[HOW-TO] Converting Motorola XT907 ROMs to update.zip format - Droid RAZR M General

Some of my recent development work has involved frequent changes between stock ROMs and custom ROMs on a Droid Razr M, and I quickly grew weary of dealing with RSD Lite and Windows. So I put together a procedure for converting the .xml.zip ROM into an "update.zip" which is flashable via TWRP.
1) Download the .xml.zip file. I used VZW_XT907_4.1.1-9.8.1Q-27-2-4_1FF.xml.zip from here.
2) Unzip the file into a temporary directory.
3) Extract the system.img sparse ext4 filesystem using simg2img from AOSP (or simg2img.py). Note that the Motorola images have an extra header which needs to be removed with "dd":
Code:
dd if=system.img of=simg bs=131072 skip=1
simg2img simg raw.img
sudo mount -o loop raw.img /mnt
If all goes well, you should see the /system contents under /mnt:
Code:
$ ls -l /mnt
total 72
drwxr-xr-x 2 root root 12288 Oct 21 2012 app/
drwxr-xr-x 2 root 2000 8192 Oct 21 2012 bin/
-rw-r--r-- 1 root root 7562 Oct 21 2012 build.prop
drwxr-xr-x 16 root root 4096 Oct 21 2012 etc/
drwxr-xr-x 2 root root 4096 Oct 21 2012 fonts/
drwxr-xr-x 2 root root 4096 Oct 21 2012 framework/
drwxr-xr-x 9 root root 12288 Oct 21 2012 lib/
drwxr-xr-x 4 root root 4096 Oct 21 2012 media/
drwxr-xr-x 3 root root 4096 Oct 21 2012 tts/
drwxr-xr-x 8 root root 4096 Oct 21 2012 usr/
drwxr-xr-x 5 root 2000 4096 Oct 21 2012 vendor/
drwxr-xr-x 2 root 2000 4096 Oct 21 2012 xbin/
4) Make a new directory for your update.zip contents.
A minimal update.zip contains the system/ partition contents, plus three files:
boot.img - kernel image
META-INF/com/google/android/update-binary - I copied this from a CM 10.1 zip
META-INF/com/google/android/updater-script - see below
Copy boot.img (from the .xml.zip file) and update-binary (from another ROM) into the appropriate locations.
5) Create a new updater-script. A bare bones script for XT907 looks like:
Code:
assert(getprop("ro.product.device") == "xt907" || getprop("ro.product.device") == "scorpion_mini");
format("ext4", "EMMC", "/dev/block/platform/msm_sdcc.1/by-name/system", "0", "/system");
mount("ext4", "EMMC", "/dev/block/platform/msm_sdcc.1/by-name/system", "/system");
package_extract_dir("system", "/system");
[i][file permissions - see below][/i]
package_extract_file("boot.img", "/dev/block/platform/msm_sdcc.1/by-name/boot");
unmount("/system");
6) Fill in the file permissions section.
To generate the file permission commands, I wrote a perl script "dumpperms.pl" which traverses the loopback-mounted /system partition and prints a "set_perm" or "symlink" command for each entry that requires it. This looks something like:
Code:
$ dumpperms.pl /mnt
set_perm_recursive(0, 0, 0755, 0644, "/system");
set_perm(0, 2000, 0755, "/system/bin");
set_perm(0, 2000, 0755, "/system/bin/ATFWD-daemon");
set_perm(0, 2000, 0755, "/system/bin/RescueServer");
set_perm(0, 2000, 0755, "/system/bin/RescueStarter");
[...]
set_perm(1002, 1002, 0440, "/system/etc/bluetooth/network.conf");
set_perm(1014, 2000, 0550, "/system/etc/dhcpcd/dhcpcd-run-hooks");
symlink("/data/misc/audio/wcd9310_anc.bin", "/system/etc/firmware/wcd9310/wcd9310_anc.bin");
symlink("/data/misc/audio/mbhc.bin", "/system/etc/firmware/wcd9310/wcd9310_mbhc.bin");
[...]
The output from this script should be pasted into the permissions section of updater-script.
7) Create the new update.zip file. boot.img, system/, and META-INF/ should be at the top level:
Code:
$ ls
boot.img META-INF/ system/
$ rm -f /tmp/update.zip ; zip -r /tmp/update.zip .
zip warning: name not matched: system/lib/modules/wlan.ko
zip warning: name not matched: system/vendor/firmware
zip warning: name not matched: system/etc/firmware/wcd9310/wcd9310_anc.bin
zip warning: name not matched: system/etc/firmware/wcd9310/wcd9310_mbhc.bin
zip warning: name not matched: system/etc/firmware/wlan/prima/WCNSS_qcom_wlan_nv.bin
zip warning: name not matched: system/etc/firmware/wlan/prima/WCNSS_qcom_cfg.ini
adding: boot.img (deflated 49%)
adding: system/ (stored 0%)
adding: system/media/ (stored 0%)
adding: system/media/KnowYourDevice/ (stored 0%)
[...]
The file should now be ready for flashing / sideloading. The provided template does not clear /data or /cache, so that can be done by hand or added to the updater-script.

Related

[DEV] Porting rom from desire: can't boot

Hello,
I was trying to make a porting rom from Desire using dsixda Kitchen.
I used the option 19 to make a porting, using another rom ported from desire to desire z as working rom (to get kernel, kernel modules, keyboard and so on..)
Installation is ok but when I try to boot it stuck at HTC logo.
Using logcat or another ADB command I get only:
- exec '/system/bin/sh' failed: No such file or directory (2) -
So I pulled the recovery.log after installing my porting rom:
Code:
Starting recovery on Sun Apr 15 10:37:24 2012
can't open /dev/tty0: No such file or directory
framebuffer: fd 3 (480 x 800)
ClockworkMod Recovery v5.0.2.7
recovery filesystem table
=========================
0 /tmp ramdisk (null) (null)
1 /recovery emmc /dev/block/mmcblk0p21 (null)
2 /boot emmc /dev/block/mmcblk0p22 (null)
3 /cache ext3 /dev/block/mmcblk0p27 (null)
4 /data ext3 /dev/block/mmcblk0p26 (null)
5 /sd-ext ext3 /dev/block/mmcblk1p2 (null)
6 /sdcard vfat /dev/block/mmcblk1p1 /dev/block/mmcblk1
7 /system ext3 /dev/block/mmcblk0p25 (null)
W:Unable to get recovery.fstab info for /datadata during fstab generation!
W:Unable to get recovery.fstab info for /emmc during fstab generation!
I:Completed outputting fstab.
I:Processing arguments.
I:Checking arguments.
