Hi all,
I'm after a system.img that's going to allow me to run adb shell sessions as root. That's all I need. I don't need any of the normal phone fuctions or devices. I'd imagine disabling these would overcome any incompatibility issues... but I don't know.
Naturally, it'd be easier if such an image already existed, but I should be able to follow instructions on how to reconfigure a normal system and pack it to yaffs2 image.
How about the ramdisk of most custom recoveries- or is that too spare? It will give you a kernel, adb, and busybox if you are lucky.
sent from my android tablet
gee one said:
How about the ramdisk of most custom recoveries- or is that too spare? It will give you a kernel, adb, and busybox if you are lucky.
Click to expand...
Click to collapse
As long as I can do an adb shell as root then it's good enough.
I haven't found any compatible custom recovery images that I can flash. Everything I read seems to endup point to clockworkmod and I can't find flashable images for that. It seems to be flashed through rom manager only. I'm probably wrong though.
Depending on your device, there are several ways to flash. These may or may not apply to you:
1) some recovery installer app that you can download, similar to rom manager, or even rom manager itself!
2) a zip file that you make or modify yourself
3) flash through the staging partition, which may or may not be available on your device
4) copy directly into a recovery partition
5) who knows?
What device are you using and what rom and recovery are you using?
Sorry, I should have given you some info about my situation.
My phone is a chinese mt6516 iClone: W008+. It's currently without a working system partition so I flash images via pc using Mediatek flash tool.
For a recovery, I'd need an image file to flash directly. For a system partition I could flash and image file or I can pack a dir structure into a yaffs2 image file for flashing.
That seems above my paygrade... when you say image file, do you mean a packed boot.img that starts with ANDROID!
sent from my cyanogen(mod) vision
gee one said:
That seems above my paygrade... when you say image file, do you mean a packed boot.img that starts with ANDROID!
Click to expand...
Click to collapse
Well, a boot.img would go on the boot partition for booting into android normally. A recovery.img would also start with ANDROID but would go on the ... er... recovery partition. A system image would be different starting something like:
Code:
03 00 00 00 01 00 00 00 ff ff
Ok, it looks like the system.img is yaffs.
I was asking about the boot partition because most recovery images are just boot.img's with the recovery binary in the ramdisk. I made a boot.img once from a recovery partition and flashed it, so I had two recoveries on the same device, and no system! I thought this might be something of what you are looking for. You won't have or need a system since everything will load from the boot.img.
sent from my cyanogen(mod) vision
Yes, anything that gives me a root shell via adb would be good. It's just a question of finding something appropriate to try...
Are there any roms or system images available for your device now? Or can you pull the boot.img from your current device.
sent from my cyanogen(mod) vision
I can't find anything 3rd party for it. But I do have a boot.img that I extracted.
Send me a link and I'll poke around. Do you have a way to flash the boot.img?
sent from my cyanogen(mod) vision
Nice one.
This was ripped with dump_image:
boot.zip
OK, I extracted the ram disk- it was in an odd format. They sure talk funny.
ramdisk_2bb4ad9697.tar
So all the inits are for a fully working system, which you don't have. I guess the next step would be to strip out the inits to just a few basic mount points and then have it start adb. After that, add busybox and whatever goodies, repack it, and then flash away.
I really don't know my way around the init files, so it's mostly hack and slash. If you have any insight on how to strip them down, let's hear it. I'll try to read up on how linux boots. Also, knowing the partition mounts would be helpful, although I suppose you could figure that out with adb, if this actually works.
Cheers for that. Looks quite intriguing... I'm going to need a good deal more reading to make use of it though.
OK, here is a first stab- I modified the default.prop and added busybox and su. I did not touch any of the init's.
Here is the default.prop- insecure and adb enabled. I didn't change the inits, but it does look like they will start adb. They will probably fail to start everything else that it expects to find in system and frameworks, so your syslog will probably be littered with error messages, if there is even a syslog.
Code:
#
# ADDITIONAL_DEFAULT_PROPERTIES
#
ro.secure=0
ro.allow.mock.location=0
ro.debuggable=1
persist.service.adb.enable=1
Here is the ramdisk. I added busybox and su. I'm not sure if these will be helpful, but I figured it couldn't hurt.
edit: I just realized that /xbin is not in the path. "export PATH $PATH:/xbin" should fix it?? "/xbin/busybox --install /system/xbin" should install busybox to /system/xbin.
Code:
total 212
-rw-r--r-- 1 root root 20175 2012-03-08 18:26 advanced_meta_init.rc
drwxrwx--x 2 root root 4096 2012-03-08 18:26 data
-rw-r--r-- 1 root root 118 2012-03-08 20:11 default.prop
drwxr-xr-x 2 root root 4096 2012-03-08 18:26 dev
-rwxr-x--- 1 root root 107436 2012-03-08 18:26 init
-rwxr-x--- 1 root root 5828 2012-03-08 18:26 init.factory.rc
-rwxr-x--- 1 root root 1677 2012-03-08 18:26 init.goldfish.rc
-rwxr-x--- 1 root root 2263 2012-03-08 18:26 init.mt6516.rc
-rwxr-x--- 1 root root 20514 2012-03-08 18:26 init.rc
-rw-r--r-- 1 root root 5529 2012-03-08 18:26 meta_init.rc
drwxr-xr-x 2 root root 4096 2012-03-08 18:26 proc
lrwxrwxrwx 1 root root 11 2012-03-08 18:34 res -> /system/res
drwxr-x--- 2 root root 4096 2012-03-08 20:16 sbin
drwxr-xr-x 2 root root 4096 2012-03-08 18:26 sys
drwxr-xr-x 2 root root 4096 2012-03-08 18:26 system
drwxr-xr-x 2 root root 4096 2012-03-08 18:06 temp
drwxr-xr-x 2 root root 4096 2012-03-08 20:16 xbin
./data:
total 0
./dev:
total 0
./proc:
total 0
./sbin:
total 368
-rwxr-x--- 1 root root 138372 2012-03-08 18:26 adbd
-rwxr-x--- 1 root root 107436 2012-03-08 18:26 advanced_meta_init
-rwxr-x--- 1 root root 103116 2012-03-08 18:26 meta_init
-rwxr-x--- 1 root root 18012 2012-03-08 18:26 meta_tst
./sys:
total 0
./system:
total 0
./temp:
total 0
./xbin:
total 828
-rwxrwxr-x 1 root root 821340 2012-03-08 20:14 busybox
-rwsr-sr-x 1 root root 22364 2012-03-08 20:15 su
I did not change the kernel at all. The kernel and ramdisk have a 512 byte header file- it seems to have a file marker, size of package, and type of partition encoded into it. I'm not even sure this is android? I am certainly NOT an expert at this. For the record, I know nothing about the device that you have. I didn't even google it to see if was indeed an android phone.
