Related
Several people have already figured out the details on their own, but I have gotten requests to do a more comprehensive tutorial on how the boot and recovery images are structured, and how you can edit them.
Background
Your phone has several devices which hold different parts of the filesystem:
Code:
#cat /proc/mtd
dev: size erasesize name
mtd0: 00040000 00020000 "misc"
mtd1: 00500000 00020000 "recovery"
mtd2: 00280000 00020000 "boot"
mtd3: 04380000 00020000 "system"
mtd4: 04380000 00020000 "cache"
mtd5: 04ac0000 00020000 "userdata"
In this tutorial, we will deal with "recovery" and "boot". The "boot" device holds the files that are automatically loaded onto the root of your filesystem every time you boot (details below).
"system" holds everything that gets mounted in your system/ directory, and userdata/ is everything that shows up in data/ (this is all the apps you've installed, your preferences, etc).
The recovery and boot partitions are at /dev/mtd/mtd1 and /dev/mtd/mtd2, and before you do anything else you should back these up (note: this may not be the best way of doing this because it may not deal properly with bad blocks etc, but it's all we've got until somebody comes up with a better method, and besides you will probably be restoring from update.zip anyway):
Code:
# cat /dev/mtd/mtd1 > /sdcard/mtd1.img
# cat /dev/mtd/mtd2 > /sdcard/mtd2.img
The other thing you should do is put your favorite update.zip file into the root directory of your sd card so that if you screw up your boot partition you can boot into recovery mode and re-apply the update. You probably want one of the pre-rooted recovery images found elsewhere on the forums.
There is also another important file you should know about. In /system/recovery.img there is a full copy of everything that is loaded on mtd1. This file is automatically flashed onto mtd1 every time you shut down. That means two things: 1. Any changes you make directly to /dev/mtd/mtd1 get blown away on reboot and 2. If you want to change /dev/mtd/mtd1 you're probably better off just sticking the image in /system/recovery.img and rebooting. When creating your own custom update.zip files (especially when adapting the stock images), you can get tripped up if you forget to replace /system/recovery.img and it ends up overwriting /dev/mtd/mtd1 unbeknownst to you. Watch out.
Structure of boot and recovery images
The boot and recovery images are not proper filesystems. Instead, they are a custom android format consisting of a 2k header, followed by a gzipped kernel, followed by a ramdisk, followed by a second stage loader (optional, we have not seen these in the wild yet). This structure is outlined in mkbootimg.h:
Code:
+-----------------+
| boot header | 1 page
+-----------------+
| kernel | n pages
+-----------------+
| ramdisk | m pages
+-----------------+
| second stage | o pages
+-----------------+
n = (kernel_size + page_size - 1) / page_size
m = (ramdisk_size + page_size - 1) / page_size
o = (second_size + page_size - 1) / page_size
0. all entities are page_size aligned in flash
1. kernel and ramdisk are required (size != 0)
2. second is optional (second_size == 0 -> no second)
A ramdisk is basically a small filesystem containing the core files needed to initialize the system. It includes the critical init process, as well as init.rc, which is where you can set many system-wide properties. If you really want to know more about it, here is the documentation. Here's a list of files on a typical ramdisk:
Code:
./init.trout.rc
./default.prop
./proc
./dev
./init.rc
./init
./sys
./init.goldfish.rc
./sbin
./sbin/adbd
./system
./data
The recovery image typically has a few extra files, which constitute the recovery binary and supporting files (the application that gets run if you hold down home+power when rebooting). These files are:
Code:
./res
./res/images
./res/images/progress_bar_empty_left_round.bmp
./res/images/icon_firmware_install.bmp
./res/images/indeterminate3.bmp
./res/images/progress_bar_fill.bmp
./res/images/progress_bar_left_round.bmp
./res/images/icon_error.bmp
./res/images/indeterminate1.bmp
./res/images/progress_bar_empty_right_round.bmp
./res/images/icon_firmware_error.bmp
./res/images/progress_bar_right_round.bmp
./res/images/indeterminate4.bmp
./res/images/indeterminate5.bmp
./res/images/indeterminate6.bmp
./res/images/progress_bar_empty.bmp
./res/images/indeterminate2.bmp
./res/images/icon_unpacking.bmp
./res/images/icon_installing.bmp
./sbin/recovery
Unpacking, Editing, and Re-Packing the images
Note: below I give you the details for unpacking and repacking manually, but I have attached two perl scripts that do most of this for you
If you are good with a hex editor, you can open up any of these images and strip off the first 2k of data. Then, look for a bunch of zeroes followed by the hex 1F 8B (which is the magic number of a gzip file). Copy everything from the first line of the file, through the zeroes, and stopping at the 1F 8B. That is the kernel. Everything from the 1F 8B through the end is the ramdisk. You could save each of these files separately. In order to see the contents of the ramdisk, you need to un-gzip it and then un-cpio it. You could use a command like this (ideally after creating a new directory and cd'ing into it):
Code:
gunzip -c ../your-ramdisk-file | cpio -i
That will place all of the files from the ramdisk in your working directory. You can now edit them.
