Better Mobile App

boot.img unpacking question.

I can't seem to get the boot.img file to unpack, regardless of what tool I use or what os. I typically get the results below. the long term goal is to edit the boot.img to allow the next7p to use ext3 /system as opposed to cramfs, and give full read/write. It has been done by Wendal Chen on a different but similar tablet. (Both are rk29xx tablets.)
Any help would be appreciated.
I have been able to create a "custom" rom, which has root and SU, but you cannot write to the /system.
the boot.img from my custom rom is 598k The boot.img pulled from the tablet
is 4096K i get the same issues from both.
Code:
Welcome to the ZTE Racer kitchen by TigTex!
If you aren't using Windows XP, you might need to run this as admin
Make sure you have boot.img on the same folder as this file
Press 1 to decompress the ramdisk and kernel from boot.img
Press 2 to build the boot.img from the ramdisk folder and boot.img-kerne
Press q to exit
Type 1,2 or q and press ENTER: 1
Android Magic not found in boot.img. Giving up.
******kernel and ramdisk extracted!******
* Kernel is the "boot.img-kernel" file *
* Ramdisk is on gzip + cpio *
* YOU CAN ONLY EDIT RAMDISK ON LINUX *
* original img backed up as oldboot.img *
*****************************************
Press 1 to decompress the ramdisk and kernel from boot.img
Press 2 to build the boot.img from the ramdisk folder and boot.img-kerne
Press q to exit
Type 1,2 or q and press ENTER:
Ok so let's try the android kitchen
Here is the show boot.img information
Code:
Working folder's boot.img information
-------------------------------------
Kernel Size : 559903 bytes
Kernel Base Address : 0x00000000
Ramdisk Size : 2090599168 bytes
Ramdisk Load Address : 0x65545c0b
Second Stage Size : 779876570 bytes
Second Stage Load Address : 0xe1906573
Page Size : 84348953 bytes
ASCIIZ Product Name : (None)
Command Line: (None)
Press Enter to continue
And now the attempt to extract first using w option...
Code:
Working folder found
Android header not found at start of boot.img
Warning: Android header not located anywhere in boot.img
Kernel found at offset 84348953 in boot.img
Making folder BOOT-EXTRACTED ...
Extracting kernel ...
Extracting ramdisk ...
Error: No ramdisk folder found!
Press Enter to continue
Ok so lets try the other option in the menu.
Code:
Press Enter to continue
Android header not found at start of boot.img
Warning: Android header not located anywhere in boot.img
Kernel found at offset 84348953 in boot.img
Extracting kernel ...
Extracting ramdisk ...
Error: No ramdisk folder found!
Contents of bootimg_010612_234100:
total 0
-rw-r--r-- 1 0 2012-01-06 23:41 zImage
Press Enter to continue
The zImage file it writes is 0k in size.
Here is the first line from the boot.img looking at it in the hexeditor.
Code:
00000000 4b 52 4e 4c 3a 93 08 00 1f 8b 08 00 00 00 00 00 KRNL:"...<......
From what I have read the kernel is supposedly starting at 1f 8b.....
getting the error that the Ramdisk is not there, it is almost like it is not a complete boot.img file. More so if I look at boot.img in a hexeditor and lookup that address. (Sigh) I keep plugging away.
any help is appreciated.

Dochoppy said:
I can't seem to get the boot.img file to unpack, regardless of what tool I use or what os. I typically get the results below. the long term goal is to edit the boot.img to allow the next7p to use ext3 /system as opposed to cramfs, and give full read/write. It has been done by Wendal Chen on a different but similar tablet. (Both are rk29xx tablets.)
Any help would be appreciated.
I have been able to create a "custom" rom, which has root and SU, but you cannot write to the /system.
the boot.img from my custom rom is 598k The boot.img pulled from the tablet
is 4096K i get the same issues from both.
Code:
Welcome to the ZTE Racer kitchen by TigTex!
If you aren't using Windows XP, you might need to run this as admin
Make sure you have boot.img on the same folder as this file
Press 1 to decompress the ramdisk and kernel from boot.img
Press 2 to build the boot.img from the ramdisk folder and boot.img-kerne
Press q to exit
Type 1,2 or q and press ENTER: 1
Android Magic not found in boot.img. Giving up.
******kernel and ramdisk extracted!******
* Kernel is the "boot.img-kernel" file *
* Ramdisk is on gzip + cpio *
* YOU CAN ONLY EDIT RAMDISK ON LINUX *
* original img backed up as oldboot.img *
*****************************************
Press 1 to decompress the ramdisk and kernel from boot.img
Press 2 to build the boot.img from the ramdisk folder and boot.img-kerne
Press q to exit
Type 1,2 or q and press ENTER:
Ok so let's try the android kitchen
Here is the show boot.img information
Code:
Working folder's boot.img information
-------------------------------------
Kernel Size : 559903 bytes
Kernel Base Address : 0x00000000
Ramdisk Size : 2090599168 bytes
Ramdisk Load Address : 0x65545c0b
Second Stage Size : 779876570 bytes
Second Stage Load Address : 0xe1906573
Page Size : 84348953 bytes
ASCIIZ Product Name : (None)
Command Line: (None)
Press Enter to continue
And now the attempt to extract first using w option...
Code:
Working folder found
Android header not found at start of boot.img
Warning: Android header not located anywhere in boot.img
Kernel found at offset 84348953 in boot.img
Making folder BOOT-EXTRACTED ...
Extracting kernel ...
Extracting ramdisk ...
Error: No ramdisk folder found!
Press Enter to continue
Ok so lets try the other option in the menu.
Code:
Press Enter to continue
Android header not found at start of boot.img
Warning: Android header not located anywhere in boot.img
Kernel found at offset 84348953 in boot.img
Extracting kernel ...
Extracting ramdisk ...
Error: No ramdisk folder found!
Contents of bootimg_010612_234100:
total 0
-rw-r--r-- 1 0 2012-01-06 23:41 zImage
Press Enter to continue
The zImage file it writes is 0k in size.
Here is the first line from the boot.img looking at it in the hexeditor.
Code:
00000000 4b 52 4e 4c 3a 93 08 00 1f 8b 08 00 00 00 00 00 KRNL:"...<......
From what I have read the kernel is supposedly starting at 1f 8b.....
getting the error that the Ramdisk is not there, it is almost like it is not a complete boot.img file. More so if I look at boot.img in a hexeditor and lookup that address. (Sigh) I keep plugging away.
any help is appreciated.
Click to expand...
Click to collapse
Dsixda's kitchen has this feature, (un/re-pack) boot.img built in. Makes for very easy editing. Also helps for making your ROM.
Sent from my PC36100 using xda premium

