Develop Bugs

Asus ABI Decompiler+Compiler (Updated 20090622)

This tool can be used to either decompile or compile ROMs for various Asus devices that used the ABI firmware format (Can also be used in O2 XDA Zest ). The current version can support P835 unencrypted ABI, and even encrypted ABI from updater EXE! Current finding is this tool also supports unreleased Garmin-Asus ROMs!
Thanks (Especially )Harshal and Leon in AsusPda for testing.
Usage:
- Decompiling ROM
1. p835abisplit2 <abi/exe file>
2. os.nb0 and extrom.img released (Only for Pre-P835 devices), os.nb0 cab be processed by imgfsfromnb or osnbtool, extrom.img can be processed by WinImage.
- Compiling ROM
1. First rename the new os.nb0 to os-new.nb0, and rename extrom.img to extrom-new.img (If the new files do not exist, then the compiler will use the parts from original ROM)
2. p835abisplit2 /b <abi/exe file>
3. out.abi releases, which can be used to flash directly (Only for Pre-P835 devices or Post-P835 devices with unencrypted ROM).
4. If you input the updater EXE to p835abisplit2, it will also produce out.exe with region locked patched which can be used to flash your new ROM directly on devices with any region!
- Note when building ROM
1. If you need to modify XIP, make sure the modded XIP is the same size as the original one before merging back to nb0, otherwise booting will fail
2. For Pre-P835 devices, current version can create big-storage ROMs with variable size of imgfs. If the new OS is smaller than the original one, the freed space will be allocated to user space (The left part as shown in Memory setting) after flashing. However the user space display will only reflect the change on second flash.
3. For Post-P835 devices, all partitions must be exactly same size with the original one (i.e. you need to pad the partition before putting it back), otherwise the device won't boot.
4. For Pre-P835 devices, you can modify ExtROM as you like, but not remove or rebuild the image file, otherwise you may get a brick! (Not able to enter bootloader)
Final Warning: Customizing a ROM always has risks, I won't be responsible for any damages lead to your custom ROM!
Release Notes:
v2.40:
- Added support for M930
v2.32:
- Support extraction of encrypted ABI file resource from P835 updater exe
- Support reconstruction of P835 updater exe
- When rebuild to exe, the produced out.exe is patched to install in devices of any region.
V2.20:
- Support extration and rebuilding of P835 ABI file (Note that not for ABI inside EXE)
- When rebuild with exe, OUT.EXE will be produced for direct flashing

starkwong said:
This tool can be used to either decompile or compile ROMs for various Asus devices that used the ABI firmware format (Can also be used in O2 XDA Zest ).
Thanks Harshal and Leon in AsusPda for testing.
Usage:
- Decompiling ROM
1. p565abisplit2 <abi/exe file>
2. os.nb0 and extrom.img released, os.nb0 cab be processed by imgfsfromnb or osnbtool, extrom.img can be processed by WinImage.
- Compiling ROM
1. First rename the new os.nb0 to os-new.nb0, and rename extrom.img to extrom-new.img (If the new files do not exist, then the compiler will use the parts from original ROM)
2. p565abisplit2 /b <abi/exe file>
3. out.abi releases, which can be used to flash directly.
- Note when building ROM
1. If you need to modify XIP, make sure the modded XIP is the same size as the original one before merging back to nb0, otherwise booting will fail
2. OS part doesn't need to be the same size as the original. If the new OS is smaller than the original one, the freed space will be allocated to user space (The left part as shown in Memory setting) after flashing. However the user space display will only reflect the change on second flash.
3. You can modify ExtROM as you like, but not remove or rebuild the image file, otherwise you may get a brick! (Not able to enter bootloader)
Final Warning: Customizing a ROM always has risks, I won't be responsible for any damages lead to your custom ROM!. Moreover, don't use it in P835 abi, it won't work
Click to expand...
Click to collapse
Nice we all waiting for it

Many Congrats for successfully ripping through the ROM !!
Partition offsets and checksums reported by the tool are :
Part #0002 sz:0003e000=>0003e000 cs:625f94b2=>625f94b2 of:000003a0=>000003a0
Part #0004 sz:00100000=>00100000 cs:ffe5f731=>ffe5f731 of:0003e3a0=>0003e3a0
Part #0103 sz:00452a8c=>00452a8c cs:99f65978=>99f65978 of:0013e3a0=>0013e3a0
Part #0104 sz:000fffc0=>000fffc0 cs:5e03943f=>5e03943f of:00590e2c=>00590e2c
Part #0005 sz:07e00000=>07e00000 cs:674f4072=>674f4072 of:00690dec=>00690dec
Part #0013 sz:00a00000=>00a00000 cs:56994bf9=>56994bf9 of:08490dec=>08490dec
I am a little scared to use this tool for following reasons :
1. Actually, the IMGFS & ExtROM offsets are '00690dfc' & '08490dfc' respectively.
2. Checksums( 674f4072, 56994bf9....) can not be located in the Header.
3. The Adler32 checksum for the ExtROM is '5ff94bfa', while your tool reports '56994bf9'.
Any clues ?

rishi2504 said:
Many Congrats for successfully ripping through the ROM !!
Partition offsets and checksums reported by the tool are :
Part #0002 sz:0003e000=>0003e000 cs:625f94b2=>625f94b2 of:000003a0=>000003a0
Part #0004 sz:00100000=>00100000 cs:ffe5f731=>ffe5f731 of:0003e3a0=>0003e3a0
Part #0103 sz:00452a8c=>00452a8c cs:99f65978=>99f65978 of:0013e3a0=>0013e3a0
Part #0104 sz:000fffc0=>000fffc0 cs:5e03943f=>5e03943f of:00590e2c=>00590e2c
Part #0005 sz:07e00000=>07e00000 cs:674f4072=>674f4072 of:00690dec=>00690dec
Part #0013 sz:00a00000=>00a00000 cs:56994bf9=>56994bf9 of:08490dec=>08490dec
I am a little scared to use this tool for following reasons :
1. Actually, the IMGFS & ExtROM offsets are '00690dfc' & '08490dfc' respectively.
2. Checksums( 674f4072, 56994bf9....) can not be located in the Header.
3. The Adler32 checksum for the ExtROM is '5ff94bfa', while your tool reports '56994bf9'.
Any clues ?
Click to expand...
Click to collapse
Tool works properrly.No harm is trying

starkwong, is there any tool to decompile P835's ROM in the same way?

New version posted.
rishi2504:
The image checksum is not calculated by plain Adler32, actually is uses the same formula as older Asus ROMs, however it is not a one-time calculation.
Checksums are inside header, given you decoded it correctly.

starkwong, here's what I get when trying to decompile a ROM:
Code:
v2.40 (Jun 16 2009 19:56:06)
ExtractABI(): Trying to load G5_ALL_V4.11.0_V3.6.12.P2_Ship_WWE_app_MYS00_V2.3.6.exe...
Module loaded, searching for BIN resource...
Found matching resource at BIN #211!
GetPartitions(): Getting Partition Information...
*** Encrypted ABI detected
ABI Version 0x00030012
Project Name: G5
Partition Type: 000f [email protected]
Partition Type: 000e [email protected]
Partition Type: 000e [email protected]
Partition Type: 0004 [email protected]
Partition Type: 0004 [email protected]
Partition Type: 000f [email protected]
Partition Type: 000f [email protected]
Partition Type: 0102 damage [email protected]
Partition Type: 0005 UnKnown [email protected]
Partition Type: 0002 [email protected]
Partition Type: 0003 [email protected]
ProcessABI(): Writing OS data...
* BIN(P835) Image Detected
Warning: OS.nb0/flash.bin is not a NB image, not modifying MSFLSH50 headers
ProcessABI(): No ExtROM partition found.
OK!
So it seems that partitions are not detected correctly, there's no os.nb0 at the output, and the flash.bin apperars to be of no use. Even when I found imgfs partition inside of it, there's still something wrong with it, e.g. bad start block offset, and everything else is also broken.
Can you help me with this?

In fact it is correct, as Asus uses B000FF image on P835, not a plain NB0 image.
You need to use osnbtool to get a nb0 with extra bytes, then use nbsplit -data 2048 -extra 8 to get a nb0 with sector size 0x800.

ginkage said:
starkwong, here's what I get when trying to decompile a ROM:
Code:
v2.40 (Jun 16 2009 19:56:06)
ExtractABI(): Trying to load G5_ALL_V4.11.0_V3.6.12.P2_Ship_WWE_app_MYS00_V2.3.6.exe...
Module loaded, searching for BIN resource...
Found matching resource at BIN #211!
GetPartitions(): Getting Partition Information...
*** Encrypted ABI detected
ABI Version 0x00030012
Project Name: G5
Partition Type: 000f [email protected]
Partition Type: 000e [email protected]
Partition Type: 000e [email protected]
Partition Type: 0004 [email protected]
Partition Type: 0004 [email protected]
Partition Type: 000f [email protected]
Partition Type: 000f [email protected]
Partition Type: 0102 damage [email protected]
Partition Type: 0005 UnKnown [email protected]
Partition Type: 0002 [email protected]
Partition Type: 0003 [email protected]
ProcessABI(): Writing OS data...
* BIN(P835) Image Detected
Warning: OS.nb0/flash.bin is not a NB image, not modifying MSFLSH50 headers
ProcessABI(): No ExtROM partition found.
OK!
So it seems that partitions are not detected correctly, there's no os.nb0 at the output, and the flash.bin apperars to be of no use. Even when I found imgfs partition inside of it, there's still something wrong with it, e.g. bad start block offset, and everything else is also broken.
Can you help me with this?
Click to expand...
Click to collapse
B000FF image cannot be modified without osnbtool or viewbin or cvrtbin tool..For Ext ROM there is no partition in the abi file which can b read as .nb0 Ext ROM is inside the OS and is not as a partition.So what the output u get from the tool is correct.Whatever ROMs u saw mine are from using the same tool
I hope this clarifies.

starkwong, Thank you so much, it worked perfectly!

