Related
I can't seem to get the boot.img file to unpack, regardless of what tool I use or what os. I typically get the results below. the long term goal is to edit the boot.img to allow the next7p to use ext3 /system as opposed to cramfs, and give full read/write. It has been done by Wendal Chen on a different but similar tablet. (Both are rk29xx tablets.)
Any help would be appreciated.
I have been able to create a "custom" rom, which has root and SU, but you cannot write to the /system.
the boot.img from my custom rom is 598k The boot.img pulled from the tablet
is 4096K i get the same issues from both.
Code:
Welcome to the ZTE Racer kitchen by TigTex!
If you aren't using Windows XP, you might need to run this as admin
Make sure you have boot.img on the same folder as this file
Press 1 to decompress the ramdisk and kernel from boot.img
Press 2 to build the boot.img from the ramdisk folder and boot.img-kerne
Press q to exit
Type 1,2 or q and press ENTER: 1
Android Magic not found in boot.img. Giving up.
******kernel and ramdisk extracted!******
* Kernel is the "boot.img-kernel" file *
* Ramdisk is on gzip + cpio *
* YOU CAN ONLY EDIT RAMDISK ON LINUX *
* original img backed up as oldboot.img *
*****************************************
Press 1 to decompress the ramdisk and kernel from boot.img
Press 2 to build the boot.img from the ramdisk folder and boot.img-kerne
Press q to exit
Type 1,2 or q and press ENTER:
Ok so let's try the android kitchen
Here is the show boot.img information
Code:
Working folder's boot.img information
-------------------------------------
Kernel Size : 559903 bytes
Kernel Base Address : 0x00000000
Ramdisk Size : 2090599168 bytes
Ramdisk Load Address : 0x65545c0b
Second Stage Size : 779876570 bytes
Second Stage Load Address : 0xe1906573
Page Size : 84348953 bytes
ASCIIZ Product Name : (None)
Command Line: (None)
Press Enter to continue
And now the attempt to extract first using w option...
Code:
Working folder found
Android header not found at start of boot.img
Warning: Android header not located anywhere in boot.img
Kernel found at offset 84348953 in boot.img
Making folder BOOT-EXTRACTED ...
Extracting kernel ...
Extracting ramdisk ...
Error: No ramdisk folder found!
Press Enter to continue
Ok so lets try the other option in the menu.
Code:
Press Enter to continue
Android header not found at start of boot.img
Warning: Android header not located anywhere in boot.img
Kernel found at offset 84348953 in boot.img
Extracting kernel ...
Extracting ramdisk ...
Error: No ramdisk folder found!
Contents of bootimg_010612_234100:
total 0
-rw-r--r-- 1 0 2012-01-06 23:41 zImage
Press Enter to continue
The zImage file it writes is 0k in size.
Here is the first line from the boot.img looking at it in the hexeditor.
Code:
00000000 4b 52 4e 4c 3a 93 08 00 1f 8b 08 00 00 00 00 00 KRNL:"...<......
From what I have read the kernel is supposedly starting at 1f 8b.....
getting the error that the Ramdisk is not there, it is almost like it is not a complete boot.img file. More so if I look at boot.img in a hexeditor and lookup that address. (Sigh) I keep plugging away.
any help is appreciated.
Dochoppy said:
I can't seem to get the boot.img file to unpack, regardless of what tool I use or what os. I typically get the results below. the long term goal is to edit the boot.img to allow the next7p to use ext3 /system as opposed to cramfs, and give full read/write. It has been done by Wendal Chen on a different but similar tablet. (Both are rk29xx tablets.)
Any help would be appreciated.
I have been able to create a "custom" rom, which has root and SU, but you cannot write to the /system.
the boot.img from my custom rom is 598k The boot.img pulled from the tablet
is 4096K i get the same issues from both.
Code:
Welcome to the ZTE Racer kitchen by TigTex!
If you aren't using Windows XP, you might need to run this as admin
Make sure you have boot.img on the same folder as this file
Press 1 to decompress the ramdisk and kernel from boot.img
Press 2 to build the boot.img from the ramdisk folder and boot.img-kerne
Press q to exit
Type 1,2 or q and press ENTER: 1
Android Magic not found in boot.img. Giving up.
******kernel and ramdisk extracted!******
* Kernel is the "boot.img-kernel" file *
* Ramdisk is on gzip + cpio *
* YOU CAN ONLY EDIT RAMDISK ON LINUX *
* original img backed up as oldboot.img *
*****************************************
Press 1 to decompress the ramdisk and kernel from boot.img
Press 2 to build the boot.img from the ramdisk folder and boot.img-kerne
Press q to exit
Type 1,2 or q and press ENTER:
Ok so let's try the android kitchen
Here is the show boot.img information
Code:
Working folder's boot.img information
-------------------------------------
Kernel Size : 559903 bytes
Kernel Base Address : 0x00000000
Ramdisk Size : 2090599168 bytes
Ramdisk Load Address : 0x65545c0b
Second Stage Size : 779876570 bytes
Second Stage Load Address : 0xe1906573
Page Size : 84348953 bytes
ASCIIZ Product Name : (None)
Command Line: (None)
Press Enter to continue
And now the attempt to extract first using w option...
Code:
Working folder found
Android header not found at start of boot.img
Warning: Android header not located anywhere in boot.img
Kernel found at offset 84348953 in boot.img
Making folder BOOT-EXTRACTED ...
Extracting kernel ...
Extracting ramdisk ...
Error: No ramdisk folder found!
Press Enter to continue
Ok so lets try the other option in the menu.
Code:
Press Enter to continue
Android header not found at start of boot.img
Warning: Android header not located anywhere in boot.img
Kernel found at offset 84348953 in boot.img
Extracting kernel ...
Extracting ramdisk ...
Error: No ramdisk folder found!
Contents of bootimg_010612_234100:
total 0
-rw-r--r-- 1 0 2012-01-06 23:41 zImage
Press Enter to continue
The zImage file it writes is 0k in size.
Here is the first line from the boot.img looking at it in the hexeditor.
Code:
00000000 4b 52 4e 4c 3a 93 08 00 1f 8b 08 00 00 00 00 00 KRNL:"...<......
From what I have read the kernel is supposedly starting at 1f 8b.....
getting the error that the Ramdisk is not there, it is almost like it is not a complete boot.img file. More so if I look at boot.img in a hexeditor and lookup that address. (Sigh) I keep plugging away.
any help is appreciated.
Click to expand...
Click to collapse
Dsixda's kitchen has this feature, (un/re-pack) boot.img built in. Makes for very easy editing. Also helps for making your ROM.
Sent from my PC36100 using xda premium
jamieg71 said:
Dsixda's kitchen has this feature, (un/re-pack) boot.img built in. Makes for very easy editing. Also helps for making your ROM.
Sent from my PC36100 using xda premium
Click to expand...
