Develop Bugs

[REF] bml* partition layout

LAYOUT MAPPING COMPLETE! THANKS EVERYONE!​
based on XXJF5 stock 2.1#1
256 KB -- bml1, contain boot.bin (262144 bytes), Primary Boot Loader (low-level hardware initialization)
256 KB -- bml2, contains PIT file first 512 bytes
10240 KB -- bml3 /dev/block/stl3 /efs
1280 KB -- bml4 contain Sbl.bin (1310720 bytes) Secondary Boot Loader (loads the Linux kernel and passes the necessary arguments)
1280KB -- bml5 contains Secondary Boot Loader (for recovery, ect)
5120KB -- bml6 param.lfs /mnt/.lfs j4fs
7680KB -- bml7 contain zImage and initramfs
7680KB -- bml8 empty
293376KB -- bml9 factoryfs.rfs ( /system RFS Partition) /dev/block/stl9
137216KB -- bml10 dbdata.rfs ( /dbdata RFS Partition) /dev/block/stl10
35840KB -- bml11 cache.rfs ( /cache RFS Partition) /dev/block/stl11
12800KB -- bml12 modem.bin

Hello husq510
Thanks for this infos, i'll follow this thread closely because i'm looking for the place where ServiceMode settings are stored.

anyone tried writing to the bml directly?

husq510 said:
bash-3.2# ls -al /dev/block/bml*
1280 KB -- bml4 kernel (zImage)
293376KB -- bml9 factoryfs.rfs ( /system RFS Partition)
Click to expand...
Click to collapse
interesting. so ive dd the bml4 and bml9 of optus australia stock 19000DTJF3. now anyone want to point me in the direction of creating an odin package out of it.

i whoner .... how can bml4 be the zImage? bml4=1.2MB, zImage=5.8MB ?? also if it should just contain the kernel without initram, it's still about 2.6MB? any idea?

jodue said:
i whoner .... how can bml4 be the zImage? bml4=1.2MB, zImage=5.8MB ?? also if it should just contain the kernel without initram, it's still about 2.6MB? any idea?
Click to expand...
Click to collapse
you are right, cant be. then kernel must be in some other bml place, seems bml7.
gandalf:~/Desktop/android/bml ackie$ grep "booting the kernel" *
Binary file bml7.dump matches
gandalf:~/Desktop/android/bml ackie$ hexdump -n 128 bml7.dump | grep "e1a0 0000 e1a0"
0000000 0000 e1a0 0000 e1a0 0000 e1a0 0000 e1a0
0000020 0002 ea00 [2818 016f] [0000 0000] [a510 005b] <- zimage magic number 0x016F2818, start at 0x0, end at 0x005b10a5
0000030 7001 e1a0 8002 e1a0 2000 e10f 0003 e312
0000040 0001 1a00 0017 e3a0 3456 ef12 2000 e10f
0000050 20c0 e382 f002 e121 0000 0000 0000 0000
0000060 00d0 e28f 307e e890 0001 e050 000a 0a00
0000070 5000 e085 6000 e086 c000 e08c 2000 e082
0000080
Offset into zImage Value Description
0x24 0x016F2818 Magic number used to identify this is an ARM Linux zImage
0x28 start address The address the zImage starts at
0x2C end address The address the zImage ends at
so if you start at 0x0 of bml7 and read untill offset inside 0x2c for XXJF5 is 0x005b10a5 you have your zImage.

husq510 said:
so if you start at 0x0 of bml7 and read untill offset inside 0x2c for XXJF5 is 0x005b10a5 you have your zImage.
Click to expand...
Click to collapse
so is it safe to assume after 0x005b10a5 is the ram disk?

