The device is a Sam Gal A11W.
I want to change one text file in the /system partition.
In order to do that, I want to start from the stock firmware I already downloaded, make the change then flash the whole modified firmware.
There are 5 .tar.md5 files (4 if we consider only one of CSC_ and HOME_CSC_) in this firmware, which can be flashed just fine in their original form.
What I want to do is to:
1 - unpack the AP_***.tar file (contains meta-data/fota.zip, boot.img.lz4, carrier.img.lz4, dtbo.img.lz4, metadata.img.lz4, recovery.img.lz4, super.img.lz4, userdata.img.lz4, vbmeta.img.lz4)
2 - unlz4 the super.img.lz4,
3 - unsparse the super.img to super.ext4.img (using simg2img)
4 - lpunpack the super.ext4.img into individual dynamic partitions (there are only 4: odm.img, product.img, system.img, vendor.img - this is NOT an A/B device !!)
5 - modify the text file on system.img
6 - lpmake the super.ext4.img back from odm.img, product.img, system.img, vendor.img
7 - re-sparse the super.ext4.img back into super.img (using img2simg)
8 - lz4 the super.img back into super.img.lz4
9 - Re-TAR the super.img.lz4 file plus all the rest of the original .img.lz4 files back into the AP_***.tar file
10 - Flash the AP_***.tar file to this mother****ing piece of Samsung crap without errors, and that is WITHOUT UNLOCKED BOOTLOADER, because the scumbags eliminated the OEM Unlock option from the Dev Options.
What I already know is:
- How to do the whole process without preserving any signatures.
This is already explained in this thread:
Editing system.img inside super.img and flashing our modifications
I'm trying to modify my system.img (/system/build.prop) to include support for multi users. After struggling a lot, I've succeeded following your guide (that's an awesome work btw) to unpack, mount, modify, umount and repack super.img. Then...
forum.xda-developers.com
but the author assumes the bootloader can be unlocked and therefore doesn't deal with any signatures / security-crypto-baloney checks.
What I (still) need to know is:
1 - How many crypto-security-baloney-whatever-signatures are there on all these files ?
2 - How can I restore them during repackaging so the flashing process does not get screwed up by the locked phone ?
If anyone here knows the answer to these 2 things ... well I guess they must be the Android Godfather Almighty !!
have you figured this out?
FugkGoocle said:
The device is a Sam Gal A11W.
I want to change one text file in the /system partition.
In order to do that, I want to start from the stock firmware I already downloaded, make the change then flash the whole modified firmware.
There are 5 .tar.md5 files (4 if we consider only one of CSC_ and HOME_CSC_) in this firmware, which can be flashed just fine in their original form.
What I want to do is to:
1 - unpack the AP_***.tar file (contains meta-data/fota.zip, boot.img.lz4, carrier.img.lz4, dtbo.img.lz4, metadata.img.lz4, recovery.img.lz4, super.img.lz4, userdata.img.lz4, vbmeta.img.lz4)
2 - unlz4 the super.img.lz4,
3 - unsparse the super.img to super.ext4.img (using simg2img)
4 - lpunpack the super.ext4.img into individual dynamic partitions (there are only 4: odm.img, product.img, system.img, vendor.img - this is NOT an A/B device !!)
5 - modify the text file on system.img
6 - lpmake the super.ext4.img back from odm.img, product.img, system.img, vendor.img
7 - re-sparse the super.ext4.img back into super.img (using img2simg)
8 - lz4 the super.img back into super.img.lz4
9 - Re-TAR the super.img.lz4 file plus all the rest of the original .img.lz4 files back into the AP_***.tar file
10 - Flash the AP_***.tar file to this mother****ing piece of Samsung crap without errors, and that is WITHOUT UNLOCKED BOOTLOADER, because the scumbags eliminated the OEM Unlock option from the Dev Options.
What I already know is:
- How to do the whole process without preserving any signatures.
This is already explained in this thread:
Editing system.img inside super.img and flashing our modifications
I'm trying to modify my system.img (/system/build.prop) to include support for multi users. After struggling a lot, I've succeeded following your guide (that's an awesome work btw) to unpack, mount, modify, umount and repack super.img. Then...
forum.xda-developers.com
but the author assumes the bootloader can be unlocked and therefore doesn't deal with any signatures / security-crypto-baloney checks.
What I (still) need to know is:
1 - How many crypto-security-baloney-whatever-signatures are there on all these files ?
