Better Mobile App

Editing the initrd (ramdisk)?

Anyone know how to do that and bundle it back up into a zImage we can flash on the Vibrant/Galaxy S? HTC's boot.img was reasonably simple to mod, but I haven't found any good data on re-assembling the zImage Samsung uses. I have been able to extract the initrd, but nothing on putting it back together.
I'd prefer not to completely build the kernel, as I'd like to keep using JACs and he hasn't posted the source. And I'd have to build the cross-compiler as well, time consuming.

Irritating, the Samsung kernel source build works but doesn't do this bit either. No initrd... grrrr...

No doubt there is a way to reverse-engineer the way the kernel and ramdisk is put together, but it's way beyond my capability at the moment. With that said, if we can take it apart, we can probably put it back together.

i too am looking for instructions how to repack and/or split this

Jr33 said:
i too am looking for instructions how to repack and/or split this
Click to expand...
Click to collapse
Here's how you pull the initrd out from a Vibrant image, well, JAC OCv4 anyway.. Based on a thread and script in the international Galaxy S forum. I still don't know how to re-assemble it, but Wes put some stuff in git that might help, I'm still building after a repo sync. After you run the script with the zImage as the only parameter, you should get an initrd directory with the extracted contents of the ramdisk.
Code:
#!/bin/sh
zImage=$1
#=======================================================
# find start of gziped kernel object in the zImage file:
#=======================================================
pos=`grep -a -b --only-matching $'\x1F\x8B\x08' $zImage | cut -f 1 -d :`
echo "-I- Extracting kernel image from $zImage (start = $pos)"
# dd if=$zImage bs=1 skip=$pos | gunzip > kernel.img
#===========================================================================
# find start and end of the "cpio" initramfs image inside the kernel object:
# ASCII cpio header starts with '070701'
# The end of the cpio archive is marked with an empty file named TRAILER!!!
#===========================================================================
search=`perl -e'print "\x1F\x8B\x08"'`
start=`grep -a -b --only-matching $search kernel.img | head -1 | cut -f 1 -d :`
echo "-I- Extracting initramfs image from kernel.img (start = $start, end = $end)"
dd if=kernel.img bs=1 skip=$start | gzip -d -c > initramfs.img
mkdir initrd
cd initrd
cpio -i --no-absolute-filenames < ../initramfs.img

[Q] Has anybody know how to root GT-I9001

Hi,
Is there some way to root I9001 now or I have to wait.
Firmware I9001XXKE8
Android 2.3.3
Kernel 2.6.35.7
I tried several methods (Superoneclick 1.7, 1.9.1, Gingerbreak 1.2) available for I9000 but nothing positive.
If someone can guide me in this process will be very appreciated.

Go here for step by step instructions: http://androidhogger.com/how-to-root-samsung-galaxy-s2-heres-the-tutorial.html.

Hi,
It is guide for I9100 but I have I9001 it is completely different hardware, so I doubt that the same guide can be applied to I9001.

Any news on rooting? Have you sucseeded?

No, still waiting, but it starts to sell to mass in Russia so soon will get news.

Since yesterday the new 2.3.4 firmware is out:
http://netload.in/datei5X4ZyAkNkO/I9001XXKP4_v2.3.4.rar.htm
(edit: maybe its not 2.3.4 ... samfirmware write 2.3.3)
... but we wait still for the root...
SPOOKY

afaik 2.3.x cannot be rooted. only 2.2.x

sweetnsour said:
afaik 2.3.x cannot be rooted. only 2.2.x
Click to expand...
Click to collapse
Say what? Ofcourse 2.3.x can be rooted. We just have to get more attention to the 9001 so that the rom builders actively start devving this device.

Any one knows how to root this device?
Sent from my GT-I9001 using XDA Premium App

I'm looking for a solution as well, please don't make me use Touchwiz..

Have tried to look into ways to root this phone. It looks like it'll need to be root in similar way to i9100. So guess will need to wait for dev to come up with a special kernel for rooting.

İ hope they they ll come up with new karnel as soon.as possible
Sent from my GT-I9001 using Tapatalk

sweetnsour said:
afaik 2.3.x cannot be rooted. only 2.2.x
Click to expand...
Click to collapse
Here http://forum.xda-developers.com/archive/index.php/t-1136781.html is afaik 2.3.3 rotted. I think there is a posibility to root I9001.