I:device_recovery_start()
Command: "/sbin/recovery"
ro.secure=0
ro.allow.mock.location=1
ro.debuggable=1
persist.service.adb.enable=1
ro.build.id=GRI40
ro.build.display.id=GWK74
ro.build.version.incremental=eng.koush.20111028.180155
ro.build.version.sdk=10
ro.build.version.codename=REL
ro.build.version.release=2.3.7
ro.build.date=Fri Oct 28 18:02:25 PDT 2011
ro.build.date.utc=0
ro.build.type=eng
ro.build.user=koush
ro.build.host=Koushik-Lion.local
ro.build.tags=test-keys
ro.product.model=HTC Vision
ro.product.brand=htc_wwe
ro.product.name=htc_vision
ro.product.device=vision
ro.product.board=vision
ro.product.cpu.abi=armeabi-v7a
ro.product.cpu.abi2=armeabi
ro.product.manufacturer=HTC
ro.product.locale.language=hdpi
ro.product.locale.region=
ro.wifi.channels=
ro.board.platform=msm7x30
ro.build.product=vision
ro.build.description=2.42.405.2 CL84109 release-keys
ro.build.fingerprint=htc_wwe/htc_vision/vision:2.3.3/GRI40/84109:user/release-keys
ro.sf.lcd_density=240
debug.fb.rgb565=0
ro.gsm.2nd_data_retry_config=max_retries=3, 2000, 2000, 2000
rild.libpath=/system/lib/librilswitch.so
rilswitch.vendorlibpath=/system/lib/libhtc_ril.so
rilswitch.ganlibpath=/system/lib/libganril.so
ro.ril.enable.a53=1
ro.ril.enable.dtm=0
ro.ril.gprsclass=10
ro.ril.hsdpa.category=10
ro.ril.hsupa.category=6
ro.ril.hsxpa=2
ro.ril.def.agps.feature=1
ro.ril.disable.fd.plmn.prefix=23402,23410,23411
ro.ril.enable.sdr=0
ro.ril.enable.gea3=0
ro.telephony.default_network=0
wifi.interface=eth0
wifi.supplicant_scan_interval=15
mobiledata.interfaces=gannet0,rmnet0,rmnet1,rmnet2
ro.opengles.version=131072
dalvik.vm.heapsize=32m
ro.ril.def.agps.mode=2
ro.ril.disable.power.collapse=1
ro.com.google.clientidbase=android-tmobile-us
ro.com.google.clientidbase.vs=android-hms-tmobile-us
ro.com.google.clientidbase.ms=android-hms-tmobile-us
ro.com.google.locationfeatures=1
ro.com.google.networklocation=1
ro.com.google.gmsversion=2.2_r5
ro.setupwizard.enable_bypass=1
dalvik.vm.lockprof.threshold=500
dalvik.vm.dexopt-flags=m=y
media.a1026.nsForVoiceRec=0
media.a1026.enableA1026=1
htc.audio.alt.enable=0
htc.audio.hac.enable=0
keyguard.no_require_sim=true
ro.rommanager.developerid=cyanogenmod
ro.url.legal=http://www.google.com/intl/%s/mobile/android/basic/phone-legal.html
ro.url.legal.android_privacy=http://www.google.com/intl/%s/mobile/android/basic/privacy.html
ro.com.android.wifi-watchlist=GoogleGuest
ro.setupwizard.enterprise_mode=1
ro.com.android.dateformat=MM-dd-yyyy
ro.com.android.dataroaming=false
ro.config.ringtone=Playa.ogg
ro.config.notification_sound=regulus.ogg
ro.config.alarm_alert=Alarm_Beep_03.ogg
ro.modversion=CyanogenMod-7.1.0-vision-KANG
ro.kernel.android.checkjni=1
ro.setupwizard.mode=OPTIONAL
net.bt.name=Android
net.change=net.bt.name
dalvik.vm.stack-trace-file=/data/anr/traces.txt
ro.factorytest=0
ro.serialno=SH0B9RT04800
ro.bootmode=recovery
ro.baseband=26.13.04.19_M
ro.carrier=HTC-ITA
ro.bootloader=0.84.2000
ro.hardware=vision
ro.revision=128
init.svc.choice_fn=stopped
init.svc.recovery=running
init.svc.htcbatt=stopped
init.svc.adbd=running
ro.9kramdump=0
I:Checking for extendedcommand...
I:Skipping execution of extendedcommand, file not found...
-- Installing: /sdcard/2.Flashable/vision_signed_041512_121934.zip
Finding update package...
I:Update location: /sdcard/2.Flashable/vision_signed_041512_121934.zip
Opening update package...
Installing update...
mke2fs: can't format mounted filesystem
format: format_ext3_device failed (-1) on /dev/block/mmcblk0p25mount: failed to mount /dev/block/mmcblk0p25 at /system: Device or resource busy
mount: failed to mount /dev/block/mmcblk0p26 at /data: Device or resource busy
minzip: Extracted file "/data/app/com.TEST.android.lvh-1.apk"
minzip: Extracted file "/data/app/com.adobe.flashplayer-1.apk"
minzip: Extracted file "/data/app/com.antutu.CpuMasterFree-1.apk"
minzip: Extracted file "/data/app/com.bigtincan.android.adfree.apk"
minzip: Extracted file "/data/app/com.estrongs.android.pop-1.apk"
minzip: Extracted file "/data/app/com.keramidas.TitaniumBackup-1.apk"
minzip: Extracted file "/data/app/com.koushikdutta.rommanager-1.apk"
minzip: Extracted file "/data/app/placeholder"
minzip: Extracted file "/data/app/ws.plattner.cifsmanager.apk"
minzip: Extracted file "/data/data/com.android.htcprofile/anr_history.txt"
minzip: Extracted file "/data/data/hosts"
minzip: Extracted file "/system/app/AccountSyncManager.apk"
minzip: Extracted file "/system/app/AccountSyncManager.odex"
minzip: Extracted file "/system/app/AppSharing.apk"
...
...
...
...
... (extraction of other /system files..)
...
...
...
minzip: Extracted file "/system/xbin/tcpdump"
minzip: Extracted file "/system/xbin/wireless_modem"
set_perm: chown of /system/etc/bluez to 0 0 failed: No such file or directory
set_perm: chmod of /system/etc/bluez to 775 failed: No such file or directory
set_perm: chown of /system/bin/openvpn to 1000 1000 failed: No such file or directory
set_perm: chmod of /system/bin/openvpn to 755 failed: No such file or directory
set_perm: chown of /system/bin/iproute-script.sh to 1000 1000 failed: No such file or directory
set_perm: chmod of /system/bin/iproute-script.sh to 755 failed: No such file or directory
set_perm: chown of /system/bin/vpnc to 1000 1000 failed: No such file or directory
set_perm: chmod of /system/bin/vpnc to 755 failed: No such file or directory
set_perm: chown of /system/bin/vpnc-script.sh to 1000 1000 failed: No such file or directory
set_perm: chmod of /system/bin/vpnc-script.sh to 755 failed: No such file or directory
set_perm: chown of /data/data/com.android.providers.contacts/files/* to 0 0 failed: No such file or directory
set_perm: chmod of /data/data/com.android.providers.contacts/files/* to 1232 failed: No such file or directory
mke2fs: can't format mounted filesystem
format: format_ext3_device failed (-1) on /dev/block/mmcblk0p27script result was [/data]
Install from sdcard complete.
Formatting /sd-ext...
I:Formatting unknown device.
I:Formatting ext3 device.
warning: 287 blocks unused
I don't like that (NULL) after the block allocation, but this is the first rom cooking and I don't understand if it is normal.
Also there are some errors at the end and at the begin of the installation, but they don't seems to me to be fatal errors..
Someone can help?
I have tryed also to install RCMIX kernel after this rom, that kernel is working with the other rom ported from desire that I'm using as base, working rom, for my porting.
(PS: it is sense 1.9 rom)
maybe I have to change updater script?
There are blocks problems?

[Q] Rooted, with TWRP, Android 4.3 OTA update to JWR66Y from JWR66V

I have a rooted Galaxy Nexus with stock Android 4.3 and TWRP 2.6.0.0 (latest available for this device).
Today I received the OTA update to Android 4.3 build JWR66Y from JWR66V and accepted it. It immediately failed due to some ZIP signature problem.
I suspected that this is a TWRP problem, booted into TWRP, located the OTA update file, whose name I could still see in the log display, in /cache, and proceeded to flash it manually with TWRP after disabling the ZIP sig checking.
This worked better. Several patches appeared to run through just fine.
But then it still failed with some other error that I could not recognize quickly enough, but TWRP showed a red "Failed" signal. I could not find the log either, so I still don't know what exactly TWRP thought to have failed.
TWRP then told me that the root/superuser access rights are not OK and offered to fix them, which I gladly accepted.
I rebooted and checked the system, and everything still seems to work, including the root functionality. But the system still shows JWR66V, not JWR66Y. This is what the boot loader shows:
PRODUCT NAME - tuna
VARIANT - maguro 16GB
HW VERSION - 9
BOOTLOADER VERSION - PRIMEMD04
BASEBAND VERSION - I9250XXLJ1
Android also still behaves absolutely normally, as far as I can tell.
Normally previous OTA updates ran through just fine. They only removed root, so I always used the Nexus Root Toolkit to re-root. That was convenient enough and left me with the assurance that each update had worked perfectly. Unfortunately this time it was different.
Does anybody have an idea what has failed? Did the update indeed patch some files and then stalled after doing only half its work? Is the system now in a mixed state, some files already JWR66Y, but the rest still JWR66V? Or does the recovery roll back an incomplete update? Should I unroot the phone to let the update proceed?
You should use JWR66Y factory images+fastboot to "update".