2 - How can I restore them during repackaging so the flashing process does not get screwed up by the locked phone ?
If anyone here knows the answer to these 2 things ... well I guess they must be the Android Godfather Almighty !!
Click to expand...
Click to collapse
Try using modified/patched Odin. As for trying to bypass unlocking the bootloader to flash the modified firmware or trying to "mimic" or "fake" the original signature, that isn't going to work. Samsung's proprietary signature is an enigma that can't be cracked. Though you might be able to match the MD5 by adding a dummy file to the file you are modifying and filing it bit/byte by bit/byte, one step at a time, the goal is to add characters to the file until it is large enough to make your modified file match the original file's MD5. That is if your modified file is smaller than the original file, if your modified file is larger than the original file, you can delete unimportant files from the modified MD5 file until it is smaller than the original MD5 and then create the dummy file filled with dummy characters until it exactly matches the original MD5 bit for bit. Then try flashing your MD5 file once you gets it's MD5 code matching bit for bit. Try the patched version of Odin to flash your modified file. No guarantees that it will work but part of the security checks during flashing checks the MD5 for a match/mismatch.
Rab_DaJew said:
have you figured this out?
Click to expand...
Click to collapse
Related
Hi, I'm a Galaxy S7 user and I've been trying to make sparse system.img from firmware tar file into a twrp-flashable zip file but I'm not sure which is the best way.
All operations are performed on latest linux mint and I'm not going to use any kitchen. All binaries used to convert images are compiled from latest AOSP sources.
Here are some of the methods I've tried.
a) Extract everything from system.img and set metadata infos in updater-script, just like any other "rom"s. (e.g. SuperMan Rom)
Probably one of the simplest ways, and system files inside the zip can be modified easily - extract, edit, recompress.
But this method has a potential of destroying unique permissions/owner infos, such as those of symlinks.
I'd like to flash the system.img "as-is," without making a mess with whatever's inside the image.
b) Extract raw system.img directly to /dev/block/platform/155a0000.ufs/by-name/SYSTEM.
Not so bad. Raw system.img can be easily generated with simg2img. But turns out to take too much time to flash and doesn't get along well with DualBoot patcher.
c) Sparse dat, like the ones used in most AOSP-based roms
Probably the most ideal one. But when I took the following steps to make it, I found out that system partition size gets kinda damaged or something.
- Convert system.img to raw system.img with simg2img.
- Convert the raw system.img to sparse image again with ext2simg, to make img2sdat.py work properly.
- Convert the sparse image to sparse dat with xpirt's img2sdat.py.
- Finally, convert the generated sparse dat to raw system image with sdat2img.py to check if partition size matches.
Then I get the following results.
- Size of original raw system.img : 4404019200
- Size of raw system.img generated in last step : about ~100MB smaller
I know I can loop mount system.img and then make a new sparse image with make_ext4fs,
but it also breaks some permissions and make_ext4fs won't recognize file_contexts.bin from nougat firmware whereas it worked well with marshmallow's.
If anyone's got a better method or a solution for method c please leave a reply. Thanks in advance.
kykint said:
Hi, I'm a Galaxy S7 user and I've been trying to make sparse system.img from firmware tar file into a twrp-flashable zip file but I'm not sure which is the best way.
All operations are performed on latest linux mint and I'm not going to use any kitchen. All binaries used to convert images are compiled from latest AOSP sources.
Here are some of the methods I've tried.
a) Extract everything from system.img and set metadata infos in updater-script, just like any other "rom"s. (e.g. SuperMan Rom)
Probably one of the simplest ways, and system files inside the zip can be modified easily - extract, edit, recompress.
But this method has a potential of destroying unique permissions/owner infos, such as those of symlinks.
I'd like to flash the system.img "as-is," without making a mess with whatever's inside the image.
b) Extract raw system.img and directly to /dev/block/platform/155a0000.ufs/by-name/SYSTEM.
Not so bad. Raw system.img can be easily generated with simg2img. But turns out to take too much time to flash and doesn't get along well with DualBoot patcher.
c) Sparse dat, like the ones used in most AOSP-based roms
Probably the most ideal one. But when I took the following steps to make it, I found out that system partition size gets kinda damaged or something.
- Convert system.img to raw system.img with simg2img.
- Convert the raw system.img to sparse image again with ext2simg, to make img2sdat.py work properly.
- Convert the sparse image to sparse dat with xpirt's img2sdat.py.
- Finally, convert the generated sparse dat to raw system image with sdat2img.py to check if partition size matches.
