line 44 should be 'bs_diff = None'
On windows, you must have the python bsdiff4 installed btw
Click to expand...
Click to collapse
I have bsdiff4-1.1.4.tar.gz extracted to the folder containing the script and python but that clearly isn't the way to go.
Code:
ERROR: python bsdiff4 is required for windows

kantjer said:
I have bsdiff4-1.1.4.tar.gz extracted to the folder containing the script and python but that clearly isn't the way to go.
Code:
ERROR: python bsdiff4 is required for windows
Click to expand...
Click to collapse
you need to compile it as it has c parts.
try this http://www.lfd.uci.edu/~gohlke/pythonlibs/#bsdiff4

@cybojenix
A good piece of code & nice idea! Just one suggestion - can you please try xdelta (based on VCDIFF) instead of bsdiff?? In MDL, we have a very good result by using it, both in terms of memory & speed. AFAIK, CyanDelta also uses it. If you want a Python wrapper, then see here.
Best of luck!!

Titokhan said:
@cybojenix
A good piece of code & nice idea! Just one thought - can you please try xdelta (based on VCDIFF) instead of bsdiff?? In MDL, we have a very good result by using it, both in terms of memory & speed. AFAIK, CyanDelta also uses it. If you want a Python wrapper, then see here.
Best of luck!!
Click to expand...
Click to collapse
the issue with xdelta is it won't support recovery out the box. I've considered running a script to apply them manually (obviously only to replace bsdiff for now), but I won't be doing it at this stage.

cybojenix said:
you need to compile it as it has c parts.
try this http://www.lfd.uci.edu/~gohlke/pythonlibs/#bsdiff4
Click to expand...
Click to collapse
Thanks, but the installer is complaining python 3.4.1 needs to be installed but can't be found in the registry.
I have reinstalled python 3.4.1 using the.msi but still the same error.

kantjer said:
Thanks, but the installer is complaining python 3.4.1 needs to be installed but can't be found in the registry.
I have reinstalled python 3.4.1 using the.msi but still the same error.
Click to expand...
Click to collapse
what can I say, windows sucks

cybojenix said:
what can you say, windows sucks
Click to expand...
Click to collapse
I will try it tomorrow on my linux build machine.
That's where I want to have it running eventually.

Great work :good:
Congratulations my friend.

