At this point, I do NOT know of a means to install the modified SPLASH2 images. Please read, and if you can offer any insight, feel free. I do not have a device and am limited to a level that I depend on those with knowledge and a device to progress to much further.Download the zip at the bottom of this post.
Extract it to a new folder.
Drag the "bootloader-angler-angler-02.01.img" on to the "Nexus6P-Injector-v1.1.bat" file.
I future proof things that I make, so WHEN a new bootloader comes out, use that one and not the one currently provided.The splash2 image binary will be extracted from the bootloader.img or from any file that has the exact characteristics of this encoding.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
The program will automatically open a folder containing an 'Images' folder, containing all of the images extracted. It will also contain the cut out splash.bin, and a batch file that will rebuild every image in the 'Images' folder. Please try all of this before asking any questions. It is pretty self explanatory. You don't even have to have your phone hooked up. Play with it.
Click below if you want to see what this new folder will look like...
Edit or replace any of the png's that you want to in the 'Images' folder.
Click on the "Rebuild Images Folder.bat" file whenever you are done or happy.
Whenever you run this batch file, every image in the 'Images' folder is encoded into the Modified-SPLASH.bin. You can run the batch file, then change more of the images, it does not matter. Everytime you run this batch file, it simply overwrites and encodes every image in the 'Images' folder into the "Modified-SPLASH.bin". Pretty simple?When you encode a image or however many you change, you get a screen like this:
The green just means that the image in the folder has changed and has been injected into the modified bin file. If you change the resolution, it will be red. However, it will still be encoded by the program. It is just a warning, because I have no means to test, and you must rely on the forums to see what daredevils do in surprisingly fruitful trials.
Everything is pretty much self explanatory as mentioned above. I've figured out the encodings and decodings once again, does anyone else actually work on this stuff? There is no menu or cursor, because it is simple. You drag any file onto the batch file. It can be your family picture, a system image, or a already completed modified bin. If there is nothing in the file, you will be told. The program leaves whatever file you drag on it alone, it is scanned for a SPLASH2!! header, and cuts out (copies) the necessary splash.bin.
Nexus6Pcodec.c
Code:
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <fcntl.h>
#include <windows.h>
#include "zlib.h"
#include "lodepng.h"
#include "Nexus6Pcodec.h"
uint8_t *FindSplashFile(FILE *input, uint64_t *start, uint64_t *end){
uint32_t numberOfImages = 0, lastOffset = 0, lastSize = 0;
int readByte;
uint8_t pos = 0;
uint8_t *data = NULL;
fseek(input, 0, SEEK_SET);
while ((readByte = fgetc(input)) != EOF){
if (readByte == splashHeader[pos]){
if (pos == 31){
*start = (ftell(input) - 32);
fseek(input, *start + 36, SEEK_SET);
if(fread(&numberOfImages, 1, 4, input) != 4){
fprintf(stderr, "ERROR: Reading Input File (no. of images).\n");
fclose(input);
exit(EXIT_FAILURE);
}
fseek(input, *start + 40 + ((numberOfImages - 1) * 52) + 44, SEEK_SET );
if(fread(&lastOffset, 1 , 4, input) != 4){
fprintf(stderr, "ERROR: Reading Input File (last offset).\n");
fclose(input);
exit(EXIT_FAILURE);
}
if(fread(&lastSize, 1, 4, input) != 4){
fprintf(stderr, "ERROR: Reading Input File (last size).\n");
fclose(input);
exit(EXIT_FAILURE);
}
*end = *start + (uint64_t)lastOffset + (uint64_t)lastSize;
fseek(input, *start, SEEK_SET);
data = (uint8_t*)malloc(*end - *start);
if(data == NULL){
fprintf(stderr, "ERROR: Allocating Memory (data)\n");
fclose(input);
exit(EXIT_FAILURE);
}
if(fread(data, 1, *end - *start, input) != *end - *start){
fprintf(stderr, "ERROR: Reading Input File (data).\n");
fclose(input);
exit(EXIT_FAILURE);
}
return data;
} else {
pos++;
continue;
}
}
pos = 0;
}
return 0;
}
uint32_t GetSize(FILE *fp){
uint32_t i = 0, cur = ftell(fp);
fseek(fp, 0, SEEK_END);
i = ftell(fp);
fseek(fp, cur, SEEK_SET);
return i;
}
void DrawHead(void){
HANDLE hConsole = GetStdHandle(STD_OUTPUT_HANDLE);
uint8_t i = 0;
SetConsoleTextAttribute(hConsole, TOPCOLOR);
printf("%c", 218);
for(i = 0; i < 79; i++){
printf("%c", 196);
}
printf("-_-%c%c\n", 196, 191);
printf("%c ", 179);
SetConsoleTextAttribute(hConsole, BLUE);
printf("N");
SetConsoleTextAttribute(hConsole, RED);
printf("E");
SetConsoleTextAttribute(hConsole, YELLOW);
printf("X");
SetConsoleTextAttribute(hConsole, BLUE);
printf("U");
SetConsoleTextAttribute(hConsole, GREEN);
printf("S");
SetConsoleTextAttribute(hConsole, RED);
printf(" 6");
SetConsoleTextAttribute(hConsole, YELLOW);
printf("P");
SetConsoleTextAttribute(hConsole, TOPTEXTCOLOR);
printf(" Image Injector v%s %c\n", version, 179);
printf("%c Written By:", 179);
SetConsoleTextAttribute(hConsole, GREEN);
printf("makers_mark");
SetConsoleTextAttribute(hConsole, TOPTEXTCOLOR);
printf("@xda ");
SetConsoleTextAttribute(hConsole, TOPCOLOR);
printf("%c\n", 179);
printf("%c", 192);
for(i = 0; i < 83; i++){
printf("%c", 196);
}
printf("%c\n", 217);
SetConsoleTextAttribute(hConsole, COLOR);
return;
}
int decode(FILE *originalBin, const uint8_t *path, HANDLE hConsole){
uint32_t i, numberOfImages = 0;
uint64_t cur;
int color;
uint32_t k = 0;
uint8_t pngName[512] = {0};
FILE *txt = NULL;
uint8_t command[512] = {0};
uint8_t exeFile[512] = {0};
fseek(originalBin, 36, SEEK_SET);
if((fread(&numberOfImages, 1, 4, originalBin)) != 4){
fprintf(stderr, "ERROR: Reading The Number Of Images.\n");
fclose(originalBin);
return 0;
}
pHeader headers[numberOfImages];
sprintf((char*)command, "%s\\Rebuild Images Folder.bat", path);
if ((txt = fopen((const char*)command, "w")) == NULL){
fclose(txt);
fclose(originalBin);
fprintf(stderr, "\n%s could not be opened.\n", command);
return 0;
}
printf(" Image Name W x H Offset Size Decoded Size \n");
UNDERSCORE;
color = INVERSE(COLOR);
uint8_t four = 0;
for( i = 0; i < numberOfImages; i++, four++, k = 0 ){
if (four == PATTERN){
color = INVERSE(color);
four = 0;
}
SetConsoleTextAttribute(hConsole, color);
if((fread(&headers[i].name, 1, 32, originalBin) != 32) ||
(fread(&headers[i].width, 1, 4, originalBin) != 4 ) ||
(fread(&headers[i].height, 1, 4, originalBin) != 4 ) ||
(fread(&headers[i].bpp, 1, 4, originalBin) != 4 ) ||
(fread(&headers[i].offset, 1, 4, originalBin) != 4 ) ||
(fread(&headers[i].size, 1, 4, originalBin) != 4 )){
fprintf(stderr, "ERROR: Reading Header Data.\n");
fclose(originalBin);
return 0;
}
