This is a Development project for the LG V20
THIS IS NOT A QUESTIONS AND ANSWERS PAGE!
Developers only please as this is just to share progress on this project,
as well as looking for outside help and insight into this long lost idea.
Okay now the fun stuff,
What im working on is building a CUSTOM KDZ for LGUP / LGUPPERCUT/ LGFLASHTOOL ETC
The reasoning being that the LG LS997 and ATT variants will not be getting a KDZ for their devices, meaning some things we would like to have just aren't ever coming... In the past weeks it become more of concern as newer software is launching and the latest software that has been launching WILL block the latest root method for our beloved LG V20's.
This is no guarentee to pan out, and is a long way from being a complete build, but im getting the understanding of the process and files down as I go. Learning as im working per-say =)
Items i'm using to create the KDZ
http://lg-firmwares.com/category/lg-series/lg-v20/ ( All Aval. Kdz For V20)
https://forum.xda-developers.com/showthread.php?t=2600575
https://forum.xda-developers.com/showthread.php?t=2483250
of course notepadd ++ a hex editor, a magic iso style program and a few other tools for packing and unpacking like 7zip etc..
im going to start a GET for the project and add on the links and peices i have worked on.
The 1st tool atleast allows me to see what partial bin files match their perspective halfs, and the extraction and break down process its using to get these files. MY hopes is to repalce a VS996 KDZ with the sprint files, re-roll her up nice and tight and push her to my device and hope she dosn't turn into a note 7 and burn my home down, but even that would be a achievement of itself.
so here it is guys, the begining to something we've all wondered but have never really seen be done. Anyone wana help?
lmk and ill gladly share ideas and work as closely with you as i can.
Email for Google Hangouts - [email protected]
XDA:DevDB Information
KDZ Creator, Tool/Utility for the LG V20
Contributors
Team DevDigitel
Version Information
Status: Testing
Created 2017-03-22
Last Updated 2017-03-22
Okay so this is the Flow of how the KDZ is put together
KDZ is a FINAL PRODUCT (A)
The KDZ breaks down into 3 parts
This will be called part (B)
VS99513A04.dz ; LGUPc.dll ; LGUPc.dylib ;
This is the read out of the kdz and how it located these files:
Code:
found file VS99513A04.dz
byte read position 825
byte read position 826
found file LGUPc.dylib
found file LGUPc.dll
byte read position 280
byte read position 284
byte read position 280
byte read position 281
found file VS99513A04.dz
At this point the tool needs to have the .dz file loaded up to break it down further.
below will be considered part (C)
The .dz is the gold mine, its everything we need, the kdz just has the dll files to allow LGUP to push the files back to the phone and verify its creds. The ultimate scope of work is at this point C further and getting things back to this point at the end to zip it back up and flash it! Keeping up still? Okay lets look at the .dz broken down now.
Code:
.
BackupGPT_20436.bin
PrimaryGPT_6.bin
BackupGPT_20435.bin
PrimaryGPT_5.bin
BackupGPT_593874.bin
msadp_58950.bin
apdp_58822.bin
cmnlib64bak_58694.bin
cmnlib64_58566.bin
cmnlibbak_58438.bin
cmnlib_58310.bin
keymasterbak_58182.bin
keymaster_58054.bin
sec_57926.bin
modem_35910.bin
devcfgbak_35878.bin
devcfg_35846.bin
pmicbak_35718.bin
pmic_35590.bin
hypbak_35462.bin
hyp_35334.bin
rpmbak_35206.bin
rpm_35078.bin
raw_resourcesbak_34054.bin
raw_resources_33030.bin
abootbak_32518.bin
aboot_32006.bin
tzbak_31494.bin
tz_30982.bin
recoverybak_20614.bin
recovery_10246.bin
boot_6.bin
PrimaryGPT_4.bin
BackupGPT_20433.bin
PrimaryGPT_3.bin
BackupGPT_20432.bin
xbl2bak_774.bin
xbl2_6.bin
PrimaryGPT_2.bin
BackupGPT_40911.bin
xblbak_774.bin
xbl_6.bin
PrimaryGPT_1.bin
BackupGPT_155463630.bin
system_1644161.bin
system_1643654.bin
system_1610886.bin
system_1578118.bin