Fire hd8 2017 root, debrick

Tested only on 2017 hd8
This post is outdated please refer to: https://forum.xda-developers.com/hd8-hd10/orig-development/unlock-fire-hd-8-2017-douglas-t3962846
1 - Open your fire hd 8 7th gen, now you need to access the pads under the board(be very careful there is a lot of glue), specifically we need the pad TP28 which is the clk signal of the emmc
2 - Get yourself a wire (I recommend one with only one conductor in the plastic shroud) or something conductive
3 - Now on a linux machine/vm (if you use a vm, do usb passthrough) go in the amonet folder and do:
Code:
sudo ./bootrom-step.sh
4 - When you see:
Code:
[2019-02-07 14:35:59.478924] Waiting for bootrom
short TP28 to ground (there is a big pad near TP28, its ground so you can use it) and plug the usb
5 - If the operation is successful you should be prompted to remove the short and press enter
6 - Wait until the script end if it's succesfull you will see:
Code:
[2019-02-07 12:11:05.621357] Reboot to unlocked fastboot
in case of any error probably you should start again from step 4
7 - now the device should reboot and go automatically in fastboot mode (if not, try unplug and plug back the usb), you can reflash any partition ex:
Code:
sudo fastboot flash <partition-name> <image-file.img>
The boot partition need to be flashed on the device in order to recover from the first part of the guide so:
Code:
sudo fastboot flash boot boot.img
You can extract boot.img from the ota archive
Becouse there is no system partition check on th 7th gen you can flash a modified system.img (a rooted one)
i will link the ota where i've extracted the .img (sorry i can't upload mine becouse my up speed is trash, 512kbit/s)
8 - Now, again on al linux machine/vm go in the folder amonet-res and run again:
Code:
sudo ./bootrom-step.sh
the steps are the same as from 3 to 6
9 - your table should reboot into FireOS
Recover from flashing the 8th gen exploit
in step 7, when you get into fastboot mode do:
Code:
sudo fastboot flash boot boot.img
with the boot.img from an ota then proceed with the other step
Ready to flash rooted system
Instead of make your own modified system image, you can flash this (thanks to @JJ2017) https://mega.nz/#F!G7pn3SCS!TWhEmzSFNctoil626IbF3A
download both boot and system from the mega link then, once you get in the fastboot mode in step 7, run from the directory where the downloaded system.img and boot.img are:
Code:
sudo fastboot flash system system.img
sudo fastboot flash boot boot.img
This method require you to install the SuperSu app (download an apk from a site like APKmirror)
Make your own system.img
Download this : https://raw.githubusercontent.com/xpirt/sdat2img/master/sdat2img.py
(assuming debian or ubuntu distro) install android-tools-fsutils
1 - get yourself an ota archive
2 - extract it
3 - put sdat2img.py in the same directory as the extracted ota
4 - do
Code:
python2 sdat2img.py system.transfer.list system.new.dat system.img
5 - now do
Code:
mkdir system && sudo mount system.img system
6 - now you can modify the image and for example install SuperSU (Install SuperSu on system.img section of the thread)
7 - unmount the image
8 - do
Code:
img2simg system.img system-a.img
9 - in fastboot mode do:
Code:
sudo fastboot flash system system-a.img
sudo fastboot flash boot boot.img
run the commands in the same folder as the .img
Install SuperSu on system.img
Coming soon. for now you can refer to Building the system image section of this post (thanks to @cybersaga) https://forum.xda-developers.com/showpost.php?p=78864228&postcount=31
Or try this script for creating a rooted system.img (thanks to @SirausKen) https://forum.xda-developers.com/showpost.php?p=78868608&postcount=39
My terminal output while i'm flashing rooted system.img
https://pastebin.com/hn2Rhk87
Thanks
- xyz' for the amonet exploit chain
- <br > for the emmc pinout
- xpirt for sdat2img

looks like I got something to try this evening.
Thanks!

NFSP G35 said:
looks like I got something to try this evening.
Thanks!
Click to expand...
Click to collapse
Please post your results

Ok, I'm gathering the required stuff to try this out.
I'm going to go through your method exactly, but I'm curious... (and this is probably a stupid question that's already been answered somewhere else) why can't we flash TWRP?

Is it just me, or is the process of manually applying SuperSU to the system image a huge pain?
Got to put it on pause for tonight. Any tips or suggestions are welcome though!

NFSP G35 said:
Is it just me, or is the process of manually applying SuperSU to the system image a huge pain?
Got to put it on pause for tonight. Any tips or suggestions are welcome though!
Click to expand...
Click to collapse
Yeah I feel like step 6 could be expanded into, like, 5 steps. I'm not sure how that's done either.

Can confirm working....
Awesome work @t0x1cSH.... after many an hour.... yes, your method successfully root Fire HD8 (2017)
Pretty much followed your guide - managed the 'SU' injection with help from the method description @ <br /> Hardmod Root (https://forum.xda-developers.com/hd...ot-hardmod-root-amazon-fire-hd-8-7th-t3851617)
Actually, not too difficult compared to the Hardmod - when fully written up this will be a game-changer
Many thanks: :good::good::good:
BTW: used Fire OS 5.3.6.4 (most recent)

I'll probably give it a try this weekend. Where did you get the OTA update from?
Update: Nevermind, I found it: https://www.amazon.ca/gp/help/customer/display.html/ref=hp_left_v4_sib?ie=UTF8&nodeId=202144610

I'm not great at Linux commands. Would anyone be kind enough to tell me how to modify the system image to include root?