I hope so ....! Did u try this method?
Sent from my GT-I9001 using Tapatalk

westcrip said:
I hope so ....! Did u try this method?
Sent from my GT-I9001 using Tapatalk
Click to expand...
Click to collapse
Nope but I will try in this weekend. I found how to restore phone when you brick it (if something happen) , and it's not so hard. That's why I will use different method to root it. I just wonder if one of brick is avilable or more. I only know how to unbrick by this method http://www.youtube.com/watch?v=2qB4RNoXTd8 . Its very simple just install software downoladed from http://www.samfirmware.com/WEBPROTECT-i9001.htm our software is in the middle I9001XXKF8 ##. Odin as well recognize my phone.

I have managed it to root the i9001. So far it is very complicated, and the detailed guide as well as the analysis of SMD archives is only in German available:
http://www.android-hilfe.de/samsung...g-galaxy-s-plus-i9001-rooten.html#post1911955
As always: You are responsible for your Phone! If someone bricks his device using this guide, I am not responsible for that! Bad Luck, I have warned you! Its a dangerous job! You really shouldn't do it.
In short:
- extract the PDA SMD File
- mount system.ext4
- copy su binary and Superuser.apk into the mounted image
- adjust the file permissions (especially the suid bit for su)
- umount system.ext4
- repack the PDA SMD.
I have created two Linux bash scripts for extracting and packing SMD Archives. Warning: I'm not very experienced in bash scripting. If someone is here who is capable of making a nice script of it, feel free! The scripts are working, that's all so far. They won't win a price in a beauty contest.
First the extract.sh:
Code:
#!/bin/bash
base=0
length=1
while (( length > 0 ))
do
# calculate Length
let "skip = base + 18"
length=`hexdump -e '"%d"' -s ${skip} -n 2 ${1}`
let "length = length * 65536"
let "skip = base + 16"
length2=`hexdump -e '"%d"' -s ${skip} -n 2 ${1}`
let "length += length2"
let "length = length / 512" # Number of 512-Byte blocks
# calculate offset
let "skip = base + 22"
offset=`hexdump -e '"%d"' -s ${skip} -n 2 ${1}`
let "offset = offset * 65536"
let "skip = base + 20"
offset2=`hexdump -e '"%d"' -s ${skip} -n 2 ${1}`
let "offset += offset2"
let "offset = offset / 512" # Number of 512-Byte blocks
# save header in case of first loop
if (( base == 0 ))
then
dd if=${1} bs=512 of=header count=${offset}
fi
# extract filename
let "skip = base + 32"
filename=`dd if=${1} skip=${skip} count=16 bs=1 2>/dev/null`
# and finally: extract image
if (( length > 0 ))
then
echo "Length: ${length}"
echo "Offset: ${offset}"
echo "Filename: ${filename}"
dd if=${1} bs=512 of=${filename} skip=${offset} count=${length} 2>/dev/null
fi
# next header
let "base += 64"
done
Syntax: ./extract.sh Archive.smd
The script will extract the archive and create a lot of local files (system.ext, boot.img and so on). Well, the content of the Archive obviously.
Root the system.ext4:
I have used the newest su and Superuser.apk from here (3.0-beta4 at the moment. Newer ones should be ok):
http://goo-inside.me/superuser
The steps for rooting a system.ext4:
Code:
mkdir system
sudo mount -o loop system.ext4 system
sudo cp su system/xbin/
sudo chown 0.0 system/xbin/su
sudo chmod 4755 system/xbin/su
sudo cp Superuser.apk system/app/
sudo chown 0.0 system/app/Superuser.apk
sudo chmod 644 system/app/Superuser.apk
sudo umount system
And the pack.sh. Note: The pack.sh so far expects an existing "header" file created from an extract action and all files to be added into the archive. The resulting archive will have the same contents, as the starting archive (of course with a modified system.ext4). MD5 Checksums in the archive are calculated automatically.
Code:
#!/bin/bash
base=16
length=0
filename=dummy
# save the beginning
dd if=header of=newheader bs=1 count=16 2>/dev/null
# First create the MD5 checksums of all included (and maybe modified) files and generate the new header
while [ ! -z "${filename}" ]
do
# Length, offset, etc. is unchanged, just copy it.
let "skip = base"
dd if=header of=newheadertmp bs=1 skip=${skip} count=32 2>/dev/null
cat newheadertmp >> newheader
rm newheadertmp
# extract filename
let "skip = base + 16"
filename=`dd if=header skip=${skip} count=16 bs=1 2>/dev/null`
if [ ! -z "${filename}" ]
then
echo "creating MD5Sum of: ${filename}"
checksum=`md5sum ${filename} | tr '[a-z]' '[A-Z]'`
echo -n ${checksum:0:32} >> newheader
fi
# next header
let "base += 64"
done
# save the rest of the old header.
filesize=$(stat -c%s header)
let "base -= 32"
let "size = filesize - base"
dd if=header of=newheadertmp bs=1 skip=${base} count=${size} 2>/dev/null
cat newheadertmp >> newheader
rm newheadertmp
# the new header is the first content of the new archive.
cat newheader > ${1}
# now add all files to the archive.
filename=dummy
base=16
while [ ! -z "${filename}" ]
do
# extract filename
let "skip = base + 16"
filename=`dd if=header skip=${skip} count=16 bs=1 2>/dev/null`
if [ ! -z "${filename}" ]
then
echo "Adding: ${filename}"
cat ${filename} >> ${1}
fi
# next header
let "base += 64"
done
rm newheader
Syntax: ./pack.sh Archive.smd
Flash the resulting .smd files using Odin Multi Downloader an be happy about a rooted SGS Plus.
Note: The procedure has been tested with European KF6 and KP4 firmware. the scripts are capable of extracting and packing other SMD Archives as well, like Modem or CSC SMDs. But you don't need it for rooting (but maybe for debranding or customizing ROMs).
I'm thinking about an simpler root method like a modified kernel with a "magic" initramfs (like CF Root is working). This would make rooting of course much easier. But I have to investigate a lot of things handling boot.imgs.