Can't use this tool on my Asus M530w. Getting this message:
Copyright(C) 2009 Studio KUMA(starkwong). All rights reserved
v2.40 (Jun 16 2009 19:56:06)
ExtractABI(): Trying to load nk.abi...
Failed loading as module (193). Perhaps ABI?
Trying as ABI directly...
Creating file mapping...
GetPartitions(): Getting Partition Information...
Error: AES Key not suitable for this ROM

unencrypted vers encrypted
There is little bit mess in description.
If you will use unecrypted rom + p835abisplit2 you will get os.nb0.
With encrypted rom + p835abisplit2 you will get flash.bin.

starkwong said:
4. For Pre-P835 devices, you can modify ExtROM as you like, but not remove or rebuild the image file, otherwise you may get a brick! (Not able to enter bootloader)
Click to expand...
Click to collapse
Hi,
Can i add my own cab/xml files to this Ext_ROM, after removing the files not needed ?

rishi2504 said:
Hi,
Can i add my own cab/xml files to this Ext_ROM, after removing the files not needed ?
Click to expand...
Click to collapse
Don't bother dude , figured it out ...

Is there anyway I can extract the flash.bin file from a .abi file using this tool?
My P835 is unable to upgrade from the SD card with the .abi file on it.. so I wanted to extract the flash.bin and see if I can use the QPST tool to update the image with flash.bin file..

Sorry if I'm being stupid here (not unusual!). I'm trying to use this tool to get a .abi file out of O2's "Xda_Zest Firmware Update_V7.7.0S.WWE20.00_M4.6.5.P7_V2.1.4 GBR20.exe" so I can stick it on the SD card and flash the ROM, but of course I'm only ending up with the two files you mention, os.nb0 and extrom.img, no .ABI file. I can look in the extrom.img file with winrar, but the file only contains FINDMA~1.000 (300 bytes), 000dummy.001 (0 bytes) and _setup.xml (1205 bytes).
Plainly I'm thick - where am I going wrong, and how do I get the .ABI file?

[Bootloader] U-boot for the multi-boot support

Hi!
As with Galaxy S2, I have ported the u-boot bootloader to the Galaxy Nexus. It can be chainloaded from samsung bootloader (loaded instead of linux kernel) safely.
It could be useful to have multiple ROMs on one device or test other OS like Ubuntu or Genode.
Detailed installation guide is available at Ksys Labs LLC wiki http://ksyslabs.org/doku.php?id=gnex_uboot .I'll just copy-paste it here
Happy hacking and don't forget to visit our wiki at http://ksyslabs.org !
===== Rationale ======
There were a couple reasons to port u-boot to Galaxy Nexus
* Security: we cannot trust the proprietary samsung bootloader
* Implementing dual-boot for original and custom firmware
* Booting Genode operating system
===== Demo =====
===== Compilation from source =====
Source code is in https://github.com/Ksys-labs/uboot-tuna
There exist two branches of interest
* master - contains the official stable releases. may be force-pushed and rebased, beware
* tuna-fosdem-hacks contains the u-boot that was used for FOSDEM 2013 to demo booting Genode
To compile, you need to have the ARM cross-compiler. I recommend codesourcery 2010q1-188 because that's what I'm using and some users reported that newer compilers produce broken binaries.
There are two ways to use the u-boot. One is flashing it instead of the Samsung SBL bootloader. The other one is chainloading it from the SBL.
Flashing instead of SBL has the following advantages
* Faster boot time than chainloading
* Ability to use the standard partitioning layout
There is a number of issues and therefore we do not recommend flashing it instead of SBL
* No Fastboot support (preliminary USB RNDIS and DHCP BOOTP support is available), you'll have to use OMAPFlash to restore the device if you flash a non-working kernel
* No display initialization. You'll have to disable the "Check for Bootloader initialization" option in kernel config
By default, the chainloaded version is compiled. It is loaded (by the SBL) to the address **0x81808000**.
If you want to build the SBL replacement version, edit the **include/configs/omap4_tuna.h** file and uncomment the **#define TUNA_SPL_BUILD** line. X-loader loads the bootloader to the address **0xa0208000**.
Code:
export PATH=/home/alexander/handhelds/armv6/codesourcery/bin:$PATH
export ARCH=arm
export CROSS_COMPILE=arm-none-eabi-
U_BOARD=omap4_tuna
make clean
make distclean
make ${U_BOARD}_config
make -j8 ${U_BOARD}
mkbootimg --kernel u-boot.bin --ramdisk /dev/null -o u-boot.aimg
===== Installation =====
==== Chainloaded Mode ====
You'll need the root access to your device.
You can take the prebuilt u-boot here. http://ksyslabs.org/lib/exe/fetch.php?media=gnex-uboot-chainloaded.img
The u-boot has the support for android boot images. When flashed instead of the SBL, it boots the kernel off the "Boot" partition. When chainloaded, it looks for the kernel in **/system/boot/vmlinux.uimg** . Additionally, it first looks for the **/system/boot/boot.scr.uimg** so you can put custom commands there and override the kernel image.
It also supports booting custom images from **/sdcard/boot/vmlinux.uimg** and **/sdcard/boot/boot.scr.uimg**
If you need larger images, I suggest that you use the **tuna-fosdem-hacks** branch, format the cache partition to ext2 and put the files to **/cache/media/boot/**
push the files to your device via adb
Code:
adb push gnex-uboot-chainloaded.img /sdcard/
adb hell
now, in the device shell, do the following
Code:
su
cat /dev/block/platform/omap/omap_hsmmc.0/by-name/boot > /sdcard/vmlinux.uimg
mount -o remount,rw /system
mkdir /system/boot
cp /sdcard/vmlinux.uimg /system/boot/
cat /sdcard/gnex-uboot-chainloaded.img > /dev/block/platform/omap/omap_hsmmc.0/by-name/boot
sync
reboot
Instead of installing gnex-uboot-chainloaded.img via dd, you can use fastboot
Code:
fastboot flash:raw boot u-boot.img
===== Replacing samsung bootloader =====
OMAP4 devices cannot be bricked completely because the CPU has a firmware loader in the OTP (one-time programmable) memory. When the device is powered, it tries booting from USB.
Make sure to have an old version of x-loader (PRIMEKK14) because newer ones have the security hole which allowed booting unsigned bootloaders fixed. The installation procedure is roughly the same, but use **sbl** partition. And also install xloader from http://ksyslabs.org/lib/exe/fetch.php?media=gnex-xloader-working.img
Code:
adb push gnex-xloader-working.img /sdcard/
Code:
cat /sdcard/gnex-xloader-working.img > /dev/block/platform/omap/omap_hsmmc.0/by-name/xloader
There exists a Samsung recovery tool which can unbrick the devices with corrupted xloader/SBL. You will need a computer running Windows XP.
Search the internet for the archive named "OMAPFlash_tuna.zip" which has md5 "ddbf07a1d36b044c40af5788a83b5395". We cannot upload it here because of the unclear license status.
===== Making images =====
You can either use Android's mkbootimg to produce ANDROID! type images (not recommended) or u-boot's mkimage (in the u-boot tools directory) to make boot images. Using ANDROID! format is discouraged because the loader code in the u-boot is buggy and may fail in some corner cases such as large images.
==== making a custom boot image ====
Code:
mkimage -A arm -O linux -T kernel -C none -a 0x80008000 -e 0x80008000 -n linux -d zImage vmlinux.uimg
#alternatively, just do that when compiling linux
#do not forget to add mkimage to your PATH variable
make uImage
==== making a custom boot script ====
Code:
mkimage -A arm -O linux -T script -C none -a 0x84000000 -e 0x84000000 -n android -d boot.scr boot.scr.uimg
===== Booting Modes =====
The bootloader supports several boot modes. Each boot mode is indicated by the color of the LED and activated by a combination of hardware buttons. It also supports the Android "reboot to recovery" and "reboot to bootloader" features
* Normal Boot -> no keys are pressed, cyan LED
* Recovery Boot -> Volume Up key pressed, green LED
* Custom Boot -> Volume Down key pressed, blue LED
* USB RNDIS mode -> both Volume keys pressed, purple LED
===== Pitfalls =====
* No Fastboot or DFU (RNDIS BOOTP is untested) -> not a big deal if you're chainloading, right?
* Serial number is always 0123456789abcdef or sth like that. Anyone to fix that?
* UART support is quirky. The device will likely hang if booted with the UART cable. Workaround: boot without the UART cable and plug right after the purple LED flashes.
===== A sample boot script for android =====
Make a boot.scr.uimg from it and push it to the correct location.
Code:
setenv bootargs "mem=1G vmalloc=768M omap_wdt.timer_margin=30 mms_ts.panel_id=18
no_console_suspend console=ttyFIQ0";
setenv loaddaddr 0x82000000;
setenv devtype mmc;
setenv devnum 0;
setenv kernel_part 0xc;
setenv kernel_name /media/boot/vmlinux.uimg;
echo Load Address: ${loaddaddr};
echo cmdline:${bootargs};
if ext4load ${devtype} ${devnum}:${kernel_part} ${loaddaddr} ${kernel_name}; then
bootm ${loaddaddr};
exit 0;
elif ext2load ${devtype} ${devnum}:${kernel_part} ${loaddaddr} ${kernel_name}; then
bootm ${loaddaddr};
exit 0;
else
echo failed to boot custom image;
fi

Nice!
Before there actually wasn't any dual boot stuff for Nexus but now there is really much....
I will laugh if someone ports still another dual boot loader to Nexus, E.g BootiQi dual boot loader or what it is..., (for Jét it is JétQi) but I don't remember the original dual boot files names...

