So... a lot of us are stuck on a certain firmware and need to get off of it. A solution to us all (hopefully), is a program called "bspatch" (usually comes with bsdiff). We have a boot.img file (compiled android img) and a boot.img.p (from an OTA update, zip, which we know 100% works and people have updated with the OTA zip).
We need bspatch to stop checking for corruption like it does now and to just force the patch to go. This would help save a lot of users stuck on firmware and we would all appreciate a point in the right direction.
We tried compiling the source of bspatch from many sites, but none seem to compile correctly or even run. We get them to run from binary pre-compiled versions, but those won't help us since it sees the patch as corrupt.
If we can get boot.img from the 6.12.181 fastboot files to patch with the boot.img.p from an ICS like the most current (6.16.206 as of 5/20/2012) we can make a fastboot files that is flashable onto someone stuck on 6.14.84 so they can upgrade to 206 with Moto Recovery.
Also if this magically can be done by the help of the XDA community, we can create a boot.img from 6.12.181 patched with a 4.0.3 boot.img.p (like from 84 or 85, since 79 and below aren't flashable on newer ICS), we can also have a root method for 4.0.4 like the GSM users have.
Best of luck to those who try to help with this!
http://www.daemonology.net/bsdiff/
https://launchpad.net/ubuntu/+source/bsdiff/4.3-10ubuntu1/+build/2960721
Files(s): http://rombot.droidhive.com/ROMs/spyder/BspatchProject.zip
alt link: http://www.filefactory.com/file/1xj6eh1mocz7/n/BspatchProject_zip
Note: My friend tried this already and we got Pre-flash validation errors when trying to fastboot it. Just throwing this idea out there.... best of luck.
EDIT: Added as an attachment.
Thanks to dhacker29 for trying this idea out first
Err.. Doesn't the /system/bin/applypatch can do this already??
I've always used it to patch OTA manualy..
example usage:
Code:
applypatch boot.img boot_new.img [B]X Y Z[/B]:boot.img.p
where
Code:
[B]X[/B] is the target(boot_new.img) sha1sum
[B]Y[/B] is the target(boot_new.img) new size
[B]Z[/B] is the source(boot.img) sha1sum
Obviously it will failed the cert test,
if the patch(boot.img.p) is not intended for the base(boot.img)
Information can be extracted from OTA update-script
example
assert(apply_patch("MTD:boot:8388608:5fff8425560eb 1002b467062de2b355b45090ad7:8388608:2997ddb421e1d4 4b026410339e343f60b3bb65bd",
"-", 2997ddb421e1d44b026410339e343f60b3bb65bd, 8388608,
5fff8425560eb1002b467062de2b355b45090ad7, package_extract_file("patch/boot.img.p")));
Click to expand...
Click to collapse
X = 2997ddb421e1d44b026410339e343f60b3bb65bd
Y = 8388608
Z = 5fff8425560eb1002b467062de2b355b45090ad7
easily done via adb
Code:
adb.exe push boot.img /tmp/
adb.exe push boot.img.p /tmp/
adb.exe shell /system/bin/applypatch /tmp/boot.img /tmp/boot_new.img X Y Z:/tmp/boot.img.p
adb.exe pull /tmp/boot_new.img
whirleyes said:
Err.. Doesn't the /system/bin/applypatch can do this already??
I've always used it to patch OTA manualy..
example usage:
Code:
applypatch boot.img boot_new.img x y z:boot.img.p
where
Code:
x is the target(boot_new.img) sha1sum
y is the target(boot_new.img) new size
z is the source(boot.img) sha1sum
Obviously it will failed the cert test,
if the patch(boot.img.p) is not intended for the base(boot.img)
Click to expand...
Click to collapse
I can confirm that applypatch does have at least some success in patching a boot.img once you can figure out the information required from updater-script found in the OTA you are trying to make fastboot images for. I patched the file obtained by
Code:
dd if=/dev/block/mmcblk1p14 of=/sdcard-ext/b/boot.bin
on a 6.12.181 successfully using the code
Code:
applypatch ./boot.bin ./boot.bin.2 dd9310794842a4908aff55979a9fe97f825e8748 8388608 8e21cfa5d9be4dd08427b079fbff9a80d6e04560:boot.img.p
the code i ripped apart from 6.16.206 is
Code:
assert(apply_patch("MTD:boot:8388608:8e21cfa5d9be4dd08427b079fbff9a80d6e04560:8388608:dd9310794842a4908aff55979a9fe97f825e8748",
"-", dd9310794842a4908aff55979a9fe97f825e8748, 8388608,
8e21cfa5d9be4dd08427b079fbff9a80d6e04560, package_extract_file("patch/boot.img.p")));
to figure out the apply patch code i looked at the info above and compared it to this
[qoute]adb shell applypatch
usage: applypatch <src-file> <tgt-file> <tgt-sha1> <tgt-size> [<src-sha1>:<patch> ...]
or applypatch -c <file> [<sha1> ...]
or applypatch -s <bytes>
or applypatch -l
Filenames may be of the form
MTD:<partition>:<len_1>:<sha1_1>:<len_2>:<sha1_2>:...
to specify reading from or writing to an MTD partition.[/quote] and with a little trial and error got it to work
EDIT
Let me be clear the patched boot.bin.2 does flash perfectly fine. no preflash validation failure.
Anyone on 6.16.206 want to do me a favor and do?
Code:
dd if=/dev/block/mmcblk1p15 of=/sdcard-ext/b/recovery.bin
and email/upload it to me? I'll hit the thanks button </bribe>
SilentViper said:
EDIT
Let me be clear the patched boot.bin.2 does flash perfectly fine. no preflash validation failure.
Anyone on 6.16.206 want to do me a favor and do?
Code:
dd if=/dev/block/mmcblk1p15 of=/sdcard-ext/b/recovery.bin
and email/upload it to me? I'll hit the thanks button </bribe>
Click to expand...
Click to collapse
I asked on the DroidRZR thread for 6.16.206 if anyone could do it, let's see
Edit: By the way which version boot.img is patched and flashable, and could we get a copy?
This is what a user at DroidRzr got when he tryed:
dd if=/dev/block/mmcblk1p15 of=/sdcard-ext/b/recovery.bin
[quote name='Fixter' timestamp='1337690349' post='46825']
Doing it right now Matt.
PS: Cannot Open for Read: Permission Denied
Also, I have root. Let me check now. I forgot to restore root.