Nice one RiverSource! Let's hope this is the start of more to come (ie. easier root, custom roms..).

Hello,
ok, next step for rooting the SGS Plus: The FMROOT (hehe). FMROOT is the original untouched Samsung Kernel with a modified init.rc. The init.rc calls a script which places the su binary and the Superuser.apk into the /system partition.
As always: You are responsible for your Phone! If someone bricks his device using this guide, I am not responsible for that! Bad Luck, I have warned you! Its a dangerous job! You really shouldn't do it.
Howto:
Download the appropriate file for your firmware.
Extract it
There should be 2 Files: AriesVE.ops and FMROOT_?????.smd
Use Odin Multi Downloader
Put "AriesVE.ops" in OPS
Put "FMROOT_?????.smd" in PDA
Flash. Wait 5 Seconds. Phone reboots. Phone is rooted. Normally without loosing data or settings.
Please ask here, if your Firmware is not available. It should be possible to create an appropriate FMROOT Kernel.
Credits:
astuermer for pointing me to the correct su and Superuser binaries.
Chainfire here from XDA Developers. My script is based on the CF-Root
Paul from Madaco. I had a closer look into his "superboot".
Lots and Lots of Custom ROM Developers for i9000 and i9100. I have learned a lot about Android Images on Samsung phones from them.
For the developers: the FMBOOT Script called by init.rc:
Code:
mount -o rw,remount -t ext4 /dev/block/mmcblk0p15 /system
rm /system/xbin/su
rm /system/bin/su
mkdir /system/xbin
cat /fmboot/su > /system/xbin/su
chmod 4755 /system/xbin/su
cat /fmboot/Superuser.apk > /system/app/Superuser.apk
mount -o ro,remount -t ext4 /dev/block/mmcblk0p15 /system
And the calling code inside the init.rc:
Code:
start fmboot
class_start default
## Daemon processes to be run by init.
##
service fmboot /system/bin/sh /fmboot/fmboot.sh
user root
group root
oneshot
If someone is interested, I can post a howto on modifying boot.imgs for SGS Plus. Don't hesitate to ask. BTW, i have also coded a script which is capable of generating SMD archives with any content (not based on a previous SMD archive). I can also post it, if someone is interested.
I think, I will optimize the script in the future. Checking if the phone is already rooted and skip the thing for example. Or adding busybox. Are there any additional ideas?

Thank you very [email protected]@@@ Come on!

THX, THX,..
It works, rooted..!!