Any toro support?
Sent from my Galaxy Nexus using xda app-developers app

saber.srod said:
Any toro support?
Sent from my Galaxy Nexus using xda app-developers app
Click to expand...
Click to collapse
You may try it out. It is flashed instead of kernel, not overwriting the bootloader, so should be safe. As we don't have any Toro devices, we're not particularly interested in providing support for them unless someone steps up with a patch

Also, make sure to have an old version of x-loader (PRIMEKK14) because newer ones have the security hole which allowed booting unsigned bootloaders fixed.
Click to expand...
Click to collapse
do you have PRIMEKK14 file?
cause I couldn't find it on this thread:
http://forum.xda-developers.com/showthread.php?t=1587498
or this one is PRIMEKK14?
http://ksyslabs.org/lib/exe/fetch.php?media=gnex-xloader-working.img
any enlightenment please?

savantist said:
do you have PRIMEKK14 file?
cause I couldn't find it on this thread:
http://forum.xda-developers.com/showthread.php?t=1587498
or this one is PRIMEKK14?
http://ksyslabs.org/lib/exe/fetch.php?media=gnex-xloader-working.img
any enlightenment please?
Click to expand...
Click to collapse
The latter one is the one I'm using on my phone so it should work.

sp3dev said:
The latter one is the one I'm using on my phone so it should work.
Click to expand...
Click to collapse
I wanna use the chainloaded method, so first thing I should do is fastboot-ing that .img just like another bootloader file? then chainload the u-boot file?
but it looks like I'm replacing samsung SBL (replacing SBL method) if I do that, doesn't it?

savantist said:
I wanna use the chainloaded method, so first thing I should do is fastboot-ing that .img just like another bootloader file? then chainload the u-boot file?
but it looks like I'm replacing samsung SBL (replacing SBL method) if I do that, doesn't it?
Click to expand...
Click to collapse
Yes, you can actually fastboot it via
"fastboot flash:raw boot u-boot.img"
and no, you don't need to mess with xloader for chainloading

sp3dev said:
Yes, you can actually fastboot it via
"fastboot flash:raw boot u-boot.img"
and no, you don't need to mess with xloader for chainloading
Click to expand...
Click to collapse
so it's ok to do chainloading in PRIMELC03 bootloader? If yes, I'm success...

finally "The Great Sp3dev"
nice work like always,
playing with it now,let's see where it goes
Sent from my Galaxy Nexus using xda premium

sp3dev said:
The latter one is the one I'm using on my phone so it should work.
Click to expand...
Click to collapse
ah, I bricked my phone with your gnex-xloader-working using following script... It is only 128K. Is that right?
Code:
cat /sdcard/gnex-xloader-working.img > /dev/block/platform/omap/omap_hsmmc.0/by-name/xloader
Is PRIMEKK14 bootloader the only one to work since we only have http://forum.xda-developers.com/showthread.php?t=1587498 this thread for bootloader and there's no flashable version of PRIMEKK14?
I use OMAPFlash to save it having PRIMEKK15 bootloader and I do not have the courage to do it again...

dlhxr said:
ah, I bricked my phone with your gnex-xloader-working using following script... It is only 128K. Is that right?
Code:
cat /sdcard/gnex-xloader-working.img > /dev/block/platform/omap/omap_hsmmc.0/by-name/xloader
Is PRIMEKK14 bootloader the only one to work since we only have http://forum.xda-developers.com/showthread.php?t=1587498 this thread for bootloader and there's no flashable version of PRIMEKK14?
I use OMAPFlash to save it having PRIMEKK15 bootloader and I do not have the courage to do it again...
Click to expand...
Click to collapse
Oh well, I specially edited the post so that chainloaded users don't flash loader. You only need the xloaded if you flash u-boot instead of SBL. Otherwise, treat u-boot just as linux kernel.
As for replacing bootloader, I guess PRIMEKK15 should also work, I just didn't notice when the security check was introduced. Yeah, use OMAPFlash to recover anyway. And note that you cannot use my precompiled u-boot to replace SBL. As written in the beginning of the post, you need to change a define in config and recompile because the load address and partition layout are different for chainloading and direct booting cases.

Very nice! Keep the good work up! :good:

sp3dev said:
Oh well, I specially edited the post so that chainloaded users don't flash loader. You only need the xloaded if you flash u-boot instead of SBL. Otherwise, treat u-boot just as linux kernel.
As for replacing bootloader, I guess PRIMEKK15 should also work, I just didn't notice when the security check was introduced. Yeah, use OMAPFlash to recover anyway. And note that you cannot use my precompiled u-boot to replace SBL. As written in the beginning of the post, you need to change a define in config and recompile because the load address and partition layout are different for chainloading and direct booting cases.
Click to expand...
Click to collapse
Some feedback here. I flashed u-boot to boot partition and save the original boot image to /system/boot/vmlinux.uimg.
Without any key pressed it shows
Code:
Wrong Image Format for boot command
Error: can't get kernel image!
Not booting xxxxxxxxx
Fail to boot
The characters on the screen does not show well and some of them can't be recognized....
When I press the volume up, it boot into recovery.
When I press the volume down, it shows
Code:
File not found /media/boot/vmlinux.uimg
Unrecognized filesystem type
Fail to boot
Something is wrong with my procedure?

Another small question. I want to make a zip to flash the U-boot, but always failed. I have to use fastboot command to flash gnex-uboot-chainloaded.img to boot.img.
What is in my updater-script.
Code:
mount("ext4", "EMMC", "/dev/block/platform/omap/omap_hsmmc.0/by-name/system", "/system");
package_extract_file("gnex-uboot-chainloaded.img", "/tmp/gnex-uboot-chainloaded.img");
package_extract_file("META-INF/com/google/android/switch_boot.sh", "/tmp/switch_boot.sh");
set_perm(0, 0, 0777, "/tmp/switch_boot.sh");
run_program("/tmp/switch_boot.sh");
set_perm(0, 0, 0777, "/system/boot/vmlinux.uimg");
unmount("/system");
What is in my switch_boot.sh
Code:
#!/sbin/sh
cat /dev/block/platform/omap/omap_hsmmc.0/by-name/boot > /tmp/vmlinux.uimg
mkdir /system/boot
cp /tmp/vmlinux.uimg /system/boot/
cat /tmp/gnex-uboot-chainloaded.img /dev/block/platform/omap/omap_hsmmc.0/by-name/boot
It seems the last line doesn't work...
Code:
cat /tmp/gnex-uboot-chainloaded.img /dev/block/platform/omap/omap_hsmmc.0/by-name/boot
If I use the following command in updater-script,
Code:
package_extract_file("gnex-uboot-chainloaded.img", "/dev/block/platform/omap/omap_hsmmc.0/by-name/boot");
The device enters bootloader directly showing no boot image after reboot....

dlhxr said:
If I use the following command in updater-script,
Code:
package_extract_file("gnex-uboot-chainloaded.img", "/dev/block/platform/omap/omap_hsmmc.0/by-name/boot");
The device enters bootloader directly showing no boot image after reboot....
Click to expand...
Click to collapse
That's because SBL expects the boot partition to contain the image in ANDROID! format. It creates the image itself when you flash via fastboot with the ":raw" suffix.
Try that
Code:
mkbootimg --kernel gnex-uboot-chainloaded.img --ramdisk /dev/null -o u-boot.aimg
Not sure why the original boot image didn't work for you. Are you copying the boot.img to vmlinux.uimg or the raw zImage? you should do the former, the u-boot expects either the "ANDROID!" image or the one made with mkimage.
If anything, you could try repacking the boot image yourself or try mine to see if it boots (it's for jb 4.1.1 though)
http://rghost.ru/44686398

chainloading method, in fact it works on PRIMELC03 too...
btw,
if I flash the xloader (replacing bootloader method), then how am I gonna back to original samsung bootloader/PRIMELC03 since there isn't fastboot support in your u-boot bootloader?
using odin? or omapflash? :crying:
thanks.

savantist said:
chainloading method, in fact it works on PRIMELC03 too...
Click to expand...
Click to collapse
ok, I probably didn't make it clear enough. chainloading works with any bootloader and is safe.
savantist said:
btw,
if I flash the xloader (replacing bootloader method), then how am I gonna back to original samsung bootloader/PRIMELC03 since there isn't fastboot support in your u-boot bootloader?
using odin? or omapflash? :crying:
thanks.
Click to expand...
Click to collapse
if you can boot android or recovery, thenuse dd it to /dev/block/blah-blah-blah, otherwise - omapflash.

sp3dev said:
ok, I probably didn't make it clear enough. chainloading works with any bootloader and is safe.
if you can boot android or recovery, thenuse dd it to /dev/block/blah-blah-blah, otherwise - omapflash.
Click to expand...
Click to collapse
you wrote it on wrong part on first page yesterday, makes me little bit confused, but it's corrected now...
but to do "replacing bootloader method", one should flash PRIMEKK14 or PRIMEKK15 bootloader before, right?
wow... omapflash...

savantist said:
you wrote it on wrong part on first page yesterday, makes me little bit confused, but it's corrected now...
but to do "replacing bootloader method", one should flash PRIMEKK14 or PRIMEKK15 bootloader before, right?
wow... omapflash...
Click to expand...
Click to collapse
well, some bootloaders after PRIMEKK may work, but I have not tested and we had some new phones with the recent firmware versions from stock, and u-boot failed to work there until xloader was downgraded

[Multi Boot] Boot Menu

Multiboot for Sony Xperia Z1
How to install boot menu
- download bootmenu_honami.rar, extract folder "bootmenu" to the your internal storage
- put boot.img or kernel.elf to the mainrom folder, make sure thats the same kernel like your primary rom (aka main rom)
- download bootmenu.img from attachment, flash bootmenu.img using fastboot commnd: fastboot flash boot bootmenu.img
Since your bootmenu folder not contain settings.ini (you runing bootmenu at a first time) that will be created easily. You need to complete main step aka main rom creation:
1. (mainrom creation) reboot into bootmenu, chose "patch...", navigate to bootmenu, navigate to mainrom, select mainrom.zip package (make sure boot.img or kernel.elf is the same like your current main rom kernel, and make sure boot.img is in folder mainrom), select mainrom.zip and click "yes". Main rom will be added into boot menu entry. Now reboot again into boot menu and you will see new menuentry, chose these menu to boot into your primary rom!
2. (other roms creation - you can do only if you completed main rom step) reboot into bootmenu, chose "patch...", principe is diferent (there is 2 steps):
- step 1: chose rom zip you want to patch, patch them
- step 2: reboot again into boot menu (new rom entry will be displayed), select these rom to boot, on led blinking press to boot into cwm, now you are in cwm of these rom, now navigate to the same folder where is your package, you will find zip with appended name "patched.zip", chose these patched zip to install trought these recovery, you are done!
If something fail, make sure look into bootmenu folder into main script aka "multiboot.sh", try to fix-improve something Enjoy!
WARNING:
- NEVER RENAME FOLDERS OR ZIP ARCHIVES TO HAVE SPACE IN NAME SINCE BOOTMENU WILL NOT WORK!!! INSTEAD OF WRITING SPACE " " WRITE "_" SOMETHING_LIKE_THIS" !
- there is possibility for your partitions of the main rom to get overwriten if multiboot.sh fail to patch these rom you going to patch, just to let you know! Two click solution is in testing stage so there is probably a lot of bugs! I am not responsible if you lost your private data! So guys if you willing to help, I am waiting. Things need to be improved in multiboot.sh !