I'll try this weekend as well.

niggabyte said:
I'm not great at Linux commands. Would anyone be kind enough to tell me how to modify the system image to include root?
Click to expand...
Click to collapse
See the previous post (or more to the point, see the section "Writing SuperSU" in <br />'s thread...
JJ2017 said:
... managed the 'SU' injection with help from the method description @ <br /> Hardmod Root (https://forum.xda-developers.com/hd...ot-hardmod-root-amazon-fire-hd-8-7th-t3851617)
Click to expand...
Click to collapse
Also, thanks @JJ2017 for pointing out that thread had the steps for manually patching in SuperSU.
I thought I remembered seeing it before, but couldn't remember where and majorly failed at finding it (meanwhile it's hiding out right under my nose LOL) Probably just too tired.
Anyone who does this successfully could share their patched system.img (preferably just a stock-rooted)

NFSP G35 said:
See the previous post (or more to the point, see the section "Writing SuperSU" in <br />'s thread...
Click to expand...
Click to collapse
Rather embarrassingly, I don't know what commands are required in terminal for copying, moving, and applying permissions to files...

niggabyte said:
I'm not great at Linux commands. Would anyone be kind enough to tell me how to modify the system image to include root?
Click to expand...
Click to collapse
niggabyte said:
Rather embarrassingly, I don't know what commands are required in terminal for copying, moving, and applying permissions to files...
Click to expand...
Click to collapse
No problem. Linux can be intimidating at first... Believe me, I've been there!
Fortunately, it's not hard to come up to speed and quite a rewarding experience.
Grab yourself a Linux cheat-sheet: https://www.google.com/search?q=linux+cheat+sheet&tbm=isch
I believe cp and chmod are mainly what you'll need.

NFSP G35 said:
See the previous post (or more to the point, see the section "Writing SuperSU" in <br />'s thread...
Also, thanks @JJ2017 for pointing out that thread had the steps for manually patching in SuperSU.
I thought I remembered seeing it before, but couldn't remember where and majorly failed at finding it (meanwhile it's hiding out right under my nose LOL) Probably just too tired.
Anyone who does this successfully could share their patched system.img (preferably just a stock-rooted)
Click to expand...
Click to collapse
I was about to ask the same thing, if someone want to share their rooted and preferably stock system images (like a MEGA link) i will put them on the main thread (with credits of course)
With my internet connection, upload my system.img will take forever

JJ2017 said:
BTW: used Fire OS 5.3.6.4 (most recent)
Click to expand...
Click to collapse
Their site says that 5.6.3.0 is the most recent: https://www.amazon.ca/gp/help/customer/display.html/ref=hp_left_v4_sib?ie=UTF8&nodeId=202144610
Are we looking at the same thing?
I'm wondering because I just went through this process and now the tablet won't boot. It's stuck at the "fire" logo.
So where did you get your OTA file?

cybersaga said:
Their site says that 5.6.3.0 is the most recent: https://www.amazon.ca/gp/help/customer/display.html/ref=hp_left_v4_sib?ie=UTF8&nodeId=202144610
Are we looking at the same thing?
I'm wondering because I just went through this process and now the tablet won't boot. It's stuck at the "fire" logo.
So where did you get your OTA file?
Click to expand...
Click to collapse
my guess is that you probably created a wrong symbolic link for app_process, the command should be something like:
Code:
ln -s system/xbin/daemonsu bin/app_process

t0x1cSH said:
my guess is that you probably created a wrong symbolic link for app_process, should be something like:
Code:
ln -s system/xbin/daemonsu bin/app_process
Click to expand...
Click to collapse
I did create that. I kept track of all the commands I typed. But I remounted the image to check and it's there:
Code:
[email protected]:~/Desktop# ls -l system/bin/app_process
lrwxrwxrwx 1 root root 13 Feb 8 17:09 system/bin/app_process -> xbin/daemonsu