system_1545350.bin
system_1512582.bin
system_1479814.bin
system_1447553.bin
system_1414785.bin
system_1382017.bin
system_1349249.bin
system_1316481.bin
system_1283713.bin
system_1250945.bin
system_1218177.bin
system_1185409.bin
system_1152641.bin
system_1119873.bin
system_1087105.bin
system_1054337.bin
system_1021569.bin
system_989186.bin
system_988679.bin
system_956033.bin
system_923650.bin
system_923143.bin
system_890497.bin
system_857729.bin
system_824961.bin
system_792193.bin
system_759425.bin
system_726657.bin
system_693889.bin
system_661121.bin
system_628353.bin
system_627846.bin
system_595585.bin
system_595078.bin
system_562817.bin
system_530049.bin
system_497281.bin
system_464513.bin
system_464006.bin
system_431745.bin
system_399362.bin
system_398855.bin
system_366209.bin
system_333826.bin
system_333319.bin
system_300673.bin
system_268290.bin
system_267783.bin
system_235137.bin
system_202754.bin
system_202247.bin
system_169601.bin
system_137218.bin
system_136711.bin
system_103558.bin
lafbak_91270.bin
persist_83078.bin
rct_66310.bin
factory_49158.bin
laf_6.bin
PrimaryGPT_0.bin
byte read position 4
header 32-96-18-74
byte read position 0
So looking at the .dz its the system spread out over multiple.bin files.
The .bin files are all labeled system.bin so that's easy enough, they also combine at certain points to become one, and ill post that below here in a second to show what bins match up to each-other. I do have each files OFFSET as well as its length, checksum, and idx for each if needed as well.
The rest is your aboot, your boot.img , recovery, efs, cfg files, and some other stuff im not to sure about, possible pit info and partition info.
never the less, the bin files combine together, and become a system.img
Im able to create my own system.img based of my own files ive received, so in "theory" the system img i have, the backups of the stock boot-loader, the stock boot.img the stock recovery etc should be able to be put in their place and neatly packed back up for re-use.
okay so now back on to the last part. Part (D)
Part D consists of taking the bin files and combining them to make a system.img , the below is the process that combines the files together and their matches.
Code:
Complete on merging system files
[+] partial 58 file 1644161 offset 12324824 || seek 6310309888
[+] partial 57 file 1643654 offset 12320768 || seek 6308233216
[+] partial 56 file 1610886 offset 12058624 || seek 6174015488
[+] partial 55 file 1578118 offset 11796480 || seek 6039797760
[+] partial 54 file 1545350 offset 11534336 || seek 5905580032
[+] partial 53 file 1512582 offset 11272192 || seek 5771362304
[+] partial 52 file 1479814 offset 11010048 || seek 5637144576
[+] partial 51 file 1447553 offset 10751960 || seek 5505003520
[+] partial 50 file 1414785 offset 10489816 || seek 5370785792
[+] partial 49 file 1382017 offset 10227672 || seek 5236568064
[+] partial 48 file 1349249 offset 9965528 || seek 5102350336
[+] partial 47 file 1316481 offset 9703384 || seek 4968132608
[+] partial 46 file 1283713 offset 9441240 || seek 4833914880
[+] partial 45 file 1250945 offset 9179096 || seek 4699697152
[+] partial 44 file 1218177 offset 8916952 || seek 4565479424
[+] partial 43 file 1185409 offset 8654808 || seek 4431261696
[+] partial 42 file 1152641 offset 8392664 || seek 4297043968
[+] partial 41 file 1119873 offset 8130520 || seek 4162826240
[+] partial 40 file 1087105 offset 7868376 || seek 4028608512
[+] partial 39 file 1054337 offset 7606232 || seek 3894390784
[+] partial 38 file 1021569 offset 7344088 || seek 3760173056
[+] partial 37 file 989186 offset 7085024 || seek 3627532288
[+] partial 36 file 988679 offset 7080968 || seek 3625455616
[+] partial 35 file 956033 offset 6819800 || seek 3491737600
[+] partial 34 file 923650 offset 6560736 || seek 3359096832
[+] partial 33 file 923143 offset 6556680 || seek 3357020160
[+] partial 32 file 890497 offset 6295512 || seek 3223302144