if(headers[i].bpp != 24){
fprintf(stderr, "\n32 bpp isn't supported yet. When they acutally use it, I will include it.\n");
fclose(originalBin);
return 0;
}
headers[i].decodedSize = headers[i].width * headers[i].height * 3;
cur = ftell(originalBin);
fseek(originalBin, headers[i].offset + 10, SEEK_SET);
uint8_t j = 0;
while((headers[i].gzName[j++] = fgetc(originalBin)) != '\0'){};
fseek(originalBin, headers[i].offset, SEEK_SET);
sprintf((char*)pngName, "%s\\%s\\%s.png", path, IMAGES_DIR, headers[i].name);
printf("Decoding %s..", headers[i].name);
uint8_t buffer[headers[i].size];
uint8_t *rawBGRimage;
rawBGRimage = (uint8_t*)malloc((uint32_t)headers[i].decodedSize);
if(rawBGRimage == NULL){
fprintf(stderr, "ERROR: Allocating Memory (raw bgr image)\n");
fclose(originalBin);
return 0;
}
if(fread(&buffer, 1, sizeof(buffer), originalBin) != headers[i].size){
fprintf(stderr, "ERROR: Reading Encoded File.\n");
fclose(originalBin);
return 0;
}
dec(buffer, rawBGRimage, (uint32_t)headers[i].size, (uint32_t)headers[i].decodedSize);
uint8_t old = 0;
while( k < headers[i].decodedSize ){
old = rawBGRimage[k];
rawBGRimage[k] = rawBGRimage[k + 2];
rawBGRimage[k + 2] = old;
k += 3;
}
headers[i].crc32 = crc32(0L, Z_NULL, 0);
headers[i].crc32 = crc32(headers[i].crc32, rawBGRimage, headers[i].decodedSize);
printf("Writing PNG..");
lodepng_encode24_file((char*)pngName, rawBGRimage, (unsigned)headers[i].width, (unsigned)headers[i].height);
printf("\r %2d.%-32s %4d x %-4d %10d %10d %12d \n", i + 1, headers[i].name, headers[i].width, headers[i].height, headers[i].offset, headers[i].size, headers[i].decodedSize);
free(rawBGRimage);
fseek(originalBin, cur, SEEK_SET);
fprintf(txt, ":: %s %d %d %d %d %d %d %d %d %ld %s %s\n", headers[i].name, headers[i].width, headers[i].height, headers[i].offset, headers[i].size, headers[i].crc32, headers[i].bpp, headers[i].decodedSize, gzNewHeaderp.os, gzNewHeaderp.time, headers[i].gzName, pngName);
}
fclose(originalBin);
GetModuleFileName(NULL, (LPSTR)exeFile, 512);
fprintf(txt, "\[email protected] con cols=86 lines=%d&echo off\ntitle Nexus6P Image Injector v%s\n\"%s\" -n %d -b \"\%%~dpnx0\" && 2>nul del \"%%~dp0\\%s\"\npause>nul\n", numberOfImages + 20, version, exeFile, numberOfImages, MODIFIEDBIN);
fclose(txt);
SetConsoleTextAttribute(hConsole, COLOR);
UNDERSCORE;
SetConsoleTextAttribute(hConsole, __INFO_);
printf("%s", path);
FinishLineSpaces((uint8_t)strlen((const char*)path));
BLANKLINE;
printf("This folder above contains an 'Images' folder.(The parent folder should of opened on \n");
printf("your screen). Inside of the 'Images' folder is all of the PNG's that were extracted \n");
printf("from your original file. Change/replace any images you want, but do not change the \n");
printf("name, or the location of the PNG's. Run the 'Rebuild Images Folder.bat' file when you\n");
printf("are finished editing the images and ready to make a new Splash.bin. \n");
BLANKLINE;
printf("You can rebuild the folder as many times as you want. \n");
printf("The output file, %s, is just rewritten/overwritten each time with", MODIFIEDBIN);
FinishLineSpaces(strlen((const char*)MODIFIEDBIN) + 63);
printf("what is currently in the 'Images' folder. \n");
SetConsoleTextAttribute(hConsole, COLOR);
return 1;
}
pHeader *ReadID(FILE *bat, uint8_t numberOfImages){
pHeader *new;
new = malloc(numberOfImages * 618);
if(new == NULL){
return(NULL);
}
memset(new, 0, numberOfImages * 618);
uint8_t i = 0;
while(fscanf(bat, "%*s %s %ld %ld %ld %ld %ld %ld %ld %ld %ld %s %[^\n]",
new[i].name, (long int*)&new[i].width, (long int*)&new[i].height, (long int*)&new[i].offset,
(long int*)&new[i].size, (long int*)&new[i].crc32, (long int*)&new[i].bpp, (long int*)&new[i].decodedSize,
(long int*)&new[i].os, (long int*)&new[i].time, new[i].gzName, new[i].pathToPNG) == 12){i++;}
return new;
}
uint32_t GetWidth(FILE *pngFile){
uint32_t width;
fseek(pngFile, 16, SEEK_SET);
if(fread(&width, 1, 4, pngFile) != 4){
fprintf(stderr, "\nERROR: Reading PNG Width\n");
return 0;
}
return(SWAP32(width));
}
uint32_t GetHeight(FILE *pngFile){
uint32_t height;
fseek(pngFile, 20, SEEK_SET);
if(fread(&height, 1, 4, pngFile) != 4){
fprintf(stderr, "\nERROR: Reading PNG Height\n");
return 0;
}
return(SWAP32(height));
}
int BuildImages(uint8_t *build, uint8_t numberOfImages, uint8_t brute, HANDLE hConsole){
uint32_t i = 0;
int color;
uint8_t resolutionChanges = 0;
FILE *bat = NULL;
if ((bat = fopen((const char*)build, "r")) == NULL){
fprintf(stderr, "ERROR: Opening Batch File\n");
return 0;
}
pHeader *old = ReadID(bat, numberOfImages);
fclose(bat);
if(old == NULL){
fprintf(stderr, "ERROR: Allocating Memeory (headers).\n");
return 0;
}
uint8_t oldPixel = 0, four = 0;
uint32_t k = 0;
FILE *modifiedBin = NULL;
FILE *originalBin = NULL;
uint8_t *headerTemplate;
uint32_t headerSize;
if ((modifiedBin = fopen((const char*)MODIFIEDBIN, "wb")) == NULL){
fprintf(stderr, "ERROR: Failed To Open File\n%s\n", MODIFIEDBIN);
return 0;
}
if ((originalBin = fopen((const char*)ORIGINALBIN, "rb")) == NULL){
fprintf(stderr, "ERROR: Failed To Open File\n%s\n", ORIGINALBIN);
fclose(modifiedBin);
return 0;
}
uint32_t modifiedSize = 0, originalSize = GetSize(originalBin);
headerSize = old[0].offset;
headerTemplate = (uint8_t*)malloc(headerSize);
if(headerTemplate == NULL){
fclose(originalBin);
fclose(modifiedBin);
unlink(MODIFIEDBIN);
fprintf(stderr, "\nERROR: Allocating Memory (header temp).\n");
return 0;
}
memset(headerTemplate, 0, headerSize);
if((fread(headerTemplate, 1, headerSize, originalBin)) != headerSize){
fclose(originalBin);
fclose(modifiedBin);
unlink(MODIFIEDBIN);
fprintf(stderr, "\nERROR: Reading File (original bin).\n");
return 0;
}
if((fwrite(headerTemplate, 1, headerSize, modifiedBin)) != headerSize){
fclose(originalBin);
fclose(modifiedBin);
unlink(MODIFIEDBIN);
fprintf(stderr, "\nERROR: Writing File (header temp).\n");
return 0;
}
printf(" Image Name W x H Offset Size Decoded Size \n");
UNDERSCORE;
color = INVERSE(COLOR);
for( i = 0 ; i < numberOfImages; k = 0, i++, four++){
printf("Decoding PNG..");
uint32_t width = 0, height = 0, crcrc = 0, offset = 0;
uint8_t *decodedPNG;
FILE *pngFile = NULL;
if ((pngFile = fopen((const char*)old[i].pathToPNG, "rb")) == NULL){
fprintf(stderr, "ERROR: Opening Png File\n%s\n", old[i].pathToPNG);
fclose(modifiedBin);
fclose(originalBin);
unlink(MODIFIEDBIN);
return 0;
}
width = GetWidth(pngFile);
height = GetHeight(pngFile);
if((width < 1) || (height <1)){
fclose(modifiedBin);
fclose(originalBin);
unlink(MODIFIEDBIN);
fclose(pngFile);
return 0;
}
const uint32_t rawBytes = width * height * 3;
if (four == PATTERN){
color = INVERSE(color);
four = 0;
}
SetConsoleTextAttribute(hConsole, color);
decodedPNG = (uint8_t*)malloc(rawBytes);
if(decodedPNG == NULL){