Update 2: Cannot Open for Write: No such file or Directory. I copy pasted it, so I know it's right.
[/quote]
dimitri407 said:
This is what a user at DroidRzr got when he tryed:
dd if=/dev/block/mmcblk1p15 of=/sdcard-ext/b/recovery.bin
[quote name='Fixter' timestamp='1337690349' post='46825']
Doing it right now Matt.
PS: Cannot Open for Read: Permission Denied
Also, I have root. Let me check now. I forgot to restore root.
Update 2: Cannot Open for Write: No such file or Directory. I copy pasted it, so I know it's right.
Click to expand...
Click to collapse
[/QUOTE]
He might need to do
Code:
mkdir /sdcard-ext/b
He might need to do
Code:
mkdir /sdcard-ext/b
[/QUOTE]
http://www.mediafire.com/?iihwd669mdxg740
Recovery.bin from DR user Fixter from 206.
Enjoy!
dimitri407 said:
This is what a user at DroidRzr got when he tryed:
dd if=/dev/block/mmcblk1p15 of=/sdcard-ext/b/recovery.bin
[quote name='Fixter' timestamp='1337690349' post='46825']
Doing it right now Matt.
PS: Cannot Open for Read: Permission Denied
Also, I have root. Let me check now. I forgot to restore root.
Update 2: Cannot Open for Write: No such file or Directory. I copy pasted it, so I know it's right.
Click to expand...
Click to collapse
[/QUOTE]
Finally, some headway,
But I have a question is in regards to the DD command (kinda off topic but not really). How do you know that p15 is associated with recovery.bin, well at least for Droid Razr XT912-Verizon. I have some tools that show symlinks in an android file browser, but I am looking for a Linux command as well.
Been trying to find access to the devtree partition as well as cdrom, recovery, cdt.bin (p18=true), and now in this case, boot. I found all but devtree. Any ideas,
X
Open the recovery.img in a hex editor and the partitions are listed at the top.
mattlgroff said:
He might need to do
Code:
mkdir /sdcard-ext/b
Click to expand...
Click to collapse
http://www.mediafire.com/?iihwd669mdxg740
Recovery.bin from DR user Fixter from 206.
Enjoy!
Click to expand...
Click to collapse
AWESOME. I successfully flashed that to my secondary razr that i am playing with these updates on. I used this plus my custom patched boot.bin.2 to successfully boot into recovery. but im currently stuck there because no OTAs will flash from that, and my /system partition isn't the right version, nor anything else for that matter. now I need the rest of the /dev/block files from 206 :/
i'm going to have to figure something out quick
Couldn't you just extract the files from the .206 zip file that you need? Unless if I am missing something of course... just one thought I had on this.
No, those are patch files. To make a fastboot package I need the block dumps
Sent from my DROID RAZR using XDA
SilentViper said:
No, those are patch files. To make a fastboot package I need the block dumps
Sent from my DROID RAZR using XDA
Click to expand...
Click to collapse
Makes sense. Hopefully someone running .206 could provide that to you. Sadly I'm unable to as I'm on .203 on my RAZR. Bummer.
Project Success.
http://www.droidrzr.com/index.php/t...m-icsbut-not-back-to-gb-6148485-616203204206/
Great job to everyone involved!
mattlgroff said:
Project Success.
http://www.droidrzr.com/index.php/t...m-icsbut-not-back-to-gb-6148485-616203204206/
Great job to everyone involved!
Click to expand...
Click to collapse
Awesome! mind posting just the fastboot commands? I tried interpreting the .bat but haven't had much experience with .BATs and am not entirely sure what you are doing
DemoManMLS said:
Makes sense. Hopefully someone running .206 could provide that to you. Sadly I'm unable to as I'm on .203 on my RAZR. Bummer.
Click to expand...
Click to collapse
Not anymore you're not!
Sent from the bottom of my fart
SEMI success. We wanna get us back on the path, not on a later ICS build. This might be okay if it works with the OTA, but...
[TSON] said:
SEMI success. We wanna get us back on the path, not on a later ICS build. This might be okay if it works with the OTA, but...
Click to expand...
Click to collapse
Why wouldn't they be able to use this strategy again and use img file from official ota?
Sent from my DROID SPYDER using Tapatalk 2
Knowing Moto...
[TSON] said:
Knowing Moto...
Click to expand...
Click to collapse
I feel like update is pretty close . I would be impressed if they patched it that quickly
Sent from my DROID SPYDER using Tapatalk 2
Related
This basically (for right now) the stock kernel image with some tweaks to init.
-unsecure boot.img-(perma- rooted adb shell)
-adb remount(mount /system r/w)
-init.d support added in for init scripts(survive after reboot)
-ext4 filesystem mount tweaks-/system/data/cache(faster I/O)
(Actually have a full ext2 version for,****s and giggles, but it boots into the encryption error screen, so cant release that. May have a fix though)
-mem and cache tweaks coming soon
still working on the actual kernel, will release that next, still have lots of work to do
boot.img MD5- fca41dba8f4699b67fd461a1632b65cf
MAKE BACKUP FIRST
You will not have issues if you wipe data, chances are youll be fine if you dont, but if anything starts acting up just wipe data, then install boot.img
This is the actual boot.img and for now has to be flashed with adb with these EXACT commands--
Code:
adb push boot.img /sdcard/
adb shell
su
dd if=/sdcard/boot.img of=/dev/block/mmcblk0 seek=3968 bs=4096 count=2048
reboot
#Thanks Diamondback and friends for offsets
This is not the ideal way to flash this, but i can not get the blob file to staging partition to actually write the image. Im pretty sure its an issue with the signature of the blob file, so if someone wants to pack this into a blob id be glad test it and then update the OP.
My primes been using this boot.img for a few days, along with one other. Flash at your own risk.
NOT COMPATIBLE WITH CM-9
di11igaf said:
This basically (for right now) the stock kernel image with some tweaks to init.