All that being said, I will be surprised if this works and I would not be surprised if you end up with a brick. If it were my device, I would only flash this if I had a 100% bulletproof way to flash the stock boot.img externally without relying on the software on the phone. There is no system or frameworks, so it will most likely look like a stuck boot, but adb should be enabled. There is no boot animation or friendly little green android to greet you. I don't know if more stuff is needed in bin or sbin?
Now the disclaimers-
Code:
[SIZE="5"][COLOR="Red"][B]ALL WARRANTIES REGARDING
MERCHANTABILITY AND FITNESS OF PURPOSE,
EXPRESSED OR IMPLIED, ARE DISCLAIMED.
Flashing this boot image can cause
loss of data, loss of device, inability to use device,
spontaneous bricking, and other grave consequences.
Use at your own peril.
If anything bad happens, it's not my fault.[/COLOR][/B]
[/SIZE]
.
Good Luck! If in doubt, don't flash it!
https://rapidshare.com/files/1856533633/boot_adb_4026ab44b0.img
Well, I can't say I understand what you've done here but...
I've now got a working phone with root adb. Brilliant!!! Thanks.
I had to flash another system image (meant for a different phone) so that I could get a shell working otherwise I'd get a 'can't find /system/bin/sh' error. But having done that, it works a treat. The system still needs a bit of work to get my phone as it should be but that's another story.
I'm really interested in how you've managed to do this. How do you unpack/repack the boot.img? I'd love to mess about with this and see how long it takes to blow my phone up. I tried to follow one guide on the net but it just wasn't happening.
Ok, I found the ROOTFS section and pulled it out. So I can see how it all fits together.
According to 7zip, this is a 'Cpio' archive inside a 'Gzip' archive. What's 'Cpio'?
That's the funny part- there is a 512 byte header that has a few id characters, the file size and then "ROOTFS". The kernel image is similar. All the android parts that I've pulled apart didn't have the 512 byte header.
If you strip that out, then you will have a gzipped cpio archive. You can extract it with "gunzip -c <the ramdisk> | cpio -i"
To recompress it, "find . | cpio -o -H newc | gzip >> ../your-new-ramdisk"
You'll have to reattach the 512 byte header and adjust the file size.
sent from my cyanogen(mod) vision
Well I got round to having a little play with this. Thanks for the info Gee, it's been filed safely.
I looked at the recovery image and the init.rc doesn't do alot; Ideal starting place. Nothing is mounted by default so I put a couple of commands to mount /sdcard and /system normally just to test it. I also had to enable adb in the default.prop file as you did before. This was pretty straight forward and worked. I got into adb shell with root, no problem.
Now I thought it would be ideal if I could mount the sdcard as /system and put '/bin/sh' on the sdcard. Androids sh isn't a link like it is on Linux so I thought this should work. It didn't! On issuing the 'adb shell' command, I got:
Code:
link_image[2030]: failed to link /system/bin/sh
CANNOT LINK EXECUTABLE
So I thought I'd try the cache partition. I copied /bin/* to /cache, put the mount commands for /sdcard and cache as /system and this time... I got the same error. I'm surprised the cache partition didn't work. I was able to 'adb pull' the /system/bin/ files from it so I don't know why adb couldn't just execute one of them???
I don't know what to try next as I don't want to be forced to have the system partition mounted just for the sake of adb finding sh. I wouldn't mind if I could just umount it once I'm in the shell... but that would be to easy, wouldn't it.
Related
Hi, I am using tnt 4.4.0 on my g tablet and I see the system/apps directory with loads of apk's that came packaged with the tnt rom.
My question or issue is this.
When I download an app from the marketplace I can't seem to figure out where it goes.
Using file expert v3.1.0 I searched all over and still no luck.. using this same app I can make backups of my apps by clicking the apps tab and long clicking an app and selecting backup but I would assume the original Zip or APK that I downloaded is on my device somewhere?
Or is it just unzipping from the market and I then have to zip them into a new file with an apk extension?
Innerchaos said:
My question or issue is this.
When I download an app from the marketplace I can't seem to figure out where it goes.
Click to expand...
Click to collapse
To answer this part of your question:
Downloaded apps are either in /data/app or /mnt/asec (this, after much filesystem path-manipulation magic post system boot) for apps moved to SD card:
Code:
$ su
# find /data/ -name *.apk
/data/app/com.google.android.street-1.apk
/data/app/com.google.android.youtube-1.apk
/data/app/com.android.vending-2.apk
/data/app/com.curvefish.widgets.wifionoff.donate-1.apk
/data/app/com.jasoncalhoun.android.systeminfowidget-1.apk
/data/app/com.facebook.katana-1.apk
/data/app/com.dataviz.docstogoapp-1.apk
/data/app/org.zooper.acw-1.apk
/data/app/jackpal.androidterm-1.apk
/data/app/com.curvefish.apps.appremover-1.apk
/data/app/com.curvefish.widgets.bluetoothonoff-1.apk
/data/app/com.noshufou.android.su-1.apk
/data/app/org.adwfreak.launcher-1.apk
#
# find /mnt/asec/ -name *.apk
/mnt/asec/com.rovio.angrybirdsrio-2/pkg.apk
/mnt/asec/com.google.android.apps.maps-2/pkg.apk
/mnt/asec/com.alensw.PicFolder-1/pkg.apk
/mnt/asec/com.farproc.wifi.analyzer-2/pkg.apk
/mnt/asec/com.redirectin.rockplayer.android.unified-2/pkg.apk
/mnt/asec/com.speedsoftware.rootexplorer-2/pkg.apk
/mnt/asec/com.google.android.voicesearch-1/pkg.apk
/mnt/asec/com.dataviz.docstogo-2/pkg.apk
/mnt/asec/net.androidcomics.acv-1/pkg.apk
/mnt/asec/com.rovio.angrybirdsseasons-1/pkg.apk
/mnt/asec/com.seesmic-1/pkg.apk
/mnt/asec/com.rovio.angrybirds-1/pkg.apk
/mnt/asec/com.adobe.flashplayer-1/pkg.apk
/mnt/asec/com.google.android.gm-1/pkg.apk
/mnt/asec/com.google.android.stardroid-1/pkg.apk
As to your other questions, I don't have definitive answers, but, looking inside those 2 directories (/data, and, /mnt/sdcard after you've unmount it) might prove instructive.
My mnt/asec directory is empty as well
Innerchaos said:
My mnt/asec directory is empty as well
Click to expand...
Click to collapse
Did you run the find command as root? (Or, have root permissions when you looked inside /mnt/asec?)
/mnt/asec might also be empty simply because you haven't moved any apps to the SD card.