fclose(originalBin);
fclose(modifiedBin);
unlink(MODIFIEDBIN);
fprintf(stderr, "\nERROR: Allocating Memory (decoded png).\n");
return 0;
}
lodepng_decode24_file(&decodedPNG, (uint32_t*)&width, (uint32_t*)&height , (const char*)old[i].pathToPNG);
fclose(pngFile);
crcrc = crc32(0L, Z_NULL, 0);
crcrc = crc32(crcrc, decodedPNG, rawBytes);
printf("Swapping Color Order..");
while( k < rawBytes ){
oldPixel = decodedPNG[k];
decodedPNG[k] = decodedPNG[k + 2];
decodedPNG[k + 2] = oldPixel;
k += 3;
}
offset = ftell(modifiedBin);
memcpy(&headerTemplate[40 + (i * 52) + 44], &offset, 4);
if((crcrc == old[i].crc32) && (!brute)){
free(decodedPNG);
printf("Image Unchanged, Copying Data..");
fseek(originalBin, old[i].offset, SEEK_SET);
uint8_t *buff = (uint8_t*)malloc(old[i].size);
if(buff == NULL){
fclose(originalBin);
fclose(modifiedBin);
unlink(MODIFIEDBIN);
fprintf(stderr, "\nERROR: Allocating Memory (copy original buffer).\n");
return 0;
}
if((fread(buff, 1, old[i].size, originalBin)) != old[i].size){
fclose(originalBin);
fclose(modifiedBin);
unlink(MODIFIEDBIN);
fprintf(stderr, "\nERROR: Reading File (copy original buffer).\n");
return 0;
}
if((fwrite(buff, 1, old[i].size, modifiedBin)) != old[i].size){
fclose(originalBin);
fclose(modifiedBin);
unlink(MODIFIEDBIN);
fprintf(stderr, "\nERROR: Writing File (copy original buffer).\n");
return 0;
}
free(buff);
printf("\r %2d.%-32s %4d x %-4d %10d %10d %12d \n", i + 1, old[i].name, width, height, offset, old[i].size, old[i].decodedSize);
} else {
uint32_t compressedSize = 0;
printf("Encoding Image..");
uint8_t *buff = (uint8_t*)malloc((rawBytes * 1.1) + 12);
if(buff == NULL){
fclose(originalBin);
fclose(modifiedBin);
unlink(MODIFIEDBIN);
fprintf(stderr, "\nERROR: Allocating Memory (encode buffer).\n");
return 0;
}
gzNewHeaderp.name = old[i].gzName;
gzNewHeaderp.os = old[i].os;
gzNewHeaderp.time = old[i].time;
buff = enc(decodedPNG, rawBytes , buff, (rawBytes * 1.1) + 12, 9, &compressedSize);
if((fwrite(buff, 1, compressedSize, modifiedBin)) != compressedSize){
fclose(originalBin);
fclose(modifiedBin);
unlink(MODIFIEDBIN);
fprintf(stderr, "\nERROR: Writing File (encode buffer).\n");
return 0;
}
memcpy(&headerTemplate[40 + ( i * 52) + 48], &compressedSize, 4);
free(buff);
free(decodedPNG);
SetConsoleTextAttribute(hConsole, INVERSE(__INFO_));
if((width != old[i].width) || (height != old[i].height)){
SetConsoleTextAttribute(hConsole, WARNING);
resolutionChanges++;
memcpy(&headerTemplate[40 + ( i * 52) + 32], &width , 4);
memcpy(&headerTemplate[40 + ( i * 52) + 36], &height, 4);
}
printf("\r %2d.%-32s %4d x %-4d %10d %10d %12d \n", i + 1, old[i].name, width, height, offset, compressedSize, rawBytes);
}
}
uint8_t l = 0;
for(l = 0; l < 85; l++){
printf("%c", 196);
}
printf("\n");
SetConsoleTextAttribute(hConsole, COLOR);
if (resolutionChanges){
BLANKLINE;
SetConsoleTextAttribute(hConsole, WARNING);
if (resolutionChanges == 1){
printf("The Resolution Changed With The Image In Red! It has been newly encoded. \n");
} else {
printf("The Resolution Changed With The %d Images In Red!They have been newly encoded. ", resolutionChanges);
if(resolutionChanges < 10){
printf(" \n");
} else {
printf("\n");
}
}
printf("IT MAY NOT BE SAFE TO FLASH THIS FILE!! \n");
printf("PLEASE KNOW WHAT YOU ARE DOING!! \n");
SetConsoleTextAttribute(hConsole, COLOR);
BLANKLINE;
} else {
printf("SUCCESS!! \n");
printf("You Can Flash The File 'Modified-SPLASH.bin' in fastboot. \n");
}
fseek(modifiedBin, 0, SEEK_SET);
if((fwrite(headerTemplate, 1, headerSize, modifiedBin)) != headerSize){
fclose(modifiedBin);
unlink(MODIFIEDBIN);
fclose(originalBin);
}
free(headerTemplate);
modifiedSize = GetSize(modifiedBin);
SetConsoleTextAttribute(hConsole, __INFO_);
printf(" %c", 218);
for(l = 0; l < 38; l++){
printf("%c", 196);
}
printf("%c \n", 191);
printf(" %cOriginal Size: %8d bytes, %4.2f MB%c \n", 179, originalSize, (float)originalSize/(float)1024/(float)1024, 179);
printf(" %cModified Size: %8d bytes, %4.2f MB%c \n", 179, modifiedSize, (float)modifiedSize/(float)1024/(float)1024, 179);
printf(" %c", 192);
for(i = 0; i < 38; i++){
printf("%c", 196);
}
printf("%c \n", 217);
BLANKLINE;
printf(" Press and key to exit...... \n");
fclose(modifiedBin);
fclose(originalBin);
return 1;
}
void FinishLineSpaces(uint8_t alreadyTaken){
uint8_t a = 1;
for (a = 1; a < SCREENWIDTH - alreadyTaken; a++){
printf(" ");
}
printf("\n");
}
int8_t CheckBinOffsets(FILE *modifiedFile){
uint32_t numberOfImages = 0;
uint32_t i = 0;
uint16_t data = 0;
const uint16_t magic = 0x8b1f;
uint32_t offset = 0, match = 0;
fseek(modifiedFile, 36, SEEK_SET);
if((fread(&numberOfImages, 1, 4, modifiedFile)) != 4){
fprintf(stderr, "\nERROR: Reading File (check bin offsets).\n");
return -1;
}
for(i = 0; i < numberOfImages ; i++){
fseek(modifiedFile, 40 + (i * 52) + 44, SEEK_SET);
if((fread(&offset, 1, 4, modifiedFile)) != 4){
fprintf(stderr, "\nERROR: Reading File (offset).\n");
return -1;
}
fseek(modifiedFile, offset, SEEK_SET);
if((fread(&data , 1, 2, modifiedFile)) != 2){
fprintf(stderr, "\nERROR: Reading File (two byte header).\n");
return -1;
}
if(data == magic){match++;}
}
return match - numberOfImages;
}
int32_t main(int32_t argc, char **argv){
int32_t c;
uint8_t numberOfImages = 0, brute = 0;
uint8_t splash[32] = {0};
uint8_t *path = NULL, *inputFile = NULL, *build = NULL;
FILE *input = NULL;
uint8_t command[512];
HANDLE hConsole = GetStdHandle(STD_OUTPUT_HANDLE);
CONSOLE_SCREEN_BUFFER_INFO consoleInfo;
CONSOLE_CURSOR_INFO cursor;
cursor.dwSize = 1;
cursor.bVisible = FALSE;
SetConsoleCursorInfo(hConsole, &cursor);
WORD originalColor;
GetConsoleScreenBufferInfo(hConsole, &consoleInfo);
originalColor = consoleInfo.wAttributes;
SetConsoleTextAttribute(hConsole, COLOR);
DrawHead();
while ((c = getopt (argc, (char**)argv, "i:I:p:P:b:B:n:N")) != -1){
switch(c)
{
case 'i':
case 'I':
inputFile = (uint8_t*)optarg;
break;
case 'p':
case 'P':
path = (uint8_t*)optarg;
break;
case 'b':
build = (uint8_t*)optarg;
break;
case 'B':
build = (uint8_t*)optarg;
brute = 1;
break;
case 'n':
case 'N':
numberOfImages = atoi(optarg);
break;
}
}
if(build){
int ret = BuildImages(build, numberOfImages, brute, hConsole);
if(ret){
FILE *modifiedBin = NULL;
if ((modifiedBin = fopen((const char*)MODIFIEDBIN, "rb")) == NULL){
fclose(modifiedBin);
fprintf(stderr, "%s could not be opened.\n", MODIFIEDBIN);
SetConsoleTextAttribute(hConsole, originalColor);
exit(EXIT_FAILURE);
}
if ((CheckBinOffsets(modifiedBin)) != 0){
fclose(modifiedBin);
fprintf(stderr, "Error in writing offsets.\n");
unlink(MODIFIEDBIN);
ret = 0;
}
}
SetConsoleTextAttribute(hConsole, originalColor);
return ret;
}
if((input = fopen((const char*)inputFile, "rb")) == NULL){
fprintf(stderr, "%s cound not be opened to read.", inputFile);