[GUIDE][HOW TO][Xperia P/U] Unpack & Repack Kernel.elf

Hi everyone, I didn't find a full guide for unpacking & repacking new kernel.elf, they were somehow out-dated.
so I'm here to share with you my knowledge.
First Post : Unpack kernel
Second Post : Unpack ramdisk
Third Post : Repack ramdisk
Fourth Post : Repack kernel
1st : Requirements​
1) the kernel you want to unpack
2) 7z -->
Code:
sudo apt-get install p7zip
2nd : procedure​
lets assume our working directory is "~/kernel" and the kernels name is "kernel.elf".
now open terminal and write down the following code.
Code:
mkdir ~/kernel
cp /path/to/file ~/kernel/kernel.elf
cd ~/kernel
7z e kernel.elf
now you will get 0, 1, 2, 3.
0 --> zImage
1 --> ramdisk
2 --> cmdline
3 --> cert
Code:
mv 0 kernel.elf-zImage
mv 1 kernel.elf-ramdisk.gz
mv 2 kernel.elf-cmdline
mv 3 kernel.elf-cert
now you have successfully unpacked the kernel.

[B]Second Post : Unpack ramdisk[/B]
1st : Requirements​
1) the ramdisk we got from the first post.
2) file -->
Code:
sudo apt-get install file
3) most probably gzip -->
Code:
sudo apt-get install gzip
2nd : procedure​
Code:
file -b kernel.elf-ramdisk.gz
most probably you will get "gzip compressed data".
if not read the notes at the end of this post then resume reading.
Code:
gzip -dk kernel.elf-ramdisk.gz
now you will get cpio archive "kernel.elf-ramdisk".
Code:
mkdir ramdisk
mv kernel.elf-ramdisk ramdisk
cd ramdisk
cpio -i < kernel.elf-ramdisk
rm kernel.elf-ramdisk
cd ..
now you successfully extracted the ramdisk.
3rd : notes​
it seems your ramdisk isn't gzip compressed.
if you got "LZMA compressed data" from file command
then it is "lzma" compressed
lzma -->
Code:
sudo apt-get install xz-utils
to uncompress use
Code:
mv kernel.elf-ramdisk.gz kernel.elf-ramdisk.lzma
xz -dk kernel.elf-ramdisk.lzma
now you chould resume unpacking process.

Third Post : repack ramdisk
1st : Requirements​
1) the ramdisk folder we extracted from second post.
2) cpio
3) the tool we used for unpacking ramdisk (gzip) (check notes for other compression types)
2nd : procedure​
Code:
cd ramdisk
find|cpio -o -H newc|gzip >../kernel.elf-new_ramdisk.gz
cd ..
now you successfully repacked the ramdisk.
3rd : notes​
well it is recommended to repack the ramdisk with the original ramdisk format
because other formats maybe not supported
but no problem trying other formats as long as they are supported
for lzma :
Code:
cd ramdisk
find|cpio -o -H newc|xz --format=lzma >../kernel.elf-new_ramdisk.lzma
cd ..

Fourth Post : repack kernel
1st : Requirements​
1) the files we unpacked from the kernel from first post (zImage, cmdline, we won't be needing the extracted cert).
2) the ramdisk folder we repacked from third post.
3) the original kernel.elf for injecting cert.
4) mkelf.py Sony's or Doomlord's
github.com/sonyxperiadev/device-sony-lt26/blob/master/tools/mkelf.py
github.com/DooMLoRD/build_tools/blob/master/bin/mkelf.py
2nd : procedure​
now we gonna repack kernel.elf (without cert yet).
Code:
mkelf.py -o kernel.elf-new [email protected] [email protected],ramdisk [email protected]
now comes the tricky part.
Code:
printf "\x04"|dd of=kernel.elf-new bs=1 seek=44 count=1 conv=notrunc 2>/dev/null
dd if=kernel.elf of=kernel.elf-dumped_cert bs=1 skip=148 count=1106 2>/dev/null
cat kernel.elf-dumped_cert|dd of=kernel.elf-new bs=1 seek=148 count=1106 conv=notrunc 2>/dev/null
rm kernel.elf-dumped_cert
now you successfully repacked the kernel .

Hi, would this method work on the Xperia GO? Would I have to change the command line arguments in order for it to work for my Xperia GO?