Here is full source code of the my bootmenu project -> https://github.com/munjeni/bootmenu_z1_and_z1c
Public License for BOOTMENU and for my Auxiliary Work
You can Distribute my source without my Permissions. Distribution should include my XDA name 'munjeni' and Link to this 'BOOTMENU' thread in your Credits sections/About sections and Properly Visible to Human Eyes. If you use our source and have them modified, you need to make them public to everyone!!! If you not propertly use my source and you not give proper credit, and you not share your modified source code which is based on my source code, I will find you and I will report your post!
And... If You Like my BOOTMENU... Remember to Press...Thanks button

Credits
- @abbychauhan first one who helped me in testing boot menu, thanks!
- @krabappel2548 for kernel with kexec! I have used his kexec kernel in our boot menu for Z1, thanks!
- @HypoTurtle for sugestions, thanks!
- @DooMLoRD for opening my eyes since I had a wrong kernel on my local hard drive
- @SafiXS , @Chocolatetrain, @ntmohammad ...sory if I forgot someone, thanks to all for testing!

"Post Updated on 22/06/2014"
MultiBoot Totally Simplified (Noob Friendly)
Whole Multiboot Procedure for better understanding..
We will do this in two parts procedure as Follows -
Part 1 -
First we will do the mainrom creation. "Mainrom" - The ROM which is Currently installed on your phone.
1. First Download bootmenu_honami.rar, extract folder "bootmenu" to your Phone's Internal storage
2. Put boot.img or kernel.elf (Of the ROM which is Currently installed on your phone) to the mainrom folder (its in the bootmenu folder) of extracted rar file,
make sure thats the same kernel i.e, boot.img or kernel.elf like your primary rom of yours which is currently installed
boot.img - you can extract it from the ROM zip file or Custom Kernel zip file eg. ROM.zip or Doomloards Kernel zip
Kernel.elf - U ll have to convert kernel.sin from ROM zip file to kernel.elf via Flashtool (It has got option to do that)
3. Download bootmenu.img from attachment, flash bootmenu.img using fastboot commend: fastboot flash boot bootmenu.img
4. Reboot into bootmenu, choose "patch...", navigate to mainrom folder (it has to be in the internal memory, inside the folder bootmenu),
select mainrom.zip package (make sure boot.img or kernel.elf is the same like your current main rom kernel, and make sure boot.img or kernel.elf is in folder "mainrom" ),
select mainrom.zip and click "yes". Main rom will be added into boot menu entry.
Now reboot again into boot menu and you will see new Entry Mainrom and Mainrom - CWM, choose Mainrom from Multiboot Menu to boot into your primary rom or Choose mainrom - CWM to go into mainrom Recovery
Part 2 -
Other ROMs creation - You can do it only if you completed main rom step)
1. Reboot into bootmenu, chose "patch...",
2. Navigate to Second ROM ZIP file
(Keep it anywhere in External Memory Card Because you wont be able to access Internal Memory of your Phone via another ROM Recovery due to change of Partitions, All ROMs will be installed on Internal Memory),
Choose ROM zip you want to patch, patch them
3. Reboot again into boot menu (new ROM entry will be displayed), go into ROM - CWM to go into Recovery of the particular ROM,
Now you are in Recovery of New ROM, Go to install ZIP (Installation of ROM) and
navigate to the same folder where you kept the ROM ZIP file (on External Card Memory),
you will find a new zip with appended name "patched.zip",
chose these patched zip to install trough the Recovery,
4. Flash C6902 fix, if u have C6902 Device (keep it On External Memory too),
5. Boot into ROM then Do a REBOOT and again go to Secondary ROM - CWM
6. Flash Gapps (keep it On External Memory too)
7. Flash Any Mod or anything if you wanted to flash for Your ROM (keep it On External Memory too)
Except Custom Kernels or Something that will wipe bootmenu.img ( Its WIP you can check out the Conversations on Page 48/49/50 )
8. Do Reboot
9. In Bootmenu Select the Newly installed ROM.
You are done!
Enjoy!
Common Questions -
1. How many ROMs I can Install?
Answ - http://forum.xda-developers.com/showpost.php?p=53236187&postcount=399
2. How to go from One ROM Partation to Another ROM Partation via File Explorer?
Answ - http://forum.xda-developers.com/showpost.php?p=53318812&postcount=476
3. How to get kernel.elf?
Answ - http://forum.xda-developers.com/showpost.php?p=53234909&postcount=384
and http://forum.xda-developers.com/showpost.php?p=53234988&postcount=386
and http://forum.xda-developers.com/showpost.php?p=53235075&postcount=387
4. How to take Screenshot of CWM?
Answ - http://forum.xda-developers.com/showpost.php?p=53229901&postcount=358
and http://forum.xda-developers.com/showpost.php?p=53230193&postcount=362
5. We get ROM updates now and then how do we do it? If we want to remove The Whole Multiboot Thing or a ROM from Bootmenu and to uninstall it completely from our phone then what is the procedure?
Answ - http://forum.xda-developers.com/showpost.php?p=53076327&postcount=277
and http://forum.xda-developers.com/showpost.php?p=53077937&postcount=281
6. Stock Based ROMs ask to flash the Stripped FTF via flashtools in the END, if we keep Stock based ROMs as Secondary ROMs then how will it work then, it will wipe other ROMs Kernal and bootmenu kernal?
Answ - Its Hard but http://forum.xda-developers.com/showpost.php?p=53150024&postcount=325
and http://forum.xda-developers.com/showpost.php?p=53150187&postcount=326
7. Power Off Charging?
Answ - http://forum.xda-developers.com/showpost.php?p=53144286&postcount=322
8. The partition made by Multi Boot for other ROMs is very small, Why is that? Can it be increased?
Answ - http://forum.xda-developers.com/showpost.php?p=53116039&postcount=313
and http://forum.xda-developers.com/showpost.php?p=53118687&postcount=316
and http://forum.xda-developers.com/showpost.php?p=53118722&postcount=317
9. I want to change the name of "mainrom" and Secondary ROM names in boot menu?
Answ - http://forum.xda-developers.com/showpost.php?p=53107296&postcount=307
10. Gapps on Primary ROM?
Answ - http://forum.xda-developers.com/showpost.php?p=53027261&postcount=240
11. Main ROM Update / MainROM Kernal Change?
Answ - http://forum.xda-developers.com/showpost.php?p=53565558&postcount=571

Complicated and not for noobs, but hope some one do it for you if you are confused! Seccond tut will be more complicated since all ramdisks need to be moded specialy for every each android which you going to boot. I will try to explain

munjeni said:
Complicated and not for noobs, but hope some one do it for you if you are confused! Seccond tut will be more complicated since all ramdisks need to be moded specialy for every each android which you going to boot. I will try to explain
Click to expand...
Click to collapse
Ya this thread really need a helpful Dev. Who will answer all questions.. And Of course not for noobs.. I think i ll scratch my head all night..
Sent from my Micromax A110Q using Tapatalk

@munjeni Is this same as XGo Muilti Boot?That is very harder to install.
Sent from my C6903 using XDA Premium 4 mobile app

Awesome work :good:
Could you please give me some instructions on how to add your multiboot to a host kernel when building from source?
I'm working on a kernel for the z1, and I have krabappel's kexec patch implemented.

Androguide.fr said:
Awesome work :good:
Could you please give me some instructions on how to add your multiboot to a host kernel when building from source?
I'm working on a kernel for the z1, and I have krabappel's kexec patch implemented.
Click to expand...
Click to collapse
Simple extract ramdisk and make boot.img with your kernel! I will upload new version now, version v1.1 (support for booting from booth internal and external sdcard)! Since booting from extrernal sdcard sause some lags if sd cards is not "best speed", recomended is booting from internal sdcard since performance is the same like booting from regular boot! Wait a moment, going to upload new version in next 10 minutes! When I get more free time I will give you preconfigured menu entry with installed CM11 into file partitions so you can multiboot them without needs for lookig into our tutorials, you will simple extract them and boot

New version of the bootmenu is out, enjoy!
Changelog:
- support for booting from booth internal or external sdcard
- fixed bug with reboot timer when there is no rom in settings ini or when there is no bootmenu folder