SetConsoleTextAttribute(hConsole, originalColor);
exit(EXIT_FAILURE);
}
if((fread(&splash, 1, 32, input)) != 32){
fprintf(stderr, "\nERROR: Reading File (splash).\n");
SetConsoleTextAttribute(hConsole, originalColor);
exit(EXIT_FAILURE);
}
uint8_t *data = NULL;
uint64_t start = 0, end = 0;
FILE *workingFile = NULL;
sprintf((char*)command,"%s\\%s", path , ORIGINALBIN );
if((workingFile = fopen((const char*)command, "wb")) == NULL){
fclose(workingFile);
fprintf(stderr, "\n%s\\%s could not be opened.\n", path, ORIGINALBIN);
SetConsoleTextAttribute(hConsole, originalColor);
exit(EXIT_FAILURE);
}
if (strncmp((const char*)splash, (const char*)splashHeader, 32) != 0 ){
if ((data = FindSplashFile(input, &start, &end)) != NULL){
fclose(input);
if((fwrite(data, 1 , end - start, workingFile)) != end - start){
fclose(workingFile);
fprintf(stderr, "ERROR: Writing File (cut splash).\n");
SetConsoleTextAttribute(hConsole, originalColor);
exit(EXIT_FAILURE);
}
fclose(workingFile);
if ((workingFile = fopen((const char*)command, "rb")) == NULL){
fclose(workingFile);
fprintf(stderr, "%s could not be opened.\n", command);
SetConsoleTextAttribute(hConsole, originalColor);
exit(EXIT_FAILURE);
}
} else {
printf("No SPLASH2!! header found in file.\n%s\nPress any key to exit.\n", inputFile);
fclose(workingFile);
fclose(input);
SetConsoleTextAttribute(hConsole, originalColor);
exit(EXIT_FAILURE);
}
} else {
uint32_t sizeFile = GetSize(input);
data = (uint8_t*)malloc(sizeFile);
if(data == NULL){
fclose(workingFile);
fclose(input);
fprintf(stderr, "ERROR: Allocating Memory (original splash file copy).\n");
return 0;
}
fseek(input, 0, SEEK_SET);
if((workingFile = fopen((const char*)command, "wb")) == NULL){
fclose(workingFile);
fprintf(stderr, "%s could not be opened.\n", command);
SetConsoleTextAttribute(hConsole, originalColor);
exit(EXIT_FAILURE);
}
if((fread(data, 1, sizeFile, input)) != sizeFile){
fclose(workingFile);
fprintf(stderr,"ERROR: Read Fail (data)\n");
SetConsoleTextAttribute(hConsole, originalColor);
exit(EXIT_FAILURE);
}
if((fwrite(data, 1, sizeFile, workingFile)) != sizeFile){
fclose(workingFile);
fprintf(stderr,"ERROR: Write Fail (data)\n");
SetConsoleTextAttribute(hConsole, originalColor);
exit(EXIT_FAILURE);
}
free(data);
fclose(input);
fclose(workingFile);
if ((workingFile = fopen((const char*)command, "rb")) == NULL){
fclose(workingFile);
fprintf(stderr, "%s could not be opened.\n", command);
SetConsoleTextAttribute(hConsole, originalColor);
exit(EXIT_FAILURE);
}
}
if ((CheckBinOffsets(workingFile)) != 0){
fclose(workingFile);
fprintf(stderr, "Initial offset check revealed invalid magic numbers.\n");
SetConsoleTextAttribute(hConsole, originalColor);
exit(EXIT_FAILURE);
}
if (decode(workingFile, path, hConsole)){
sprintf((char*)command, "start \"\" \"%s\\\"", path);
system((const char*)command);
}
printf("Press and key to exit...... \n");
SetConsoleTextAttribute(hConsole, originalColor);
return EXIT_SUCCESS;
}
Nexus6Pcodec.h
Code:
#define PATTERN 5
#define SCREENWIDTH 86
#define BACKGROUNDCOLOR 0x00
#define MERGEBACKGROUND(x) ((BACKGROUNDCOLOR & 0xf0) | (x & 0x0f))
#define COLOR MERGEBACKGROUND(0xbb)
#define TOPCOLOR MERGEBACKGROUND(0xbb)
#define TOPTEXTCOLOR MERGEBACKGROUND(0Xbb)
#define BLUE MERGEBACKGROUND(0x09)
#define RED MERGEBACKGROUND(0x0c)
#define YELLOW MERGEBACKGROUND(0x0e)
#define GREEN MERGEBACKGROUND(0x0a)
#define WARNING 0xcf
#define __INFO_ MERGEBACKGROUND(0xaa)
#define __HIGHLIGHT_ MERGEBACKGROUND(0xee)
#define SIZEOFLONGINT 4
#define MODIFIEDBIN "Modified-SPLASH.bin"
#define ORIGINALBIN "Original-SPLASH.bin"
#define IMAGES_DIR "Images"
#define BLOCKSIZE 512
#define SWAP32(x) (( x >> 24 )&0xff) | ((x << 8)&0xff0000) | ((x >> 8)&0xff00) | ((x << 24)&0xff000000)
#define INVERSE(x) ( (x & 0x0F)<<4 | (x & 0xF0)>>4 )
#define BLANKLINE printf(" \n")
#define UNDERSCORE printf("_____________________________________________________________________________________\n")
typedef struct {
uint8_t name[33];
uint32_t width;
uint32_t height;
uint32_t bpp;
uint32_t offset;
uint32_t size;
uint8_t gzName[37];
uint32_t time;
uint32_t os;
uint32_t decodedSize;
uint32_t crc32;
uint8_t pathToPNG[512];
} pHeader;
uint8_t *FindSplashFile(FILE*, uint64_t*, uint64_t*);
uint32_t GetSize(FILE*);
void DrawHead(void);
uint8_t *dec(uint8_t*, uint8_t*, uint32_t, uint32_t);
uint8_t *enc(uint8_t*, uint32_t, uint8_t*, uint32_t, int, uint32_t*);
int decode(FILE*, const uint8_t*, HANDLE);
pHeader *ReadID(FILE*, uint8_t);
uint32_t GetWidth(FILE*);
uint32_t GetHeight(FILE*);
int BuildImages(uint8_t*, uint8_t, uint8_t, HANDLE);
void FinishLineSpaces(uint8_t);
int8_t CheckBinOffsets(FILE*);
int32_t main(int32_t, char**);
gz_header gzNewHeaderp;
uint8_t version[] = "1.1";
const uint8_t splashHeader[] = "SPLASH2!!\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
uint8_t *dec(uint8_t *source, uint8_t *dest, uint32_t srclen, uint32_t dstlen){
int rtn;
z_stream zStream = {0};
zStream.zalloc = Z_NULL;
zStream.zfree = Z_NULL;
zStream.opaque = Z_NULL;
zStream.total_in = zStream.avail_in = srclen;
zStream.total_out = zStream.avail_out = dstlen;
zStream.next_in = (uint8_t*)source;
zStream.next_out = (uint8_t*)dest;
rtn = inflateInit2(&zStream, 16 + MAX_WBITS);
if (rtn != Z_OK){
fprintf(stderr, "Error: Initialising Decoder\n");
(void)inflateEnd(&zStream);
return NULL;
}
rtn = inflateGetHeader(&zStream, &gzNewHeaderp);
if (rtn != Z_OK){
fprintf(stderr, "Error: Reading Header\n");
(void)inflateEnd(&zStream);
return NULL;
}
rtn = inflate(&zStream, Z_FINISH);
if (rtn != Z_STREAM_END){
fprintf(stderr, "Error: Decoding\n");
(void)inflateEnd(&zStream);
return NULL;
}
(void)inflateEnd(&zStream);
return dest;
}
uint8_t *enc(uint8_t *source, uint32_t srclen , uint8_t *dest, uint32_t dstlen, int level, uint32_t *compressedSize){
int rtn;
z_stream zStream = {0};
zStream.total_in = zStream.avail_in = srclen;
zStream.total_out = zStream.avail_out = dstlen;
zStream.next_in = (uint8_t*)source;
zStream.next_out = dest;
zStream.zalloc = Z_NULL;
zStream.zfree = Z_NULL;
zStream.opaque = Z_NULL;
rtn = deflateInit2(&zStream, level, Z_DEFLATED, 16 + MAX_WBITS, 8, Z_DEFAULT_STRATEGY);
if (rtn != Z_OK){
fprintf(stderr, "Error: Initialising Encoder\n");
(void)deflateEnd(&zStream);
return NULL;
}
rtn = deflateSetHeader(&zStream, &gzNewHeaderp);
if (rtn != Z_OK){
fprintf(stderr, "Error: Writing Header\n");
(void)deflateEnd(&zStream);
return NULL;
}
rtn = deflate(&zStream, Z_FINISH);
if (rtn != Z_STREAM_END){
fprintf(stderr, "Error: Encoding\n");
(void)deflateEnd(&zStream);
return NULL;
}
*compressedSize = zStream.total_out;
(void)deflateEnd(&zStream);
return dest;
}
Added to Nexus 6P index thread:
[INDEX] Huawei Nexus 6P
makers_mark said:
Code:
future source
Click to expand...