-unsecure boot.img-(perma- rooted adb shell)
-adb remount(mount /system r/w)
-init.d support added in for init scripts(survive after reboot)
-ext4 filesystem mount tweaks-/system/data/cache(faster I/O)
(Actually have a full ext2 version for,****s and giggles, but it boots into the encryption error screen, so cant release that. May have a fix though)
-mem and cache tweaks coming soon
still working on the actual kernel, will release that next, still have lots of work to do
boot.img MD5- fca41dba8f4699b67fd461a1632b65cf
MAKE BACKUP FIRST
You will not have issues if you wipe data, chances are youll be fine if you dont, but if anything starts acting up just wipe data, then install boot.img
This is the actual boot.img and for now has to be flashed with adb with these EXACT commands--
Code:
adb push boot.img /sdcard/
adb shell
su
dd if=/sdcard/boot.img of=/dev/block/mmcblk0 seek=3968 bs=4096 count=2048
reboot
#Thanks Diamondback and friends for offsets
This is not the ideal way to flash this, but i can not get the blob file to staging partition to actually write the image. Im pretty sure its an issue with the signature of the blob file, so if someone wants to pack this into a blob id be glad test it and then update the OP.
My primes been using this boot.img for a few days, along with one other. Flash at your own risk.
Click to expand...
Click to collapse
Great! I'm not the only one who as this problem. For what ever reason I too cannot get the blob to write.
I've tried running the blobpack -s to sign the blob but after trying to write it to the staging partition its a no go.....
EDIT: how are you working on the kernel if it has not been released yet?? JW, not trying to say your not but it would be cool if someone found a way to edit a compiled kernel.
MasterZen88 said:
Great! I'm not the only one who as this problem. For what ever reason I too cannot get the blob to write.
I've tried running the blobpack -s to sign the blob but after trying to write it to the staging partition its a no go.....
EDIT: how are you working on the kernel if it has not been released yet?? JW, not trying to say your not but it would be cool if someone found a way to edit a compiled kernel.
Click to expand...
Click to collapse
ICS kernel source is on the global download site.
Doktaphex said:
ICS kernel source is on the global download site.
Click to expand...
Click to collapse
Correct but thats an older source code V9.4.2.7 right?
MasterZen88 said:
Correct but thats an older source code V9.4.2.7 right?
Click to expand...
Click to collapse
True, I don't know how much they have changed since then. Surely they need to be releasing new source pretty quickly to be in compliance with the license. I don't know enough about that side of things though.
prime has a BLOBSIGN signature in the first 28 bytes of the blob files for prime.
you just need to copy those 28bytes from an existing blob file that works.
this is of course only working on a unlocked prime. then the BLOBSIGN signature is not checked, so anything can be pasted in front of it.
Rayman will update the packblob to include the signature later on.
MasterZen88 said:
Great! I'm not the only one who as this problem. For what ever reason I too cannot get the blob to write.
I've tried running the blobpack -s to sign the blob but after trying to write it to the staging partition its a no go.....
EDIT: how are you working on the kernel if it has not been released yet?? JW, not trying to say your not but it would be cool if someone found a way to edit a compiled kernel.
Click to expand...
Click to collapse
I'm confused. I thought after our PMs you had it flashing just fine?
Sent from my Galaxy Nexus using Tapatalk
jermaine151 said:
I'm confused. I thought after our PMs you had it flashing just fine?
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
Yes it flashed but later I realize non of my settings/changes took effect.
When I stated it work, I had took the stock kernel/initramfs from asus blob, extracted, made no changes at all, recompile like we talked about in our PM's then flashed it. It work but then after I made changes, recompiled. Non of my changes took effect.
Again Jermaine you have been a BIG help. and can only hope one day I can return the favor!!!
jermaine151 said:
I'm confused. I thought after our PMs you had it flashing just fine?
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
MasterZen88 said:
Yes it flashed but later I realize non of my settings/changes took effect.
When I stated it work, I had took the stock kernel/initramfs from asus blob, extracted, made no changes at all, recompile like we talked about in our PM's then flashed it. It work but then after I made changes, recompiled. Non of my changes took effect.
Again Jermaine you have been a BIG help. and can only hope one day I can return the favor!!!
Click to expand...
Click to collapse
Flashing blobs does NOT always work. No idea why yet. Directly dd'ing the boot.img to the right place works BETTER than flashing a blob in some cases...
Asus really screwed up with this Unlocker thing....
MasterZen88 said:
Yes it flashed but later I realize non of my settings/changes took effect.
When I stated it work, I had took the stock kernel/initramfs from asus blob, extracted, made no changes at all, recompile like we talked about in our PM's then flashed it. It work but then after I made changes, recompiled. Non of my changes took effect.
Again Jermaine you have been a BIG help. and can only hope one day I can return the favor!!!
Click to expand...
Click to collapse
No problem. I'm surprised it didn't work for you after you made changes.
Diamondback said:
Flashing blobs does NOT always work. No idea why yet. Directly dd'ing the boot.img to the right place works BETTER than flashing a blob in some cases...
Asus really screwed up with this Unlocker thing....
Click to expand...
Click to collapse
Flashing them to staging seems to work perfectly for me. That's how I made my insecure boot.blob and flashed it. It doesn't matter whether you're on unofficial CWM or Official since if you start your updater-script with unmounting staging, it doesn't hurt anything if staging wasn't mounted. Then you can either dd the blob to mmcblk0p4 or you can directly flash it via:
Code:
package_extract_file("boot.blob", "/dev/block/mmcblk0p4");
I have not found an occasion where this didn't work. You need to make sure that you don't add any --cmdline parameters when you mkbootimg or you will get a bootloop. Staging is definitely the safest way to flash to any partitions on the Prime.
MasterZen88 said:
Correct but thats an older source code V9.4.2.7 right?
Click to expand...
Click to collapse
The kernel versions seem to be the same with the latest .15 build as the previous one. I wonder if they just recompiled the same source and that's why the host name changed to Mercury.
EDIT: I'm going to pack this kernel into a flashable blob and attach it here.
jermaine151 said:
No problem. I'm surprised it didn't work for you after you made changes.
Flashing them to staging seems to work perfectly for me. That's how I made my insecure boot.blob and flashed it. It doesn't matter whether you're on unofficial CWM or Official since if you start your updater-script with unmounting staging, it doesn't hurt anything if staging wasn't mounted. Then you can either dd the blob to mmcblk0p4 or you can directly flash it via:
Code:
package_extract_file("boot.blob", "/dev/block/mmcblk0p4");
I have not found an occasion where this didn't work. You need to make sure that you don't add any --cmdline parameters when you mkbootimg or you will get a bootloop. Staging is definitely the safest way to flash to any partitions on the Prime.
Click to expand...
