Related
---------------------------------------------------------------------------------
I posted this in the hacking section by mistake. I hope to get some help by posting this in the correct Q&A section.
I have a Samsung Galaxy Player 70 Plus (YP-GB70D) which is sold in Korea only (got it secondhand from ebay). I cannot find any development of this player (or the Korean development team is not willing to share), particularly on installation of CWM. I would at least like to have this rooted. I did manage to find copies of the OEM firmware in TAR format.
I read about dsixda's Android Kitchen. I installed Virtualbox on my Windows 7 machine to run ubuntu 12. I successfully installed Kitchen and used it to modify my TAR firmware. I know that this player is not on the list supported by Kitchen, but the modification process seemed to complete smoothly.
I notice that the modified firmware is in ZIP format suitable for flashing with CWM (as I said there is no CWM for this player). I renamed this to "update.zip" and tried Samsung's 3e recovery, but it rejected it saying "verification fails".
Further research shows that I can unpack the factoryfs.img in the TAR firmware, and manually add su / superuser into the system folders, then repack it back into factoryfs.img and then the TAR firmware, and use ODIN or Heimdall to flash it to the player. I have also successfully installed EXT4_UTILS on ubuntu and used it to unpack the factoryfs.img into an ext4 image, and mounted the unpacked image using this command:
Code:
sudo mount -o loop output.img tempdir
Unfortunately, the mounted image only allows you to see the content of the image, and you cannot add / delete / change anything inside. I tried modifying the permission of the folder of the mounted image, but no luck.
When I look at the output from Kitchen and the mounted image, I notice they have all the identical system folders and files (except su and superuser added in the Kitchen output). Therefore, I copied the "system" folder from Kitchen output and repacked it into factoryfs.img with EXT4_UTILS, and replaced the original factoryfs.img of the OEM firmware with the modified version (I repacked the TAR using 7zip).
Unfortunately, when I flashed the modified TAR with ODIN (which detected the player without problem), it said "failed" and aborted. When I used Heimdall (which detected the player without problem), it gave me a "usblib error -12" message and aborted. I have tried unsintalling the "Samsung USB driver for mobile phone" and reinstalling the Heimdall driver from zadig.exe, but no luck.
My questions are:
(1) Is there a way to make the mounted ext4 image of the EXT4_UTILS read/writable, so that I can modify the content and add su / superuser to "bin"?
(2) Does ODIN check whether the firmware is original (OEM) or custom, and reject custom firmware? If not, why would my method of replacing the "/system" folder of the original factoryfs.img with that from the Ktichen output fail?
Thanks for helping a noob out.
As I said I used Kitchen to generate a CWM-flashable zip of the rooted version of the original firmware. I repeated the experiment, this time replacing both factoryfs.img (made from repacking the modified /system from Kitchen output using EXT4_UTILS tool) and zImage (instead of just the factoryfs.img) of the original firmware with those from the Kitchen output, then repacking the whole thing into TAR.
This time ODIN worked and completed the flashing of the customized TAR and the player rebooted into recovery for update. Unfortunately, it failed with some red error messages (too fast for me to read through before the player rebooted again).
I notice in Download Mode, the "custom firmware count = yes (1)". I wonder if this is the reason why I cannot flash anything other than official firmware, because the Samsung recovery is blocking unofficial flashing from ODIN and also Heimdall (therefore the "libusb error -12").
I found three versions of the official firmware, one of which is rooted and flashable with ODIN. I wonder how someone can sneak su into the firmware and repackage it to an official Samsung firmware?
Hello,
i have a Wiko PULP 3G, without a working root method.
I take a look at the Firmware files, there seems no CRC Protection. Even a Satellite Receiver or a TV Firmware have such.
I changed Text in the image with a HEX Editor(ro.sys.usb.storage.type) to get Massstorage. I flashed the modified image.
The Program just done it. Okay i have still no Massstorage. But on the Mobile i can see the build.prop has really changed
like i edit it.
I wonder if i can change Textfiles, it may possible to mount system as r/w.
