Original post:
Hello,
I am new to android but not to linux. I used to tweak my winmo phone rom.
I have backed up my device with nandroid. I just need some explanations:
- why isn't the radio extracted?
- how can I "extract" does .img files to modify and then rebuild them?
I found some informations of what the .img files contain here: ROM Partitions it should be the same for Hero
I have found some informations on how to push updates to the rom by looking at modaco updates. It seems quite simple to delete/copy files on the hero rom using an update-sript file. I am however curious about the RSA cert and if some files need to be signed.
Any information welcomed.
Regards
Click to expand...
Click to collapse
How to
Extract NAND image files
To extract .img files, I have found unyaffs from http://code.google.com/p/unyaffs/ I have compiled it under ubuntu 64 (attached). Unyaffs works on system.img but on no other .img file
To extract boot.img use attached extract-kernel.pl and extract-ramdisk.pl
# extract-kernel.pl boot.img
# extract-ramdisk.pl boot.img
Should work for recovery.img but haven't tried as custom recovery images on the forum are great.
Rebuild system.img
Seems you just need "to loopback mount an image on your linux box and format it with YAFFS".
But it is useless as because Hero's SPL does not allow flashing system.img directly. You should use an update.zip package for that. (read below)
Rebuild boot.img
After extracting your boot.img using attached extract-*.pl and tweaking it, in same folder run:
# mkbootfs boot.img-ramdisk | gzip > ramdisk-boot
# mkbootimg --kernel boot.img-kernel --ramdisk ramdisk-boot --cmdline "no_console_suspend=1 console=null" -o newBoot.img --base 0x19200000
Creating an update.zip package
Creating an update.zip package is quite easy in fact. For example, to add a (valid) test.apk package to your rom:
- create an empty folder <workdir>
- create folder structure for test.apk (<workdir>/system/app) and copy the test.apk
- create folder structure for update-script (<workdir>/META-INF/com/google/android)
- edit <workdir>/META-INF/com/google/android/update-script
- put in it:
Code:
show_progress 0.1 0
copy_dir PACKAGE:system SYSTEM:
set_perm_recursive 0 0 0755 0644 SYSTEM:app
show_progress 0.1 10
- compress the <workdir> content to zip (not the <workdir> folder itself)
Now you are going to sign the zip file. Download attached testsign.zip and copy it in your <SDK>/tools folder. Extract it here. It should create a sign subfolder with a testsign.jar file in it.
Then, from <workdir> folder, do:
java -classpath <SDK>/tools/sign/testsign.jar" testsign file.zip file-signed.zip
Ok, now your zip file is ready to be deployed using cyanogen recovery image.
To find more command to use in update-script, look at other's.
Modify .apk package
Seems it is easy to uncompress an .apk package (zip) an to modify files in it and then compress it. But after all: you must sign it like update.zip packages.
ODEX files
- What are those Odex files? Answer.
- How to get rid of them?
Odex files depend on framework they are made for. To deodex an odex file use that how to
Then you may create a classes.dex file by executing the smali program on the "out" folder. You then rename it to classes.dex and add it to the .apk.
- How to create them?
Use dexopt-wrapper on device.
Porting an other device's rom
Well, that part is easy
- extract the system.img
- extract boot.img
- replace boot.img-kernel with the one from your stock Hero rom one.
- rebuild boot.img
- build update.zip package (look someone's hero custom rom to see how to do it)
- sign and flash
It should run place and make calls but probably won't have Wifi, BT, trackball support. If you make those work: tell me, but I think we should wait to be able to compile a 2.6.29 kernel to have those.
Tools
Androsign script (linux)
I wrote that androsign script to quick sign zip files. Just put it in your <SDK>/tools folder, then chmod +x. If you have put the tools folder in your PATH, you can call it directly like this:
androsign /dev/folder1/folder2/update.zip (or any zip/apk file)
It will output an update-signed.zip (or app-signed.apk etc) in the same folder than original file was in.