Click to collapse
so just flash and the warning boot is gone
Code:
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
adbd is already running as root
Pulling first 64 bytes of each partition, and comparing the results with the target data.
Please wait...
Press any key to exit and delete all of the temporary partition files...
Check Partitions.bat seems to find nothing here.
Log: https://www.dropbox.com/s/rfq2qqnu308zm8z/log.txt?dl=0
gandharva said:
Code:
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
adbd is already running as root
Pulling first 64 bytes of each partition, and comparing the results with the target data.
Please wait...
Press any key to exit and delete all of the temporary partition files...
Check Partitions.bat seems to find nothing here.
Log: https://www.dropbox.com/s/rfq2qqnu308zm8z/log.txt?dl=0
Click to expand...
Click to collapse
I hope that's wrong. For a long time some manufacturers have put the splash screen and vendor related images in a easily identifiable partition. Google (nexus) just started doing this with the n5 and n6. The whole point, from what I could infer, was to be able to allow 2nd parties to change images specific to their brand. The way Google does it, is by transporting the encoded images via the bootloader, to their own partition. That may not be the case anymore (it is definitely transported by the bootloader but it may be in aboot partition or another that is not modifiable, or it may simply be in a file in the system partition). With that batch file, I just check the first parts of every partition, it may not be the same as it usually is, and be combined somewhere in one. It sucks not having a 6p, because it is on there some where. Thank you, would you mind trying another test tomorrow by pm?
Sure, just send me the script or whatever you want me to check.
gandharva said:
Sure, just send me the script or whatever you want me to check.
Click to expand...
Click to collapse
Thanks, here it is. This pulls every partition except userdata and uses my FindSplash function from my program that locates the header inside of a file. (instead of FC). Here is the source of myfc.c
Code:
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <fcntl.h>
int32_t FindSplashFile(FILE *input){
int readByte;
uint8_t pos = 0;
uint32_t start = 0;
const uint8_t splashHeader[] = "SPLASH2!!\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
// const uint8_t splashHeader[] = {128, 0, 8, 0, 4, 0 , 0 ,0,10,243,1,0,4,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,75,4,0,0};
fseek(input, 0, SEEK_SET);
while ((readByte = fgetc(input)) != EOF){
if (readByte == splashHeader[pos]){
if (pos == 31){
start = ftell(input) - 32;
fprintf(stderr, "\nSPLASH2!! header found at byte %d, %08x\n\n", start, start);
return 1;
} else {
pos++;
continue;
}
}
pos = 0;
}
return 0;
}
int32_t main(int32_t argc, char **argv){
int c = 0;
uint8_t *inputFile;
FILE *input = NULL;
while ((c = getopt (argc, (char**)argv, "i:I:")) != -1){
switch(c)
{
case 'i':
case 'I':
inputFile = (uint8_t*)optarg;
break;
}
}
if ((input = fopen((const char*)inputFile, "rb")) == NULL){
fclose(input);
fprintf(stderr, "File could not be opened.\n");
return 0;
}
return FindSplashFile(input);
}
Hopefully you'll find this info useful...
Contents of log.txt from Check Partitions
Checking mmcblk0p1 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.001 secs (64000 bytes/sec)
4 KB/s (64 bytes in 0.013s)
Checking mmcblk0p2 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.002 secs (32000 bytes/sec)
6 KB/s (64 bytes in 0.010s)
Checking mmcblk0p3 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.007 secs (9142 bytes/sec)
7 KB/s (64 bytes in 0.008s)
Checking mmcblk0p4 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.006 secs (10666 bytes/sec)
7 KB/s (64 bytes in 0.008s)
Checking mmcblk0p5 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.008 secs (8000 bytes/sec)
5 KB/s (64 bytes in 0.011s)
Checking mmcblk0p6 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.005 secs (12800 bytes/sec)
5 KB/s (64 bytes in 0.012s)
Checking mmcblk0p7 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.007 secs (9142 bytes/sec)
6 KB/s (64 bytes in 0.009s)
Checking mmcblk0p8 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.006 secs (10666 bytes/sec)
6 KB/s (64 bytes in 0.010s)
Checking mmcblk0p9 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.007 secs (9142 bytes/sec)
6 KB/s (64 bytes in 0.009s)
Checking mmcblk0p10 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.006 secs (10666 bytes/sec)
4 KB/s (64 bytes in 0.014s)
Checking mmcblk0p11 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.005 secs (12800 bytes/sec)
7 KB/s (64 bytes in 0.008s)
Checking mmcblk0p12 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.002 secs (32000 bytes/sec)
5 KB/s (64 bytes in 0.012s)
Checking mmcblk0p13 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.005 secs (12800 bytes/sec)
7 KB/s (64 bytes in 0.008s)
Checking mmcblk0p14 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.002 secs (32000 bytes/sec)
10 KB/s (64 bytes in 0.006s)
Checking mmcblk0p15 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.008 secs (8000 bytes/sec)
6 KB/s (64 bytes in 0.009s)
Checking mmcblk0p16 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.003 secs (21333 bytes/sec)
7 KB/s (64 bytes in 0.008s)
Checking mmcblk0p17 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.005 secs (12800 bytes/sec)
6 KB/s (64 bytes in 0.009s)
Checking mmcblk0p18 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.006 secs (10666 bytes/sec)
5 KB/s (64 bytes in 0.011s)
Checking mmcblk0p19 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.005 secs (12800 bytes/sec)
4 KB/s (64 bytes in 0.013s)
Checking mmcblk0p20 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.005 secs (12800 bytes/sec)
10 KB/s (64 bytes in 0.006s)
Checking mmcblk0p21 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.004 secs (16000 bytes/sec)
10 KB/s (64 bytes in 0.006s)
Checking mmcblk0p22 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.007 secs (9142 bytes/sec)
5 KB/s (64 bytes in 0.011s)
Checking mmcblk0p23 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.006 secs (10666 bytes/sec)
5 KB/s (64 bytes in 0.012s)
Checking mmcblk0p24 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.008 secs (8000 bytes/sec)
5 KB/s (64 bytes in 0.011s)
Checking mmcblk0p25 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.006 secs (10666 bytes/sec)
6 KB/s (64 bytes in 0.010s)
Checking mmcblk0p26 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.003 secs (21333 bytes/sec)
12 KB/s (64 bytes in 0.005s)
Checking mmcblk0p27 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.002 secs (32000 bytes/sec)
15 KB/s (64 bytes in 0.004s)
Checking mmcblk0p28 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.003 secs (21333 bytes/sec)
7 KB/s (64 bytes in 0.008s)
Checking mmcblk0p29 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.002 secs (32000 bytes/sec)
6 KB/s (64 bytes in 0.010s)
Checking mmcblk0p30 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.005 secs (12800 bytes/sec)
6 KB/s (64 bytes in 0.009s)
Checking mmcblk0p31 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.002 secs (32000 bytes/sec)
8 KB/s (64 bytes in 0.007s)
Checking mmcblk0p32 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.001 secs (64000 bytes/sec)
5 KB/s (64 bytes in 0.011s)
Checking mmcblk0p33 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.002 secs (32000 bytes/sec)
6 KB/s (64 bytes in 0.010s)
Checking mmcblk0p34 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.003 secs (21333 bytes/sec)
6 KB/s (64 bytes in 0.009s)
Checking mmcblk0p35 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.007 secs (9142 bytes/sec)
4 KB/s (64 bytes in 0.013s)
Checking mmcblk0p36 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.006 secs (10666 bytes/sec)
5 KB/s (64 bytes in 0.011s)
Checking mmcblk0p37 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.001 secs (64000 bytes/sec)
12 KB/s (64 bytes in 0.005s)
Checking mmcblk0p38 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.002 secs (32000 bytes/sec)
7 KB/s (64 bytes in 0.008s)
Checking mmcblk0p39 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.002 secs (32000 bytes/sec)
7 KB/s (64 bytes in 0.008s)
Checking mmcblk0p40 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.001 secs (64000 bytes/sec)