Hello Folks.
I found some interesting bits in bml12.
"Service Mode" datas strings are in it, like show these example :
Code:
strings ./bml12 | grep Diamond
[SND] TurnON UtaAudioModifyHf(prev_Diamond_mode:0x%x)
`[SND]DiamondVoice_GetMode : path = 0x%x, Diamond_mode = 0x%x
`[SND]DiamondVoice_GetMode : Diamond_mode = 0x%x
[SND]DiamondVoiceTXcfgMSG
`[SND] DiamondVoice_RxInit : DiamondVoice_Mode_v = 0x%x
Diamond Solution
[9] Diamond Solution
[SND]DiamondVoice_Config : DiamondVoice_Mode_v = 0x%x, Diamond_mode= 0x%x
strings ./bml12 | grep DEBUG
MN_GPS_DEBUG_INFO_CNF
GPS_DEBUG_INFO_CNF
[1] DEBUG SCREEN
[2] DEBUG INFO
DEBUG INFO
DEBUG MSG 115200
DEBUG MSG SETTING FAIL
DEBUG MSG 921600
DEBUG MSG ON
DEBUG MSG OFF
AUDIO_LIB_DSP_DEBUG_GRP1
AUDIO_LIB_DSP_DEBUG_GRP2
AUDIO_LIB_DSP_DEBUG_GRP3
AUDIO_LIB_DSP_DEBUG_GRP4
AUDIO_LIB_DSP_DEBUG_GRP5
AUD_LIB_DSP_DEBUG
IPC_MISC_PHONE_DEBUG
IPC_MISC_DEBUG_LEVEL
IPC_SVC_DEBUG_DUMP
IPC_SVC_DEBUG_STRING

And I found my IMEI number in bml3
edit :
+ some MAC hardware address too (but not the Wifi one)
+ the HW Version : MP 0.800
I guess that bml3 is device-specific.
But I don't know if it's the source of specific values or just contains copy of hardware-related data.
In the first case, modifying bml3 would allow to change IMEI or other sensitive values ^^

nonato said:
so is it safe to assume after 0x005b10a5 is the ram disk?
Click to expand...
Click to collapse
nope, to extract the ram disk, u hv to find the magic number of gz and extract the gzip image out... i was able to get the directory listing of the ramdisk but not the content..
the other problem is after u get the ramdisk and do any modifications, u hv to reverse the process.. not an easy job but if anyone found a solution, please share.
anyone try writing to the bml directly? dd doesnt seem to work
anyway, its possible to extract the image and use odin to flash after tar but if can write to bml directly, clockworkmod can effectively backup/restore the kernel.. (just a thought)

raspdeep said:
nope, to extract the ram disk, u hv to find the magic number of gz and extract the gzip image out... i was able to get the directory listing of the ramdisk but not the content..
the other problem is after u get the ramdisk and do any modifications, u hv to reverse the process.. not an easy job but if anyone found a solution, please share.
anyone try writing to the bml directly? dd doesnt seem to work
anyway, its possible to extract the image and use odin to flash after tar but if can write to bml directly, clockworkmod can effectively backup/restore the kernel.. (just a thought)
Click to expand...
Click to collapse
No, you cant write directly to bml.
Data write to a sector involves following sequence of low-level flash operations:
1. Block copy for back-up
2. Block erase
3. Copy back for non-modified pages
4. Writing the sector data to the modified page
These sequences of operations are not atomic, so a write request to this block device driver is prone to data corruption. For this reason, read-only file systems such as CRAMFS are adequate to run on top of this block device driver.

use this small script to extract your current zImage:
offset=`dd if=/dev/block/bml7 bs=1 skip=44 count=4 2>/dev/null| hexdump -e '1/4 "%d"' -e '"\n"'`
echo $offset
dd if=/dev/block/bml7 bs=1 count=$offset of=/sdcard/zImage_backup

husq510 said:
use this small script to extract your current zImage:
Click to expand...
Click to collapse
nice, thanks for sharing that!

i just extracted initramfs from bml7, file attached, unzip and cpio -i
some file differs from leshak:
modules/dpram.ko
modules/multipdp.ko
modules/dhd.ko
modules/stgloc
initramfs/init.rc
.info/rootfs.info
default.prop
init.smdkc110.sh
sbin/recovery
sbin/init

how do u extract this?
gunzip -c initrd-cpio.zip | cpio -i does not work.. gave errors

how did you dump and make the zip file you have attached?
thanks,
husq510 said:
i just extracted initramfs from bml7, file attached, unzip and cpio -i
some file differs from leshak:
modules/dpram.ko
modules/multipdp.ko
modules/dhd.ko
modules/stgloc
initramfs/init.rc
.info/rootfs.info
default.prop
init.smdkc110.sh
sbin/recovery
sbin/init
Click to expand...
Click to collapse

raspdeep said:
how do u extract this?
gunzip -c initrd-cpio.zip | cpio -i does not work.. gave errors
Click to expand...
Click to collapse
[email protected] you have to use unzip instead gzip, cuz forum dislike .gz format, so I had to use standard zip.
mkdir initramfs
mv initrd-cpio.zip initramfs
cd initramfs
unzip initrd-cpio.zio
cat initrd.cpio | cpio -i --no-absolute-filenames

Hey, did somebody already tried to dump one or some bml partitions and restore them later ?
I guess this could be the ultimate backup tool.