Its a 1.9GB image difficult to find the Init/fstab.
Questions:
1. What do i need to modify to get mass_storage ?
2. How are the typical Textlines for a phone to make system read-only?
3. If i have write access to /system i can put a "su" file(any?) to system install SuperSU and have root?
Okay i have modified a boot.img, repack it and flashed it.
I set ro.secure=0, ro.debuggable=1 and massstorage in build.prop.
I got masstorage )))))
But how do i get the su to xbin. In the extracted Boot.img or Recovery.img there is no xbin.
Other .img files cant be xtracted.
With adb push this dont work, no permission.
Ideas?
If this is a raw system partition ext4 image, you can just mount it (with -o loop) on your Linux PC and modify the contents.
_that said:
If this is a raw system partition ext4 image, you can just mount it (with -o loop) on your Linux PC and modify the contents.
Click to expand...
Click to collapse
Thanks, but its not a raw image. I think its Android Sparse Image Format.
Linux cant mount it. Yaffey is not able to handle it.
I wonder why there i no tool where you can put a Firmware in and click on "Root it" and ready is the new one?!
Now i found tools to depack/pack the system image.
But the Phone dont boot, it starts and restart in Recovery.
If i do a root filecheck in Recovery it says 1 file added and 1 file changed - FAIL.
There must be something like a modify protection
I used Cm 13 sources to build a bootimage for my device and everything compiled without any serious error, but i got a very large boot image 8 megabytes. I tried flashing it via TWRP but it constantly gave me error saying bootimage too large for the device.
I also forced flash the bootimage that resulted into a bricked any help would be great
My device is Samsung vibrant
Now im currently compiling the entire rom
try
http://k.japko.eu/boot-img-manipulation.html
or
Okay, first off, let me tell you I'm not at all familiar with your device...so, instead of specifically answering your questions (which would be dangerous/irresponsible of me to have you do something for which I cannot be sure of or vouch since I don't have experience with your device), I'll try to give you some general information (it does seem like you have a good grasp of many of the concepts for getting where you want to go, so maybe I can just fill-in some gaps ).
1. Regarding renaming initlogo.rle to initlogo.rle.old: I'm not sure that doing that will change the splash screen or break something when it goes to look for the initlogo.rle file (a special image file). As you've probably researched, these files are a bit odd and are not just simple image files we're all used to dealing with. I've never successfully been able to create a new initlogo.rle file on my previous attempts a few years back.
2. When you re-pack a bootable image file (boot.img or recovery.img), you need:
- re-pack the updated ramdisk to a new ramdisk.gz file
- rebuild the .img file using mkbootimg utility, specifying the kernel file and the updated ramdisk.gz file
- it's might also be important / necessary to specify the base boot address using the --base <address> parameters when issuing the mkbootimg command where <address> is the base boot address of your device; your bootable image split/unpacking utility should tell you what it sees that the base address is; here is the information I saw when I unpacked the boot.img file that you supplied in your first post:
[email protected] ~/boot-img-split-tools/ameen
$ ../split_boot.pl boot.img
Page size: 2048 (0x00000800)
Kernel size: 9600396 (0x00927d8c)
Ramdisk size: 1313051 (0x0014091b)
Second size: 0 (0x00000000)
Board name:
Command line: 'console=ttyS0,115200 rw init=/init loglevel=5'
Base address: (0x40000000)
Writing boot/boot.img-kernel ... complete.
Writing boot/boot.img-ramdisk.cpio.gz ... complete.
Unpacking ramdisk... complete.
[email protected] ~/boot-img-split-tools/ameen
- not having properly set the base boot address might explain why your device didn't boot
- not properly re-packing the ramdisk might explain why your device didn't boot
- not properly rebuilding the bootable image (using the mkbootimg utility)
3. I kind of understand what you were trying to do by changing the the .md5 file...I'm guessing that you calculated a new MD5 sum of the new boot.img file thinking that would help CWM restore it; that probably doesn't matter unless you've got the MD5/checksum verification enabled; asking/using CWM to restore / install your boot.img is an interesting and non-traditional way of doing that
4. Is the CWM custom recovery specifically built for your device? I did a quick search for it and couldn't find anything. You do indeed need a custom recovery that is built specifically for your device and it's hardware & partition / filesystem layouts and sizes. Just want to make sure that you were aware of that...using the "wrong" custom recovery might be "problematic" (bad).