jamieg71 said:
Dsixda's kitchen has this feature, (un/re-pack) boot.img built in. Makes for very easy editing. Also helps for making your ROM.
Sent from my PC36100 using xda premium
Click to expand...
Click to collapse
That's what he said he used, but the kitchen does not support boot.img of his device's format. A lot of the cheaper tablets use a special format but I have seen Wiki guides on how they are built and extracted.

Any chance you know a link to one of the guides? I will also start searching on like tablets.

Dochoppy said:
Any chance you know a link to one of the guides? I will also start searching on like tablets.
Click to expand...
Click to collapse
Google for the "cmp738a" by Craig. It's a really ****ty tablet that I owned for one day. It uses cramfs like yours, and there are some links on how to unpack and create a ROM. Use terms like "cmp738a unpack ROM"

Dsixda: First thanks for your kitchen tool really it is a great piece of work, I am sure you are under appreciated for it.
After you told me to do some searches I did, then I looked back over everything I had been reading.
I can say I feel like an idiot. I was letting the big picture blot out the details so to speak.
Almost literally all I had to do was remove 3-4 bytes from the header, and ungzip the file...cpio etc etc.
I was stuck in the train of thought that I had to "unpack the boot.img" file first, then ungzip it...

Dochoppy said:
Dsixda: First thanks for your kitchen tool really it is a great piece of work, I am sure you are under appreciated for it.
After you told me to do some searches I did, then I looked back over everything I had been reading.
I can say I feel like an idiot. I was letting the big picture blot out the details so to speak.
Almost literally all I had to do was remove 3-4 bytes from the header, and ungzip the file...cpio etc etc.
I was stuck in the train of thought that I had to "unpack the boot.img" file first, then ungzip it...
Click to expand...
Click to collapse
You mean it's like any other boot.img except for the extra bytes at the beginning and a different header (instead of "ANDROID!" - the actual header the kitchen looks for)?

Well yes and no. The kitchen still does not extract the boot.img correctly, zImage is created as a 0k file, and the ramdisk is still not extracted.

Ok I am still missing something here.

Ok I am still missing something here.
dsixda-
Could you take a look at the boot.img file and tell me what I may be missing?
http://www.mediafire.com/?n9an9o5vmjida1c
I would appreciate it very much.

Dochoppy said:
Ok I am still missing something here.
dsixda-
Could you take a look at the boot.img file and tell me what I may be missing?
http://www.mediafire.com/?n9an9o5vmjida1c
I would appreciate it very much.
Click to expand...
Click to collapse
It's not going to work in the kitchen, what are you trying to do? It is missing the "ANDROID!" magic header and the rest of the file is in a garbled format. You'll need to Google for the solution for your device. I can't offer much help, sorry.

I understand that much. When you do a file boot.img command in linux it just comes back as DATA.
I'm not so much concerned with being able to use the kitchen on it as just being able to unpack and pack the file correctly, and completely.
Thanks for taking a peak at it.

Can you upload to dropbox and let me know. I was working on an experimental tool to do this, so an unknown device would be good to check.. I might be some time in getting back to you though
Sent from my HTC Desire using Tapatalk

Droidzone-
Drop box link
http://dl.dropbox.com/u/56600275/boot.img
Media fire link if that doesn't work.
http://www.mediafire.com/?n9an9o5vmjida1c
Thanks for taking a peak.

Could you also provide the full name of the tablet, manufacturer, and possibly a link to the device?

The tablet in question is the nextbook 7 premium
marketed in the US by E-fun. Website is www.nextbookusa.com
on the front of the page there is a link to the latest firmware which the current version of DocHoppy Rom is based on.
Thanks again for taking a peak at it.
I know this much, the boot.img file it's self once unpacked from the update.img file
is a gziped cpio file, with odd header and footer bits. I have been able to unpack the file (removing header info to make it gzip recognizable), and then using 7zip of all things to unpack the cpio portion. That is where I get hung up at. I need to unpack it correctly so it can be rebuilt correctly. By doing it the way I have, you can't rebuild the file properly.