[+] partial 31 file 857729 offset 6033368 || seek 3089084416
[+] partial 30 file 824961 offset 5771224 || seek 2954866688
[+] partial 29 file 792193 offset 5509080 || seek 2820648960
[+] partial 28 file 759425 offset 5246936 || seek 2686431232
[+] partial 27 file 726657 offset 4984792 || seek 2552213504
[+] partial 26 file 693889 offset 4722648 || seek 2417995776
[+] partial 25 file 661121 offset 4460504 || seek 2283778048
[+] partial 24 file 628353 offset 4198360 || seek 2149560320
[+] partial 23 file 627846 offset 4194304 || seek 2147483648
[+] partial 22 file 595585 offset 3936216 || seek 2015342592
[+] partial 21 file 595078 offset 3932160 || seek 2013265920
[+] partial 20 file 562817 offset 3674072 || seek 1881124864
[+] partial 19 file 530049 offset 3411928 || seek 1746907136
[+] partial 18 file 497281 offset 3149784 || seek 1612689408
[+] partial 17 file 464513 offset 2887640 || seek 1478471680
[+] partial 16 file 464006 offset 2883584 || seek 1476395008
[+] partial 15 file 431745 offset 2625496 || seek 1344253952
[+] partial 14 file 399362 offset 2366432 || seek 1211613184
[+] partial 13 file 398855 offset 2362376 || seek 1209536512
[+] partial 12 file 366209 offset 2101208 || seek 1075818496
[+] partial 11 file 333826 offset 1842144 || seek 943177728
[+] partial 10 file 333319 offset 1838088 || seek 941101056
[+] partial 9 file 300673 offset 1576920 || seek 807383040
[+] partial 8 file 268290 offset 1317856 || seek 674742272
[+] partial 7 file 267783 offset 1313800 || seek 672665600
[+] partial 6 file 235137 offset 1052632 || seek 538947584
[+] partial 5 file 202754 offset 793568 || seek 406306816
[+] partial 4 file 202247 offset 789512 || seek 404230144
[+] partial 3 file 169601 offset 528344 || seek 270512128
[+] partial 2 file 137218 offset 269280 || seek 137871360
[+] partial 1 file 136711 offset 265224 || seek 135794688
[+] partial 0 file 103558 offset 0 || seek 0
count 59
files ||--> system_1644161.bin || 1644161
files ||--> system_1643654.bin || 1643654
files ||--> system_1610886.bin || 1610886
files ||--> system_1578118.bin || 1578118
files ||--> system_1545350.bin || 1545350
files ||--> system_1512582.bin || 1512582
files ||--> system_1479814.bin || 1479814
files ||--> system_1447553.bin || 1447553
files ||--> system_1414785.bin || 1414785
files ||--> system_1382017.bin || 1382017
files ||--> system_1349249.bin || 1349249
files ||--> system_1316481.bin || 1316481
files ||--> system_1283713.bin || 1283713
files ||--> system_1250945.bin || 1250945
files ||--> system_1218177.bin || 1218177
files ||--> system_1185409.bin || 1185409
files ||--> system_1152641.bin || 1152641
files ||--> system_1119873.bin || 1119873
files ||--> system_1087105.bin || 1087105
files ||--> system_1054337.bin || 1054337
files ||--> system_1021569.bin || 1021569
files ||--> system_989186.bin || 989186
files ||--> system_988679.bin || 988679
files ||--> system_956033.bin || 956033
files ||--> system_923650.bin || 923650
files ||--> system_923143.bin || 923143
files ||--> system_890497.bin || 890497
files ||--> system_857729.bin || 857729
files ||--> system_824961.bin || 824961
files ||--> system_792193.bin || 792193
files ||--> system_759425.bin || 759425
files ||--> system_726657.bin || 726657
files ||--> system_693889.bin || 693889
files ||--> system_661121.bin || 661121
files ||--> system_628353.bin || 628353
files ||--> system_627846.bin || 627846
files ||--> system_595585.bin || 595585
files ||--> system_595078.bin || 595078
files ||--> system_562817.bin || 562817
files ||--> system_530049.bin || 530049
files ||--> system_497281.bin || 497281
files ||--> system_464513.bin || 464513
files ||--> system_464006.bin || 464006
files ||--> system_431745.bin || 431745
files ||--> system_399362.bin || 399362
files ||--> system_398855.bin || 398855
files ||--> system_366209.bin || 366209
files ||--> system_333826.bin || 333826
files ||--> system_333319.bin || 333319