I'll try to release the multiboot I was working on. It is a lot easier for users then all this editing probably
Sent from my C6903 using xda app-developers app

krabappel2548 said:
I'll try to release the multiboot I was working on. It is a lot easier for users then all this editing probably
Sent from my C6903 using xda app-developers app
Click to expand...
Click to collapse
We all will be very thankful to u
Sent from my Xperia Z1 using Tapatalk

krabappel2548 said:
I'll try to release the multiboot I was working on. It is a lot easier for users then all this editing probably
Sent from my C6903 using xda app-developers app
Click to expand...
Click to collapse
How you think to make that simple? Since external partitions is needed, allso since standard flashable zips will allso need to be modified in updater-script, allso since ramdisks need to be modified, all fstabs need to be modified, DTB need to be appended propertly to the zImage in order to boot them with kexec... a lot of other things, I think easy method is not possible definitely! Maybe a am wrong?
I have 2 ideas now for my boot menu:
- create 3 partitions (probably will open a new thread for sharing diferent partitions layout, for example cache 50mb, cache 100mb, cache 150mb, cache 200mb, system 500mb, system 1gb, system 1.6gb, data 500mb, data 1gb, data 2gb...) so after compresing them to rar size of the archive will be ~100mb
- or maybe we can implement on the fly partitions creation by the updter-script
Problem will be kernel and ramdisk since it need modification. Maybe we can ask devs to include ramdisk and kernel for multiboot in his posts.
I am out of ideas, but I think we need to make automated tool for these things. If you guys have idea please comment!
Tool needed:
- tool for extracting boot image and making zImage-dtb
- tool for extracting ramdisk, making changes needed for boot from loop device, compresing modified ramdisk
- tool for partitions creation with defined size and defined path for puting them to defined folder
- tool for entry in settings.ini creation

Partition creation is easy. There is few steps to create file based partition:
1. first of all - how to calculate size of the partition:
Simple using calculator. Formula is: (size * 1024 * 1024) / 4096
Foe example: you want 500mb partition, ok, formula is: (500 * 1024 * 1024) / 4096
So command for making them with adb will be:
adb shell
mkdir /data/media/0/bootmenu/folder_you_want
dd if=/dev/zero of=/data/media/0/bootmenu/folder_you_want/system.ext4 bs=4096 count=count_from_your_calculation
dd if=/dev/zero of=/data/media/0/bootmenu/folder_you_want/data.ext4 bs=4096 count=count_from_your_calculation
dd if=/dev/zero of=/data/media/0/bootmenu/folder_you_want/cache.ext4 bs=4096 count=count_from_your_calculation
Click to expand...
Click to collapse
2. get UUID of the system partition (need for step 3):
blkid /dev/block/platform/msm_sdcc.1/by-name/system
Click to expand...
Click to collapse
3. format created partiton:
losetup /dev/block/loop1 /data/media/0/bootmenu/folder_you_want/system.ext4
losetup /dev/block/loop2 /data/media/0/bootmenu/folder_you_want/data.ext4
losetup /dev/block/loop3 /data/media/0/bootmenu/folder_you_want/cache.ext4
mke2fs -T ext4 -O has_journal,ext_attr,resize_inode,filetype,extent,sparse_super,large_file,uninit_bg -U paste here your UUID -I 256 /dev/block/loop1
mke2fs -T ext4 -O has_journal,ext_attr,resize_inode,filetype,extent,sparse_super,large_file,uninit_bg -U paste here your UUID -I 256 /dev/block/loop2
mke2fs -T ext4 -O has_journal,ext_attr,resize_inode,filetype,extent,sparse_super,large_file,uninit_bg -U paste here your UUID -I 256 /dev/block/loop3
tune2fs -o journal_data_writeback /dev/block/loop2
tune2fs -o journal_data_writeback /dev/block/loop3
losetup -d /dev/block/loop1
losetup -d /dev/block/loop2
losetup -d /dev/block/loop3
Click to expand...
Click to collapse
Partitions created easily
Note:
These things must be done while you are in bootmenu since I am not sure if mke2fs, blkid and tune2fs tool is available while you are on android! So you can done that in bootmenu via adb!

CWM ramdisk modifications
all fstabs need to be modified, for example fstab.qcom:
Code:
/dev/block/platform/msm_sdcc.1/by-name/boot /boot emmc defaults recoveryonly
/dev/block/platform/msm_sdcc.1/by-name/system /system ext4 ro,barrier=1 wait
/dev/block/platform/msm_sdcc.1/by-name/cache /cache ext4 noatime,nosuid,nodev,barrier=1,data=ordered,nomblk_io_submit,noauto_da_alloc,errors=panic wait,check
/dev/block/platform/msm_sdcc.1/by-name/userdata /data ext4 noatime,nosuid,nodev,barrier=1,data=ordered,nomblk_io_submit,noauto_da_alloc,errors=panic wait,check,encryptable=footer,length=-16384
remove line:
/dev/block/platform/msm_sdcc.1/by-name/boot /boot emmc defaults recoveryonly
Click to expand...
Click to collapse
changed:
Code:
/dev/block/loop1 /system ext4 ro,barrier=1 wait
/dev/block/loop3 /cache ext4 noatime,nosuid,nodev,barrier=1,data=ordered,nomblk_io_submit,noauto_da_alloc,errors=panic wait,check
/dev/block/loop2 /data ext4 noatime,nosuid,nodev,barrier=1,data=ordered,nomblk_io_submit,noauto_da_alloc,errors=panic wait,check,encryptable=footer,length=-16384
In etc you can see another recovery.fstab, change them like you done for qcom.fstab!
init.rc:
write /sys/class/android_usb/android0/enable 0
write /sys/class/android_usb/android0/idVendor 18D1
write /sys/class/android_usb/android0/idProduct D001
write /sys/class/android_usb/android0/functions adb
write /sys/class/android_usb/android0/iManufacturer ${ro.product.manufacturer}
write /sys/class/android_usb/android0/iProduct ${ro.product.model}
write /sys/class/android_usb/android0/iSerial ${ro.serialno}
on boot
ifup lo
hostname localhost
domainname localdomain
Click to expand...
Click to collapse
add:
write /sys/class/android_usb/android0/enable 0
write /sys/class/android_usb/android0/idVendor 18D1
write /sys/class/android_usb/android0/idProduct D001
write /sys/class/android_usb/android0/functions adb
write /sys/class/android_usb/android0/iManufacturer ${ro.product.manufacturer}
write /sys/class/android_usb/android0/iProduct ${ro.product.model}
write /sys/class/android_usb/android0/iSerial ${ro.serialno}
on fs
wait /dev/block/platform/msm_sdcc.1/by-name/userdata
mkdir /sde
mount ext4 /dev/block/platform/msm_sdcc.1/by-name/userdata /sde rw wait
exec /sbin/losetup /dev/block/loop1 /sde/media/0/bootmenu/cm11/system.ext4
exec /sbin/losetup /dev/block/loop2 /sde/media/0/bootmenu/cm11/data.ext4
exec /sbin/losetup /dev/block/loop3 /sde/media/0/bootmenu/cm11/cache.ext4
on boot
ifup lo
hostname localhost
domainname localdomain
Click to expand...
Click to collapse
red line "cm11" mean that you have created cm11 folder in boot menu and use these folder for example for booting into cm11! On these "cm11" folder you have created partitons, ramdisks, kernel...etc!

munjeni said:
Problem will be kernel and ramdisk since it need modification. Maybe we can ask devs to include ramdisk and kernel for multiboot in his posts.
Click to expand...
Click to collapse
Yes that will do some work for the people.. Atleast Custom Kernal Devs can include it.
Sent from my Xperia Z1 using Tapatalk

ROM ramdisk modifications
For example CM11 ramdisk.
when you unpack cm11 boot.img, when you unpack ramdisk you will notice 2 ramdisks, one is rom ramdisk and one is recovery ramdisk (ramdisk.cpio and ramdisk.recovery.cpio). Look into previous post for CWM ramdisk modification.
Modification for ROM ramdisk (ramdisk.cpio):
init.rc file:
look for line "mkdir /system", added one line before these line: "mkdir /sde"
fstab.qcom:
the same like you done on CWM ramdisk!
init.qcom.rc:
look for lines:
on fs
mount_all ./fstab.qcom
setprop ro.crypto.fuse_sdcard true
Click to expand...
Click to collapse
add:
on fs
wait /dev/block/platform/msm_sdcc.1/by-name/userdata
mkdir /sde
mount ext4 /dev/block/platform/msm_sdcc.1/by-name/userdata /sde rw wait
exec /sbin/losetup /dev/block/loop1 /sde/media/0/bootmenu/cm11/system.ext4
exec /sbin/losetup /dev/block/loop2 /sde/media/0/bootmenu/cm11/data.ext4
exec /sbin/losetup /dev/block/loop3 /sde/media/0/bootmenu/cm11/cache.ext4
exec /sbin/e2fsck -y /dev/block/loop2
exec /sbin/e2fsck -y /dev/block/loop3
mount_all ./fstab.qcom
setprop ro.crypto.fuse_sdcard true
Click to expand...
Click to collapse
red line "cm11" mean that you have created cm11 folder in boot menu and use these folder for example for booting into cm11! On these "cm11" folder you have created partitons, ramdisks, kernel...etc!

updater script in rom zip modification
For example you want to install cm11 in multiboot, ok, download an rom, for example download CM11 by FXP or one by Cyanogenmod, open zip, find, open and modify updater-script and change all lines:
1. for system:
Code:
.........."/dev/block/platform/msm_sdcc.1/by-name/system"............
change to:
Code:
.............."/dev/block/loop1"..............
2. for userdata:
Code:
............."/dev/block/platform/msm_sdcc.1/by-name/userdata"............
change to:
Code:
..........."/dev/block/loop2"................
3. for cache:
Code:
........"/dev/block/platform/msm_sdcc.1/by-name/cache"..........
change to:
Code:
..........."/dev/block/loop3"...........
4. for boot:
Code:
.........."/dev/block/platform/msm_sdcc.1/by-name/boot".........
change to:
Code:
............"/dev/null"...........
Note:
To understand this step. You doing these modifications since you going to install rom to partitions which you created on your internal sdcard! For example: if you not modify ramdisk, your rom will be installed to your phone partitions instead of one created by you! So to install rom to partitions which you have created, you must modify updater script to point installation to install rom into partitions which you created earlier instead of intalling them to regular partition! If you install rom to regular partitions that mean you will overwrite your main rom and bootmenu, so you will boot into cm11 on reboot instead of buting into multiboot! Hope thing clear?

