Related
Zen's Backtrack 5 For HD2 (and other) Android Smartphones
V0.3
----------------------------------------------------------
New app for loading this (and other) Linux Systems! - https://play.google.com/store/apps/details?id=com.linux.autoloader
Image and app support can be found here --> http://www.zenfulapps.com/
Packed - 640mb
Unpacked - 2.6gig (fits on 3.3 img now.)
--GRAB THE UPDATED SCRIPTS ATTACHED TO THIS POST, THEY ARE NOT PACKAGED INTO THE ZIP--
--Scripts are set to load from EXT4 partition, when i modify them for the .img's ill add them to the script pack--
--if you have .img mounting scripts from previous versions, they will work, as long as file names and directories match--
V0.3 Download
http://www.zenfulapps.com/Android/backtrack5-0.3.7z
(MD5 is still the same
MD5sum (of .7z file) - 9a4796f0ed96e03579c2b4a684d026f5
--------------------
Script pack contains
--------------------
btgo - mounts BT5, and askes how you would like to start, CLI or VNC
bts - stops BT5, and unmounts everything for it.
btl - used to login to bt5 after it has been mounted, to avoid all those "resource busy" messages
mkcore - directory installation and swap file creation
-------------
What you need
-------------
Rooted Android Smartphone
Linux on PC
Busybox installed on your device
SDcard adapter or reader, if neccesary
----------
Lets begin
----------
There are 3 different ways you can do this:
1. Fresh install on EXT4 Sdcard partition ( I HIGHLY recommend this method if possible, much better, a bit faster (no double loops to write to)
2. Create Fresh .img
3. Replace old BT5 system .img
=========================================
1. Fresh install on EXT4 Sdcard Partition
=========================================
This portion of the guide is to install BT5 on a FRESH EXT4 partition on your SDcard. Throughout this porcess, you will:
Backup your current sdcard (EVERY PARTITION, this is why we use PC-linux and not windows)
Fully erase and repartition your SDcard
Replace Android system and user data
Install BT5 on third partition
prepare system for chroot and VNC connection
----------------------------------------
Boot into your Linux operating system. **I DO NOT recommend using virtualbox or vmware, as drivers for usb and SDcard connections arent direct, things can go wrong.**
Shutdown your phone, and remove your SDcard. Do not use adb, or any other tools to do this.
insert your SDcard into your computer (adapter or reader yada yada) and mount every partition.
Make careful note of what is on which partition. safest way to back everything up is through the command line with the command
Code:
sudo cp -Rfvp /media/your-sdcard-partition/* /where/your/backup/folder/is
Do this for each partition, whether you have 1, 2, 3, or more.
In my case, my backup directory looks like this:
Code:
[[email protected] sdcard-backup]$ ls -l
total 12
drwxrwxr-x. 2 hookup-cellular hookup-cellular 4096 Sep 13 18:48 ext2
drwxrwxr-x. 2 hookup-cellular hookup-cellular 4096 Sep 13 18:48 ext4
drwxrwxr-x. 2 hookup-cellular hookup-cellular 4096 Sep 13 18:48 fat32
(ignore the empty directory sizes, my TRUE backup folder is MUCH more vulgar and i wont display it publicly, people may tear thier eyes out )
After everything is backed up, open your partition manager (in Gnome it is gparted, cant remember the name in others)
Navigate to your SDcard, and DELETE every partition. every one.
afterwards, recreate them using this strategy:
partition 1 - FAT32 size = total sdcard size minus ext2 and ext4 partition sizes
partition 2 - EXT2 size = 256mb, 512mb, 1gb, depending on how you like your apps2sd
partition 3 - EXT4 size = size you want for linux, minimum should be 4gb (mines at 10gb, i like my linux and got 3 different ones on it at the same time.)
When you are done, copy back your fat32 and ext2 stuff using the SAME COMMAND AS ABOVE (sudo cp -Rfvp from/here to/here)
Now, unzip/tar the .tar.gz package. I recommend extracting it to your pc before trying to put it on your sdcard.
Using the copy command above, put the extracted files onto your sdcard's EXT4 partition.
Double check the partition (navigate to it in nautilus or whatever filemanager your using) and ensure that it has the system copied over properly. You should see /boot /etc /root /sys so on and so forth, NOT just one folder with all of those inside of it.
Insert your SDcard, power on your phone, go to terminal emulator, and enter this:
Code:
su
cd /sdcard/scripts
sh mkcore
Swap file is damn near neccessary if your planning on using any GUI tools (armitage, zenmap)
Your directory structure is now in place, swap file created, and you start BT5 by typing (from /sdcard/scripts OR /data/linux):
Code:
sh btgo
=================================
2. Fresh Image Creation
=================================
for this, we use the dd command and mkfs.ext4 command.
Code:
dd if=/dev/zero of=/path/to/where/you/want/the/img bs=1M count=3300
Change this command as needed, running it as is wont do anything good. Change the of= to where you want your img to be located.
next is mkfs.ext4
Code:
mkfs.ext4 /path/to/where/you/want/your/img
select yes when it cautions about "not a block device"
When this is finished, mount it using these commands:
Code:
su
-your password-
mkdir -p /mnt/bt5img
mount -t ext4 /path/to/your/img /mnt/bt5img
now, extract the BT5 package to a place on your Computer. When finished, run this command:
Code:
sudo cp -Rfvp /path/to/bt5/core/* /mnt/bt5img/
changing parameters accordingly.
After this, copy the .img to /sdcard/bt5 and run the start scripts from your terminal emulator.
================================
3. Replace Existing Image
================================
Mount your bt5 image, erase what is inside of it, and copy in the new system:
Code:
su
-your password-
mkdir -p /mnt/bt5img
mount -t (your ext type) -o loop /path/to/your/bt5/img /mnt/bt5img
rm -Rfv /mnt/bt5img/*
cp -Rfvp path/to/bt5/core/* /mnt/bt5img/
unmount your .img, place it on your sdcard, and your all set.