cybersaga said:
I did create that. I kept track of all the commands I typed. But I remounted the image to check and it's there:
Code:
[email protected]:~/Desktop# ls -l system/bin/app_process
lrwxrwxrwx 1 root root 13 Feb 8 17:09 system/bin/app_process -> xbin/daemonsu
Click to expand...
Click to collapse
Should be (straight from the device)

t0x1cSH said:
Should be (straight from the device)
Click to expand...
Click to collapse
That makes a whole lot of sense! I'll try again.
---------- Post added at 06:47 PM ---------- Previous post was at 06:10 PM ----------
Hrm... now it's stuck at the Amazon logo. That's a step back.
I'll retrace my steps.

cybersaga said:
That makes a whole lot of sense! I'll try again.
---------- Post added at 06:47 PM ---------- Previous post was at 06:10 PM ----------
Hrm... now it's stuck at the Amazon logo. That's a step back.
I'll retrace my steps.
Click to expand...
Click to collapse
try to clear the cache from the recovery (power + volume down) and remember to flash boot.img from the recovery, if you forgot it the tablet will hang on the amazon logo

Question Bootloader Unlocked Warning

Has anybody figured out how to get rid of the Bootloader Unlocked warning when booting this phone? It certainly slows down the booting process.

I haven't figured it out yet. To be honest I've been trying to figure out what apps are safe to uninstall and a custom ROM or how to update to Android 12. But I'll definitely let you know if I figure a way out.

dfreedom834 said:
I haven't figured it out yet. To be honest I've been trying to figure out what apps are safe to uninstall and a custom ROM or how to update to Android 12. But I'll definitely let you know if I figure a way out.
Click to expand...
Click to collapse
I have been trying to build TWRP for this device. I am very close, but the mkbootimg command script is issuing a bad argument and I have been unable to trace it down so far.
Code:
[100% 4/4] Target boot image: /mnt/audio/android/twrp/out/target/product/minsk/boot.img
FAILED: /android/twrp/out/target/product/minsk/boot.img
/bin/bash -c "(/android/twrp/out/host/linux-x86/bin/mkbootimg --kernel /mnt/audio/android/twrp/out/target/product/minsk/kernel --ramdisk /android/twrp/out/target/product/minsk/ramdisk.img --base 0x00000000 --pagesize 4096 --cmdline \"console=ttyMSM0,115200n8 androidboot.hardware
=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,bpp=32,memsize=3072000 msm_rtb.filter=0x237 servic
e_locator.enable=1 swiotlb=1 androidboot.usbcontroller=a600000.dwc3 earlycon=msm_geni_serial,0x880000 loop.max_part=7 printk.devkmsg=on androidboot.ha
b.csv=10 androidboot.hab.product=minsk androidboot.hab.cid=50 firmware_class.path=/vendor/firmware_mnt/image buildvariant=user buildvariant=eng\" --os
_version 16.1.0 --os_patch_level 2099-12-31 --ramdisk_offset 0x01000000 --tags_offset 0x00000100 --dtb device/motorola/minsk/prebuilt/dtb.img --header
_version 2 --output /mnt/audio/android/twrp/out/target/product/minsk/boot.img ) && (true )"
mkbootimg: error: unrecognized arguments: --dtb device/motorola/minsk/prebuilt/dtb.img
ninja: build stopped: subcommand failed.
15:01:24 ninja failed with: exit status 1
So the --dtb should be --recovery_dtbo I believe. Not sure where this command is being generated in order to fix it.