Click to collapse
Hmm.. not sure whats going on but I did use this command
Code:
mkbootimg --kernel boot.img-kernel.gz --ramdisk newramdisk.cpio.gz -o newboot.img
To recompile the boot.img then used the new blobtoolsv2 to repack the blob
Code:
blobpack -s kernelblob blob.LNX newboot.img
I know staging is unmounted because I'm using your updater-script
jermaine151 said:
Flashing them to staging seems to work perfectly for me. That's how I made my insecure boot.blob and flashed it. It doesn't matter whether you're on unofficial CWM or Official since if you start your updater-script with unmounting staging, it doesn't hurt anything if staging wasn't mounted. Then you can either dd the blob to mmcblk0p4 or you can directly flash it via:
Code:
package_extract_file("boot.blob", "/dev/block/mmcblk0p4");
I have not found an occasion where this didn't work. You need to make sure that you don't add any --cmdline parameters when you mkbootimg or you will get a bootloop. Staging is definitely the safest way to flash to any partitions on the Prime.
Click to expand...
Click to collapse
if you copy the blob, while p4 is mounted to staging in cwm, you will have a problem when you reboot, as the filesystem umount, and that cause a small change to the mounted filesystem, to indicate it is umounted normally. and the p4 partition becomes invalid.
so it can easily become a problem if p4 is mounted.
at least thats how i experienced the problem when seen initially.
Dexter_nlb said:
if you copy the blob, while p4 is mounted to staging in cwm, you will have a problem when you reboot, as the filesystem umount, and that cause a small change to the mounted filesystem, to indicate it is umounted normally. and the p4 partition becomes invalid.
so it can easily become a problem if p4 is mounted.
at least thats how i experienced the problem when seen initially.
Click to expand...
Click to collapse
That's why I said to always add an unmount("/staging"); to the top of your script. The attached flashable zip works perfectly on the official CWM; staging is not mounted by default, but I told the script to unmount it anyway in case someone with the unofficial CWM tries to flash it. If it's already unmounted, the script just continues.
Anyone may use this as a template for consistently flashing a kernel to staging.
MasterZen88 said:
Hmm.. not sure whats going on but I did use this command
Code:
mkbootimg --kernel boot.img-kernel.gz --ramdisk newramdisk.cpio.gz -o newboot.img
To recompile the boot.img then used the new blobtoolsv2 to repack the blob
Code:
blobpack -s kernelblob blob.LNX newboot.img
I know staging is unmounted because I'm using your updater-script
Click to expand...
Click to collapse
Hmm... That all looks good. What happens after you attempt to flash this and what changes did you make to the ramdisk?
EDIT: Hey, I just re-read your PM. It sounds like you're editing the wrong file in the ramdisk. To make an insecure boot image, you should be editing init.rc, NOT init.cardhu.rc.
Here's a great guide to follow. It's the same procedure for the Prime as the original Transformer:
http://forum.xda-developers.com/showthread.php?t=1193737
jermaine151 said:
Hmm... That all looks good. What happens after you attempt to flash this and what changes did you make to the ramdisk?
EDIT: Hey, I just re-read your PM. It sounds like you're editing the wrong file in the ramdisk. To make an insecure boot image, you should be editing init.rc, NOT init.cardhu.rc.
Here's a great guide to follow. It's the same procedure for the Prime as the original Transformer:
http://forum.xda-developers.com/showthread.php?t=1193737
Click to expand...
Click to collapse
Okay that makes sense. One f my changes was to default.prop for insecure boot.img
Code:
ro.secure=0
This did not show after I flashed. But I will try again in a couple hour's once my workload calms down... SysAdmin life is not easy...lol
MasterZen88 said:
Okay that makes sense. One f my changes was to default.prop for insecure boot.img
Code:
ro.secure=0
This did not show after I flashed. But I will try again in a couple hour's once my workload calms down... SysAdmin life is not easy...lol
Click to expand...
Click to collapse
LOL! I meant to say default.prop and not init.rc. I totally understand. I used to be a SysSdmin too. Now I moved more towards the networking side of things. Much more calm.
jermaine151 said:
LOL! I meant to say default.prop and not init.rc. I totally understand. I used to be a SysSdmin too. Now I moved more towards the networking side of things. Much more calm.
Click to expand...
Click to collapse
Would love to be on that side of the tracks. I'm banging my head against the wall right now trying to figure out how to implement Microsoft System Center Service Manager 2010 and on top of that one of our Citrix Broker boxes went down last night... Not a funny day at all. But I'll keep this thread about Android...for now....
No, unfortunately flashing a blob does not always do the same as dd'ing boot.img directly. We recently had a case were someone lost root access. the only way to recover was to directly dd a boot.img.
Flashing the SAME boot.img via blob did not work (nor did any other blob we tested)
So blob flashing obviously has some quirks....
Diamondback said:
No, unfortunately flashing a blob does not always do the same as dd'ing boot.img directly. We recently had a case were someone lost root access. the only way to recover was to directly dd a boot.img.
Flashing the SAME boot.img via blob did not work (nor did any other blob we tested)
So blob flashing obviously has some quirks....
Click to expand...
Click to collapse
I just haven't see that issue flashing any of my blobs and CM9 is using the same method and it's working. Who knows.
jermaine151 said:
I just haven't see that issue flashing any of my blobs and CM9 is using the same method and it's working. Who knows.
Click to expand...
Click to collapse
We only had it one time too, but one time is enough to scare me further
This whole blob stuff just is crap
My email is [email protected]
Be rooted. Have a computer with adb working, or do this from an android terminal emulator. The instructions are for adb.
The applypatch commands are going to have [] around them to show you what to put, but we not used in the actualy script.
-----------------------------------------------------------------
Code:
adb shell
su
cd sdcard-ext
applypatch [Original Boot.img] [Desired Name of new Boot.img] [A] [B] [C]:[boot.img.p]
-----------------------------------------------------------------
A = Desired Boot.img's Sha-1 sum
B = Size (in bytes) of the desired boot.img
C = Original Boot.img's Sha-1sum
Looking at the updater-script you can see this line of code or something similar for applying the boot.img.p to the phone's boot.img.
You need this as a reference for the SHA-1 sums of the patch and boot.img and desired final boot.img.