==============================
Changes in v0.3
==============================
- Trimmed alot of fat, fits inside of 3.3 image now, though space is SEVERLY limited (removed CUPS and sound stuff, who needs to print from within thier phone anyways?)
- various small changes for performace improvements.
- a few new tools installed, but not tested
- restored my personal version that i nuked. It works now.
NEW STUFF TO COME, STAY TUNED!!!
First off, My apologies for starting a second thread on this, I've made ALOT of changes and i feel the first thread is dead and useless. (Reprimand me if needed
-pics coming once I find my camera could be a small while-
---------------------------------------
Backtrack5 for HD2 - v0.2
Customized by z3n
My goal: the perfect stealth
tool in your pocket
just one tap away
---------------------------------------
========================
Codename
Squeaky Wheel
========================
Updated, check second post for changelog
========================
DOWNLOAD
========================
Please use the scripts attached at the bottom of this post instead of the packaged ones, and i havent had a change to update the full image zip with it (uploads take a while )
V 0.2
Part 1 - http://www.megaupload.com/?d=D0MQVAS4
Part 2 - http://www.megaupload.com/?d=M2MRYLAH
MD5 - 06225e18cdbfee6f88daf7e9ee3a1163
SHA1 - eeba19e53565a1643703cf8938be2f8cfc12db9a
V 0.1
Part 1 - http://www.megaupload.com/?d=83B22Y00
Part 2 - http://www.megaupload.com/?d=SB98AA19
mirror - (NOT interchangeable)
Part 1 - http://www.megaupload.com/?d=HU320Z81
Part 2 - http://www.megaupload.com/?d=QN9C560Z
Checksums of bt5.img
MD5 = 863e6db99e5207a81ad0df7d13998235
SHA1 = c84d8f27df8b9b51059e5a6b09e65853f11de970
7zip required to extract.
Just over 1gb packed, unpacked is 4.9gb.
========================
INFO
========================
This is my first release of a customized, working, mostly stable BT5.
Many things have been added, taken out, and configured to be used within the Android system. For a full list, please see the bottom of this post.
Mounting is different than most other linux .img installations, allowing for a full (and expandable) image.
V 0.2 Now has a swap file created when you run the mkdirectory script. This swap file is necessary, as with all my tests, When you run VNC with most of the major tools, there's a high chance of the phone running out of memory (im running no extra apps, completely stock Hyperdroid)
(if you have a swapfile already, you can say no to creating another, just make sure that the file is located at /data/bt and named btswap.)
**This image is in ext4, make sure your kernel supports it!**
**Everything tested on Hyperdroid-CM7 by pongster**
==============
INSTALLATION
==============
You need:
-Full Nandroid Backup in case something goes batty
-16gb HD2
-ext4 support on your ROM/kernel (lost my ext2 image due to my own stupidity, will create another matching one later)
-Linux on PC (to create the ext4 partition)
-Busybox (from market)
-VNC Viewer (from market) (optional)
FAT32/EXT4 Split card
---------------------
1.
Back up your HD2 and SDCard to safe places (off of the phone and sdcard)
2.
Boot your linux installation and open partition manager. erase all the partitions on yor SDcard. Then create them in this order.
1. FAT32 - size of this is total sdcard size minus 6.5g (for bt image) minus 100mb for aps2sd
2. ext2 - 100mb
3. ext4 - 6.5 gb
3.
Copy the bt5.img to the root of your third partition.
copy the bts folder to the root of your FAT32 partition.
4.
if this is your first time using this script/image, run the mkdirectory script first with
Code:
su
sh /pathtoscripts/mkdirectory
Load up your android terminal and type
Code:
su
cd /path/to/scripts
sh go
5.
Now it asks you if you want to log in to the console or start vnc automatically. (check log for port, usually 5901 or 5902)
DEFAULT VNC PASSWORD IS: toortoor
DEDICATED SDCARD
----------------
Same as everything above, minus the FAT32 partition.
"sh ded"
starts for dedicated SDcard instead of
"sh go"
Proper Shutdown Procedure
=====================
Stop script has been modified to shutdown backtrack and all of the (usual) programs that stop things from unmounting properly.
Exit any VNC connection you currently have.
1. Run sh stop (from your scripts location)
2. Reboot phone as a precaution.
One thing i did personally to make this easier was load the scripts onto /data/bt, so switching SDcards or locations doesnt matter.
(I also changed the terminal start directory to my scripts folder easy quick access)
=======================
Main Features I've gotten to work
=========================
-Clean mount/umount, as long as VNC and MySQL are killed BEFORE exiting the chroot - stop script kills these now
-Apps no longer disappear for good with sdcard removed, only disappear until SDcard is reinserted (apps2SD/loop device problem, any ideas?)
-MySQL for metasploit
-Metasploit working
-Armitage working, missing some "Attack" options (looking into it)
-Zenmap installed
-OpenVPN installed
-Traffic analysis possible with tcpdump (local only)
-Enables possibility for FakeAP attacks
-macchanger works (kinda, phone needs a reboot for original MAC to return)
-Armitage Launcher placed on Desktop (takes a while to load, be patient)
-Terminal Launchers in various places (updating may randomly remove your terminal, synaptic placed on desktop as standby to redownload terminals
-guake installed (drop down Terminal, makes commands easier to see while working) (not configured to a key yet)
This probably works with other Android phones too. If you change the scripts, and as long as it has a external SDcard you can partition.
if your using a different phone, this is untested unless specified otherwise.
-boot and shutdown scripts run clean as long as VNC and MySQL are shut off(in almost all cases)
@ XDA
http://forum.xda-developers.com/show....php?t=1152994
PASSWORDS
------------
MySQL - user: root pass: toor
VNC - User: root pass:toortoor
sys pass - user:root pass:toor
(I know, standard ones, but this should answer a few questions)
===============================
Thanks
===============================
anantshri - for the original scripts and BT5 img for android
BT dev team - (of course )
and all of you
===============================
Information, bugs, and oddities
===============================
One important thing, While performing heavy operations, its normal for your screen to not turn on for a while if it turns off. Dont panic, just give it some time to finish whatever you were running and your phone will be back to normal again. DO NOT PULL THE BATTERY UNLESS ABSOLUTELY NECESSARY.