In order to re-create the ramdisk, you need to re-cpio them and re-gzip those files, with a command like the following (remember, cpio will include everything in the current working directory, so you probably want to remove any other cruft you might have in there):
Code:
find . | cpio -o -H newc | gzip > ../newramdisk.cpio.gz
The final step is to combine the kernel and your new ramdisk into the full image, using the mkbootimg program (which you should download and compile from the git repository):
Code:
mkbootimg --cmdline 'no_console_suspend=1 console=null' --kernel your-kernel-file --ramdisk newramdisk.cpio.gz -o mynewimage.img
Now, there's a lot of hassle in pulling apart files in hex editors and remembering all of these commands, so I wrote unpack and repack perl scripts for you (attached). Hooray.
Flashing your new image back onto the phone
You will probably only ever be flashing boot images directly to the phone, given the fact that /system/recovery.img automatically flashes the recovery device for you (as noted above). If you have created a new recovery image, just stick it in /system/recovery.img and reboot. If you are flashing a boot image, stick it on your phone via adb (a tool included in the Android SDK):
Code:
adb push ./mynewimage.img /sdcard
Then, open a shell to your phone via 'adb shell', get root, and do the following two commands to flash your new boot image:
Code:
# cat /dev/zero >> /dev/mtd/mtd2
write: No space left on device [this is ok, you can ignore]
# flash_image boot /sdcard/mynewimage.img
Reboot.
If your phone starts all the way up, congratulations. If not, you did something wrong and you'll need to boot into recovery mode and apply your update.zip file (reboot while holding down home+power, when you get the recovery screen press alt+L and then alt+S).
Something fun to do with your new found power
If you place a file titled initlogo.rle in the root directory of your boot image, the phone will display this image upon boot (after the "G1" image and before the Android animation). In order to create this file, you need to create a 320x480 image in Photoshop or Gimp and save it as a "raw image" file. You then need to compress that image with the program to565. More details on that here.
This is not the same thing as applying an update.zip
You will see other places on the forums that describe how to create customized update.zip files, as well as update.zip files that people are sharing. For example, there is a recent update.zip which is a modified version of rc30 (with the anti-root aspects disabled). The update.zip files include new boot images, recovery images, and typically replacements for the entire system/ directory as well as other updates. If you are creating a custom boot or recovery image, it is typically a good idea to start with the image distributed with the most recent update you have applied (flashing an image from an older release could have unintended consequences).
Questions?
hooray! you're awesome
Where does boot.img flash? What is the corresponding part of the system?
Dimath said:
Where does boot.img flash? What is the corresponding part of the system?
Click to expand...
Click to collapse
I'm not sure what exactly you mean, but when you do flash_image boot imagefile.img it will write imagefile.img to /dev/mtd/mtd2, which is where your phone looks for the boot files. Did that answer your question?
For your command...