I was running into problems like that I factor rest it and turned it off. Where did you compile the boot.img from? And ya it would work better if it was trying to go to the right path. I had to find a boot.img from one of the over seas ones I kept getting it were it would root but the screen did respond.

lexridge said:
So the --dtb should be --recovery_dtbo I believe. Not sure where this command is being generated in order to fix it.
Click to expand...
Click to collapse
I could be wrong but the recovery I'm using (orange fox) does use a kernel_dtb. So it seems your recovery image kernel doesn't have the right path to the dtb binary it needs. Try searching the build directory for any _dtb/.dtb and rename accordingly. I'd you need to alter the dtb from a related SoC there are tools for unpacking and modifying those.
The recovery and boot ones would be similar I imagine since those files are a map of the device's hardware.

dfreedom834 said:
I was running into problems like that I factor rest it and turned it off. Where did you compile the boot.img from? And ya it would work better if it was trying to go to the right path. I had to find a boot.img from one of the over seas ones I kept getting it were it would root but the screen did respond.
Click to expand...
Click to collapse
I took the boot.img from the full device A11 factory image.
MINSK_RETUS_11_RPCS31.Q2-109-16-2_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip
I used the same one to create my magisk boot.img as well. I used dumpyara to build the device tree using the above file for my source which seemed to work properly. No errors in other words.

elrod16 said:
I could be wrong but the recovery I'm using (orange fox) does use a kernel_dtb. So it seems your recovery image kernel doesn't have the right path to the dtb binary it needs. Try searching the build directory for any _dtb/.dtb and rename accordingly. I'd you need to alter the dtb from a related SoC there are tools for unpacking and modifying those.
The recovery and boot ones would be similar I imagine since those files are a map of the device's hardware.
Click to expand...
Click to collapse
I have a dtbo directory containing these files:
Code:
00_kernel
01_dtbdump_amxbr.dtb
02_dtbdump_amxbr.dtb
03_dtbdump_amxbr.dtb
04_dtbdump_amxbr.dtb
05_dtbdump_amxbr.dtb
I also have a dtb.img in the root of the device tree. I will copy it to dtbo.img and see what happens. Thanks for the hint.

lexridge said:
I have a dtbo directory containing these files:
Code:
00_kernel
01_dtbdump_amxbr.dtb
02_dtbdump_amxbr.dtb
03_dtbdump_amxbr.dtb
04_dtbdump_amxbr.dtb
05_dtbdump_amxbr.dtb
I also have a dtb.img in the root of the device tree. I will copy it to dtbo.img and see what happens. Thanks for the hint.
Click to expand...
Click to collapse
I think dtb.img probably has all of the dtb files compiled together

elrod16 said:
I think dtb.img probably has all of the dtb files compiled together
Click to expand...
Click to collapse
That is my thought as well.

lexridge said:
That is my thought as well.
Click to expand...
Click to collapse
I just recently had to deal with all this crap because I didn't know GPD changed which revision of the mediatek SoC they used in the GPD XD while keeping the serial numbers the same. Flashed my old one's backup on it and half the cores were stuck offlined when it booted up. Ended up having to get ahold of the stock kernel for that board revision and patch in the correct dtb for that SoC.
I don't have links but some of the sites that delve into generic Linux kernel porting have tools for decompiling kernel_dtb files to an editable form that you can then recompile if you do have device/driver issues. Also the magisk module for enabling TWRP sdcard storage backups has some Android arm64 native binaries in it that can help with tearing apart kernel/recovery images. (They both are technically kernel images, just one boots a minimal OS).
Edit: I think any dtbo files would be individual compiled object files that get linked into the final dtb image.
Edit 2: I just saw your other comment above. Congrats, that sounds like a viable (and probably long term stable) way you found.

On another topic, I have been trying to mount /system as r/w (thru adb). It appears /system is not actually a mount point but under a different mount point. Any idea what that might be? Doing a cat on /proc/mounts yeilds a crapload of mounts, with many belonging to magisk, but no /system.

I know its been 4 month since last activity, but has there been any progress on this?

There does not seem to have been much progress on this, but I read somewhere recently that the G Stylus (2021) was either the most popular or best-selling Moto phone in 2021. Who knows if that is exactly true, but if it is indeed so popular, here's to hoping that some capable developers will take an interest in it eventually!

