ElfTool
This tool will help you to pack and unpack boot image for sony mobile devices.
Usage :
For unpacking
Code:
elftool unpack -i input-path -o output-path
For packing
If you have header file containing address of kernel, ramdisk etc..
Code:
elftool pack -o output-path header=path/to/header kernel-path ramdisk-path,ramdisk ipl-path,ipl rpm-path,rpm [email protected]
Else
Code:
elftool pack -o output-path [email protected] [email protected],ramdisk [email protected],ipl [email protected],rpm [email protected]
The tool was created for injecting twrp recovery ramdisk to fxp cm10 boot images to prevent overwriting of cwm ramdisk over twrp ramdisk. I hope this tool will be useful for other developers also.
Here is how I used it for injecting twrp to fxp cm10 boot images.
During start of twrp run backup.sh. This will extract twrp ramdisk from the boot partition and store it in /cache/backup
Code:
mount /cache
cd /cache
mkdir backup
cd backup
dump_image /dev/block/mmcblk0p3 /cache/backup/oldboot.img
mkdir oldboot
elftool unpack -i /cache/backup/oldboot.img -o /cache/backup/oldboot
cd oldboot
mkdir uramdisk
cd uramdisk
gzip -dc ../ramdisk | cpio -i
mv sbin/ramdisk-recovery.cpio /cache/backup/ramdisk-recovery.cpio
cd /cache/backup
rm -irf oldboot
rm oldboot.img
When a new zip file is installed inject.sh is run. This will extract the newly installed boot image and inject the twrp ramdisk into it and then flash the newly created bootimage.
Code:
#!/sbin/sh
mount /cache
dump_image /dev/block/mmcblk0p3 /cache/newboot.img
mkdir /cache/newboot
elftool unpack -i /cache/newboot.img -o /cache/newboot
rm cache/newboot.img
cd /cache/newboot
mkdir uramdisk
cd uramdisk
gzip -dc ../ramdisk | cpio -i
rm ../ramdisk
if [ -e "/cache/backup/ramdisk-recovery.cpio" ];then
cp /cache/backup/ramdisk-recovery.cpio sbin/ramdisk-recovery.cpio
cd ..
mkbootfs uramdisk > ramdisk.cpio
cat ramdisk.cpio | gzip > ramdisk
rm -irf uramdisk
rm ramdisk.cpio
elftool pack -o /cache/injectboot.img [email protected] [email protected],ramdisk [email protected]
cd /cache
rm -irf newboot
if [ -e "/cache/injectboot.img" ];then
erase_image /dev/block/mmcblk0p3
flash_image /dev/block/mmcblk0p3 /cache/injectboot.img
rm /cache/injectboot.img
fi
fi
Both arm and x86_64 versions are available.
Thanks to sony for providing boot image format in packelf.py
Source code can be found here
yeah
thanks bro
srl3gx said:
ElfTool
This tool will help you to pack and unpack boot image for sony mobile devices.
Click to expand...
Click to collapse
Thanks for this tool. It helped me edit a kernel.
Btw, I've used the source to compile x86 version. I've attached it here.
I'm trying to use it on my ubuntu but it doesn't work. I get error: elftool: command not found
I want to unpack CM10 boot.img
Great. Will try it as soon as possible Thanks
Here I consolidate the custom tools necessary to unpack, modify, repack and loki your JB 4.2.2 ROM zip boot.img!
These Windows/cygwin tools invoke the djrbliss loki bootloader exploit for your rooted SGS4!
See my Instructional Demo below! Results are tested working on my AT&T SGH-I337 running Liquid Smooth v2.8 (JB 4.2.2) and TWRP Recovery 2.5.0.2.
SGS4 Boot Image Toolset (sgs4-boot-tools.zip): http://www.mediafire.com/?6sp3pp33lxgm3ua
Contents
Executive shell script: modify-boot-sgs4.sh to unpack boot image to kernel and ramdisk, thus enabling user to modify boot image
Perl scripts: unpack-bootimg-sgs4.pl and repack-bootimg-sgs4.pl
mkbootimg.exe (make boot image from kernel and ramdisk)
loki-boot directory with ROM-like directory structure --- contains all files needed to “loki” your boot.img
The loki-boot directory also contains two boot files: boot-ref.img (extracted directly from Liquid Smooth ROM zip) and a modified boot.img (generated using the Instructional Demo further below).
My custom repack-bootimg-sgs4.pl invokes the following command string:
./mkbootimg.exe --cmdline 'androidboot.hardware=qcom user_debug=31 zcache' --base 0x80200000 --kernel boot.img-kernel --ramdisk ramdisk-repack.cpio.gz -o $boot-repack.img
Detail:
--cmdline 'androidboot.hardware=qcom user_debug=31 zcache' (command line tellback from unpack-bootimg-sgs4.pl)
--base 0x80200000 (from Liquid Smooth /proc/config.gz: CONFIG_PHYS_OFFSET=0x80200000)
--kernel $boot.img-kernel (ROM kernel file)
--ramdisk ramdisk-repack.cpio.gz (gzipped cpio of/ramdisk)
-o $boot-repack.img (output file)
Click to expand...