Click to collapse
That's what he said he used, but the kitchen does not support boot.img of his device's format. A lot of the cheaper tablets use a special format but I have seen Wiki guides on how they are built and extracted.
Any chance you know a link to one of the guides? I will also start searching on like tablets.
Dochoppy said:
Any chance you know a link to one of the guides? I will also start searching on like tablets.
Click to expand...
Click to collapse
Google for the "cmp738a" by Craig. It's a really ****ty tablet that I owned for one day. It uses cramfs like yours, and there are some links on how to unpack and create a ROM. Use terms like "cmp738a unpack ROM"
Dsixda: First thanks for your kitchen tool really it is a great piece of work, I am sure you are under appreciated for it.
After you told me to do some searches I did, then I looked back over everything I had been reading.
I can say I feel like an idiot. I was letting the big picture blot out the details so to speak.
Almost literally all I had to do was remove 3-4 bytes from the header, and ungzip the file...cpio etc etc.
I was stuck in the train of thought that I had to "unpack the boot.img" file first, then ungzip it...
Dochoppy said:
Dsixda: First thanks for your kitchen tool really it is a great piece of work, I am sure you are under appreciated for it.
After you told me to do some searches I did, then I looked back over everything I had been reading.
I can say I feel like an idiot. I was letting the big picture blot out the details so to speak.
Almost literally all I had to do was remove 3-4 bytes from the header, and ungzip the file...cpio etc etc.
I was stuck in the train of thought that I had to "unpack the boot.img" file first, then ungzip it...
Click to expand...
Click to collapse
You mean it's like any other boot.img except for the extra bytes at the beginning and a different header (instead of "ANDROID!" - the actual header the kitchen looks for)?
Well yes and no. The kitchen still does not extract the boot.img correctly, zImage is created as a 0k file, and the ramdisk is still not extracted.
Ok I am still missing something here.
Ok I am still missing something here.
dsixda-
Could you take a look at the boot.img file and tell me what I may be missing?
http://www.mediafire.com/?n9an9o5vmjida1c
I would appreciate it very much.
Dochoppy said:
Ok I am still missing something here.
dsixda-
Could you take a look at the boot.img file and tell me what I may be missing?
http://www.mediafire.com/?n9an9o5vmjida1c
I would appreciate it very much.
Click to expand...
Click to collapse
It's not going to work in the kitchen, what are you trying to do? It is missing the "ANDROID!" magic header and the rest of the file is in a garbled format. You'll need to Google for the solution for your device. I can't offer much help, sorry.
I understand that much. When you do a file boot.img command in linux it just comes back as DATA.
I'm not so much concerned with being able to use the kitchen on it as just being able to unpack and pack the file correctly, and completely.
Thanks for taking a peak at it.
Can you upload to dropbox and let me know. I was working on an experimental tool to do this, so an unknown device would be good to check.. I might be some time in getting back to you though
Sent from my HTC Desire using Tapatalk
Droidzone-
Drop box link
http://dl.dropbox.com/u/56600275/boot.img
Media fire link if that doesn't work.
http://www.mediafire.com/?n9an9o5vmjida1c
Thanks for taking a peak.
Could you also provide the full name of the tablet, manufacturer, and possibly a link to the device?
The tablet in question is the nextbook 7 premium
marketed in the US by E-fun. Website is www.nextbookusa.com
on the front of the page there is a link to the latest firmware which the current version of DocHoppy Rom is based on.
Thanks again for taking a peak at it.
I know this much, the boot.img file it's self once unpacked from the update.img file
is a gziped cpio file, with odd header and footer bits. I have been able to unpack the file (removing header info to make it gzip recognizable), and then using 7zip of all things to unpack the cpio portion. That is where I get hung up at. I need to unpack it correctly so it can be rebuilt correctly. By doing it the way I have, you can't rebuild the file properly.
Update:
After alot of research, and trial and error, I was able to correctly unpack and repack the boot.img. I flashed the repack to my tablet, and successfully booted.
Next step is to modify init.rc and convert /system to ext3.
I will keep you posted.
Do document what you did so that it helps someone else later
Sent from my HTC Desire using Tapatalk
I'm having a similar problem, posted about here. I don't understand why the Android magic number isn't making it into my kernel. I thought the kernel compile would be straightforward, but sheesh...
Dochoppy said:
Update:
After alot of research, and trial and error, I was able to correctly unpack and repack the boot.img. I flashed the repack to my tablet, and successfully booted.
Next step is to modify init.rc and convert /system to ext3.
I will keep you posted.
Click to expand...
Click to collapse
Hi, i am trying to extract a boot.img without the Android header too. What have you done to extract it?
Regards.
Hi, sensible answers only please If it matters, I'm running Debian Squeeze 64
Following Atarii's guide and using Androxyde's single line modded kernel
I'm having trouble getting a repacked kernel booting. My steps have the following possible issues:
When repacking ramdisk..
Code:
find . | cpio -o -H newc | gzip > 1
[B]cpio: File ./1 grew, 770048 new bytes not copied[/B]
Is that something to be worried about? I would think so..
Secondly, unpacking and repacking exactly the same unmodified files result in a kernel.elf that is much larger:
Code:
5.5M kernel-3.0-insecure.elf (Androxyde's)
6.3M new_kernel.elf (mine)
Thirdly, the two reference posts use a different address for the ramdisk 0x41300000 and 0x41200000, (could someone please explain why?)
The result of this is a kernel bootloop, does any knowledgeable person know what could be causing the above problems? I can't get my head round it!
Thanks!
ok, you can only unpack the ramdisk 1 time (so use a kernel.sin from ftf)
once unpacked use:
find . | cpio -o -H newc | gzip > newramdisk.gz
then pack it with the python command in androxydes guide
only change [email protected] with [email protected]
thanks for the fast reply nickholtus :highfive:
will give a try shortly, fingers crossed!
extracted ramdisk from kernel.sin out of the ftf using unpack-kernelsin.pl, haven't modified the ramdisk, just repacked. The cpio errors are no longer there but it's still boot looping.
The RPM from http://developer.sonymobile.com/wp/...e-archive-released-with-building-instructions causes no boot at all, so I've used the one from Androxyde's kernel.
Any more clues? I spent far too long on this today but I really want to do this!
which command do you use for repacking kernel????
nickholtus said:
which command do you use for repacking kernel????
Click to expand...
Click to collapse
Code:
python mkelf.py -o new_kernel.elf [email protected] [email protected],ramdisk [email protected],rpm
I think i said that the ramdisk address is different in the two posts I linked to in the OP, these being 0x41200000 and 0x41300000, for the hell of it i've tried both!
I wish I could log what is actually going on at the initial stage, I'd have something more to offer than "why isn't it working"
use this
http://forum.xda-developers.com/showthread.php?t=1659584
thank you championswimmer, as I'm pretty good with bash i'll look through your scripts as the menu system looks a bit long winded for me
It looks like all my problems are related to the RPM.. I've just packed a booting kernel with modified ramdisk!