Creating menuentry for new rom in multiboot (boot menu) settings.ini
Since you created partitions, since you modified ramdsiks, since you created kernel (sorry I removed post entry related to kernel modification... I will instruct you later!), since you modified rom zip which you want to install... you are ready for flashing! Before flashing rom to partitions, you need to add menu entry in settings.ini of the bootmenu!
How to add new rom entry to boot menu:
For example you created all partitons in .../bootmenu/cm11 folder
For example you have system.ext4, data.ext4, cache.ext.4, initrd.gz (modified cm11 ramdisk), and Zimage-dtb (modified CM11 zImage) in cm11 folder
Ok now you can add menuentry to setting.ini:
[rom-1]
menutitle=CM11
kernel=/data/media/0/bootmenu/cm11/zImage-dtb
ramdisk=/data/media/0/bootmenu/cm11/initrd.gz
cmdline=no_need_anymore
Click to expand...
Click to collapse
You are done! Title you have defined in "menutitle" will be displayed in boot menu!
Now you need to boot into cm11. When you boot into cm11 you will get "timing for recovery boot, led light!", if everything is propertly modified in all of the things you will get lucky to see led light where you need to pres volume button to get into recovery! If you enter into cm11 recovery that mean that you are in sucess , Ok now install your modified rom zip package (in these step cm11 will be installed to partitions which you have created earlier) and you are done! Reboot and enjoy cm11 in multiboot! The same steps is for all roms which you want in multi boot! Max roms is 10!

Not for noobs but hope our things is clear now for experienced users?

Repack system.img with simg2img/mkuserimg

Has anyone been able to repack system.img using these tools? I've tried a couple variations of of parameters for mkuserimg, but everytime it gets stuck on the boot animation.
simg2img ./system.img system.raw
sudo mount -t ext4 -o loop system.raw ./mount/system/
sudo mkuserimg.sh -s mount/system/ system_new.img ext4 /system 3221028864
I've also tried
sudo mkuserimg.sh -s mount/system/ system_new.img ext4 /system 3195826176
Neither one works. The first one gets the file size of the .raw files to match, but the number of blocks (per tune2fs) differ. The second one gets the number of blocks to match, but not the .raw file sizes.
The base system.img I have flashes without any problems.
Appreciate any help!

Did you disabled the encryption in the boot.img ? It might be getting stuck since the signatures don't match. Have a look at the boot.img used to root. The fstab entries are relaxed. I think there is another change from stock.

gee one said:
Did you disabled the encryption in the boot.img ? It might be getting stuck since the signatures don't match. Have a look at the boot.img used to root. The fstab entries are relaxed. I think there is another change from stock.
Click to expand...
Click to collapse
Definitely using a boot.img with encryption disabled. Using this one: http://forum.xda-developers.com/apps/supersu/wip-android-6-0-marshmellow-t3219344
I've tried running both stock system.img through the repack process and a AOSP built system.img and both images stop working once run through mkuserimg
Maybe I'll give the ElementalX kernel a try.