Update:
After alot of research, and trial and error, I was able to correctly unpack and repack the boot.img. I flashed the repack to my tablet, and successfully booted.
Next step is to modify init.rc and convert /system to ext3.
I will keep you posted.

Do document what you did so that it helps someone else later
Sent from my HTC Desire using Tapatalk

I'm having a similar problem, posted about here. I don't understand why the Android magic number isn't making it into my kernel. I thought the kernel compile would be straightforward, but sheesh...

Dochoppy said:
Update:
After alot of research, and trial and error, I was able to correctly unpack and repack the boot.img. I flashed the repack to my tablet, and successfully booted.
Next step is to modify init.rc and convert /system to ext3.
I will keep you posted.
Click to expand...
Click to collapse
Hi, i am trying to extract a boot.img without the Android header too. What have you done to extract it?
Regards.

[Dev] Kboot release (Stable), boot multiple kernel/os

Hi,
Here a release of kboot.
Kboot permit to boot multiple os with different kernel.
It's based on a buildroot environment.
The source to make your own kboot filesystem are available here
The kernel source are available here
You can download the install archive :
ARCHIVE VERSIONS
0.0. Unstable release. Freeze bug. Install release ARCHIVE (Obsolete)
0.1. Fix freeze. Python bytecode generation (pyc files) is naturally not friend with squashfs. Install release ARCHIVE (Obsolete)
0.2. STABLE Release. Display timeout, migration from squashfs to initramfs. Install release ARCHIVE
The archive looks like :
zImage and initramfs.cpio.gz to flash in SDE menu
a directory kboot which contain:
conf directory : configuration file
os directory : os to boot
images directory : background menu image
Installation
Kboot directory
Copy the kboot directory on your archos in /mnt/storage/, you should have this path /mnt/storage/kboot. The path should be exactly the same otherwise kboot will not be launched
Flash zImage and initramfs.cpio.gz
Follow this link to setup SDE on your archos http://forum.xda-developers.com/showthread.php?t=930197
After Reboot
You should have the following screen. Note: after installing Kboot the device permanently reboot in Kboot.
The main menu will display the os put in os directory (see in Configuration OS boot menu to see how to include your os), advanced menu and halt.
Boot menu
OS boot menu
I have tried to make things simple. To add an OS, all you need is to create a directory in /mnt/storage/kboot/os/ and put in this newly created directory the files zImage and initramfs.cpio.gz.
Important, the name should be exactly zImage and initramfs.cpio.gz, if one file is missing or misnamed the menu item don't appear
For example, the menu above have the following content in /mnt/storage/kboot/os :
Code:
/mnt/storage/kboot/os/Android Froyo:
drwxrwxrwx 2 2000 2000 4096 Feb 27 23:42 .
drwxrwxrwx 5 2000 2000 4096 Feb 28 15:02 ..
-rw-rw-rw- 1 2000 2000 726520 Feb 27 23:39 initramfs.cpio.gz
-rw-rw-rw- 1 2000 2000 2564460 Feb 27 23:39 zImage
/mnt/storage/kboot/os/Android Honeycomb:
drwxrwxrwx 2 2000 2000 4096 Feb 27 16:46 .
drwxrwxrwx 5 2000 2000 4096 Feb 28 15:02 ..
-rw-rw-rw- 1 2000 2000 0 Feb 27 13:42 initramfs.cpio.gz
-rw-rw-rw- 1 2000 2000 0 Feb 27 13:42 zImage
/mnt/storage/kboot/os/UrukDroid 1.6:
drwxrwxrwx 2 2000 2000 4096 Feb 28 15:03 .
drwxrwxrwx 5 2000 2000 4096 Feb 28 15:02 ..
-rw-rw-rw- 1 2000 2000 2874800 Jan 3 19:41 initramfs.cpio.gz
-rw-rw-rw- 1 2000 2000 2302252 Jan 3 19:26 zImage
Note : for specific kernel you can add a file named cmdline containing kernel parameters
Advanced boot menu
Boot init : boot into android, if android kernel was uninstalled, this item didn't appear
Boot recovery : boot into recovery
Soft boot : For details about omap soft reboot see the discussion here
Configuration
There is a configuration file in kboot/conf directory named config.ini. This file is divided into 3 section
init
telnet : 1 to enable telnet, 0 to disable
usbip : set the ip address of usb ethernet interface
Code:
[init]
telnet = 1
usbip = 192.168.10.1
kboot
last_selection : enable (1) or disable (0) the boot by default of the last selectioned entry after a configured timeout
last_selection_timeout : timeout in second
softboot : enable or disable softboot menu
title_font_size : set the title font size
menu_font_size : set the menu font size
title_color : title color in r,g,b format
menu_item_color : menu unselected color in r,g,b format
menu_item_selected_color : menu selected color in r,g,b format
Code:
[kboot]
# boot last selection if no key pressed after 30 seconds
last_selection = 1
last_selection_timeout = 30
# enable soft boot menu (bootloader dev only)
softboot = 1
# some tuning
title_font_size = 36
menu_font_size = 32
# change the color, R,G,B format
title_color = 255,255,255
menu_item_color = 92,97,98
menu_item_selected_color = 0,0,255
softboot
item<n> : the boot sequence wanted
Code:
[softboot]
# put a list of items to display in Soft boot menu
# item<n> = sequence
item1 = uart,usb,mmc1,mmc2
item2 = uart,usb
item3 = mmc1,mmc2
background image
To customize the background image, just replace the file kboot/images/bkg.png with your own and adapt if necessary the size and the font color.
BUGS
Feedbacks are welcome

Cool stuff bro!