Code:
cat /dev/zero >> /dev/mtd/mtd2
Do you mean
Code:
cat /dev/zero > /dev/mtd/mtd2
?
The idea being that you erase flash in the version with one '>', whereas you... append to the end of a device in the version with two '>'s? I can see the utility of erasing flash with one '>' but appending seems... odd. Am I missing something?
Is this any different than using the Dalvik Debug Monitor (DDMS) file manager found the the Android SDK? I'm able to push, pull, and delete files on my G1 with no problem.
Would this be the only way to rebuild a system app (i.e. Settings.apk) with more debug (Log. to extract via adb logcat over usb), then rebuild the entire system.img, then flash into the G1?
eckzow said:
For your command...
Code:
cat /dev/zero >> /dev/mtd/mtd2
Do you mean
Code:
cat /dev/zero > /dev/mtd/mtd2
?
The idea being that you erase flash in the version with one '>', whereas you... append to the end of a device in the version with two '>'s? I can see the utility of erasing flash with one '>' but appending seems... odd. Am I missing something?
Click to expand...
Click to collapse
I think you're right. I copied that from somebody else's instructions and it certainly seems to make more sense with one '>'. Anybody know for sure?
In any event, this is unnecessary in most cases because flash_image should overwrite the whole thing. The only exception is when you have an identical header on your image to the one that is already on the device. This shouldn't happen in my instructions (mkbootimg creates a header that includes the build timestamp) but I kept the instruction there just for good measure.
andonnguyen said:
Is this any different than using the Dalvik Debug Monitor (DDMS) file manager found the the Android SDK? I'm able to push, pull, and delete files on my G1 with no problem.
Click to expand...
Click to collapse
The adb push command I gave is no different, but you would still have to unpack/repack and flash_image according to my instructions.
I've tried these instructions on RC30 1.3. Basically I extracted, unpacked, and repacked, just to see if it would work. The resultant file is too large; it fails when you run flash_image.
I'm trying to modify my boot image of my ADP1 using the perl scripts, but I receive the following warning while decompressing the ramdisk:
Code:
$ unpack-bootimg.pl mtd2.img
kernel written to mtd2.img-kernel.gz
ramdisk written to mtd2.img-ramdisk.cpio.gz
removed old directory mtd2.img-ramdisk
[B]gzip: ../mtd2.img-ramdisk.cpio.gz: decompression OK, trailing garbage ignored
462 blocks[/B]
extracted ramdisk contents to directory mtd2.img-ramdisk/
Is this warning expected? Is safe to continue?
Also, I've found that the size of the modified packed image is far smaller than the original one
Code:
$ ll mtd2.img mtd2-modified.img
-rwx------ 1 ris ris 2621440 2009-01-07 19:19 mtd2.img
-rw-r--r-- 1 ris ris 1533952 2009-01-07 20:49 mtd2-modified.img
Update: I've tried anyway.
For the record, I've obtained the boot.img using cat, uncompressed with the perl script, modified default.prop, repacked with the perl script.
As you see from the code above, the img file is much smaller (Opening with a hex editor you can see that the end of the original image is full of 0xFF, so I believe it's ok, both the gzip warning and the different file sizes).
Reflashed it from recovery mode, using
fastboot flash boot mt2-modified.img
fastboot reboot
... and worked flawlessly
I'm leaving the coment for future references.
Thanks for the tutorial
[RiS] said:
gzip: ../mtd2.img-ramdisk.cpio.gz: decompression OK, trailing garbage ignored
462 blocks
Is this warning expected? Is safe to continue?
Click to expand...
Click to collapse
Yes, you would expect trailing zeroes, which would give you that error. The trailing zeroes exist in order to pad the image size to the nearest page boundary. They are added by mkbootimg.
[RiS] said:
Also, I've found that the size of the modified packed image is far smaller than the original one
As you see from the code above, the img file is much smaller (Opening with a hex editor you can see that the end of the original image is full of 0xFF, so I believe it's ok, both the gzip warning and the different file sizes).