Thanks for your help guys. :highfive:
I'm working on my first ROM that is based on the "stock" Samsung firmware. I am used to messing around with AOSP and CM ROMs where there's a nice flashable ZIP with a boot.img in it. Working from the "stock" Samsung image has been less clean.
My device is a Samsung SGH-T869 (the T-Mobile version of the Galaxy Tab 7.0 Plus).
I began with the file T869TMBLG7_T869UVLG7_T869UVLG7_HOME.tar.md5, which is the newest firmware available for this device.
I am able to extract the image using 7-zip, which gives me the error "There is no correct record at the end of archive", but otherwise appears to extract perfectly.
Extracted files include:
-boot.bin
-cache.img
-factoryfs.img
-hidden.img
-modem.bin
-param.lfs
-recovery.img
-Sbl.bin
-zImage
These files are enough to give Android Kitchen something to start with, but AK is complaining about the lack of a boot.img, plus I want to do some ramdisk tweaking. I have been researching this for hours, and I get the impression that what I need is in there, just in a proprietary format. I have installed KernelKitchen, which I guess I can use to build boot.img from zImage and a ramdisk, I'm just not sure where to go from here.
I also tried dumping ADB (dd if=/dev/block/mmcblk0pX of=/sdcard/boot.img, tried all partitions one by one).
I also looked at a backup made via CWM 6 of the 'stock' untouched ROM running on my tab. My backup contains:
-boot.img
-cache.ext4.dup
-data.ext4.dup
-nandroid.md5
-recovery.img
-system.ext4.dup
So far, no success. The various imgs I have pulled are all treated as invalid by Android Kitchen and also split_bootimg.pl by William Enck. When running that nice Perl script I get the error "Android Magic not found".
My general first goal is a cleaned up stock ROM which has been deodexed, zipaligned, with insecure boot enabled, and of course, root.I would like to also do a sweet custom boot image and boot animation, but I believe its best to start with a solid foundation before jumping into the other stuff. Any suggestions, XDA gang? Somewhere in that mix did I get the actual boot.img but Samsung uses a weird header? Or something else?
Rename file.tar.md5 to file.tar and unzip
Find an updater-script of custom based stock rom and you get "name' of kernel partition
Sent from my X10i using xda app-developers app
xSkArx said:
Rename file.tar.md5 to file.tar and unzip
Find an updater-script of custom based stock rom and you get "name' of kernel partition
Sent from my X10i using xda app-developers app
Click to expand...
Click to collapse
Your first instruction (to "rename and unzip") makes no difference at all.
The second suggestion seems like it may be useful.
From the CM9 flash script I found that /dev/block/mmcblk0p5 is the boot partition.
I am not sure what's wrong with the boot.img I am pulling.
Here's my command session:
Code:
adb shell
su
dd if=dev/block/mmcblk0p5 of=/mnt/sdcard/boot.img
exit
adb pull /mnt/sdcard/boot.img
I attached the resulting file. I looked at it a bit in a hex editor but I'm not sure what I'm lookin for...
DivinityCycle said:
Your first instruction (to "rename and unzip") makes no difference at all.
The second suggestion seems like it may be useful.
From the CM9 flash script I found that /dev/block/mmcblk0p5 is the boot partition.
I am not sure what's wrong with the boot.img I am pulling.
Here's my command session:
Code:
adb shell
su
dd if=dev/block/mmcblk0p5 of=/mnt/sdcard/boot.img
exit
adb pull /mnt/sdcard/boot.img
I attached the resulting file. I looked at it a bit in a hex editor but I'm not sure what I'm lookin for...
Click to expand...
Click to collapse
It seems that you managed to extract a kernel image (zImage). What you are looking for is an image starting with the signature "ANDROID!".
What do you see if you enter the following command?
Code:
$ cat /proc/mtd
It should read something similar to:
Code:
dev: size erasesize name
mtd0: xxxxxxxx xxxxxxxx "system"
...
DivinityCycle said:
Your first instruction (to "rename and unzip") makes no difference at all.
The second suggestion seems like it may be useful.
From the CM9 flash script I found that /dev/block/mmcblk0p5 is the boot partition.
I am not sure what's wrong with the boot.img I am pulling.
Here's my command session:
Code:
adb shell
su
dd if=dev/block/mmcblk0p5 of=/mnt/sdcard/boot.img
exit
adb pull /mnt/sdcard/boot.img
I attached the resulting file. I looked at it a bit in a hex editor but I'm not sure what I'm lookin for...
Click to expand...
Click to collapse
My first instruction is to get boot.bin without error when unzip it.
With the boot.img that you attached try this http://forum.xda-developers.com/showthread.php?t=1849666
Sent from my X10i using xda app-developers app
You are probably going to have to trim some extra data off the front of your boot.img so that the tool finds the needed Hex address. If you haven't already I'd pull the applicable scripts out of dsixda's kitchen and see how he handles it.
k02a said:
It seems that you managed to extract a kernel image (zImage). What you are looking for is an image starting with the signature "ANDROID!".
What do you see if you enter the following command?
Code:
$ cat /proc/mtd
It should read something similar to:
Code:
dev: size erasesize name
mtd0: xxxxxxxx xxxxxxxx "system"
...
Click to expand...
Click to collapse
I'm pretty sure you're after the partitions. However, there's no /proc/mtd on the SGH-T869 running stock.
Code:
[email protected]:/proc # cat partitions
cat partitions
major minor #blocks name
179 0 15388672 mmcblk0
179 1 20480 mmcblk0p1
179 2 1280 mmcblk0p2
179 3 1280 mmcblk0p3
179 4 8192 mmcblk0p4
179 5 8192 mmcblk0p5
179 6 8192 mmcblk0p6
179 7 204800 mmcblk0p7
259 0 16384 mmcblk0p8
259 1 786432 mmcblk0p9
259 2 13791232 mmcblk0p10
259 3 524288 mmcblk0p11
259 4 8192 mmcblk0p12
179 8 30318592 mmcblk1
179 9 30317568 mmcblk1p1
When looking at /proc/mounts, I see that partitions 1, 4, 7, 9, and 10 are all mounted. I'm also relatively certain that mmcblk1 is the microSD card slot, based on its size (I've got a 32GB card installed at the moment).
So, ruling those out, we're left with:
Code:
major minor #blocks name
179 2 1280 mmcblk0p2
179 3 1280 mmcblk0p3
179 5 8192 mmcblk0p5
179 6 8192 mmcblk0p6
259 0 16384 mmcblk0p8
259 3 524288 mmcblk0p11
259 4 8192 mmcblk0p12
I have already extracted the first 8 partitions and tried running each through Android Kitchen's boot.img unpack tool without success. The script fails to locate the ANDROID header within any of the files. I'm guessing Samsung uses some sort of custom header, because if it works perfectly fine, why not mess with it?
I've searched through a few of the files with XVI32 for "ANDROID" but didn't get any hits.