Unfortunately it's not working on the A70S, as we only have 800x480 and therefor need a diff picture.

It seems to be good.I have tested it on my A101 and it can boot both openaos and urukdroid.
Thanks.
EDIT:Sorry, Urukdroid cannot boot.It stay at the boot animationan and always show that.

fzelle said:
Unfortunately it's not working on the A70S, as we only have 800x480 and therefor need a diff picture.
Click to expand...
Click to collapse
As an early release I didn't take the time to put the different resolution. The background image have a 1500x1200 resolution, so on 101 it didn't display right too. However kboot adapt resolution for corresponding board. kboot didn't boot on 70s or display wrong the background image ?
MarsCarmen said:
EDIT:Sorry, Urukdroid cannot boot.It stay at the boot animationan and always show that.
Click to expand...
Click to collapse
I have to test urukdroid on mine.

The menu is not readable because the resolution adaption is not doing what it should do.

fzelle said:
The menu is not readable because the resolution adaption is not doing what it should do.
Click to expand...
Click to collapse
I have uploaded a new archive here.
Replace rootfs.squashfs with the new one. Fixed : resolution was wrong for 70S and 70H*.
The zImage in new archive should be flashed, it seems to fix the random freeze.

MarsCarmen said:
EDIT:Sorry, Urukdroid cannot boot.It stay at the boot animationan and always show that.
Click to expand...
Click to collapse
I have to say sorry again that Kboot can boot Urukdroid properly.It was because I copied my backup file to my archos by using MY PC.That is why I cannot boot urukdroid.Maybe I didn't find the real cause. I'm now using Kboot to boot Urukdroid and Openaos.
Really very well!!
Sorry For My Bad English

@alephzain:
Copied the whole kboot dir and flashed the new initrams and zimage.
Looks still as before.

fzelle said:
@alephzain:
Copied the whole kboot dir and flashed the new initrams and zimage.
Looks still as before.
Click to expand...
Click to collapse
. Kernel natively support usb gadget ethernet, when kboot is launched a telnetd is started, an interface usb0 is configured with ip address 192.168.10.1.
if you are on linux it should automatically detect this and on your pc an ifconfig let appear usb0 interface. On your pc type :
Code:
ifconfig usb0 192.168.10.2 netmask 255.255.255.0 up
telnet -l root 192.168.10.1
.
If you can paste a ps output, to see if it detect you board correctly.

Found a Live Linux to use in a vm.
ps output starts with :
{init} /bin/sh /init A70S 07 /dev/mmcblk1p1 /dev/mmcblk0p1

fzelle said:
Found a Live Linux to use in a vm.
ps output starts with :
{init} /bin/sh /init A70S 07 /dev/mmcblk1p1 /dev/mmcblk0p1
Click to expand...
Click to collapse
Its fixed now . Replace rootfs by this one

alephzain said:
Its fixed now . Replace rootfs by this one
Click to expand...
Click to collapse
Please adapt the first post also so that future users have the correct files.
Maybe add a version number....
---------- Post added at 04:27 PM ---------- Previous post was at 04:12 PM ----------
This may be a stupid question but why do you need a squashed fs that contains (when unsquashed) about 30Mb on files including python?
it should be possible to trim that down and put all the scripts and support libs in the initramfs so that you only need to flash the kernel and initramfs and nothing else.

Working now.
If now someone could come with the possibility for booting older stock FW,
would be great.

fzelle said:
Working now.
If now someone could come with the possibility for booting older stock FW,
would be great.
Click to expand...
Click to collapse
Not really possible because the stock firmware (initramfs) always uses the same location for the root file system.
You could do it but it needs some changes to the initramfs that is placed in the dirs.

wdl1908 said:
This may be a stupid question but why do you need a squashed fs that contains (when unsquashed) about 30Mb on files including python?
it should be possible to trim that down and put all the scripts and support libs in the initramfs so that you only need to flash the kernel and initramfs and nothing else.
Click to expand...
Click to collapse
Files on first post have been updated, but you're right a better presentation to avoid confusion is necessary.
Simply because I use python (pygame which use sdl) to code Kboot. Python lib dir is about 13M ... . A minimal filesystem (compressed initramfs) for kboot work is about 8M + ~2M for the kernel give 10M, and it's too big to flash in SDE max 8M. But if i can optimize the size ... I will do

alephzain thanks for the sources on gitorious, I hope I have some time in the weekend to try it out
divx118

@divx118:
And could you then make a initramfs.cpio.gz that direktly boots into CM7?