Click to collapse
Preliminaries
If you don’t have cygwin, you can download it here: http://www.cygwin.com/ and install.
Cygwin packages installed on my XP workstation are shown below. You probably don’t need all of them, though I believe many come with the base cygwin.
But you definitely need perl
Code:
$ cygcheck -c
Cygwin Package Information
Package Version Status
_autorebase 000199-1 OK
_update-info-dir 01102-1 OK
alternatives 1.3.30c-10 OK
base-cygwin 3.1-1 OK
base-files 4.1-1 OK
bash 4.1.10-4 OK
bzip2 1.0.6-2 OK
coreutils 8.15-1 OK
cpio 2.11-2 OK
crypt 1.2-1 OK
cygutils 1.4.10-2 OK
cygwin 1.7.17-1 OK
cygwin-doc 1.7-1 OK
dash 0.5.7-1 OK
diffutils 3.2-1 OK
dos2unix 6.0.3-1 OK
editrights 1.01-2 OK
file 5.11-1 OK
findutils 4.5.9-2 OK
gawk 4.0.2-1 OK
gettext 0.18.1.1-2 OK
grep 2.6.3-1 OK
groff 1.21-2 OK
gzip 1.4-1 OK
ipc-utils 1.0-1 OK
less 444-1 OK
libattr1 2.4.46-1 OK
libbz2_1 1.0.6-2 OK
libdb4.5 4.5.20.2-3 OK
libexpat1 2.1.0-1 OK
libgcc1 4.5.3-3 OK
libgdbm4 1.8.3-20 OK
libgmp3 4.3.2-1 OK
libiconv2 1.14-2 OK
libintl8 0.18.1.1-2 OK
liblzma5 5.0.2_20110517-1 OK
libncurses10 5.7-18 OK
libncursesw10 5.7-18 OK
libopenssl100 1.0.1c-2 OK
libpcre0 8.21-2 OK
libpopt0 1.6.4-4 OK
libreadline7 6.1.2-3 OK
libsigsegv2 2.10-1 OK
libssp0 4.5.3-3 OK
libstdc++6 4.5.3-3 OK
libxml2 2.9.0-1 OK
login 1.10-10 OK
man 1.6g-1 OK
mintty 1.1.2-1 OK
perl 5.14.2-3 OK
perl_vendor 5.14.2-3 OK
rebase 4.4.0-1 OK
run 1.1.13-1 OK
sed 4.2.1-2 OK
tar 1.26-1 OK
terminfo 5.7_20091114-14 OK
texinfo 4.13-4 OK
tzcode 2012j-1 OK
vim 7.3.762-1 OK
vim-common 7.3.762-1 OK
which 2.20-2 OK
xxd 7.3.762-1 OK
xz 5.0.2_20110517-1 OK
zlib0 1.2.7-1 OK
Instructional Demo
1. Boot SGS4 to recovery and Nandroid backup existing ROM for peace of mind
2. (One time) Create a cygwin working directory (e.g. ~/cygwin/home/modify-boot-sgs4) and unzip the SGS4 Boot Image Toolset files to it
3. On Windows, extract ROM boot.img (e.g. from Liquid-JB-v2.8-OFFICIAL-jflteatt.zip) and place boot.img in cygwin working directory.
4. Launch cygwin command window in working directory and enter script command:
sh modify-boot-sgs4.sh boot.img (produces ramdisk directory: boot.img-ramdisk/)
CNTL-C out of shell script and back to cygwin prompt.
5. Edit boot.img-ramdisk/default.prop, set: ro.secure=0 and save and close.
Note: The setting: ro.secure=0 instructs Android to grant root to ADB so user does not have to keep entering “su” at the beginning of each ADB session.
6. At cygwin terminal enter:
perl repack-bootimg-sgs4.pl boot.img
This yields boot-repack.img.
Here’s a dump of my cygwin session…
Code:
[email protected] /home
$ mkdir modify-boot-sgs4
[email protected] /home
$ cd modify-boot-sgs4
[email protected] /home/modify-boot-sgs4
$ pwd
/home/modify-boot-sgs4
[email protected] /home/modify-boot-sgs4
$ sh modify-boot-sgs4.sh boot.img
Unpack/Repack SGS4 ROM Boot Image
Initial Release (14 Jul 2013)
sendust7 @ xda developers
Current directory: /home/modify-boot-sgs4
Unpacking boot image...