Edit: I think I might have found which one you used? http://forum.xda-developers.com/showthread.php?t=2189640
5. If you had previously booted into custom recovery on your "broken" device, you still should be able to re-flash or re-launch the custom recovery in the same way that you originally did, yes? The boot and recovery partitions should be separate--so, if you only messed with the boot partition, then you should be okay--unless you've got an incompatible custom recovery that overwrote important things (like your recovery partition...).
I hope that helps...I know I didn't touch on all of your questions...that's probably enough for this post and for what follow-up questions you might have .
Cheers!
source
http://androidforums.com/threads/help-with-boot-img.963358/
I dont have much knowledge about building bootimage but while i was compiling the bootimage i got an error saying no rule to make busybox flash image. So i just copied those file from kernel sources to the out directoru i dont know if that was the problem. Also i had tried using omni 6 sources a few days back i got the right bootimage size but none of my bootimages would bootup my device. Everytime id flash the omni bootimages i got a buggy twrp recovery(faded colors, unreadable text and bootloops. Also regarding the recovery you mentioned there were some dev that built omni lollipop for my device i used TWRP 2.8 to flash all the bootimages
I have a system.img file, which I extracted from a 20J KDZ. I would now like to convert it into a flashable zip. I have 2 reasons for this. One, I dont want to have to use LGUP to revert my phone to a 100% stock system. It is much easier to just flash a zip of the system partition. Two, I would like to get into modding and ROM development. I believe that it is best to start from pure stock and make changes from there, instead of basing your work off of something that someone else has already modded.
I found these threads but they're a bit old (Lollipop):
1. http://forum.xda-developers.com/lg-v10/development/lg-h901-stock-img-files-boot-recovery-t3238638
2. http://forum.xda-developers.com/tmobile-lg-v10/development/lg-h901-stock-images-device-restore-t3241170
In one of them a member provided img's for recovery, boot, and system. In the other thread flashable zips of these img's were posted. These are for the Tmo v10. So it's not a matter of whether it can be done, but how. What tools are needed?
I downloaded the zip from one of the aforementioned threads, deleted the boot.img, replaced his system.img with mine, edited updater-script, and zipped up the meta-inf and system.img files with 7zip. I also checked to be sure that the block to be flashed was correct, it is the same (even though my img is for MM). I tried flashing with TWRP, I immediately get an error code 6.
What should I do?
Just off the subject slightly...but Eliminater74 already has a flashable zip (thought TWRP) for the 20J release. Its a 2 Part System.
Eliminator74's zip is modified. I want to take a 100% pure stock system.img (extracted from stock firmware) and put it into a zip that can be flashed in TWRP. When I say stock, that's what I mean. No root, no Xposed, no BusyBox, nothing. This has already been done for Lollipop on the v10, but I have MM. I have already explained why I want to do this. I'm currently looking into whether Superr's Kitchen can accomplish this.
He has a Fully Stock 20J release..just gotta read the thread..
AnonVendetta said:
I have a system.img file, which I extracted from a 20J KDZ. I would now like to convert it into a flashable zip. I have 2 reasons for this. One, I dont want to have to use LGUP to revert my phone to a 100% stock system. It is much easier to just flash a zip of the system partition. Two, I would like to get into modding and ROM development. I believe that it is best to start from pure stock and make changes from there, instead of basing your work off of something that someone else has already modded.
I found these threads but they're a bit old (Lollipop):
1. http://forum.xda-developers.com/lg-v10/development/lg-h901-stock-img-files-boot-recovery-t3238638
2. http://forum.xda-developers.com/tmobile-lg-v10/development/lg-h901-stock-images-device-restore-t3241170
In one of them a member provided img's for recovery, boot, and system. In the other thread flashable zips of these img's were posted. These are for the Tmo v10. So it's not a matter of whether it can be done, but how. What tools are needed?