files ||--> system_300673.bin || 300673
files ||--> system_268290.bin || 268290
files ||--> system_267783.bin || 267783
files ||--> system_235137.bin || 235137
files ||--> system_202754.bin || 202754
files ||--> system_202247.bin || 202247
files ||--> system_169601.bin || 169601
files ||--> system_137218.bin || 137218
files ||--> system_136711.bin || 136711
files ||--> system_103558.bin || 103558
And there's the system.img creation in progress and completed.
At this point i'm stuck on how i would start to take on this project and do everything in reverse, or somwhat similar to achieve my own custom kdz / .dz file
Gonna take a break from the info part now and actually work on the project but wanted to at-least explain to everyone where my head is at and what i'm trying to work on myself personally. This is a DEV-B project and ANYONE who has a skill can bring it to the table and help. All i ask is please show your work neatly and cleanly as this will have to become source for the project as time moves on, and this is part of our issue in the 1st place. We need to document our work as best we can so others can improve and build upon it also, without providing your work it makes it nearly impossible for others to supply any help!
And off to the races we go!
So why won't Sprint release the kdz likecthe other carriers.
Sent from my LG-LS997 using Tapatalk
Bro you stay busy
I suggest popping the program into IDA and seeing what the process is for everything..
me2151 said:
I suggest popping the program into IDA and seeing what the process is for everything..
Click to expand...
Click to collapse
exactly what i was looking for, i need to reverse engeneer this program and the do it in reverse to re-compile it.
im assuming the issues will be the DLL file and the keystore key re-creation to get it right, but even if i can get it just to swap softwear and roll phones back ill be more then happy. Ultimately im trying to just keep the newer devices in line,
ultimately if the ZV6 update activates anti-roll back ill discontinue my work as it will be pointless.
Im def getting somewhere with this, and its def. plausible, we shall see how it goes lol
Chaz187 said:
So why won't Sprint release the kdz likecthe other carriers.
Sent from my LG-LS997 using Tapatalk
Click to expand...
Click to collapse
sprint and att both dont anymore, they said they fully supply the updates via FOTA and wont be providing a hard copy for public use. LG directly doesn't even know what a KDZ in my opinion lol, atleast anyone who works on their online and phone support that is, and ill never find someone who actually is a engineer for them that's willing to give me a copy, at-least not that will risk it for us lol
I really believe it should be handled like a computer, you purchased a digital copy of their software when you purchased the handset, and should have to give you a copy digital or otherwise available. But unless a class-action suit comes through and changes the way things are done its going to continue to go this way.. Its all a gray area with this technology, and not enough legal precedence to get things done differently.
This is great to hear. Wish I could help technically speaking, but I'm willing to donate $ to you if you can get this working 100%.
Would a sprint store carry a copy ? I have a friend who works at a Sprint store and i could ask and see if he would give me a copy.
Sent from my LG-LS997 using XDA-Developers Legacy app
philiptibbs said:
Would a sprint store carry a copy ? I have a friend who works at a Sprint store and i could ask and see if he would give me a copy.
Sent from my LG-LS997 using XDA-Developers Legacy app
Click to expand...
Click to collapse
I run a few of them lol
Sadly no.. Need to make a LG friend. Or somone who works at asurion maybe who handles device reconditioning.. But thats a lot to ask from someone who could loose their job over a leaked proprietary file..