The actual .apk files are in /mnt/sdcard/.android_secure/, but with a .asec extension instead of .apk. You'll have to unmount /mnt/sdcard in Settings > Storage first, then mount it again manually for you to see the files in that directory:
Code:
$ su
# mount -r -t vfat /dev/block/mmcblk3p1 /mnt/sdcard
# ls -l /mnt/sdcard/.android_secure/
total 124216
-rwxr-xr-x 1 root root 13870592 Jun 8 23:17 com.adobe.flashplayer-2.asec
-rwxr-xr-x 1 root root 2161664 May 30 03:37 com.alensw.PicFolder-1.asec
-rwxr-xr-x 1 root root 7483904 May 20 08:44 com.dataviz.docstogo-2.asec
-rwxr-xr-x 1 root root 2161664 Jun 3 03:24 com.farproc.wifi.analyzer-2.asec
-rwxr-xr-x 1 root root 8548352 May 26 22:18 com.google.android.apps.maps-2.asec
-rwxr-xr-x 1 root root 4290560 May 17 10:22 com.google.android.gm-1.asec
-rwxr-xr-x 1 root root 4290560 May 17 10:21 com.google.android.stardroid-1.asec
-rwxr-xr-x 1 root root 4290560 May 17 10:22 com.google.android.voicesearch-1.asec
-rwxr-xr-x 1 root root 9612800 May 17 10:22 com.redirectin.rockplayer.android.unified-2.asec
-rwxr-xr-x 1 root root 21321728 May 17 10:21 com.rovio.angrybirds-1.asec
-rwxr-xr-x 1 root root 19192832 May 19 19:58 com.rovio.angrybirdsrio-2.asec
-rwxr-xr-x 1 root root 22386176 May 17 10:21 com.rovio.angrybirdsseasons-1.asec
-rwxr-xr-x 1 root root 3226112 May 17 10:22 com.seesmic-1.asec
-rwxr-xr-x 1 root root 2161664 May 24 20:11 com.speedsoftware.rootexplorer-2.asec
-rwxr-xr-x 1 root root 2161664 May 28 16:03 net.androidcomics.acv-1.asec
#
# umount /mnt/sdcard
You won't see those files when the SD card is mounted normally by Android. Then, the /mnt/sdcard/.android_secure directory will appear to be empty.
You might also have to use /dev/block/mmcblk2p1 instead of /dev/block/mmcblk3p1 in the mount command above, if you run a Gingerbread-based ROM.
I flashed a I9100 firmware on my I9100M on bell and now I don't have the M on the bootlogo anymore. Also, the bell stock download mode start directly to downloading, but now it ask for downloading or cancel with volume up/down.
Does anybody have a way to fix this (like have the original boot.bin, sbl.bin and param.lfs from bell firmware I9100MUGKG2) because I downloaded the original firmware and these files are not included.
If you have a rooted I9100M running stock firmware, use this step and upload me the file please:
adb shell
$ su
# dd if=/dev/block/stl6 of=/sdcard/param.lfs bs=4096
or you can use terminal emulator if you prefer (remove adb shell).
The param.lfs will be in your internal sd card.
But if you have all the file I ask (if you did a nandroid backup with CWM before upgrading or modding the phone), please upload for me.
I need warranty and now my phone isn't stock.
Thankx
Download full stock rom from Samfirmware.com & extract the files yourself.
NLSGS2beast said:
I flashed a I9100 firmware on my I9100M on bell and now I don't have the M on the bootlogo anymore. Also, the bell stock download mode start directly to downloading, but now it ask for downloading or cancel with volume up/down.
Does anybody have a way to fix this (like have the original boot.bin, sbl.bin and param.lfs from bell firmware I9100MUGKG2) because I downloaded the original firmware and these files are not included.
If you have a rooted I9100M running stock firmware, use this step and upload me the file please:
adb shell
$ su
# dd if=/dev/block/stl6 of=/sdcard/param.lfs bs=4096
or you can use terminal emulator if you prefer (remove adb shell).
The param.lfs will be in your internal sd card.
But if you have all the file I ask (if you did a nandroid backup with CWM before upgrading or modding the phone), please upload for me.
I need warranty and now my phone isn't stock.
Thankx
Click to expand...
Click to collapse
I too have a simular problem, I dont need to send it in for warranty but am wanting to get the Sbl.bin file and param.lfs for Bell Canada's GT-i9100M phone, I downloaded the old GB KG2 FM and also have the new ICS LD3 FM and none contain the Sbl.bin file or the param.lfs that Bell uses.
I have access to another i9100M that has not been changed with anything custom, does anyone know of a way that I can get the Sbl.bin data and how to get the param.lfs off of another phone?.
Thank you.
OK I think I figured this out, I found out the partitions to backup by listing them by name
Code:
[email protected]:/sdcard # ls -l /dev/block/platform/dw_mmc/by-name/
lrwxrwxrwx 1 root root 20 May 12 21:24 CACHE -> /dev/block/mmcblk0p7
lrwxrwxrwx 1 root root 21 May 12 21:24 DATAFS -> /dev/block/mmcblk0p10
lrwxrwxrwx 1 root root 20 May 12 21:24 EFS -> /dev/block/mmcblk0p1
lrwxrwxrwx 1 root root 20 May 12 21:24 FACTORYFS -> /dev/block/mmcblk0p9
lrwxrwxrwx 1 root root 21 May 12 21:24 HIDDEN -> /dev/block/mmcblk0p12
lrwxrwxrwx 1 root root 20 May 12 21:24 KERNEL -> /dev/block/mmcblk0p5
lrwxrwxrwx 1 root root 20 May 12 21:24 MODEM -> /dev/block/mmcblk0p8
lrwxrwxrwx 1 root root 20 May 12 21:24 PARAM -> /dev/block/mmcblk0p4
lrwxrwxrwx 1 root root 20 May 12 21:24 RECOVERY -> /dev/block/mmcblk0p6
lrwxrwxrwx 1 root root 20 May 12 21:24 SBL1 -> /dev/block/mmcblk0p2
lrwxrwxrwx 1 root root 20 May 12 21:24 SBL2 -> /dev/block/mmcblk0p3
lrwxrwxrwx 1 root root 21 May 12 21:24 UMS -> /dev/block/mmcblk0p11
Then I just did a dd on partitions 2 and 3 I didn't do the param because I have modified my boot logo and know enough from changing it before Hellcats easy app to know it is not specific to the phone since it has all variant logos at the same time and it shows the correct one by file name.