Page size: 2048 (0x00000800)
Kernel size: 4961224 (0x004bb3c8)
Ramdisk size: 488535 (0x00077457)
Second size: 0 (0x00000000)
Board name:
Command line: androidboot.hardware=qcom user_debug=31 zcache
Writing boot.img-kernel ... complete.
Writing boot.img-ramdisk.gz ... complete.
Unzipping: boot.img-ramdisk.gz to boot.img-ramdisk
1708 blocks
Press ENTER to repack boot image or CNTL C to exit (and modify ramdisk offline):
[COLOR="Blue"](Modify /ramdisk/default.prop then resume cygwin session)[/COLOR]
[email protected] /home/modify-boot-sgs4
$ perl repack-bootimg-sgs4.pl boot.img
find . | cpio -o -H newc | gzip > /home/modify-boot-sgs4/ramdisk-repack.cpio.gz
1708 blocks
./mkbootimg.exe --cmdline 'androidboot.hardware=qcom user_debug=31 zcache' --base 0x80200000 --kernel boot.img-kernel --ramdisk ramdisk-repack.cpio.gz -o boot-repack.img
Repacked boot image written to boot-repack.img
[email protected] /home/modify-boot-sgs4
$
7. Exit cygwin and drop boot-repack.img into loki-boot directory and rename to boot.img. Then 7-zip contents of loki-boot directory to loki-boot.zip (CNTL-A (Select All) then right-click > 7-zip > Add to “loki-boot.zip”).
8. Connect SGS4 to your ADB-enabled computer, then
adb push loki-boot.zip /external_sd/Download (or your favorite flash directory)
9. Boot to recovery and flash loki-boot.zip (takes a few seconds)
10. Reboot system and achieve “pre-rooted” ADB sessions on Liquid Smooth!
C:\Program Files\Android\android-sdk\platform-tools>adb kill-server
C:\Program Files\Android\android-sdk\platform-tools>adb shell
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
[email protected]:/ #
Click to expand...
Click to collapse
BTW here's a nice little app: https://play.google.com/store/apps/details?id=com.siriusapplications.quickboot&hl=en
With Quick Boot, you can reboot to recovery via soft key, which is easier than booting to recovery from cold start.
Blessings. Enjoy!
Credits:
djrbliss @ xda developers and other contributors for the loki exploit: https://github.com/djrbliss/loki)
William Enck (split_bootimg): http://www.enck.org/
Android Development Team (Unpack, Edit, Repack Boot Images): http://www.android-dls.com/wiki/?title=HOWTO:_Unpack,_Edit,_and_Re-Pack_Boot_Images
Cygwin Project Team: http://cygwin.com/who.html
sendust7 said:
If you don’t have cygwin, you can
Click to expand...
Click to collapse
use native Linux
svs57 said:
use native Linux
Click to expand...
Click to collapse
L.O.L, I totally agree
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=10
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT
C:\wubildr.mbr="Ubuntu"
Click to expand...
Click to collapse
But my past experience is that most users prefer Windows
I am not sure, but I don't think this will work on a fresh install of Cygwin. When i installed cygwin i selected "all" for packages. The directory structure does not match your script, /bin is not under /usr but in the root of cygwin directory. Also, i checked the installed packages, many are missing, and when i search cygwin.com for the missing, i cant find quite a few. Im new to cygwin, as in this op, but not new to software. i tried several boot.img (4.3) thinking it might be the image, but it was a strech and all failed the same. I dont find the .dll your script is looking for, so the error is correct.
I get this error:
$ sh modify-boot-sgs4.sh boot.img
Unpack/Repack SGS4 ROM Boot Image
Initial Release (14 Jul 2013)
sendust7 @ xda developers
Current directory: /home/modify-boot-sg4
Unpacking boot image...
/usr/bin/perl.exe: error while loading shared libraries: cygssp-0.dll: cannot open shared object file: No such file or directory
UPDATE: well I went through the cygwin install/update again and after searching for each package you listed, installing everything associated with each package, your scripts WORK. I have unpacked/edited/repacked and loaded. ADB as root......profit
Thanks for this
Thanks
sendust7 said:
Here I consolidate the custom tools necessary to unpack, modify, repack and loki your JB 4.2.2 ROM zip boot.img!
These Windows/cygwin tools invoke the djrbliss loki bootloader exploit for your rooted SGS4!
See my Instructional Demo below! Results are tested working on my AT&T SGH-I337 running Liquid Smooth v2.8 (JB 4.2.2) and TWRP Recovery 2.5.0.2.
SGS4 Boot Image Toolset (sgs4-boot-tools.zip): http://www.mediafire.com/?6sp3pp33lxgm3ua
Contents
Executive shell script: modify-boot-sgs4.sh to unpack boot image to kernel and ramdisk, thus enabling user to modify boot image
Perl scripts: unpack-bootimg-sgs4.pl and repack-bootimg-sgs4.pl
mkbootimg.exe (make boot image from kernel and ramdisk)
loki-boot directory with ROM-like directory structure --- contains all files needed to “loki” your boot.img
The loki-boot directory also contains two boot files: boot-ref.img (extracted directly from Liquid Smooth ROM zip) and a modified boot.img (generated using the Instructional Demo further below).
