Related
Credits
TWRP Lead Developer Dees_Troy for continuously developing, improving & maintaining TWRP, TeamWin team & numerous developers that has contributed to TWRP & many doesn't know its Igor Sorocean initially submitted MrJavum codes so that TWRP officially supports MediaTek devices & most importantly MrJavum for discovering TWRP works on MediaTek devices & written codes to support proper backup formatting for MTK device . . .
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
This tool uses EnJens for repack based on the original Unpack/ Repack concept by Russian Master Shifu Michfood . . .
Not forgetting my Master Shifu Carliv who has taught me how to compile & continuously guiding me to the right direction, dhinesh77 for sharing his super simple technique to patch ubifs for TWRP, awaaas for sharing his tips & findings for building TWRP from source for MTK devices ( Updates ), cyberangel22k for beta-testing custpack backup/restore on MTK Alcatel, yazidkucrit for discovering that TWRP also works on MT6573 & all MTK Developers that has contributed to the MTK platform . . . :highfive:
Screenshot
Video Preview
Installation How-to
Double-click TWRP Setup.exe & read the on-screen instructions
Where is the Downloads . . .
Known problems on MTK devices
Mostly older intermediate MediaTek devices such as MT6589, MT6572 that comes with only 6Mb recovery partition, most probably won't work. However, it works on my legacy MT6573, MT6577 because its kernel is much smaller. There has been feedback from fellow xda members that some latter MediaTek devices comes with 7Mb & 8Mb. Latest MT6592 has a recovery partition of more than 8Mb.
In the past, there has been reports that Touch doesn't work at recovery on some MTK devices, try using different releases of kernels from your device. Recovery is independent so GB, ICS or JB kernel will work provided they are from your device. If you don't have different kernels from your device manufacturer either live without Touch or try porting other recovery, it might work.
This TWRP was compiled from source without adding any sauce or spice & it works for most MTK devices. However, if the mount USB doesn't work then refer to a.marduk solution . . . :good:
# Even though the MTK SoC is designed by MediaTek but the one that produces it is hundreds if not thousands of factories so some might use other combinations to boot up the recovery. It is a known problem that some MTK doesn't wanna boot up recovery the normal way so try Popey900 technique. Standard procedure : Take out the battery, wait a while, put it back, hold Volume Up or Down, don't let go then press the Power button until it boots up #
WARNING
DO NOT USE IT ON LOCKED BOOTLOADER MTK DEVICES SUCH AS ASUS, HTC, LG, SONY, MOTOROLA & OTHERS <- Click Here. IT WILL BRICK IT, refer to here for more info . . .
Even though wrong installation of custom recovery normally will bricks the recovery only however it is better to be safe than sorry.
TWRP is packed with many features so typically it will work on MTK devices with above 6Mb recovery partition however you can try your luck.
Tested working perfectly on my legacy MTK device, MT6573 & MT6577.
Make a Factory ROM backup first with MTK Droid Tools. My old guide here.
Install Flashify & make another backup of your current recovery first & also the boot.img too
Extract downloaded files to your Desktop, disable UAC & restart PC, double-click TWRP.exe & follow the on-screen for instructions.
YOUR TOOL DOESN'T WORK . . .
i've seen this at many threads & also mentioned this many times at my other threads, most frequent reply is it doesn't work, you have given nothing at all to figure out what went wrong . . .
Please list out as many info as possible then it'll be easier to trouble-shoot & read EVERYTHING before hands-on . . .
What OS you are using on the PC & your MTK...
Did you disable UAC & Anti-Virus
Did you execute the porting tool at C: drive if you're using XP else then at your Desktop
Did you try Run as Administrator
Could it be some other software that you installed that interfere with the porting tool then uninstall it
Did you try it on other PC with other version OS or even different USB port
Try uninstall all previous adb driver -> Device Manager -> View -> Show hidden devices -> uninstall all ADB Interface/ Android device -> reboot -> re-install
Did you try latest google ADB driver while for XP try this one
Attach both log.txt from porting tool & recovery.log from TWRP, attach also stock recovery.img/ boot.img & ported TWRP recovery.img too so that i can compare it to see where it went wrong
Please bear in mind that this tool has been PROVEN to work & many has ported it to their MTK device so try to do you own trouble-shooting first & when you found the solution then you are most welcome to post it here . . . :good:
And if you do found a bug on this porting tool, please do report it here too so that i can fix it . . .
And pls do not quote the whole OP when replying . . .
Updates 03 July 2014
Great news, TWRP ubifs patch has been officially submitted to omni for review . . .
Attention all MTK ubifs users,
Guys, please hit the thanks button for dhinesh77 to show your gratitude & appreciation, he has taken all the trouble to get ubifs officially supported on TWRP even though he uses a Samsung nowadays . . .
Thanks bro for doing all this & going thru the hassle for the whole MTK ubifs community, you're the best . . . :highfive:
i've released AIO Compile TWRP script for MediaTek devices on BBQLinux so that you can build it on your own since i don't use MTK nowadays...
Changelog
XDA:DevDB Information
Easy Magic TWRP Installer for MediaTek Devices ONLY (Developers ONLY), Tool/Utility for all devices (see above for details)
Contributors
yuweng
Source Code: https://github.com/omnirom/android_bootable_recovery
Version Information
Status: Stable
Current Stable Version: 2.8.2.0
Stable Release Date: 2014-12-07
Created 2014-06-28
Last Updated 2016-03-27
Features
Auto mode
- You don't need to know a thing & it'll port a working TWRP for your MTK & that is why it is called Magic . . .
Manual mode
- Let you choose either to use your boot.img or recovery.img for porting.
- Let you manually choose your device res, data/media device, flipped screen & uses all files from your stock recovery. Refer to here for more info . . .
- device resolutions
- data/media
- flipped screen
UnPack/ RePack mode
- Let you mod whatever you want with option to install it right away to your MTK
Requirement
- Requires Root
- Install adb driver
- Enable USB debugging
- Disable UAC
- Disable driver signature
- Compatibility with KitKat
- No need ro.secure=0 to run
recovery.fstab How-to
Updates
This porting tool is build on jellybean repo so that it can support three generation of MTK SoC with non-device specific build flags to maintain compatibility. Below specific build flags are not use & it seem that the 2.8.1.0 porting tool doesn't work across MTK device. However, fyi, it works fine on mine
TW_INTERNAL_STORAGE_PATH := "/data/media"
TW_INTERNAL_STORAGE_MOUNT_POINT := "data"
TW_EXTERNAL_STORAGE_PATH := "/sdcard"
TW_EXTERNAL_STORAGE_MOUNT_POINT := "sdcard"
TW_INTERNAL_STORAGE_PATH := "/emmc"
TW_INTERNAL_STORAGE_MOUNT_POINT := "emmc"
TW_EXTERNAL_STORAGE_PATH := "/sdcard"
TW_EXTERNAL_STORAGE_MOUNT_POINT := "sdcard"
SP1_NAME := "uboot"
SP1_DISPLAY_NAME := "uboot"
SP1_BACKUP_METHOD := image
SP1_MOUNTABLE := 0
SP2_NAME := "nvram"
SP2_DISPLAY_NAME := "nvram"
SP2_BACKUP_METHOD := image
SP2_MOUNTABLE := 0
SP3_NAME := "custpack"
SP3_DISPLAY_NAME := "custpack"
SP3_BACKUP_METHOD := image
SP3_MOUNTABLE := 0
So pls refer to here <- *RECOVERY.FSTAB* to use the different flags to properly support your MTK device.
With non-device specific build flags, compatibility can be maintained across MTK SoC, you only need to mod the recovery.fstab. Having said that, i need users feedback so that i can incorporate those changes or this porting tool will remain as it is on every new release.
It seems that you need to label Sdcard as Internal Storage or External Storage to properly support proper BackUp/ Restore function. Refer to here for more info . . .