shadowofdarkness said:
OK I think I figured this out, I found out the partitions to backup by listing them by name
Code:
[email protected]:/sdcard # ls -l /dev/block/platform/dw_mmc/by-name/
lrwxrwxrwx 1 root root 20 May 12 21:24 CACHE -> /dev/block/mmcblk0p7
lrwxrwxrwx 1 root root 21 May 12 21:24 DATAFS -> /dev/block/mmcblk0p10
lrwxrwxrwx 1 root root 20 May 12 21:24 EFS -> /dev/block/mmcblk0p1
lrwxrwxrwx 1 root root 20 May 12 21:24 FACTORYFS -> /dev/block/mmcblk0p9
lrwxrwxrwx 1 root root 21 May 12 21:24 HIDDEN -> /dev/block/mmcblk0p12
lrwxrwxrwx 1 root root 20 May 12 21:24 KERNEL -> /dev/block/mmcblk0p5
lrwxrwxrwx 1 root root 20 May 12 21:24 MODEM -> /dev/block/mmcblk0p8
lrwxrwxrwx 1 root root 20 May 12 21:24 PARAM -> /dev/block/mmcblk0p4
lrwxrwxrwx 1 root root 20 May 12 21:24 RECOVERY -> /dev/block/mmcblk0p6
lrwxrwxrwx 1 root root 20 May 12 21:24 SBL1 -> /dev/block/mmcblk0p2
lrwxrwxrwx 1 root root 20 May 12 21:24 SBL2 -> /dev/block/mmcblk0p3
lrwxrwxrwx 1 root root 21 May 12 21:24 UMS -> /dev/block/mmcblk0p11
Then I just did a dd on partitions 2 and 3 I didn't do the param because I have modified my boot logo and know enough from changing it before Hellcats easy app to know it is not specific to the phone since it has all variant logos at the same time and it shows the correct one by file name.
Click to expand...
Click to collapse
Lol I was on the toliet and found the directory too, I already found out that the MMCBLK's where the data to dump and was cross refernceing from PIT file information, but then low and behold looking by name confirmed for sure which one, however how did you extract the exact data from those mmcblocks? , when I do a data partition dump, it dumps the whole partition so for example the param.lfs partition is 8MBs, how were you able to access the specific data and convert it/get it out of those blocks?, I will need to repeat this process on my family members phone so that I can get the param file, also how did you tar them up so that they are Odin flash-able?.
Also will it be fine to flash both sbl 1 and 2 bins just as they are and will Odin properly flash them in the correct sections? or should I just use sbl1 to be safe and rename it to sbl.bin ?(since that is how it comes in firmware packages etc)
In my picture here I was using Yaffs Explorer app but the options are very limiting.
dbzgod said:
Lol I was on the toliet and found the directory too, I already found out that the MMCBLK's where the data to dump and was cross refernceing from PIT file information, but then low and behold looking by name confirmed for sure which one, however how did you extract the exact data from those mmcblocks? , when I do a data partition dump, it dumps the whole partition so for example the param.lfs partition is 8MBs, how were you able to access the specific data and convert it/get it out of those blocks?, I will need to repeat this process on my family members phone so that I can get the param file, also how did you tar them up so that they are Odin flash-able?.
Also will it be fine to flash both sbl 1 and 2 bins just as they are and will Odin properly flash them in the correct sections? or should I just use sbl1 to be safe and rename it to sbl.bin ?(since that is how it comes in firmware packages etc)
In my picture here I was using Yaffs Explorer app but the options are very limiting.
Click to expand...
Click to collapse
I didn't do anything special and those should be entire partition images. I doubt that tar is Odin flashable since the filenames will be off. I just put them in a tar.bz2 by right clicking the files on my Desktop and selecting compress since xda wouldn't allow me to attach bin files
shadowofdarkness said:
I didn't do anything special and those should be entire partition images. I doubt that tar is Odin flashable since the filenames will be off. I just put them in a tar.bz2 by right clicking the files on my Desktop and selecting compress since xda wouldn't allow me to attach bin files
Click to expand...
Click to collapse
Ah okay, yeah thats what I was able to do as well just got copys of the partitions from 2 ways, one was using the partition raw dump that makes a .raw file from within Yaffs Explorer, and the second was just using the shell cmds
dd if=/dev/block/mmcblk0p4 of=/sdcard/param.lfs
dd if=/dev/block/mmcblk0p2 of=/sdcard/Sb1l.bin
dd if=/dev/block/mmcblk0p3 of=/sdcard/Sbl2.bin
So now im thinking that they probably arnt Odin flash-able and what I will half to do is just:
dd if=/sdcard/param.lfs of=/dev/block/mmcblk0p4 to copy them over? or would that be bad/corrupt the the mmc partitions?
The raw data dumps from Yaffs Explorer makes them just to be their names mmcblk0p4.raw so would it be better to just use those raw dumps instead when copying over to the dev/block section?
Ever wanted to backup your device without the hassle of flipping SD cards or USB sticks?
Maybe there is no TWRP recovery available for your device but you still want to make a backup?
Why not use the computer directly over your network?
All you need is a rooted device, might work without root but I never tried.
I always disliked that TWRP does not include user data in a backup.
And at some stage I got sick and tired of botting into recovery and flipping SD cards, so I tried this:
Connect a USB cable to the box and use ADB to make a backup.
As you guessed it the box does not really support this
No fastboot either
Then I remembered that ADB works over the network too and to my surprise the box agreed to let me use it.
As said I only test on my X96 but the same should work on most if not all Amlogic boxes.
Please see this as a work in progress as I would like to encourage more people to use this way of making backups.
It could also be a very easy way to provide modded firmwares as there is no need for a custom recovery.
Simply create your firmware and then make a backup, if you want even with all userdate included - just make sure to remove account, network and other personal settings first
I think you know hat I mean
But how exactly do we make use of this now?
Download the supplied archive and unpack to a folder on your PC - I named it tools so we have a reference here..
I have a fully working SDK, Java and all on my system but assume the tools should work as standalone versions too.
Start your box and check your IP in the network settings - you need it.
Open a command prompt with Admin rights in the Tools folder.
Now type adb connect YOURIP where YOURIP is the IP address of the box.
For example adb connect 192.168.1.9
The deamon will start and connect to your box, you can confirm by typing adb devices.
It will show the IP as a connected device.
Now, of course we could use some weird commands and type them into our command prompt...
I suggest to simply type backup and press enter
This will start the batch file that creates images of the following partitions:
Boot
Bootloader
Recovery
System
After this it will create a folder "sdcard" in the Tools folder and copy your userdata from the internal memory there.
The backup is complete now.
I inlcuded another batch file (backup_all) which tries to create images of all accessible partitions that I find on the OTA firmware.
Here the loop and mmcblk partitions are excluded as I assume there should be no real need for them.
With this you have full backup to restore a messed up device assuming the mount points and partitions were not changed by your modded rom.
The last (backup_all_full) includes all available partitions and some might not be fully accessible, so only try if you must and have enough space on your drive.
Again, not all partitions might work, try at your own discretion.
If you only want to backup and restore the userdate then please use the userbackup and restore files.