Click to expand...
Click to collapse
Yep, that's exactly why. Nothing to worry about.
Thanks for the informative clarification.
alansj said:
There is also another important file you should know about. In /system/recovery.img there is a full copy of everything that is loaded on mtd1. This file is automatically flashed onto mtd1 every time you shut down. That means two things: 1. Any changes you make directly to /dev/mtd/mtd1 get blown away on reboot and 2. If you want to change /dev/mtd/mtd1 you're probably better off just sticking the image in /system/recovery.img and rebooting.
Click to expand...
Click to collapse
I'm using an stock ADP1, and the file /system/recovery.img does not exist. Is this expected?
Also, I've found out in JFv.1.31 that the recovery image is in /data/recovery.img (although there is no /data/recovery.img in my ADP1 neither..)
[RiS] said:
I'm using an stock ADP1, and the file /system/recovery.img does not exist. Is this expected?
Also, I've found out in JFv.1.31 that the recovery image is in /data/recovery.img (although there is no /data/recovery.img in my ADP1 neither..)
Click to expand...
Click to collapse
It deletes it after it flashes on the first bootup after you apply the update.
JesusFreke said:
It deletes it after it flashes on the first bootup after you apply the update.
Click to expand...
Click to collapse
Are you refering to /data/recovery.img or /system/recovery.img? or both?
[RiS] said:
Are you refering to /data/recovery.img or /system/recovery.img? or both?
Click to expand...
Click to collapse
I'm referring to /data/recovery.img in JFv1.2 and up (although there was a bug in the RC8 version of JFv1.2 that prevented it from being deleted)
So is there any reason why there is no /system/recovery.img on my ADP1?
When I use the unpack script on JF1.31 boot.img, it prints out like this:
"Could not find any embedded ramdisk images. Are you sure this is a full boot image?"
Any help?
[RiS] said:
So is there any reason why there is no /system/recovery.img on my ADP1?
Click to expand...
Click to collapse
Stock or JFv1.3?
JesusFreke said:
Stock or JFv1.3?
Click to expand...
Click to collapse
"Stock". I've just modified boot img to change default.prop
Hello,
I\'m getting ready to do the RC30->RC29->Android Dev SPL->ModRC30/ADP1 conversion of my G1, but I would like to know if there is any way to dump all three of the current images (spl, recovery.img, and the RC30 stock image) to my computer before I do this so that I can revert back to factory if I even need to.
Anyone know of a way to do that? Also, what sort of differences in the interface or reliability of the phone\'s services are there between the stock RC30 and the modified version? And how about with the G1 development builds?
Thanks ahead of time for answering, folks. I\'m still new to HTC hacking. I appreciate it.
damccull
using fastboot to restore your images
True. But how do I back up the images before I go through with the upgrade in the first place? Restoring is the second step, and from what I understand, fastboot isn't supported by the G1 stock bootloader.
hope this helps
By JesusFreke
How to flash the G1
--------------------------------------------------------------------------------
WARNING: Following these instructions may brick your phone, void your warranty and kill your dog. You don't want your dog to die do you?
Once I got root access on my G1, I've been messing around with trying to build reflash the recovery partition. That project is still in progress, but I have learned a bit about how to flash the various partitions on the G1.
First things first, you have to have root access. See this thread.
There are 6 mtd devices or partitions on the G1, mtd0-mtd5. They are located at /dev/mtd. You can use the /system/bin/flash_image tool to flash an image to any of these.
The syntax for the flash_image tool is:
Code:
# flash_image
usage: flash_image partition file.img
#You can see a list of partition names and which device they are associated with by doing a "cat /proc/mtd".
Code:
#cat /proc/mtd
dev: size erasesize name
mtd0: 00040000 00020000 "misc"
mtd1: 00500000 00020000 "recovery"
mtd2: 00280000 00020000 "boot"
mtd3: 04380000 00020000 "system"
mtd4: 04380000 00020000 "cache"
mtd5: 04ac0000 00020000 "userdata"
#
These should all be self explanatory, except maybe "misc", which just appears to have a few string values.. Not really sure what it's used for..