Several folks have mentioned that loading a GSI (Generic System Image) should be possible, but I have not had any extended downtime myself to be able to try this. But if you do, you can find some guidance for the 2020 version of the G Stylus at:
https://forum.xda-developers.com/t/...ic-system-image-on-the-moto-g-stylus.4131199/

Software Development FYT Firmware Workbench 2.0

# FYT-Firmware-Workbench
PLEASE DO NOT USE WITH T'EYES CC3 FIRMWARE
Scripts intended to mount the FYT UIS7862 firmware, make modifications and reassemble it back
They can retrieve the firmware from specified location and after modification, they can put the packed and signed firmware into another specified location
Files:
1-) config.ini = A file to setup parameters, paths for the original firmware and patched firmware, temp directory to work with firmware files and mount point to edit the firmware
2-) import_original.sh = Retrieves the ZIP file from the location specified in config.ini
3-) import_patched.sh = Retrieves the same files that 'import_original.sh' but from the patched location specified in the config.ini (normally a firmware that you've already patched before)
4-) unpack.sh = (autorun after import*) Unpack the imported firmware and create the mount moints (as specified in the config.ini file) to work with the firmware
5-) tweaker.sh = Allows change Locale, Language, Country and allows enabling ADB and OTG (if hardware supports it)
6-) inject_mods = Copies all contents of "_mods" folder into system partition, like gps.conf or even bootanimation, up to you to creat the same folder structure with your own files to inject
7-) repack.sh = Unmount the modified firmware from the mount points, delete the mount points, assembly the new ZIP file, sign it and move it to the patched directory as specified in config.ini
clean_local.sh = This script will unmount the firmware and delete it, it will also delete temporary files. as its name says, it cleans the local workbench !
N'joy it !
[CHANGELOG]
2.0 Introduces a different ZIP signature method
1.0 Initial release

Did you already try to flash it? I seed that you sign with the test keys but does that now work on the 7862?
On the previous architectures the recovery did not allow self signed zips.

Yes it works well, of course I flashed a modified 6315_1 befor make this post. You can trust the scripts, take a look at the tweaker.sh who allow you to modify some settings, Locale,Region, Coutry, and more to come !

Hi,
I tried your tools. Nice work.
I first did the "import_original.sh" and then the "unpack.sh". I did use this on a RPi4 running Debian Linux. All my Linux machines are currently RPi boxes and I use my headless server RPi4 for most stuff I do myself on images. (Next to that I have a Chromebook running Linux as well, but that one doesn't allow me to mount images in the linux sandbox.)
In the unpack.sh I get errors after brotli on the resizing of all the images:
Bash:
**********************************************
Processing 'system' image ...
BROTLI -- Handling system.new.dat.br...
Converting system.new.dat file into system.img file
When tring the "Converting .." is where it goes wrong without error message. The sdat2img is using "#!/usr/bin/env python" which, on an python3 only system gives "/usr/bin/env: ‘python’: No such file or directory"
When I change the call to "python3 sdat2img.py <etcetera>" it works. It might be better to use something like
Code:
if [ `which python` ]; then
./tools/sdat2img.py
elif [ `which python3`]; then
python3 ./tools/sdat2img.py
else
printf "\n\nNo python found!!\n\n"
exit 1
fi
Otherwise your created dat file is 0 bytes (simply an echo of 0 bytes to a new file), then giving corrupt empty images of 128 MB when trying to resize them.
And about the resizing/shrinking of the images: Why do you do that?
Simply leave the img as is and mount it read-write, not read-only.
Please use
Code:
mount -t ext4 -o loop,rw $unzippedPath$i.img $MOUNTPOINT/$i
and then simply copy (as root) your stuff in or make the modifications directly (as root). After unmounting you can immediately repack and brotli-compress it again. No extra intermediate steps necessary.
****
And some other remarks (actually a bit of nit-picking, please don't feel offended. I think you did a great job):
You use and pack a 64bit jdk with it, which is of course very convenient in most cases but doesn't work on my ARM raspberry pi.
I would put something in the shell script like
Bash:
echo "Singning '${FIRMWAREZIPFILENAME}' file..."
if [ -n `which java` ]; then
# Not found. Use packed version and hope it is a 64bit system
tools/jdk64/bin/java -jar tools/SignApkv2.jar <etcetera>
else
# Use system version
java -jar <etcetera>
fi
You also use
Bash:
echo " "
echo "READY !!!."
echo " "
Why not use
Code:
printf "\n\nREADY !!!\n\n"

