Hello everyone!
First off:
DISCLAIMER: I AM NOT RESPONSIBLE FOR ANYTHING YOU DO TO YOUR PHONE WHILE USING ANY OF THE INFORMATION LOCATED BELOW. IF YOU DO NOT UNDERSTAND WHAT IS BEING DONE, PLEASE DO NOT TRY ANYTHING DONE HERE!
This is still in a VERY basic phase. I am not sure how helpful it will be, but currently, I have been able to extract some of the smaller partitions from the AT&T firmware file.
Starting off, when LGNPST is used to image a phone, it creates a log file in C:\LG Electronics\LGNPST\Models\LOG\ For example, mine was called LS970Log_COM5.log. We are really only interested in one part of this file, located close to the bottom when the phone is actually being imaged. It should look something like this:
0Download mode locking
0Download : PrimaryGPT 0x 0 Size: 0x 512Kb, File Offset: 0x 100000
0 3.182994E-313mmc Init
0Partition Count : 35======================================================
0======================================================
0Download : modem 0x 800000 Size: 0x 54272Kb, File Offset: 0x 180000
0Download : sbl1 0x4800000 Size: 0x 512Kb, File Offset: 0x3680000
0Download : sbl2 0x4880000 Size: 0x 512Kb, File Offset: 0x3700000
0Download : sbl3 0x4900000 Size: 0x 1024Kb, File Offset: 0x3780000
0Download : aboot 0x4b00000 Size: 0x 512Kb, File Offset: 0x3880000
0Download : rpm 0x4b80000 Size: 0x 512Kb, File Offset: 0x3900000
0Download : boot 0x5000000 Size: 0x 7168Kb, File Offset: 0x3980000
0Download : tz 0x6800000 Size: 0x 512Kb, File Offset: 0x4080000
0(null)kip misc Partition
0Download : system 0xb000000 Size: 0x 131072Kb, File Offset: 0x4900000
0Download : system 0x13000000 Size: 0x 512Kb, File Offset: 0xc900000
0Download : system 0x1325e000 Size: 0x 129024Kb, File Offset: 0xc980000
0Download : system 0x1b1fd000 Size: 0x 129536Kb, File Offset: 0x14780000
0Download : system 0x2325e000 Size: 0x 129024Kb, File Offset: 0x1c600000
0Download : system 0x2b1fd000 Size: 0x 129536Kb, File Offset: 0x24400000
0Download : system 0x3325e000 Size: 0x 129024Kb, File Offset: 0x2c280000
0Download : system 0x3b1fd000 Size: 0x 129536Kb, File Offset: 0x34080000
0Download : system 0x4325e000 Size: 0x 129024Kb, File Offset: 0x3bf00000
0Download : system 0x4b1fd000 Size: 0x 76800Kb, File Offset: 0x43d00000
0Download : system 0x53000000 Size: 0x 512Kb, File Offset: 0x48800000
0Download : system 0x5b000000 Size: 0x 512Kb, File Offset: 0x48880000
0Download : system 0x63000000 Size: 0x 512Kb, File Offset: 0x48900000
0Download : persist 0x7a800000 Size: 0x 4608Kb, File Offset: 0x48980000
0Download : recovery 0x8b000000 Size: 0x 8192Kb, File Offset: 0x48e00000
0Download : BackupGPT 0xab380000 Size: 0x 512Kb, File Offset: 0x49600000
0
*********************************************************************************************
Click to expand...
Click to collapse
What do we see that is important here? Image sizes and offsets for data in the file! For example, lets take the boot partition.
0Download : boot 0x5000000 Size: 0x 7168Kb, File Offset: 0x3980000
Click to expand...
Click to collapse
We have a offset of 0x3980000 and a size of 7168Kb. That converts to an equivalent of an offset of 60293120 bytes and a size of 7340032 bytes (I really hope I got that right. As I'm sitting here writing this, I'm thinking of how many different ways I could have messed up that calculation...)
Here, I am using dd on linux in order to separate the partitions from the binary file, but it can be done using equivalent tools on windows.
$ dd bs=1 skip=60293120 count=7340032 if=LGE970AT-00-V10o-ATT-US-SEP-29-2012+0.tot of=boot.img
Click to expand...
Click to collapse
Basically, what I am doing here is copying 7340032 bytes, starting at byte 60293120, from the .tot file to boot.img.
Now, lets check out the backups made with FreeGee when you unlock, to see if it matches with what was actually written to the phone. In order to see if they are equal, we need to trim the backup, because the backup that is taken is actually of the entire partition, not just the actual data.
$ dd bs=1 count=7340032 if=boot-att-backup.img of=boot-att-backup-trimmed.img
Click to expand...
Click to collapse
This is doing basically the same, starting at the first byte, copying 7340032 bytes to boot-att-backup-trimmed.img. This is just making sure you only get the same amount of data that was written.
Now, If of course we want to see if the data is actually the same, so we will also use the diff command, also found on linux, and I'm sure is also available on windows.
$ diff -s boot.img boot-att-backup-trimmed.img
Click to expand...