TTF font is also disable to maintain compatibility across MTK SoC.
-------------------------------------------
Preface
As mentioned few times, i don't own all the MTK devices available on the market so a few things might not work on your MTK. So use the UnPack/ RePack mode to edit necessary files typically the init.rc & recovery.fstab.
UnPack other MTK TWRP by other DEVs & see how they did it.
google your device info & search github & see how they did it, Eg. here for USB-OTG Thanks to hehua2008 the only one that published/ i can find for MTK TWRP.
As mentioned few times, the porting tool now is AIO so go ahead & play with it.
Intro
What is recovery.fstab
The actual require backup partition for MTKs or any android devices are actually ONLY just the boot, cache, data & system partition.
When you encounter any problems such as doesn't boot/ bootloop issues after a new app installation or anything at all, a Wipe Data/ Factory Reset or Restore with ONLY the system & data partition & you'll be able to revert to previous working state in a short while. Thats why its very important to make a backup before modding anything at all !
For bootloop issues with new firmware installation (update.zip) then its best to restore everything. Having said that, if you flash preloader using SP Flash Tool then TWRP restore would not be able to restore it, thats why it is important to backup your Factory ROM with MTK Droid Root & Tools first.
How to identify MTK partition
WARNING : Might corrupt or brick your MTK when you specify the wrong partition at recovery.fstab ! You have been fore-warned . . .
adb shell cat /proc/dumchar_info OR adb shell cat /proc/mtd
Below are typical MTK partition layout
Code:
Part_Name Size StartAddr Type MapTo
preloader 0x0000000000040000 0x0000000000000000 2 /dev/misc-sd
dsp_bl 0x00000000005c0000 0x0000000000040000 2 /dev/misc-sd
mbr 0x0000000000004000 0x0000000000000000 2 /dev/block/mmcblk0
ebr1 0x0000000000004000 0x0000000000004000 2 /dev/block/mmcblk0p1
pmt 0x0000000000400000 0x0000000000008000 2 /dev/block/mmcblk0
[COLOR="Blue"]nvram[/COLOR] 0x0000000000500000 0x0000000000408000 2 /dev/block/mmcblk0
seccfg 0x0000000000020000 0x0000000000908000 2 /dev/block/mmcblk0
[COLOR="blue"]uboot[/COLOR] 0x0000000000060000 0x0000000000928000 2 /dev/block/mmcblk0
bootimg 0x0000000000600000 0x0000000000988000 2 /dev/block/mmcblk0
recovery 0x0000000000800000 0x0000000000f88000 2 /dev/block/mmcblk0
sec_ro 0x0000000000400000 0x0000000001788000 2 /dev/block/mmcblk0p2
misc 0x0000000000060000 0x0000000001b88000 2 /dev/block/mmcblk0
logo 0x0000000000300000 0x0000000001be8000 2 /dev/block/mmcblk0
expdb 0x0000000000200000 0x0000000001ee8000 2 /dev/block/mmcblk0
android 0x0000000020100000 0x00000000020e8000 2 /dev/block/mmcblk0p[COLOR="blue"]3[/COLOR]
cache 0x0000000020100000 0x00000000221e8000 2 /dev/block/mmcblk0p[COLOR="blue"]4[/COLOR]
usrdata 0x0000000020100000 0x00000000422e8000 2 /dev/block/mmcblk0p[COLOR="blue"]5[/COLOR]
fat 0x0000000085338000 0x00000000623e8000 2 /dev/block/mmcblk0p[COLOR="blue"]6[/COLOR]
bmtpool 0x0000000001500000 0x00000000ff9f00a8 2 /dev/block/mmcblk0
Part_Name:Partition name you should open;
Size:size of partition
StartAddr:Start Address of partition;
Type:Type of partition(MTD=1,EMMC=2)
MapTo:actual device you operate
Standard TWRP recovery.fstab for MTK devices
Code:
# mount point fstype device [device2]
/boot emmc /dev/bootimg
/recovery emmc /dev/recovery
/system ext4 /dev/block/mmcblk0p[COLOR="Blue"]3[/COLOR]
/cache ext4 /dev/block/mmcblk0p[COLOR="blue"]4[/COLOR]
/data ext4 /dev/block/mmcblk0p[COLOR="blue"]5[/COLOR]
/emmc vfat /dev/block/mmcblk0p[COLOR="blue"]6[/COLOR]
/sdcard vfat /dev/block/mmcblk1p1 /dev/block/mmcblk1
/sd-ext auto /dev/block/mmcblk1p2
/nvram emmc /dev/nvram flags=display="[COLOR="blue"]Nvram[/COLOR]";backup=1
/uboot emmc /dev/uboot flags=display="[COLOR="blue"]Uboot[/COLOR]";backup=1
Thanks to MrJavum who discover that we can also backup Nvram & Uboot for MTK devices . . . :good:
MTK Uboot also consist of camera driver & this feature is extremely useful when you upgrade your device firmware, typically it will replace the Uboot & your camera doesn't work after that. A simple restore & you'll have your camera working again in no time.
MTK Nvram consist of your IMEI & this feature is extremely useful when you have corrupted it, a simple restore & you'll have your phone in working state again.
Below format was discovered by bgcngm & it has saved me a few lines of codes as MTK manufacturer tends to use different partition no. from each other. Eg. Some might be using mmcblk0p6 for system & some uses mmcblk0p3 while [email protected] will work on all MTK devices.
Code:
# mount point fstype device [device2]
/boot emmc /dev/bootimg
/recovery emmc /dev/recovery flags=display="recovery";backup=1
/uboot emmc /dev/uboot flags=display="uboot";backup=1
/nvram emmc /dev/nvram flags=display="nvram";backup=1
/cache ext4 /[COLOR="blue"][email protected][/COLOR]
/data ext4 /[COLOR="blue"][email protected][/COLOR]
/system ext4 /[COLOR="blue"][email protected][/COLOR]
/emmc vfat /[COLOR="blue"][email protected][/COLOR]
/sdcard vfat /dev/block/mmcblk1p1 /dev/block/mmcblk1
/sd-ext auto /dev/block/mmcblk1p2
Having said that, few has reported back that its not compatible for their MTK then you'll need to unpack it & use the device block path /dev/block/mmcblk0pX instead of this soft-link [email protected] format. Use Notepad++ for editing. Updates : Porting tool now uses direct device block path.
Below examples are some of MrJavum TWRP recovery.fstab for MTKs
Code:
# mount point fstype device [device2]
/boot emmc /dev/bootimg
/cache ext4 /[email protected]
/data ext4 /[email protected]
/misc emmc /dev/misc
/recovery emmc /dev/recovery
/system ext4 /[email protected]
[COLOR="blue"]/preload[/COLOR] ext4 /[COLOR="blue"][email protected][/COLOR] flags=display="[COLOR="blue"]Preload[/COLOR]";backup=1;wipeingui
/external_sd vfat /dev/block/mmcblk1p1 flags=display="External SD-card";storage;wipeingui;removable
/nvram emmc /dev/nvram flags=display="Nvram";backup=1
/uboot emmc /dev/uboot flags=display="Uboot";backup=1
/logo emmc /dev/logo flags=display="Boot Logo";backup=1
#mt6582/recovery_emmc.fstab
To support preload partition you'll need to specify it at init.rc too.