Sent from my Galaxy Nexus using Tapatalk 4
hgmichna said:
I have a rooted Galaxy Nexus with stock Android 4.3 and TWRP 2.6.0.0 (latest available for this device).
Today I received the OTA update to Android 4.3 build JWR66Y from JWR66V and accepted it. It immediately failed due to some ZIP signature problem.
I suspected that this is a TWRP problem, booted into TWRP, located the OTA update file, whose name I could still see in the log display, in /cache, and proceeded to flash it manually with TWRP after disabling the ZIP sig checking.
This worked better. Several patches appeared to run through just fine.
But then it still failed with some other error that I could not recognize quickly enough, but TWRP showed a red "Failed" signal. I could not find the log either, so I still don't know what exactly TWRP thought to have failed.
TWRP then told me that the root/superuser access rights are not OK and offered to fix them, which I gladly accepted.
I rebooted and checked the system, and everything still seems to work, including the root functionality. But the system still shows JWR66V, not JWR66Y. This is what the boot loader shows:
PRODUCT NAME - tuna
VARIANT - maguro 16GB
HW VERSION - 9
BOOTLOADER VERSION - PRIMEMD04
BASEBAND VERSION - I9250XXLJ1
Android also still behaves absolutely normally, as far as I can tell.
Normally previous OTA updates ran through just fine. They only removed root, so I always used the Nexus Root Toolkit to re-root. That was convenient enough and left me with the assurance that each update had worked perfectly. Unfortunately this time it was different.
Does anybody have an idea what has failed? Did the update indeed patch some files and then stalled after doing only half its work? Is the system now in a mixed state, some files already JWR66Y, but the rest still JWR66V? Or does the recovery roll back an incomplete update? Should I unroot the phone to let the update proceed?
Click to expand...
Click to collapse
remove root, flash OTA zip file, re-apply root
thegios said:
remove root, flash OTA zip file, re-apply root
Click to expand...
Click to collapse
Yes, the hope is that after unrooting the OTA update will automatically be offered for installation. But what if not?
I don't even know whether I can flash the update manually after unrooting, i.e. with the standard recovery. Can I? Not used to unrooted phones.
hgmichna said:
Yes, the hope is that after unrooting the OTA update will automatically be offered for installation. But what if not?
I don't even know whether I can flash the update manually after unrooting, i.e. with the standard recovery. Can I? Not used to unrooted phones.
Click to expand...
Click to collapse
if u remove root and have standard recovery, wait for the OTA notification and it should install, otherwise unlock bootloader, isntall twrp, flash ota and then flash root
thegios said:
if u remove root and have standard recovery, wait for the OTA notification and it should install, otherwise unlock bootloader, isntall twrp, flash ota and then flash root
Click to expand...
Click to collapse
I just removed busybox, flashed standard recovery, then removed root. Checking system updates yielded only the statement that my system is up to date. Since the update file is already in /cache, shouldn't it have offered the update straight away? Or do I still have to wait, which would be rather stupid?
Here is TWRP's log. Stupidly, it cuts off the lines, so longer lines are cropped.
…
Warning: No file_contexts
Verifying current system. . .
Removing unneeded files. . .
Patching system files. . .
Unpacking new recovery. . .
Symlinks and permissions. . .
set_perm: some changes failed
E:Error executing updater binary in zip '/cache/
Error flashing zip '/cache//1b0ac7dfb2907e5981
Updating partition details. . .
I have also tried unrooting and putting the stock recovery back in place, then booting into a temporary TWRP to flash the OTA update file. Finally I used the Nexus Root Toolkit with its ADB sideload update function, which flashed the OTA update file with the stock recovery. Nothing worked. The error is always the same: set_perm: some changes failed
Next I will try to analyze the update file and see what it wants to do. Perhaps I can find out what would be likely to fail.
Generally this makes using a rooted phone awkward. Until now it was easy, but this situation turns a regular event that used to last a few minutes into an hour-long ordeal. It would be even worse if it required a total wipe. The backup situation has got worse too, both Titanium Backup and Helium are currently buggy and unreliable, not to mention very time-consuming.
Am I the only one who has this problem?
hgmichna said:
I just removed busybox, flashed standard recovery, then removed root. Checking system updates yielded only the statement that my system is up to date. Since the update file is already in /cache, shouldn't it have offered the update straight away? Or do I still have to wait, which would be rather stupid?
Here is TWRP's log. Stupidly, it cuts off the lines, so longer lines are cropped.
…
Warning: No file_contexts
Verifying current system. . .
Removing unneeded files. . .
Patching system files. . .
Unpacking new recovery. . .
Symlinks and permissions. . .
set_perm: some changes failed
E:Error executing updater binary in zip '/cache/
Error flashing zip '/cache//1b0ac7dfb2907e5981
Updating partition details. . .
Am I the only one who has this problem?
Click to expand...
Click to collapse
I have the same problem, have you found the solution
marcars said:
I have the same problem, have you found the solution
Click to expand...
Click to collapse
Some program had written a file install-recovery.sh into /system/etc and marked it immutable, apparently with the command:
chattr +i /system/etc/install-recovery.sh
The OTA update wanted to write this file by unzipping and failed.
So what I did:
adb shell
su
mount -o remount,rw /system
cd /system/etc
chattr -i install-recovery.sh
rm install-recovery.sh
After that I could install the OTA update with TWRP without any further hitch.
rdallion Secret
hgmichna said:
Some program had written a file install-recovery.sh into /system/etc and marked it immutable, apparently with the command:
chattr +i /system/etc/install-recovery.sh
The OTA update wanted to write this file by unzipping and failed.
So what I did:
adb shell
su
mount -o remount,rw /system
cd /system/etc
chattr -i install-recovery.sh
rm install-recovery.sh
After that I could install the OTA update with TWRP without any further hitch.
Be warned: After this update neither the Root Explorer function of ES File Explorer nor the abovementioned mount command worked any more:
>adb shell
[email protected]:/ $ su
su
[email protected]:/ # mount -o remount,rw /system
mount -o remount,rw /system
mount: Operation not permitted
255|[email protected]:/ #
But that is yet another matter. I will start a new thread for it.
Click to expand...
Click to collapse
ok i have found a solution in your case you need factory image from developers.google.com/android/nexus/images#nakasijwr66y
unzip this package and edit file .bat if you using windows or .sh when linux is your operating system. Erase in from command "- w" and save the file. Now copy all files from package to C:\Program Files (x86)\Android\android-sdk\platform-tools and start the (double click) .bat file. After that just boot your device in fastboot mode (power + volume-) and the update start the installation. This is not erase your user data if you have modified a .bat file.
marcars said:
ok i have found a solution in your case you need factory image from developers.google.com/android/nexus/images#nakasijwr66y
unzip this package and edit file .bat if you using windows or .sh when linux is your operating system. Erase in from command "- w" and save the file. Now copy all files from package to C:\Program Files (x86)\Android\android-sdk\platform-tools and start the (double click) .bat file. After that just boot your device in fastboot mode (power + volume-) and the update start the installation. This is not erase your user data if you have modified a .bat file.
Click to expand...
Click to collapse
Weird.
hgmichna said:
Some program had written a file install-recovery.sh into /system/etc and marked it immutable, apparently with the command:
chattr +i /system/etc/install-recovery.sh
The OTA update wanted to write this file by unzipping and failed.
So what I did:
adb shell
su
mount -o remount,rw /system
cd /system/etc
chattr -i install-recovery.sh
rm install-recovery.sh
After that I could install the OTA update with TWRP without any further hitch.
Be warned: After this update neither the Root Explorer function of ES File Explorer nor the abovementioned mount command worked any more:
>adb shell
[email protected]:/ $ su
su
[email protected]:/ # mount -o remount,rw /system
mount -o remount,rw /system
mount: Operation not permitted
255|[email protected]:/ #
But that is yet another matter. I will start a new thread for it.
Click to expand...
Click to collapse
install-recovery.sh is an initialization script and is used by Superuser and SuperSU to execute the su daemon process which is what we're using in JB 4.3 to establish root (su) privilege.
SuperSU sets the immutable bit (chattr) on this file and this why the update fails.
Starting with line 1309 of the OTA updater-script where the failure/error begins and subsequently aborts at line 1320; everything past that, well....