I took a look into this and found that
bml2 : PIT file is here
bml5 : Sbl.bin is here
I opened it with a Hexeditor and compared with things from the firmware.
My device is running on JP3, froyo, at the moment.

thanks i will update first post. layout mapping is complete now!

Your own logo.img in param.lfs

Hello,
I wanna share some information about param.lfs. As some people I tried to study this file. I tried to port j4fs driver to linux, but with no success yet.
But I have something. For those ROM-makers who want to insert their own logo right in the file for flashing it as a part of a ROM you can do the following:
1. Prepare your jpeg file, process it through jpeg optimizer (like xat.com JPEG optimizer). Size must not exceed 3FD1(HEX), or 16337Bytes. 480x800, 72dpi
2. Load this file (jpeg) in a HEX editor (WinHex) and copy it as a block
3. Load param.lfs
4. Overwrite two blocks in param.lfs by your image (just paste block in overwrite mode). First one - from offset B4000, second one - from 7F000. To double check - overwritten blocks should start with FF D8
That's all. Tar param.lfs as it used to do: tar -H ustar -с param.lfs > param.tar
and flash it via odin as PDA, or add to firmware then. You will obtain your own logo.jpg and logo_kor.jpg in /mnt/.lfs
So, you don't need to use special scripts to change splash-screen (mount .lfs and copy your logo.img into it). It will work with any kernel. Even on stock firmware you may have your own bootlogo.
Caution: Be careful. If you make something wrong, phone won't boot, because param.lfs is used by bootloader. At least /mnt/.lfs will be empty.
You may have black screen. Anyway you will be able to enter in 3-button mode to flash stock param.lfs back.
Of course that won't change bootlogo with yellow triangle because it "resides" in sbl.bin and very dangerous to be changed.
P.S. I was going to write a patch script, but decided not to do that.
Cheers

As a newbye, I found that very interesting to read
Thank you
1.
My original logo is 18.100 bytes and wonder if 3BB0(HEX) limit is accurate :/ :\ - while $B4000-$7F000=217.088 bytes
2.
On my param.lfs image, I searched for "FFD8 FFE0" and found other position for the JFIF files
Complete signature seems to be
"FFD8 FFE0"
"0010 4A46 4946 0001" for "..JFIF.."
3.
Linux support for j4fs would be great
4.
I wanted to know how to deal such a special "behaviour" into param.lfs partition: we can create files but not overwritten files...
Code:
[alpha] adb shell
$ su
# mount -o remount,rw -t j4fs /dev/block/stl6 /mnt/.lfs
# mount | grep ".lfs"
/dev/block/mmcblk0p4 on /mnt/.lfs type j4fs (rw,relatime)
#
# cd /mnt/.lfs
# rm -f logo.jpg
rm: can't remove 'logo.jpg': Operation not permitted
# echo "1. Impossible to delete logo.jpg"
1. Impossible to delete logo.jpg
#
# cp /mnt/sdcard/logo.jpg /mnt/.lfs/logo0.jpg
# ls -l /mnt/.lfs/logo0.jpg
-rwxrwxrwx 1 root root 19524 Jan 1 1970 /mnt/.lfs/logo0.jpg
# echo "2. copy onto /mnt/.lfs/ is possible"
2. copy onto /mnt/.lfs/ is possible
#
# cp -f logo0.jpg logo.jpg
cp: can't create 'logo.jpg': File exists
# echo "3. copy onto logo.jpg is impossible"
3. copy onto logo.jpg is impossible
#
# chattr -i logo.jpg
chattr: reading flags on logo.jpg: Not a typewriter
# rm -f logo.jpg
rm: can't remove 'logo.jpg': Operation not permitted
# exit
$ exit
[alpha] echo "Really strange for a file system ?"
Really strange for a file system ?
Is there a simple way to delete logo.jpg ?