Code:
[COLOR="Blue"]mkdir /preload[/COLOR]
mkdir /external_sd
mkdir /system
mkdir /data
mkdir /cache
mount /tmp /tmp tmpfs
Code:
/boot emmc /dev/bootimg
/cache ext4 /[email protected]
/data ext4 /[email protected]
/misc emmc /dev/misc
/recovery emmc /dev/recovery
/emmc vfat /[email protected] flags=display="Internal SD-card";storage;wipeingui;backup=1
/system ext4 /[email protected]
/sdcard vfat /dev/block/mmcblk1p1 /dev/block/mmcblk1 flags=display="External SD-card";storage;wipeingui;removable
/nvram emmc /dev/nvram flags=display="Nvram";backup=1
/uboot emmc /dev/uboot flags=display="Uboot";backup=1
/[COLOR="blue"]logo[/COLOR] emmc [COLOR="blue"]/dev/logo[/COLOR] flags=display="[COLOR="blue"]Boot Logo[/COLOR]";backup=1
Awaaas is so kind to shared with me his findings. He got help from bigbiff on the IRC & now TWRP can also backup EBR1 & SECRO. Refer to updates here.
CodeLover has added cust partition for his Huawei.
Code:
# mount point fstype device [device2]
/boot emmc /dev/bootimg flags=display="boot"
/misc emmc /dev/misc
/recovery emmc /dev/recovery flags=display="recovery";backup=1
/uboot emmc /dev/uboot flags=display="uboot";backup=1
/nvram emmc /dev/nvram flags=display="nvram";backup=1
/cache ext4 /[email protected] flags=display="cache"
/data ext4 /[email protected] flags=display="data"
[COLOR="Blue"]/cust[/COLOR] ext4 /[COLOR="blue"][email protected][/COLOR] flags=display="[COLOR="blue"]cust[/COLOR]";backup=1
/system ext4 /[email protected] flags=display="system"
/sdcard vfat /dev/block/mmcblk1p1 /dev/block/mmcblk1
init.rc with cust partition support.
Code:
mkdir /boot
mkdir /recovery
mkdir /system
mkdir /data
[COLOR="blue"]mkdir /cust[/COLOR]
mkdir /cache
mkdir /sdcard
mount tmpfs tmpfs /tmp
So its entirely up to you to specify what you want TWRP to backup on your MTK no need to compile a new one, just mod the recovery.fstab
For further info refer to the main thread here . . . :good:
For MTK Alcatel devices, besides /custpack there is also /mobile_info partition, again its entirely up to you whether you would wanna backup it too, credits to MrJavum for compiling the first TWRP version for it . . .
Code:
# mount point fstype device [device2]
/boot emmc /dev/bootimg
/recovery emmc /dev/recovery
/cache ext4 /e[email protected]
/data ext4 /[email protected]
/system ext4 /[email protected]
/emmc vfat /[email protected]
[COLOR="Blue"]/custpack[/COLOR] ext4 /[email protected] flags=display=[COLOR="blue"]custpack[/COLOR];backup=1
[COLOR="blue"]/mobile_info[/COLOR] ext4 /[email protected]_info flags=display=[COLOR="blue"]mobile_info[/COLOR];backup=1
/nvram emmc /dev/nvram flags=display=Nvram;backup=1
/uboot emmc /dev/uboot flags=display=Uboot;backup=1
/sdcard vfat /dev/block/mmcblk1p1 /dev/block/mmcblk1
/sd-ext auto /dev/block/mmcblk1p2
Code:
mkdir /boot
mkdir /recovery
mkdir /system
mkdir /data
mkdir /cache
[COLOR="blue"] mkdir /custpack
mkdir /mobile_info[/COLOR]
mkdir /sdcard
mount tmpfs tmpfs /tmp
As mentioned many times, i don't own all MTK devices out there so some features might not work. To fix it & to learn more about modding recovery refer to my Master Shifu thread here & here . . . :good:
Ported recovery.img is too large & causes region overlap !
This tool is AIO so use the UnPack/ RePack feature to remove below known files that are safe to be deleted to save a few Kb. ( rmdisk/sbin folder ) Below list starts with less critical to critical
Use awaaas technique to use basic theme
Parted
All *exfat*
erase_image, dump_image
flash_image <- You will not be able to flash modded EBR, MBR
rmdisk/supersu folder <- You will not be able to Root via TWRP
adbd <- No adb shell & mount USB storage but you still can use MTP
In fact in the past i have tested, there are quite a few more binary that you can safely remove from rmdisk/sbin folder. Of course you'll loose a few features but at least you can still use TWRP for basic backup & restore.
Delete one file at a time at rmdisk/sbin folder, repack it, until it let you auto-install it.
Updates
Found out that you can also zip the whole content of res folder, move it to /sdcard/TWRP/theme/ui.zip, delete whole res folder & that will work too but no splash screen . . .
if you want then remain res/images/curtain.jpg then splash screen will work . . .
TWRP Materialised Theme
Huge Credits to z31s1g, TWRP has never look so elegant & sophisticated ever before . . . :good:
As mentioned many times, this tool is AIO so unpack the ported recovery.img, download the various custom splash screen that you like, resize it to your device res, copy & paste it to res/images/curtain.jpg, Credits to PünchUp . . . :good:
i have ported to 480x854 res Dark Theme & Light Theme, credits to thewisenerd & Modding.MyMind & don't forget to hit the Thanks button for them . . . :good:
Dark & Light Theme porting to MTK
If you're using other themes other than 480x854 which is ported by me then Dark & Light Theme will not work properly on MTK . . .
Solution to Change Color on Dark & Light Themes to work on MTK
Open ui.zip -> ui.xml & change all /sdcard/TWRP to /emmc/TWRP EXCEPTIONAL for two -> tw_filename=/sdcard/TWRP/aromafm/aromafm.zip & save it first.
Tips : Use the search function -> Ctrl + f to search for above keyword & if you're a Windows users then use Notepad++ for editing . . .
There are two occurrence -> ./zip -0 -r -u "/emmc/TWRP/theme/ui.zip" *; <- You'll need to delete both the -u.
Code:
mkdir "/cache/twrp";
if [ -f "/emmc/TWRP/theme/ui.zip" ];
then unzip -o "/emmc/TWRP/theme/ui.zip" -d "/cache/twrp";
chmod 777 "/cache/twrp/zip";
cp -r /cache/twrp/%tw_folder%/* "/cache/twrp/images";
busybox mv "/cache/twrp/ui.xml" "/cache/twrp/ui_temp.xml";
busybox sed "s/%text_highlight%/#%tw_text_color_highlight%/g" "/cache/twrp/ui_temp.xml" > "/cache/twrp/ui_temp2.xml";
rm -f "/cache/twrp/ui_temp.xml";
busybox sed "s/%text_actionbar%/#%tw_text_actionbar%/g" "/cache/twrp/ui_temp2.xml" > "/cache/twrp/ui.xml";
rm -f "/cache/twrp/ui_temp2.xml";
cd "/cache/twrp";
[COLOR="blue"]./zip -0 -r "/emmc/TWRP/theme/ui.zip" *;[/COLOR]
cd /;
rm -r "/cache/twrp"
else
Updates
/data/media device refer to here . . . :good:
Solution to Install Image on Dark & Light Themes to work on MTK
WARNING : Does not check whether the boot.img or recovery.img you're about to flash is oversize & that might brick your MTK if you have only 6Mb partition, you have been fore-warned . . .
When you select Install -> Top Menu Install Zip -> Install Zip or Install Image
Open ui.zip -> flashify -> META-INF -> com -> google -> android -> update-binary & edit as below . . .
Replace Line 41 to 53 with below & save it first.
Code:
# Modded to work on MediaTek devices only
case $image in
boot*)
imgtype="boot.img";;
*recovery*)
imgtype="recovery.img";;
*)
ui_print "No image file found to flash.";
abort;;
esac;
Now at Line 66 to 74 replace with below, save it & now flashing MTK boot.img or recovery.img will work on Dark & Light Theme.
Code:
# Modded to work on MediaTek devices only
if [ "$imgtype" == "boot.img" ]; then
block=/dev/bootimg;
elif [ "$imgtype" == "recovery.img" ]; then
block=/dev/recovery;
fi;
Aroma File Manager
It is a known problem that aromafm will not to work properly on flip-screen, this is not a TWRP problem as it has never been updated for almost a year.