Hi,
im just about testing...
But sadly I can't get it to work.
Each time the menu starts up i can navigate nicely though the menues.
But whenever I select an entry - noting happens
After that I can still navigate ONCE (up or down) to the next entry and then the device freezes.
It doesn't matter wich entry i select as it seems. I tested Boot init, and my custom entries (UrukDroid and BullRC) yet. But all behave the same.
Any ideas ?
Btw: I tested it with the acutal squashfs and the one packed in the zip (even they seemed to be the same in size)
EDIT:
SOLUTION: I had usb cable attached (since flash) and that made it freeze - juts removed the cable and all is fine
Thanks and gr8 work - was looking for this since ages

fzelle said:
@divx118:
And could you then make a initramfs.cpio.gz that direktly boots into CM7?
Click to expand...
Click to collapse
Yes, no problem.

Need help analyzing a boot.img

Hi there!
Currently I am trying to extract and modify a boot.img from my car stereo (to set ro.secure=0 in default.prop - its a AV7) from MIC. ( http://www.shop.mic-deutschland.de/shop/article_W005/AV7.html?shop_param=cid=6&aid=W005& )
I did my exercises by studying the specs of a normal boot.img and learned that there should be a 2k header, followed by the gzipped kernel. I should be able to identify the kernel starting after those 2k of header and ending with some zeros finished with 1F 8B. The rest should be the ramdisk, gzipped and cpioed.
So far the theory - but apparently, I am not able to extract the kernel. I also tried some different scripts floating around - none of them ended up with an extractable kernel.
Example:
/unpackbootimg -i ../boot.img -o .
BOARD_KERNEL_CMDLINE
BOARD_KERNEL_BASE e3e0ff00
BOARD_PAGE_SIZE 1768697202
-> Kernel size 0, pretty everything ends up in the ramdisk which is NOT a gzip file.
This is the boot.img: http://ul.to/ivggomon
So you see me pretty clueless at the moment - any suggestion is highly appreciated!

Noone any idea?

unmkbootimg output:
Code:
unmkbootimg version 1.2 - Mikael Q Kuisma <[email protected]>
File ../boot.img not a plain boot image, seeking for embedded image ... not found.
boot_info (from bootimg_Toolset):
.
Code:
/boot_info ../boot.img
Android Magic not found in ../boot.img. Giving up.

The hread may be deleted. It was a uImage multi file with a gzipped cpio in it...

[UNBRICK][NEED HELP]GPT partition table (Desire 610/612)

Well , I found a python script that can make the gpt.bin(or partitions.bin) file I need to make gpt partition table.
Just Need someone who have well working device and a computer running linux.
I last the script end of this tread.
Would Anyone like to give me a lift?
How To:
1. You should have a well-working htc desire 610/612 phone.(ROOTED)
2..Download that script named mkpartition0_bin.py I last at end.
3.Connect your phone, make sure you have adb (android-tools) running corrctly.
4.cd to your work directory and type:
Code:
python ./mkpartition0_bin.py
Then you'll find it at your device's sdcard root dir.
Some issues:
1.I found error when I running this script:
Code:
[[email protected] create]$ ./mkpartition0_bin.py
1+0 records in
1+0 records out
512 bytes transferred in 0.001 secs (512000 bytes/sec)
Traceback (most recent call last):
File "./mkpartition0_bin.py", line 54, in <module>
mbr()
File "./mkpartition0_bin.py", line 17, in mbr
partition = dict(zip(('boot', 'id', 'start', 'size'), unpack('4I', buf)))
struct.error: unpack requires a string argument of length 16
2.Another Issue is that this script requires device is rooted.
But I think sometimes it isn't touchable.
Code:
dd if=/dev/block/mmcblk0 of=/cache/partition0.bin bs=512 count=1
dd: /dev/block/mmcblk0: Permission denied
ANYWAY, Thank for all.
==============================================================
Hi guys.
I've got a hard brick with my htc Desire 612 , which I think is same as 610.
1. I got the "cat /proc/xxx" info with a thread I found in XDA ( I left it here).
2. I have got Qualcomm .mbn files :
mprg8x26.mbn, prog_firehose_8x26.mbn
and so on.
left this thread.
3.I would use QFIL but less rawprogram0.xml and patch0.xml.
I found I can get them two with partition.xml and ptool.py .
So , I just need to create a partition.xml with this tread :
https://androidforums.com/threads/guide-how-to-create-partition-xml-gpt.1125433/
But when I unpacked the rom.zip from RUU , USING THIS TOOL :
https://forum.xda-developers.com/chef-central/android/tool-universal-htc-ruu-rom-decryption-t3382928
I CANNOT Found the gpt_main_xx.img , which is a gpt partition table I need to create partition.xml .

Here are my files you guys might need.
contents:
create.zip:
partition.xml (template)
partitions table.txt (Info)
PartitioningTool.py (This script parses "partition.xml" and creates numerous output files specifically, partition.bin, rawprogram.xml)
Partition_xml-Generator-Spreadsheet.ods (sheet to generate partition.xml from gpt.bin)
THANKS ALL!