To avoid this, get wakelock (known to cause problems) or set your screen timeout to some large number.
Swap file will help with alot of this.
These are the features I've tested out so far.
No major changes to anything, (except new packages) just configuring everything i see.
If you find anything you want added in or that is acting odd, please let me know. Same goes for if you fix something!!
Overall
-------
-Repo's activated, most things work (upstart processes fail, for now)
-startvnc and stopvnc no longer give that pesky USER error
-startvnc starts mysql database for metasploit
-stopvnc stops mysql (mostly, invoke ps -A and look for mysqld. Kill it with fire(-9) if need be)
-network traffic is capture-able with tcpdump, with wifi hotspot activated
-working on adding in a swap partition on sdcard (if possible)
-openoffice installed
-openVPN installed (the quieter you become...)
-Removed Zoho Web services
MySQL
-----
default user - root
default pass - toor
-Starts automatically with startvnc
-stops automatically with stopvnc
-start manually by invoking "mysqld"
-Only runs as root (for now)
-Console hangs when it is manually loaded or shutdown, service continues running though. killall --signal 9 mysqld if needed.
Metasploit
----------
-Loads up alright (45-90 seconds)
-MySQL already set as default DB
-Must manually connect to MySQL DB each instance of metasploit by invoking (from msf) db_connect root:[email protected]
-working on a possible way to limit cpu consumption to prevent system hangs(cpulimit does some nasty things)
-So far, this is the only connection string ive been able to get to work: root:[email protected]
Armitage
--------
-Takes forever to load (30 seconds for connect screen, 4 minutes or so for main client)
-Causes system hangs frequently (to minimize this, leave the vnc server on your screen, and set the display timeout to 10 minutes-switch it back when done to conserve battery life)
-So far, this is the only connection string ive been able to get to work: root:[email protected]
-Can Crash phone if running too big of an operation (Max Phone memory problem, fixed in v.2 with swapfile added)
Zenmap
------
-Slows phone down (incredibly bad with more complex scans, of course)
-Some Complex scanning options can crash phone (Nothing damaging has happened)
-will attempt to throttle cpu usage in the future
-Can Crash phone if running too big of an operation (Max Phone memory problem, fixed in v.2 with swapfile added)
Aircrack-ng suite
-----------------
-Aircrack-ng works
-Airodump-ng doesnt work (needs monitor)
-Airdecap-ng untested
-Airdecloak-ng untested
-Airbase-ng doesnt work (needs monitor)
-Airmon-ng doesnt work (needs monitor)
-Aireplay-ng doesnt work (needs monitor)
-Airdriver-ng doesnt work (yet)
-Airolib-ng works (doesnt do anything yet)
-Airserv-ng doesnt work (needs monitor)
-Airtun-ng doesnt work(needs monitor)
Plus lots of stuff for the future, stay tuned!!
http://forum.xda-developers.com/show....php?t=1152994
In the future
=========
-nessus
-Booting via HD2 Toolbox by d4n14l (sp?)
-Custom kernel (WAYYYY down the road, but working on it)
and more
--Copyrighted by z3n, 2011
(just kidding, but it looks good )
Looks good will give it a go.
Thanks for sahring
I we could get our wifi card into monitor mode --> awesome!!!!
Thanks to z3nful & everyone made this possible!
Enjoy everyone
The next release is going to be faster, stabler, and more useful
I'm also working on a round-about way for packet injection and monitor mode
Stay tuned
Sent from my Hyperdroid Pocket Laptop
cool.. good job man..
Are you trying to patch the wifi drivers ? =D
Holy crap.....this is a dream in the making Bring on monitor mode and packet injection
I've done some researches.. and found out that many devs have tried making the driver to work on the Monitor mode.. but they failed to do that.
It looks to me that Backtrack on HD2 is kinda useless.
Not useless, just last night I ganked my roommates computer with my phone
As far as monitor mode and injection go, sadly, they may be right that its not possible, but I got some ideas that may make it work, I just need to hammer out some kinks in BT first
And who needs monitor when you can fakeAP?
"Make them hand you the keys and you don't have to break their Window(s)™"
Sent from my Hyperdroid Pocket Laptop
A m a z i n g
Next release is going to be even better this 5gig image is almost full, so I'm going to expand it to 6gig, along with instructions on how to expand your own image if that's to large or want even more space.
Btw, Wine should be good to go in the next one
stay tuned!!
Sent from my HD2 "Pocket Laptop"
I would love to see some Sceenshots (or better: a video) here!
Lol will do, gotta go find my 10 year old Polaroid I've been using this phone or all my pics and videos, so this could be tricky
Sent from my HD2 "Pocket Laptop"
good to see development beyond just starting up the image... I would be taking some pointers from here for my device too....
hope you don't mind that....
Not at all, I've been trying to track down your name again so it can add you to the credits part, as the basis of the scripts was yours lol, I just changed the loops and mounting structures around a bit, and added some stability checks.
The scripts for this image are slightly out of date but I got new ones going up once I have time they should fix a few of the small eerrors people get while mounting
My next version is a little ways out (works gotten crazy busy lately) but it'll be out eventually
Sent from my HD2 Pocket Laptop
Not Booting!