Vernee Apollo Discoveries

I wanted to create a thread so as to report any unique findings from the internet realm and my own discoveries surrounding the Vernee Apollo Phone. The aim is to bring resources together to encourage development and to release utilities and roms.
Please post your own discoveries and updates!!!
This is NOT a "Vernee Apollo Lite" nor a "Vernee Apollo X" thread even though some information maybe relevant.
Device Name and Specs
Vernee Apollo.
Device Model =K15TA_A
Official Product Website
Official Product Forum
http://www.devicespecifications.com/
Vernee Apollo - Antutu Benchmark v6.2.7.
Score 92,235.
3D: 19159
UX: 38097
CPU: 27535
RAM: 7444
Helio X25 MT6797 Family System on a Chip (SoC) Comparison
Vernee Apollo deploys a X25 MT6797T.
https://en.wikipedia.org/wiki/MediaTek#Octa-_and_deca-core
https://www.mediatek.com/products/smartphones/mt6797-helio-x20
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
ADB and FASTBOOT Modes
The Vernee Apollo's bootloader supports Fastboot. The Recovery mode supports the Android Debugging Bridge (ADB) . To access, perform the button sequence below. A menu will appear allowing you to cycle through option to either boot into the recovery partitio,n or to start the Fastboot service.
ADB service is also available also within the Android desktop if you enable USB Debugging in the revealed developers settings menu. You will most likely need to accept a signed key issued from the managing computer for the service to communicate!
Accessing Bootloader Menu
Buttons: [Top-Volume] + [Power-Button] for 8 Seconds.
When the phone is shutdown, hold both buttons at same time from for 8 seconds. The Bootloader menu will appear and then release buttons.
Using Bootloader Menu
Button: [Top-Volume] = Cycle selection.
Button: [Bottom-Volume] = Choose selected item.
With the high screen resolution it maybe hard to see the text-options. There should be three;
1. Recovery, (Boot into Recovery partition with ADB.)
2. Fastboot, (Start Fastboot server.)
3. Normal. (Proceed to boot normally.)
Using Recovery Mode and Menu
When you boot the Recovery partition you will be meet with a failed Android icon on the stock Vernee release rom. ADB will be accessible from here. Note: The Recover menu will cause the ADB server to fail. If you want to display the recovery menu options then perform the following during the failed Android icon screen.
Buttons: [Top-Volume] + [Power-Button] pulsing till the menu appears.
Fastboot
If you plan to develop on your Apollo or to install future community roms then it's advisable to unlock your storage partitions. Unlocking will allow you to change partitions but doing so will void software warranty clauses, and in the process scrub all your personal data from the phone so it's best to do it before installing personal content.
To unlock the phone issue the following command through Fastboot. You will be asked to confirm.
Code:
fastboot oem unlock
Engineering Mode
Enter the following phone number in Android desktop
Code:
Dial *#*#3646633#*#*
Phone Test Options
Alternatively there is a phone test mode available at low level with less options. Whilst the phone is shutdown, press the following.
Buttons: [Bottom-Volume] + [Power-Button] for 8 Seconds.
A test menu will appear and is in simplified Chinese.
SIMS
If your phone is not receiving data over 4G or 3G, Google on another computer "apn" "YOURMOBILEPHONEPROVIDER" "YOURNATION". Example;
Code:
"apn" "vodafone" "uk"
You should find links to technical settings for your data provider's access. Then enter them in by navigating to;
Settings>More>Mobile network settings>Access point names>CLICK-YOUR-LOCKED-ON-PROVIDER>THEN-CONFIRM-SETTINGS
USB
Device USB Coding
Code:
System Mode:
ID 0e8d:201d MediaTek Inc.
ADB Mode:
ID 0e8d:2008 MediaTek Inc.
Fastboot Mode
ID 0bb4:0c01 HTC (High Tech Computer Corp.) Dream / ADP1 / G1 / Magic / Tattoo
Microsoft Windows VCOM Drivers
On Microsoft systems you will need to have drivers installed so as to communicate with the Mediatek phone.
MediaTek DA USB VCOM (Android) Driver 3.0.1504.0 for Windows 7/Windows 8.1
MediaTek DA USB VCOM (Android) Driver 3.0.1504.0 for Windows 10
UART Ability?
I haven't opened the phone yet but if anyone does please capture images of the circuit board. If there are UART pins on the board it may have a root shell piped to the interface. A UART (universal asynchronous receiver/transmitter) in this sense is a device that couples serial communications port to USB to run a terminal over.
Vernee Official Rom Images & "Over The Air" Updates
Official Product Downloads/Support
VerneeX25_Recovery_OriginalStock_v1p0 (Thx to Relief66)
Download (2016-12) ROM "full_k15ta_a-ota-1482441792.zip"
Download (2017-01) ROM "full_k15ta_a-ota-1484567521.zip" (Creating .img from .dat files works!)
Download (2017-07) ROM "full_k15ta_a-ota-1499861676.zip"
Download (2017-07) OTA Patch "20170712201130-OTA.rar"
Note: "20170712201130-OTA.rar" is only designed to update "full_k15ta_a-ota-1482441792.zip" image.
Flashing Partitions
There are three main ways to flash;
1. using "Smart Phone Flash Tool",
2. Fastboot flash command,
3. via internal software like a root bash shell or routine from recovery.
Partition Table
Code:
system logical drive = 2621.44MB [= 2684354560 bytes = 5242880 x 512blocks]
recovery logical drive = 16.384MB
Scatter file from OTA
----------------------------
preloader 0x0
pgpt 0x0
recovery 0x8000
para 0x1008000
custom 0x1088000
expdb 0x13c88000
frp 0x14688000
nvcfg 0x14788000
nvdata 0x14f88000
metadata 0x16f88000
protect1 0x18f88000
protect2 0x19788000
seccfg 0x1a000000
oemkeystore 0x1a800000
proinfo 0x1aa00000
md1img 0x1ad00000
md1dsp 0x1c500000
md1arm7 0x1c900000
md3img 0x1cc00000
scp1 0x1d100000
scp2 0x1d200000
nvram 0x1d300000
lk 0x1d800000
lk2 0x1d880000
boot 0x1d900000
logo 0x1e900000
tee1 0x1f100000
tee2 0x1f600000
keystore 0x1fb00000
system 0x20800000
cache 0xc0800000
userdata 0xdb000000
flashinfo 0xFFFF0080
sgpt 0xFFFF0000
recovery.fstab
------------------
# mount point fstype device [device2]
/boot emmc boot
/cache ext4 /dev/block/mmcblk0p4
/data ext4 /dev/block/mmcblk0p5
/misc emmc misc
/recovery emmc recovery
/sdcard vfat /dev/block/mmcblk0p6
/system ext4 /dev/block/mmcblk0p3
live fstab via "cat /fstab.mt6797"
------------------------------------------
# 1 "vendor/mediatek/proprietary/hardware/fstab/mt6797/fstab.in"
# 1 "<built-in>"
# 1 "<命令行>"
# 1 "vendor/mediatek/proprietary/hardware/fstab/mt6797/fstab.in"
# 20 "vendor/mediatek/proprietary/hardware/fstab/mt6797/fstab.in"
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/system /system ext4 ro wait
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/userdata /data ext4 noatime,nosuid,nodev,noauto_da_alloc,discard wait,check,resize,encryptable=/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/metadata,
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/cache /cache ext4 noatime,nosuid,nodev,noauto_da_alloc,discard wait,check
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/protect1 /protect_f ext4 noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc wait,check,formattable
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/protect2 /protect_s ext4 noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc wait,check,formattable
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/nvdata /nvdata ext4 noatime,nosuid,nodev,noauto_da_alloc,discard wait,check,formattable
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/nvcfg /nvcfg ext4 noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc wait,check,formattable
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/custom /custom ext4 ro wait
/devices/mtk-msdc.0/11230000.msdc0* auto vfat defaults voldmanaged=sdcard0:auto
/devices/mtk-msdc.0/11240000.msdc1* auto auto defaults voldmanaged=sdcard1:auto,encryptable=userdata
/devices/soc/11270000.usb3_xhci* auto vfat defaults voldmanaged=usbotg:auto
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/frp /persistent emmc defaults defaults
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/nvram /nvram emmc defaults defaults
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/proinfo /proinfo emmc defaults defaults
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/lk /bootloader emmc defaults defaults
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/lk2 /bootloader2 emmc defaults defaults
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/para /misc emmc defaults defaults
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/boot /boot emmc defaults defaults
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/recovery /recovery emmc defaults defaults
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/logo /logo emmc defaults defaults
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/expdb /expdb emmc defaults defaults
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/seccfg /seccfg emmc defaults defaults
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/tee1 /tee1 emmc defaults defaults
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/tee2 /tee2 emmc defaults defaults
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/scp1 /scp1 emmc defaults defaults
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/scp2 /scp2 emmc defaults defaults
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/md1img /md1img emmc defaults defaults
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/md1dsp /md1dsp emmc defaults defaults
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/md1arm7 /md1arm7 emmc defaults defaults
/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/md3img /md3img emmc defaults defaults
Raw block partition label and user/group
-----------------------------------------------------
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/proinfo u:object_r:nvram_device:s0
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/nvram u:object_r:nvram_device:s0
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/nvdata u:object_r:nvdata_device:s0
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/frp u:object_r:frp_block_device:s0
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/expdb u:object_r:expdb_block_device:s0
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/misc2 u:object_r:misc2_block_device:s0
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/logo u:object_r:logo_block_device:s0
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/para u:object_r:para_block_device:s0
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/tee1 u:object_r:tee_block_device:s0
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/tee2 u:object_r:tee_block_device:s0
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/seccfg u:object_r:seccfg_block_device:s0
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/userdata u:object_r:userdata_block_device:s0
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/cache u:object_r:cache_block_device:s0
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/recovery u:object_r:recovery_block_device:s0
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/protect1 u:object_r:protect1_block_device:s0
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/protect2 u:object_r:protect2_block_device:s0
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/keystore u:object_r:keystore_block_device:s0
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/oemkeystore u:object_r:oemkeystore_block_device:s0
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/boot u:object_r:boot_block_device:s0
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/persist u:object_r:persist_block_device:s0
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/system u:object_r:system_block_device:s0
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/nvcfg u:object_r:nvcfg_block_device:s0
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/md1img u:object_r:md_block_device:s0
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/md1dsp u:object_r:dsp_block_device:s0
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/md1arm7 u:object_r:md_block_device:s0
/dev/block/platform/mtk-msdc\.0/[0-9]+\.msdc0/by-name/md3img u:object_r:md_block_device:s0
On my rooted phone I can check the UUID of the partitions. (You may need BusyBox installed to use blkid command!).
Code:
adb shell
su
blkid
displays;
Code:
/dev/block/loop0: LABEL="iAmCdRom" TYPE="iso9660"
/dev/block/loop1: UUID="57f8f4bc-abf4-655f-bf67-946fc0f9f25b" TYPE="ext4"
/dev/block/zram0: TYPE="swap"
/dev/block/mmcblk0p3: LABEL="custom" UUID="0f1095f4-0ece-e656-b6ac-e2ce104d5722" TYPE="ext4"
/dev/block/mmcblk0p6: UUID="57f8f4bc-abf4-655f-bf67-946fc0f9f25b" TYPE="ext4"
/dev/block/mmcblk0p7: UUID="57f8f4bc-abf4-655f-bf67-946fc0f9f25b" TYPE="ext4"
/dev/block/mmcblk0p9: UUID="57f8f4bc-abf4-655f-bf67-946fc0f9f25b" TYPE="ext4"
/dev/block/mmcblk0p10: UUID="57f8f4bc-abf4-655f-bf67-946fc0f9f25b" TYPE="ext4"
/dev/block/mmcblk0p28: LABEL="system" UUID="da594c53-9beb-f85c-85c5-cedf76546f7a" TYPE="ext4"
/dev/block/mmcblk0p29: UUID="57f8f4bc-abf4-655f-bf67-946fc0f9f25b" TYPE="ext4"
/dev/block/mmcblk0p30: UUID="57f8f4bc-abf4-655f-bf67-946fc0f9f25b" TYPE="ext4"
/dev/block/mmcblk1p1: UUID="0508-0E13" TYPE="vfat"
Modifying Partitions
Modify partitions often means Users hacking the commercial roms and that means extracting out the important files to work with. The most important blocks are the system-partition which holds the operating system, then the recovery-partition which pole vaults Users with low level tools and abilities, like startup phone root powers. Noting many modern phone root modes, deploy on the recovery-partition rather than modify the system-partition, so as to retain full compatibility and retention of abilities, when conducting "Over the Air" / OTA updates from the manufacturer.
There are two popular platforms to hack on. 1. on native Linux including the phone itself, and 2. on a Microsoft Windows platform with Linux style utilities.
To ready a partition, to then modify it, and to then save it for flashing has many steps. One should obtain the manufacturer's rom or OTA update, to seek out the latest images and files to utilise.
In this example of hacking an official rom, we will be using "full_k15ta_a-ota-1484567521.zip". Utility executables are readily available in repositories related to your Linux distribution, like AUR on Archlinux.
Linux - ACCESSING SYSTEM IMAGE TO MODIFY
1.) Extract the zip file to a new folder. The directory should be something like this structure.
Code:
.../tinysys-scp.bin
.../logo.bin
.../lk.bin
.../md1rom.img
.../system.patch.dat
.../type.txt
.../custom.new.dat
.../custom
.../custom/cip-build.prop
.../custom/app-res
.../custom/app-res/quicksearchbox-res
.../custom/app-res/quicksearchbox-res/quicksearchbox-res.apk
.../custom/app-res/android-res
.../custom/app-res/android-res/android-res.apk
.../custom/app-res/browser-res
.../custom/app-res/browser-res/browser-res.apk
.../custom/app-res/launcher3-res
.../custom/app-res/launcher3-res/launcher3-res.apk
.../custom/media
.../custom/media/audio
.../custom/media/audio/notifications
.../custom/media/audio/notifications/Leaf.ogg
.../custom/media/audio/notifications/Pure.ogg
.../custom/media/audio/notifications/Triumph.ogg
.../custom/media/audio/notifications/Vernee_n002.ogg
.../custom/media/audio/notifications/The_time_tunne.ogg
.../custom/media/audio/notifications/Jump.ogg
.../custom/media/audio/notifications/Whisper.ogg
.../custom/media/audio/notifications/Vernee_n001.ogg
.../custom/media/audio/notifications/Cuckoo.ogg
.../custom/media/audio/notifications/Cleverer.ogg
.../custom/media/audio/notifications/Meteor.ogg
.../custom/media/audio/notifications/Bongo.ogg
.../custom/media/audio/notifications/Ripples.ogg
.../custom/media/audio/notifications/Whistle.ogg
.../custom/media/audio/notifications/Gift.ogg
.../custom/media/audio/alarms
.../custom/media/audio/alarms/ClassicAlarm.ogg
.../custom/media/audio/alarms/Waltz.ogg
.../custom/media/audio/alarms/Vernee_a001.ogg
.../custom/media/audio/alarms/GoodLuck.ogg
.../custom/media/audio/alarms/Foredawn.ogg
.../custom/media/audio/alarms/Vernee_a002.ogg
.../custom/media/audio/alarms/MorningSunShine.ogg
.../custom/media/audio/alarms/Walking_in_the_rain.ogg
.../custom/media/audio/ringtones
.../custom/media/audio/ringtones/Call_of_love.ogg
.../custom/media/audio/ringtones/Spring.ogg
.../custom/media/audio/ringtones/New_life.ogg
.../custom/media/audio/ringtones/Menuet.ogg
.../custom/media/audio/ringtones/Vernee_r004.ogg
.../custom/media/audio/ringtones/Heartbeat.ogg
.../custom/media/audio/ringtones/Vernee_r005.ogg
.../custom/media/audio/ringtones/Technology.ogg
.../custom/media/audio/ringtones/Longing.ogg
.../custom/media/audio/ringtones/Vernee_r002.ogg
.../custom/media/audio/ringtones/Vernee_r003.ogg
.../custom/media/audio/ringtones/Westlake.ogg
.../custom/media/audio/ringtones/Vernee_r001.ogg
.../custom/media/audio/ringtones/Progress.ogg
.../custom/media/audio/ringtones/Journey.ogg
.../custom/media/audio/ringtones/GuitarPop.ogg
.../custom/media/audio/ringtones/Cloud.ogg
.../custom/media/audio/ringtones/Capriccioso.ogg
.../custom/media/audio/ringtones/IceWorldPiano.ogg
.../custom/plugin
.../custom/plugin/FwkPlugin
.../custom/plugin/FwkPlugin/FwkPlugin.mpinfo
.../custom/plugin/FwkPlugin/FwkPlugin.apk
.../custom/plugin/Signatures
.../custom/plugin/Signatures/mplugin_guard.xml
.../custom/etc
.../custom/etc/resources.xml
.../custom/bootani
.../custom/bootani/shutanimation.zip
.../custom/bootani/bootanimation.zip
.../custom/customprop
.../custom/customprop/custom.prop
.../system.new.dat
.../custom.patch.dat
.../md1arm7.img
.../md3rom.img
.../preloader_k15ta_a.bin
.../md1dsp.img
.../scatter.txt
.../custom.transfer.list
.../file_contexts
.../boot.img
.../META-INF
.../META-INF/CERT.SF
.../META-INF/MANIFEST.MF
.../META-INF/CERT.RSA
.../META-INF/com
.../META-INF/com/android
.../META-INF/com/android/metadata
.../META-INF/com/android/otacert
.../META-INF/com/google
.../META-INF/com/google/android
.../META-INF/com/google/android/update-binary
.../META-INF/com/google/android/updater-script
.../trustzone.bin
.../system.transfer.list
.../sdat2img.py
2.) the images we are looking for are either the system-partition or the recovery-partition to modify. In this case there is only the system and it's held in the file "system.new.dat", a 1.6 gigabyte file. We know from the partition tables above that the system-partition is 2.6GB wide, so this image is either compressed or short. Most partitions deployed on Android for updating are compressed in what's called a sparse format.
We need to uncompress any sparse file before we can work with it or mount it, but the issue in this case is the image is also in "dat" structure, which means we need to unsparse using structured data held in "system.transfer.list". Here we use "sdat2img" executable to create the file "system_fullsize.img";
Code:
sdat2img system.transfer.list system.new.dat system_fullsize.img
Alternatively if the file was not a dat format, we could simply unsparse using;
Code:
simg2img system.img system_fullsize.img
3.) Now that we have the full image we can mount it as a file-system to tinker with it. Example of making a mount point and mounting it;
Code:
sudo mkdir /system
sudo mount -t ext4 -o loop ./system_fullsize.img /system/
You can now modify the image simply by changing the files in the directory mounted on. After changes you can save out and attempting to flash it back to the phone for your custom system.
Linux - CAPTURING THE MOUNT BACK TO AN IMAGE FILE
1.) After we have modified the mounted system-partition we need to save it back out for flashing if you want to see your changes live on the phone.
Labelling (If desired). We can name the mount to enforce block-labels. In this case the loop device was "loop0" used to mount the image. (Check which loop-device was used when performing this. eg: lsblk) Here we are going to label it "system"..
Code:
e2label /dev/loop0 system
It maybe important to set the partition UUID the same as the manufacturer uses so the the mounting process finds the correct partition to mount at boot. We know the system partitions UUID from the above discovery details;
Code:
UUID="da594c53-9beb-f85c-85c5-cedf76546f7a"
We can set the mounted image's UUID to suit the original before creating a new;
Code:
sudo tune2fs /dev/loop0 -U da594c53-9beb-f85c-85c5-cedf76546f7a
Here we capture out the device to an "ext4" format file-system image. The length option, being 2684354560 bytes. Labelling option "-a" with name "system".
Code:
sudo make_ext4fs -s -l 2684354560 -a system system_modded.img /system/
2.) To flash your image, Android's recent "fastboot" utility will allow for unsparse and sparsed images to be flashed. I have broken down the fastboot process into each step.
CAUTION: fastboot writes over your phone's partition blocks. If you are not skilled in this area of computing them research "fastboot" before use.
Note: current I have not found out why this process is incompatible with Vernee Apollo. The images I write back are not operational even though they flash properly. My hunch is that I may need to enforce an ISO/image UUID the same as the manufacturers, but I haven't tested this yet.
Code:
fastboot -w
fastboot format system
fastboot flash system ./system_modded.img
If we want to sparse the file before flashing;
Code:
img2simg system_modded.img system_modded_sparse.img
If we want to create a sparse dat structured image;
Code:
img2sdat ./system_modded.img
Linux - ACCESSING RECOVER IMAGE TO MODIFY
An Android recovery image is really three items in one image. There is a compressed kernel (zImage) used to run a recovery system, a ramdisk (initrd.img), and configuration file. The ramdisk "initrd.img" holds the operating system files used by the recovery kernel. Note the bootimage partition/image is a similar structure to a recovery-image.
If you need a similar development community then the Xiaomi Redmi Pro is a similar phone due to its Mediatek Helio x25 but it uses a different cameras, screen and sensors. Modifying and tweaking settings in their recovery images can work on your Vernee Apollo X25.
To extract the sub held files (bootimg.cfg, zImage, initrd.img);
Code:
abootimg -x recovery.img
To unpack a ramdisk "initrd.img";
Code:
mkdir initrd
cd initrd
sudo zcat ../initrd.img | cpio -idmv
To pack files whilst in your ramdisk directory ''/initrd";
Code:
find . | cpio -o -H newc | gzip > ../newramdisk.cpio.gz
To pack back up components into a recovery rom;
Code:
abootimg --create recovery_new.img -f bootimg.cfg -k zImage -r initrd.img
Alternatively;
Code:
mkbootimg --cmdline 'no_console_suspend=1 console=null' --kernel ./zImage --ramdisk ./newramdisk.cpio.gz -o recovery_new.img
Software
Chainfire SuperSU Release Announcement
F-Droid. Alternative App Store for public domain software.
.