[DEV][WIN/LINUX] Amlogic Kitchen

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Disclaimer:​
The user takes sole responsibility for any damage that might arise due to use of this tool.
This includes physical damage (to device), injury, data loss, and also legal matters.
This project was made as a learning initiative and the developer or organization cannot be held liable in any way for the use of it.
Click to expand...
Click to collapse
Kitchen for working with Amlogic firmware​Used for unpacking/packing amlogic images
Supported features
Unpack/repack Amlogic images
Unpack/repack partitions (system,product,system_ext,oem and odm)
Create flashable zip from amlogic image
Unpack/repack recovery,boot,logo and dtb
Create aml image from supported flashable zips
Support for super image unpack/repack
Dump os from device through /mask mode
Note:
Ignore some errors with dtb (some conditions are missing), decompiling/compiling dtb should work fine.
This tool is tested only in some firmwares and devices.
Theres no guarantee that packed flashable zips or amlogic images will flash successfully.
TODO:
....
Download : https://github.com/althafvly/AmlogicKitchen
Report issues: https://github.com/althafvly/AmlogicKitchen/issues
Flash-tool : https://github.com/althafvly/aml-flash-tool (Use Amlogic USB Burning Tool on windows)
Credits:​
Base kitchen (vtx_kitchen) - Vortex
gnuwin32 and cygwin for linux binary ports
aml update tool - osmc
7-Zip - Igor Pavlov
ImgExtractor - unix3dgforce, blackeange and xiaoxindada
AIK - osm0sis
SuperImage tools - LonelyFool
Aml dtb, unpack tools - LineageOS
simg2img - anestisb
img2sdat, sdat2img - xpirt
simg2img - A.S._id
let me know if i missed anyone
Contribution:
If you want to contribute or fix something i broke, just fork and give a pull request with your changes
Support:
XDA is preferred for main discussion. But if you need any other support, check support group.

Reserved

How can I download it? It seems very similar to Vortex's kitchen.

kalehrl said:
How can I download it? It seems very similar to Vortex's kitchen.
Click to expand...
Click to collapse
You can clone the repo or download as zip from github. Yes this was done on top of vtx_kitchen

I just tried it. I unpacked level1 fine. When I tried level2, the terminal window didn't open. I realised I needed python for Windows so I installed it and level2 unpacked fine. Maybe add a notification to install Python. Level3 unpacked boot, logo and recovery but no dtb:
Spoiler: level3
1 file(s) copied.
Android Image Kitchen - UnpackImg Script
by osm0sis @ xda-developers
Supplied image: recovery.img
Setting up work folders . . .
Image type: AOSP
Splitting image to "split_img/" . . .
ANDROID! magic found at: 0
BOARD_KERNEL_CMDLINE androidboot.dtbo_idx=0 --cmdline root=/dev/mmcblk0p18 buildvariant=userdebug
BOARD_KERNEL_BASE 0x01078000
BOARD_NAME
BOARD_PAGE_SIZE 2048
BOARD_HASH_TYPE sha1
BOARD_KERNEL_OFFSET 0x00008000
BOARD_RAMDISK_OFFSET 0xfff88000
BOARD_SECOND_OFFSET 0xffe88000
BOARD_TAGS_OFFSET 0xfef88100
BOARD_OS_VERSION 9.0.0
BOARD_OS_PATCH_LEVEL 2018-08
BOARD_HEADER_VERSION 1
BOARD_RECOVERY_DTBO_SIZE 438
BOARD_RECOVERY_DTBO_OFFSET 15835136
BOARD_HEADER_SIZE 1648
Unpacking ramdisk to "ramdisk/" . . .
Compression used: gzip
20266 blocks
Done!
Failed
1 dir(s) moved.
1 dir(s) moved.
1 file(s) copied.
Android Image Kitchen - UnpackImg Script
by osm0sis @ xda-developers
Supplied image: boot.img
Setting up work folders . . .
Image type: AOSP
Splitting image to "split_img/" . . .
ANDROID! magic found at: 0
BOARD_KERNEL_CMDLINE androidboot.dtbo_idx=0 --cmdline root=/dev/mmcblk0p18 buildvariant=userdebug
BOARD_KERNEL_BASE 0x01078000
BOARD_NAME
BOARD_PAGE_SIZE 2048
BOARD_HASH_TYPE sha1
BOARD_KERNEL_OFFSET 0x00008000
BOARD_RAMDISK_OFFSET 0xfff88000
BOARD_SECOND_OFFSET 0xffe88000
BOARD_TAGS_OFFSET 0xfef88100
BOARD_OS_VERSION 9.0.0
BOARD_OS_PATCH_LEVEL 2018-08
BOARD_HEADER_VERSION 1
BOARD_HEADER_SIZE 1648
Warning: No ramdisk found to be unpacked!
Done!
Failed
1 dir(s) moved.
1 dir(s) moved.
dbg:res-img ver is 0x2
dbg:item level3\logo/bootup
dbg:item level3\logo/bootup_X3
dbg:item level3\logo/upgrade_bar
dbg:item level3\logo/upgrade_error
dbg:item level3\logo/upgrade_fail
dbg:item level3\logo/upgrade_logo
dbg:item level3\logo/upgrade_success
dbg:item level3\logo/upgrade_unfocus
dbg:item level3\logo/upgrade_upgrading
FATAL ERROR: Blob has incorrect magic number
Done.
Press any key to continue . . .
I tried _pack_zip_to_aml.bat but it says to install python from Microsoft store. I uninstalled the existing python, installed python 3.10 from MS store but it still doesn't work.