Don't feel offended at all fellow, that's normal you're improving the scripts so suit your needs, that's normal, and your code (above) seems much more adapted than mine, I packed a 64bit java 8 cause java 11 does not sign the ZIP, (or at least I didn't reach the sign correctly)
Y have a giltab at home with that projects (FYT, TS10 etc....) y you want to participate and pull-request your changes, os help me improving that scripts, you're welcome and I'll send you the link via PM

mariodantas said:
I packed a 64bit java 8 cause java 11 does not sign the ZIP, (or at least I didn't reach the sign correctly)
Click to expand...
Click to collapse
Yes, you are right. the signapkv2 is already very old. I forgot that. I just tested and java V11 comes without the sun packages.

Will add and arm64 java 8 and detect the proc architecture by scripts to select the right java

@surfer63 I forgot to tell you that I released FYT Firmware Workbench 2.0 which includes another 6315_1 signature method (no more signapkV2), (as required with lsec6315update after Jul/2/22) thos signs well the new 6315_1 files, so we can still modify their contents and repack again and flash without the message: "Please use legal system"

I finally got my images to mount. (had to sudo)
I used the modifications @surfer63 suggested. (python3 was the trick here)
edit: are the mountpoints supposed to be RO? I'm getting "no space.." error running the tweaker.

j-5 said:
I finally got my images to mount. (had to sudo)
I used the modifications @surfer63 suggested. (python3 was the trick here)
edit: are the mountpoints supposed to be RO? I'm getting "no space.." error running the tweaker.
Click to expand...
Click to collapse
No, they shoud have 128Mb + each uhntil repack
NOTE: before running FYT Firmware Workbench do a "sudo su" (you must run as ROOT) that's why it didn't work flawlessly, I'll modify the scripts to ask for sudo su if needed !

@mariodantas : Your FYT workbench was still in the Android head units section. I had it moved to the FYT forum.

mariodantas said:
No, they shoud have 128Mb + each uhntil repack
NOTE: before running FYT Firmware Workbench do a "sudo su" (you must run as ROOT) that's why it didn't work flawlessly, I'll modify the scripts to ask for sudo su if needed !
Click to expand...
Click to collapse
OK, got it.
I had commented out the "expand' part, my bad .

Is there a github repo for the latest scripts? I'd love to try this out.

No Github, I'll release some fixes soon !

mariodantas said:
I'll release some fixes soon !
Click to expand...
Click to collapse
this is very good, thanks for your hard work!
I am also having trouble parsing the system.new.dat.br file (I only chose to edit it in config). After changing to python3, file began to be mounted and repack. But I get an error on the device in the middle of installation related to "dynamic_partitions_op_list" even though I didn't change anything

Where are the 2.0 tools?

Andy826 said:
Where are the 2.0 tools?
Click to expand...
Click to collapse
In the OP

surfer63 said:
And about the resizing/shrinking of the images: Why do you do that?
Click to expand...
Click to collapse
@surfer63 I do that to allow me to add content inside, if not, the free size is 0Kb after mount

@mariodantas The CC3 Firmware Tools don't seem to work with the January firmware. The error when using them on the January firmware is:
Code:
ext2fs_open2: Bad magic number in super-block
e2fsck: Superblock invalid, trying backup blocks...
e2fsck: Bad magic number in super-block while trying to open _tmp/_firmware/elable.img
Any chance of this being fixed please?

ahmed123 said:
Any chance of this being fixed please?
Click to expand...
Click to collapse
Not compatible with CC3 anymore