Flip Touch on Flip Screen
It is a known problem that MTK manufacturer uses non-standard design & uses different Flip Screen/ Non-Flip LCD with different combinations of Flip/ Non-Flip Touch Screen on various Portrait & especially Landscape Android devices.
There is absolutely no way that the porting tool could detect whether your MTK's Touch is FlipX or FlipY or SwapXY so i build all possible combinations here -> View attachment 3039567, read the How-to use it. Built-in to porting tool -> Manual-mode
Bug report <- No support if you don't attach it to your post, pls refer to post #1 YOUR TOOL DOESN'T WORK . . .
Refer to here on how to submit a proper bug report . . . :good:
Please always attach recovery.log & log.txt from the porting tool or i'll be giving the wrong advice based on assumption & that might brick your device !
How to obtain recovery log
adb pull /tmp/recovery.log -> Attach to your post
At TWRP -> BackUp -> After Backup go to Advanced -> Copy Log to SDCard
Typically you will find the recovery.log at
Typical Internal SdCard
/emmc/TWRP/BACKUPS/ [Your Device Name] / [Backup date] [ro.mediatek.version.release]
or
Typical External SdCard
/sdcard/TWRP/BACKUPS/ [Your Device Name] / [Backup date] [ro.mediatek.version.release]
Attach it to your post.
At TWRP console (Square button at button) -> You can view the log
if you don't see me replying means either the answer is already at this thread so start reading every page, its not like there are 100 over pages, as of 10 Jan 2014, there are only 24 pages . . .
The 2nd reason you don't see me replying is i donno the answer then head up to the TWRP IRC channel to get help, refer to here for more info . . .
TWRP FAQ
Questions & Answers
Q : Your tool doesn't work.
A : Its already explained at the OP, pls read EVERYTHING at Page 1 !
Q : I can't get adb to work on my PC.
A : Then get one of your device forum DEV to look at this porting tool.
Q : I have a MTK model xxx SoC YYY, does your porting tool support it.
A : The title already said it, for all MediaTek Devices ONLY except latest big.LITTLE/ Cortex-A53 use PhilZ Touch
Q : I have a MTK but i'm afraid the porting tool would brick my device.
A : Then don't use it ! Its for Developers ONLY !
Q : OP said DO NOT USE IT ON LOCKED BOOTLOADER but the link doesn't say much for MTK devices.
A : There isn't any guide to identify locked bootloader on MTKs, generally you'll have to flash the recovery.img to find out whether it bricks ! However, farenheith has confirmed by flashing back the original stock 3e recovery.img & his locked bootloader MTK Motorola boots back !
As explained BRANDED at the OP, UNBRANDED MTKs are generally MTKs directly from China, have unlock bootloaders.
List of supported MTK devices . . .
@yuweng Simply Awesome....
Haha, you are most welcome, my friend . . . :highfive:
Any feedbacks on ubifs & if everything is working well then i'll contact Master Shifu Dees_Troy to submit dhinesh77 patch to have ubifs officially supported by TWRP . . .
Amazing work!
It's been a while since i googled about MTK Devices. I've already compiled TWRP for Oppo Find Muse, which has the MTK6572. It's really pleasure to see that you've made a good job! :laugh::good:
Keep up the good work!
I'm not able to update my TWRP recovery coz my device already given to my mom :crying:
But i'm still browsing about the MTK Devices :laugh:
It says that my recovery partition its to small(6291456) and that i can lose my IMEI. How can i make the partition recovery bigger?
As mentioned at the OP, it will most probably works on the latest MTK devices with above 6Mb, Eg : The latest MT6582, MT6592 or the obsolete MT6573, MT6575, MT6577 b'cos the kernel is so much smaller in size on these legacy devices . . .
i've published my findings on how to increase MTK recovery partition to 7Mb or 8Mb last year but many couldn't get it to work on their MT6589 . . .
Those that got it to work never shared it . . . Hunt for key work 7Mb_TWRP.pdf. WARNING : You might brick your device in doing so . . .
yuweng said:
As mentioned at the OP, it will most probably works on the latest MTK devices with above 6Mb, Eg : The latest MT6582, MT6592 or the obsolete MT6573, MT6575, MT6577 b'cos the kernel is so much smaller in size on these legacy devices . . .
i've published my findings on how to increase MTK recovery partition to 7Mb or 8Mb last year but many couldn't get it to work on their MT6589 . . .
Those that got it to work never shared it . . . Hunt for key work 7Mb_TWRP.pdf. WARNING : You might brick your device in doing so . . .
Click to expand...
Click to collapse
:good:
I prefer not to test it
Works with MT6572? :/
Great Work Bro!! :highfive:
Hello sir, I have a "mtk 6589t xolo q3000 with 4.4.2 kitkat os.
My stock recovery.imgs size is 6Mb and my stock boot.imgs size is also 6mb.
Is it possible to port twrp in my device ?
Will my mobile support your tool?
Sent from my Q3000 using XDA Premium 4 mobile app
Please upload it to some file sharing site rather than torrent..no seeds and leechers..
Sent from my Micromax A58 using xda app-developers app
daoodshah said:
....no seeds and leechers....
Click to expand...
Click to collapse
if you wanna download, do it the simple way. see the part "Where is the Downloads . . . " in the op.
"click to show content". can't get any simpler/better than that.
Dwnload is nt getting any speed..thats the problem..as there are no seeds..
Sent from my Micromax A58 using xda app-developers app
daoodshah said:
Dwnload is nt getting any speed....as there are no seeds..
Click to expand...
Click to collapse
no seeds required. click direct download. don't you see the pic and the circled icon? just do a 1-2-3.
Working perfectly for UBIFS..just tested right now..
Sent from my Micromax A58 using xda app-developers app
Wanna try this
which can delete files from folder "sbin"? Turned to run on 6589, but still works incorrectly.
Is there a way to increase size of recovery partition. I have 6mb partition, ported recovery is 6.4mb
Tutorial port rom different MTK chipset
MT6589 to MT6572
1. Material Stock
2. Materials Port
From Stock grab:
file-folder:
* / System / lib -> / modules
* / System / lib -> / egl
* / System / lib -> / hw
* / System / lib -> / SoundFX
regular file:
* / System / lib -> from libaudio-resampler.so to / lib -> libaudioutils.so
* / System / lib -> from libcam.camadapter.so to / lib -> libcameraservice.so
* / System / lib -> libMali.so and all related to the GPU. especially libMali.so
================================================
From stock take:
file-folder:
* / System / etc -> / bluetooth
* / System / etc -> / firmware
* / System / etc -> / wifi
regular file:
* / System / etc -> vold.fstab
* / System / etc -> vold.fstab.nand
================================================
From stock take:
* System / usr / keylayout / Generic.kl
or all files in / usr this will fix the bug.
================================================
From stock take:
* / System / vendor
This merge into port.
================================================
From stock take:
* / System / xbin
This merge into port.
================================================
all of the above files kcuali vendor and xbin
replace it to the port.
or first delete the files and replace port exactly above.
if the file is not a MALI GPU port then in / lib there is a file libMali.so
so add libMali.so of stock and all related to the GPU. libEGL.so example.
================================================
Which fairly complicated stage which must edit boot.img.