Restore:
I only included a restore.bat to write the following partitions:
Boot
Bootloader
Recovery
System
Plus the created userdata.
This will only work if the rom you tried out did not change vital parts of the system layout.
For example if the device tree blob, partition sizes, mount points were not changed from the original.
As long as you use roms designed for your device it will always get you back and running.
Of course you need to be able to get an IP connection through ADB - if that no longer works you have to flash the original firmware with the Amlogic tools.
The backup of the internal memory can laways be copied back to a working device.
What to expect from all this?
Nothing really! It is a simple creation with no additional checks, you could say "quick and dirty".
It should work for all X96 models that run the OTA firmware or one of my mods.
For other devices you might have to change the partition names in the batch files.
In my case they are found in /dev/block/, so a simple ls /dev/block from the ADB shell will give you these names.
IMHO the real benefit apart from having a complete backup directly on the computer is for people without a TWRP recovery.
Not only can you get all you need to port one but you can also modify your system by using the image files in a ROM kitchen (or do it manually).
If you like the idea then please check your system and try it out!
Upload or post your modifications to the batch files together with the device name and type so other can benefit too.
Let me know how it works!
Edit:
Changed the batch files a bit to get the best possible speed and added Testdisk for those who want to check the created image files.
All batch files starting with X96 are the current ones, the old ones are still included for reference.
Download the backup tools here.
Hello man, quite an interesting tool you've developed!! Lemme bother you with an issue I'm having please
I have the x96, a newer version, I suppose, than the one you have. Its running on Android 7.1. I'm trying to backup using your method, thing is, when I type backup in the console, after successfully connecting through adb to my box, I get the message "Simple ADB backup for the X96 by Downunder35m" , no logs in the console nor nothing(its been like that for half an hour). Am I doing something wrong there? adb devices echoes my device correctly. The device in stake is normally powered on, not in recovery mode, should it be on recovery mode?? should I be seeing logs in the console? what is the usual approximate time it should take? I know it depends on the local network speed and all, but It'd be cool to have an estimate...
Thanks!!!
ismasasoel said:
Hello man, quite an interesting tool you've developed!! Lemme bother you with an issue I'm having please
I have the x96, a newer version, I suppose, than the one you have. Its running on Android 7.1. I'm trying to backup using your method, thing is, when I type backup in the console, after successfully connecting through adb to my box, I get the message "Simple ADB backup for the X96 by Downunder35m" , no logs in the console nor nothing(its been like that for half an hour). Am I doing something wrong there? adb devices echoes my device correctly. The device in stake is normally powered on, not in recovery mode, should it be on recovery mode?? should I be seeing logs in the console? what is the usual approximate time it should take? I know it depends on the local network speed and all, but It'd be cool to have an estimate...
Thanks!!!
Click to expand...
Click to collapse
i havent checked his batch file but im assuming your device has different partitions.
just do it manually. heres a couple links and some simple directions.
This link covers it all: https://forum.xda-developers.com/showthread.php?t=2450045
simply get Adb, connect with IP. Adb shell, then su.
The key is to find your directory with your partitions by name.
Try looking in these directory with this command
Code:
ls -al /dev/block/platform/*
Your looking for output like this
Code:
drwxr-xr-x 3 root root 400 2014-12-31 19:00 .
drwxr-xr-x 3 root root 60 2014-12-31 19:00 ..
lrwxrwxrwx 1 root root 15 2014-12-31 19:00 boot -> /dev/block/boot
lrwxrwxrwx 1 root root 21 2014-12-31 19:00 bootloader -> /dev/block/bootloader
drwxr-xr-x 2 root root 300 2014-12-31 19:00 by-num
lrwxrwxrwx 1 root root 16 2014-12-31 19:00 cache -> /dev/block/cache
lrwxrwxrwx 1 root root 16 2014-12-31 19:00 crypt -> /dev/block/crypt
lrwxrwxrwx 1 root root 15 2014-12-31 19:00 data -> /dev/block/data
lrwxrwxrwx 1 root root 14 2014-12-31 19:00 env -> /dev/block/env
lrwxrwxrwx 1 root root 15 2014-12-31 19:00 logo -> /dev/block/logo
lrwxrwxrwx 1 root root 15 2014-12-31 19:00 misc -> /dev/block/misc
lrwxrwxrwx 1 root root 18 2014-12-31 19:00 mmcblk0 -> /dev/block/mmcblk0
lrwxrwxrwx 1 root root 23 2014-12-31 19:00 mmcblk0boot0 -> /dev/block/mmcblk0boot0
lrwxrwxrwx 1 root root 23 2014-12-31 19:00 mmcblk0boot1 -> /dev/block/mmcblk0boot1
lrwxrwxrwx 1 root root 22 2014-12-31 19:00 mmcblk0rpmb -> /dev/block/mmcblk0rpmb
lrwxrwxrwx 1 root root 19 2014-12-31 19:00 recovery -> /dev/block/recovery
lrwxrwxrwx 1 root root 19 2014-12-31 19:00 reserved -> /dev/block/reserved
lrwxrwxrwx 1 root root 14 2014-12-31 19:00 rsv -> /dev/block/rsv
lrwxrwxrwx 1 root root 17 2014-12-31 19:00 system -> /dev/block/system
lrwxrwxrwx 1 root root 14 2014-12-31 19:00 tee -> /dev/block/tee
In that example my system is /dev/block/system
so I use this to copy it to internal sd card
Code:
dd if=/dev/block/system of=/sdcard/system.img
This isnt detailed, read that link. Good Luck!
X96 mini backup problem
Hello! The following problem arises with me: When writing on the console "adb connect 192.168.3.194", it says the following
D: \ X96 ADB Backup Restore> adb connect 192.168.3.194
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
unable to connect to 192.168.3.194:5555: can not connect to 192.168.3.194:5555: H
a connection could be established because the target computer actively denied it. (10
061)
and I can not bind to boxing. What does this mean. Is boxing any protection set up?
Uploaded the recovery from the system dump posted here to TWRP builder and Yshalsager built this recovery for it, need testers for it View attachment TWRP-3.2.1-ali-20180612.img.zip
I'll gladly test it. I've been testing a version of my own but had issues with mounting the external sdcard.
EDIT - Quick test and it shows internal storage separate from external (mine showed the same internal for both) however it does not mount the external sd card.
Added a couple of logs. Sorry, it's been a while since I have had a devices I could unlock/etc... Please let me know if you want more.
likemiketoo said:
Uploaded the recovery from the system dump posted here to TWRP builder and Yshalsager built this recovery for it, need testers for it View attachment 4526176
Click to expand...
Click to collapse
TWRP has been using a boot Twrp.img and an TWRP Installer which installs TWRP to the system, if you dont use installer, you must Fastboot TWRP every time...