Code:
Line 1308:
delete("/system/recovery-from-boot.p",
"/system/etc/install-recovery.sh");
show_progress(0.100000, 10);
ui_print("Unpacking new recovery...");
package_extract_dir("recovery", "/system");
ui_print("Symlinks and permissions...");
set_perm_recursive(0, 0, 0755, 0644, "/system");
set_perm_recursive(0, 2000, 0755, 0755, "/system/bin");
set_perm(0, 3003, 02750, "/system/bin/netcfg");
set_perm(0, 0, 0755, "/system/bin/ping");
set_perm(0, 2000, 0750, "/system/bin/run-as");
set_perm(1014, 2000, 0550, "/system/etc/dhcpcd/dhcpcd-run-hooks");
Line 1320:
set_perm(0, 0, 0544, "/system/etc/install-recovery.sh");
set_perm_recursive(0, 0, 0755, 0555, "/system/etc/ppp");
set_perm(0, 2000, 0755, "/system/vendor");
set_perm_recursive(0, 2000, 0755, 0755, "/system/vendor/bin");
set_perm(0, 2000, 0755, "/system/vendor/etc");
set_perm(0, 2000, 0755, "/system/vendor/firmware");
set_perm(0, 2000, 0755, "/system/vendor/lib");
set_perm_recursive(0, 2000, 0755, 0644, "/system/vendor/lib/drm");
set_perm(0, 0, 0644, "/system/vendor/lib/drm/libdrmwvmplugin.so");
set_perm(0, 2000, 0755, "/system/vendor/lib/egl");
set_perm(0, 2000, 0755, "/system/vendor/lib/hw");
set_perm_recursive(0, 2000, 0755, 0644, "/system/vendor/lib/mediadrm");
set_perm(0, 0, 0644, "/system/vendor/lib/mediadrm/libwvdrmengine.so");
set_perm(0, 2000, 0755, "/system/vendor/media");
set_perm(0, 2000, 0755, "/system/vendor/pittpatt");
set_perm(0, 2000, 0755, "/system/vendor/pittpatt/models");
set_perm(0, 2000, 0755, "/system/vendor/pittpatt/models/detection");
set_perm(0, 2000, 0755, "/system/vendor/pittpatt/models/detection/multi_pose_face_landmark_detectors.7");
set_perm(0, 2000, 0755, "/system/vendor/pittpatt/models/detection/yaw_roll_face_detectors.6");
set_perm_recursive(0, 2000, 0755, 0644, "/system/vendor/pittpatt/models/recognition");
set_perm(0, 0, 0644, "/system/vendor/pittpatt/models/recognition/face.face.y0-y0-22-b-N.bin");
set_perm_recursive(0, 2000, 0755, 0644, "/system/vendor/res");
set_perm(0, 0, 0644, "/system/vendor/res/images/dock/dock.png");
set_perm_recursive(0, 2000, 0755, 0755, "/system/xbin");
ui_print("Fixing fs_size in crypto footer...");
assert(samsung.fs_size_fix());
ui_print("Patching remaining system files...");
apply_patch("/system/build.prop", "-",
c8330f59436ae2482b603522287e4e969741ec12, 2634,
90670a6ad72244b367249db5065c563aeaefc8f3, package_extract_file("patch/system/build.prop.p"));
set_perm(0, 0, 0644, "/system/build.prop");
unmount("/system");
And the tail of the recovery log
Code:
Unpacking new recovery...
minzip: Can't create target file "/system/etc/install-recovery.sh": Permission denied
minzip: Extracted 0 file(s)
Symlinks and permissions...
set_perm: chown of /system/etc/install-recovery.sh to 0 0 failed: Operation not permitted
set_perm: chmod of /system/etc/install-recovery.sh to 544 failed: Operation not permitted
script aborted: set_perm: some changes failed
set_perm: some changes failed
E:Error executing updater binary in zip '/cache//8069c140a030f5fe6a6296743aab8c5a93971b79.signed-takju-JWR66Y-from-JWR66V.8069c140.zip'
E:Error installing zip file '/cache//8069c140a030f5fe6a6296743aab8c5a93971b79.signed-takju-JWR66Y-from-JWR66V.8069c140.zip'
Done processing script file
With the immutable bit set on the file no one can change (owner/perms) until the immutable bit is unset by a root (su) user.
So, if you use SuperSU you should do as hgmichna posted and chattr -i the install-recovery.sh file before proceeding with the OTA update.
I don't believe Koush's Superuser sets the immutable bit so you should be OK if that's what you use.
At any rate you'll probably need to flash Superuser again before booting to system.
HTH,
-JR-
jazzruby said:
install-recovery.sh is an initialization script and is used by Superuser and SuperSU to execute the su daemon process which is what we're using in JB 4.3 to establish root (su) privilege.
SuperSU sets the immutable bit (chattr) on this file and this why the update fails.
Click to expand...
Click to collapse
Thanks for the information!
As we now see, this decision to use the immutable property of an ext partition may not have been a very good idea. Many root users will stumble into this trap and waste time, so we are facing a considerable total cost.
I guess that the immutable bit was not meant to be used in normal programs. Does Android use it at all? I would not be surprised if it did not.
Perhaps we need a code of conduct for programmers whose products have root rights. Having root rights does not mean that the entire operating system should now be modified liberally. I propose that a better strategy is to keep modifications requiring root rights to an absolute minimum, treat the operating system gently, and provide some easy means to undo modifications. Inserting an immutable file into the center of the operating system feels more like hiding a land mine in a children's playground.
Before Android 4.3, OTA updates always ran fine on my rooted phone and merely required re-rooting, which was easy and quickly enough to do. But the last two OTA updates both failed.
So now we know that we have to be particularly careful not to get in the way of OTA updates. On my phone the previous update to Android 4.3 failed, because somebody or something had modified the file debuggerd. I guess this can only have been a program with root rights. I don't know which it was. But I now fear that root programs might become a regular source of OTA update problems.
Of course I realise that it is easy to say such things in retrospect. The Germans have a saying, "You are always wiser when you come from the town hall." Also I think we are all grateful that SuperSU exists in the first place and is even free. So don't take the above as an accusation. But if a similar thing happened with the next OTA update and then again the next thereafter, then the root programmers would have to accede that they have had ample prior knowledge and that their products may not be quite perfect yet.
Perhaps these programs need a function called, "Prepare for OTA update". The obvious wish is that rooted phones have a way of accepting OTA updates without wiping data or, worse, a factory reset, because these take too much time and some settings may get lost. In any case I hope that this fresh experience will be a cause for some thorough thinking.
I took the ota today - bone stock JWR66V to JWR66Y, not a single issue.
a maguro sent this.
hgmichna said:
Thanks for the information!
Click to expand...
Click to collapse
Inserting an immutable file into the center of the operating system feels more like hiding a land mine in a children's playground.
Click to expand...
Click to collapse
It's not exactly the "center" of the operating system and I promise you nothing is going to blow up and no children will be hurt.:fingers-crossed:
On my phone the previous update to Android 4.3 failed, because somebody or something had modified the file debuggerd. I guess this can only have been a program with root rights. I don't know which it was.
Click to expand...
Click to collapse
More than likely it was a USB (un)mounting program, e.g. in my case it is Chainfire's StickMount however it does make a backup (debuggerd.backup).
Perhaps these programs need a function called, "Prepare for OTA update".
Click to expand...
Click to collapse
There is indeed a function for this in SuperSU (Survival mode) but it is to protect the su binar(y/ies) and this is where chattr sets the immutable bit and prevents the recursive chmod, chown, etc.. on /system from stripping the su binary of it's owner/group (root) and setuid/setgid.
The install-recovery.sh is a sort of special case because it behaves as an init.d which can execute init START at boot for daemon process which is what's needed for Superuser (su) in Android 4.3 but it also used by alot of modders to take advantage of it's 'init' behavior even when there's no support in kernel.
Normally install-recovery.sh runs a hash check on the recovery partition at boot and if/when fails this check it calls/executes /system/recovery-from-boot which subsequently flashes/installs the stock recovery.