As posted earlier, other ROMs flash boot.img to mmcblk0p5 so I'm pretty sure that's the right space.
Any hints on an application I can use to analyze the dump and locate the offsets where the header and ramdisk are inside it?
Update. In my research I have come across this article:
http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack,_Edit,_and_Re-Pack_Boot_Images
It wasn't directly helpful but it did give me a key idea: "Find the Magic Number for a GZ archive and you'll find the ramdisk inside the raw image"
As per http://www.garykessler.net/library/file_sigs.html, the "Magic Number" for a GZ archive is 1F 8B 08. The first article only mentions "look for a bunch of zeros and then 1F 8B." That never occurs in my dumped file, and the number 1F 8B occurs 65 times. However, "1F 8B 08" only occurs once in the entire file, indicating the spot where the header and kernel end and the ramdisk begins.
I deleted everything before 1F 8B 08 and saved the result as ramdisk.gz.
Then, I threw the resulting file onto one of my Linux boxes and used the following commands to extract:
Code:
mkdir ramdisk
cd ramdisk
gunzip < ../ramdisk.gz | cpio -i --make-directories
ls
(results of ls command here:)
data init.goldfish.rc lpm.rc ueventd.goldfish.rc
default.prop init.rc proc ueventd.rc
dev init.smdk4210.rc sbin ueventd.smdk4210.rc
fota.rc init.smdk4210.usb.rc sys vendor
init lib system
I did this stuff in a command terminal connected over Putty, and I got a ton of crazy output during extraction, mostly the line "cpio: Malformed number" over and over.
My next planned task is to take 3 boot.img dumps from my tablet and them compare MD5s on all 3 dumps, to ensure I got a "good" copy.
I imagine this is largely unnecessary, but I've learned from working on other embedded devices that you can't be too careful about raw reads / writes.
I'm pretty sure now that I have extracted the ramdisk I am OK. The factory firmware has zImage as a discrete file, so I'm pretty sure I can use either Android Kitchen or Kernel Kitchen to repack the stuff into a "normal" boot.img.
I'll post my results here, since there may be like one other person interested in doing ROMs for the T869
Just a little update, the md5sums on ALL of my various dumps matched.
By that I mean CWM's backup and all the various dumps I did via ADB (using the dd command) all match.
md5sum for this firmware's boot.img appears to be 1e4367954524901c7dfff14b02023163
Interesting and a great research!
I look forward to see more of your progressive work.
Sent from my Xperia Arc via Tapatalk 2
---------- Post added 11th October 2012 at 12:00 AM ---------- Previous post was 10th October 2012 at 11:39 PM ----------
DivinityCycle said:
As per http://www.garykessler.net/library/file_sigs.html, the "Magic Number" for a GZ archive is 1F 8B 08. The first article only mentions "look for a bunch of zeros and then 1F 8B." That never occurs in my dumped file, and the number 1F 8B occurs 65 times. However, "1F 8B 08" only occurs once in the entire file, indicating the spot where the header and kernel end and the ramdisk begins.
I deleted everything before 1F 8B 08 and saved the result as ramdisk.gz.
Then, I threw the resulting file onto one of my Linux boxes and used the following commands to extract:
Click to expand...
Click to collapse
According to RFC1952, the gzip header only contains two bytes (ID1, ID2), while the third byte (CM) normally seems to be set to 0x08 (deflate) - so you did the right thing to include the third byte.
http://tools.ietf.org/html/rfc1952
Sent from my Xperia Arc via Tapatalk 2
k02a said:
Interesting and a great research!
I look forward to see more of your progressive work.
Sent from my Xperia Arc via Tapatalk 2
Hell yeah, I'm surprised at how much I've achieved, since today has been pretty busy at work. I use Putty, WinSCP, and SplashTop to access my home machines from the office, and I've got an ADB command line connection to my tab on my workstation here, so I've been able to get a lot done.
My current task is reverse-engineering dsixda's scripts that do the task of taking apart the boot.img. I should have looked at them before, they're well-written and self-documented. It's looking like I'll have to figure out the weird offsets Samsung is using (already half done) and then I can tweak the scripts so they'll probably be able to unpack / repack the image.
If I'm building a stock ROM do the offsets and header have to all be the same on my modified boot.img? I would assume so, but I'm new to this
I only want to modify the ramdisk a bit, no kernel tweaks.
Click to expand...
Click to collapse
After much searching, it looks Samsung's boot.imgs sometimes simply have no header at all, so like the first chunk is the kernel, and the second is the ramdisk. I'm gonna test out unpacking ramdisk, making the changes I need, repacking it, and then combining the two chunks back together for flashing.
Will post results
DivinityCycle said:
After much searching, it looks Samsung's boot.imgs sometimes simply have no header at all, so like the first chunk is the kernel, and the second is the ramdisk. I'm gonna test out unpacking ramdisk, making the changes I need, repacking it, and then combining the two chunks back together for flashing.
Will post results
Click to expand...
Click to collapse
I took a new look at your boot.img today.
Besides the gzip header at address 0000:4634 (which you found), I also noticed that there are 256 (0x100) bytes at 007f:fc00.
Any clue about this?
DivinityCycle said:
I'm working on my first ROM that is based on the "stock" Samsung firmware. I am used to messing around with AOSP and CM ROMs where there's a nice flashable ZIP with a boot.img in it. Working from the "stock" Samsung image has been less clean.
My device is a Samsung SGH-T869 (the T-Mobile version of the Galaxy Tab 7.0 Plus).
I began with the file T869TMBLG7_T869UVLG7_T869UVLG7_HOME.tar.md5, which is the newest firmware available for this device.
I am able to extract the image using 7-zip, which gives me the error "There is no correct record at the end of archive", but otherwise appears to extract perfectly.
Extracted files include:
-boot.bin
-cache.img
-factoryfs.img
-hidden.img
-modem.bin
-param.lfs
-recovery.img
-Sbl.bin
-zImage
These files are enough to give Android Kitchen something to start with, but AK is complaining about the lack of a boot.img, plus I want to do some ramdisk tweaking. I have been researching this for hours, and I get the impression that what I need is in there, just in a proprietary format. I have installed KernelKitchen, which I guess I can use to build boot.img from zImage and a ramdisk, I'm just not sure where to go from here.
I also tried dumping ADB (dd if=/dev/block/mmcblk0pX of=/sdcard/boot.img, tried all partitions one by one).
I also looked at a backup made via CWM 6 of the 'stock' untouched ROM running on my tab. My backup contains:
-boot.img
-cache.ext4.dup
-data.ext4.dup
-nandroid.md5
-recovery.img
-system.ext4.dup
So far, no success. The various imgs I have pulled are all treated as invalid by Android Kitchen and also split_bootimg.pl by William Enck. When running that nice Perl script I get the error "Android Magic not found".