My custom repack-bootimg-sgs4.pl invokes the following command string:
Preliminaries
If you don’t have cygwin, you can download it here: http://www.cygwin.com/ and install.
Cygwin packages installed on my XP workstation are shown below. You probably don’t need all of them, though I believe many come with the base cygwin.
But you definitely need perl
Code:
$ cygcheck -c
Cygwin Package Information
Package Version Status
_autorebase 000199-1 OK
_update-info-dir 01102-1 OK
alternatives 1.3.30c-10 OK
base-cygwin 3.1-1 OK
base-files 4.1-1 OK
bash 4.1.10-4 OK
bzip2 1.0.6-2 OK
coreutils 8.15-1 OK
cpio 2.11-2 OK
crypt 1.2-1 OK
cygutils 1.4.10-2 OK
cygwin 1.7.17-1 OK
cygwin-doc 1.7-1 OK
dash 0.5.7-1 OK
diffutils 3.2-1 OK
dos2unix 6.0.3-1 OK
editrights 1.01-2 OK
file 5.11-1 OK
findutils 4.5.9-2 OK
gawk 4.0.2-1 OK
gettext 0.18.1.1-2 OK
grep 2.6.3-1 OK
groff 1.21-2 OK
gzip 1.4-1 OK
ipc-utils 1.0-1 OK
less 444-1 OK
libattr1 2.4.46-1 OK
libbz2_1 1.0.6-2 OK
libdb4.5 4.5.20.2-3 OK
libexpat1 2.1.0-1 OK
libgcc1 4.5.3-3 OK
libgdbm4 1.8.3-20 OK
libgmp3 4.3.2-1 OK
libiconv2 1.14-2 OK
libintl8 0.18.1.1-2 OK
liblzma5 5.0.2_20110517-1 OK
libncurses10 5.7-18 OK
libncursesw10 5.7-18 OK
libopenssl100 1.0.1c-2 OK
libpcre0 8.21-2 OK
libpopt0 1.6.4-4 OK
libreadline7 6.1.2-3 OK
libsigsegv2 2.10-1 OK
libssp0 4.5.3-3 OK
libstdc++6 4.5.3-3 OK
libxml2 2.9.0-1 OK
login 1.10-10 OK
man 1.6g-1 OK
mintty 1.1.2-1 OK
perl 5.14.2-3 OK
perl_vendor 5.14.2-3 OK
rebase 4.4.0-1 OK
run 1.1.13-1 OK
sed 4.2.1-2 OK
tar 1.26-1 OK
terminfo 5.7_20091114-14 OK
texinfo 4.13-4 OK
tzcode 2012j-1 OK
vim 7.3.762-1 OK
vim-common 7.3.762-1 OK
which 2.20-2 OK
xxd 7.3.762-1 OK
xz 5.0.2_20110517-1 OK
zlib0 1.2.7-1 OK
Instructional Demo
1. Boot SGS4 to recovery and Nandroid backup existing ROM for peace of mind
2. (One time) Create a cygwin working directory (e.g. ~/cygwin/home/modify-boot-sgs4) and unzip the SGS4 Boot Image Toolset files to it
3. On Windows, extract ROM boot.img (e.g. from Liquid-JB-v2.8-OFFICIAL-jflteatt.zip) and place boot.img in cygwin working directory.
4. Launch cygwin command window in working directory and enter script command:
sh modify-boot-sgs4.sh boot.img (produces ramdisk directory: boot.img-ramdisk/)
CNTL-C out of shell script and back to cygwin prompt.
5. Edit boot.img-ramdisk/default.prop, set: ro.secure=0 and save and close.
Note: The setting: ro.secure=0 instructs Android to grant root to ADB so user does not have to keep entering “su” at the beginning of each ADB session.
6. At cygwin terminal enter:
perl repack-bootimg-sgs4.pl boot.img
This yields boot-repack.img.
Here’s a dump of my cygwin session…
Code:
[email protected] /home
$ mkdir modify-boot-sgs4
[email protected] /home
$ cd modify-boot-sgs4
[email protected] /home/modify-boot-sgs4
$ pwd
/home/modify-boot-sgs4
[email protected] /home/modify-boot-sgs4
$ sh modify-boot-sgs4.sh boot.img
Unpack/Repack SGS4 ROM Boot Image
Initial Release (14 Jul 2013)
sendust7 @ xda developers
Current directory: /home/modify-boot-sgs4
Unpacking boot image...