Before you do any erasing or writing, it's a "really good idea" (tm) to make backups of each of these. Even if you don't plan on writing to them. I had accidentally erased the bootloader partition (typed mtd0 instead of mtd1), which I'm fairly sure would have bricked my phone if I had tried to reboot it. Ugh! Luckily, I had created a backup earlier, so I was able to restore it. (And then was nervous as heck when I tried to reboot it... "Please boot up! Please boot up!")
To create the backups:
Code:
# cat /dev/mtd/mtd0 > /sdcard/mtd0.img
# cat /dev/mtd/mtd1 > /sdcard/mtd1.img
# cat /dev/mtd/mtd2 > /sdcard/mtd2.img
# cat /dev/mtd/mtd3 > /sdcard/mtd3.img
# cat /dev/mtd/mtd4 > /sdcard/mtd4.img
# cat /dev/mtd/mtd5 > /sdcard/mtd4.img
#Now you can use flash_image to write the new image.
Code:
#flash_image recovery /system/recovery.img
#And that's how it's done.
Update: You normally don't need to erase the flash before you write, as long as you don't corrupt the flash first, by trying to "cat" an image directly to the mtd device, like I did . If you get a lot of ECC errors when you use flash_image then you need to erase it
Code:
# cat /dev/zero > /dev/mtd/mtd1
write: No space left on device
#
On a related note, Based on my experience so far, the recovery partition is not critical to booting the G1. When I first tried this, I used flash_image to write a new image without erasing the partition first, and it corrupted it pretty good. When I tried to boot the G1 into recovery mode (power+home), it would go to the bootloader screen instead. But it would boot into normal mode just fine.
Additionally, I've verified that the device will boot into recovery mode if you screw up the boot partition (mtd2). So as long as you at least have a good recovery image *or* a good boot image, you should be able to get back in business. Just don't try to update both at the same time.
Even so.. be careful, and don't come crying to me when you brick your phone. Or if your dog dies. You don't want your dog to die do you?
--------------------------------------------------------------------------------
Thats what i did befor i had root
humble said:
By JesusFreke
How to flash the G1
...
Thats what i did befor i had root
Click to expand...
Click to collapse
Wow, blast from the past . So did your dog die?
the past is what makes today
JesusFreke said:
Wow, blast from the past . So did your dog die?
Click to expand...
Click to collapse
yeah back then but good thing i had thoes back ups you saved me 4 & some change lol
humble, thanks for the repost. That helps. My phone is successfully flashed to JC's modded RC30 now. Hurray! Now what other neato things can I do to this thing? >
And JesusFreke, thanks for the mad cool images. I like the backup feature you and those other people hacked into the recovery mode. ALT-B for the win! How did you figure out how to dump those images in the first place? And then modify them for root? That's beyond my comprehension. Where would you suggest I begin to learn at?
-damccull
damccull said:
And JesusFreke, thanks for the mad cool images. I like the backup feature you and those other people hacked into the recovery mode. ALT-B for the win! How did you figure out how to dump those images in the first place? And then modify them for root? That's beyond my comprehension. Where would you suggest I begin to learn at?
-damccull
Click to expand...
Click to collapse
It depends on your current level of expertise . If you're a programmer, go check out the source, there's tons of useful info. But really, it's just a matter of trying to figure out how it all works. Playing with it, breaking it, fixing it.. you get the idea
Your Welcome
damccull said:
humble, thanks for the repost. That helps. My phone is successfully flashed to JC's modded RC30 now. Hurray! Now what other neato things can I do to this thing? >
-damccull
Click to expand...
Click to collapse
i always try to help now your on a modded image Woot!Woot! enjoy
JesusFreke said:
It depends on your current level of expertise . If you're a programmer, go check out the source, there's tons of useful info. But really, it's just a matter of trying to figure out how it all works. Playing with it, breaking it, fixing it.. you get the idea
Click to expand...