Essentially sprint and att have decided to not release their kdz for whatever reason. And from my knowledge if you do manage to get a kdz. Keep it hush and lmk. But its probably going to be encrypted and useless without a key to decrypt or a good bit of work to release it.
Looking forward to this thread..I have the sprint ls997 bricked
Sent from my SM-G935F using Tapatalk
They say you can unbrick it with lgup
Sent from my LG-LS997 using XDA-Developers Legacy app
Hello, OP
why you want to make a KDZ? why not just create TOT file?
LG official R&D tool can convert and pack tot file into kdz
LG UP dev can dump all partitions from a working LG V20 phone.
Anyone who wish to dump partitions from a working Sprint or AT&T LG V20, please PM me
Team DevDigitel said:
I run a few of them lol
Sadly no.. Need to make a LG friend. Or somone who works at asurion maybe who handles device reconditioning.. But thats a lot to ask from someone who could loose their job over a leaked proprietary file..
Essentially sprint and att have decided to not release their kdz for whatever reason. And from my knowledge if you do manage to get a kdz. Keep it hush and lmk. But its probably going to be encrypted and useless without a key to decrypt or a good bit of work to release it.
Click to expand...
Click to collapse
i can vouch for that... i had one leaked to me awhile back. it was in an encrypted format. before you ask No i dont have it anymore lol
asialove2013 said:
Hello, OP
why you want to make a KDZ? why not just create TOT file?
LG official R&D tool can convert and pack tot file into kdz
LG UP dev can dump all partitions from a working LG V20 phone.
Anyone who wish to dump partitions from a working Sprint or AT&T LG V20, please PM me
Click to expand...
Click to collapse
can we speak over google hangouts? this is news to me bro.
i have full dumps i just dont know how to make the tot, but it would be great to do this as i need it for a few projects on our end!
Thanks for the info bro!
add me hangouts
Team DevDigitel said:
can we speak over google hangouts? this is news to me bro.
i have full dumps i just dont know how to make the tot, but it would be great to do this as i need it for a few projects on our end!
Thanks for the info bro!
Click to expand...
Click to collapse
Google Hangouts : [email protected]
FULL dump ( all partitions) from a working Sprint LG V20?
asialove2013 said:
Google Hangouts : [email protected]
FULL dump ( all partitions) from a working Sprint LG V20?
Click to expand...
Click to collapse
Yes we have full dumps. Full STOCK dumps.
http://www.aryk.tech/2016/12/toolstudio-emmc-download-tool-helps-you.html
http://www.aryk.tech/2016/12/how-to-convert-kdz-files-to-img-and-bin.html
Just Place Holder for some info for myself, and to share for collaboration only.
Quote from here : https://forum.xda-developers.com/showpost.php?p=67865707&postcount=187
emdroidle
23rd July 2016, 12:52 AM |#187
emdroidle's Avatar
Senior Member
200 posts
Thanks Meter: 186
More
Quote:
Originally Posted by krusion
So is there a way to actually extract my KDZ or TOT and then modify it so I can then flash it using LGUP? Reason I ask is because I'm trying to return to stock kitkat. I'm currently on V10o-AME-xx (middle east) and rooted. I want to remove the root but stay on kitkat. All the TOT and KDZ I found were european or asian. Didn't find any middle eastern. So if I were to be able to extract and then flash my own, that would be great!
Most of the rooting tools include some way of unrooting, just need to find it. Pretty often simply start the app associated with the rooting tool and press a button labeled "unroot".
Quote:
Originally Posted by jerdog
So while this isn't in the LG G4 section, this of course works with LG G4 and so I have a question for you @bullghost (or anyone else for that matter)
Does anyone know how to recreate a KDZ file? There are plenty of tools for extracting, even some open source ones, but not finding anything that assists with creating a KDZ. Any help would be appreciated
A better link would have been to the thread of the original developer for that tool. I got permission from the original author to reuse the code as long as attribution is given, which means mine is under GPL.