Then I get the following results.
- Size of original raw system.img : 4404019200
- Size of raw system.img generated in last step : about ~100MB smaller
I know I can loop mount system.img and then make a new sparse image with make_ext4fs,
but it also breaks some permissions and make_ext4fs won't recognize file_contexts.bin from nougat firmware whereas it worked well with marshmallow's.
If anyone's got a better method or a solution for method c please leave a reply. Thanks in advance.
Click to expand...
Click to collapse
What you're doing is quite complicated if you don't use kitchen. Simplify it for yourself and use kitchen.
Sent from my SM-S903VL using Tapatalk
Droidriven said:
What you're doing is quite complicated if you don't use kitchen. Simplify it for yourself and use kitchen.
Sent from my SM-S903VL using Tapatalk
Click to expand...
Click to collapse
I know that kitchens can do that for me, but they also don't flash system.img as-is.
Maybe I should just take a more look into the sparse dat method and see what breaks the partition size.
Acquire a similar scatter file for another device.
Use ADB to extract Partition information.
Edit similar Scatter using ADB and Device for Reference's.
Add the Partition information into the similar scatter.
Test scatter file for proper PMT & HW Chip ID.
Error & Repairs for HW ID Mismatch & PMT Changed.
Test Error repaired scatter to extract Preloader.
Extract preloader from BOOT_0.
Test Preloader with boot.img extraction & download.
Save Scatter file & Preloader into a safe place.
Use Scatter & Preloader for Memory Test.
Use Memory Test information for Read back of entire Memory.
Save Full Read back to a safe place.
Extract System.img, Boot.img, Recovery.img, NVram.img, NVDATA.img, frp.img, Etc.
Compile Firmware for SP Flash Tool.
Edit & Remove proprietary information from firmware for custom release.
Leave stock for stock Firmware extraction.
For Pure time consumption reasons, this guide may take me a while to complete, however the steps above should give you a rough idea of how everything is going to be written...
To start with, the information is so much at once, that I've made a video to help people go along with it...
The video is in 2 parts & in English... Please watch these first, that'll cover about everything in the steps except a few things like compilation of extracted IMG files.
The second video should be watched after the first video, so I've put that link in the description of video 1.
https://youtu.be/e2_U68EGSlY
OK... Now you've seen the instructions, you can work through extracting every partition you'll need for a firmware backup.... You don't need all of them !
After that, Copy the following files (you should now have them all ) to a new folder called Stock Firmware for SP Flash Tool ..
boot.img
cache.img
lk.img
logo.img
preloader.bin
recovery.img
secro.img
system.img
trustzone.bin or .img
userdata.img
MT*****_Android_scatter.txt
Now you need to edit the Scatter file using NotePad++ or another program that won't wreck line endings... Word pad & Notepad will wreck line endings and destroy the scatter file.
Edit the scatter file to now have the correct file names, eg.....
preloader_******_njh_gjb_.bin TO preloader.bin - The same as your copied file name.
boot_example_mt.img TO boot.img - The name of the file for boot.
Now the scatter file, Image's & Preloader should be all together...
ZIP the folder to remove empty space in .img files, Shrink the Firmware to a Zip file.....
You just need to extract the zip file and open the scatter file in SP Flash Tool v5.16+ .. Then select Download to do a firmware installation.
I will edit this guide in time, however I just wanted to get out how I do this on my MTK Device's... People keep asking me how to do it, so I released the video and this extra information for them... I don't make money on YouTube so everything here is provided free & I don't make any money from helping !!! Sorry about the terrible audio !
I just finished an update to my flashing script, now it will work with payload.bin and unpacked payload files.
Currently, only gsi_sdm660_64 models are available for this option.
And Windows only, too.
PLEASE ENSURE YOUR PHONE HAS UNLOCKED BOOTLOADER, OTHERWISE THIS GUIDE IS USELESS.
Let me introduce you how to use the new script:
DL: https://github.com/HikariCalyx/OSTRemote/releases
source: https://github.com/HikariCalyx/OSTR...Script/generic_flash_script_gsi_sdm660_64.bat
If you use unpacked nb0 extension stock firmware as before, please follow this guide:
https://forum.xda-developers.com/nokia-7-plus/how-to/guide-workaround-flashing-sparse-t3906070
Click to expand...