//Reference script\\
Code:
assert(apply_patch("MTD:boot:[B]:[C]:[B]:[A]",
"-", [A], [B],
[C], package_extract_file("patch/boot.img.p")));
//Actual script\\
Code:
assert(apply_patch("MTD:boot:8388608:fe086e1f547082c3cf2a5f65dacb81fd232ecd89:8388608:4a7070c32d0312aa48e52e207c7932434bc46cb1",
"-", 4a7070c32d0312aa48e52e207c7932434bc46cb1, 8388608,
fe086e1f547082c3cf2a5f65dacb81fd232ecd89, package_extract_file("patch/boot.img.p")));
Actual commands used to patch D4 .219 fastboot file boot.img with D4 6.16.208 boot.img.p:
------------------------------------------------------------------------------------------
Code:
adb shell
su
cd sdcard-ext
applypatch boot219.img boot208.img 4a7070c32d0312aa48e52e207c7932434bc46cb1 8388608 fe086e1f547082c3cf2a5f65dacb81fd232ecd89:boot208.img.p
------------------------------------------------------------------------------------------
mattlgroff said:
My email is [email protected]
Be rooted. Have a computer with adb working, or do this from an android terminal emulator. The instructions are for adb.
The applypatch commands are going to have [] around them to show you what to put, but we not used in the actualy script.
Click to expand...
Click to collapse
Thank you very much mattlgroff. Our Razr Dev section really need more tutorials as this one.
Excellent !
-- Edit --
Do you mind bringing us a Tutorial to port an ICS system app to make it work in another ICS?
Here's an example: SoundRecorder.app from a Motola GSM ICS leak to Retail.BR GSM ICS 4.0.4
This really worth a really cold beer.
BTW. I can provide you all the files you may need or follow a guide to make it work to upcoming Razr's ICS. I've tools to extract .img, DD's even an app compiler. But I get stuck in signing. framework-res.apk etc.
Reason: Some features are built in some ICS versions but not in others. There's more apps, like SIP native support wich are not present in most ICS 4.0.4. I've tried a few Tutorials, but they aren't that much noob Engineering friendly. lol
Thanks man
pedrotorresfilho said:
Do you mind bringing us a Tutorial to port an ICS system app to make it work in another ICS?
Here's an example: SoundRecorder.app from a Motola GSM ICS leak to Retail.BR GSM ICS 4.0.4
This really worth a really cold beer.
BTW. I can provide you all the files you may need or follow a guide to make it work to upcoming Razr's ICS. I've tools to extract .img, DD's even an app compiler. But I get stuck in signing. framework-res.apk etc.
Reason: Some features are built in some ICS versions but not in others. There's more apps, like SIP native support wich are not present in most ICS 4.0.4. I've tried a few Tutorials, but they aren't that much noob Engineering friendly. lol
Thanks man
Click to expand...
Click to collapse
I've never done any modifications of apk's like this, I'm more into leaks and utilities
I agree that someone should make tutorials on this though. Sharing our knowledge is the best way to not have to repeat trying things that don't work over and over.
mattlgroff said:
I've never done any modifications of apk's like this, I'm more into leaks and utilities
I agree that someone should make tutorials on this though. Sharing our knowledge is the best way to not have to repeat trying things that don't work over and over.
Click to expand...
Click to collapse
Hi mattlgroff!
Do you know a Dev that may help us?
Thanks
pedrotorresfilho said:
Hi mattlgroff!
Do you know a Dev that may help us?
Thanks
Click to expand...
Click to collapse
I don't sorry.
apktool
I thought it was possible to make changes to an apk with apktool and then repack those changes back into original apk so you don't lose signing.
X
xlightwaverx said:
I thought it was possible to make changes to an apk with apktool and then repack those changes back into original apk so you don't lose signing.
X
Click to expand...
Click to collapse
We need to figure out how to check for dependencies on these disassembled APK files.
Also, these applypatch instructions have been posted by whirleyes before: http://forum.xda-developers.com/showpost.php?p=26363001&postcount=2
trying to figure out why manually patching would be necessary, why not just dd the boot.img partition after updating?
Q9Nap said:
trying to figure out why manually patching would be necessary, why not just dd the boot.img partition after updating?
Click to expand...
Click to collapse
If no one who knows how can upgrade to that version. Here on the XT912 Verizon front, barely anyone is left on GB who can help us with this. This way I can pull a leak and flash it within minutes with no external help.
What I am doing wrong? It doesnt work. I get always an error:
"bootxxx.img" is already target; no patch needed.
I did everything like described in the OP.
Edit: My fault. Want to update an older boot.img to the newer one using the boot.img.p, but it doesn't work.
EDIT: It worked. As you said, it shows an error but done it already. Thx!
Hi guys, is there any way to let the patch install with any SHA for the currently installed boot.img ? Magisk messes it up so OTA updates cannot work
I am wondering if anyone knows of a way to take the latest ota zip for the Xperia S, decrypt it, edit the version, repack it, then be able to flash it. Right now it will not let me flash over the current version r5 because it is the same version. I am stuck on the blue wave animation perpetually after screwing up my services.jar. I have no adb access and my only hope is to flash in recovery or wait until the next update comes out...
I was told by a Sony tech yesterday the Jelly Bean update for the Xperia S will not be until January...
EDIT: There is a way to fool the recovery. Does anyone have a modified r5 ota for the Xperia edited for a higher incremented version they could share?
bjanice44 said:
I am wondering if anyone knows of a way to take the latest ota zip for the Xperia S, decrypt it, edit the version, repack it, then be able to flash it. Right now it will not let me flash over the current version r5 because it is the same version. I am stuck on the blue wave animation perpetually after screwing up my services.jar. I have no adb access and my only hope is to flash in recovery or wait until the next update comes out...
I was told by a Sony tech yesterday the Jelly Bean update for the Xperia S will not be until January...
EDIT: There is a way to fool the recovery. Does anyone have a modified r5 ota for the Xperia edited for a higher incremented version they could share?
Click to expand...
Click to collapse
If it is the same as Sony Tab S then you would need to disable the signature check to flash a modded update. To add to the bad news, that is no longer able to work with new recovery (that came with r5, for older tab anyway)
Any chance you can take it in under warrantly?? They may not be able to tell that you messed with it
stifilz said:
If it is the same as Sony Tab S then you would need to disable the signature check to flash a modded update. To add to the bad news, that is no longer able to work with new recovery (that came with r5, for older tab anyway)
Any chance you can take it in under warrantly?? They may not be able to tell that you messed with it
Click to expand...