Hi Thank you for sharings this up!!! this is like a dream for alot of people.
i have followed all your steps but i have a problem when i run the scripts, the folders dont get created because when i run go i get a bounch of folder not found.
my SD card had some differences is a 16GB
with
Fat32
Ext-sd/ EXT2 -->1GB
EXT3 --> 100MB
EXT4 --> 6.5GB
could this setup causing the script to look on the wrong partitions? i have alot of time with out playing with Shell scripting but i would like to know if that is the place i should start looking for a fix
-edit- just double checked (forgot scripts were on my phone... its been a long week lol) and you should just need to change the mount -t ext4 /dev/block/vold/179:3 to /dev/block/vold/179:4
Also, did you run the new mkdirectory script? If you have the one packaged with the image its out of date. The attachment on the fist post has the updated ones
Ignore all mmcblk's
For another "buffer" partition, you need t point the sdcard parts (mmcblk0p* and vold/179:*) to what yours are in /dev/block. In your case I think you just need to change any vold/179:3 to 179:4. If you go to /dev/block/vold it will have folders from each partition (they are numbered 0 and up, but 1 would be your fat32, 2 is ext2 so on and so forth)
When I'm near my computer ill figure out the full ones for you
Sent from my HD2 Pocket Laptop
can I get it for Htc desire..??
It should work, as long as you have a big enough sdcard, your phomes kernel suppers ext4, and you might have to change a few small variables
Sent from my HD2 Pocket Laptop
With the advent of Blackrose custom HBOOT which gives us S-OFF, we can now resize the MTD partitions of our N1. This method is the one used by lbcoder in the Desire thread where you patch the recovery and boot in order to pass modified MTD partition information which supersedes the one provided by the SPL. Using this, I've managed to increase my userdata partition by ~50 MB by taking ~50 MB from the cache partition.
These instructions are for advanced users only. This will involve hex calculations and command line instructions that are not for the faint of heart. I don't believe it's dangerous though so anyone could still try since I will try to make these instructions as detailed as I possibly can.
What you need:
N1 with Blackrose HBOOT (I'm not sure this is needed though after I read more in-depth about the patch)
hex calculator (or a pencil & paper if you want to do it manually)
adb
fastboot
unpack-bootimg.pl
mkbootimg
recovery.img <- in my case I used ClockWorkMod 5.0.2 from here
boot.img <- taken from CM zip (in my case my KANG)
Partition Layout:
0x000003ee0000-0x000003fc0000 : "misc"
0x000004240000-0x000004640000 : "recovery"
0x000004640000-0x0000049c0000 : "boot"
0x0000049c0000-0x00000dac0000 : "system"
0x00000dac0000-0x0000139c0000 : "cache"
0x0000139c0000-0x00001fe00000 : "userdata"
Partition Sizes in Hex:
0x0000000e0000 : "misc"
0x000000400000 : "recovery"
0x000000380000 : "boot"
0x000009100000 : "system"
0x000005f00000 : "cache"
0x00000c440000 : "userdata"
Step-by-step Instructions:
A>Backup your current system: (OPTIONAL)
*I'm assuming you're using CWM 5.0.2 for the backup step since I tried using 3.X and the restore didn't work
1.) Boot your N1 into recovery using either adb reboot recovery or through the bootloader
2.) Backup your current system (I'm going to assume you know how to use your recovery for this)
B>Calculate new MTD parameter values:
*For this example I'm going to transfer ~50MB of cache space to my userdata partition:
1.) Since I know the cache partition is ~100MB in size, I'll just divide the hex size in 2:
0x5f00000 / 2 = 0x2f80000 <= this will be our new cache size
**Note that there is a minimum of 0x20000 (128k) for a partition and the size must be divisible by it which is why I'm playing safe and just dividing the original number in order to get an easier value for this example.
2.) Add the new cache partition size to the original cache partition starting address to get the new starting address of the userdata partition:
0xdac0000 + 0x2f80000 = 0x10a40000 <= this will be the new starting address for userdata
3.) Get the new userdata size by subtracting the new starting address of userdata with the ending address:
0x1fe00000 - 0x10a40000 = 0xf3c0000 <= this will be the new userdata size
C>Create a new recovery.img file which uses the new values:
1.) Breakdown the recovery.img file into it's kernel and ramdisk components using unpack-bootimg.pl:
.\unpack-bootimg.pl recovery.img
*This will yield 2 files and 1 directory. You can delete the directory since we only need the files.
2.) Rename the kernel from the recovery.img-kernel.gz made from unpack-bootimg.pl to recovery.img-kernel.
3.) Create the recovery-new.img file using mkbootimg with the new MTD command embedded:
mkbootimg --cmdline 'no_console_suspend=1 console=null mtdparts=msm_nand:[email protected](misc),[email protected](recovery),[email protected](boot),[email protected](system),[email protected](cache),[email protected](userdata)' --kernel recovery.img-kernel --ramdisk recovery.img-ramdisk.cpio.gz -o recovery-new.img --base 0x20000000
*Note that the values for cache starting address, userdata starting address and userdata size have been changed to the newly calculated values in the previous step.
**This will yield recovery-new.img which will be used in the next steps.
D>Create a new boot.img file which uses the new values:
1.) Breakdown the boot.img file into it's kernel and ramdisk components using unpack-bootimg.pl:
.\unpack-bootimg.pl boot.img
*This will yield 2 files and 1 directory. You can delete the directory since we only need the files.
2.) Rename the kernel from the boot.img-kernel.gz made from unpack-bootimg.pl to boot.img-kernel.
3.) Create the boot-new.img file using mkbootimg with the new MTD command embedded:
mkbootimg --cmdline 'no_console_suspend=1 wire.search_count=5 mtdparts=msm_nand:[email protected](misc),[email protected](recovery),[email protected](boot),[email protected](system),[email protected](cache),[email protected](userdata)' --kernel boot.img-kernel --ramdisk boot.img-ramdisk.cpio.gz -o boot-new.img --base 0x20000000
*Note that the values for cache starting address, userdata starting address and userdata size have been changed to the newly calculated values in the previous step.
**This will yield boot-new.img which will be used in the next steps.
E>Flash the recovery-new.img:
1.) Boot into bootloader and use fastboot command to flash the new recovery:
fastboot flash recovery recovery-new.img
F>Make system operational:
1.) Boot into recovery mode.