I downloaded the zip from one of the aforementioned threads, deleted the boot.img, replaced his system.img with mine, edited updater-script, and zipped up the meta-inf and system.img files with 7zip. I also checked to be sure that the block to be flashed was correct, it is the same (even though my img is for MM). I tried flashing with TWRP, I immediately get an error code 6.
What should I do?
Click to expand...
Click to collapse
What tool did you use to extract the KDZ? I am trying to get a stock boot.img for the H901J build and I cannot seem to find it. I used the WindowsLGFirmwareExtract 1.2.5.0 release and all I see are a ton of .bin files and system.img. Is boot.img inside system.img?
@Sippi4x4man: I also used WindowsLGFirmwareExtract. Inside the KDZ there is a DZ and DLL file. Just extract the DZ, then you see lots of BINs. The system.img is split up (since it's around 4GB alone), but the tool can combine the pieces into one file. I was able to figure out how to manually flash the IMG, by running a dd command with TWRP's terminal emulator.
dd if=/external_sd/system.img of=/dev/block/platform/f9824900.sdhci/by-name/system
It takes a few minutes to finish, followed by a message that says no more space is available (I guess /system got filled up). I think when you dd anything you are copying both free and used space, since an IMG is usually just a (sometimes raw) disk image. TWRP will also initially say that no system is installed, I just ignored it, the device boots fine, everything is pure stock, no issues at all. System is mountable after subsequent boots into recovery. I used Magisk and the phh Superuser Magisk module to gain root without modding system partition, and the Magisk version of Xposed. But I would still like to create a flashable zip to automate this. If I figure it out I don't mind uploading it so the community can benefit.
As for the stock boot.img, I would imagine that the boot.bin inside the DZ is probably what you're after. The file size seems about right. However, I tried renaming boot.bin to boot.img and flashing from TWRP. Device wouldn't boot. So maybe there is some other conversion process that needs to be done. I can't think of any other way to obtain a pure stock boot image, extracting it from stock firmware seems like a sure way. If you ever figure it out then please provide a copy. Make sure it isn't patched by SuperSU, Xposed, Magisk, etc. I could maybe merge it into a stock zip.
AnonVendetta said:
@Sippi4x4man: I also used WindowsLGFirmwareExtract. Inside the KDZ there is a DZ and DLL file. Just extract the DZ, then you see lots of BINs. The system.img is split up (since it's around 4GB alone), but the tool can combine the pieces into one file. I was able to figure out how to manually flash the IMG, by running a dd command with TWRP's terminal emulator.
dd if=/external_sd/system.img of=/dev/block/platform/f9824900.sdhci/by-name/system
It takes a few minutes to finish, followed by a message that says no more space is available (I guess /system got filled up). I think when you dd anything you are copying both free and used space, since an IMG is usually just a (sometimes raw) disk image. TWRP will also initially say that no system is installed, I just ignored it, the device boots fine, everything is pure stock, no issues at all. System is mountable after subsequent boots into recovery. I used Magisk and the phh Superuser Magisk module to gain root without modding system partition, and the Magisk version of Xposed. But I would still like to create a flashable zip to automate this. If I figure it out I don't mind uploading it so the community can benefit.
As for the stock boot.img, I would imagine that the boot.bin inside the DZ is probably what you're after. The file size seems about right. However, I tried renaming boot.bin to boot.img and flashing from TWRP. Device wouldn't boot. So maybe there is some other conversion process that needs to be done. I can't think of any other way to obtain a pure stock boot image, extracting it from stock firmware seems like a sure way. If you ever figure it out then please provide a copy. Make sure it isn't patched by SuperSU, Xposed, Magisk, etc. I could maybe merge it into a stock zip.
Click to expand...