Click to collapse
Thanks for the response. Yeah I guess I am going to have to send it in or .. the other option is to wait for another update, but not knowing when that will be sucks. The Sony tech told me yesterday (when I called to find out my options..and I can send it in) that the Jelly Bean update is coming in January..So the question is will Sony have another update to ICS before then. Perhaps..
bjanice44 said:
Thanks for the response. Yeah I guess I am going to have to send it in or .. the other option is to wait for another update, but not knowing when that will be sucks. The Sony tech told me yesterday (when I called to find out my options..and I can send it in) that the Jelly Bean update is coming in January..So the question is will Sony have another update to ICS before then. Perhaps..
Click to expand...
Click to collapse
The funny thing is that I know which file is corrupted in the system. Its the services.jar. If only there was a way for me to replace that file....It would boot.
bjanice44 said:
The funny thing is that I know which file is corrupted in the system. Its the services.jar. If only there was a way for me to replace that file....It would boot.
Click to expand...
Click to collapse
Yeh guttered. Can you check if you can get adb shell in recovery??? I know it is late now but this is why the AIO tool changes the incremental to a lower one... So we can flash same update if it turns to custard
stifilz said:
Yeh guttered. Can you check if you can get adb shell in recovery??? I know it is late now but this is why the AIO tool changes the incremental to a lower one... So we can flash same update if it turns to custard
Click to expand...
Click to collapse
No ADB shell. I guess I'll send it in. Watch.. 2 days after I send it in there will be an update..
bjanice44 said:
No ADB shell. I guess I'll send it in. Watch.. 2 days after I send it in there will be an update..
Click to expand...
Click to collapse
Lol. That would be awesome
stifilz said:
If it is the same as Sony Tab S then you would need to disable the signature check to flash a modded update. To add to the bad news, that is no longer able to work with new recovery (that came with r5, for older tab anyway)
Any chance you can take it in under warrantly?? They may not be able to tell that you messed with it
Click to expand...
Click to collapse
stifilz is there really no other way we can revert back to the old Recovery? I mean like finding someone who is still on HC 3.2? and asking him to prepare the needed stuffs like the decrypt one? sorry but im really desperate on fixing the issue my tab is experiencing. and can we still hope for an updated AIO tool that might even work with the latest recovery mode?
mawnstermew said:
stifilz is there really no other way we can revert back to the old Recovery? I mean like finding someone who is still on HC 3.2? and asking him to prepare the needed stuffs like the decrypt one? sorry but im really desperate on fixing the issue my tab is experiencing. and can we still hope for an updated AIO tool that might even work with the latest recovery mode?
Click to expand...
Click to collapse
I have tried to flash 11000 (3.2), 0035(3.2.1), 0042(3.2.1R2), ICS, R1A and NONE of these change the recovery back, i also tied NZ and US files, I was lucky enough to locate US files and had the NZ files saved to my PC. I have looked into AIO tool and read through the code, it runs a certain command in adb shell in recovery (WHICH WE NO LONGER HAVE GRR) so it can not be done ATM.
Maybe there is some file we can change on the tab to enable shell in adb again. From memory shell does not work with non-root devices and when we root we can use adb shell. (Can someone verify this, bad memory lol)
Anyway there could be something I am missing, well hoping anyway
You know you can change the incremental in vendor/vendor.prop to a lower one to flash an OLDER OTA.... Right??
Stifilz
stifilz said:
I have tried to flash 11000 (3.2), 0035(3.2.1), 0042(3.2.1R2), ICS, R1A and NONE of these change the recovery back, i also tied NZ and US files, I was lucky enough to locate US files and had the NZ files saved to my PC. I have looked into AIO tool and read through the code, it runs a certain command in adb shell in recovery (WHICH WE NO LONGER HAVE GRR) so it can not be done ATM.
Maybe there is some file we can change on the tab to enable shell in adb again. From memory shell does not work with non-root devices and when we root we can use adb shell. (Can someone verify this, bad memory lol)
Anyway there could be something I am missing, well hoping anyway
You know you can change the incremental in vendor/vendor.prop to a lower one to flash an OLDER OTA.... Right??
Stifilz
Click to expand...
Click to collapse
-.- sadly i dont know how to change such things. can you please tell me how to do it? ive been looking for ways to downgrade to HC but iim getting prohibit basebrand or SKU version or something like that
mawnstermew said:
-.- sadly i dont know how to change such things. can you please tell me how to do it? ive been looking for ways to downgrade to HC but iim getting prohibit basebrand or SKU version or something like that
Click to expand...
Click to collapse
Use AIO tool. Tweaks and mods then install rescue backdoor
Or
Download root explorer or similar. Open riot exolorer and navigate to vendor folder.
Long click vendor.prop and then select edit with text editor
Change the number to a lower one. Take of the last digit will do.
Click three dots for options and save
All done flash what you like
stifilz said:
Use AIO tool. Tweaks and mods then install rescue backdoor
Or
Download root explorer or similar. Open riot exolorer and navigate to vendor folder.
Long click vendor.prop and then select edit with text editor
Change the number to a lower one. Take of the last digit will do.
Click three dots for options and save
All done flash what you like
Click to expand...
Click to collapse
That one needs a rooted tablet right? Im having troubles rootig my tab even with b4narys script. If I choose to downgrade to 3.2 what no should I chane the las t two digits to?
mawnstermew said:
That one needs a rooted tablet right? Im having troubles rootig my tab even with b4narys script. If I choose to downgrade to 3.2 what no should I chane the las t two digits to?
Click to expand...
Click to collapse
Needs root yes. Just delete the last digit
stifilz said:
Needs root yes. Just delete the last digit
Click to expand...
Click to collapse
thanks! BTW im still able to flash to ICS updates right? BTW im not able to install pre rooted ics if i try to reflash to lower versions due to the inability of AIO tool to decrypt?
From AIO you can decrypt and flash anything lol. Except if you have the r5 recovery it wont work at all
i tried with B4nary's script again but all im getting is the terminal emulator. did you do something with the backupandrestore.apk? cuz i tried installing it and im getting forced close everytime i try to open it.
BTW im on r5 so i wont be able to downgrade? im still stuck at rooting it
mawnstermew said:
i tried with B4nary's script again but all im getting is the terminal emulator. did you do something with the backupandrestore.apk? cuz i tried installing it and im getting forced close everytime i try to open it.