2.) Erase everything (factory reset)
3.) Either:
- Flash the ROM you took the original boot.img from OR
- Restore the backup you made previously (this only works (or has been tested) on CWM 5.0.2)
4.) DO NOT REBOOT YET!!!
G>Flash modified boot.img:
1.) Use adb to reboot to bootloader directly from recovery: (this is for safety since if you boot from an unmodified boot.img you'll have to start from F again.
adb reboot bootloader
2.) Use fastboot to flash the new boot image:
fastboot flash boot boot-new.img
3.) You may restart normally.
For those who've read this far, everything above has been rendered obsolete! Here's an editor for the SPL itself for the partition sizes:
http://intersectraven.euroskank.com/tools/SPLHexEditor.exe
*Instructions are in dla5244's thread 2nd post.
Try it at your own risk though!
Credits:
dla5244 - for bringing S-OFF to our N1 even after a looong time since its release
Firerat - for the original patch idea
Lbcoder - for coming up with the idea in the Desire thread
Reserved!
(I'm learning to reserve now... )
2 Questions:
Is the userdata space where downloaded apps go?
why didn't you choose any other partition to transfer empty space from?
drzplaya1121 said:
2 Questions:
Is the userdata space where downloaded apps go?
why didn't you choose any other partition to transfer empty space from?
Click to expand...
Click to collapse
1.) Yes.
2.) This is a sample. If you want to transfer from system or to system from cache, this example will show you how to do so.
thank U. Now I have no need to buy a new phone because of constantly running out of memory
Does it mean that every time I flash a new kernel, the whole effort will go waste?
Also, can I use the same procedure for Amon RA recovery??
rjmohit said:
Does it mean that every time I flash a new rom (which obviously has a different boot.img), the whole effort will go waste?
Also, can I use the same procedure for Amon RA recovery??
Click to expand...
Click to collapse
For that you need to do only steps D, F and G. If you flash only a kernel which uses koush's anykernel updater, you don't need to do anything.
intersectRaven said:
For that you need to do only steps D, F and G. If you flash only a kernel which uses koush's anykernel updater, you don't need to do anything.
Click to expand...
Click to collapse
Thanks.
One more silly question
Will the following procedure work.
1. Flash any ROM.
2. Then flash the modified boot.img (which may not belong to that ROM).
3. Then optionally flash the desired kernel.
rjmohit said:
Thanks.
One more silly question
Will the following procedure work.
1. Flash any ROM.
2. Then flash the modified boot.img (which may not belong to that ROM).
3. Then optionally flash the desired kernel.
Click to expand...
Click to collapse
Yeah. That would work since you're replacing the kernel anyways. What's important is that the kernel is compatible with the ROM.
Well done IR cannot wait to resize my data partition..
Okay, I extracted the recovery.img file, now when I try to extract recovery.img-kernel.gz, it gives the following error: not in gzip format. Exactly same happens for boot.img. I tried extracting it with different extractors on windows and ubuntu, nothing worked. Pls help.
I don't like using MTD because over time you will notice lag. If your already using sd-ext then your data is basically not being used. And I believe that cache never gets past 50% usage. Just putting in my two cents
rjmohit said:
Okay, I extracted the recovery.img file, now when I try to extract recovery.img-kernel.gz, it gives the following error: not in gzip format. Exactly same happens for boot.img. I tried extracting it with different extractors on windows and ubuntu, nothing worked. Pls help.
Click to expand...
Click to collapse
That's odd. In my installation, it worked flawlessly. Were there no errors during the run of unpack?
blahbl4hblah said:
I don't like using MTD because over time you will notice lag. If your already using sd-ext then your data is basically not being used. And I believe that cache never gets past 50% usage. Just putting in my two cents
Click to expand...
Click to collapse
intersectRaven said:
That's odd. In my installation, it worked flawlessly. Were there no errors during the run of unpack?
Click to expand...
Click to collapse
Nope. No errors. :-/
rjmohit said:
Nope. No errors. :-/
Click to expand...
Click to collapse
Found the problem. It seems it was never compressed in the first place. Ark sees this and just copies the file without the .gz extension.
*Instructions edited accordingly.
I may sound a bit noobish, but I'm facing one more hindrance:
How exactly do I run the mkbootimg file in the ubuntu terminal? I mean, can you give me the exact syntax?
I was facing a similar problem with the perl script, but then I found a solution on google, but didnt find anything for the mkbootimg. Can I run it under windows cmd?
rjmohit said:
I may sound a bit noobish, but I'm facing one more hindrance:
How exactly do I run the mkbootimg file in the ubuntu terminal? I mean, can you give me the exact syntax?
I was facing a similar problem with the perl script, but then I found a solution on google, but didnt find anything for the mkbootimg. Can I run it under windows cmd?
Click to expand...
Click to collapse
I already posted the syntax in the instructions. You just need to make sure the mkbootimg file has execute permissions in order for it to run.
Updated OP with SPL editor program.
intersectRaven said:
Updated OP with SPL editor program.
Click to expand...
Click to collapse
I tried your program. Everything worked fine. Just that my /cache now shows 290 MB free, while I had resized it to 20 MB!! Is that a bug? /system & /data show proper sizes though. thanks.
rjmohit said:
I tried your program. Everything worked fine. Just that my /cache now shows 290 MB free, while I had resized it to 20 MB!! Is that a bug? /system & /data show proper sizes though. thanks.
Click to expand...
Click to collapse
Is it the display on the program or display on the Android device when booted?
Wait, I found it. It's a bug. Thanks! I'll edit it when I get home. For now, please double check the values by reopening the made file before flashing. If the values are incorrect, please DON'T FLASH!!!
Hi there,
I would like to update my kernel from a new firmware image for the Cubox-i4 pro.
Scenario:
2 images:
Android 4.2.2 kernel 3.0.35
Android 4.3 kernel 3.10.30
Both boot fine on my device, but the android 4.3 firmware sucks. Sometime it just do.
I was able to get root on my device and have full access to all the partitions.