Click to collapse
Hmm. I am a programmer. I'll look at the source. But how do you figure out how to dump an image off of a phone in the first place? You modded the RC30 ota image to create yours right? Did you just copy the system files off somehow? What kinds of tools did you use? I find this stuff really interesting Thanks for the replies!
damccull said:
Hmm. I am a programmer. I'll look at the source. But how do you figure out how to dump an image off of a phone in the first place? You modded the RC30 ota image to create yours right? Did you just copy the system files off somehow? What kinds of tools did you use? I find this stuff really interesting Thanks for the replies!
Click to expand...
Click to collapse
I mainly modified the OTA itself. Added binaries, a new kernel.. etc. etc. I didn't have to pull anything from the phone, because it's all in the OTA.
Oh, you copied the update file off the phone after it downloaded and modded that? Sweet.
i understand that to create a fixed SBF i need to remove CG31 and CG39 and repack. the question is, how can i get a nandroid of the system SBF without flashing the full SBF?
so is there a way of converting the CG39 into a nandroid img? or is there any other way to do it?
i know there are nandroid backups of different SBFs but i have localised SBF that i want to use and i dont want to lose downgrade-ability. what to do?
You can get the CG39.smg file and copy it to a linux box.
Then you create a folder inside the /mnt folder
Code:
mkdir /mnt/GC39
.
Then you can mount the CG39.smg as a loopback device:
Code:
mount -o loop /location/to/your/cgfile/CG39.smg /mnt/CG39/
Then you can go into /mnt/CG39 folder and copy the contents to anywhere.
After you'll need to repack it on a system.img file in order to make a nandroid restore.
i will try that, thanks!
i've done the above, and used "cat" command to create the .img file, strangely the smg file and the cat output .img are exactly the same size in bytes.
is it safe to nandroid restore the .img file?
can anyone tell?
im going to see if using dd command makes a difference.
Edit:
using dd command i got also the same size in bytes as the original smg file. this either means that i wont be able to downgrade or CG39 file doesnt include anything to block downgrading.
nolimitzz said:
i've done the above, and used "cat" command to create the .img file, strangely the smg file and the cat output .img are exactly the same size in bytes.
dd command i got also the same size
Click to expand...
Click to collapse
seriously? how could you expect otherwise?
you practically did the most complicate way of copying a file.
would you expect the file to change by doing that?
you need to do use makeyaffs2image
Greetings all.
Several weeks ago, I made this post seeking help with a self-created problem. I am happy to announce that the problem has been resolved with the immense help of sephstyler. He is literally my phone's messiah.
The afore-mentioned XDA member has a device identical to mine. I borrowed his and mirrored most of the data on his device by copying several partitions off his phone on to mine. I followed this guide about changing CID/MID.
I got a hold of a notepad document (you'll find it here) that lists partition information of the U11+. I wasn't sure which of my partitions were corrupt but I was certain the one containing the OS and IMEI information were messed up. My IMEI was blank. The OS version reported in fastboot was 9.99999 or something like that.
So I set out to copy these partitions and their corresponding img files in no particular order - boot, hosd, radio, modemst1, modemst2, cache, system, vendor, persist, and sdf1 (which carries CID info).
Please note that this method fixes the issue where your device is stuck on the bootloader screen with the message, "this phone has been flashed with unauthorised software and is locked....." And you will need a second device that is identical to yours (and functional too) for this process to work. I don't know if they both have to come from the same region (i.e have the same CID and MID). I guess there is no harm in trying. You couldn't possibly do more harm to your device by doing this. Or maybe you could. Either way, I will not be held responsible for any undesirable outcomes.
Steps taken:
- I installed HTC drivers on my computer, running Windows 10 64-bit. And 15-second ADB Installer. Get them both from here and here. I uninstalled HTC Sync Manager after the installation was done as I only needed the drivers.
- I flashed TWRP on the borrowed device so I could have access to adb from recovery.