Page size: 2048 (0x00000800)
Kernel size: 4961224 (0x004bb3c8)
Ramdisk size: 488535 (0x00077457)
Second size: 0 (0x00000000)
Board name:
Command line: androidboot.hardware=qcom user_debug=31 zcache
Writing boot.img-kernel ... complete.
Writing boot.img-ramdisk.gz ... complete.
Unzipping: boot.img-ramdisk.gz to boot.img-ramdisk
1708 blocks
Press ENTER to repack boot image or CNTL C to exit (and modify ramdisk offline):
[COLOR="Blue"](Modify /ramdisk/default.prop then resume cygwin session)[/COLOR]
[email protected] /home/modify-boot-sgs4
$ perl repack-bootimg-sgs4.pl boot.img
find . | cpio -o -H newc | gzip > /home/modify-boot-sgs4/ramdisk-repack.cpio.gz
1708 blocks
./mkbootimg.exe --cmdline 'androidboot.hardware=qcom user_debug=31 zcache' --base 0x80200000 --kernel boot.img-kernel --ramdisk ramdisk-repack.cpio.gz -o boot-repack.img
Repacked boot image written to boot-repack.img
[email protected] /home/modify-boot-sgs4
$
7. Exit cygwin and drop boot-repack.img into loki-boot directory and rename to boot.img. Then 7-zip contents of loki-boot directory to loki-boot.zip (CNTL-A (Select All) then right-click > 7-zip > Add to “loki-boot.zip”).
8. Connect SGS4 to your ADB-enabled computer, then
adb push loki-boot.zip /external_sd/Download (or your favorite flash directory)
9. Boot to recovery and flash loki-boot.zip (takes a few seconds)
10. Reboot system and achieve “pre-rooted” ADB sessions on Liquid Smooth!
BTW here's a nice little app: https://play.google.com/store/apps/details?id=com.siriusapplications.quickboot&hl=en
With Quick Boot, you can reboot to recovery via soft key, which is easier than booting to recovery from cold start.
Blessings. Enjoy!
Credits:
djrbliss @ xda developers and other contributors for the loki exploit: https://github.com/djrbliss/loki)
William Enck (split_bootimg): http://www.enck.org/
Android Development Team (Unpack, Edit, Repack Boot Images): http://www.android-dls.com/wiki/?title=HOWTO:_Unpack,_Edit,_and_Re-Pack_Boot_Images
Cygwin Project Team: http://cygwin.com/who.html
Click to expand...
Click to collapse
Hi,
When I understand more I can't wait to revisit this instruction. But I love that it's here for me.
Ms. K:angel:
nevermind
nevermind
hello
Hi! I'm trying...but my ramdisk folder remains empty!
dump:
$ sh modify-boot-sgs4.sh boot.img
Unpack/Repack SGS4 ROM Boot Image
Initial Release (14 Jul 2013)
sendust7 @ xda developers
Current directory: /cygdrive/c/cygwin64/home/modify-boot-sgs4
Unpacking boot image...
Page size: 2048 (0x00000800)
Kernel size: 7157864 (0x006d3868)
Ramdisk size: 1142288 (0x00116e10)
Second size: 0 (0x00000000)
Board name:
Command line: console=null androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x3F ehci-hcd.park=3
Writing boot.img-kernel ... complete.
Writing boot.img-ramdisk.gz ... complete.
Unzipping: boot.img-ramdisk.gz to boot.img-ramdisk
modify-boot-sgs4.sh: line 23: cpio: command not found
_____________________________________________________
I'm doing this on 4.3 MJ7 I9505 kernel.
I assume I can unzip myself boot.img-ramdisk.gz, right?
ocaldini said:
Hi! I'm trying...but my ramdisk folder remains empty!
dump:
$ sh modify-boot-sgs4.sh boot.img
Unpack/Repack SGS4 ROM Boot Image
Initial Release (14 Jul 2013)
sendust7 @ xda developers
Current directory: /cygdrive/c/cygwin64/home/modify-boot-sgs4
Unpacking boot image...
Page size: 2048 (0x00000800)
Kernel size: 7157864 (0x006d3868)
Ramdisk size: 1142288 (0x00116e10)
Second size: 0 (0x00000000)
Board name:
Command line: console=null androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x3F ehci-hcd.park=3
Writing boot.img-kernel ... complete.
Writing boot.img-ramdisk.gz ... complete.
Unzipping: boot.img-ramdisk.gz to boot.img-ramdisk
modify-boot-sgs4.sh: line 23: cpio: command not found
_____________________________________________________
I'm doing this on 4.3 MJ7 I9505 kernel.
I assume I can unzip myself boot.img-ramdisk.gz, right?
Click to expand...
Click to collapse
Make sure you install the cpio packages for cygwin.
You can install additional packages by running the setup/install again.
You can also search for cpio via the search bar at the top left when presented with the list of packages.