Take boot.img from the port.
boot.img unloading port and boot.img stock
(Tutor kmrin I dah share)
tutor via apktool android
if use PC / lepi ane kaga ngarti: p
edit boot.img port
click / ramdisk find "init.rc" edit "init.rc"
search! code "mt6589" without quotes
change to "mt6572" without quotes
all code "mt6589" change it to "mt6572"
if it finds one of the codes "mt6582" This let it remain "mt6582" should not be changed.
then save.
take stock of boot.img file named "kernel" without the quotes, its size 3.85Mb
and override all port boot.img.
then unpack be named new.img size 4.46Mb
rename to boot.img
================================================
At Port edit his build.prop
* /system/build.prop
find code: ro.mediatek.platform = MT65xx
example: ro.mediatek.platform = MT6589
MT6589 change so MT6572
example: ro.mediatek.platform = MT6572
search code:
mediatek.wlan.chip = MT6628
mediatek.wlan.module.postfix = _mt6628
change it to:
mediatek.wlan.chip = mediatek.wlan.module.postfix = _
================================================
In the port edit "updater-script" at META-INF
search code:
eg "its format"
format ("ext4", "EMMC", "/ dev / block / mmcblk0p3", "0", "/ system");
change "mmcblk0p3" so "mmcblk0p4"
"Mmcblk0p4" This is a mount point system A7T +
And change also "mount her"
mount ("ext4", "EMMC", "/ dev / block / mmcblk0p3", "/ system");
change "mmcblk0p3" so "mmcblk0p4"
Or change it to as below, this code is universal and suitable for all android MTK
format ("ext4", "EMMC", "EMMC @ android", "0", "/ system");
mount ("ext4", "EMMC", "EMMC @ android", "/ system");
add the code:
symlink ("wlan_mt6582.ko", "/system/lib/modules/wlan.ko");
symlink ("/ system / xbin / libmnlp_mt6572", "/ system / xbin / libmnlp");
before the code "set_perm" or at the beginning of the code "sysmlink"
then save.
================================================
FOR ADVANCED USER !!
Fixing BUG APP THAT WILL MOST FC
Decompile "framework.jar" stock and port
in stock Copas smua contents of:
/ Smali / com / MediaTek
framework.jar to put in place the same port
And this also
smali / com / android / server
Copas also to put in place the same port
recompile framework.jar port
done ...
================================================
Wrap into a flashable zip and install via
CWM or TWRP
LINK SOURCE / ORIGINAL
http://forum.xda-developers.com/showthread.php?t=2701283
A youtube video on this guide
Watch video
Hello guys,
I rarely write guide and tutorials .so neglect my typos and gramatical mistakes
Today im gonna show you how to unpack sparsed system.img files (system_1.img+system_2.img+............+system_*.img)
supports system / cache / userdata / persist / vendor / cust / odm /oem partitions from QFIL firmwares
Lets get started
LINUX
Things Needed:
1) Packsparseimg
2) Imgextractor.exe -Need wine for this
Procedure:
1) First of all extract you device firmware in which you have sparse system.img files in a folder.
(folder path ex:~/Desktop/firmware)
2) Copy the downloaded packsparseimg_v1.1 and Imgextractor.exe in the same folder where you extracted your firmware
(ex:~/Desktop/firmware)
3) Open terminal and enter below commands.
4)
Code:
chmod 0755 packsparseimg_v1.1
5)This command will pack sparse system_1.img....files to system.raw
Code:
./packsparseimg_v1.1
you can use these commands to pack sparse cache and userdata persist,vendor,cust,odm partitions
Code:
Usage of ./packsparseimg_v1.1:
-o string
output dir path (default "./")
-t string
image to unsparse: system / cache / userdata / persist / vendor / cust / odm / oem (default "system")
-x string
xml file to load (default "./rawprogram_unsparse.xml")
6) After joining of sparse system.img's finishes you will get system.raw file
7) Use below commands to unpack system.raw to system folder
Note: You need wine on your linux to run imgextractor.exe
Code:
wine imgextractor.exe system.raw
8) Hell Yeah! you have successfully unpack those system_1,2,3,4....imgs
now you can make your own stock deodexed rom
Downloads For linux:-
[MOD EDIT: URL REMOVED]
Password:innfinite4evr
Imgextractor.exe
WINDOWS
Things Needed:
1) packsparseimg_v1.1
2) Imgextractor.exe
Procedure:
1) First of all extract you device firmware in which you have sparse system.img files in a folder.
(folder path exesktop/Myfirmware)
2) Copy the downloaded packsparseimg_v1.1 and Imgextractor.exe in the same folder where you extracted your firmware
(exesktop/Myfirmware)
3) Open Command Prompt (cmd.exe) and enter below commands.
PS: you can open command propmt by any of these methods. Here method 1 is preferred
Method 1: Most suitable method for this guide
hold down shift key while pressing the right mouse onto the folder you want to open "command prompt" then a new menu item will appear in your context menu offering you exactly that: "open command prompt here" select it and command prompt will open.
Method 2:Search is very helpful. In Windows 7, open the Start Menu and type command or cmd. Then, click or tap the Command Prompt
Method 3ne of the quickest ways to launch the Command Prompt is to use the Run window (press Win+R on your keyboard and type cmd and press enter to open it).
i guess three methods are enough for windows users
4) AFter command prompt opens enter below comamnds to proceed further
5)This command will pack sparse system_1.img....files to system.raw
Note default is "system"
Code:
packsparseimg
you can use these commands to pack sparse cache and userdata persist,vendor,cust,odm partitions
Code:
Usage of packsparseimg:
-o string
output dir path (default "./")
-t string
image to unsparse: system / cache / userdata / persist / vendor / cust / odm (default "system")
-x string
xml file to load (default "./rawprogram_unsparse.xml")
6) After joining of sparse system.img's finishes you will get system.raw file
7) Use below commands to unpack system.raw to system folder
Code:
imgextractor.exe system.raw
8) Now you will get unpacked system folder
Hell Yeah! you have successfully unpack those system_1,2,3,4....imgs
now you can make your own stock deodexed rom
Downloads for windows:-
Imgextractor.exe
Password:innfinite4evr
[MOD EDIT: URL REMOVED]
Changelog:-
in update v1.1
now supports system / cache / userdata / persist / vendor / cust / odm /oem partitions from QFIL firmwares
Credits:
kidd for initially making packsparseimg binary
@and_pDA for imgextractor,exe(Based on sources ext4_unpacker)
@Innfinite4evr for testing this method and write this guide
Great work bro :good: Nice job and thanks for this
great work man. thanks
can you share code?
There is another way to unpacj that instead of using wine.
Code:
mount -o loop -t ext4 system.img [path]
Replace:
[Path] with path to the output directory you want (ex: ~/sys-img)
ext4: This might be different, check it by yourself, but most device now using ext4
Thanks for the info, btw
Please can somebody tell me how to revert the process? To create again sparse images and flash via qfil? Thanks in advance!
cofface said:
can you share code?
Click to expand...
Click to collapse
only prebuilts
cofface said:
can you share code?
Click to expand...
Click to collapse
only prebuilts
I get this error on Ubuntu:
bash: ./packsparseimg: cannot execute binary file: Formato eseguibile non valido
What is the procedure to do the reverse?
How to repack as parts
sir i was trying to repack system folder to system_1.img system_2.img etc.
is there any way for that?
i need to repack and flash to my phone
Doesn't seem to work for Oreo a/b system
@Innfinite4evr Hi there, can you add vendor, cust and odm support ?
AL_IRAQI said:
@Innfinite4evrHi there, can you add vendor, cust and odm support ?
Click to expand...
Click to collapse
Yes there is.
Im thinking to update this stuff
AL_IRAQI said:
@Innfinite4evrHi there, can you add vendor, cust and odm support ?
Click to expand...
Click to collapse
Ive updated the tool, maybe you can try for odm partition.
Innfinite4evr said:
Ive updated the tool, maybe you can try for odm partition.
Click to expand...
Click to collapse
I've try to buy, with all my2 credit card (master card and american express)
I was addebited 1€ in my mastercard, but it always give me error and I can't download the program.
I do not want the refund, I'd like to have the tool!
Samuele Bonzio
I give you my phone number by PM if that need!
Thank you!
Thread closed. PM me when you have download links that don't require payment to be added to the OP.
Hello All,
My Imjtool is now at version 1.6 , supporting MediaTek images, improving QCom FBPK (SD845 and onwards ".img"), DTBO (Device tree blob overlay) slicing, super.img (liblp logical partitions) and block based update images (system.transfer.list and ..new.dat) even when compressed with Brotli (.br) compression.