Click to collapse
If both files are identical, which means everything was done correctly, this should result in the output "Files boot.img and boot-att-backup-trimmed.img are identical", which it does! (The -s flag makes diff report identical files.)
So, now that we know that we can successfully extract the boot partition, I also tried this with the aboot partition, and it worked as well! I have not had success extracting the system partition yet, as it is split up into several partitions. I was hoping that someone with more knowledge could piece together a system image. Enjoy
SnowLeopardJB said:
Hello everyone!
First off:
DISCLAIMER: I AM NOT RESPONSIBLE FOR ANYTHING YOU DO TO YOUR PHONE WHILE USING ANY OF THE INFORMATION LOCATED BELOW. IF YOU DO NOT UNDERSTAND WHAT IS BEING DONE, PLEASE DO NOT TRY ANYTHING DONE HERE!
This is still in a VERY basic phase. I am not sure how helpful it will be, but currently, I have been able to extract some of the smaller partitions from the AT&T firmware file.
Starting off, when LGNPST is used to image a phone, it creates a log file in C:\LG Electronics\LGNPST\Models\LOG\ For example, mine was called LS970Log_COM5.log. We are really only interested in one part of this file, located close to the bottom when the phone is actually being imaged. It should look something like this:
What do we see that is important here? Image sizes and offsets for data in the file! For example, lets take the boot partition.
We have a offset of 0x3980000 and a size of 7168Kb. That converts to an equivalent of an offset of 60293120 bytes and a size of 7340032 bytes (I really hope I got that right. As I'm sitting here writing this, I'm thinking of how many different ways I could have messed up that calculation...)
Here, I am using dd on linux in order to separate the partitions from the binary file, but it can be done using equivalent tools on windows.
Basically, what I am doing here is copying 7340032 bytes, starting at byte 60293120, from the .tot file to boot.img.
Now, lets check out the backups made with FreeGee when you unlock, to see if it matches with what was actually written to the phone. In order to see if they are equal, we need to trim the backup, because the backup that is taken is actually of the entire partition, not just the actual data.
This is doing basically the same, starting at the first byte, copying 7340032 bytes to boot-att-backup-trimmed.img. This is just making sure you only get the same amount of data that was written.
Now, If of course we want to see if the data is actually the same, so we will also use the diff command, also found on linux, and I'm sure is also available on windows.
If both files are identical, which means everything was done correctly, this should result in the output "Files boot.img and boot-att-backup-trimmed.img are identical", which it does! (The -s flag makes diff report identical files.)
So, now that we know that we can successfully extract the boot partition, I also tried this with the aboot partition, and it worked as well! I have not had success extracting the system partition yet, as it is split up into several partitions. I was hoping that someone with more knowledge could piece together a system image. Enjoy
Click to expand...
Click to collapse
would it be possible to guide me through this from the very beginning? i want to start cooking for this device, but i need a legit flashable Rom. Please and Thank you.
You are most likely better off just pulling a system image off your device. So, if you are rooted, you can pull your system with something like this:
# busybox tar cf /sdcard/system.tar /system/*
Click to expand...
Click to collapse
That should give you all of the system files all together in a tar archive on your internal sdcard.
I messaged you, but is there any way to use this on the Sprint version to create a flashable .zip?
sorry about the resurrection,
but has there been any progress made on this? More of a curiosity, then anything.
Thanks
I would like to share a collection of factory images. It contains the full packages, also the extracted .img files. I also included insecure boot image (adb shell gives root access) and deodexed system image for each of them.
full image packages are "tgz" files.
image files extension is .img
isecure boot images are *.unsec.img
deodexed system images are *.deodex.img
These are all to be flashed with fastboot. These all derived from STOCK (https://developers.google.com/android/nexus/images) with no changes except the insecure adb boot image and the deodexed system image.
Deodexed fs is exactly the same size as the original when mounted.
The collection contains:
mantaray_4.2-jop40c
mantaray_4.2-jop40c-factory-0d641789.tgz size: 326396069
mantaray-jop40c
image-mantaray-jop40c.zip size: 328044861
boot.img size: 4716544
boot.img.unsec.img size: 4716544
bootloader-manta-mantalj12.img size: 1310720
cache.img size: 10617136
recovery.img size: 5228544
system.img size: 541540212
system.img.deodex.img size: 499677904
mantaray_4.2.2-jdq39
mantaray-jdq39-factory-d79f489e.tgz size: 328019721
mantaray-jdq39
image-mantaray-jdq39.zip size: 329787974
boot.img size: 4718592
boot.img.unsec.img size: 4718592
bootloader-manta-mantalj12.img size: 1310720
cache.img size: 10621244
recovery.img size: 5230592
system.img size: 535248732
system.img.deodex.img size: 496339676
userdata.img size: 140778452
The files can be downloaded from: http://web.djodjo.org/?a=download:android:ROM_images:factory_images_gn_mantaray
if it helps you buy me a beer
there it is another collection of factory images. It contains the full packages, also the extracted .img files. I also included insecure boot image (adb shell gives root access) and deodexed system image for each of them.
full image packages are "tgz" files.
image files extension is .img
isecure boot images are *.unsec.img
deodexed system images are *.deodex.img
These are all to be flashed with fastboot. These all derived from STOCK (https://developers.google.com/android/nexus/images) with no changes except the insecure adb boot image and the deodexed system image.