My general first goal is a cleaned up stock ROM which has been deodexed, zipaligned, with insecure boot enabled, and of course, root.I would like to also do a sweet custom boot image and boot animation, but I believe its best to start with a solid foundation before jumping into the other stuff. Any suggestions, XDA gang? Somewhere in that mix did I get the actual boot.img but Samsung uses a weird header? Or something else?
Click to expand...
Click to collapse
Feel free to use my updater-script in the scorched kernel thread. The updater works for ics boot images. just remove the parts about copying lib files and setting permissions ... and remove the lib files from the zip. they are specific to the kernel. a stock kernel will break if those lib files are copied to /system/lib/modules.
Oh, and you can get the boot image easily in CWM by doing a backup of the stock rom and grabbing it from the clockworkmod folder on the sdcard.
merwin said:
Feel free to use my updater-script in the scorched kernel thread. The updater works for ics boot images. just remove the parts about copying lib files and setting permissions ... and remove the lib files from the zip. they are specific to the kernel. a stock kernel will break if those lib files are copied to /system/lib/modules.
Oh, and you can get the boot image easily in CWM by doing a backup of the stock rom and grabbing it from the clockworkmod folder on the sdcard.
Click to expand...
Click to collapse
As posted earlier in this thread, I pulled a boot.img from a CWM backup, but that was back before I knew how to do anything useful with it yet.
The md5sum of the CWM-generated backup boot.img matches the dumps I did over ADB using the dd command, so they're different ways to get the same end result. I have a pretty good understanding of the syntax used in the CWM flashable ZIPs. My rough plan was to first build a "restore to stock boot.img" flashable zip (so I can fix it if I make my tab unbootable ), then experiment with building my own boot.img and flashing it using the same methods. The only thing that'll be different about the "flash modded boot.img" and "flash stock boot.img" is the actual boot.img file included in the zip. Didn't get a chance to do it while off work last night, but should be able to knock it out today.
k02a said:
I took a new look at your boot.img today.
Besides the gzip header at address 0000:4634 (which you found), I also noticed that there are 256 (0x100) bytes at 007f:fc00.
Any clue about this?
Click to expand...
Click to collapse
Your guess is probably better than mine, honestly. I would think that second address is actually within the 'ramdisk' part of things, so that seems pretty odd. I'm a relative noob when it comes to hex stuff, as that's a couple levels down from where I usually operate with computers
If I unpack, modify, and repack the ramdisk, any suggestions on the 'best' way to reattach the header/kernel to it?
k02a said:
I took a new look at your boot.img today.
Besides the gzip header at address 0000:4634 (which you found), I also noticed that there are 256 (0x100) bytes at 007f:fc00.
Any clue about this?
Click to expand...
Click to collapse
Following up on this earlier point, it looks like there are a few more regions within the 8 MB file than I initially saw.
I use XVI32, so the addresses I found are formatting as such.
it seems like the following is the layout of the file contents:
Part 1 - $000000 to $004633 = 17.5 KB header?
Part 2 - $004634 to $4768A6 = 4.44 MB ramdisk (?)
Part 3 - $4768A7 to $7FFBFF = 3.53 MB of zero padding
Part 4 - $7FFC00 to $7FFCFF = 241 bytes footer
Part 5 - $7FFD00 to $7FFFFF = 768 bytes of zero padding
My initial attempt to unpack / repack the image of course made the device unbootable. My "restore" flashable zip worked as expected, so I'm now able to mess around with this stuff with relative ease.
I'm still getting a bunch of weird crap in my terminal when extracting the ramdisk. The command I am running is gunzip -c ../ramdisk.gz | cpio -i run within the directory where I want the files to extract. Both under Cygwin in Windows and under Ubuntu Server, I get tons of "cpio: Malformed number" followed by garbage. Under Ubuntu Server, despite this weird output, the files actually DO appear to extract and I get 1.65 MB of unpacked files, all in the expected format and directory structure.
Under Cygwin it didn't extract at all.
I'll continue to mess around but for your hacky fun, I have attached the parts all split up and then packed into a single ZIP.
Post if you have any ideas. I'm gonna try and repack the ramdisk and then re-assemble the whole thing. The repacked ramdisk will be smaller, but I'll just fill in the empty spot with zero padding so that the footer still ends up at the same address. We'll see if that works
Quite interesting result so far...
I wonder if there are some documentation on the data structure of the footer information floating around in public, and secondly if the offset is static.
Speaking of padding zeros. Maybe the number of trailing zeroes depends on the payload size and the page size (evenly divided by given page size), which is the case for e. g. boot.img?
Sent from my Xperia Arc via Tapatalk 2
k02a said:
Quite interesting result so far...
I wonder if there are some documentation on the data structure of the footer information floating around in public, and secondly if the offset is static.
Speaking of padding zeros. Maybe the number of trailing zeroes depends on the payload size and the page size (evenly divided by given page size), which is the case for e. g. boot.img?
Sent from my Xperia Arc via Tapatalk 2
Click to expand...
Click to collapse
It will take some experimentation to see how picky the boot loader is. I have been sidetracked today by actual work (imagine that!) and also I have been working on exhaustively cataloging and documenting the contents of the stock ROM, particularly /system/app. Cutting the Samsung bloat has been challenging only in that there's so much stuff to remove
I just had a brainstorm: I'm going to examine the boot.img from the CM9 and CM10 ROMs for the T869. After all, both of them are accepted by the bootloader, so those two and the "stock" boot.img must share some common properties, which one would think would be the "key" stuff to make the boot.img work.
The boot.imgs from CM9 and CM10 both lack any useful "handles" to try and understand their contents.
I'm uncertain how else to proceed.
I have tried creating a modified ramdisk archive, then padding out the rest of the space with zeros so that the various pieces of boot.img fall at the same location, but no success.
I'm beginning to think everything about the Samsung boot.img is weird. I was able to locate the boot logo, but its located in the ramdisk at /sbin/fota.png.
I've been knocking away on this for like a week now, and I'm beginning to think maybe it ain't worth it. All this so I can get insecure boot and maybe a modified boot image? Freakin Samsung
I am looking to compile a new kernel for this device. I have pulled off the boot.img file from /dev/block/nandc and used split_bootimg.pl to pull apart the kernel and the boot ramdisk. I have used extract-ikconfig to get the kernel config and built my new 3.4 kernel (with modules). So far so good...
I have tried to build the new boot.img file with no avail. My concern is with the original kernel as the new one should be build the same (I think). It looks like it is not compressed as I run the command
file boot.img-kernel
It returns
boot.img-kernel: data
So it is not a Linux kernel ARM boot executable zImage
Is this correct? Can Android boot with this or is the split_bootimg.pl tool not creating the file correctly (it does pull the ramdisk as I have uncompressed it fine! and the file does contain the kernel config)
Ok So assuming I can create a proper boot.img with my built zImage and the old ramdisk, what do I need to do with the modules? Do I update the boot.img on the tablet and copy the modules over to the existing /system/lib/modules? (this appears to not work)
I did not find an exact guide on android kernel and the modules....