By now, there's support for quite a few formats, including proprietary QCOM FBPK, Huawei UPDATE.APP, and even UEFI containers:
Code:
/**
*
* Rudimentary Android image and partition unpacking tool
*
* v0.1 - Support unpacking of BootLoader and Boot images, as well as imgdata
* v0.2 - Supports offset= (for HTC and other boot.imgs where ANDROID! is wrapped)
* Supports cmdline= (to override kernel command line)
*
* v0.3 - Integrated mkbootimg functionality, added dt_size and id
*
* v0.4 - cmdline, addrs..
*
* v0.4.1 - Fix for Edvard Holst on Essential PH1 images.. (who uses Essential nowadays, I wonder?)
*
* v0.5 - Update with LZ4 binaries, fix for extract devicetree even if can't uncompress kernel
*
* v0.6 - Samsung images (with DT > 0) - Device Tree now found whereever it may hide
*
* v0.7 - system.transfer.list support
*
* v0.8 - FBPK (SD845 CrossHatch (Pixel 3 XL) bootloader images) AND Huawei Mate
* Also compiles cleanly
*
* v0.85 - system.transfer.list support for v4 (MTK 64 bit)
*
* v1.0 - EFI. Worthy enough a feature that (after three years) I hit version 1 on it, and - JCOLOR
*
* v1.1 - Samsung baseband images ("TOC") - 03/04/2020
*
* v1.2 - DTBO, super.img (03/20/2020) and integrated Brötli
*
* v1.2.1 - Lots of QCOM EFI GUIDs added. Thanks to anonymous contributor!
*
* v1.3 - Can now also pack super.img and boot.img based on existing!
*
* v1.4 - uBoot uimage format
*
* v1.5 - MTK images!
*
* v1.5.1 - Fixes: QCOM FPBK fixed (accidentally removed during refactoring around 1.3.. oops)
* UEFI now unpacks files by UI, if presenr, rather than GUID
*
* 1.6 - Peek into images to detect payload format
*
*
* platform-innovation-framework-for-uefi-complete-specifications-v0.90-v0.97 from Intel
* was invaluable for figuring out EFI
*
*
* This tool is part of the free downloads for the book
* "Android Internals: A Confectioner's Cookbook"
* But (as of v1.0) is also quite useful or MacOS T2 firmwares
*
* Author: Jonathan Levin, http://NewAndroidBook.com
*
* (New edition of Book and the loooong overdue Vol II coming soon! Check /TOC.html on site!)
*
* License: Use freely, BUT give credit where due. This way people learn of the website and books.
*
* If you have suggestions for improvement/new image types/etc - let me know and I'll gladly
* add them in.
**/
Totally free to use, feedback or requests appreciated.
Link: NewAndroidBook.com/tools/imjtool.html
Hello!
I've stumbled into this tool while trying a stupid thing. I've realized that on Xiaomi Mi A3 (laurel_sprout) the android splash images are stored in xbl.elf.
Code:
<!-- This is LUN 1 - Boot LUN A" -->
<physical_partition>
<partition label="xbl_a" size_in_kb="3584" type="DEA0BA2C-CBDD-4805-B4F9-F428251C3E98" bootable="false" readonly="true" filename="xbl.elf"/>
<partition label="xbl_config_a" size_in_kb="128" type="5A325AE4-4276-B66D-0ADD-3494DF27706A" bootable="false" readonly="false" filename="xbl_config.elf"/>
<partition label="last_parti" size_in_kb="0" type="00000000-0000-0000-0000-000000000000" bootable="false" readonly="true" filename="" />
</physical_partition>
<!-- This is LUN 2 - Boot LUN B" -->
<physical_partition>
<partition label="xbl_b" size_in_kb="3584" type="DEA0BA2C-CBDD-4805-B4F9-F428251C3E98" bootable="false" readonly="true" filename="xbl.elf"/>
<partition label="xbl_config_b" size_in_kb="128" type="5A325AE4-4276-B66D-0ADD-3494DF27706A" bootable="false" readonly="false" filename="xbl_config.elf"/>
<partition label="last_parti" size_in_kb="0" type="00000000-0000-0000-0000-000000000000" bootable="false" readonly="true" filename="" />
</physical_partition>
I've used imjtool on Ubuntu 18.04 WSL and was able to extract xbl.elf contents, where, indeed the bmp files are stored (see attachment).
Now my question is, how to "repack" the elf file if I wanted to replace those bmp files for other ones?
Is that possible?
err.. no. But I could probably add that as a feature - I'll admit this is the first time I'm getting this request.
Thing is XBL is signed, and even if you unlock the bootloader, that only takes effect well after XBL loading (in fact, after ABL), so you won't be able to reflash XBL without risk of bricking.
Sure you need this?
Typhus_ said:
Hello!
I've stumbled into this tool while trying a stupid thing. I've realized that on Xiaomi Mi A3 (laurel_sprout) the android splash images ares stored in xbl.elf.
Code:
<!-- This is LUN 1 - Boot LUN A" -->
<physical_partition>
<partition label="xbl_a" size_in_kb="3584" type="DEA0BA2C-CBDD-4805-B4F9-F428251C3E98" bootable="false" readonly="true" filename="xbl.elf"/>
<partition label="xbl_config_a" size_in_kb="128" type="5A325AE4-4276-B66D-0ADD-3494DF27706A" bootable="false" readonly="false" filename="xbl_config.elf"/>
<partition label="last_parti" size_in_kb="0" type="00000000-0000-0000-0000-000000000000" bootable="false" readonly="true" filename="" />
</physical_partition>
<!-- This is LUN 2 - Boot LUN B" -->
<physical_partition>
<partition label="xbl_b" size_in_kb="3584" type="DEA0BA2C-CBDD-4805-B4F9-F428251C3E98" bootable="false" readonly="true" filename="xbl.elf"/>
<partition label="xbl_config_b" size_in_kb="128" type="5A325AE4-4276-B66D-0ADD-3494DF27706A" bootable="false" readonly="false" filename="xbl_config.elf"/>
<partition label="last_parti" size_in_kb="0" type="00000000-0000-0000-0000-000000000000" bootable="false" readonly="true" filename="" />
</physical_partition>
I've used imjtool on Ubuntu 18.04 WSL and was able to extract xbl.elf contents, where, indeed the bmp files are stored (see attachment).
Now my question is, how to "repack" the elf file if I wanted to replace those bmp files for other ones?
Is that possible?
Click to expand...
Click to collapse
morpheus______ said:
err.. no. But I could probably add that as a feature - I'll admit this is the first time I'm getting this request.
Thing is XBL is signed, and even if you unlock the bootloader, that only takes effect well after XBL loading (in fact, after ABL), so you won't be able to reflash XBL without risk of bricking.
Sure you need this?
Click to expand...
Click to collapse
No, of course I don't "need" this. And, yes, my device is fully unlocked (critical partitions included).
Thing is, on Android community it's usual to change the splash screen but, normally, there's a splash.img (or logo.bin, etc) where all image files ares stored. Those files belong to a splash partition, which typically, isn't that "important" so even if we mess up flashing the wrong stuff onto it, a new flash with the proper img (or bin) file would solve the issue.
Now, for what I've understood, what you're saying is that we could face the risk of hard bricking the device if the "repack" would create a corruptible elf file, right?
After extracting the elf file I've noticed a LOT of stuff there, besides the 2 bpm files I wanted to change, and so if this is an unnecessary risk, I'll just forget about it.
Funny thing is, on this device (Xiaomi Mi A3), there's a splash partition and we can "dd" it but it results on a splash.img filled with zeros. I wonder if we could create a splash.img using the bpm files I've found on the xbl.elf file and flash it on the splash partition...just to check if it would overwrite the bpm files present on xbl.elf.