Notes
Note1: thanks
Thanks to every guy that helped me found all that.
Note1: sharing
I searched for hours, so I am more than happy to share it to save someone's time. I am just disappointed than some people here do not have that spirit: I could have use those hours for development instead of research...
Note3: corrections
So, if you found anything incorrect, would like to supply more informations or want to correct my bad english: just PM me.
To find
- how to dump radio from device
- how to build a custom hero kernel (waiting for HTC sources)
To come
How to prepare your own kitchen and useful scripts (linux)
gecka said:
I am new to android but not to linux.
Click to expand...
Click to collapse
Same here. I do lots of tweeking on my linux machine, so i know quite a lot of linux. If there would be anyone to answer those questions by gecka, I might start tweeking the rom (maybe someday cook one up)
Best regards
Hello,
First post edited, but still some ignorances... Please share if you know anything.
Best regards
unpack and pack boot.img and recovery.img
First you need utilities such as mkbootfs and mkbootimg. maybe you can find them online (i can upload them later compiled for linux x86-64) but i suggest you download android source (http://source.android.com) and do a generic make. In this way you have these and other utilities(tools to pack system.img too, but if you haven't an engineering bootloader you can't flash it directly) in /out/host/... (it's better if you add this in your PATH)
To unpack and pack boot and recovery, read here:
http://forum.xda-developers.com/showthread.php?t=443994
or here:
http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack,_Edit,_and_Re-Pack_Boot_Images
...or...
(I have attached extract-kernel and extract-ramdisk scripts from JF build environment) :
to unpack (boot.img or recovery.img, i'm writing the commands with boot.img):
Code:
extract-kernel boot.img
extract-ramdisk boot.img
at this point you have
boot.img-kernel
boot.img-ramdisk
to repack (boot.img or recovery.img):
For hero you need to specify the base address because it's different (0x19200000). For more information: http://forum.xda-developers.com/showthread.php?t=541522.
Code:
mkbootfs boot.img-ramdisk | gzip > ramdisk-boot
mkbootimg --kernel boot.img-kernel --ramdisk ramdisk-boot --cmdline "no_console_suspend=1 console=null" -o newBoot.img --base 0x19200000
Useful resources for android modding are the dream forums (most of the concepts/hacks works for hero too):
http://forum.xda-developers.com/forumdisplay.php?f=448
(informative thread here: http://forum.xda-developers.com/showthread.php?t=519523)
note: mkbootimg with --base support is in donut and master (or find the patch on gerrit and apply it to cupcake)
First of all, the reason you cant unyaffs anything other than system.img is because they aren't YAFFS images. boot/recovery is kernel+initrd like in any normal linux bootimage scenario (see more below).
Tofind
- how to dump radio from device
Click to expand...
Click to collapse
Haven't gotten into that myself yet, but I know modaco posted an update.zip with radio image included on this very forum. Look for it.
- how to extract NAND images other than system.img
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=443994
- rebuild NAND images such as system.img
Click to expand...
Click to collapse
This isn't hard, just loopback mount an image on your linux box and format it with YAFFS.
Building a custom kernel and recovery binary
HTC hasn't yet released the changes they have made to the hero/dream/magic kernels, 32A board, so you can't just compile a kernel from the AOSP. I haven't tried it yet but this patch might work on hero too:
http://forum.xda-developers.com/showthread.php?t=548061
EDIT: HTC Sources for dream and magic at http://developer.htc.com
For building a custom recovery, it's better if you use cyanogen's recovery code, found in his git : github.com/cyanogen, because it already has menus for nandroid and other tools, but you can use the recovery code from AOSP too (cyanogen's one is a patched version with a lot more features, http://forum.xda-developers.com/showthread.php?t=523558). To make a custom recovery you need to change the recovery binary (because the press event of the hero trackball has a different keycode, 191), the kernel and the init scripts. Actually i don't remember what else I've changed to make cm's recovery working with hero (the recovery that we are actually using here), I'm at work now, but i'll check later and post more details, or you can just unpack the recovery and see the changes .