/dev/sdb1 /boot
/dev/sdb2 /system
/dev/sdb3 /data
i made a backup of both boot images:
sudo dd if=/dev/sdb1 of=/boot-4_2_2.img
sudo dd if=/dev/sdb1 of=/boot-4_3.img
(Of course, with the right firmware installed, also all other partitions are in images)
Installed the 4.3 firmware and tested the device.
Here it come:
I have a fully working firmware on the device, kernel 3.0.35. And images of all partitions.
inside boot-*.img i find:
uEnv.txt
uImage
ramdisk.img
boot.scr (only in the 4.3 image)
I have tried:
Action: Copy files directly into the right partition.
Result: I can see the kernel loading, resulting in a blank screen.
Action: dd image to partition.
Result: I can see the kernel loading, resulting in a blank screen.
Action: Copy only uImage directly into the right partition.
Result: I can see the kernel loading, resulting in a blank screen.
Action: Copy only uImage + uEnv.txt directly into the right partition.
Result: I can see the kernel loading, resulting in a blank screen.
As you can see, only blank screen.
After dd-ing the original boot.img back, everything works well.
I have no adb through usb available. (there is on tcp. but everything needs to be loaded for that.
Can someone give me some clues/tips where to go from here?
I need kernel 3.10.30 for HDMI-CEC and some hardware drivers.
Greetings,
Elkan
No wise words from here?
*bump*
Hello Everyone!
After i managed to change the boot animation, i started researching some ways to change the boot logo or the splash screen that appears before the boot animation.
Boot animations and splash screens are two different things. The splash screen is the first static frame that you see the moment you turn on your phone. It is displayed before boot animation and it is usually much harder to change.
To change your boot animation, view my post at: http://forum.xda-developers.com/honor-7/help/how-to-change-boot-animation-huawei-t3247851
Back to the splash screen, so far I know the following:
1. The image file must be stored in RGB565 format. Photoshop and Paint.Net (with a plugin) are capable of saving in this format. In Photoshop, you can find it from the advanced options of .bmp.
2. There is a file called "oemlogo.mbn" which i think is responsive for the boot logo. After changing it though, it did not have any affect on the boot logo or splash screen.
If someone knows which file is responsive for the splash screen or he/she can point out a way to change that, it would be greatly appreciated.
Thanks in advance for your help!
Best Regards,
Ken
Here is the solution
All the credits goes to Ziolek67 and Kostyan_nsk, I just made the zip to revert back to our stock logo, and made his guide compatible to our device. Thanks to @kenshiwara for helping me.
**TAKE NANDROID BACKUP VIA TWRP RECOVERY BEFORE DOING THIS**
1. Install adb and fastboot in your PC.
2. Dump your "oeminfo" partition by executing this command
Code:
adb shell su -c "dd if=/dev/block/platform/hi_mci.0/by-name/oeminfo of=/sdcard/oeminfo"
this will be saved in your internal storage as "oeminfo". Saving this to PC is recommended. To do that execute this command
Code:
adb pull /sdcard/oeminfo oeminfo
3. Now, Ziolek67 mentioned to edit the pulled "oeminfo" but in our case I tried and got error "resolution mismatch", so I pulled out his provided stock "oeminfo" of Huawei Ascend P7, which works fine, the sizes are also same of both the "oeminfo". Download this tool, extract and save it to the folder having adb and fastboot.
4. Make your own image with extension *.bmp. The resolution of the image should match your device resolution (1080x1920 pixels). Put it to adb folder.
5. Download OEMinfo.zip extract it and put "oeminfo" in adb folder.
6. Put your *.bmp image in "oeminfo" by executing this command.
Code:
OEM_logo.exe oeminfo *your_logo.bmp*
7. Push new "oeminfo" to your internal storage by executing this command
Code:
adb push oeminfo /sdcard/oeminfo
8. Put new "oeminfo" with new logo in your device by executing this command
Code:
adb shell su -c "dd bs=32768 if=/sdcard/oeminfo of=/dev/block/platform/hi_mci.0/by-name/oeminfo"
**UPDATED THE ABOVE COMMAND, THANKS TO @sminki
9. Now reboot your device to see your changed logo.
10. To revert back to stock Honor logo simply flash this file using TWRP recovery.
You can get more info here thanks to Kostyan_nsk.
How to make a compatible *.bmp image
Create a new file in Adobe Photoshop with these parameters:
Width: 1080 pixels
Height: 1920 pixels
Resolution: 72 pixels/inch
Color Mode: RGB Color, 8-bit
Click to expand...
Click to collapse
After making your image save it with these parameters:
Extension: *.bmp
File Format: Windows
In "Advanced Options"
Select R5 G6 B5 from 16-bit depth options.
Click to expand...
Click to collapse
The Android Hero Of Today! ~ Amazing guide. Thank you very much!
Thank you @kenshiwara
it should be noted that in the wrong hands dd can brick your device, you are writing directly to the block device and dd does not care what you are doing.. especially if you do not add bs and/or count
I don't think adding bs would do any good, as dd automatically stops when the input of blocks runs out, in our case that is 32768, it can't go forever . Hope this was what you were pointing out, if no then please explain, I don't know much about other attribs and if the commands need any improvements then please suggest it so that I can add it.
Thank you
no it's fine, just giving general advice
when i said "you" i didn't mean you
you never know who is reading these things and what they might do, dd can be very dangerous, as you (DigiGoon) know... Man that was confusing
Oh, Okay
I have just written a clearer version of your solution, at my post here:
http://forum.xda-developers.com/honor-7/general/guide-beginners-how-to-root-update-fix-t3255452
Everything is the same, i just made it bit more organized for the absolute beginners to understand.
Thank you @DigiGoon and @sminki for writing and updating this guide.
Anytime buddy @kenshiwara
What is the Touchpad Toolbox?
https://forum.xda-developers.com/showthread.php?t=2756314
A set of Scripts (programs) that allows:
Easily manage LVM, one of the greatest features of the TP.
https://wiki.archlinux.org/index.php/LVM
Create Android, WebOS volumens, or total reset.