Don't know, guess I'll try it...just have to find a splash image tool compatible with the device resolution.
Either way, thank you for answering me.
Just making sure there - better safe than sorry, as, even with "critical partitions" unlocked, I can't vouch for your boot sequence not rejecting this - whether the ELF is valid or corrupt won't be the main risk - what will be is that the bootROM (or UEFI runtime) might reject this xbl as it won't be validly signed.
Still, it's an interesting challenge. I can get on it. I'll update, and you can always get me over DM.
BTW, I just updated imjtool.tgz (at same URL) with a minor update to accommodate for all QCOM GUIDs I could get my hands on. If you try it again you should be able to see lots more "DXE" files in human readable, rather than GUID notation..
Typhus_ said:
No, of course I don't "need" this. And, yes, my device is fully unlocked (critical partitions included).
Thing is, on Android community it's usual to change the splash screen but, normally, there's a splash.img (or logo.bin, etc) where all image files ares stored. Those files belong to a splash partition, which typically, isn't that "important" so even if we mess up flashing the wrong stuff onto it, a new flash with the proper img (or bin) file would solve the issue.
Now, for what I've understood, what you're saying is that we could face the risk of hard bricking the device if the "repack" would create a corruptible elf file, right?
After extracting the elf file I've noticed a LOT of stuff there, besides the 2 bpm files I wanted to change, and so if this is an unnecessary risk, I'll just forget about it.
Funny thing is, on this device (Xiaomi Mi A3), there's a splash partition and we can "dd" it but it results on a splash.img filled with zeros. I wonder if we could create a splash.img using the bpm files I've found on the xbl.elf file and flash it on the splash partition...just to check if it would overwrite the bpm files present on xbl.elf.
Don't know, guess I'll try it...just have to find a splash image tool compatible with the device resolution.
Either way, thank you for answering me.
Click to expand...
Click to collapse
morpheus______ said:
BTW, I just updated imjtool.tgz (at same URL) with a minor update to accommodate for all QCOM GUIDs I could get my hands on. If you try it again you should be able to see lots more "DXE" files in human readable, rather than GUID notation..
Click to expand...
Click to collapse
Cool, thanks for the update. I'll check it.
Stupid question, isn't the elf file signature one of it's files inside it's content? If it is, and if we preseve it (like don't touch it), after "repacking" wouldn't it still be signed with the same valid signature? Or the process to "repack" will forcibly resign it with a different signature?
The goal was to simply replace one bpm file (the one that states unlocked) since the other one only appears when the bootloader is locked...no point on changing that. All of the rest would remain exactly the same.
Thank you for spending time around this.
There are many ways to sign files. In the case of ELF, it's a separate section which signs all contents of the ELF but itself. The problem is, that it signs *all* contents, so that if you add a section - you've changed the header and you've messed the signature up. Same idea as signing an APK - so that you can't tamper with any of the files in it.
When you "repack" you can't re-generate the signature because it's a hash (which you can recompute easily) signed with the private key of the vendor (which you don't have). The old signature section won't be valid anymore because you will have altered the contents and/or added sections at this point.
J
Typhus_ said:
Cool, thanks for the update. I'll check it.
Stupid question, isn't the elf file signature one of it's files inside it's content? If it is, and if we preseve it (like don't touch it), after "repacking" wouldn't it still be signed with the same valid signature? Or the process to "repack" it will forcibly resign it with a different signature?
The goal was to simply replace one bpm file (the one that states unlocked) since the other one only appears when the bootloader is locked...no point on changing that. All of the rest would remain exactly the same.
Thank you for spending time around this.
Click to expand...
Click to collapse
morpheus______ said:
There are many ways to sign files. In the case of ELF, it's a separate section which signs all contents of the ELF but itself. The problem is, that it signs *all* contents, so that if you add a section - you've changed the header and you've messed the signature up. Same idea as signing an APK - so that you can't tamper with any of the files in it.
When you "repack" you can't re-generate the signature because it's a hash (which you can recompute easily) signed with the private key of the vendor (which you don't have). The old signature section won't be valid anymore because you will have altered the contents and/or added sections at this point.
J
Click to expand...
Click to collapse
Right, I understand.
Anyway, is the tool updated already? I'm just asking since I've tried it right now and it shows the exact same content after extracting xbl.elf again.
yep.
NewAndroidBook.com/tools/imjtool.tgz is direct link.
Patching ELF might take me a while
J
Typhus_ said:
Right, I understand.
Anyway, is the tool updated already? I'm just asking since I've tried it right now and it shows the exact same content after extracting xbl.elf again.
Click to expand...
Click to collapse
How to repack super.img
I^m trying to modify system.img inside super.img.
First step extract super.img file:
Code:
imjtool super.img extract
It creates a file image.img, inspecting it with imjtool I get:
Code:
$ imjtool image.img
liblp dynamic partition (super.img) - Blocksize 0x1000, 2 slots
LP MD Header @0x3000, version 10.0, with 4 logical partitions on block device at partition super, first sector: 0x800
Partitions @0x3080 in 2 groups:
Group 0: default
Group 1: group_basic
Name: system (read-only, spanning 1 extents and 4613 MB)
Name: vendor (read-only, spanning 1 extents and 574 MB)
Name: product (read-only, spanning 1 extents and 665 MB)
Name: odm (read-only, spanning 1 extents and 4 MB)
I proceed with extracting the content of image.img
Code:
imjtool image.img extract
It extracts 4 files:
system.img
vendor.img
product.img
odm.img
After mouting system.img and make my change, how can I repack the 4 files and recreate super.img?
I've tried with
Code:
imjtool make super.img system.img vendor.img product.img odm.img
but the result is something different...
bagbyte said:
I^m trying to modify system.img inside super.img.
First step extract super.img file:
Code:
imjtool super.img extract
It creates a file image.img, inspecting it with imjtool I get:
Code:
$ imjtool image.img
liblp dynamic partition (super.img) - Blocksize 0x1000, 2 slots
LP MD Header @0x3000, version 10.0, with 4 logical partitions on block device at partition super, first sector: 0x800
Partitions @0x3080 in 2 groups:
Group 0: default
Group 1: group_basic
Name: system (read-only, spanning 1 extents and 4613 MB)
Name: vendor (read-only, spanning 1 extents and 574 MB)
Name: product (read-only, spanning 1 extents and 665 MB)
Name: odm (read-only, spanning 1 extents and 4 MB)
I proceed with extracting the content of image.img
Code:
imjtool image.img extract
It extracts 4 files:
system.img
vendor.img
product.img
odm.img
After mouting system.img and make my change, how can I repack the 4 files and recreate super.img?
I've tried with
Code:
imjtool make super.img system.img vendor.img product.img odm.img
but the result is something different...
Click to expand...
Click to collapse
Update: I've found my answer: https://forum.xda-developers.com/showpost.php?p=82241115&postcount=70
That's because 'make' wasn't designed for super.img creation, but for initrd (boot.img).
Now that I know people need this, I'll add that in. Updates to follow.
J
bagbyte said:
I^m trying to modify system.img inside super.img.
First step extract super.img file:
Code:
imjtool super.img extract
It creates a file image.img, inspecting it with imjtool I get:
Code:
$ imjtool image.img
liblp dynamic partition (super.img) - Blocksize 0x1000, 2 slots
LP MD Header @0x3000, version 10.0, with 4 logical partitions on block device at partition super, first sector: 0x800
Partitions @0x3080 in 2 groups:
Group 0: default
Group 1: group_basic
Name: system (read-only, spanning 1 extents and 4613 MB)
Name: vendor (read-only, spanning 1 extents and 574 MB)
Name: product (read-only, spanning 1 extents and 665 MB)
Name: odm (read-only, spanning 1 extents and 4 MB)
I proceed with extracting the content of image.img
Code:
imjtool image.img extract
It extracts 4 files:
system.img
vendor.img
product.img
odm.img
After mouting system.img and make my change, how can I repack the 4 files and recreate super.img?