First post updated.
Nandroid only backs up the partitions in the main storage nand, but radio and spl are flashed to the radio's own nand flash. Whether it's possible to dump it or not I don't know, but honestly, I don't see why you'd want to. Radio images are available through RUU's and I don't think editing would be an easy task
jubeh said:
Nandroid only backs up the partitions in the main storage nand, but radio and spl are flashed to the radio's own nand flash. Whether it's possible to dump it or not I don't know, but honestly, I don't see why you'd want to. Radio images are available through RUU's and I don't think editing would be an easy task
Click to expand...
Click to collapse
Sometimes, new radio images appear on new phones. That is why I am looking on a way to extract it.
very useful thread.
Very nice tutorial, thank you!
could you please specify a bit more on how to clone from android's git and then build the mkbootimg and mkbootfs (just make, right)? I tried and I keep getting a "fatal:server dumped connection" error
Are we able to modify an official ROM (also for hero). Which shows up in RUU as INFOsignature checking... failed. Am I able to change the kernel and make it work?
jubeh said:
could you please specify a bit more on how to clone from android's git and then build the mkbootimg and mkbootfs (just make, right)? I tried and I keep getting a "fatal:server dumped connection" error
Click to expand...
Click to collapse
What command do you use?
In fact i won't be able to explain you better than that page: http://source.android.com/download
Following that how to, you'll be able to sync an android branch You can learn more about git, branches and more here (Repo and Git resources)
The sync is long (2.9Go). Then, to build mkbootimg and mkbootfs, you should do a generic build of android going to source folder and issuing the 'make' command.
All that will be part of my upcoming "How to prepare your own kitchen and useful scripts".
awsy44 said:
Are we able to modify an official ROM (also for hero). Which shows up in RUU as INFOsignature checking... failed. Am I able to change the kernel and make it work?
Click to expand...
Click to collapse
Well, to grep the system from a windows RUU exe file you should launch it and then look in your user temporary folder for a rom.zip file in a {uid} subfolder. It contains the system and boot img files.
You then need to make an update.zip package from them. Have a look to someone's hero custom rom and to it's update-script to see how it is achieved. My 'How to' gives you all you need to understand update.zip packages and to extract system.img.
If you are porting a Hero rom, no need to change the kernel.
Regards
Well, to grep the system from a windows RUU exe file you should launch it and then look in your user temporary folder for a rom.zip file in a {uid} subfolder. It contains the system and boot img files.
You then need to make an update.zip package from them. Have a look to someone's hero custom rom and to it's update-script to see how it is achieved. My 'How to' gives you all you need to understand update.zip packages and to extract system.img.
If you are porting a Hero rom, no need to change the kernel.
Regards
Click to expand...
Click to collapse
Thanks so much for this amazing information, however how do i stop getting hit with the infosignature failed error? is that the kernel or the hboot? it says 12 signature verify error.
Oh, I do have the source and I am running my own donut build on my dream with some of my spice, but the problem I was having was cloning that exact project (mkbootimg) from android.git.kernel.org using git, but when I read what you said, I remembered that when you make the build, it also compiles several tools and i overlooked checking the out folder for it, kind of dumb on my part since I had already pulled the fastboot tool from that build and added it to my own bin, i guess mkbootimg and mkbootfs should be there too, right?
i tried running androsign and got this error
Code:
[email protected]:~/android/dev/sdk/tools$ ./androsign META-INF.zip
Exception in thread "main" java.lang.NoClassDefFoundError: testsign
Failed!