Domenic
link to the old (working) boot.img hxxps://docs.google.com/file/d/0B0c1jpaziDZ-NU5Sd18wbUVjN1E/edit?usp=sharing
some progress
domenictroilo said:
I am looking to compile a new kernel for this device. I have pulled off the boot.img file from /dev/block/nandc and used split_bootimg.pl to pull apart the kernel and the boot ramdisk. I have used extract-ikconfig to get the kernel config and built my new 3.4 kernel (with modules). So far so good...
I have tried to build the new boot.img file with no avail. My concern is with the original kernel as the new one should be build the same (I think). It looks like it is not compressed as I run the command
file boot.img-kernel
It returns
boot.img-kernel: data
So it is not a Linux kernel ARM boot executable zImage
Is this correct? Can Android boot with this or is the split_bootimg.pl tool not creating the file correctly (it does pull the ramdisk as I have uncompressed it fine! and the file does contain the kernel config)
Ok So assuming I can create a proper boot.img with my built zImage and the old ramdisk, what do I need to do with the modules? Do I update the boot.img on the tablet and copy the modules over to the existing /system/lib/modules? (this appears to not work)
I did not find an exact guide on android kernel and the modules....
Domenic
link to the old (working) boot.img hxxps://docs.google.com/file/d/0B0c1jpaziDZ-NU5Sd18wbUVjN1E/edit?usp=sharing
Click to expand...
Click to collapse
Ok so the mkimage command can be used to pull the uImage out of the Kernel Part of the file like this:
mkimage -A arm -O linux -T kernel -C none -a 0x40008000 -e 0x40008000 -n "Linux 3.0.8" -d uImage boot.img-kernel2
The only question is where in the boot process can I find the "Load Address" and "Entry Point" values that are required to create my uImage. I would think that these are going to be needed as options when I build my new kernel, and I will need to change the boot process or add a boot.scr file with my options. I have mounted the /dev/block/nanda partition (uBoot partition) but am not certain on where I would find the current environment values.
I did find this little snippet on the net that referes to the base address for this device xxx.tabletroms.com/forums/all-other-android-tablets-general-discussion/5791-full-specs-whatever-else-polaroid-pmid10c-tablet-2.htmlx
mkbootimg --kernel boot.img-kernel --ramdisk boot.img-ramdisk.cpio.gz --cmdline 'console=ttyS0,115200 rw init=/init loglevel=8' --board sun4i --base 0x40000000 -o boot.img
But he never discusses where he found the -base address. Is this the same as the Load Address and Entry Point?
Domenic
domenictroilo said:
Ok so the mkimage command can be used to pull the uImage out of the Kernel Part of the file like this:
mkimage -A arm -O linux -T kernel -C none -a 0x40008000 -e 0x40008000 -n "Linux 3.0.8" -d uImage boot.img-kernel2
The only question is where in the boot process can I find the "Load Address" and "Entry Point" values that are required to create my uImage. I would think that these are going to be needed as options when I build my new kernel, and I will need to change the boot process or add a boot.scr file with my options. I have mounted the /dev/block/nanda partition (uBoot partition) but am not certain on where I would find the current environment values.
I did find this little snippet on the net that referes to the base address for this device xxx.tabletroms.com/forums/all-other-android-tablets-general-discussion/5791-full-specs-whatever-else-polaroid-pmid10c-tablet-2.htmlx
mkbootimg --kernel boot.img-kernel --ramdisk boot.img-ramdisk.cpio.gz --cmdline 'console=ttyS0,115200 rw init=/init loglevel=8' --board sun4i --base 0x40000000 -o boot.img
But he never discusses where he found the -base address. Is this the same as the Load Address and Entry Point?
Domenic
Click to expand...
Click to collapse
So the base address is found in script.bin (converted to text file with bin2fex tool). This is the information found in it:
[dram_para]
dram_baseaddr = 0x40000000
Still how do I find the "Load Address" and "Entry Point" for the current kernel...
unmkbootimg
domenictroilo said:
So the base address is found in script.bin (converted to text file with bin2fex tool). This is the information found in it:
[dram_para]
dram_baseaddr = 0x40000000
Still how do I find the "Load Address" and "Entry Point" for the current kernel...
Click to expand...
Click to collapse
Well more reading leads me to use unmkbootimg but on my linux 32bit system all I get is:
# strace ./unmkbootimg
execve("./unmkbootimg", ["./unmkbootimg"], [/* 20 vars */]) = 0
--- SIGILL (Illegal instruction) @ 0 (0) ---
+++ killed by SIGILL +++
Illegal instruction
Too bad I can see the souce code to find out what this program is doing or compile it for myself.....
split_bootimg.pl should give you the parameters i listed on tabletroms.
What source are you using? Polaroid never coughed any up and i last harassed them in February.
bigsupersquid said:
split_bootimg.pl should give you the parameters i listed on tabletroms.
What source are you using? Polaroid never coughed any up and i last harassed them in February.
Click to expand...
Click to collapse
Here is the split:
letourneau:~/tmp# ../split_bootimg.pl /root/boot.img
Page size: 2048 (0x00000800)
Kernel size: 8112836 (0x007bcac4)
Ramdisk size: 210343 (0x000335a7)
Second size: 0 (0x00000000)
Board name:
Command line: console=ttyS0,115200 rw init=/init loglevel=8
Writing boot.img-kernel ... complete.
Writing boot.img-ramdisk.gz ... complete.
I am using the linux--sunxi kernel for now with an additional patch for dmard06.ko (which I do not expect to work!) I emailed them for the kernel source but just received a form email saying they will get back to me..... oh well I will as again.
Just playing around for now to see if a newer kernel will tweek up the speed on this device as it is very laggy.
Domenic
I may be using an older version of split_bootimg.pl?
On another note, I was able to execute unmkbootimg on a different linux server. I was attempting to run it on a PIII 800 so it needs something > a pentium (I guess).
./unmkbootimg boot.img
unmkbootimg version 1.2 - Mikael Q Kuisma <[email protected]>
Kernel size 8112836
Kernel address 0x40008000
Ramdisk size 210343
Ramdisk address 0x41000000
Secondary size 0
Secondary address 0x40f00000
Kernel tags address 0x40000100
Flash page size 2048
Board name is ""
Command line "console=ttyS0,115200 rw init=/init loglevel=8"
This image is built using standard mkbootimg
Extracting kernel to file zImage ...
Extracting root filesystem to file initramfs.cpio.gz ...
All done.
---------------
To recompile this image, use:
mkbootimg --kernel zImage --ramdisk initramfs.cpio.gz --base 0x40000000 --cmdline 'console=ttyS0,115200 rw init=/init loglevel=8' -o new_boot.img
---------------
Domenic
think the parameters you're searching for are specific for building the new kernel without proper source code to extract them from?
maybe you could get them from dmesg while the tablet is running?
else think there might be a way to grep the variable names in the existing kernel binary or headers?
i also would like a fresh kernel.
maybe useful stuff here:
https://vilimpoc.org/research/sh3dev/kernel-hacking.html
http://forum.xda-developers.com/showpost.php?p=46668556&postcount=31
thanks jjchico
i haven't checked this out yet, but may be useful.