TWRP saves it's recovery by renaming the file recovery-from-boot.bak before booting back to system and preventing the install of stock recovery however it has been seen in the past that some people will modify/delete install-recovery.sh and this is why Chainfire has chosen to chattr +i the file, he does however provision for 'modders' to continue to use by calling a second init (install-recovery-2.sh) at the end of the script.
If you open/view install-recovery.sh you'll see:
Code:
#!/system/bin/sh
# If you're implementing this in a custom kernel/firmware,
# I suggest you use a different script name, and add a service
# to launch it from init.rc
# Launches SuperSU in daemon mode only on Android 4.3+.
# Nothing will happen on 4.2.x or older.
# If you want to force loading the daemon, use "--daemon" instead
/system/xbin/daemonsu --auto-daemon &
# Some apps like to run stuff from this script as well, but the
# installer will have done "chattr +i" on this file to prevent
# accidental modification and deletion. In your code, just search
# this file for "install-recovery-2.sh", and if present, write
# there instead.
/system/etc/install-recovery-2.sh
-JR-
jazzruby said:
It's not exactly the "center" of the operating system and I promise you nothing is going to blow up and no children will be hurt.:fingers-crossed:
Click to expand...
Click to collapse
Except that it reliably kills all OTA updates. I think that is bad enough. I find the idea of using the ext immutable bit quite remarkable. Can you guess the total cost of all the people now running around in circles trying to find out why their OTA update failed? Not everybody is conversant with chattr.
jazzruby said:
More than likely it was a USB (un)mounting program, e.g. in my case it is Chainfire's StickMount however it does make a backup (debuggerd.backup).
Click to expand...
Click to collapse
Yes, that was the most likely cause of the 4.2.2 to 4.3 OTA update failure on my phone. If StickMount really has to modify system files, which I doubt, it should at least warn users about breaking OTA updates and provide a clean uninstall function. On my phone StickMount still works after I have replaced debuggerd with the original. Surprise, surprise, modifying the file seems to be quite unnecessary.
Perhaps one should simply walk a big arc around everything coming from Chainfire. The guy seems to be beset by the idea of killing OTA updates one way or another.
jazzruby said:
There is indeed a function for this in SuperSU (Survival mode) but it is to protect the su binar(y/ies) and this is where chattr sets the immutable bit and prevents the recursive chmod, chown, etc.. on /system from stripping the su binary of it's owner/group (root) and setuid/setgid.
The install-recovery.sh is a sort of special case because it behaves as an init.d which can execute init START at boot for daemon process which is what's needed for Superuser (su) in Android 4.3 but it also used by alot of modders to take advantage of it's 'init' behavior even when there's no support in kernel.
Normally install-recovery.sh runs a hash check on the recovery partition at boot and if/when fails this check it calls/executes /system/recovery-from-boot which subsequently flashes/installs the stock recovery.
TWRP saves it's recovery by renaming the file recovery-from-boot.bak before booting back to system and preventing the install of stock recovery however it has been seen in the past that some people will modify/delete install-recovery.sh and this is why Chainfire has chosen to chattr +i the file, he does however provision for 'modders' to continue to use by calling a second init (install-recovery-2.sh) at the end of the script.
Click to expand...
Click to collapse
How generous! He seems to assume that people only know his Superuser tool and will gladly cater to its particular idiosyncrasies.
I'm a programmer, though not an Android programmer. In my book such ruthless programming is subsumed under "arrogant coding".
pls help
Hello,
This is the first time ever I'm posting something. I own a Nexus 4 and I live in Pakistan. Actually I bought this phone from a local shop which offered used handsets and this nexus 4 was bought in UK and somehow had reached here in Pakistan. Now when I reset the phone first to input my details and it restarted I got to know that it had cyanogen mod installed also doing a factory reset deleted its chrome and play apps as well. It was rooted running android 4.3 build JWR66V. I don't know but I wanted a normal nexus 4 running everything stock. I wanted to get the OTAs so I followed this thread to unroot it:
http://forum.xda-developers.com/showthread.php?t=2010312
and installed the stock android 4.3 build JWR66V factory image with stock recovery and everything else.
Just left the bootloader unlocked.
But now the OTA build JWR66Y is available but every time I check it says my phone is up to date. Please help how will I be able to receive OTAs. Thanks in advance
adeelhayat90 said:
Hello,
This is the first time ever I'm posting something. I own a Nexus 4 and I live in Pakistan. Actually I bought this phone from a local shop which offered used handsets and this nexus 4 was bought in UK and somehow had reached here in Pakistan. Now when I reset the phone first to input my details and it restarted I got to know that it had cyanogen mod installed also doing a factory reset deleted its chrome and play apps as well. It was rooted running android 4.3 build JWR66V. I don't know but I wanted a normal nexus 4 running everything stock. I wanted to get the OTAs so I followed this thread to unroot it:
http://forum.xda-developers.com/showthread.php?t=2010312
and installed the stock android 4.3 build JWR66V factory image with stock recovery and everything else.
Just left the bootloader unlocked.
But now the OTA build JWR66Y is available but every time I check it says my phone is up to date. Please help how will I be able to receive OTAs. Thanks in advance
Click to expand...
Click to collapse
The OTA updates are staged rollouts and probably has not made it to you yet.
The JWR66Y factory images have been posted on Google servers HERE
Nexus 4 "occam" - https://developers.google.com/android/nexus/images#occam
Alternatively, you could download and install the OTA update manually from HERE
HTH,
-JR-
---------- Post added at 05:17 AM ---------- Previous post was at 04:31 AM ----------
hgmichna said:
If StickMount really has to modify system files, which I doubt, it should at least warn users about breaking OTA updates and provide a clean uninstall function. On my phone StickMount still works after I have replaced debuggerd with the original. Surprise, surprise, modifying the file seems to be quite unnecessary
Click to expand...
Click to collapse
To the contrary, it does modify debuggerd in order to use its daemon behavior (START | STOP) and access rights for the proper mount options to provide global access to the USB drive.
Here's the full root log captured by SuperSU:
Code:
stop debuggerd
mount -o rw,remount /system /system
cat /system/bin/debuggerd > /system/bin/debuggerd.backup
echo "#!/system/bin/sh" > /system/bin/debuggerd
echo "mkdir /data/media/0/usbStorage" >> /system/bin/debuggerd
echo "chown root.sdcard_rw /data/media/0/usbStorage" >> /system/bin/debuggerd
echo "chmod 775 /data/media/0/usbStorage" >> /system/bin/debuggerd
echo "mkdir /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "chown root.sdcard_rw /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "chmod 775 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "toolbox mount -t vfat -o rw,nosuid,nodev,umask=0,dmask=0,fmask=0,utf8 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "toolbox mount -t vfat -o rw,nosuid,nodev,umask=0,dmask=0,fmask=0,iocharset=utf8 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "toolbox mount -t vfat -o rw,nosuid,nodev,umask=0,dmask=0,fmask=0 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "toolbox mount -t ext4 -o rw,nosuid,nodev,umask=0,dmask=0,fmask=0,utf8 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "toolbox mount -t ext4 -o rw,nosuid,nodev,umask=0,dmask=0,fmask=0,iocharset=utf8 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "toolbox mount -t ext4 -o rw,nosuid,nodev,umask=0,dmask=0,fmask=0 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "toolbox mount -t ext3 -o rw,nosuid,nodev,umask=0,dmask=0,fmask=0,utf8 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "toolbox mount -t ext3 -o rw,nosuid,nodev,umask=0,dmask=0,fmask=0,iocharset=utf8 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "toolbox mount -t ext3 -o rw,nosuid,nodev,umask=0,dmask=0,fmask=0 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "toolbox mount -t ext2 -o rw,nosuid,nodev,umask=0,dmask=0,fmask=0,utf8 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "toolbox mount -t ext2 -o rw,nosuid,nodev,umask=0,dmask=0,fmask=0,iocharset=utf8 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "toolbox mount -t ext2 -o rw,nosuid,nodev,umask=0,dmask=0,fmask=0 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "insmod ntfs.ko" >> /system/bin/debuggerd
echo "insmod fuse.ko" >> /system/bin/debuggerd
echo "/data/data/eu.chainfire.stickmount/ntfs-3g -o umask=0,utf8 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "/data/data/eu.chainfire.stickmount/ntfs-3g -o umask=0,iocharset=utf8 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "/data/data/eu.chainfire.stickmount/ntfs-3g -o umask=0 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "ntfs-3g -o umask=0,utf8 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "ntfs-3g -o umask=0,iocharset=utf8 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "ntfs-3g -o umask=0 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "toolbox mount -t ntfs -o rw,nosuid,nodev,umask=0,dmask=0,fmask=0,utf8 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "toolbox mount -t ntfs -o rw,nosuid,nodev,umask=0,dmask=0,fmask=0,iocharset=utf8 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "toolbox mount -t ntfs -o rw,nosuid,nodev,umask=0,dmask=0,fmask=0 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "toolbox mount -t exfat -o rw,nosuid,nodev,umask=0,dmask=0,fmask=0,utf8 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "toolbox mount -t exfat -o rw,nosuid,nodev,umask=0,dmask=0,fmask=0,iocharset=utf8 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "toolbox mount -t exfat -o rw,nosuid,nodev,umask=0,dmask=0,fmask=0 /dev/block/sda1 /da Ôta/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "/data/data/eu.chainfire.stickmount/mount.exfat-fuse -o rw,nosuid,nodev,umask=0,dmask=0,fmask=0,utf8 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "/data/data/eu.chainfire.stickmount/mount.exfat-fuse -o rw,nosuid,nodev,umask=0,dmask=0,fmask=0,iocharset=utf8 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "/data/data/eu.chainfire.stickmount/mount.exfat-fuse -o rw,nosuid,nodev,umask=0,dmask=0,fmask=0 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "mount.exfat-fuse -o rw,nosuid,nodev,umask=0,dmask=0,fmask=0,utf8 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "mount.exfat-fuse -o rw,nosuid,nodev,umask=0,dmask=0,fmask=0,iocharset=utf8 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "mount.exfat-fuse -o rw,nosuid,nodev,umask=0,dmask=0,fmask=0 /dev/block/sda1 /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "echo 1 > /data/data/eu.chainfire.stickmount/ready" >> /system/bin/debuggerd
chown root.shell /system/bin/debuggerd
chmod 755 /system/bin/debuggerd
mount -o ro,remount /system /system
start debuggerd
exit
As you can see debuggerd is backed up to debuggerd.backup and the first 'echo' command clears debuggerd and writes the one-liner shebang.