Known Recovery Image Developers
Cleopatra Bianchi
https://forum.xda-developers.com/general/rooting-roms/vernee-apollo-helio-x25-twrp-root-t3554788
Known ROM Developers
Cleopatra Bianchi
https://forum.xda-developers.com/general/rooting-roms/vernee-apollo-helio-x25-roms-fix-t3561019
Vernee Apollo X25 General Resource Sites
http://www.needrom.com/ Vernee/ApolloX25
.

Hardware
Protective Covers
Silicone and more rigid covers are becoming available for the Vernee Apollo. Make sure you don't get a Lite version as it wont fit.
Those looking for more range and are willing to mod, the Lenovo K5 Note is very similar in dimensions to the Apollo X25, but the headphone jack, volume and power buttons are slightly off. Modding a K5 Note case will require cutting holes for the headphone jack, buttons, speaker holes, and possibly for the flash. Clear covers will allow the flash to work. Make sure the camera and finger scanner is a complete open section on any K5 cover!
https://www.aliexpress.com/item/Ver...-Shell-Back-Cover-For-Vernee/32799796884.html

TWRP Vernee Apollo Helio X25
Cleopatra Bianchi said:
Click to expand...
Click to collapse
http://bbs.vernee.cc/forum.php?mod=viewthread&tid=1721&extra=page%3D1

Cleopatra Bianchi said:
http://bbs.vernee.cc/forum.php?mod=viewthread&tid=1721&extra=page%3D1
Click to expand...
Click to collapse
I left it up to you to post. I hope people comment on what they think. I'm working on my own images so I can't install others at the moment to give an opinion. Readers please note I can't verify the security on this share. Do not take any compromising actions.
I'm super busy so not sure when I will have my own solutions.

How I wish I had more knowledge. This piece of Hw (Raw Hw?) has a lot of potential, but lacks interest of any developer adapt/adopt it....
The conditions are there (lets hope the owners free the code, as they have done with its small brother), and let's hope there are enough and good drivers for the chosen Hw.
Just to encourage your efforts.
Regards

I agree
lots of good hardware and poor software...I hope in this community

At the moment I found these "bad" things about this phone:
1) you can't choose to view the battery percentage in the upper bar
2) you have to set the APN manually or you can't use internet
3) you can't turn volume up or down if the screen is switched off

I've kind of hit a wall with modding the system image to root it. The system images I produce are just not compatible with flashing. They flash but no desktop runs on the phone. Tried both sparse and raws. and I've got the partition size correct. Mount point is set properly to "system" and they're ext4 images.
I'm building Chainfire's version of ext4_utils, specifically the make_ext4fs util. If that doesn't work then I'll build Google's version. Long process as you need SELinux headers which takes ages to install. There maybe a bug in older versions that's causing the trouble. Other thoughts, there maybe a different padding method or bit plane for storing file system nodes. I may need SELinux builds of executables just to get the job done as I did notice in a hex.diff that the original image has SELinux stamps in it. I need more investigation to know why that's so.
It would be nice if Cleopatra Bianchi chimed in if She knows the issue or has even been down this road before, so to speak.

Hi, E8
Do not know even if this could be valuable, but the sources of the lite version are there. I suppose they are taking the same engineering approaches with the big brother... or not...
but would check
Regards

jrotaetxe said:
Hi, E8
Do not know even if this could be valuable, but the sources of the lite version are there. I suppose they are taking the same engineering approaches with the big brother... or not...
but would check
Regards
Click to expand...
Click to collapse
I'll look into it as the scripts may indicate the process to image creation. Cheers.

TWRP and ROOT - successfully tested !
https://forum.xda-developers.com/general/rooting-roms/vernee-apollo-helio-x25-twrp-root-t3554788

Such a cool phone, but sending it back. Doesn't work with US carriers

Stock firmware in Flash Tool
Cleopatra Bianchi said:
TWRP and ROOT - successfully tested !
https://forum.xda-developers.com/general/rooting-roms/vernee-apollo-helio-x25-twrp-root-t3554788
Click to expand...
Click to collapse
I look forward to flash the stock firmware in Flash Tool. I foolishly made a phone of brick, all backups lost.

stock firmware
myextasy said:
I look forward to flash the stock firmware in Flash Tool. I foolishly made a phone of brick, all backups lost.
Click to expand...
Click to collapse
A working stock firmware will be here very soon.
Please be patient, I am working on that.

Cleopatra Bianchi said:
A working stock firmware will be here very soon.
Please be patient, I am working on that.
Click to expand...
Click to collapse
Anyway to unlock bands to get it working in US ???

myextasy said:
I look forward to flash the stock firmware in Flash Tool. I foolishly made a phone of brick, all backups lost.
Click to expand...
Click to collapse
You can easily restore the phone using the official zip rom. Place it on a micro sdcard and install via the Bootloader menu. Instructions are on the forst comment on how to get to the bootloader menu and then recovery. If you're destroyed your recovery partition but still have fastboot access then you can use the system image within the official rom to flash the system partition with a bit of modifications.
I've been super busy so I haven't had the time to work on my own version of the TWRP Recovery.

How can I find the drivers ? When I google search I only find the one for Apollo lite

Do not believe you can "unlock" US bands, as they differ from EU/ASIA system.
Anyway, trying is (almost) free. The worst thing can happen is a brick
Regards