- I then opened up a command prompt window on my computer, typed adb devices just to be sure that drivers were installed correctly.
The next few steps can be achieved right from within TWRP using the Terminal function. But I chose to use my computer as it'd be much quicker and I am less likely to make typos on a full-sized keyboard.
In a command prompt window, type adb shell. Hit enter.
To copy the system image, type dd if=/dev/block/sda5 of=/sdcard/system.img
For cache, type dd if=/dev/block/sdd21 of=/sdcard/cache.img
For boot, type dd if=/dev/block/sda3 of=/sdcard/boot.img
For radio, type dd if=/dev/block/sdd13 of=/sdcard/radio.img
For modemst1, type dd if=/dev/block/sde2 of=/sdcard/modemst1.img
For modemst2, type dd if=/dev/block/sde3 of=/sdcard/modemst2.img
For persist, type dd if=/dev/block/sde5 of=/sdcard/persist.img
For vendor, type dd if=/dev/block/sda6 of=/sdcard/vendor.img
For sdf1 (board_info), type dd if=/dev/block/sdf1 of=/sdcard/sdf1.img
For hosd, type dd if=/dev/block/sdd12 of=/sdcard/hosd.img
These img files would be saved to your internal storage. I then copied all files to the root folder of my faulty device's storage using Windows Explorer. System.img however refused to transfer. I got creative and used a microSD to make the transfer possible.
Now that these files were sitting comfortably on my phone, I booted to TWRP, connected it to my PC, then entered the following commands in Command Prompt via adb shell.
To copy these images to the appropriate partitions on your phone:
For board_info, type dd if=/sdcard/sdf1.img of=/dev/block/sdf1
For system, type dd if=/sdcard/system.img of=/dev/block/sda5
For cache, type dd if=/sdcard/cache.img of=/dev/block/sdd21
For boot, type dd if=/sdcard/boot.img of=/dev/block/sda3
For radio, type dd if=/sdcard/radio.img of=/dev/block/sdd13
For modemst1, type dd if=/sdcard/modemst1.img of=/dev/block/sde2
For modemst2, type dd if=/sdcard/modemst2.img of=/dev/block/sde3
For persist, type dd if=/sdcard/persist.img of=/dev/block/sde5
For vendor, type dd if=/sdcard/vendor.img of=/dev/block/sda6
For hosd, type dd if=/sdcard/hosd.img of=/dev/block/sdd12
Upon completion, press Ctrl+C or type exit to quit adb shell. Then type adb reboot to reboot your device.
If the above commands were entered correctly (and if the adb gods smile upon you), your device should be restored.
Now I know that copying all images fixed the issue. My guess is the system, boot, and radio images were the crucial ones. I am not entirely sure. But I was desperate for a positive result so I copied the ones that I deemed important.
I hope this helps someone. Cheers.
P.S: My apologies for the formatting. I am still fairly new to this. Also, I just realised I could upload these images for anyone who doesn't have access to a second device. I shall update the post with download links after the upload's completed. Sorry about the brain fart.
[EDIT] Images are up. You can find them here. These files are for the Taiwan-based HTC U11+ (CID - HTC_621)
Nice tutorial.
Hi, I'm having a similar problem with my U11+.... followed ur download link but a decryption key is needed. whats the decryption key?
ChuDust said:
Hi, I'm having a similar problem with my U11+.... followed ur download link but a decryption key is needed. whats the decryption key?
Click to expand...
Click to collapse
Here's the key. I had no idea the files were encrypted to begin with. Sorry about that.
-b087zdU9re0k3e3HHah1w
P.S: Since you're downloading the image files from the link provided, you don't have to go through the first half of the process - copying data from a working phone to an external location.
Best of luck.
Hello. I have an identical situation. My original CID is 622. I changed the CID to 001, but after RUU firmware I could not boot into the system. Now after flash RUU, the phone will reboot into the bootloader. Can anyone help me?
Do you have to be rooted or with unlocked bootloader to be able to backup the phone partitions using this method ?