7 KB/s (64 bytes in 0.008s)
Checking mmcblk0p41 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.008 secs (8000 bytes/sec)
8 KB/s (64 bytes in 0.007s)
Checking mmcblk0p42 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.002 secs (32000 bytes/sec)
5 KB/s (64 bytes in 0.011s)
Checking mmcblk0p43 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.002 secs (32000 bytes/sec)
12 KB/s (64 bytes in 0.005s)
Checking mmcblk0p44 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.001 secs (64000 bytes/sec)
8 KB/s (64 bytes in 0.007s)
Checking mmcblk0rpmb partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.002 secs (32000 bytes/sec)
4 KB/s (64 bytes in 0.013s)
Partition listing from DiskInfo app
* modem [mmcblk0p1] (/firmware) [vfat]
Used: 47.2 MB, Free: 32.8 MB, Total space: 80 MB
* sbl1 [mmcblk0p2] Not mounted
* sdi [mmcblk0p3] Not mounted
* tz [mmcblk0p4] Not mounted
* rpm [mmcblk0p5] Not mounted
* hyp [mmcblk0p6] Not mounted
* pmic [mmcblk0p7] Not mounted
* DDR [mmcblk0p8] Not mounted
* sec [mmcblk0p9] Not mounted
* aboot [mmcblk0p10] Not mounted
* pmicbak [mmcblk0p11] Not mounted
* sbl1bak [mmcblk0p12] Not mounted
* tzbak [mmcblk0p13] Not mounted
* rpmbak [mmcblk0p14] Not mounted
* hypbak [mmcblk0p15] Not mounted
* abootbak [mmcblk0p16] Not mounted
* devinfo [mmcblk0p17] Not mounted
* fsg [mmcblk0p18] Not mounted
* limits [mmcblk0p19] Not mounted
* modemst1 [mmcblk0p20] Not mounted
* modemst2 [mmcblk0p21] Not mounted
* apdp [mmcblk0p22] Not mounted
* msadp [mmcblk0p23] Not mounted
* keymaster [mmcblk0p24] Not mounted
* cmnlib [mmcblk0p25] Not mounted
* keymasterbak [mmcblk0p26] Not mounted
* cmnlibbak [mmcblk0p27] Not mounted
* dpo [mmcblk0p28] Not mounted
* fsc [mmcblk0p29] Not mounted
* ssd [mmcblk0p30] Not mounted
* oeminfo [mmcblk0p31] Not mounted
* persist [mmcblk0p32] (/persist) [ext4]
Used: 5 MB, Free: 3 MB, Total space: 8 MB
* metadata [mmcblk0p33] Not mounted
* boot [mmcblk0p34] Not mounted
* recovery [mmcblk0p35] Not mounted
* oem [mmcblk0p36] Not mounted
* vendor [mmcblk0p37] (/vendor) [ext4]
Used: 193 MB, Free: 6.6 MB, Total space: 200 MB
* Cache [mmcblk0p38] (/cache) [ext4]
Used: 7.7 MB, Free: 92.3 MB, Total space: 100 MB
* misc [mmcblk0p39] Not mounted
* keystore [mmcblk0p40] Not mounted
* frp [mmcblk0p41] Not mounted
* persistent [mmcblk0p42] Not mounted
* System [mmcblk0p43] (/system) [ext4]
Used: 1018 MB, Free: 2 GB, Total space: 3 GB
* Data (userdata) [mmcblk0p44] (/data) [ext4]
Used: 33.2 GB, Free: 21.5 GB, Total space: 54.7 GB
* mmcblk0rpmb [mmcblk0rpmb] Not mounted
zamula said:
Hopefully you'll find this info useful...
Contents of log.txt from Check Partitions
Checking mmcblk0p1 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.001 secs (64000 bytes/sec)
4 KB/s (64 bytes in 0.013s)
Checking mmcblk0p2 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.002 secs (32000 bytes/sec)
6 KB/s (64 bytes in 0.010s)
Checking mmcblk0p3 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.007 secs (9142 bytes/sec)
7 KB/s (64 bytes in 0.008s)
Checking mmcblk0p4 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.006 secs (10666 bytes/sec)
7 KB/s (64 bytes in 0.008s)
Checking mmcblk0p5 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.008 secs (8000 bytes/sec)
5 KB/s (64 bytes in 0.011s)
Checking mmcblk0p6 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.005 secs (12800 bytes/sec)
5 KB/s (64 bytes in 0.012s)
Checking mmcblk0p7 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.007 secs (9142 bytes/sec)
6 KB/s (64 bytes in 0.009s)
Checking mmcblk0p8 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.006 secs (10666 bytes/sec)
6 KB/s (64 bytes in 0.010s)
Checking mmcblk0p9 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.007 secs (9142 bytes/sec)
6 KB/s (64 bytes in 0.009s)
Checking mmcblk0p10 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.006 secs (10666 bytes/sec)
4 KB/s (64 bytes in 0.014s)
Checking mmcblk0p11 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.005 secs (12800 bytes/sec)
7 KB/s (64 bytes in 0.008s)
Checking mmcblk0p12 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.002 secs (32000 bytes/sec)
5 KB/s (64 bytes in 0.012s)
Checking mmcblk0p13 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.005 secs (12800 bytes/sec)
7 KB/s (64 bytes in 0.008s)
Checking mmcblk0p14 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.002 secs (32000 bytes/sec)
10 KB/s (64 bytes in 0.006s)
Checking mmcblk0p15 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.008 secs (8000 bytes/sec)
6 KB/s (64 bytes in 0.009s)
Checking mmcblk0p16 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.003 secs (21333 bytes/sec)
7 KB/s (64 bytes in 0.008s)
Checking mmcblk0p17 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.005 secs (12800 bytes/sec)
6 KB/s (64 bytes in 0.009s)
Checking mmcblk0p18 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.006 secs (10666 bytes/sec)
5 KB/s (64 bytes in 0.011s)
Checking mmcblk0p19 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.005 secs (12800 bytes/sec)
4 KB/s (64 bytes in 0.013s)
Checking mmcblk0p20 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.005 secs (12800 bytes/sec)
10 KB/s (64 bytes in 0.006s)
Checking mmcblk0p21 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.004 secs (16000 bytes/sec)
10 KB/s (64 bytes in 0.006s)
Checking mmcblk0p22 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.007 secs (9142 bytes/sec)
5 KB/s (64 bytes in 0.011s)
Checking mmcblk0p23 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.006 secs (10666 bytes/sec)
5 KB/s (64 bytes in 0.012s)
Checking mmcblk0p24 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.008 secs (8000 bytes/sec)
5 KB/s (64 bytes in 0.011s)
Checking mmcblk0p25 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.006 secs (10666 bytes/sec)
6 KB/s (64 bytes in 0.010s)
Checking mmcblk0p26 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.003 secs (21333 bytes/sec)
12 KB/s (64 bytes in 0.005s)
Checking mmcblk0p27 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.002 secs (32000 bytes/sec)
15 KB/s (64 bytes in 0.004s)
Checking mmcblk0p28 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.003 secs (21333 bytes/sec)
7 KB/s (64 bytes in 0.008s)
Checking mmcblk0p29 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.002 secs (32000 bytes/sec)
6 KB/s (64 bytes in 0.010s)
Checking mmcblk0p30 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.005 secs (12800 bytes/sec)
6 KB/s (64 bytes in 0.009s)
Checking mmcblk0p31 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.002 secs (32000 bytes/sec)
8 KB/s (64 bytes in 0.007s)
Checking mmcblk0p32 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.001 secs (64000 bytes/sec)
5 KB/s (64 bytes in 0.011s)
Checking mmcblk0p33 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.002 secs (32000 bytes/sec)
6 KB/s (64 bytes in 0.010s)
Checking mmcblk0p34 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.003 secs (21333 bytes/sec)
6 KB/s (64 bytes in 0.009s)
Checking mmcblk0p35 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.007 secs (9142 bytes/sec)
4 KB/s (64 bytes in 0.013s)
Checking mmcblk0p36 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.006 secs (10666 bytes/sec)
5 KB/s (64 bytes in 0.011s)
Checking mmcblk0p37 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.001 secs (64000 bytes/sec)
12 KB/s (64 bytes in 0.005s)
Checking mmcblk0p38 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.002 secs (32000 bytes/sec)
7 KB/s (64 bytes in 0.008s)
Checking mmcblk0p39 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.002 secs (32000 bytes/sec)
7 KB/s (64 bytes in 0.008s)
Checking mmcblk0p40 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.001 secs (64000 bytes/sec)
7 KB/s (64 bytes in 0.008s)
Checking mmcblk0p41 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.008 secs (8000 bytes/sec)
8 KB/s (64 bytes in 0.007s)
Checking mmcblk0p42 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.002 secs (32000 bytes/sec)
5 KB/s (64 bytes in 0.011s)
Checking mmcblk0p43 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.002 secs (32000 bytes/sec)
12 KB/s (64 bytes in 0.005s)
Checking mmcblk0p44 partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.001 secs (64000 bytes/sec)
8 KB/s (64 bytes in 0.007s)
Checking mmcblk0rpmb partition...