Well I have build a new kernel and copied the modules over, but I does not boot. It appears that it never mounts the ramdisk as it never gets to the second splash screen, but I am flying blind as there is no serial port to debug with. I suspect that I do not quite understand the boot process for this tablet.... here is what is on the nanda vfat partition: (good information here http://rhombus-tech.net/allwinner_a10/a10_boot_process/)
since this is in my linux.ini
cat linux.ini
[segment]
img_name = c:\linux\u-boot.bin
img_size = 0x80000
img_base = 0x4A000000
[script_info]
script_base = 0x43000000
script_size = 0x10000
[logo_info]
logo_name = c:\linux\linux.bmp
logo_show = 1
Not quite certain how to setup img_base on my compile I guess.
I have tried the linix.ini from the link above but the tablet booted to livesuite image... that is a fail.
Not being a kernel developer.... I am wondering if the option to setup SUNXI_NAND_COMPAT_DEV is creating /dev/block/nandX or /dev/nandX as this will definatly impact the init.sun4i.rc file as it is mounting /dev/block/nandX This could be my first issue.... but then does /init first display the initlogo.rle or start processing init.sun4i.rc. Well if the first thing it does in load initlogo.rle then I am not even getting this far....below is the description of SUNXI_NAND_COMPAT_DEV
Symbol: SUNXI_NAND_COMPAT_DEV [=y] │
│ Type : boolean │
│ Prompt: Create old nand device names (nanda-nandz) │
│ Defined at drivers/block/Kconfig:564 │
│ Depends on: BLK_DEV [=y] && SUNXI_NAND [=y] │
│ Location: │
│ -> Device Drivers │
│ -> Block devices (BLK_DEV [=y]) │
│ -> SUNXI Nandflash Driver (SUNXI_NAND [=y]) │
well a little more reading leads me to this page on the CarbonRom http://www.slatedroid.com/topic/64378-rom-carbonrom-422/ turns out that if you want to run a 3.4 kernel you MUST update u-boot (http://www.mediafire...4ro667xcfkd2dv7).... so I have flashed the CarbonRom and it does boot with the u-boot update. Not to worry the new u-boot will still boot the old kernel. The only issue I have with the CarbonRom kernel is the missing dmard06 driver so no touch screen..... I may get a new kernel working yet!
domenictroilo said:
well a little more reading leads me to this page on the CarbonRom http://www.slatedroid.com/topic/64378-rom-carbonrom-422/ turns out that if you want to run a 3.4 kernel you MUST update u-boot (http://www.mediafire...4ro667xcfkd2dv7).... so I have flashed the CarbonRom and it does boot with the u-boot update. Not to worry the new u-boot will still boot the old kernel. The only issue I have with the CarbonRom kernel is the missing dmard06 driver so no touch screen..... I may get a new kernel working yet!
Click to expand...
Click to collapse
https://github.com/fsebentley/linux_allwinner_drivers_input_touchscreen_mods
https://groups.google.com/forum/#!topic/linux-sunxi/D0n8dyaVA34
?
bigsupersquid said:
https://github.com/fsebentley/linux_allwinner_drivers_input_touchscreen_mods
https://groups.google.com/forum/#!topic/linux-sunxi/D0n8dyaVA34
?
Click to expand...
Click to collapse
the patch compiles,you need to comment out #include <linux/earlysuspend.h> as it is not supported on the newer kernel and not required by the driver anyway. I just need to get the kernel to actually load lol..... I have at least gotten past the boot screen now, but it hangs.... I will try a different arm tool chain and see what happens next.....
So close but yet so far..... well I have the new kernel installed and booted with adb shell available but it turns out the new mma7660.ko is not compatable with my device I get this error from dmesg over and over and over....
<4>[ 3254.934675] incomplete xfer (0x20)
<3>[ 3254.938093] Assertion failed! drivers/hwmon/mma7660.c,196,mma7660_read_xyz,result>=0
Will rename the driver and see if I can get past init further in the boot....
Edit
Well more issues with drivers the dmard06 is not compatible either, I had more success with the Carbon Kernel I will see if I can find the source git, should be around....
dmesg | busybox grep dmard
<4>[ 5.408528] dmard06: init
<3>[ 5.447835] dmard06gsensor_fetch_sysconfig_para: after: gsensor_twi_addr is 0x4c, dirty_addr_buf: 0x4c. dirty_addr_buf[1]: 0xfffe
<4>[ 5.488546] dmard06_init: after fetch_sysconfig_para: normal_i2c: 0x4c. normal_i2c[1]: 0xfffe
<6>[ 5.508612] gsensor_detect: Detected chip dmard06 at adapter 1, address 0x4c
<4>[ 5.601533] dmard06 gsensor I2C err = 0!
<4>[ 5.613430] dmard06 probe failed
<4>[ 5.624926] dmard06: probe of 1-004c failed with error -1
This all makes some sense as Polaroid has not get gotten me the kernel and the drivers they load (their kernel have very unique names:
Module Size Used by Not tainted
8192cu 575431 0
rtl8150 8910 0
mcs7830 6557 0
qf9700 8513 0
asix 22500 0
usbnet 23745 3 mcs7830,qf9700,asix
dmard06_gl 8202 2
mma7660 6541 0
mali 130177 14
ump 42178 19 mali
gt811_ts_828 19947 0
sun4i_csi0 27946 0
nt99250 14254 1
gc0308 12848 1
videobuf_dma_contig 5659 1 sun4i_csi0
videobuf_core 18067 2 sun4i_csi0,videobuf_dma_contig
Well more issues with drivers the dmard06 is not compatible either, I had more success with the Carbon Kernel I will see if I can find the kernel source git, should be around....
dmesg | busybox grep dmard
<4>[ 5.408528] dmard06: init
<3>[ 5.447835] dmard06gsensor_fetch_sysconfig_para: after: gsensor_twi_addr is 0x4c, dirty_addr_buf: 0x4c. dirty_addr_buf[1]: 0xfffe
<4>[ 5.488546] dmard06_init: after fetch_sysconfig_para: normal_i2c: 0x4c. normal_i2c[1]: 0xfffe
<6>[ 5.508612] gsensor_detect: Detected chip dmard06 at adapter 1, address 0x4c
<4>[ 5.601533] dmard06 gsensor I2C err = 0!