Or does it just work on completely stock from an db connection to PC ?
Thank you.
The bootloader needs to be unlocked at the very least so you can gain access to the required partitions. Root isn't necessary.
Hope this helps.
Hello, I followed your instructions and made backups of my partitions from HTC U11+ dual-sim european version 401.12.
With unlocked bootloader and rooted with magisk by patched boot image.
Ran adb shell and su while phone was running normally in Android OS and connected to PC.
I'm curious about the sizes of the images created because they don't match with the sizes from partitions.txt.
For example "4210688 sda5 - system" is actually 4,311,744,512 bytes,
"65536 sda3 - boot" is actually 67,108,864 bytes in created image, but the actual boot.img from the OTA file is 38,163,762 bytes.
If these sizes are different can I actually trust the created images ? and use them in need.
Can these created images be flashed by fastboot, for example for system.img: "fastboot flash -S 1G system system.img" ?
Thanks.
andreipaval said:
I'm curious about the sizes of the images created because they don't match with the sizes from partitions.txt.
For example "4210688 sda5 - system" is actually 4,311,744,512 bytes,
"65536 sda3 - boot" is actually 67,108,864 bytes in created image, but the actual boot.img from the OTA file is 38,163,762 bytes.
Thanks.
Click to expand...
Click to collapse
If you divide the 4,311,744,512 bytes by the 1024, you get what you need - 4210688 - this is in Kb.
And so same for boot - 67,108,864 bytes / 1024 = 65536 Kb.
andreipaval said:
Hello, I followed your instructions and made backups of my partitions from HTC U11+ dual-sim european version 401.12.
With unlocked bootloader and rooted with magisk by patched boot image.
Ran adb shell and su while phone was running normally in Android OS and connected to PC.
I'm curious about the sizes of the images created because they don't match with the sizes from partitions.txt.
For example "4210688 sda5 - system" is actually 4,311,744,512 bytes,
"65536 sda3 - boot" is actually 67,108,864 bytes in created image, but the actual boot.img from the OTA file is 38,163,762 bytes.
If these sizes are different can I actually trust the created images ? and use them in need.
Can these created images be flashed by fastboot, for example for system.img: "fastboot flash -S 1G system system.img" ?
Thanks.
Click to expand...
Click to collapse
Hi. I hope your first question was answered. Regarding your second concern, I'm afraid I don't have an answer to that. At the time, flashing any image files onto my device didn't fix the issue even though each flash completed successfully. Copying them manually sure did.
Hope this helps.
Do you have the twrp backup of the stock rom?
andreipaval said:
Hello, I followed your instructions and made backups of my partitions from HTC U11+ dual-sim european version 401.12.
With unlocked bootloader and rooted with magisk by patched boot image.
Ran adb shell and su while phone was running normally in Android OS and connected to PC.
I'm curious about the sizes of the images created because they don't match with the sizes from partitions.txt.
For example "4210688 sda5 - system" is actually 4,311,744,512 bytes,
"65536 sda3 - boot" is actually 67,108,864 bytes in created image, but the actual boot.img from the OTA file is 38,163,762 bytes.
If these sizes are different can I actually trust the created images ? and use them in need.
Can these created images be flashed by fastboot, for example for system.img: "fastboot flash -S 1G system system.img" ?
Thanks.
Click to expand...
Click to collapse
Hello,
do you have the twrp backup of stock rom?
I did not make backups with twrp.
I have a Google Pixel 5.
Pixel stock roms don't have a modem.img in the rom.zip.
Instead, there's a radio.img that can't be mounted to see file contents.
I managed to pull the modem.img from by device by doing:
1. #ls -la /dev/block/bootdevice/by-name
to find which partition the modem.img is flashed in
2. #dd if=dev/block/(modem_a#) of=/sdcard/modem_a.img
#dd if=dev/block/(modem_b#) of=/sdcard/modem_b.img
to extract the modem images which can now be mounted and edited.
After editing the mbn files inside, is it safe to just "fastboot flash modem" the device?