BTW im on r5 so i wont be able to downgrade? im still stuck at rooting it
Click to expand...
Click to collapse
You are typing in /data/local/tmp/onload.sh and then /data/local/tmp/onload2.sh????
You can change incremental after root and flash a ICS or R1A or even HC if you have the file
Stifilz
stifilz said:
You are typing in /data/local/tmp/onload.sh and then /data/local/tmp/onload2.sh????
You can change incremental after root and flash a ICS or R1A or even HC if you have the file
Stifilz
Click to expand...
Click to collapse
i just followed the instrucions stated here http://forum.xda-developers.com/showthread.php?t=1886460 i used the normal mode to unlock but then im getting the on the "mount: permission denied and then i tried using special mode to root and finally after everything was done all that was installed in my tablet is a terminal emulator, some applications were lost in the process such as my avast anti virus and play store.
stifilz said:
You are typing in /data/local/tmp/onload.sh and then /data/local/tmp/onload2.sh????
You can change incremental after root and flash a ICS or R1A or even HC if you have the file
Stifilz
Click to expand...
Click to collapse
[email protected]:/ $ export PATH=/data/local/bin:$PATH
[email protected]:/ $ /data/local/tmp/onload.sh
Unable to chmod /data: Operation not permitted
Unable to chmod /data/local/tmp/mkdevsh: Operation not permitted
failed on 'property' - Permission denied
mkdir failed for property, File exists
link failed Permission denied
link failed Permission denied
rm failed for property, Permission denied
failed on 'property.org' - Permission denied
255|[email protected]:/ $ data/local/tmp/onload2.sh
Unable to chmod /data: Operation not permitted
Unable to chmod /data/local/tmp/remount.sh: Operation not permitted
failed on 'property' - Permission denied
mkdir failed for property, File exists
link failed Permission denied
link failed Permission denied
rm failed for property, Permission denied
failed on 'property.org' - Permission denied
255|[email protected]:/ $
btw stifilz, can you share to me your edited bin4ry's script? the one with the re-signed vpnfaker? it tried signing it but it still doesnt work saying something about the vpnfaker. I think there was something wrong with the way i signed it. it might work if i try to use the one you made.
mawnstermew said:
[email protected]:/ $ export PATH=/data/local/bin:$PATH
[email protected]:/ $ /data/local/tmp/onload.sh
Unable to chmod /data: Operation not permitted
Unable to chmod /data/local/tmp/mkdevsh: Operation not permitted
failed on 'property' - Permission denied
mkdir failed for property, File exists
link failed Permission denied
link failed Permission denied
rm failed for property, Permission denied
failed on 'property.org' - Permission denied
255|[email protected]:/ $ data/local/tmp/onload2.sh
Unable to chmod /data: Operation not permitted
Unable to chmod /data/local/tmp/remount.sh: Operation not permitted
failed on 'property' - Permission denied
mkdir failed for property, File exists
link failed Permission denied
link failed Permission denied
rm failed for property, Permission denied
failed on 'property.org' - Permission denied
255|[email protected]:/ $
btw stifilz, can you share to me your edited bin4ry's script? the one with the re-signed vpnfaker? it tried signing it but it still doesnt work saying something about the vpnfaker. I think there was something wrong with the way i signed it. it might work if i try to use the one you made.
Click to expand...
Click to collapse
Ok doubt it will work but it is attached. I have zipped it up to add as attachment.
Please unzip it and then replace the file (of same name) in the 'stuff' directory of bin4ry's tool.
Good luck once again
From Sammobile new 4.4.2 P5210XXUBNH1
Luxor said:
From Sammobile new 4.4.2 P5210XXUBNH1
Click to expand...
Click to collapse
http://samsung-updates.com/device/
there is the download link i am downloading it right now.
will it work on my dutch tab 3 10.1?
damian312 said:
http://samsung-updates.com/device
there is the download link i am downloading it right now.
will it work on my dutch tab 3 10.1?
Click to expand...
Click to collapse
downloading now too, please report!
Downloading.
nowo said:
downloading now too, please report!
Click to expand...
Click to collapse
I am a little afraid to test it.
Do i have to flash through odin?
hey,
if you guys are hesitant, i'll test it. give me a couple of hours to get it and do the usual
@Restl3ss - dude OP look !
m
moonbutt74 said:
hey,
if you guys are hesitant, i'll test it. give me a couple of hours to get it and do the usual
@Restl3ss - dude OP look !
m
Click to expand...
Click to collapse
You are the man.
i wait for it
dead link bud!
RoninTPD said:
dead link bud!
Click to expand...
Click to collapse
http://samsung-updates.com/device/
not that hard to fix it:good:
Installing. can't wait to pull it apart.
CAG-man said:
Installing. can't wait to pull it apart.
Click to expand...
Click to collapse
cag,
when you are go can you pull the /system/vendor directory and post it?
also /system/bin/toolbox ?
my download just started , i can't wait !!
m
M,
I will do so.
Holy crap, finally!
damian312 said:
http://samsung-updates.com/device/
not that hard to fix it:good:
Click to expand...
Click to collapse
thanks!!:good:
CAG-man said:
Installing. can't wait to pull it apart.
Click to expand...
Click to collapse
Does it work?
The firmware works, but two things are proving to be very difficult.
one is extracting system.img, i dont know what's different, but the method i used for the 4.2 firmwares just crashes now.
two, and this is a big one
rooting it..
working on it
edit: super SU 1.9.4 zip from chainfire worked. No other method works though, the superuser apk will install but the binary doesn't stick
edit 2: successfully extracted the system image
notes
hey,
if the update with the t211 was any indication, be sure to only write boot.img and system.img
i am making a flashable zip and will post after i get it right and debloated and get the script correct.
realistically, sometime tomorrow, will update.
@Restl3ss okay so iam laughing at myself right now becuase i can not get the damned thing to write. i don't use windows
so no odin. i have tried dd writing the images but on boot i hang at logo and with no adb i can't get a visual on the problem.
i have a .zip put together to do the same and get the same. i have another zip set up ota style but can't script worth a damn.
can you whip up a script and post it?
an interesting note- in /sbin is a binary file named partlink. thoughts?