<4>[ 5.613430] dmard06 probe failed
<4>[ 5.624926] dmard06: probe of 1-004c failed with error -1
This all makes some sense as Polaroid has not provided me the kernel they used and the drivers they load have unique names see below from the original stock rom:
Module Size Used by Not tainted
8192cu 575431 0
rtl8150 8910 0
mcs7830 6557 0
qf9700 8513 0
asix 22500 0
usbnet 23745 3 mcs7830,qf9700,asix
dmard06_gl 8202 2
mma7660 6541 0
mali 130177 14
ump 42178 19 mali
gt811_ts_828 19947 0
sun4i_csi0 27946 0
nt99250 14254 1
gc0308 12848 1
videobuf_dma_contig 5659 1 sun4i_csi0
videobuf_core 18067 2 sun4i_csi0,videobuf_dma_contig
I suspect after all the trouble I had with LG source that there are device-specific bits in the drivers.
Polaroid will most likely have to cough up source to get it all working.
Have you considered trying punchmod to use the old drivers? I dunno if that'd work considering the stock kernel is a lower version... but it might be worth a try.
bigsupersquid said:
I suspect after all the trouble I had with LG source that there are device-specific bits in the drivers.
Polaroid will most likely have to cough up source to get it all working.
Have you considered trying punchmod to use the old drivers? I dunno if that'd work considering the stock kernel is a lower version... but it might be worth a try.
Click to expand...
Click to collapse
I have changed the vermagic on the old modules and tried with the newer kernel but no go.... the latest 3.0 sunxi kernel is at 3.0.96 so I will build this one and see if I can get the special 3.0.8 polaroid modules to load.
I have a ticket open with Polaroid lol I guess we will see if the cough up a kernel or not.... I would not put money on it...
domenictroilo said:
I have changed the vermagic on the old modules and tried with the newer kernel but no go.... the latest 3.0 sunxi kernel is at 3.0.96 so I will build this one and see if I can get the special 3.0.8 polaroid modules to load.
I have a ticket open with Polaroid lol I guess we will see if the cough up a kernel or not.... I would not put money on it...
Click to expand...
Click to collapse
I've had an open ticket since November from talking on the phone after email did nothing.
nothing but autoresponder.
bigsupersquid said:
I've had an open ticket since November from talking on the phone after email did nothing.
nothing but autoresponder.
Click to expand...
Click to collapse
Do you believe that something like this http://gpl-violations.org/faq/violation-faq.html could force them to provide the source code? I could try to get the group at "FreakTab" to make the same requests for the kernel sources. Maybe with enough requests the gpl-violations group could take it on?
(K I am getting off topic here sorry anyone out there......)
I have attempted to build the 3.0.96 kernel but it did not boot.... back to hacking at the .config to see what I have missed (I need to move my build environment off this old p3 800 lol)
I am following this tutorial on my desire 610: http://http://whiteboard.ping.se/Android/Debian
All has gone well so far, the system works in chroot, etc etc etc, thats not the problem. My problem is that i cant seem to pack a boot image that works for the phone. I know the problem is with my boot image, because if the init script had been initalised, I had a line at the start which would start a log file, and the system would bootloop. Instead it takes me to the fastboot menu when i power on.
I have used the tool to unpack the boot image, found at http://whiteboard.ping.se/Android/Unmkbootimg , and its output was this:
Code:
unmkbootimg version 1.2 - Mikael Q Kuisma <[email protected]>
Kernel size 6004624
Kernel address 0x8000
Ramdisk size 1017204
Ramdisk address 0x2008000
Secondary size 0
Secondary address 0xf00000
Kernel tags address 0x1e00000
Flash page size 2048
Board name is ""
Command line "console=ttyHSL0,115200,n8 androidboot.hardware=qcom user_debug=31 ehci-hcd.park=3"
*** WARNING ****
This image is built using NON-standard mkbootimg!
OFF_KERNEL_ADDR is 0xFE208100
OFF_RAMDISK_ADDR is 0x00208100
OFF_SECOND_ADDR is 0xFF100100
Please modify mkbootimg.c using the above values to build your image.
****************
Extracting kernel to file zImage ...
Extracting root filesystem to file initramfs.cpio.gz ...
All done.
---------------
To recompile this image, use:
mkbootimg --kernel zImage --ramdisk initramfs.cpio.gz --base 0x1dfff00 --cmdline 'console=ttyHSL0,115200,n8 androidboot.hardware=qcom user_debug=31 ehci-hcd.park=3' -o new_boot.img
---------------
I have tried doing as it says and compiling mkbootimg with those settings, however it still does not work. Could anyone possibly see what im doing wrong? And if not, does anyone have a copy of mkbootimg that works for the Desire 610?
Thanks in advance
falseascension said:
I am following this tutorial on my desire 610: http://http://whiteboard.ping.se/Android/Debian
All has gone well so far, the system works in chroot, etc etc etc, thats not the problem. My problem is that i cant seem to pack a boot image that works for the phone. I know the problem is with my boot image, because if the init script had been initalised, I had a line at the start which would start a log file, and the system would bootloop. Instead it takes me to the fastboot menu when i power on.
I have used the tool to unpack the boot image, found at http://whiteboard.ping.se/Android/Unmkbootimg , and its output was this:
Code:
unmkbootimg version 1.2 - Mikael Q Kuisma <[email protected]>
Kernel size 6004624
Kernel address 0x8000
Ramdisk size 1017204
Ramdisk address 0x2008000
Secondary size 0
Secondary address 0xf00000
Kernel tags address 0x1e00000
Flash page size 2048
Board name is ""
Command line "console=ttyHSL0,115200,n8 androidboot.hardware=qcom user_debug=31 ehci-hcd.park=3"
*** WARNING ****
This image is built using NON-standard mkbootimg!
OFF_KERNEL_ADDR is 0xFE208100
OFF_RAMDISK_ADDR is 0x00208100
OFF_SECOND_ADDR is 0xFF100100
Please modify mkbootimg.c using the above values to build your image.
****************
Extracting kernel to file zImage ...
Extracting root filesystem to file initramfs.cpio.gz ...
All done.
---------------
To recompile this image, use:
mkbootimg --kernel zImage --ramdisk initramfs.cpio.gz --base 0x1dfff00 --cmdline 'console=ttyHSL0,115200,n8 androidboot.hardware=qcom user_debug=31 ehci-hcd.park=3' -o new_boot.img
---------------
I have tried doing as it says and compiling mkbootimg with those settings, however it still does not work. Could anyone possibly see what im doing wrong? And if not, does anyone have a copy of mkbootimg that works for the Desire 610?
Thanks in advance
Click to expand...
Click to collapse
I just use Blobtools and linux's standard abootimg. I'll find some links and do a quick Howto when I get home tonight.
MiniBlu
MiniBlu said:
I just use Blobtools and linux's standard abootimg. I'll find some links and do a quick Howto when I get home tonight.
MiniBlu
Click to expand...
Click to collapse
Cheers! looking forward to getting this thing actually working
Aha! Using abootimg made it work. Wish i knew about that earlier...
There's still a few errors though, need to fix that. Thanks for your help, you literally saved probably hours and hours more work if I hadnt known about this. Much appreciated