1+0 records in
1+0 records out
64 bytes transferred in 0.002 secs (32000 bytes/sec)
4 KB/s (64 bytes in 0.013s)
Partition listing from DiskInfo app
* modem [mmcblk0p1] (/firmware) [vfat]
Used: 47.2 MB, Free: 32.8 MB, Total space: 80 MB
* sbl1 [mmcblk0p2] Not mounted
* sdi [mmcblk0p3] Not mounted
* tz [mmcblk0p4] Not mounted
* rpm [mmcblk0p5] Not mounted
* hyp [mmcblk0p6] Not mounted
* pmic [mmcblk0p7] Not mounted
* DDR [mmcblk0p8] Not mounted
* sec [mmcblk0p9] Not mounted
* aboot [mmcblk0p10] Not mounted
* pmicbak [mmcblk0p11] Not mounted
* sbl1bak [mmcblk0p12] Not mounted
* tzbak [mmcblk0p13] Not mounted
* rpmbak [mmcblk0p14] Not mounted
* hypbak [mmcblk0p15] Not mounted
* abootbak [mmcblk0p16] Not mounted
* devinfo [mmcblk0p17] Not mounted
* fsg [mmcblk0p18] Not mounted
* limits [mmcblk0p19] Not mounted
* modemst1 [mmcblk0p20] Not mounted
* modemst2 [mmcblk0p21] Not mounted
* apdp [mmcblk0p22] Not mounted
* msadp [mmcblk0p23] Not mounted
* keymaster [mmcblk0p24] Not mounted
* cmnlib [mmcblk0p25] Not mounted
* keymasterbak [mmcblk0p26] Not mounted
* cmnlibbak [mmcblk0p27] Not mounted
* dpo [mmcblk0p28] Not mounted
* fsc [mmcblk0p29] Not mounted
* ssd [mmcblk0p30] Not mounted
* oeminfo [mmcblk0p31] Not mounted
* persist [mmcblk0p32] (/persist) [ext4]
Used: 5 MB, Free: 3 MB, Total space: 8 MB
* metadata [mmcblk0p33] Not mounted
* boot [mmcblk0p34] Not mounted
* recovery [mmcblk0p35] Not mounted
* oem [mmcblk0p36] Not mounted
* vendor [mmcblk0p37] (/vendor) [ext4]
Used: 193 MB, Free: 6.6 MB, Total space: 200 MB
* Cache [mmcblk0p38] (/cache) [ext4]
Used: 7.7 MB, Free: 92.3 MB, Total space: 100 MB
* misc [mmcblk0p39] Not mounted
* keystore [mmcblk0p40] Not mounted
* frp [mmcblk0p41] Not mounted
* persistent [mmcblk0p42] Not mounted
* System [mmcblk0p43] (/system) [ext4]
Used: 1018 MB, Free: 2 GB, Total space: 3 GB
* Data (userdata) [mmcblk0p44] (/data) [ext4]
Used: 33.2 GB, Free: 21.5 GB, Total space: 54.7 GB
* mmcblk0rpmb [mmcblk0rpmb] Not mounted
Click to expand...
Click to collapse
Will you try the program up one post? It will take awhile, and not produce a log. Not using a log seemed the best decision when pulling whole partitions, because adb-usb is slow and I felt the need to show action on the screen. It doesn't matter though, because when a partition is found containing the header, it will tell you even if you just let it run. There will also be no partition folder created, instead each partition is pulled to the directory you run the bat file from, and when there is no match inside, it is deleted. The only partition(s) remaining in the folder will have the match, and if the console is still up, it would've been announced when it was found as well as at the end.
I'm pretty sure, after looking at the fastboot source on github, that they are using the new partition slot(s), or partition provisioning A/B. No big deal, except for now since they haven't released it yet.
OK, used your new tool and found the corresponding partitions. mmcblk0p10 (aboot) and mmcblk0p16 (abootbak) both hold pictures, but mmcblk0p16 seems to be some sort of backup and it misses some pics. So it's mmcblk0p10 that needs to be altered.
Pics from mmcblk0p10: https://www.dropbox.com/s/stnewd0jkn6d355/Images_mmcblk0p10.rar?dl=0
Pics from mmcblk0p16: https://www.dropbox.com/s/calt8u27kan7cdp/Images_mmcblk0p16.rar?dl=0
I tried this but when I attempt to flash the modified splash in fastboot it says "Permission Denied"
gandharva said:
OK, used your new tool and found the corresponding partitions. mmcblk0p10 (aboot) and mmcblk0p16 (abootbak) both hold pictures, but mmcblk0p16 seems to be some sort of backup and it misses some pics. So it's mmcblk0p10 that needs to be altered.
Pics from mmcblk0p10: https://www.dropbox.com/s/stnewd0jkn6d355/Images_mmcblk0p10.rar?dl=0
Pics from mmcblk0p16: https://www.dropbox.com/s/calt8u27kan7cdp/Images_mmcblk0p16.rar?dl=0
Click to expand...
Click to collapse
Thanks a bunch for that, but I must ask, did you let it run all of the way through (or stop after mmcblk0p16)?. I am almost positive that this needs to be flashed using the new fastboot to a slot in the aboot partition. When looking at the fastboot.cpp source, there are a some changes specifically for the angler. This fastboot hasn't been released yet, but here is a screenshot of what the "help" menu tentatively looks like:
At this point, in all reality, most people will probably start weighing whether it is worth the risk of even changing any image if you have to alter a bootloader partition slot. And I would not blame you. But, on the other hand, it is awesome that there is a fail-safe aboot backup! Don't know if you noticed, but that mmcblk0p16-abootbak, contains fallback images. It actually is complete, see how the resolution is dumbed down on most of the images, and that the pause/continue images are condensed and renamed. Also, the ic_google_logo is trimmed very short (height) and probably only has the "Google" logo, sans complete fullscreen black background. This tells a lot more than you may actually realize. Like different resolution may be used, at least for the logo.
Will you, or anyone else for that matter, send me both partitions that had these in them? There is nothing special, like IMEI in them, everyone's will be identical. I'd like to understand how these slots work, because there is absolutely nothing written about them that I have found. But if there is some kind of pointer in the partition, I will find it, and hopefully find a slot name.
makers_mark said:
Thanks a bunch for that, but I must ask, did you let it run all of the way through (or stop after mmcblk0p16)?.
Click to expand...
Click to collapse
Welcome! I stopped at mmcblk0p43 because it took to long to read out /system and i had to go to work.
makers_mark said:
Will you, or anyone else for that matter, send me both partitions that had these in them? There is nothing special, like IMEI in them, everyone's will be identical. I'd like to understand how these slots work, because there is absolutely nothing written about them that I have found. But if there is some kind of pointer in the partition, I will find it, and hopefully find a slot name.
Click to expand...
Click to collapse
Check your Messages.
If I'm following this thread and understanding it as well couldn't one create custom images as a method to get rid of the orange triangle screen by duplicating the appropriate Google Sans text image and saving it to a file name whose image data was originally the file that housed the triangle image?
A bit of a ghetto fabulous work around to kill the appears of the warning message but of I'm following this thread accurately isn't that a potentiality?
I'll grab the attachments and run them here as well.
gandharva said:
Welcome! I stopped at mmcblk0p43 because it took to long to read out /system and i had to go to work.
Check your Messages.
Click to expand...
Click to collapse
Thanks, once again, but there was nothing noteworthy in either aboot or abootbak. I found more of an explanation on the slots, but I apparently was wrong in thinking that they were just splits in any given partition. You have been great (even running the suspect partitions back through the main program), not to many would of done that without direction. Will you check 43 though? If not that's perfectly fine! This is the line you need to change in the batch file with a text editor if you feel like it.
Code:
Change this line:
for /l %%t in (1,1,43) do (
To:
for /l %%t in (43,1,43) do (
It will just pull the /system partition and check it.
mostyle said:
If I'm following this thread and understanding it as well couldn't one create custom images as a method to get rid of the orange triangle screen by duplicating the appropriate Google Sans text image and saving it to a file name whose image data was originally the file that housed the triangle image?
A bit of a ghetto fabulous work around to kill the appears of the warning message but of I'm following this thread accurately isn't that a potentiality?
I'll grab the attachments and run them here as well.
Click to expand...