kalehrl said:
I just tried it. I unpacked level1 fine. When I tried level2, the terminal window didn't open. I realised I needed python for Windows so I installed it and level2 unpacked fine. Maybe add a notification to install Python. Level3 unpacked boot, logo and recovery but no dtb:
Spoiler: level3
1 file(s) copied.
Android Image Kitchen - UnpackImg Script
by osm0sis @ xda-developers
Supplied image: recovery.img
Setting up work folders . . .
Image type: AOSP
Splitting image to "split_img/" . . .
ANDROID! magic found at: 0
BOARD_KERNEL_CMDLINE androidboot.dtbo_idx=0 --cmdline root=/dev/mmcblk0p18 buildvariant=userdebug
BOARD_KERNEL_BASE 0x01078000
BOARD_NAME
BOARD_PAGE_SIZE 2048
BOARD_HASH_TYPE sha1
BOARD_KERNEL_OFFSET 0x00008000
BOARD_RAMDISK_OFFSET 0xfff88000
BOARD_SECOND_OFFSET 0xffe88000
BOARD_TAGS_OFFSET 0xfef88100
BOARD_OS_VERSION 9.0.0
BOARD_OS_PATCH_LEVEL 2018-08
BOARD_HEADER_VERSION 1
BOARD_RECOVERY_DTBO_SIZE 438
BOARD_RECOVERY_DTBO_OFFSET 15835136
BOARD_HEADER_SIZE 1648
Unpacking ramdisk to "ramdisk/" . . .
Compression used: gzip
20266 blocks
Done!
Failed
1 dir(s) moved.
1 dir(s) moved.
1 file(s) copied.
Android Image Kitchen - UnpackImg Script
by osm0sis @ xda-developers
Supplied image: boot.img
Setting up work folders . . .
Image type: AOSP
Splitting image to "split_img/" . . .
ANDROID! magic found at: 0
BOARD_KERNEL_CMDLINE androidboot.dtbo_idx=0 --cmdline root=/dev/mmcblk0p18 buildvariant=userdebug
BOARD_KERNEL_BASE 0x01078000
BOARD_NAME
BOARD_PAGE_SIZE 2048
BOARD_HASH_TYPE sha1
BOARD_KERNEL_OFFSET 0x00008000
BOARD_RAMDISK_OFFSET 0xfff88000
BOARD_SECOND_OFFSET 0xffe88000
BOARD_TAGS_OFFSET 0xfef88100
BOARD_OS_VERSION 9.0.0
BOARD_OS_PATCH_LEVEL 2018-08
BOARD_HEADER_VERSION 1
BOARD_HEADER_SIZE 1648
Warning: No ramdisk found to be unpacked!
Done!
Failed
1 dir(s) moved.
1 dir(s) moved.
dbg:res-img ver is 0x2
dbg:item level3\logo/bootup
dbg:item level3\logo/bootup_X3
dbg:item level3\logo/upgrade_bar
dbg:item level3\logo/upgrade_error
dbg:item level3\logo/upgrade_fail
dbg:item level3\logo/upgrade_logo
dbg:item level3\logo/upgrade_success
dbg:item level3\logo/upgrade_unfocus
dbg:item level3\logo/upgrade_upgrading
FATAL ERROR: Blob has incorrect magic number
Done.
Press any key to continue . . .
I tried _pack_zip_to_aml.bat but it says to install python from Microsoft store. I uninstalled the existing python, installed python 3.10 from MS store but it still doesn't work.
Click to expand...
Click to collapse
i have made some changes now. download or pull from git and check. fixed python missing error not showing in windows. if its still not extracting your dtb then, link me you firmware or _aml_dtb.PARTITION

I reinstalled Python but this time I selected 'add to path' option which is not selected by default. _pack_zip_to_aml.bat now works but I didn't try the resulting image. DTB still isn't extracted with the updated version of the tool. Vortex's kitchen extracts it fine.
I tried to test the image I made from ota.zip and when I try to unpack level2, I get this error while extracting odm partition while other partitions extract fine. Maybe because my ota.zip is encrypted so maybe you can add some type of detection.Vortex''s edition also errors out when unpacking odm with the same error.
Spoiler: log
.....................
Amlogic Kitchen
.....................
Select level 1,2 or 3: 2
Python 3.10.2
imgextractor: Vortex Edition
Traceback (most recent call last):
File "imgextractor.py", line 374, in <module>
File "imgextractor.py", line 360, in main
File "imgextractor.py", line 346, in __getTypeTarget
File "imgextractor.py", line 338, in checkSignOffset
OSError: [WinError 8] Not enough memory resources are available to process this command
[2700] Failed to execute script imgextractor
imgextractor: Vortex Edition
Convert product.PARTITION to product.raw.img
Extraction from product.PARTITION to product
imgextractor: Vortex Edition
Convert vendor.PARTITION to vendor.raw.img
Extraction from vendor.PARTITION to vendor