Hope that helps.
Hello
Can anyone tell what is wrong? it keeps saying its doing it, but it does nothing...
[email protected] ~
$ cd modify-boot-sgs4
[email protected] ~/modify-boot-sgs4
$ pwd
/home/Home/modify-boot-sgs4
[email protected] ~/modify-boot-sgs4
$ sh modify-boot-sgs4.sh boot.img
Unpack/Repack SGS4 ROM Boot Image
Initial Release (14 Jul 2013)
sendust7 @ xda developers
Current directory: /home/Home/modify-boot-sgs4
Unpacking boot image...
Page size: 2048 (0x00000800)
Kernel size: 7195952 (0x006dcd30)
Ramdisk size: 1144962 (0x00117882)
Second size: 0 (0x00000000)
Board name:
Command line: console=null androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x3F ehci-hcd.park=3
Writing boot.img-kernel ... complete.
Writing boot.img-ramdisk.gz ... complete.
Directory: boot.img-ramdisk already exists
Press ENTER to repack boot image or CNTL-C to exit (and modify ramdisk offline):
Repacking boot image...
find . | cpio -o -H newc | gzip > /home/Home/modify-boot-sgs4/ramdisk-repack.cpio.gz
4560 blocks
./mkbootimg.exe --cmdline 'androidboot.hardware=qcom user_debug=31 zcache' --base 0x80200000 --kernel boot.img-kernel --ramdisk ramdisk-repack.cpio.gz -o boot-repack.img
sh: ./mkbootimg.exe: Permission denied
Althoug, now it is telling me Permission Denied, I don't know why, or how to change that in windows 7, but it wasn't giving me any errors before, it just wasn't writing the image
lijojohnson said:
Make sure you install the cpio packages for cygwin.
You can install additional packages by running the setup/install again.
You can also search for cpio via the search bar at the top left when presented with the list of packages.
Hope that helps.
Click to expand...
Click to collapse
Thank you, you helped me a lot! It worked!
Oh, when I searched for cpio I had to click on "default" ( and select "install" on the windows before clicking "advance"), to install it properly!
A VERY IMPORTANT INFORMATION:
I was trying with Cygwin 64 bit and I had problem repacking it.
I found out mkbootimg only works on Linux 32 bits.
So it is necessary to use Cygwin 32 bit version!
Finally it worked! Thanks a lot!
---------- Post added at 04:09 AM ---------- Previous post was at 03:18 AM ----------
Yeah, I did that...same result...the problem is with permissions, when I run it in compatibility mode, it tells me permission denied. I'm suspecting
it is a Windows 7 problem, mkbootimg.exe is saying permission denied. I appreciate the answer though. maybe an antivirus program is blocking it or something. my cygwin icon is showing the security essentials icon on it for some reason...i dunno, i'll research it some more and figure it out when I have time, thanks again
Keithgordon said:
Yeah, I did that...same result...the problem is with permissions, when I run it in compatibility mode, it tells me permission denied. I'm suspecting
it is a Windows 7 problem, mkbootimg.exe is saying permission denied. I appreciate the answer though. maybe an antivirus program is blocking it or something. my cygwin icon is showing the security essentials icon on it for some reason...i dunno, i'll research it some more and figure it out when I have time, thanks again
Click to expand...
Click to collapse
I'm doing this on windows 8.1 64bit with cygwin 32 bits. It works. I don't use antivirus, turn off security essentials and other system protecting programs, I'm sure you will do it.
Try it with boot.img from I9505 International , unpack and repack without problem , flash it and phone restart and vibrate constantly.
Any ideas how to fix this problem ?
Hi,
Can you please help me how I can CODE in my mobile ( SAMSUNG GALAXY S - GTI9003)
I m happy to see the solution given by you.. but dont know how to code on ADB shell in my device
Thanks in advance
vssvaas
01binary01 said:
I think every issue to do with losing the baseband has a slight twist, I'm beginning to think not every problem can use the same solution.
I've fixed mine, using similar lines as the posting in http://forum.xda-developers.com/showthread.php?t=1261948
As I couldn't get 7Zip to edit/modify the tar file without the file getting corrupt.
Finally I resorted did the unpacking and re-tarring via my Mac (with android sdk installed) to preserve id's etc.