Ivan_Belarus said:
Caution: Be careful. If you make something wrong, phone won't boot, because param.lfs is used by bootloader. At least /mnt/.lfs will be empty. You may have black screen. Anyway you will be able to enter in 3-button mode to flash stock param.lfs back.
Click to expand...
Click to collapse
First of all, thanks for sharing the info.
I tried it, no dice. Seems B4000 in the param.lfs I'm using (KI8) isn't the beginning of a JPEG. Tried other addresses that start with FF D8, with and w/o Exif, to no avail. All I have is an empty .lfs folder (as you said) and a boot message saying "logo.jpg" draw failed, but it boots eventually.
What am I missing?
TIA
param.lfs I'm using: http://www.mediafire.com/file/jw0x36z04fvp4eg/param.lfs
EDIT:
Wow! It took me a couple of hours, but I've finally found it in that param.lfs (XWKI8)!!!
In XWKI8 logo.jpg starts @ 7D800. Don't go beyond the length of the file you have already (in XWKI8, +/-15K), otherwise you'll get the "draw failed" boot error and an empty /mnt/.lfs - in this case, just reflash the stock param.lfs and you'll be ok.
Works great! I can sleep now!
Once more, thx a bunch Ivan_Belarus for sharing the info!
cheers!!!

geekmarc said:
1.My original logo is 18.100 bytes and wonder if 3BB0(HEX) limit is accurate :/ :\ - while $B4000-$7F000=217.088 bytes
2.On my param.lfs image, I searched for "FFD8 FFE0" and found other position for the JFIF files
Complete signature seems to be
"FFD8 FFE0"
"0010 4A46 4946 0001" for "..JFIF.."
4.I wanted to know how to deal such a special "behaviour" into param.lfs partition: we can create files but not overwritten files...
Is there a simple way to delete logo.jpg ?
Click to expand...
Click to collapse
1. Wrong operation. I have given the offsets only: for logo.jpg and logo_kor.jpg. I you want full addressing they are: B4000-B7FCF. It comes to 3FCF+2=3FD1. The second one is: 7F000-839B2. It comes to 49B2+2=49B4. (I've written 3BB0 - sorry I looked at my own block size. Fixed)
2. Yep, the jpeg header is bigger than word FF D8. You can google for jpeg header. But main two bytes are FF D8. The end is marked by FF D9. There are many jpeg files inside. I provided offsets for two ones.
4. You may look at Init.V scripts of Siyah kernel for example (/sbin/siyah/imports.sh)- there you may find all the commands for replace logo.jpg
I attached my original param.lfs (unchanged). I used it without problems on KI8
Heh, I didnt compare different param.lfs but now I see that there are different builds of param.lfs (thnx to rizdroid). So, I guess we're able to locate quickly the required offsets via block sizes and names. We need to find two blocks of size 3FD1 (starts with FF D8, ends with FF D9) and 49B4. They will be logo.jpg and logo_kor.jpg images. Before these blocks (about -7E1) you can find text 'logo.jpg' and 'logo_kor.jpg' accordingly. Don't try to locate them only by name!

someone help me out here... im trying to do this for the galaxy nexus but whenever i open my param.lfs file in a hex editor all i get is 0's theres nothing in it