It can make a fresh /boot directory installation adding moboot.
Reflash the battery Firmware
Install specific, older version of recovery and Rom.
How is done?
https://webos-internals.org/wiki/Angstrom_on_Touchpad
A small Linux OS is built into an img (ext2) file system and is loaded into memory as a RAMDisk.
Angstrom v2015.01
Built from branch: master
Revision: 038d832
Target system: arm-angstrom-linux-gnueabi
This information is from the file angstrom-version located in the /etc folder of the RAMDisk.
Following this instructions will unpack the RAMDisk and Kernel, then can be repack as it would with any Android system.
All this is done on Linux ubuntu 18.04 x64 system. If you have any other OS you can install Linux as a virtual machine.
1 .Create a directory
hptoolbox
2. Unzip TPToolbox-2015-01-08-v42.zip to the directory hptoolbox (http://downloads.codefi.re/jcsullins/cmtouchpad/tptoolbox/TPToolbox-2015-01-08-v42.zip
3. Open terminal in the hptoolbox directoty and paste the following commands.
Code:
dumpimage -i TPToolbox-2015-01-08-v42.bin uImage.kernel
dumpimage -i TPToolbox-2015-01-08-v42.bin -p 1 RAMDisk_Compress
dd if=RAMDisk_Compress of=RAMDisk.xz bs=64 skip=1
xz -d RAMDisk.xz
## The RAMDisk which is 67.1MB is a Linux rev 0.0 ext2 filesystem data img file.
4. Creat a loop disk to have read and write access of the RAMDisk
Code:
sudo udisksctl loop-setup -f RAMDisk
## Mapped file RAMDisk as /dev/loop16 (this is only on my system and it will be different on others)
5. Mount the 67 MB Loop Device, it can easly be done using Disks
6. Open your file manager as sudo in (my system is nautilus, it can be different on other Linux)
Code:
[email protected]:~$ sudo nautilus
[sudo] password for ubuntu:
7. The settings for the ToolBox are in /usr/tptoolbox.
You have complete control on all the files, but read what each script says on top:
Code:
# This script is Copyright (c) 2014 James Sullins, All rights reserved.
# James (JC) Sullins, aka jcsullins
# No modifications or distribution without permission
To repack the Kernel and RAMDisk
1. Unmount the RAMDisk img and Detach the loop device
2 Open terminal in the hptoolbox directory and paste the following commands.
Code:
mkimage -A arm -T ramdisk -C none -n RAMDisk -d RAMDisk uImage.RAMDisk
mkimage -A arm -T multi -C none -n "Tenderloin ToolBOX Modified" -d uImage.kernel:uImage.RAMDisk uImage.ToolBox_Modified
In my system I can not make RAMDisk using xz compression but it works uncompress is just a 70MB file.
If the RAMDisk is compress using (( xz -9 RAMDisk )) then the file size will be as the original but it will not be recognized by the kernel at boot.
3. To load using the novacom driver:
Code:
novacom boot mem:// <uImage.ToolBox_Modified
Many thanks to jcsullins for creating the ToolBox ,which allowed many users to easily transition to Android from WebOS and gave new life to a device that could have been in landfills many years ago. In my opinion this has been the greatest Tool for the TP and finding out how it works made it even more amazing!
HP_TOUCHPAD said:
What is the Touchpad Toolbox?
--SNIP--
Click to expand...
Click to collapse
You've done a great job figuring that out HP_TOUCHPAD! As a result, if Sullins agreed (assuming he would even answer the request), the TPToolbox could be modified fairly easily to handle the latest ROMS, GAPPS, and RECOVERIES. For example, it turns out that there is an unused parameter that would allow TPToolbox to install the zipfiles without any checks. Additionally, it is simple to bypass having to install a GAPPS with the ROM, or to keep all checks but the one that checks for a compatible GAPPS..
shumash said:
You've done a great job figuring that out HP_TOUCHPAD! As a result, if Sullins agreed (assuming he would even answer the request), the TPToolbox could be modified fairly easily to handle the latest ROMS, GAPPS, and RECOVERIES. For example, it turns out that there is an unused parameter that would allow TPToolbox to install the zipfiles without any checks. Additionally, it is simple to bypass having to install a GAPPS with the ROM, or to keep all checks but the one that checks for a compatible GAPPS..
Click to expand...
Click to collapse
Thank you, and yes the ToolBox can be modified very easily only if JSullins agreed.
But there is only one section that needs to be modified to update the toolbox and make compatible with all ROMS now and forever. In my opinion there is no need for the Toolbox to install any ROMS as that is the work of TWRP to do and it does it well.
This is the only modification that needs to be done to update the toolbox and make it useful forever!
In the folder toolbox/bin/make_boot (open the script)
add the following under this line : (do_run cp /usr/tptoolbox/data/moboot /mnt/boot/uImage.moboot)
Code:
do_run cp /usr/tptoolbox/data/uImage.TWRP /mnt/boot/uImage.TWRP
do_run cp /usr/tptoolbox/data/android.default.recovery /mnt/boot/android.default.recovery
do_run cp /usr/tptoolbox/data/moboot.default /mnt/boot/moboot.default
do_run cp /usr/tptoolbox/data/uImage.ToolBOX /mnt/boot/uImage.ToolBOX
copy the files to /usr/tptoolbox/data/
uImage.TWRP
android.default.recovery
moboot.default
uImage.ToolBOX (this is the toolbox.bin, renamed it to be loadable from the moboot menu.
save the script.
I do not need to tell you "the Linux Guru" what is going on, but just for the record.
When recreating the boot it will install TWRP into boot and also the ToolBOX.
Reboot and now you have TWRP and also the ToolBOX in the moboot menu and you can install any ROM using TWRP.
This will make it super easy for all users to start fresh!
Complete reset (it will install TWRP, recovery by default) nothing extra for the user to do!