** The following is just a simple guide, which worked for me, I made sure I had plenty of power on the phone and kept original states of my efs directory **
On my phone via 'adb shell'
Code:
$ su
# mkdir /sdcard/efsbck
# cd /
# busybox tar zcvf /sdcard/efsbck/orig-broke-efs.tar.gz efs
# exit
$ exit
On my mac
Code:
cd <where-ever-your-android-sdk-is>/platform-tools/
adb pull /sdcard/efsbck/orig-broke-efs.tar.gz
mkdir mod
sudo su
cd mod
sh-3.2# #*Note the 'p' on the tar to preserve the original id's etc on various files
sh-3.2# gunzip -c ../orig-broke-efs.tar.gz | tar xvpf -
sh-3.2# cd efs
sh-3.2# ls -ltra | grep nv_data
-rwx------ 1 1001 1001 32 31 Dec 2010 .nv_data.bak.md5
-rwx------ 1 1001 1001 2097152 31 Dec 2010 .nv_data.bak
-rwx------ 1 1001 1001 32 21 Sep 00:46 nv_data.bin.md5
-rwx------ 1 1001 1001 2097152 21 Sep 00:46 nv_data.bin
sh-3.2# rm nv_data.bin.md5
sh-3.2# rm nv_data.bin
sh-3.2# cp -p .nv_data.bak nv_data.bin
sh-3.2# cp -p .nv_data.bak.md5 nv_data.bin.md5
sh-3.2# cd ..
sh-3.2# tar cvf - efs | gzip -c - > mod-efs.tar.gz
a efstar: getpwuid(1001) failed: No such file or directory
a efs/.files
...
...
sh-3.2# ../adb push mod-efs.tar.gz /sdcard/efsbck/mod-efs.tar.gz
Then 'adb shell' back to the phone. I checked the tar file list was ok and wasn't corrupt.
Code:
$ su
# cd /sdcard/efsbck
# busybox tar ztvf mod-efs.tar.gz
Then for the final run, butt clenching bit, still on the phone via 'adb shell'
Code:
$ su
# cd /sdcard/efsbck
# umount /efs
# mke2fs /dev/block/mmcblk0p1
# mount -w -t ext4 /dev/block/mmcblk0p1 /efs
# ls /efs
lost+found
#
# busybox tar zxvf mod-efs.tar.gz -C /
# ls /efs
... check that the nv_data.bin is there ... and has radio radio id's
# exit
$ exit
Then after a reboot - Phone was still in 'airplane mode' - But went into settings - checked baseband - it was visible rolleyes ! , went to wireless network 'Flight Mode' was correctly green 'ticked', undid. And got my signal back.cool
I also had to re-activate data network settings for my GPS to sort itself out.
The procedure worked for me, I can't say it'll work for everyone.
Click to expand...
Click to collapse
Hello,
I own a samsung xcover 3 (sm-g388f, android lollitop) and out of curiosity I start to be interested in the android system. I downloaded the ROM and get back the file boot.img, i try to get the file Image.gz (kernel) with Android Image Kitchen.
Code:
./unpackimg.sh boot.img
I get:
Code:
Android Image Kitchen - UnpackImg Script
by osm0sis @ xda-developers
Supplied image: boot.img
Setting up work folders...
Image type: AOSP-PXA
Footer with "SEAndroid" type detected.
Splitting image to "split_img/"...
BOARD_KERNEL_CMDLINE
BOARD_KERNEL_BASE 0x10000000
BOARD_NAME
BOARD_PAGE_SIZE 2048
BOARD_KERNEL_OFFSET 0x00008000
BOARD_RAMDISK_OFFSET 0x01000000
BOARD_SECOND_OFFSET 0x00f00000
BOARD_TAGS_OFFSET 0x00000100
BOARD_DT_SIZE 475136
BOARD_UNKNOWN 0x03000000
Unpacking ramdisk (as root) to "ramdisk/"...
Compression used: gzip
4739 blocs
Done!
I get the file boot.img-kernel, i use dumpimage:
Code:
./dumpimage -i boot.img-kernel -p 0 Image.gz
The return is:
Code:
./dumpimage: invalid option -- 'i'
Usage: ./dumpimage -l image
-l ==> list image header information
./dumpimage [-T type] [-p position] [-o outfile] image
-T ==> declare image type as 'type'
-p ==> 'position' (starting at 0) of the component to extract from image
-o ==> extract component to file 'outfile'
./dumpimage -h ==> print usage information and exit
./dumpimage -V ==> print version information and exit
I try the command:
Code:
./dumpimage -T boot.img-kernel -p 0 Image.gz
i get:
Code:
./dumpimage: Invalid type
I no longer see what to do, here is the boot.img
If anyone has an idea I’m interested
Thanks
Hello all,
I'd like to braindump how I managed to make android emulator v30 work with mitm, hope that helps someone.
Since it was not possible to neither write nor make writable the /system partition, I decided to roll my own system.img and that actually worked. I'm not going to upload a script because I might not remember 100%, but I'll going to descibe the steps in full, even though they exist elsewhere. The commands might not be exact, too, so if there's a typo you'll need to figure it out yourself.
Also, it will be a bit confusing because I shall refer to 2 files named system.img, one is the 2G file that comes with android, the other is 700M or something file that you will be creating in the process. I'll refer them as #1 and #2.