Deodexed fs is exactly the same size as the original when mounted.
The collection contains:
mysid_4.0.4-imm76k
mysid_4.0.4-imm76k-factory-98d21321.tgz size: 201267095
mysid-imm76k
image-mysid-imm76k.zip size: 196838841
boot.img size: 4247552
boot.img.unsec.img size: 4247552
bootloader-toro-primela03.img size: 2363392
radio-cdma-toro-i515.fc04.img size: 3811968
radio-toro-i515.fc05.img size: 10748160
recovery.img size: 4587520
system.img size: 331943172
system.img.deodex.img size: 303179956
userdata.img size: 142534492
mysid_4.1.1-jro03o
mysid_4.1.1-jro03o-factory-f17426e6.tgz size: 250399358
mysid-jro03o
image-mysid-jro03o.zip size: 246331897
boot.img size: 4470784
boot.img.unsec.img size: 4470784
bootloader-toro-primelc03.img size: 2363392
radio-cdma-toro-i515.ff02.img size: 3813648
radio-toro-i515.fg02.img size: 10748160
recovery.img size: 4820992
system.img size: 413806488
system.img.deodex.img size: 374348532
userdata.img size: 142534492
The files can be downloaded from: http://web.djodjo.org/?a=download:android:ROM_images:factory_images_gn_toro
enjoy
So if the .tgz of 4.1.1 is flashed in fastboot, I will retain my root and custom recovery? All I need is the .tgz, right?
No.
The tgz package contains images(img) another zip file that contains more images and batch/shell scripts. You can download those separately if you wish.
If you unpackage this tgz and run "flash-all.bat/sh" you will have completely fresh factory setup, as if you just bought it. You will loose all the data, except the one on the sd card.
the script basically flashes the following:
fastboot flash bootloader bootloader-toro-primelc03.img
fastboot flash radio radio-toro-i515.fg02.img
fastboot flash radio-cdma radio-cdma-toro-i515.ff02.img
fastboot -w update image-mysid-jro03o.zip
the last one flashes:
boot.img
recovery.img
system.img
userdata.img
to retain your recovery you can delete "recovery.img" from the zip. Then after you flash the STOCK ROM you have to disable stock recovery from coming back (because it will overwrite the custom one on boot) from your custom recovery or otherwise(some options here: http://andwise.net/?p=292 )
The root(su) you have to do it again, you cannot keep that if you flash the new system.img.
RyanTX said:
So if the .tgz of 4.1.1 is flashed in fastboot, I will retain my root and custom recovery? All I need is the .tgz, right?
Click to expand...
Click to collapse
there it is another collection of factory images. It contains the full packages, also the extracted .img files. I also included insecure boot image (adb shell gives root access) and deodexed system image for each of them.
full image packages are "tgz" files.
image files extension is .img
isecure boot images are *.unsec.img
deodexed system images are *.deodex.img
These are all to be flashed with fastboot. These all derived from STOCK (https://developers.google.com/android/nexus/images) with no changes except the insecure adb boot image and the deodexed system image.
Deodexed fs is exactly the same size as the original when mounted.
The collection contains:
mysidspr_4.1.1-fh05
mysidspr_4.1.1-fh05-factory-8cb5208b.tgz size: 294108599
mysidspr-fh05
image-mysidspr-fh05.zip size: 290459409
boot.img size: 4861952
boot.img.unsec.img size: 4861952
bootloader-toroplus-primelc03.img size: 2363392
radio-cdma-toroplus-l700.fc12.img size: 3802016
radio-toroplus-l700.fc12.img size: 10748160
recovery.img size: 5212160
system.img size: 466894948
system.img.deodex.img size: 448302352
userdata.img size: 142534492
The files can be downloaded from: http://web.djodjo.org/?a=download:android:ROM_images:factory_images_gn_toroplus
enjoy
Hello,
I compiled aosp for my nexus 7 2013 works fine, but i wanted to add apps and tweak things like bootanimation.zip and remove things like email app, i don't use it why waste space. I use the the follow to allow edits
simg2img system.img system.img.raw
mkdir system
sudo mount -t ext4 -o loop system.img.raw system/
I add my edits and than use this but get and error
[email protected]:~/Downloads/imagedisassemble$ sudo ./make_ext4fs -s -l 512M -a system mesystem.img system/
Creating filesystem with parameters:
Size: 536870912
Block size: 4096
Blocks per group: 32768
Inodes per group: 8192
Inode size: 256
Journal blocks: 2048
Label:
Blocks: 131072
Block groups: 4
Reserved block group size: 31
error: do_inode_allocate_extents: Failed to allocate 3 blocks
I have tried to change 512M to 600M it will finish without error, however when I flash with fastboot flash system system.img, I get stuck on the Google screen and have to force off with power and get into bootloader to try again.
Any help would be great
Thanks
Tony