I'm currently working on rebuilding the files, but this is not the easiest thing to do. I'm pretty sure I've figured out how to correctly interpret all the fields on the individual chunks of the DZ file (the actual file containing the flash image inside the KDZ file), but I'm rather unsure of the fields on the header of the DZ file. I have though managed to successfully recreate the chunks of a DZ file, so I am making progress slowly. My initial implementation of this though relies on the SEEK_DATA/SEEK_HOLE functionality available on various flavors of Unix (including Linux), so it does have limitations. Also note, this functionality hasn't been uploaded to GitHub yet.
My big concern is the KDZ files may have signatures to protect against installing a maliciously modified KDZ file. If this is so, the effort will be sunk without those keys (and I doubt LG will disclose them), unless LGUP can be told to install a "corrupt" KDZ file anyway.
Get Info for KDZ Unpacking =) SOURCE CODE YEY : https://github.com/ehem/kdztools
Main Op for Program being Reverse Engineered : https://forum.xda-developers.com/showthread.php?t=2483250
Concept tool already in process of being built =(
seems like im not the onlyone working here but im happy theres something to start from!
The get for a custom kdz creator can be found here: https://github.com/ehem/kdztools
it is stated that this is untested but verified "working"
Dz Info : https://github.com/ehem/kdztools/wiki/DZ-File-Format-Detail
Related
hi guys i am working on compiling my own A20 based system on android 4.2.2
my problem comes when i try to upgrade my system using OTA update.zip that i created (using the make otapackage) command, the error that occurs is as follows
java.security.signatureexception: no signature in file (bad footer)
at android.os.recoverysystem.verifypackage(recoverysystem.java :181)
tracing the error led me to the following block of code which is giving me the error
Code:
// Check that we have found the start of the
// end-of-central-directory record.
if (eocd[0] != (byte)0x50 || eocd[1] != (byte)0x4b ||
eocd[2] != (byte)0x05 || eocd[3] != (byte)0x06) {
throw new SignatureException("no signature in file (bad footer)");
}
using the recovery menu also gives me "update failed" so i am completely stumped
let me know if more information is needed
any help would be appreciated !! :fingers-crossed:
OTA packages have update script inside in folder "\META-INF\com\google\android\updater-script".
There is "range_sha1" function used for calculation SHA1 hash.
Code:
range_sha1("/dev/block/bootdevice/by-name/system", "2,0,1") == "2e0b37350f70a4f3d241e933d03c507e14aa25db"
I'm trying to find definition (source) of the function to know how SHA1 is exactly calculated and what second argument means.
Do you have any idea where I could find it?
Ok, I've finally found it here.
"2, 0, 1" mean 2 numbers, 0 = min, 1 = max, it is parsed to one RangeSet(0, 1)
for the specified range is SHA1 calculated:
bytes: [0..1*BLOCKSIZE] where BLOCKSIZE = 4096
It means that the range_sha1("/dev/block/bootdevice/by-name/system", "2,0,1") calculates SHA1 hash of first 4096 bytes of "/dev/block/bootdevice/by-name/system".
Hello ... so i have an Radio.img and i know inside there are this files
(bootloader) Validating 'radio.default.xml'
(bootloader) Committing 'radio.default.xml'
(bootloader) - flashing 'NON-HLOS.bin' to 'modem'
(bootloader) - flashing 'fsg.mbn' to 'fsg'
(bootloader) - erasing 'modemst1'
(bootloader) - erasing 'modemst2'.
How can i extract NON-HLOS and fsg ? thanks in advance ...
I know this is an ancient thread, but it's still the first search result, so I figured a solution could help anyone else that stumbles upon this..
I made a quick and dirty extractor that works at least for motorola edge 2021 xt2141 radio images. These files seem to start with magic "SINGLE_N_LONELY" and end with "LONELY_N_SINGLE". Filenames are provided, followed by the length of the contents (in little endian), then the contents.
This script will try to open radio.img in the current dir if a filename is not provided. Dumped files will go right in the working dir, so be careful. File content reading isn't done in chunks here, so be mindful of memory usage. Likely not an issue, but you can code in some chunking if needed.