I've tried with
Code:
imjtool make super.img system.img vendor.img product.img odm.img
but the result is something different...
Click to expand...
Click to collapse
This is very helpful. Many thanks!
Chaser
Yeah great stuff... just used imjtool to extract abl.img and hunt for hidden fastboot commands.
This is an awesome tool!!!
Thanks a lot and best regards,
scholbert
morpheus______ said:
That's because 'make' wasn't designed for super.img creation, but for initrd (boot.img).
Now that I know people need this, I'll add that in. Updates to follow.
J
Click to expand...
Click to collapse
Thank you for this tool!! I could also definitely use the ability to do this ^^^ with imjtool.
Unpacking/Repacking for Samsung S9
Hey, nice work, thank you!
I pulled the working boot.img from a Samsung Galaxy S9. I am just trying to unpack it, repack it and flash it back, and see it working (as a test, if that works I'll move to replace the kernel).
Your tool also extracts the DTB, which is great, abootimg didn't do that. However, when I repack like
Code:
imjtool.x86_64 make boot-repacked.img extracted/kernel extracted/ramdisk extracted/kernelimage extracted/devicetree.dtb
the result is only 38M large, the original is 55M, which seems already fishy. When I flash it anyway (using heimdall if it matters), it results in a bootloop.
So my questions are:
Am I using your tool wrong? Is the Samsung S9 not supported? Or is it a bug?
Another thing that puzzles me:
imjtool unpacks
Code:
devicetree.dtb kernel kernelimage ramdisk
abootimg unpacks
Code:
bootimg.cfg initrd.img zImage
So I know abootimg apparently misses the DTB (and "kernelimage" which is the .config used when the kernel was built) - But is your tool missing the info in bootimg.cfg (e.g. kernel command line?)
Thanks for your work/help!
This is what imjtool printed when extracting, in case it matters:
Code:
Boot image detected
Part Size Pages Addr
Kernel: 29126664 14223 0x10008000
Ramdisk: 9880749 4825 0x11000000
Secondary: 0 0 0x10f00000
Tags: 0x10000100
Flash Page Size: 2048 bytes
DT Size: 1787904 bytes
ID: d251a0a387fd671226676852a14905ff726e6c79000
Name: SRPQH16B002KU
CmdLine: androidboot.selinux=permissive androidboot.selinux=permissive
Found GZ Magic at offset 13352456
extracted/kernelimage.gz:
gzip: extracted/kernelimage.gz: decompression OK, trailing garbage ignored
57.7% -- replaced with extracted/kernelimage
Extracting kernel
Extracting ramdisk
Searching for DT at 0x2534800
Found DT Magic @800
Hi Arcepth,
Odd; I have an S9 myself, and re-creating the image worked for me way back when I tried it. Could you do me a favor and send your boot.img? DM is fine.
The kernel command line should be taken from the boot.img, (the .cfg file abootimg generates is artificial). You can specify cmdline= to imjtool and it will embed that cmdline.
Samsung's odd with their device tree. They put it as the secondary, whereas others just fuse it to the kernel.
Any deviation from what Samsung expects will boot loop. I know this the very hard way
Anyway, DM me.
Using imjtool on S20 boot.img
I am having the same issue with Galaxy S20's "boot.img".
The original is ~60MB but after repack is ~38MB
-----------------------------Log---------------------------
root:/home/tools/imjtool# ./imjtool.x86_64 boot.img extract
Boot image detected
Part Size Pages Addr
Kernel: 37801996 18459 0x10008000
Ramdisk: 889691 435 0x11000000
Secondary: 0 0 0x10f00000
Tags: 0x10000100
Flash Page Size: 2048 bytes
DT Size: 2 bytes
ID: ##################################
Name: S##########
CmdLine: androidboot.hardware=exynos990 androidboot.selinux=permissive androidboot.selinux=permissive
Found GZ Magic at offset 16951272
extracted/kernelimage.gz:
gzip: extracted/kernelimage.gz: decompression OK, trailing garbage ignored
62.7% -- replaced with extracted/kernelimage
Extracting kernel
Extracting ramdisk
Searching for DT at 0x24e7800
Unable to locate device tree
-----------------------------------End Log---------------------------------
My command for repack:
roothome:/home/tools/imjtool# ./imjtool.x86_64 make boot2.img extracted/kernel extracted/ramdisk extracted/kernelimage [cmdline='androidboot.hardware=exynos990 androidboot.selinux=permissive androidboot.selinux=permissive'] [addr=0x10008000]
I didn't try to flash this though.
Thank you for the feedback! The tool is built around my use cases, but I don't get to experience all the crazy variants in image formats out there..
Anyway - I got this one: It took a bit to figure out but Samsung shoves a LOT of stuff after the DT which isn't part of the boot.img specification, as well as stuff which now is (AVB0) but I wasn't aware of when I started imjtool. So - I'm updating imjtool to handle this. I can already reliably detect and extract all their extras:
Code:
[email protected]öst (~/Documents/Android/src/Imjtool) %./imjtool ~/Downloads/boot.original.img
Boot image detected
Part Size Pages Addr
Kernel: 29126664 14223 0x10008000
Ramdisk: 9880749 4825 0x11000000
Secondary: 0 0 0x10f00000
Tags: 0x10000100
Flash Page Size: 2048 bytes
DT Size: 1787904 bytes
Found Samsung DTBH @0x2534800 with 6 trees
[email protected] (0x49000 bytes): Chip:0x2652 Platform:0x50a6 subtype:0x217584da hw_rev:0x10-0x10
[email protected] (0x49000 bytes): Chip:0x2652 Platform:0x50a6 subtype:0x217584da hw_rev:0x11-0x11
[email protected] (0x48800 bytes): Chip:0x2652 Platform:0x50a6 subtype:0x217584da hw_rev:0x12-0x13
[email protected] (0x48800 bytes): Chip:0x2652 Platform:0x50a6 subtype:0x217584da hw_rev:0x14-0x16
[email protected] (0x48800 bytes): Chip:0x2652 Platform:0x50a6 subtype:0x217584da hw_rev:0x17-0x19
[email protected] (0x48800 bytes): Chip:0x2652 Platform:0x50a6 subtype:0x217584da hw_rev:0x1a-0xff
DTBH block ends @0x26e9000
Warning: DT ends 0x26e9000, but filesize is 0x3700000 - looking further
Found [email protected]
ID: d251a0a387fd671226676852a14905ff726e6c79000
Name: SRPQH16B002KU
CmdLine: androidboot.selinux=permissive androidboot.selinux=permissive
And I'm working on finalizing a "repack" command which will use the base boot.img you provide and just enable the select overriding of portions or values.
Please try this build: http:// NewAndroidBook.com /tools /imjtoolbeta.tgz
You can use repack (base.img) and then change a variety of parameters. New image will be repacked.img in same dir.
Repacked size looks better now
Tried the beta and it looks much better! The "repacked.img" is much closer to the original size (I tried with a kernel built from official source code).
Only issue left is that ODIN fails to flash my created "boot.img.tar" file to the S20.
Just see a generic "RQT_CLOSE" message on ODIN.
Any clue what I'm missing? (already LZ4 compressed, tarballed with various methods, even disabled AVB)
hello evry one
I am having a problem and I want to solve it
Install nding update package ... ening update package ... / udisk / X96 - Mini_S905W_Update Android 20200000.zip ... rifying update package ... date package verification took 25.7 s ( result 0 ) . stalling update ... rning : No file contextsE3004 : This package is for " ampere " devices ; this is a " p281 " .E : Error in / udisk / -Mini_S905W_Update_Android_9_20200620.zip No command tatus 7 ) stallation aborted . failed to mount / sdcard ( No such file or directory ) failed to mount / sdcard ( No such file or directory ) No package file selected .