Reflash battery firmare
Resize Android volumens
Reboot and install ROM
I do not think it can be any easier for anyone than this and the change is minimal!
HP_TOUCHPAD said:
Thank you, and yes the ToolBox can be modified very easily only if JSullins agreed.
But there is only one section that needs to be modified to update the toolbox and make compatible with all ROMS now and forever. In my opinion there is no need for the Toolbox to install any ROMS as that is the work of TWRP to do and it does it well.
--SNIP--
I do not think it can be any easier for anyone than this and the change is minimal!
Click to expand...
Click to collapse
I like what you're suggesting, but it's not that easy. I think you're creating a different application. The python scripts need to be modified to remove the "Install Android" option. Making users decide how to (re)install non-datamedia (DM) or DM ROMS by themselves was one of the things HPToolbox solved. I think that a better way is just to prevent all the checks that are done for three zips, gapp/rom capatibility, etc. and let users install the gapps themselves, although I can see a way to expand the allowable gapps dictionary to include the latest versions
Additionally, unless you resize /boot (which is fixed in one of the python scripts and may require lots of other changes), users who want to retain WebOS (there may be one or two left.) won't be able to install Android because there won't be enough room having uImage.TPToolbox there.
shumash said:
I like what you're suggesting, but it's not that easy. I think you're creating a different application.
There is no changes to the menu is only adding uImage.TWRP to be copy to boot.
In the Toolbox MAIN MENU
The option: Complete Data Reset
Call the script: toolbox/bin/make_boot
It will completely erase and format boot then copy files located in (/usr/tptoolbox/data/) over to /boot
It is part of the toolbox option and how it works. Nothing needs to be added or the main script modified.
By adding this code to the already (toolbox/bin/make_boot) script
Code:
do_run cp /usr/tptoolbox/data/uImage.TWRP /mnt/boot/uImage.TWRP
do_run cp /usr/tptoolbox/data/android.default.recovery /mnt/boot/android.default.recovery
do_run cp /usr/tptoolbox/data/moboot.default /mnt/boot/moboot.default
And copy those files to (/usr/tptoolbox/data/).
When the user select the option in the MENU to Complete Data Reset, it will do as always the only difference is, it will install TWRP automatically, which in my opinion it needs to be there to install and back up.
The python scripts need to be modified to remove the "Install Android" option. Making users decide how to (re)install non-datamedia (DM) or DM ROMS by themselves was one of the things HPToolbox solved.
The Install Android can be there as is and do as you are suggesting which is to remove the limitation and be able to install any recovery or gapps
I think that a better way is just to prevent all the checks that are done for three zips, gapp/rom capatibility, etc. and let users install the gapps themselves, although I can see a way to expand the allowable gapps dictionary to include the latest versions.
Yes that is perfect and the way it should have been from the beginning, to allow installation of any ROM. There is nothing malicious that anybody can do to brick the device. Reloading the toolbox (novacom boot mem:// < uImage.Toolbox) will recreate everything even if /boot is destroy.
Additionally, unless you resize /boot (which is fixed in one of the python scripts and may require lots of other changes), users who want to retain WebOS (there may be one or two left.) won't be able to install Android because there won't be enough room having uImage.TPToolbox there.
Click to expand...
Click to collapse
Correct if uImage.Toolbox ( 11 MB ) file is copy to boot and TWRP there will be 8 MB left for one uImage boot file, only one OS will be able to boot.
That could be an option and does not need to be copy to boot, but it could make it easier for "Android only users" to have it handy and no PC will be required to load it again.
Here is another simple quick modification to avoid confusion and make it easier.
When you select Install Android, the USB media is mounted and a directory /ttinstall is created. At the same time the directory is created a shortcut (link) can be place of a landing web page where the links to all ROM and Recovery can be download from, that the user can click and download the correct Recovery, ROM and gapps.
Make it super easy and avoid confusion of what to install and where to get it from. It could be a landing page any where that can be updated.
This is another issue to think about. To load any uImage to fix a problematic TP, a PC is need it with novacom drivers install.
This is the command that will fix any TP:
novacom boot mem:// <
If novacom is not install in the user PC or not working properly nothing can be done.
Idea.
Create a basic Linux OS, bare minimum that will run anywhere. Have the novacom install and the toolbox in it, with a basic browser to get the files.
The Linux OS can be distributed as a Live CD (.iso) that can be booted on any PC. This will guarantee that the novacom driver will work and load the toolbox or any other uImage into the TP.
I made my own live CD of Ubuntu 18.04 ( is a 2GB file ) that has everything set up and do any kind of work on the TP and be able to use it on any PC.
HP_TOUCHPAD said:
__SNIP__
Click to expand...
Click to collapse
All good ideas, but this is much easier.
shumash said:
All good ideas, but this is much easier.
Click to expand...
Click to collapse
Crazy complicated !
Take a very close look at the steps.
" 1) complete data reset"
Before this happens the novacom driver needs to be install. It used to be an easy one to do, but with new OS, windows or Linux it can get complicated. Nothing can be done unless this driver is properly install and the environment is properly set to load the uImage. This can easily create errors and frustration and not a successful install.
The universal Java installer used to work, not any more. It will be great to have a portable novacom driver, but I do not know if that is even possible to load and work in different OS.
But anyways doing the first steps is to load the Toolbox to do a complete data reset.
Well if the toolbox is modified, once the complete data reset is done uImage.TWRP will be already copy into boot.
The only thing you have to do is reboot the device select TWRP and do the installation as regular.
No more steps need it, and nothing else to download or install.
One step and done!
But now you need to run:
TWRP_TmpLoad_v03_win.bat
Then install TWRP, because is temporally loaded in memory.
What it does is loading uImage.TWRP using:
novacom boot mem:// <uImage.TWRP
The same way the Toolbox gets loaded in the first place.
If the Toolbox restriction gets remove then it will install TWRP, and then reboot.
Like I said the magic command is:
novacom boot mem://
Any boot uImage can be load it that way, but the only thing that will reset everything is the Toolbox.