Code:
#!/usr/bin/env python
import io
import sys
# supply filename as argument or default to 'radio.img'
try:
filename = sys.argv[1]
except IndexError:
filename = 'radio.img'
with open(filename, 'rb') as f:
magic = f.read(0x100).strip(b'\0').decode()
print(magic)
assert magic == 'SINGLE_N_LONELY'
while True:
# filename
fn = f.read(0xF0).strip(b'\0').decode()
print(fn)
if fn == 'LONELY_N_SINGLE':
break
# size of file in little endian
f.seek(0x08, io.SEEK_CUR)
l = int.from_bytes(f.read(0x08), 'little')
print(l)
# warning: not reading in chunks...
# warning: outputs to working dir
with open(fn, 'wb') as o:
o.write(f.read(l))
# seek remainder
rem = 0x10 - (l % 0x10)
if rem < 0x10:
f.seek(rem, io.SEEK_CUR)
# seek until next filename
while not f.read(0x10).strip(b'\0'):
continue
# rewind back to start of filename
f.seek(-0x10, io.SEEK_CUR)
Note the resulting images will likely be in sparse format. You'll need simg2img to convert to raw images if you're trying to mount or otherwise manhandle the images.
If interested in dumping carrier profiles (from inside the fsg image), EfsTools has an extractMbn function. Not sure how to reassemble though. https://github.com/JohnBel/EfsTools
ziddey said:
I know this is an ancient thread, but it's still the first search result, so I figured a solution could help anyone else that stumbles upon this..
I made a quick and dirty extractor that works at least for motorola edge 2021 xt2141 radio images. These files seem to start with magic "SINGLE_N_LONELY" and end with "LONELY_N_SINGLE". Filenames are provided, followed by the length of the contents (in little endian), then the contents.
This script will try to open radio.img in the current dir if a filename is not provided. Dumped files will go right in the working dir, so be careful. File content reading isn't done in chunks here, so be mindful of memory usage. Likely not an issue, but you can code in some chunking if needed.
Code:
#!/usr/bin/env python
import io
import sys
# supply filename as argument or default to 'radio.img'
try:
filename = sys.argv[1]
except IndexError:
filename = 'radio.img'
with open(filename, 'rb') as f:
magic = f.read(0x100).strip(b'\0').decode()
print(magic)
assert magic == 'SINGLE_N_LONELY'
while True:
# filename
fn = f.read(0xF0).strip(b'\0').decode()
print(fn)
if fn == 'LONELY_N_SINGLE':
break
# size of file in little endian
f.seek(0x08, io.SEEK_CUR)
l = int.from_bytes(f.read(0x08), 'little')
print(l)
# warning: not reading in chunks...
# warning: outputs to working dir
with open(fn, 'wb') as o:
o.write(f.read(l))
# seek remainder
rem = 0x10 - (l % 0x10)
if rem < 0x10:
f.seek(rem, io.SEEK_CUR)
# seek until next filename
while not f.read(0x10).strip(b'\0'):
continue
# rewind back to start of filename
f.seek(-0x10, io.SEEK_CUR)
Note the resulting images will likely be in sparse format. You'll need simg2img to convert to raw images if you're trying to mount or otherwise manhandle the images.
If interested in dumping carrier profiles (from inside the fsg image), EfsTools has an extractMbn function. Not sure how to reassemble though. https://github.com/JohnBel/EfsTools
Click to expand...
Click to collapse
Thanks for making python script to unpack these SINGLE_N_LONELY header files(bootloader.img, radio.img, singleimage.bin, gpt.bin) from Moto Stock ROM zips.
But why reading filename only 240 bytes and skipping 8 bytes instead of reading whole 248 bytes?
This guy wrote to read 248 bytes instead https://forum.xda-developers.com/t/...t-of-the-moto-g-5g-plus.4371213/post-87807175
I also made quick and dirty unpacked using Lua 5.3 at https://forum.xda-developers.com/t/...t-of-the-moto-g-5g-plus.4371213/post-87931915
I guess one of us has to post this to github, since I can't find any Open Source tool to unpack this simple format image files.