Click to collapse
There still lies the problem of where to put it. The aboot partition is the dead soul in your phone that awakens upon boot and sets up initial functionality and then loads the kernel, then dies. I like your insight, but there still is a little bit of data directly after the complete splash2.bin. It appears to be something that sets up nand. Even looking at the fastboot source, unlock critical "seems" to be able to let you edit the bootloader partitions, bypassing all signature checks. If that is the case and it's that easy, that extra data could easily be moved to tail the splash. There is even plenty of room in aboot to move it quite a bit. But that is wishful thinking, because I don't see how they could totally do away with un-modifiable bootloader partitions like that with an apparent movement towards security.
Typically, when the splash (and associated images) are changeable, they are in their own partition and you wouldn't have to worry about anything being overwritten. You could even have a splash that was smaller than the existing one, and after flashing the new one, those leftover bytes from the old one don't matter. It is because it is a file format that is very adamant about what it wants, and what goes where (it is pretty much how all file formats work). So when it knows the data for the last image is at (insert number) this exact byte, that's it. The extra "garbage" doesn't matter, and is never seen. When you go to substitute data (a) in place of data (b), they would have to be the exact same size because of the no room for extra data, stemming from the nand setup the very following byte. On top of that, there has never been an editable aboot partition when it comes even to Nexus (that I know of). This is very odd, and reminiscent of when I first got into the thrill of finding these encodings with the Nexus 7 2. I could get the images out, but there was no way to change them, because they were in aboot, and with the secure boot loader that checks the "competency" of the previous bootloader caller, it wasn't possible. (Anything is possible, it's just no one figured it out). Since the Nexus 5,5x,6,&9 they have all been editable and moved away from strict bootloader encoding. And those have been in a file format, JUST like this where you have your header...offset....size...name...in whatever order..
To anyone that wants to understand this encoding (since I haven't explained it yet), read below.
The format used in encoding these images is zipped with gzip. When Google released the image, I saw the SPLASH2!! header in the bootloader. It had the tale-tail signs of a format (offset, size, width, height...). You can even do this, use a hex editor and go to the offset that is listed by the program for any image (in the cutout splash.bin). Copy from there the number of bytes that is listed in the "size". Save that file as whichever image it is for easy reference, and add the extension .zip on it. Unzip it with 7-zip or gzip, and viola, you get the image in a BGR24 raw format.
I went above an beyond though, you have to when you can't test yourself. With Gzips there is an optional filename for the extracted zips, as well as a unix time stamp, and an indicator as to what type of machine actually compressed the data. I made all of this data transfer to the encoding of the image to be injected, it sounds easy but it wasn't. The goal, as always when doing this, was to make a program that could take the original encoding and change every single image in it, then build an encoder that produces an EXACTLY identical file.
Using 7-zip did the job initially (for decoding), but the data was off when encoding (no matter what setting), it was more of a quick novelty do decode. In the "Rebuild Images" batch file that is created, if you change "-b" to "-B" it will force every image to be injected (if the crc32 of any image didn't change, the existing encoding in the splash.bin was copied from the original file for speed). The filesize is the exact same, but more importantly (to me), the two files were binary twins.
Having said all of that, I think there may be one last hope as far as I can help (and it doesn't involve the bootloader partition). It was somewhat questionable when I realized what type of encoding this was. Typically there is very little "thought" by the device to process images on boot. They are usually encoded in a run-length manner which is super fast and efficient. This however has to be unzipped and then displayed. At first I said to myself, this must be really fast like nothing before (because of the max compression), or there is a driver built into the firmware to directly handle the zlib (which may be the case too).
There is the possibility that the images transported are decoded and stored somewhere else on the device in there unzipped BGR24 format. It doesn't seem logical, but neither does gzipping an image that needs to be pulled at the drop of a hat with minimal processing power. I will find the most obscure 16 or 32 bytes of data in one of the raw images and post a program to search for that set in all the partitions. Feel free to participate, but if that doesn't produce anything, I'm out! Kidding, but I will ask a moderator to move this thread to the Q&A if they don't do it anyways:cyclops:
I am including the "aboot.cab", which is an ELF, directly from the bootloader downloaded from google. This is not the partition checker for a not so random set of bytes. This is strictly for future reference and also to see if insight might come from a lurker:good:
how to flash the modified-splash.bin to bootloader,please help me thanks
makers_mark said:
Will you check 43 though?
Click to expand...
Click to collapse
Here we go! Took forever... But as you see, nothing found. -> mmcblk0p10 is the way to go.
Code:
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
adbd is already running as root
Pulling each partition, except userdata, and searching for SPLASH2!! header.
Please wait...
Checking mmcblk0p43 partition...
6291456+0 records in
6291456+0 records out
3221225472 bytes transferred in 3736.895 secs (862005 bytes/sec)
5846 KB/s (3221225472 bytes in 538.080s)
Drücken Sie eine beliebige Taste . . .
Let mine run over night and awoke to a match in p10 and p16.
If these partition dumps (exactly the same file size too) would be of use I'll be happy to share..
gandharva said:
Here we go! Took forever... But as you see, nothing found. -> mmcblk0p10 is the way to go.
Click to expand...
Click to collapse
:good:
mostyle said:
Let mine run over night and awoke to a match in p10 and p16.
If these partition dumps (exactly the same file size too) would be of use I'll be happy to share..
Click to expand...
Click to collapse
Thanks for giving it a shot! Gandharva has already provided both of the files to me, and they'll be the same.
This is my last stand ! This program at the bottom will pull every partition, and search for 32 specific bytes of an decoded gzip that might be residing somewhere. The bytes that I'm searching for is the very top of the "lock_state" image that gets decoded (they're highlighted in blue). Here it is below, feel free to participate, and if not, thanks for everything else!
No partition folder will be created. All partitions will be dd'd to the device, pulled to your computer, deleted from the device (not your partition, but the copy from dd), then checked on your PC for a match. If there isn't a match, the partition will be deleted from your computer as well. When a match is found, it will be displayed, and displayed again at the very end. It is NOT important to watch this work because if there is a match, the partition with the match will still be in the folder in the end, and the screen will still be up. Fingers crossed.:fingers-crossed:Source: myfc.c
Code:
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <fcntl.h>
int32_t FindSplashFile(FILE *input, uint8_t *inputFile){
int readByte;
uint8_t pos = 0;
unsigned long int cur = 0;
const uint8_t rawBGRchunk[] = { 44, 106, 106, 106, 148, 148, 148, 189, 189, 189, 221, 221, 221, 240, 240, 240,
252, 252, 252, 255, 255, 255, 252, 252, 252, 240, 240, 240, 221, 221, 221, 189};
fseek(input, 0, SEEK_SET);
while ((readByte = fgetc(input)) != EOF){
cur++;
if (readByte == rawBGRchunk[pos]){
if (pos == 31){
fprintf(stderr, "\n\n\n\n\"lock_state\" Raw image found in %s at byte %ld!\n\n\n\n\n", inputFile, cur - 32);
fclose(input);
return 1;
} else {
pos++;
continue;
}
} else if (readByte == (int)*rawBGRchunk){
pos = 1;
continue;
}
pos = 0;
}
fclose(input);
return 0;
}
int32_t main(int32_t argc, char **argv){
int c = 0;
uint8_t *inputFile;
FILE *input = NULL;
while ((c = getopt (argc, (char**)argv, "i:I:")) != -1){
switch(c)
{
case 'i':
case 'I':
inputFile = (uint8_t*)optarg;
break;
}
}
if ((input = fopen((const char*)inputFile, "rb")) == NULL){
fclose(input);
fprintf(stderr, "File could not be opened.\n");
return 0;
}
return FindSplashFile(input, inputFile);
}
Source batch file:
Code:
@echo off
title Partition Puller
set "device_dir=sdcard"
set "partitionfind=mmcblk0"
set "match="
:getpartitions
adb -d kill-server
adb -d root
if not defined device_dir echo(Device dir is undefined&goto :eof
if "[%device_dir%]"=="[]" echo(Device dir is undefined&goto :eof
echo(Pulling all partitions (minus userdata) and searching for 32 specific bytes
echo(of the raw ^"lock_state^" image that is in BGR24 format.
echo(
echo(Please wait...
for /f "skip=1 tokens=4" %%t in ('adb -d shell cat /proc/partitions^|findstr /rxic:".*%partitionfind%.*"') do (
call echo(Pulling %%t partition...
call adb -d shell dd if=/dev/block/%%t of=/%device_dir%/%%t
call adb -d pull "/%device_dir%/%%t" "%~dp0\%%t"
call adb -d shell rm "/%device_dir%/%%t"
call myfc -i "%%t" &&call del "%~dp0\%%t"||call :Match %%t
)
if defined match echo(Match found in %match%
pause
adb -d kill-server
goto :eof
:Match
set "match=%match% %1"
goto :eof