1. What is needed: android studio and emulator, linux, xattr, https://github.com/LonelyFool/lpunpack_and_lpmake , https://github.com/tytso/e2fsprogs, mitmproxy, parted. Build these github projects, you'll need their binaries in the process.
also, 'mkdir build' somewhere.
2. Find system.img (#1) in your android studio installation, then extract the system partition:
$ losetup -f system.img
$ losetup -a | grep system.img
/dev/loop5
$ partprobe /dev/loop5
$ ls /dev/loop5p*
/dev/loop5p1 /dev/loop5p2
$ lpunpack_and_lpmake/bin/lpunpack /dev/loop5p2 build
$ ls build
system.img system-ext.img product.img vendor.img
$ losetup -d /dev/loop5
3. Make system.img (#2) writable and usable. This is ext4 crunched with feature shared_blocks, which makes it not really writable even in theory, as it deduplicates identical blocks in the filesystem. You'll need to convert that to a normal ext4, but, there's not enough space to do that operation. So you'll need to expand the partition to accomodate for this. How much? Empirically, I added 30M to a 700M partition:
$ ls -l system.img
700000000 # for example
$ e2fsprogs/resize/resize2fs system.img 730M
$ ls -l system.img
730000000 # for example
$ e2fsprogs/e2fsck/e2fsck -f system.img
$ e2fsprogs/e2fsck/e2fsck -E unshared_blocks system.img
$ e2fsprogs/e2fsck/e2fsck -f system.img
4. Modify the now writable partiton to your heart's content (we're still with system.img #2 here). I needed to add just one file, mitmproxy-ca-cert.cer . According to the mitmproxy docs, the name must be the hash of the certificate:
$ losetup -f system.img
$ losetup -a | grep system.img
/dev/loop6
$ mount /dev/loop6 /mnt
$ hashed_name=`openssl x509 -inform PEM -subject_hash_old -in mitmproxy-ca-cert.cer | head -1
$ echo $hashed_name
c8750f0d
$ cp mitmproxy-ca-cert.cer /mnt/system/ext/security/cacerts/$hashed_name.0
$ cd /mnt/system/ext/security/cacerts/
$ chmod 644 $hashed_name.0
Now check if your android has extra attributes in these certificate files. Mine does:
$ xattr 00abcde.0 # some random certificate
security.selinux
$ xattr -p security.selinux 00abcde.0
ubject_r:system_security_cacerts_file:s0
if yes, you'll need it on this file too:
$ xattr -w security.selinux ubject_r:system_security_cacerts_file:s0 $hashed_name.0
and be done with the partition
$ umount /mnt
$ losetup -d /dev/loop6
5. Create new super-partition, the one we used as /dev/loop5p2. You'll need the file sizes of your .img partitions, and your command to create a super.img file will look like this:
$ cat repack
#!/bin/sh
P=/android/super/1
~/src/lpunpack_and_lpmake/bin/lpmake --metadata-size 65536 --super-name super --metadata-slots 2 --device super:2496462848 --group main:2647101440 \
--partition system:readonly:786432000:main --image system=$P/system.img \
--partition system_ext:readonly:131952640:main --image system_ext=$P/system_ext.img \
--partition product:readonly:1468575744:main --image product=$P/product.img \
--partition vendor:readonly:102739968:main --image vendor=$P/vendor.img \
--output $P/super2.img
the interesting numbers are the corresponding partition sizes (in --partition), and, if f ex you increased the system.img #2 to 30M in the step 3, the number in --device:super should be the size of /dev/loop5p2 in bytes plus at least these 30M (but also okay if a bit more).
6. Finally, create a new system.img #1 . Create a backup copy of it, and then append some 30M there, and fix the partition
$ dd if=/dev/zero of=system-new.img flags=append bs=1M size=30
$ losetup -f system-new.img
$ losetup -a | grep system-new.img
/dev/loop7
$ parted /dev/loop7
GNU Parted 3.3
Using /dev/loop7
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) p
Model: Loopback device (loopback)
Disk /dev/loop7: 2444MB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:
Number Start End Size File system Name Flags
1 1049kB 2097kB 1049kB vbmeta
2 2097kB 2443MB 2441MB super
you will need to expand the partion 2 to the max (plus minus same 30M). If is fails fix the number and retry:
(parted) resizepart 2 24460MB
Error: The location 24460MB is outside of the device /dev/loop7.
and finally copy data back:
$ partprobe /dev/loop7
$ dd if=super.img of=/dev/loop7p2 bs=1M
$ losetup -d /dev/loop7
and that's it. After that, rename system-new.img to system.img, and hopefully the emulator could run this new image.
Also, to check that the certificate is there and recognized, go to the setting/certificates/trusted certificates, the mitmproxy one should be in the list.
Hopefully this will be helpful.
Cheers!
/dk