Click to collapse
It's been a while from this post... But I'm looking after the same goal you were and got the same error 6 trying the same things you described in your previous posts. Despite of these long 4 years, let me try: did you finally achieve to make the flashable zip with system.img?
I do not own an LG V10 anymore.....it is the most garbage phone I've ever had.
I now use SuperR's Kitchen to create flashable zip from system.img. Works like a charm every time. Downside is that you need a PC to use it. It works for all phones (but you must also have an unlocked bootloader and custom recovery, or you will not be able to flash the zip). There are both free and donate versions, both will work fine.
AnonVendetta said:
I do not own an LG V10 anymore.....it is the most garbage phone I've ever had.
I now use SuperR's Kitchen to create flashable zip from system.img. Works like a charm every time. Downside is that you need a PC to use it. It works for all phones (but you must also have an unlocked bootloader and custom recovery, or you will not be able to flash the zip). There are both free and donate versions, both will work fine.
Click to expand...
Click to collapse
Thank you for your reply. My device is Lenovo Z6 Pro but I thought this wouldn't make a difference.
Just to be sure, what you get with SuperR's Kitchen is a zip including system.img file and not the /system folder, right? Thank you in advance.
Edit: I had tried with other kitchen softwares with no success but SuperR's Kitchen did the job as you said, like a charm. Tons of thanks.
@descarao81: No, SuperR's Kitchen does not include system.img/boot.img, you must provide them yourself. They are device-specific. And system.img is a very large file, so it cannot reasonably be included in the Kitchen zip.
Yeah, maybe I wasn't clear, I meant if the resultant zip would include those raw image files being the original image files provided by the user. It's clear now. Thank you.
Here is how to do it...
1. Go to:
https://forum.xda-developers.com/tm.../lg-h901-stock-images-device-restore-t3241170
Download from the link he provided.
2. Extract the .zip file that you downloaded.
3. Make a new folder called "rom"
4. Copy the META-INF folder from the folder you extracted and place it into the "rom" folder.
5. Download any other flashable rom for your device. Extract it.
6. Go to {EXTRACTED_FLASHABLE_ROM}\META-INF\com\google\android\update-binary in your flashable extracted rom folder. Copy the "update-binary" . Got to the "rom" folder and go to META-INF\com\google\android. Delete the update-binary there and replace it with the one you have copied.
7. Now copy the boot.img from the other rom that is for your device. And place it into the "rom" folder.
8. Now Finally Compress the all the files.
9. Now you will have a flashable system.img.
10. Go to TWRP and flash the .zip that you have just made!
Upytry2 said:
Here is how to do it...
1. Go to:
https://forum.xda-developers.com/tm.../lg-h901-stock-images-device-restore-t3241170
Download from the link he provided.
2. Extract the .zip file that you downloaded.
3. Make a new folder called "rom"
4. Copy the META-INF folder from the folder you extracted and place it into the "rom" folder.
5. Download any other flashable rom for your device. Extract it.
6. Go to {EXTRACTED_FLASHABLE_ROM}\META-INF\com\google\android\update-binary in your flashable extracted rom folder. Copy the "update-binary" . Got to the "rom" folder and go to META-INF\com\google\android. Delete the update-binary there and replace it with the one you have copied.
7. Now copy the boot.img from the other rom that is for your device. And place it into the "rom" folder.
8. Now Finally Compress the all the files.
9. Now you will have a flashable system.img.
10. Go to TWRP and flash the .zip that you have just made!
Click to expand...
Click to collapse
Trying that exactly when im home! Thank you!
I need help editing the default.prop of my rooted boot.img for an LG LM-X210ULM K8+. I want to mark ro.debuggable off as 1 instead of 0 but which i have no problem doing but when i use any kitchen program it puts it back together as 15mb instead of 32mb and when i flash it to my device it always bootloops.
If any one could help i would appreciate it. Im including a copy of the rooted boot.img freshly pulled ftom my device
The size probably isn't the issue. Using AIK the size was even bigger than the original.
It's all just 0x00 the rest of that partition...