Ivan_Belarus said:
1. Wrong operation. I have given the offsets only: for logo.jpg and logo_kor.jpg. I you want full addressing they are: B4000-B7FCF. It comes to 3FCF+2=3FD1. The second one is: 7F000-839B2. It comes to 49B2+2=49B4. (I've written 3BB0 - sorry I looked at my own block size. Fixed)
2. Yep, the jpeg header is bigger than word FF D8. You can google for jpeg header. But main two bytes are FF D8. The end is marked by FF D9. There are many jpeg files inside. I provided offsets for two ones.
4. You may look at Init.V scripts of Siyah kernel for example (/sbin/siyah/imports.sh)- there you may find all the commands for replace logo.jpg
I attached my original param.lfs (unchanged). I used it without problems on KI8
Heh, I didnt compare different param.lfs but now I see that there are different builds of param.lfs (thnx to rizdroid). So, I guess we're able to locate quickly the required offsets via block sizes and names. We need to find two blocks of size 3FD1 (starts with FF D8, ends with FF D9) and 49B4. They will be logo.jpg and logo_kor.jpg images. Before these blocks (about -7E1) you can find text 'logo.jpg' and 'logo_kor.jpg' accordingly. Don't try to locate them only by name!
Click to expand...
Click to collapse
WOOOOOOOOOOOOOOOOOOO !!!!! YEAH !!!!!! :good::good::good::victory::victory::victory:
@Ivan_Belarus, Thank you very much for the guide and help !!!!!
I was stack with that process of HEXing the param.lfs you provided because the image i made is SMALLER then 16337Bytes.
So I solved the "'logo.jpg' draw failed" problem I got ( becuase I changed only part of logo.jpg ) by filling "20" ( hex value ) all the cells between after my image FF D9 ( not included) and the original logo.jpg END ( FF D9 included ) as you wrote in your post: 1st jpg end is at B7FCF and the second is at 839B2.
I used the param.rar you provided.
To be clearer, for an example, let say I got this original param.lfs HEX segment:
Code:
[COLOR="red"]FFD8[/COLOR]FFE100184578EE55184D5331DA8831930800450007[COLOR="red"]FFD9[/COLOR]
But the image i want to implant is SMALLER , so it starts with "FFD8" and ends EARLIER with "FFD9" like:
Code:
[COLOR="red"]FFD8[/COLOR]FFE1008374597335734753745[COLOR="red"]FFD9[/COLOR]
So, I need to change param.lfs HEX segment so that it will include "20" after my image "FFD9":
Code:
[COLOR="red"]FFD8[/COLOR]FFE1008374597335734753745[COLOR="red"]FFD9[/COLOR][U][COLOR="Blue"]202020202020202020[/COLOR][/U]
About the need to TAR the param.lfs, because i'm on windows I used 7zip, so no need for linux of any sort.

rizdroid said:
First of all, thanks for sharing the info.
I tried it, no dice. Seems B4000 in the param.lfs I'm using (KI8) isn't the beginning of a JPEG. Tried other addresses that start with FF D8, with and w/o Exif, to no avail. All I have is an empty .lfs folder (as you said) and a boot message saying "logo.jpg" draw failed, but it boots eventually.
What am I missing?
TIA
param.lfs I'm using: http://www.mediafire.com/file/jw0x36z04fvp4eg/param.lfs
EDIT:
Wow! It took me a couple of hours, but I've finally found it in that param.lfs (XWKI8)!!!
In XWKI8 logo.jpg starts @ 7D800. Don't go beyond the length of the file you have already (in XWKI8, +/-15K), otherwise you'll get the "draw failed" boot error and an empty /mnt/.lfs - in this case, just reflash the stock param.lfs and you'll be ok.
Works great! I can sleep now!
Once more, thx a bunch Ivan_Belarus for sharing the info!
cheers!!!
Click to expand...
Click to collapse
Sorry to resurrect a REALLY old thread, but how did you manage to flash PARAM partition. It is in my .pit file from heimdall, but when I flash the partition, I simply see the old bootscreen.

hackintosh5 said:
Sorry to resurrect a REALLY old thread, but (...) .
Click to expand...
Click to collapse
It is OK to ask questions even if the thread is sooo old
But unfortunately I can't help you.

Iluvatar2000 said:
It is OK to ask questions even if the thread is sooo old
But unfortunately I can't help you.
Click to expand...
Click to collapse
Its fine! Thanks for your time!

[Q] Fastboot ``cannot load system.img''

I was flashing my yakjuxw over to yakju, when fastboot started failing to load system.img.
I have tried 4.0.2 and 4.0.1. Every image except for system.img works.
Code:
[[email protected] yakju-itl41f]# fastboot flash system system.img
error: cannot load 'system.img'
And it doesn't work using the zip either;
Code:
[[email protected] yakju-itl41f]# fastboot update *.zip
archive does not contain 'boot.sig'
archive does not contain 'recovery.sig'
failed to allocate 325426112 bytes
error: update package missing system.img
I am running Archlinux.
Somewhere in the ./flash-all.sh script my ``sdcard'' was wiped, so I've lost my nandroid(s), but I can boot CWM from my PC. Help?