Currently, only star tool that we can find from some of blankflash files(eg. this) and imjtool can unpack these SINGLE_N_LONELY header files as far as I know. But I guess these are not Open Source.
Thanks
HemanthJabalpuri said:
But why reading filename only 240 bytes and skipping 8 bytes instead of reading whole 248 bytes?
This guy wrote to read 248 bytes instead https://forum.xda-developers.com/t/...t-of-the-moto-g-5g-plus.4371213/post-87807175
Click to expand...
Click to collapse
Ah neat. I only used xt2141 radio images as reference for approximating the file format. It's been a while, but I think based on the actual positioning of the filenames in the images I was testing, I wasn't sure if the final 8 bytes were part of the filename or padding.
Likewise, I wasn't sure of how padding works after the file data, so I just did a dumb seek and rewind.
Hi,
I bought used Redmi 5 plus, I have some problem with my screen its probably fake chinese screen, i tried:
Ubuntu + SailfishOS: i think its running but the display is stuck on "mi unlocked" screen
PostmarketOS: black screen but phone is working - I can ssh to it
Anyone know how to make fake screen work with custom ROMs?
Also when flashing I always need to remove this line from updater script:
assert(getprop("ro.product.device") == "vince" || getprop("ro.build.product") == "vince" || abort("E3004: This package is for device: vince; this device is " + getprop("ro.product.device") + ".");
Anyone know why the name of my phone is not "vince"?
Thanks.
So I got this file from a thread on XDA a few months back. The thread has been closed and the user who modified this zip file it's no longer on here. This file can be flashed successfully on Android 12 to get full read and write permissions. I tried to flash it and TWRP on Android 13 and it failed. Wondering if anybody is able to modify this to work on Android 13?
chairman011 said:
So I got this file from a thread on XDA a few months back. The thread has been closed and the user who modified this zip file it's no longer on here. This file can be flashed successfully on Android 12 to get full read and write permissions. I tried to flash it and TWRP on Android 13 and it failed. Wondering if anybody is able to modify this to work on Android 13?
Click to expand...
Click to collapse
I looked at it for the heck of it not knowing anything about it. It didn't include the system_ext img and sdk check didn't include 33 for Android 13 so I added both:
sdkCheck(){
sdkVersion=`getprop ro.build.version.sdk`
if (( $sdkVersion < 29 )); then
printf "$app: Please install Android 10 or newer and try again\n\n"; exit 1
elif (( $sdkVersion == 29 )); then
android=10
elif (( $sdkVersion == 30 )); then
android=11
elif (( $sdkVersion == 31 )); then
android=12
elif (( $sdkVersion == 32 )); then
android=12
elif (( $sdkVersion == 33 )); then
android=13
else
printf "$app: Your Android version is not supported yet. Abort\n\n"; exit 1
fi
printf "$app: Current Android version: %s\n" $android
}
and example:
if [[ "$imgName" == *"system"* || "$imgName" == *"product"* || "$imgName" == *"system_ext"* || "$imgName" == *"vendor"* ]]; then makeRW $fName;
vol=`tune2fs -l $i 2>/dev/null | grep "volume" | awk '{print $NF}'`
if [[ "$vol" == "/" || "$vol" == "product" || "$vol" == "system_ext" || "$vol" == "vendor" ]];
I personally wouldn't flash this but those are the only type changes I made to this.
Thanks I'll give it a shot I appreciate it
Dang I get this error I might just go back to android 12 til they update this to work properly on 13 thank you for your time and effort
chairman011 said:
Dang I get this error I might just go back to android 12 til they update this to work properly on 13 thank you for your time and effort
Click to expand...
Click to collapse
Probably best. I did read, however, that sometimes you have to change the size in the config.ini in the zip (currently set at "size=20"). It seems to say you don't have enough room on your phone.
Tulsadiver said:
Probably best. I did read, however, that sometimes you have to change the size in the config.ini in the zip (currently set at "size=20"). It seems to say you don't have enough room on your phone.
Click to expand...
Click to collapse