Restl3ss
@Restl3ss
okay so this is the joke
i am too poor to upload a large file to devhost. :laugh:
solution - i going to upload the otapackge for the firmware WITHOUT the system folder.
the package has the modified to unsecure boot.img and the updater script which just happens to be the
same one i am using for cm11 :laugh: :victory:
these are the instructions for converting, mounting and pulling the system image into an cwm flashable zip
to convert and mount sparse .img in terminal
simg2img system.img system.img.ext4
mount -o loop system.img.ext4 /a/directory
then nav to that directory in file browser, copy the contents of /system and insert in to package.
there is also a second step to correct issues with symlinks in vendor. drop that package into ota second
sorry for the inconvenience. it's in your folder with the patches.
but hey, i'm poor.
m
i'm running it right now and it seems very kitkatty
If i flash 4.4 can i still flash back to 4.2.2?
moonbutt74 said:
@Restl3ss
okay so this is the joke
i am too poor to upload a large file to devhost. :laugh:
solution - i going to upload the otapackge for the firmware WITHOUT the system folder.
the package has the modified to unsecure boot.img and the updater script which just happens to be the
same one i am using for cm11 :laugh: :victory:
these are the instructions for converting, mounting and pulling the system image into an cwm flashable zip
to convert and mount sparse .img in terminal
simg2img system.img system.img.ext4
mount -o loop system.img.ext4 /a/directory
then nav to that directory in file browser, copy the contents of /system and insert in to package.
there is also a second step to correct issues with symlinks in vendor. drop that package into ota second
sorry for the inconvenience. it's in your folder with the patches.
but hey, i'm poor.
m
i'm running it right now and it seems very kitkatty
Click to expand...
Click to collapse
got it system folder is properly extracted and what not, trying to deodex. About 10 apks are failing on every deodex attempt, can't figure out why. Gonna upload a 100% stock to xda anyway, deodexed + rooted will just have to come a bit later.
I've spent last day automating the guide at https://forum.xda-developers.com/t/guide-t220-t225-flash-a-gsi-on-the-a7-lite-without-twrp.4456821/ into a bash script (linux only)!
Here it is releasing it for anyone that needs it
Code:
I am not responsible whatever happens to your device
by using this script, i have tested it on my own device
and it worked but it may or may not work for you.
I will do my best to help you but that may be limited
as i have other responsibilities in life
Before starting read the third post
UsageDownload the your desired firmware from somewhere like samfw.com and extract it
Download your desired GSI image and extract it
Download otatools-mini, gsi-build script and vbmeta image, place them all together inside one directory (extract the otatools-mini next to the script)
Download patched odin
Run this in Linux or WSL!
Code:
$ ./build-gsi.sh <PATH TO YOUR AP FILE .tar.md5> <PATH TO GSI .img>
And let it do the work, may take a while depending on your PC
You may get something like this in the process, ignore it
Code:
Invalid sparse file format at header magic
Then go into download mode (VOLUME UP and DOWN when plugging in USB) and flash the CUSTOM_AP file you got from the script and BL, CSC from the firmware you used, DO NOT USE HOME_CSC
Reboot into recovery and factory reset (VOLUME UP while booting)!
If you are getting dm-verify error then flash the vbmeta_disabled_R (it needs to be .tar, extract it) in odin as AP and try rebooting again into recovery
DownloadsI used to provide one archive but it was large and i couldnt change the script without reuploading it so i am going to use gist for the script and provide other files separately
ota-tools-mini
build-gsi.sh
Getting HelpIf you want me to help you ALWAYS post full output from the script, and make sure to use the latest script from the gist
I've spent a lot of time trying to make it work with all GSIs but i could not get it to work consistently
By default it works for all smaller GSIs, if you get the following error
Code:
ERROR: Output image is bigger than original super image, rerun the script with correct super image size
Then you will have to manually provide the new super size which i cannot help you with try to guess but it has to be divisible by 512
Not enough free space to expand partition: vendor
error while repacking
i have a lot of space . but it shows me like that
lpmake E 01-15 23:22:16 100 100 builder.cpp:698] [liblp]Not enough free space to expand partition: vendor
i am using debian wsl
Please post full script log in a spoiler or pastebin
sandorex said:
Please post full script log in a spoiler or pastebin
Click to expand...
Click to collapse
Could you try normal AP file not the magisk patched, i do not know how it modifies it
Also from my experience you do not need to patch whole AP file for magisk, you just need to patch the boot.img, zip it then flash it
OK . i will try
i tried with original ap file but same error
dxsyrz said:
i tried with original ap file but same error
Click to expand...
Click to collapse
It seems for some reason your gsi is too big, i managed to reproduce it, ill see if i can fix it
@dxsyrz can you test this one, it should work now
EDIT: i've updated the gist so you can just use that instead
good util but test more.
tom.android said:
good util but test more.
Click to expand...
Click to collapse
It worked for me, i would not release it if it did not work
sandorex said:
It worked for me, i would not release it if it did not work
Click to expand...
Click to collapse
OK sorry to write that message.
sandorex said:
It worked for me, i would not release it if it did not work
Click to expand...
Click to collapse
Well, something did not work in my case:
:: Uncompressing super image
super.img.lz4 : decoded 5637366988 bytes
:: Running simg2img
./build-gsi.sh: line 79: /mnt/c/Users/Zero/Desktop/otatools-mini/otatools-mini/simg2img: No such file or directory
^ Despite the files actually existing. You tell me cuz I've no idea (do note I do know how to do this manually, was just trying your script to simplify everything).
nirogu325 said:
Well, something did not work in my case:
:: Uncompressing super image
super.img.lz4 : decoded 5637366988 bytes
:: Running simg2img
./build-gsi.sh: line 79: /mnt/c/Users/Zero/Desktop/otatools-mini/otatools-mini/simg2img: No such file or directory
^ Despite the files actually existing. You tell me cuz I've no idea (do note I do know how to do this manually, was just trying your script to simplify everything).
Click to expand...
Click to collapse
You need to place otatools-mini in folder next to the script not together with the script
hi i have this problem
izimen said:
hi i have this problem
View attachment 5814501
Click to expand...
Click to collapse
You havs a space in your path, its actually a bug but you can jist move the files to somewhere without spaces
EDIT: Fixed it on gist
sandorex said:
You havs a space in your path, its actually a bug but you can jist move the files to somewhere without spaces
EDIT: Fixed it on gist
Click to expand...
Click to collapse
ok i try
bro it worked thank you I managed to make it work with a GSI and when I try with another I have this error