kalehrl said:
I reinstalled Python but this time I selected 'add to path' option which is not selected by default. _pack_zip_to_aml.bat now works but I didn't try the resulting image. DTB still isn't extracted with the updated version of the tool. Vortex's kitchen extracts it fine.
I tried to test the image I made from ota.zip and when I try to unpack level2, I get this error while extracting odm partition while other partitions extract fine. Maybe because my ota.zip is encrypted so maybe you can add some type of detection.Vortex''s edition also errors out when unpacking odm with the same error.
Spoiler: log
.....................
Amlogic Kitchen
.....................
Select level 1,2 or 3: 2
Python 3.10.2
imgextractor: Vortex Edition
Traceback (most recent call last):
File "imgextractor.py", line 374, in <module>
File "imgextractor.py", line 360, in main
File "imgextractor.py", line 346, in __getTypeTarget
File "imgextractor.py", line 338, in checkSignOffset
OSError: [WinError 8] Not enough memory resources are available to process this command
[2700] Failed to execute script imgextractor
imgextractor: Vortex Edition
Convert product.PARTITION to product.raw.img
Extraction from product.PARTITION to product
imgextractor: Vortex Edition
Convert vendor.PARTITION to vendor.raw.img
Extraction from vendor.PARTITION to vendor
Click to expand...
Click to collapse
i have pushed a fix for dtb now. odm error is mostly because its an empty partition

2 other kitchens extract the odm partition just fine. The one from CRB: https://forum.xda-developers.com/t/tool-windows-kitchen-crb-v3-0-0-beta14.3947779/ and another one from a Russian developer from 4pda. The partition isn't empty. How does this kitchen handle encrypted partitions? I think in the ota.zip I mentioned, boot and dt.img are encrypted. Vortex's kitchen recognises encrypted partitions and they have .enc suffix at the end. I tested with encrypted factory img for X99 Max + box.

kalehrl said:
2 other kitchens extract the odm partition just fine. The one from CRB: https://forum.xda-developers.com/t/tool-windows-kitchen-crb-v3-0-0-beta14.3947779/ and another one from a Russian developer from 4pda. The partition isn't empty. How does this kitchen handle encrypted partitions? I think in the ota.zip I mentioned, boot and dt.img are encrypted. Vortex's kitchen recognises encrypted partitions and they have .enc suffix at the end. I tested with encrypted factory img for X99 Max + box.
Click to expand...
Click to collapse
i havent tried any firmware with encrypted partitions yet. i will check soon

I can send you my ota.zip if you need it. Here you can find X99 max plus firmware: http://geekbuying.mediafire.com/fil...3_d4_sp6330_100m_20200917_r1(x99max+).7z/file

kalehrl said:
I can send you my ota.zip if you need it. Here you can find X99 max plus firmware: http://geekbuying.mediafire.com/fil...3_d4_sp6330_100m_20200917_r1(x99max+).7z/file
Click to expand...
Click to collapse
Now you can extract odm. i was using an old binary from Vortex. now using python script, same as linux one. and
i think your dtb is encrypted, not sure. im not able extract yours. i can extract meson1 (also dtb). added support for that.

The dtb I attached is not encrypted. It is from a SlimBox custom rom. I will send you the link to my ota.zip in which some files are encrypted, probably boot.img and dt.img. Other files should be fine.
EDIT: With the new version, dtb is decompiled successfully

althafvly said:
Dump os from device through adb/flash/mask mode
Click to expand...
Click to collapse
I've stumbled upon an interesting script for dumping fw via adb from [email protected] I think. Maybe I can send it to you to have a look and improve on it and make it available on github.

It seems that it doesn't extract Android 7.1 images correctly.
system/usr folder isn't extracted and the terminal window closes prematurely.
I tried this image which extracts fine with another tool:
0 byte folder on MEGA
mega.nz

New changes
- Allow user to select vortex/python for extracing firmware in windows
- Added support to dump firmware from mask mode
- Added support for firmwares with super.img
Note: i have only test this in some firmware/device. report if theres any issues.

Create flashable zip from amlogic image
i created a zip can I flash this with or without wiping anything in twrp ?
failed with error 6

cali.s said:
Create flashable zip from amlogic image
i created a zip can I flash this with or without wiping anything in twrp ?
failed with error 6
Click to expand...
Click to collapse
Not sure which device and firmware your are talking about. Its better if you wipe before flashing and its best to flash amlogic image if you have one.

I tried to dump_to_aml.sh Android 6 image but it failed:
[email protected]:/home/kalehrl/Templates/android/AmlogicKitchen# ./dump_to_aml.sh
Code:
.....................
Amlogic Dumper
.....................
Unpacking system
Repacking system
Repacking boot
Repacking recovery
Repacking logo
Enter a name for aml package:
ott
[ERR]f(AmlImagePack.cpp)L1312:Open pack image out/ott.img failed
Image pack FAILED
.....................
Done.
I can send you my TWRP backup of the original iamge to try if you have time.

kalehrl said:
I tried to dump_to_aml.sh Android 6 image but it failed:
[email protected]:/home/kalehrl/Templates/android/AmlogicKitchen# ./dump_to_aml.sh
Code:
.....................
Amlogic Dumper
.....................
Unpacking system
Repacking system
Repacking boot
Repacking recovery
Repacking logo
Enter a name for aml package:
ott
[ERR]f(AmlImagePack.cpp)L1312:Open pack image out/ott.img failed
Image pack FAILED
.....................
Done.
I can send you my TWRP backup of the original iamge to try if you have time.
Click to expand...
Click to collapse
dump to aml script isn't ready yet. Im still testing it. I will check on free time. This error is because script isn't able to create ott.img. Try different name or close any apps which using that ott.img file.