[email protected]:~/android/dev/sdk/tools$
if i use a ROM of one device on an other different device, I think I must build a kernel on my own, is that correct?
but what config should I use? a config from my current running ROM? then I think I must make it suitable for new ROM, what options should I care about?
for example, if I want to run a AOSP 2.01 ROM ( system.img) on a Magic 32A device with SPL 1.76, and now I am running a SenseUI ROM which kernel is 2.6.27, I think I should build a 2.6.29 kernel from the git tree, and ensure it will work with camera/bt/wifi/trackball of my device properly first .
how can I make this step successful?
other hand, the dynamic lib files(.so) with the system.img can be incorrect. so, I may need to build them too for pairing with the kernel I built in previous step. I think applications will work properly because they only care about if the interfaces of kernel and lib is correct. for that, also there some config job (like build.prop, etc) to do, is there a list of all of these jobs? and what values can I refer to? the original ROM (Magic 32A SPL 1.76 working ROM here) ?
am I right? what should i do and what are in those steps? are there some doucments I can read from?
Thanks for the good summary. Just one question, where did testsign.jar come from? I'd like to get the source. Thanks!
JackZero said:
Thanks for the good summary. Just one question, where did testsign.jar come from? I'd like to get the source. Thanks!
Click to expand...
Click to collapse
Read this !
http://www.androiddevelopment.org/tag/apk/
;-)
Is there a way to make a permanent change to the $PATH variable to place /system/xbin ahead of /system/bin? I found /init.rc when the phone is booted, but obviously I can't make changes to that yet. When booted into recovery, I can't find the same file to edit it. The /init.rc file is specific to the recovery image at that point.
Basically, I have busybox installed in /system/xbin and want it to override the /system/bin apps. I do not want to install busybox in /system/bin.
Any help would be appreciated. Thanks!
are you trying to export a path? if so it would go something like
export PATH=$PATH /system/bin
or you can
PATH=$PATH /system/bin
export PATH
B-dub25 said:
are you trying to export a path? if so it would go something like
export PATH=$PATH /system/bin
or you can
PATH=$PATH /system/bin
export PATH
Click to expand...
Click to collapse
He's trying to make it so he doesn't have to reset the $PATH variable every time. I'm assuming you are currently just using something like.
export PATH=/system/xbin:/sbin:/system/sbin:/system/bin
every time you enter shell. The way I would do it is by editing the init.rc as you stated, however it doesn't stick on the incredible, also as you stated.
The only thing I can recommend is making it a shorter PATH to type. You could just enter
export PATH=/system/xbin:$PATH
for example, and that would accomplish the same thing with less typing.
The only other way that I know of would be to make a start-up script, not sure how to accomplish this outside of init.rc however. In linux I would add it to the bash_profile or something similar. Not sure how to do it in android...
Not only for shell, but I'd like to be able to do it for installed apps as well, such as OpenVPN. Ah well, just have to wait for full root unlock.
This is done in the ramdisk. You can actually do this yourself. You need to extract the boot image, break it apart into the ramdisk and kernel, alter the init.rc file, package it back up and then flash it back to your phone in recovery.
Even if we get the nand unlocked, you will still need to do this since the init.rc recreates itself from the ramdisk during each boot.
If you are using a custom ROM, just request the dev to do this.
ihtfp69 said:
This is done in the ramdisk. You can actually do this yourself. You need to extract the boot image, break it apart into the ramdisk and kernel, alter the init.rc file, package it back up and then flash it back to your phone in recovery.
Even if we get the nand unlocked, you will still need to do this since the init.rc recreates itself from the ramdisk during each boot.
If you are using a custom ROM, just request the dev to do this.
Click to expand...
Click to collapse
Thank you kindly, didn't know where those files were kept. Interesting how that works, so basically the phone works like a hardware chip, where the main parts of the OS recreate themselves from ROM, similar to firmware... I like it... prevents corruption I suppose.
Out of curiosity (I've never made a ROM, and therefor never packaged the boot image), is it packaged as a tarball? Or do you require ADB to extract? If you don't want to answer, I can probably track it down somewhere.