Hukanawa said:
Hi, would this method work on the Xperia GO? Would I have to change the command line arguments in order for it to work for my Xperia GO?
Click to expand...
Click to collapse
It would be great if you linked me to the kernel you want to unpack/repack.

Should work for Xperia GO
I grabbed the kernel "in CM11 weekly 20 for Xperia GO by XperiaSTE Team", and found the kernel structure is similar to Xperia P/U.
So yeah this guide should work for Xperia GO.
I hope this was helpful.

Very nice and helpful guide.
Worked for ARM64 kernel.elf also.

[Q] Help with boot image unpack/repack please.

I've read several tutorials both here and elsewhere. I've got a few different methods down using mkbootimg, unpackbootimg, abootimg, the perl scripts, and I have gzip/gunzip/cpio commands down. Splitting and repacking go without errors.
However, I cannot, to save my life, whether I modify something or not, get a boot image that I split and repacked to boot on my device.
I have a G4 H811 the T-Mobile variant. I have been playing with boot images and kernels included with ROMs and a custom kernel, even dd'd the working boot partition from my device. I simply cannot repack something that boots.
Here's an example approach, here I'm using binaries from a custom kernel zip mkbootimg, unpackbootimg, and the busybox included in the zip. I'm doing exactly what the kernel maintainer does to split the image, replace zImage and repack, only manually in a terminal and modifying the ramdisk leaving everything else alone.
mkdir boot
cd boot/
cat /dev/block/bootdevice/by-name/boot >boot.img
chmod 755 busybox
chmod 755 mkbootimg
chmod 755 unpackbootimg
./unpackbootimg -i boot.img
mkdir initrd
cd initrd
cat ../boot.img-ramdisk.gz | ../busybox gunzip | ../busybox cpio -vid
vi init.rc(made changes)
../busybox find . | ../busybox cpio -o -H newc | ../busybox gzip >../myinitrd.img
cd ..
./mkbootimg --kernel boot.img-zImage --ramdisk myinitrd.img --cmdline "$(cat boot.img-cmdline)" --base 0x$(cat boot.img-base) --pagesize 4096 --ramdisk_offset $(cat boot.img-ramdiskoffset) --tags_offset $(cat boot.img-tagsoffset) --output myboot.img
./busybox dd if=myboot.img of=/dev/block/bootdevice/by-name/boot
I end up with with a 26.8MB myboot.img and a bootloop

Here's a really good example, I changed absolutely nothing. After unpacking and repacking I end up with two different size boot images. What am I missing here?

[S905] WeTek Hub Boot Image Modification

I recently got my hands on a WeTek Hub. All round quite a nice little box, but the default lowmemorykiller settings are a little annoying, and sometimes result in the boot failing because the kernel decided to kill one of the startup processes. I'm trying to modify the settings in the init.rc, but I'm having a spot of trouble with a boot loop after repacking the boot image.
I copied the image off the device by using dd to extract the partition to a file, and then used the built-in FTP server to copy it off the device, and extracted it using unmkbootimg. after unzipping, extracting, modifying, and re-packing, I used mkbootimg to recreate the image, and dd'd it back onto the box (commands below).
Code:
dd if=/dev/block/boot of=/sdcard/boot.img
Code:
./unmkbootimg boot.img
mv initrd.img{,.gz}
gunzip initrd.img.gz
mkdir initrd
cp initrd.img initrd
cd initrd
cpio -i < initrd.img
rm initrd.img
# change stuff here
find . | cpio -o -H newc > ../initrd.cpio
cd ..
gzip initrd.cpio
./mkbootimg --kernel kernel.gz --ramdisk initrd.img.gz -o new_boot.img
Code:
dd if=/sdcard/new_boot.img of=/dev/block/boot
Unfortunately, that left me with a flashing WeTek logo as the it continuously rebooted. examining the logs from u-boot didn't give anything useful, but luckily I was able to get it into recovery and flash Ricardo's Android TV ROM back on there. Unfortunately, I'm still stuck with the original boot failure issue. Any clues as to what I've missed?

I do so
Code:
cd boot
../mkboot boot.img unpaсk
cd unpack/ramdisk
find . | cpio -o -H newc | gzip > ../ramdisk.packed
[I][B]# (edit size ramdisk in /boot/unpack/img_info file)[/B][/I]
cd ../..
../mkboot unpack boot.img
all is working