Click to collapse
1. You must have Python 3 installed. It can be downloaded from https://www.python.org/downloads/
2. Extract the payload.bin from full OTA package (e.g. March 2019 update known as B2N-351F-0-00WW-B04)
3. Put the script file (and required files if you prefer original script source) and the payload.bin altogether
4. Download payload_dumper.py and update_metadata_pb2.py from the URL given by the script, and place them to the same directory of the script.
5. Type lowercase "yes" (without quotes) and press Enter, wait for the procedure complete.
6. The script will dump the payload.bin and process both system and vendor image to flashable sparse image.
7. After that, you should know what to do next.
If you already have dumped payload and converted system.img / vendor.img, the script will tell you if you want to flash the unpacked OTA packages, you can simply type "yes" and proceed.
You needn't to waste the time of processing payload.bin again, once you don't delete them.
I'm considering port this script to universal for almost every A/B Android devices, if it works great.
Nice job dude, this will be very useful to many people.
Very well Hikari, nice script
Very very much appreciated work!
Can't wait to try it out!
Thanks !
Mod edit - Translated by Google Translate:
Very supportive! !! !!
*********************
非常支持!!!
does this work for other Nokia models? Such as 3.2?
ULEFONE NOTE 9P, Stock rom is not real bloated, but just a little.
From Build
GQ3092SH1-HC-M629-ULEFONE-20200703_V05
Patch for the newer build (20200904-V07) is ready for sharing also.
****NOTE TESTING HAS NOT BEEN DONE ON MIXING NEW SYSTEM.IMG ON OLD VENDOR*****
****RECOMMEND DOING FULL UPDATE OR DOWNGRADE BEFORE FLASHING MODIFIED SYSTEMS****
Stock roms are published on ULEFONE gdrive.
https://drive.google.com/drive/folders/1Bq16pmRMaFEVT_xZilWhhdzTzk9fojV8
I removed the adupus/FOTA apps, child mode, simple_mode, mfg customization to chrome, verizon provider remote sim lock app.
Added adaway hosts file for ad-blocking in browser.
Flashed back to phone in same way as flashing GSI rom.
adb reboot fastboot (fastbootd, not bootloader)
fastboot flash system modified-system.img ( fastboot.exe on pc needs to be from July 202 or newer)
when flashing is done, from menu on phone screen select boot to recovery.
perform factory reset and reboot.
https://www.androidfilehost.com/?w=files&flid=318156
In case you are wondering , how I made changes. I will tell you.
I used SuperR-Kitchen script/ tool
credits to @SuperR.
Start a new project. Add the stock firmware. Needs to be as a zip. So extract the embed-ed *.rar file downloaded from Ulefone. Re-zip just the contents of the final folder. In other words, the zip needs to be the files, not the files inside a folder, inside other folder.
The kitchen will ask if you want to extract the vendor and product images and use them in you rom. I did not make changes to those partitions, so did not extract or include them.
When unpacking is completed. You can browse the extracted system folder.
The attached files have an .txt extension in order to upload them here. But in the kitchen tool you need to remove the extension.
Code:
Add "host" file to /system/system/etc in your extracted rom folder and replace host file that is already there.
Add "bloat_custom" to the kitchen folder "super_r/tools/root/
run #6 debloat menu then #2custom debloat option from kitchen #8 rom tools menu
run deodex option from #8 rom tools
When edits are done. Use #8 rom tools , #7 build menu, #2 build etx4 img
select system, then sparse, system.img
Keep permission type as raw_image
That's all. Use caution when adding additional programs you want removed.
Hi. On Ulefone Gdrive, there are both android 10 and 11 rom files. but it says upgrading from 10 to 11 is 'forbidden'. Is there any way to bypass this restriction?
Edit for those who are wondering: Ulefone has removed the restriction and it can be upgraded to android 11 without any issue. You do lose your data during the process, though.
Hello guys. I have a simple question. I am trying to modify ROM for xiaomi a2. I have official .iso images. For test i trying to remove "grep" binary file. I mount system.img, change it, unmount, pack and flash using fastboot. But the file is still is visble using adb.
When i try TWRP file manager, the file is absent. How is it possible?
Then i try to change one file directly in .iso using hex editor, but the changes is not visible. But when i install magisk, all changes became visible. Can android store copy of system.img somewhere else?
Not sure what you have done or what you mean with "official .iso images" but consider three possibilities:
Magisk is systemless-root method, it provides overlay for modifying /system content without modifying system partition
A/B devices have two slots, system_a and system_b partition
dm-verity provides FEC feature to correct modifications on file system