The following 'echo' commands are appended, the script is given owner/perms, the 'system' is mounted RO and 'start debuggerd' executes the script.
Then file is then returned to it's initial state from the .backup
Code:
stop debuggerd
mount -o rw,remount /system /system
cat /system/bin/debuggerd.backup > /system/bin/debuggerd
chown root.shell /system/bin/debuggerd
chmod 755 /system/bin/debuggerd
mount -o ro,remount /system /system
start debuggerd
exit
The above is the 'mounting' process; it goes through a similar process for unmounting.
Unmount and cleanup:
Code:
stop debuggerd
mount -o rw,remount /system /system
echo "#!/system/bin/sh" > /system/bin/debuggerd
echo "toolbox umount /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "toolbox rmdir /data/media/0/usbStorage/sda1" >> /system/bin/debuggerd
echo "toolbox rmdir /data/media/0/usbStorage" >> /system/bin/debuggerd
echo "echo 1 > /data/data/eu.chainfire.stickmount/ready" >> /system/bin/debuggerd
chown root.shell /system/bin/debuggerd
chmod 755 /system/bin/debuggerd
mount -o ro,remount /system /system
start debuggerd
exit
Return to initial state:
Code:
stop debuggerd
mount -o rw,remount /system /system
cat /system/bin/debuggerd.backup > /system/bin/debuggerd
chown root.shell /system/bin/debuggerd
chmod 755 /system/bin/debuggerd
mount -o ro,remount /system /system
start debuggerd
exit
-JR-
jazzruby said:
To the contrary, it does modify debuggerd in order to use its daemon behavior (START | STOP) and access rights for the proper mount options to provide global access to the USB drive.
…
As you can see debuggerd is backed up to debuggerd.backup and the first 'echo' command clears debuggerd and writes the one-liner shebang.
The following 'echo' commands are appended, the script is given owner/perms, the 'system' is mounted RO and 'start debuggerd' executes the script.
Then file is then returned to it's initial state from the .backup
Click to expand...
Click to collapse
Thanks for the info! I had not looked into these details. This indeed looks much better than what I had thought.
It did not work for me though. The wrong debuggerd had blocked my 4.2.2 to 4.3 OTA update. And I have seen more than one other complaint about debuggerd blocking OTA updates, so the suspicion lingers that the restoration procedure is unreliable. We will probably not be able to get to the bottom here and now, so we will have to let the matter rest until somebody comes forward with a fresh case and analysis.
adeelhayat90 said:
This is the first time ever I'm posting something. I own a Nexus 4 and I live in Pakistan. Actually I bought this phone from a local shop which offered used handsets and this nexus 4 was bought in UK and somehow had reached here in Pakistan. Now when I reset the phone first to input my details and it restarted I got to know that it had cyanogen mod installed also doing a factory reset deleted its chrome and play apps as well. It was rooted running android 4.3 build JWR66V. I don't know but I wanted a normal nexus 4 running everything stock. I wanted to get the OTAs so I followed this thread to unroot it:
http://forum.xda-developers.com/showthread.php?t=2010312
and installed the stock android 4.3 build JWR66V factory image with stock recovery and everything else.
Just left the bootloader unlocked.
But now the OTA build JWR66Y is available but every time I check it says my phone is up to date. Please help how will I be able to receive OTAs. Thanks in advance
Click to expand...
Click to collapse
Android phones download OTA updates in the background and offer the update only after the OTA file has been downloaded completely.
Do you have a fast Internet connection? I have no idea what strategy the phone uses to download OTA files. It could be that the phone first waits for a Wi-Fi connection and attempts to use mobile phone Internet only after it did not find any Wi-Fi connection for a while. Even then it could be that it prefers HSDPA connections over EDGE or GPRS. It could be that multiple download attempts over slow connections lead to file corruption, if that system is poorly designed. But this is all speculation. I don't know how reliable the download mechanism is, and I don't know what download strategy Android follows.
I also have a case here where a phone runs stock 4.2.1 unrooted (came from Samsung repair that way a week ago) and is still waiting for three OTA updates that should be pending. If anybody here knows more about the OTA update strategy and its reliability or lack thereof, please don't let us die unknowing.
Yes I have a fast Internet connection wifi 2mbps. Fast enough for me atleast. And also that update has only 1.8mb. I remember updating my brother's samsung s4 313mb on the same wifi network.
Sent from my Nexus 4 using Tapatalk 4

[Q][Info][Tab3] System Dump / Kitchen

I'm trying to pull a system dump to make a Back it in kitchen for the Tab3 10.1
I did a ton of reading on this device, since there is not much developing with it
I pulled a Firmware/ system dump from My Samsung Galaxy Tab 3 10.1
GT-P5210 JDQ39.P5210UEUAMK1
It's rooted with recovery only
After pulling the dump I was able to load it up into kitchen
I loaded up the following three files:
boot.img, cache.img, and system.img
fired up the kitchen Set up working folder as usual
extracted it (no errors)
Added root permissions
Added Busybox
Added /etc/init.d script support
De-odex
zipalign all the APK's
updated the mounting point in the updater-script
Code:
unmount("/system");
format("ext4", "EMMC", "/dev/block/mmcblk0p8", "0");
mount("ext4", "EMMC", "/dev/block/mmcblk0p8", "/system");
-------------------------------------------------------------------------------------
I flashed it in recovery (seemed to have flashed) But when it reboots it just sits @ the boot screen.
Now I'm trying to figure out where i went wrong.
does below look correct?
are the commands i used correct?
Mounting points seem correct ?
I'm 99% sure the mounting points are correct..
I'm 50% sure I used the correct commands to create the sys dump etc
I'm not sure why the recovery img and boot img are the same exact size
(is it normal for the boot.img and the recovery.img to be the same exact size?)