Open the zip file in a explorer-window somewhere and locate the system.img file and then try the first one over again.
None of these files are magic and they are pretty easy to explore to find the components you are looking for.
Are you sure you've unpacked things correctly?
What does the output from "ls -la" run in the the same folder say?

josteink said:
Open the zip file in a explorer-window somewhere and locate the system.img file and then try the first one over again.
None of these files are magic and they are pretty easy to explore to find the components you are looking for.
Are you sure you've unpacked things correctly?
What does the output from "ls -la" run in the the same folder say?
Click to expand...
Click to collapse
I unpacked the zip, so all the images in it are in this folder, but here's the output:
Code:
[[email protected] yakju-itl41f]# ls -la
total 663156
drwxr-x--- 2 david users 4096 Jan 18 20:17 .
drwxr-xr-x 4 david users 4096 Jan 18 20:07 ..
-rw-r----- 1 david users 93 Nov 21 18:20 android-info.txt
-rw-r--r-- 1 david users 4151296 Jan 1 2009 boot.img
-rw-r----- 1 david users 2363392 Nov 24 09:44 bootloader-maguro-primekj10.img
-rwxr-x--- 1 david users 831 Nov 24 09:44 flash-all.sh
-rw-r----- 1 david users 189165717 Nov 24 09:44 image-yakju-itl41f.zip
-rw-r----- 1 david users 12583168 Nov 24 09:44 radio-maguro-i9250xxkk1.img
-rw-r--r-- 1 david users 4491264 Jan 1 2009 recovery.img
-rwxrwxrwx 1 david users 325426112 Jan 1 2009 system.img
-rw------- 1 david users 140856312 Nov 22 11:09 userdata.img

Did you actually ever unlock fast boot? Just guessing here, at this point.
Sent from my Galaxy Nexus using Tapatalk

redownload stock images?

just an update, this is solved. The solution was found in rebooting my pc, which is something I, as a Linux user, seldom do, and my laptop cannot be trusted to boot due to its buggy BIOS.
Sent from my Galaxy Nexus

Korntoff said:
just an update, this is solved. The solution was found in rebooting my pc, which is something I, as a Linux user, seldom do, and my laptop cannot be trusted to boot due to its buggy BIOS.
Sent from my Galaxy Nexus
Click to expand...
Click to collapse
Ridiculously old thread, I realize, so I feel kinda bad bumping it, but it's an early result on Google when searching for this problem, so I'll update a bit.
Rebooting will work, but isn't necessary, and is inconvenient. You just need to kill fastboot, it's hung with another process.
In linux, open up a terminal.
Code:
ps ax|grep fastboot
Note the PID(s)
Code:
kill -9 <PID1> <PID2>...<PIDn>

Another reason for this error is if you have device encryption enabled. In order to restore factory image, you first need to format /data to remove encryption.
I have no idea why this causes the error "cannot load system.img", but it definitely does.

Cerinthus said:
Ridiculously old thread, I realize, so I feel kinda bad bumping it,
In linux, open up a terminal...
Click to expand...
Click to collapse
Thanks for posting this.
In windows, I used task manager to find the ADB process and killed it, and then it worked fine.

groopk said:
Thanks for posting this.
In windows, I used task manager to find the ADB process and killed it, and then it worked fine.
Click to expand...
Click to collapse
To do this without searching thought task manager , just type "adb kill server " and then " adb start server" :thumbup:
Sent from my SCH-I605 using Tapatalk

quite an old thread again, but replying anyway.
The "failed to allocate ***** bytes" message means that it failed on memory of your computer, not on the storage of your phone.
Code:
fastboot.c
...
void *unzip_file(zipfile_t zip, const char *name, unsigned *sz)
{
...
*sz = get_zipentry_size(entry);
datasz = *sz * 1.001;
data = malloc(datasz);
if(data == 0) {
fprintf(stderr, "failed to allocate %d bytes\n", *sz);
return 0;
}
...
If it turns out that your machine has too small memory(unfortunately, which was also my case), you could unzip the file containing img files and flash system, boot and recovery images one by one. It's just the same.

great help
On the verge of flashing lolipop on my beloved n5, I got stuck with that stupid errror.
Thanks for the helpfull post.

downgrade to 4.4.4
just downgrade to 4.4.4 and then flash android 5.... mine worked....

FreakyTux said:
quite an old thread again, but replying anyway.
The "failed to allocate ***** bytes" message means that it failed on memory of your computer, not on the storage of your phone.
Code:
fastboot.c
...
void *unzip_file(zipfile_t zip, const char *name, unsigned *sz)
{
...
*sz = get_zipentry_size(entry);
datasz = *sz * 1.001;
data = malloc(datasz);
if(data == 0) {
fprintf(stderr, "failed to allocate %d bytes\n", *sz);
return 0;
}
...
If it turns out that your machine has too small memory(unfortunately, which was also my case), you could unzip the file containing img files and flash system, boot and recovery images one by one. It's just the same.
Click to expand...
Click to collapse
This was it! Thanks for posting!