---------- Post added at 04:43 PM ---------- Previous post was at 04:04 PM ----------
likemiketoo said:
Uploaded the recovery from the system dump posted here to TWRP builder and Yshalsager built this recovery for it, need testers for it View attachment 4526176
Click to expand...
Click to collapse
do you just do a fastboot flash recovery with this or what? instructions are a little vague
Dadud said:
do you just do a fastboot flash recovery with this or what? instructions are a little vague
Click to expand...
Click to collapse
If it were me, I'd use the following:
Code:
fastboot boot twrp.img
That way you can test it without breaking your stock recovery. If it does end up working you can use it to backup your stock boot.img and recovery.img.
kwiksi1ver said:
If it were me, I'd use the following:
Code:
fastboot boot twrp.img
That way you can test it without breaking your stock recovery. If it does end up working you can use it to backup your stock boot.img and recovery.img.
Click to expand...
Click to collapse
i tried flashing it but it gave me an error saying it wasnt signed correctly, ill get back on with that command and grab the stock boot.img and recovery.img (if it works) and throw them up on google drive for anyone who might need them.
Update: not letting me backup, i have secure boot enabled, though and its not asking me for decryption password when i boot twrp like my nexus 6p did.
Dadud said:
Update: not letting me backup, i have secure boot enabled, though and its not asking me for decryption password when i boot twrp like my nexus 6p did.
Click to expand...
Click to collapse
When you've booted into TWRP does ADB work when you're connected to your PC?
kwiksi1ver said:
When you've booted into TWRP does ADB work when you're connected to your PC?
Click to expand...
Click to collapse
yeah, i can run adb shell no problem
Dadud said:
yeah, i can run adb shell no problem
Click to expand...
Click to collapse
from adb shell run
Code:
cd /dev/block/platform/soc/
ls
the ls command will list a partition or two try to cd to them and look for a structure like this:
/dev/block/platform/soc/c0c4000.sdhci/by-name/
the c0c4000.shci will not match, it will be specific to your device model, but once you find that folder you can try to copy the boot and recovery partitions using commands like this:
Code:
dd if=/dev/block/platform/soc/c0c4000.sdhci/by-name/boot of=/external_sd/boot.img
dd if=/dev/block/platform/soc/c0c4000.sdhci/by-name/recovery of=/external_sd/recovery.img
or if you don't have an external SD card try this
Code:
adb pull /dev/block/platform/soc/7824900.sdhci/by-name/boot stockboot.img
adb pull /dev/block/platform/soc/7824900.sdhci/by-name/recovery stockrecovery.img
Again the folder name after the /soc/ in the path will be different for your device so replace that and you can save your stock boot and recovery images. From there we can use those to build a proper TWRP and get root by disabling dm-verity on the boot.img.
kwiksi1ver said:
from adb shell run
Code:
cd /dev/block/platform/soc/
ls
the ls command will list a partition or two try to cd to them and look for a structure like this:
/dev/block/platform/soc/c0c4000.sdhci/by-name/
the c0c4000.shci will not match, it will be specific to your device model, but once you find that folder you can try to copy the boot and recovery partitions using commands like this:
Code:
dd if=/dev/block/platform/soc/c0c4000.sdhci/by-name/boot of=/external_sd/boot.img
dd if=/dev/block/platform/soc/c0c4000.sdhci/by-name/recovery of=/external_sd/recovery.img
or if you don't have an external SD card try this
Code:
adb pull /dev/block/platform/soc/7824900.sdhci/by-name/boot stockboot.img
adb pull /dev/block/platform/soc/7824900.sdhci/by-name/recovery stockrecovery.img
Again the folder name after the /soc/ in the path will be different for your device so replace that and you can save your stock boot and recovery images. From there we can use those to build a proper TWRP and get root by disabling dm-verity on the boot.img.
Click to expand...
Click to collapse
not seeing a c0c4000.shci or similarly named folder, just a lot of mmcblk folders, a by-name and a by-num folder. i see something called boot and recovery in by-name but when i try to adb pull it returns adb: not found
Dadud said:
not seeing a c0c4000.shci or similarly named folder, just a lot of mmcblk folders, a by-name and a by-num folder. i see something called boot and recovery in by-name but when i try to adb pull it returns adb: not found
Click to expand...
Click to collapse
Sorry, I should have been more clear, you can't be in adb shell when you run the adb pull command.
So you'd find the full path of the "by-name" folder and you'd copy the whole path name. Then exit out of adb shell by typing "exit" and you should be back to the command prompt/terminal on your computer.
Then you run the command: (but replace the path of your boot and recovery files with the file structure on your device)
Code:
adb pull /dev/block/platform/soc/7824900.sdhci/by-name/boot stockboot.img
adb pull /dev/block/platform/soc/7824900.sdhci/by-name/recovery stockrecovery.img
Dadud said:
not seeing a c0c4000.shci or similarly named folder, just a lot of mmcblk folders, a by-name and a by-num folder. i see something called boot and recovery in by-name but when i try to adb pull it returns adb: not found
Click to expand...
Click to collapse
Opening command prompt/powershell (windows) or terminal ( linux) and type:
Code:
adb pull /dev/block/platform/soc/by-name/boot boot.img
adb pull /dev/block/platform/soc/by-name/recovery recovery.img
This works fine for me using my twrp and the twrp from the op. This does not work for you?
I have used this to boot into phh-treble and the lineage-phh-treble roms (with the stock kernel) and have gone back to stock (pulled the system.img before this). I have not been successful with Magisk myself.
EDIT- After typing this I just saw kwiksi1ver's reply...
Not that I've needed to but I had more lines in my fstab so I could mount more partitions like vendor (I believe Magisk wanted to mount it?) Included for whatever purposes. external sdcard not working right and I haven't tested out edits since I first tried it.
*** DISCLAIMER *** It's been a long time since I have messed with this stuff so excuse the messy stuff and my lack of knowledge of mounting flags. Also uh..... I'm not responsible for your choices.....
dejello said:
Opening command prompt/powershell (windows) or terminal ( linux) and type:
Code:
adb pull /dev/block/platform/soc/by-name/boot boot.img
adb pull /dev/block/platform/soc/by-name/recovery recovery.img
This works fine for me using my twrp and the twrp from the op. This does not work for you?
I have used this to boot into phh-treble and the lineage-phh-treble roms (with the stock kernel) and have gone back to stock (pulled the system.img before this). I have not been successful with Magisk myself.
EDIT- After typing this I just saw kwiksi1ver's reply...
Not that I've needed to but I had more lines in my fstab so I could mount more partitions like vendor (I believe Magisk wanted to mount it?) Included for whatever purposes. external sdcard not working right and I haven't tested out edits since I first tried it.
*** DISCLAIMER *** It's been a long time since I have messed with this stuff so excuse the messy stuff and my lack of knowledge of mounting flags. Also uh..... I'm not responsible for your choices.....