I baked it in kitchen. with out any errors
here are the mounting points I used
1 '/efs' 'ext4' '/dev/block/mmcblk0p2'
2 '/config' 'ext4' '/dev/block/mmcblk0p3'
3 '/cache' 'ext4' '/dev/block/mmcblk0p6'
4 '/system' 'ext4' '/dev/block/mmcblk0p8'
5 '/data' 'ext4' '/dev/block/mmcblk0p9'
6 '/recovery' 'emmc' '/dev/block/mmcblk0p11'
7 '/modem' 'emmc' '/dev/block/mmcblk0p12'
8 '/preload' 'ext4' '/dev/block/mmcblk0p13'
9 '/boot' 'emmc' '/dev/block/mmcblk0p10'
10 '/sdcard' 'vfat' '/dev/block/mmcblk1p1'
I used these commands in terminal
Code:
dd if=/dev/block/mmcblk0p8 of=/mnt/extSdCard/backup/mmcblk0p8_system.img bs=4096
Code:
dd if=/dev/block/mmcblk0p10 of=/mnt/extSdCard/backup/mmcblk0p10_boot.img bs=4096
Code:
dd if=/dev/block/mmcblk0p6 of=/mnt/extSdCard/backup/mmcblk0p6_cache.img bs=4096
Code:
dd if=/dev/block/mmcblk0p12 of=/mnt/extSdCard/backup/mmcblk0p12_modem.img bs=4096
Code:
dd if=/dev/block/mmcblk0p11 of=/mnt/extSdCard/backup/mmcblk0p11_recovery.img bs=4096
So nowI ended up with
[*] mmcblk0p6_cache.img 350M
[*] mcblk0p8_system.img 2.3G
[*] mmcblk0p10_boot.img 20M
[*] mmcblk0p11_recovery.img 20M
[*] mmcblk0p12_modem.img 4.0M
etc
Any Help would be greatly appreciated

[Q] Set_Perm failed on SU Binary.

I've been having a little problem for which I couldn't fix with 2 hours of work on Atomic GB 7.1 B2 recently.
I keep getting Status 7 error (Set_perm failed, no such file or directory) on the SU binaries when they are clearly there.
I've tried the following.
- Rewriting the entire updater-script
- Changing my SU binary in system/bin
- Adding my binary to /xbin instead and symlinking the other way
- Having both copies of the binary (without symlinking of course) in /bin and /xbin, both give this error.
- Using different SU apps and binaries.
- Even using existing updater-scripts and simple ones.
Script: (Where it gives Status 7)
Code:
set_perm_recursive(0, 2000, 0755, 0755, "/system/xbin");
set_perm(0, 0, 06755, "/system/bin/su");
symlink("/system/bin/su", "/system/xbin/su");
Log:
Code:
minzip: Extracted file "/system/xbin/busybox"
minzip: Extracted file "/system/xbin/daemonsu"
minzip: Extracted file "/system/xbin/dexdump"
minzip: Extracted file "/system/xbin/entro"
minzip: Extracted file "/system/xbin/openvpn"
minzip: Extracted file "/system/xbin/rngd"
minzip: Extracted file "/system/xbin/sqlite3"
minzip: Extracted file "/system/xbin/su"
minzip: Extracted file "/system/xbin/zipalign"
about to run program [/tmp/installbusybox] with 1 args
set_perm: chown of /system/xbin/su to 0 0 failed: No such file or directory
set_perm: chmod of /system/xbin/su to 6755 failed: No such file or directory
script aborted: set_perm: some changes failed
set_perm: some changes failed
E:Error in /sdcard/Extracted/ATGB r3.zip
Edit : I might just aswell release without SU and provide it as another zip for now.
Edit 2 : I fixed it. Turns out the problem was caused somehow by my update-binary.
Request thread lock.

Help with unpacking system apps

Hello everybody .. Hiw i can unpack lollipop system.dat file??
@Skin1980
@S3V3N
Akhayev said:
@Skin1980
Click to expand...
Click to collapse
system.dat? Explain better pls
Skin1980 said:
system.dat? Explain better pls
Click to expand...
Click to collapse
I am sorry .. I downloaded cm12 that based on lollipop and when i opened the rom theres a file named system.new.dat and all the apps inside this file and i wants to port some apps from this file but i cant open it cos its .dat file
Akhayev said:
I am sorry .. I downloaded cm12 that based on lollipop and when i opened the rom theres a file named system.new.dat and all the apps inside this file and i wants to port some apps from this file but i cant open it cos its .dat file
Click to expand...
Click to collapse
try to mount it
Skin1980 said:
try to mount it
Click to expand...
Click to collapse
7zip cannot extract a system.new.dat file and DAEMON tools cannot mount it. I'm hoping ROM devs release their ROMs with the standard format but if they don't, I'm sure someone from the community will easily find a way to extract them.
CM12 system.new.dat apps
Hi,
I had downloaded CM12 just now. There are no apks but only 1-img and 1-dat files in which "system.new.dat" file contains the stuff. Please provide a way to extract apks from system.new.dat file.
Unpack
Anyone figure how to do this?
I would like to know this as well.
I don't know for stock, I'm searching how to do it, but for cm12, you can compile from source directly, there is a thread in development section.
I'm stuck too.
Habaddon said:
I don't know for stock, I'm searching how to do it, but for cm12, you can compile from source directly, there is a thread in development section.
Click to expand...
Click to collapse
This is a chicken and egg problem for me. I want to build a ROM but first want to extract the device firmware for my ROM. (I don't have access to the Nexus 4 phone to install a ROM on and then extract the firmware.)
I've been Googling for a solution without luck.
Followed a clue. I uncommented a debug print statement in simg2img. No luck.
Code:
$ file system.new.dat
system.new.dat: Linux rev 1.0 ext4 filesystem data, UUID=57f8f4bc-abf4-655f-bf67-946fc0f9f25b (extents) (large files)
$ simg2img.py system.new.dat system.new.raw
424620032
'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
Not a compressed ext4 file!!
Any ideas?
Yeah, I tried that too, it doesn't work. I ask a dev, in fact, it is simple. All you need to do is mount the img.
mkdir system
sudo mount system.img system
Click to expand...
Click to collapse
Still stuck
Habaddon said:
Yeah, I tried that too, it doesn't work. I ask a dev, in fact, it is simple. All you need to do is mount the img.
Click to expand...
Click to collapse
I'm still confused.
I suspect that the system.new.dat is not a simple image file and is most probably signed in some way. I don't know why the file command says that it is an ext4 filesystem while simg2img.py, with the debug statement which prints the first bytes uncommented, prints only nulls.
BTW, I asked my relative who owns the device to try flashing this ROM and it didn't work because of a known problem whereby rooting was lost. He will try a new ROM.
Plan B will be to pull the firmware via adb but I'm certainly curious about the new Lollipop way of packaging the ROM.
Code:
$ ls -l cm-12-20141123-UNOFFICIAL-mako.zip
-rw-r--r-- 1 zippy zippy 238444354 Dec 6 08:20 cm-12-20141123-UNOFFICIAL-mako.zip
$ unzip cm-12-20141123-UNOFFICIAL-mako.zip
Archive: cm-12-20141123-UNOFFICIAL-mako.zip
signed by SignApk
extracting: system.patch.dat
inflating: META-INF/com/android/metadata
inflating: META-INF/com/google/android/update-binary
inflating: META-INF/com/google/android/updater-script
inflating: META-INF/org/cyanogenmod/releasekey
inflating: boot.img
inflating: file_contexts
inflating: [COLOR="Red"]system.new.dat[/COLOR]
inflating: system.transfer.list
inflating: system/bin/backuptool.functions
inflating: system/bin/backuptool.sh
inflating: system/bin/otasigcheck.sh
inflating: META-INF/com/android/otacert
inflating: META-INF/MANIFEST.MF
inflating: META-INF/CERT.SF
inflating: META-INF/CERT.RSA
$ ls -l system.new.dat
-rw-rw-r-- 1 zippy zippy 424620032 Feb 29 2008 system.new.dat
$ file system.new.dat
system.new.dat: Linux rev 1.0 ext4 filesystem data, UUID=57f8f4bc-abf4-655f-bf67-946fc0f9f25b (extents) (large files)
$ rm -rf # remove the extracted system directory from above
$ mkdir system
$ sudo mount system.new.dat system
[sudo] password for zippy:
mount: wrong fs type, bad option, bad superblock on /dev/loop0,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so.