It's a bit more complicated than that. Take a look at this link. I'm sure there are other ways, but I would recommend only doing this in some flavor of Linux like Ubuntu.
HOWTO: Unpack, Edit, and Re-Pack Boot Images
ihtfp69 said:
It's a bit more complicated than that. Take a look at this link. I'm sure there are other ways, but I would recommend only doing this in some flavor of Linux like Ubuntu.
HOWTO: Unpack, Edit, and Re-Pack Boot Images
Click to expand...
Click to collapse
Cool link. Thanks.
But yea, pretty much seems to be that simple, Just a gzip (zip) and tarball (cpio). The only thing I wasn't expecting was stripping out the 2k header with a hex editor, but I think I'll try using the scripts found through that link to do that, not that I couldn't do it by hand... but I'm lazy...
Thanks again.
i extracted the boot.img from my desire and run this script on it.
but it returns:
Code:
./unpack-bootimg.pl boot.img
Found a secondary file after the ramdisk image. According to the spec (mkbootimg.h) this file can exist, but this script is not designed to deal with this scenario.
i've been searching the internet for two days now and i cant find any other script that does that, only a tutorial for manually doing it with a hex editor, but that still doesn't cover that last file the script is complaining about.
any ideas?
p.s.: i need to modify boot.img because i'm trying to set up dual boot - android + android - for testing purposes, will post if successful
update:
i managed to extract kernel and ramdisk
first i tried booting kernel from fastboot, worked like a charm
then i tried booting kernel+ramdisk from fastboot - hangs on htc logo
i also tried compiling kernel+ramdisk into boot.img instuctions - again hangs on htc bootscreen
adb says no devices, fastboot detects it, but shows no ID, just ??????????
so apparently the last file in boot.img is important
any ideas?
i'm using cyangenmod7 btw
ive been goggling all day with no luck, to a experienced dev in the business of making kernels i bet this is a easy one but how can i extract my ramdisk from xperia play (Preferable in windows)? I hear something about Boot.img so i pulled that out via ADB but i also read that theres a zimage or something where exactly is this file?
im really trying to avoid linux
First, that "boot.img" is kernel+ramdisk inside one file.
I use Android Image Kitchen
http://forum.xda-developers.com/showthread.php?t=2073775
for windows to unpack boot.img
You'll get ramdisk and zimage from it.
Make your changes to ramdisk and repack.
Keep in mind that sometimes ramdisk is packed (it is because there are multiple ramdisks in kernel - for normal boot and for recovery(s))
It can be confusing because it's packed ramdisk files inside cpio packed file inside img packed file...
I don't know exact command how to extract boot.img from phone itself, it is done from adb shell, something like
dd /dev/block/mtdblock3 > /sdcard/Boot.img
Also, as you, i am windows user, but some things can only be donne in linux (like compiling kernel), but somehow i managed to install ubuntu13.04 in virtualbox (it took me two weeks to set it up for compiling). It can be pain in the a$$ to set it up and i needed to install teamviewer to access files inside it, but once it's done, all i do is copy paste commands in terminal window...
Sent from my C6502 using XDA Free mobile app
Ok ill take a look at that thanks.
R800Q
So in emui 9 there is no ramdisk.img file so everyone says no root. I dont want to write 30 pages so ima make it short. I was wondering that since ramdisk.img files are intergrated into system.img i could extract these files and repack into a ramdisk.img file then patch boot image e.g ramdisk.img with magisk, then upack patched ramdisk.img into sub files like init.rc etc. And repack into the system.img and flash that? Will this cause issues with dm_verity.
I heard there's more mechanism built in right now into the rom package and the hardware to make sure that the rom size is not altered and the correct region is being flashed on. So to counter all these require additional files and counter flags to be set.
I remembered hikvision cctv also has this mechanism builtin but it can be overwritten via telnet and changing a flag in hex.
So I guess if someone looks hard enough, maybe we can have unlocked bootloader, root, etc until the next Mate 30 comes along in a year's time.