Click to expand...
Click to collapse
By chance could you also post the stock recovery.img and boot.img as well?
kwiksi1ver said:
By chance could you also post the boot.img as well?
Click to expand...
Click to collapse
I can. It boots but the sdcard is at least shown better on the op link. I took the one posted for the g6 play and swapped a few things with the stock recovery and came up with this. ***Again, I'm not responsible for how you use this and can't say anything is safe (though I have used it plenty). You WILL lose your data any time you want to mess with anything rom related.*** To get it to read the data partition you have to format it (that includes internal storage).
dejello said:
I can. It boots but the sdcard is at least shown better on the op link. I took the one posted for the g6 play and swapped a few things with the stock recovery and came up with this. ***Again, I'm not responsible for how you use this and can't say anything is safe (though I have used it plenty). You WILL lose your data any time you want to mess with anything rom related.*** To get it to read the data partition you have to format it (that includes internal storage).
Click to expand...
Click to collapse
I don't have a G6 myself, I was just trying to kickstart the development on it.
I have a G6 play, I was the one who made the TWRP image for the G6 Play.
dejello said:
Opening command prompt/powershell (windows) or terminal ( linux) and type:
Code:
adb pull /dev/block/platform/soc/by-name/boot boot.img
adb pull /dev/block/platform/soc/by-name/recovery recovery.img
This works fine for me using my twrp and the twrp from the op. This does not work for you?
Click to expand...
Click to collapse
no, it doesnt seem to be working, this is a log my my powershell prompt.
PS C:\Users\dadud\Downloads\TWRP-3.2.1-ali-20180612.img> adb shell
~ # [6n cd /dev/block/platform/soc/
/dev/block/platform/soc # [6nls
by-name mmcblk0p16 mmcblk0p25 mmcblk0p34 mmcblk0p43 mmcblk0p52
by-num mmcblk0p17 mmcblk0p26 mmcblk0p35 mmcblk0p44 mmcblk0p53
mmcblk0 mmcblk0p18 mmcblk0p27 mmcblk0p36 mmcblk0p45 mmcblk0p6
mmcblk0p1 mmcblk0p19 mmcblk0p28 mmcblk0p37 mmcblk0p46 mmcblk0p7
mmcblk0p10 mmcblk0p2 mmcblk0p29 mmcblk0p38 mmcblk0p47 mmcblk0p8
mmcblk0p11 mmcblk0p20 mmcblk0p3 mmcblk0p39 mmcblk0p48 mmcblk0p9
mmcblk0p12 mmcblk0p21 mmcblk0p30 mmcblk0p4 mmcblk0p49 mmcblk0rpmb
mmcblk0p13 mmcblk0p22 mmcblk0p31 mmcblk0p40 mmcblk0p5
mmcblk0p14 mmcblk0p23 mmcblk0p32 mmcblk0p41 mmcblk0p50
mmcblk0p15 mmcblk0p24 mmcblk0p33 mmcblk0p42 mmcblk0p51
/dev/block/platform/soc # [6ncd by-name
/dev/block/platform/soc/by-name # [6nls
DDR cmnlib64 fsg mmi_misc prov syscfg
aboot cmnlib64bak hw modem provbak system
abootbak cmnlibbak keymaster modemst1 recovery tz
apdp devcfg keymasterbak modemst2 rpm tzbak
boot devcfgbak kpan mota rpmbak userdata
cache dpo logo msadp sbl1 utags
carrier dsp logs oem sbl1bak utagsBackup
cid frp metadata padA sp vendor
cmnlib fsc misc persist ssd
/dev/block/platform/soc/by-name # [6nexit
PS C:\Users\dadud\Downloads\TWRP-3.2.1-ali-20180612.img> adb pull /dev/block/platform/soc/by-name/boot stockboot.img
remote object '/dev/block/platform/soc/by-name/boot' not a file or directory
PS C:\Users\dadud\Downloads\TWRP-3.2.1-ali-20180612.img>
(ive got adb/fastboot enabled system wide so itll work out of whatever folder i have open)
Dadud said:
no, it doesnt seem to be working, this is a log my my powershell prompt.
PS C:\Users\dadud\Downloads\TWRP-3.2.1-ali-20180612.img> adb shell
~ # [6n cd /dev/block/platform/soc/
/dev/block/platform/soc # [6nls
by-name mmcblk0p16 mmcblk0p25 mmcblk0p34 mmcblk0p43 mmcblk0p52
by-num mmcblk0p17 mmcblk0p26 mmcblk0p35 mmcblk0p44 mmcblk0p53
mmcblk0 mmcblk0p18 mmcblk0p27 mmcblk0p36 mmcblk0p45 mmcblk0p6
mmcblk0p1 mmcblk0p19 mmcblk0p28 mmcblk0p37 mmcblk0p46 mmcblk0p7
mmcblk0p10 mmcblk0p2 mmcblk0p29 mmcblk0p38 mmcblk0p47 mmcblk0p8
mmcblk0p11 mmcblk0p20 mmcblk0p3 mmcblk0p39 mmcblk0p48 mmcblk0p9
mmcblk0p12 mmcblk0p21 mmcblk0p30 mmcblk0p4 mmcblk0p49 mmcblk0rpmb
mmcblk0p13 mmcblk0p22 mmcblk0p31 mmcblk0p40 mmcblk0p5
mmcblk0p14 mmcblk0p23 mmcblk0p32 mmcblk0p41 mmcblk0p50
mmcblk0p15 mmcblk0p24 mmcblk0p33 mmcblk0p42 mmcblk0p51
/dev/block/platform/soc # [6ncd by-name
/dev/block/platform/soc/by-name # [6nls
DDR cmnlib64 fsg mmi_misc prov syscfg
aboot cmnlib64bak hw modem provbak system
abootbak cmnlibbak keymaster modemst1 recovery tz
apdp devcfg keymasterbak modemst2 rpm tzbak
boot devcfgbak kpan mota rpmbak userdata
cache dpo logo msadp sbl1 utags
carrier dsp logs oem sbl1bak utagsBackup
cid frp metadata padA sp vendor
cmnlib fsc misc persist ssd
/dev/block/platform/soc/by-name # [6nexit
PS C:\Users\dadud\Downloads\TWRP-3.2.1-ali-20180612.img> adb pull /dev/block/platform/soc/by-name/boot stockboot.img
remote object '/dev/block/platform/soc/by-name/boot' not a file or directory
PS C:\Users\dadud\Downloads\TWRP-3.2.1-ali-20180612.img>
(ive got adb/fastboot enabled system wide so itll work out of whatever folder i have open)
Click to expand...
Click to collapse
Okay try this from powershell, it should work.