$ dmesg | tail -2
[89035.798766] loop: module loaded
[89035.906824] EXT4-fs (loop0): bad geometry: block count 215040 exceeds size of device (103667 blocks)
I wonder why nobody put up a way to modify this?
I kept looking for the solution from the day lollipop releases, but without any success.
:crying:
Investigating ...
I know more now.
Below is the update-script which calls functions in the update-binary. I highlighted the code in question. This is obviously not a simple filesystem in the system.new.dat. I've hacked at it with ext4.fsck and resize2fs with no luck.
Code:
assert(getprop("ro.product.device") == "mako" || getprop("ro.build.product") == "mako" || abort("This package is for device: mako; this device is " + getprop("ro.product.device") + "."););
ifelse(is_mounted("/system"), unmount("/system"));
mount("ext4", "EMMC", "/dev/block/platform/msm_sdcc.1/by-name/system", "/system", "");
package_extract_file("system/bin/backuptool.sh", "/tmp/backuptool.sh");
package_extract_file("system/bin/backuptool.functions", "/tmp/backuptool.functions");
set_metadata("/tmp/backuptool.sh", "uid", 0, "gid", 0, "mode", 0755);
set_metadata("/tmp/backuptool.functions", "uid", 0, "gid", 0, "mode", 0644);
run_program("/tmp/backuptool.sh", "backup");
unmount("/system");
if is_mounted("/data") then
package_extract_file("system/bin/otasigcheck.sh", "/tmp/otasigcheck.sh");
package_extract_file("META-INF/org/cyanogenmod/releasekey", "/tmp/releasekey");
set_metadata("/tmp/otasigcheck.sh", "uid", 0, "gid", 0, "mode", 0755);
run_program("/tmp/otasigcheck.sh") != "31744" || abort("Can't install this package on top of incompatible data. Please try another package or run a factory reset");
else
mount("ext4", "EMMC", "/dev/block/platform/msm_sdcc.1/by-name/userdata", "/data", "");
package_extract_file("system/bin/otasigcheck.sh", "/tmp/otasigcheck.sh");
package_extract_file("META-INF/org/cyanogenmod/releasekey", "/tmp/releasekey");
set_metadata("/tmp/otasigcheck.sh", "uid", 0, "gid", 0, "mode", 0755);
run_program("/tmp/otasigcheck.sh") != "31744" || abort("Can't install this package on top of incompatible data. Please try another package or run a factory reset");
unmount("/data");
endif;
show_progress(0.750000, 0);
[COLOR="red"]block_image_update("/dev/block/platform/msm_sdcc.1/by-name/system", package_extract_file("system.transfer.list"), "system.new.dat", "system.patch.dat");[/COLOR]
mount("ext4", "EMMC", "/dev/block/platform/msm_sdcc.1/by-name/system", "/system", "");
delete("/system/bin/otasigcheck.sh");
unmount("/system");
show_progress(0.020000, 10);
mount("ext4", "EMMC", "/dev/block/platform/msm_sdcc.1/by-name/system", "/system", "");
package_extract_file("system/bin/backuptool.sh", "/tmp/backuptool.sh");
package_extract_file("system/bin/backuptool.functions", "/tmp/backuptool.functions");
set_metadata("/tmp/backuptool.sh", "uid", 0, "gid", 0, "mode", 0755);
set_metadata("/tmp/backuptool.functions", "uid", 0, "gid", 0, "mode", 0644);
run_program("/tmp/backuptool.sh", "restore");
delete("/system/bin/backuptool.sh");
delete("/system/bin/backuptool.functions");
unmount("/system");
show_progress(0.050000, 5);
package_extract_file("boot.img", "/dev/block/platform/msm_sdcc.1/by-name/boot");
show_progress(0.200000, 10);
Next, one can look in the source code and try to figure out what it is doing.
Or maybe the next step is to see if there is a host build (i.e. Ubuntu, Fedora, etc) of the binary-update which can be run from the command line into a file which can be mounted.
I'm sure that there is an easy way but finding it is difficult!
Ext2Explorer, Diskinternals Linux Reader can mount, read and extract those system images. But I m not sure if they are fully compatible because in both of these apps which I tried priv-app and some other folders are shown empty. I don't know if normaly there are files in these folders or not.
I've been struggling with these system.new.dat block images since lollipop came out since I need to convert roms to flash onto F2FS system partitions. I searched high and low for a way to mount that image outside of twrp with no luck. So I just used twrp instead... Luckily I've an extra device at my disposal atm. These are the steps I take:
Clean flash a lollipop rom that has a system.new.dat image in twrp.
Reboot system.
When device finishes booting use hardware power button to power down without messing with the rom itself yet so it stays fresh. (It's ok to confirm power down on touch screen.)
In twrp make a backup of only the system partition.
Boot back to system and use the method you prefer to move the file system.ext4.win from /TWRP/BACKUPS/-ur-device-serial/-ur-backup-date on to your pc and rename it system.tar so you can unpack it. (Of course make sure you have the proper decompression tools, which every OS usually does now.)
Now you have the complete fresh contents of /system as you would in a traditional rom zip. You can now do with that as you please. :silly:
Well googling i found this solution http://forum.xda-developers.com/nexus-7/general/guide-unpack-dat-t2970707 @adomol:
I've been struggling with these system.new.dat block images since lollipop came out. I searched high and low for a way to mount that image outside of twrp with no luck. So I just used twrp instead... These are the steps I take:
1.Clean flash a lollipop rom that has a system.new.dat image in twrp.
2.Reboot system.
3.When device finishes booting use hardware power button to power down without messing with the rom itself yet so it stays fresh. (It's ok to confirm power down on touch screen.)
4.In twrp make a backup of only the system partition.
5.Boot back to system and use the method you prefer to move the file system.ext4.win from:
/TWRP/BACKUPS/-ur-device-serial/-ur-backup-date
to your pc and rename it system.tar so you can unpack it. (Of course make sure you have the proper decompression tools, which every OS usually does now.)
Now you have the complete fresh contents of /system as you would in a traditional rom zip. You can do with that as you please, or just throw it into a rom kitchen.
all credits to @adomol
adomol said:
I've been struggling with these system.new.dat block images since lollipop came out since I need to convert roms to flash onto F2FS system partitions. I searched high and low for a way to mount that image outside of twrp with no luck. So I just used twrp instead... Luckily I've an extra device at my disposal atm. These are the steps I take:
Clean flash a lollipop rom that has a system.new.dat image in twrp.
Reboot system.
When device finishes booting use hardware power button to power down without messing with the rom itself yet so it stays fresh. (It's ok to confirm power down on touch screen.)
In twrp make a backup of only the system partition.
Boot back to system and use the method you prefer to move the file system.ext4.win from /TWRP/BACKUPS/-ur-device-serial/-ur-backup-date on to your pc and rename it system.tar so you can unpack it. (Of course make sure you have the proper decompression tools, which every OS usually does now.)
Now you have the complete fresh contents of /system as you would in a traditional rom zip. You can now do with that as you please. :silly:
Click to expand...
Click to collapse
-droidberg- said:
Well googling i found this solution http://forum.xda-developers.com/nexus-7/general/guide-unpack-dat-t2970707 @adomol:
I've been struggling with these system.new.dat block images since lollipop came out. I searched high and low for a way to mount that image outside of twrp with no luck. So I just used twrp instead... These are the steps I take:
1.Clean flash a lollipop rom that has a system.new.dat image in twrp.
2.Reboot system.
3.When device finishes booting use hardware power button to power down without messing with the rom itself yet so it stays fresh. (It's ok to confirm power down on touch screen.)
4.In twrp make a backup of only the system partition.
5.Boot back to system and use the method you prefer to move the file system.ext4.win from:
/TWRP/BACKUPS/-ur-device-serial/-ur-backup-date
to your pc and rename it system.tar so you can unpack it. (Of course make sure you have the proper decompression tools, which every OS usually does now.)
Now you have the complete fresh contents of /system as you would in a traditional rom zip. You can do with that as you please, or just throw it into a rom kitchen.
all credits to @adomol
Click to expand...
Click to collapse
But this won't work when trying to port because you need to swap kernel's (for going between same-device, different-carrier)

Categories

Resources