Update ADB. That worked for me

same problem
i tried everything above but nothing works ..... can anyone help me out here

Alternate Way that always works..!!
1. Install TWRP recovery.
2. Mount USB Storage
3. Copy the system.img to phone storage
4. Select Install and then Select Install Image
5. Select the system.img file
6. Select partition as system
7. Confirm install
Done..
Korntoff said:
I was flashing my yakjuxw over to yakju, when fastboot started failing to load system.img.
I have tried 4.0.2 and 4.0.1. Every image except for system.img works.
Code:
[[email protected] yakju-itl41f]# fastboot flash system system.img
error: cannot load 'system.img'
And it doesn't work using the zip either;
Code:
[[email protected] yakju-itl41f]# fastboot update *.zip
archive does not contain 'boot.sig'
archive does not contain 'recovery.sig'
failed to allocate 325426112 bytes
error: update package missing system.img
I am running Archlinux.
Somewhere in the ./flash-all.sh script my ``sdcard'' was wiped, so I've lost my nandroid(s), but I can boot CWM from my PC. Help?
Click to expand...
Click to collapse

rakesh.aggarwal said:
1. Install TWRP recovery.
2. Mount USB Storage
3. Copy the system.img to phone storage
4. Select Install and then Select Install Image
5. Select the system.img file
6. Select partition as system
7. Confirm install
Done..
Click to expand...
Click to collapse
with lots of thanks and much love!! fixed my device yeeyyyy!!!!

[Q] Email Security patch removal for android 4.3 leaked ROM

Hi All ,
I have to remove the email security patch in stock leaked 4.3 ROM.
The instructions i followed are from this thread:
http://forum.xda-developers.com/showthread.php?t=1117452
But then i get the error '*** Unable to remount system partition for writing (are you root?).'.
Please find the log below.
Can some one please help if there is a .ZIP file available for the leaked version of 4.3.
Cleaning up ...
Waiting for USB connection...
Checking device...
Model: GT-N7100, build JSS15J.N7100XXUEMI6, android 4.3 (API Level 16)
/system mounted on /dev/block/mmcblk0p13, mode ro
checking root access. root uid: 0, secure: yes, busybox: no
Pulling app(s) ...
Can't find Email app. Enter the name of your Email apk or press <Enter> to exit:
secemail_j.apk
Pulling libs ...
Decompiling SecExchange.odex ...
Applying patch ...
Patching com/android/exchange/adapter/ProvisionParser.hasSupportablePolicySet()Z
Recompiling ...
Building SecExchange.apk ...
Updating device ...
*** Unable to remount system partition for writing (are you root?).
Debug log written to debug.log
Press any key to continue . . .

Problem rooting with XiaoMiTool V2

Hello everyone,
I tried to root my Mi Mix 2 with XiaoMiTool V2 but I have got a problem during the step of pushing file magisk_20.4.zip.
In the log, I can see :
[10:07:04][PSTA ][70c729f4] Start process (781): "C:\Xiaomi\XiaomiTool2\res\tools\adb.exe" "-s" "ebf1f094" "push" "C:\Xiaomi\XiaomiTool2\res\tmp\magisk_20.4.zip" "/sdcard/magisk_20.4.zip"
[10:07:05][PROC ][55e63029] Process (781) output: adb: error: failed to copy 'C:\Xiaomi\XiaomiTool2\res\tmp\magisk_20.4.zip' to '/sdcard/magisk_20.4.zip': remote couldn't create file: No such file or directory
[10:07:05][PROC ][55e63029] Process (781) output: C:\Xiaomi\XiaomiTool2\res\tmp\magisk_20.4.zip: 1 file pushed, 0 skipped. 48.9 MB/s (5942417 bytes in 0.116s)
[10:07:05][INFO ][70c729f4] Process (781) ended with exit code: 1, output len: 268
[10:07:05][ERROR ][70c729f4] Task error: exception: Failed to push file to the device: adb: error: failed to copy 'C:\Xiaomi\XiaomiTool2\res\tmp\magisk_20.4.zip' to '/sdcard/magisk_20.4.zip': remote couldn't create file: No such file or directory : AdbPushTask -> status: RUNNING
Can you help me ??
Thanks by advance !

Do you know an other way to root it easily ?
Thanks by advance.