By using my old uImage/_recovery unpack-repack batch file
http://cxzstuff.blogspot.com/2013/03/uimagerecovery-unpack-repack-batch-file.html
the result was smaller but still a bit bigger than the Magisk had made.
But that is irrelevant really... result attached.
Yea i dont get it. The size doesnt matter as long as it diesnt exceed the max amount of space the partition can hold. But why does changing one value cause the boot.img to boot loop after flashing.
Even the boot.img you made looped after flashing
Duhjoker said:
Even the boot.img you made looped after flashing
Click to expand...
Click to collapse
Just tells that it's not the tool used. Or mine oldie is as bad/good as the newer one in this case.
What that Magisk img had was like it had some signature but it should not be needed and probably just garbage left there from the stock...
Should not matter, but how about doing it other way around? Modify the stock boot first and then give it to Magisk for rooting.
I think it was stock. Ill have to make sure though. wonder why magisk doesnt make the image debuggable to begin with. But your right it might be that im using a magisk patched image. Ive got some firmware already broke down ill give it another try here in a bit and post my results.
Duhjoker said:
I think it was stock. Ill have to make sure though. wonder why magisk doesnt make the image debuggable to begin with. But your right it might be that im using a magisk patched image. Ive got some firmware already broke down ill give it another try here in a bit and post my results.
Click to expand...
Click to collapse
So here we are. There should be some shortcut or something left to the original sub forum at least for a week or two when you boys move these threads - dammit...
Any luck? You have a customized recovery? How about these?
https://forum.xda-developers.com/an...g/mod-bootimage-adb-unsecure-patcher-t3618558
Yes luck tonight i did a fresh reflashing on my QC Lg k8+ and decided to break open the boot.bin from the kdz i used and made my changes to default.prop then i put the renamed to boot.img on my phone and let magisk patch it then flashed it via fastboot and dared it to go into system. Then i double dared it. Then for safe measure i double dog dared it to boot into system to which it had no choice but to go along with the or be labled a @!%\**__(€.
It booted.
So the lesson learned is to patch a fresh boot.img with your default.prop changes then have magisk patch it for root.
Now oddly when i patched and tweaked my recovery using carlive kitchen, i also made sure that the same changes to default.prop or rather i made sure they had been made and they had. But any terminal like emulator or termux pulls up the props using getprop with the changes unmade and i still cannot change the values of the system build.prop and when i patch it manually it reverts on reboot.
I literally have to open a vi in twrp to make changes. And forget about copying my own patched build.prop to system in twrp. Because that leads to boot loop as well
Ok so is there a reason that you dont make those changes in the boot.img any more? Because the past two days i have woke up to no root. I have had to reflash my boot.img both times
Ok i just compiled my first kernel from lg source code and now i dont know which of the split images in my folder is the zimage
Back to the drawing board quite literally. Im stuck for sure.
I need to make edits to a few files like init.rc and init.lge.power.rc to allow for changes in my newly compiled kernels. Basically im adding a couple properties and some cpu frequency stuff. Plus i want to make it back to adoptable storage and add a second sd partition for ext4 projects im working that would work best right off the root file system.
Im using the stock extracted boot.img from a kdz using salt and carliv kitchen to unpack and repack i have also mkbootimg tools that i compiled myself and some static arm version.
I extracted the ramdisk place my new kernel image in and repack with the init files changed and flash using recovery or fastboot and bootloop every time. And magisk isnt signing with the verity key.
ok i dont know whst was going on the other day but i can split boot.img again and make changes with out looping.
i used gparted on my linux machine to partition my 128gb sd card with 3/4 vfat and 1/4 ext4 i know that by using adb it will automount but thats one timr and i may need to switch out every now and then plus it put a center part in it of about 15mb. with gparted i get the two parts with no bs. any way i created a script that mounts the second part and even symlinks some stuff. it works good but im having trouble getting init.rc to run it.
on early-init
chmod 0755 /system/etc/init/init.mntsd.sh
exec system system /system/bin/sh /system/etc/init.mntsd.sh
any tips