Code:
adb shell
dd if=/dev/block/platform/soc/by-name/boot of=/tmp/stockboot.img
dd if=/dev/block/platform/soc/by-name/recovery of=/tmp/stockrecovery.img
exit
adb pull /tmp/stockboot.img
adb pull /tmp/stockrecovery.img
kwiksi1ver said:
Okay try this from powershell, it should work.
Code:
adb shell
dd if=/dev/block/platform/soc/by-name/boot of=/tmp/stockboot.img
dd if=/dev/block/platform/soc/by-name/recovery of=/tmp/stockrecovery.img
exit
adb pull /tmp/stockboot.img
adb pull /tmp/stockrecovery.img
Click to expand...
Click to collapse
ended up downloading the new (r40) of ADB instead of the old (r32) and using command line, and had success.. ill edit this post with the google drive links to my boot.img and recovery.img as soon as it uploads (stuck on 512k upload and both are about 22 megs, should be done in 10-15 minutes.)
Edit: Links
https://drive.google.com/open?id=1VWK24zyIl2sGz4H99YrG1G0KdTUmBsG3 <- Boot.img
https://drive.google.com/open?id=1xXEj7vdiikBY5ygZANNeMWwvI1S3DO4H <- Recovery.img
---------- Post added at 01:03 PM ---------- Previous post was at 12:32 PM ----------
Dadud said:
ended up downloading the new (r40) of ADB instead of the old (r32) and using command line, and had success.. ill edit this post with the google drive links to my boot.img and recovery.img as soon as it uploads (stuck on 512k upload and both are about 22 megs, should be done in 10-15 minutes.)
Edit: Links
https://drive.google.com/open?id=1VWK24zyIl2sGz4H99YrG1G0KdTUmBsG3 <- Boot.img
https://drive.google.com/open?id=1xXEj7vdiikBY5ygZANNeMWwvI1S3DO4H <- Recovery.img
Click to expand...
Click to collapse
Say i wanted to flash the pixel experience project treble rom, all i'd have to do is flash the system.img from their download through twrp/fastboot and boot? i've already backed up my original system.img.
edit: attempted, failed. just reboots into bootloader every time i try to start it. reflashing stock system.img
edit: that also failed, along with my twrp backup.
edit 3: unbricked with the firmware found on this forum.
So.... I have tried installing again and ended in bootloops. I just tried installing AOSP phh-treble via fastboot (system.img doesn't need to be signed) and it is booting with the stock unmodified kernel.
Photos.. Also seen this boot logo randomly.. Thought that was interesting..
I am working to see if I can figure out the external sdcard in twrp (as this thread should be about twrp). Figured a booting image might help in that, dunno.
I am trying to make the Galaxy Xcover 4 boot automatically when power is connected. The model number is SM-G390F. I have rooted the device through ODIN/CF Auto Root found on androidmtk (apparently I cannot post links yet due to being a new user).
My first thought was to use fastboot ("fastboot oem off-mode-charge 0"), but since the phone doesn't have fastboot that option is out of the question. I have searched the forums, and found some threads mentioning that I should modify the /system/bin/lpm file. Specifically, the suggestions I found were to replace the contents of the /system/bin/lpm file with
Code:
#!/system/bin/sh
/system/bin/reboot
I tried the above, but to no avail. After changing the /system/bin/lpm file with the above contents, making sure that the file uses Unix EOL characters (no carriage returns, only line feeds), and giving it the correct permissions, the phone just displays an empty battery icon (as opposed to a battery charging animation) upon inserting the power cord, and doesn't boot. It also makes it so that the physical power button stops working; I now have to boot via volume-/home/power. Does anyone have any suggestions or solutions?
Thanks!
In the end I managed to accomplish what I wanted to, but I had to do it in a very fiddly way. Posting it here for future reference for anyone else who might have similar troubles.
The TLDR: I had to edit some init.*.rc files found on the ramdisk. The problem with editing these files directly is that as the name implies, any changes made to the ramdisk during runtime aren't persisted. So what I had to do was to extract the boot partition of the device as an ".img" file onto my development computer, modify a few init.*.rc files, repack the changes as a .img file, and flash it back onto the phone.
Extracting the boot partition
To extract the boot partition, I first found where it is:
Code:
> ls -l /dev/block/platform/13540000.dwmmc0/by-name
lrwxrwxrwx 1 root root 21 2018-08-06 11:00 BOOT -> /dev/block/mmcblk0p10
lrwxrwxrwx 1 root root 20 2018-08-06 11:00 BOTA0 -> /dev/block/mmcblk0p1
lrwxrwxrwx 1 root root 20 2018-08-06 11:00 BOTA1 -> /dev/block/mmcblk0p2
lrwxrwxrwx 1 root root 21 2018-08-06 11:00 CACHE -> /dev/block/mmcblk0p21
lrwxrwxrwx 1 root root 20 2018-08-06 11:00 CARRIER -> /dev/block/mmcblk0p8
lrwxrwxrwx 1 root root 21 2018-08-06 11:00 CDMA-RADIO -> /dev/block/mmcblk0p13
...
As we see, the boot partition lies in /dev/block/mmcblk0p10. So the next step was to
Code:
cat /dev/block/mmcblk0p10 > /sdcard/boot.img
which resulted in a boot.img in the /sdcard/ directory, which I then copied onto my development PC.
Unpacking boot.img
To unpack boot.img, I used a program called Android Image Kitchen. I still cannot post links, so just search for it. After unpacking boot.img, I got a folder called "ramdisk" which contained, among other things, a bunch of init.*.rc files.
Editing the init.*.rc files
I had to make changes to two files, init.rc and init.samsungexynos7570.rc.
For init.rc, I made the following changes:
Removed the lpm service. Example:
Code:
#service lpm /system/bin/lpm
# class charger
# critical
Removed the "on charger" trigger.
Added the following trigger:
Code:
on property:ro.bootmode=charger
trigger late-init
and for init.samsungexynos7570.rc I made these changes:
Removed the lpm service.
Removed the "on property:ro bootmode=charger" triggers.
Repacking the edited ramdisk
To repack the edited ramdisk I once again used Android Image Kitchen.
Flashing the modified ramdisk
To flash the modified ramdisk I used ODIN version 3.12.5. In order for it to be flashable through ODIN the .img file needs to be turned into a .tar file. I used 7zip for this. It is also very important that .img file is called "boot.img" before being tar-ed. Not sure if the .tar file has such stringent naming requirements as well.
The phone now boots automatically when connecting power (if powered off). Caveat: The touch screen does not work when booting via connecting power, but for my own specific scenario this is not a problem as I am going to use the phone as a kiosk device without touch functionality. To enable the touch screen I suspect I just need to preserve some of the stuff in the init.samsungexynos7570.rc file that I initially removed.
Does the device also turn on when you try to power it off if it is still plugged in?