Android 'boot' partition - is there some kind of checksum? - Android Q&A, Help & Troubleshooting

Hello everyone, new user here from Montréal, Canada!
I have a question regarding the "boot" MTD device on this cheap gigabyte/proscan tablet (model: plt1066g) - When i try to write what looks like a perfectly valid boot file to the boot partition, the device freezes on the OEM (proscan) boot logo, just after adjusting the brightness. It never gets to the green trashcan/r2d2 that flashes for a second, or the android boot animation.
If i re-flash the original image that i dumped from the MTD device, it works fine, so i know it's not a problem with the flashing process or the flashing tool i'm using.
The aforementioned original boot image consists of the following parts at the following offsets:
Code:
10 0xA LZMA compressed data, properties: 0x2E, dictionary size: 8388608 bytes, uncompressed size: 259087888 bytes
2048 0x800 uImage header, header size: 64 bytes, header CRC: 0xBA042549, created: Fri Aug 1 03:43:38 2014, image size: 3027415 bytes, Data Address: 0x80008000, Entry Point: 0x80008000, data CRC: 0x74A1309A, OS: Linux, CPU: ARM, image type: OS Kernel Image, compression type: lzma, image name: "Linux-3.0.8"
3031040 0x2E4000 gzip compressed data, was "ramdisk.cpio", from NTFS filesystem (NT), last modified: Fri Aug 1 04:24:34 2014, max compression
I simply extracted the cpio archive, modified the init.rc script in this archive, then re-generated the archive and wrote it at the correct offset in my new copy of the boot image. This new boot image now contains:
Code:
10 0xA LZMA compressed data, properties: 0x2E, dictionary size: 8388608 bytes, uncompressed size: 259087888 bytes
2048 0x800 uImage header, header size: 64 bytes, header CRC: 0xBA042549, created: Fri Aug 1 03:43:38 2014, image size: 3027415 bytes, Data Address: 0x80008000, Entry Point: 0x80008000, data CRC: 0x74A1309A, OS: Linux, CPU: ARM, image type: OS Kernel Image, compression type: lzma, image name: "Linux-3.0.8"
3031040 0x2E4000 gzip compressed data, was "ramdisk.cpio", from Unix, last modified: Wed Sep 16 14:55:00 2015, max compression
.... so it's not a problem with the image file, or with the cpio archive contained in the file (i checked that as well), or - at least i think - not a problem with the added lines in the init.rc file. Which leads me to suspect that the only possibiliity is that there's somehow a checksum or some other kind of hash check being done on the partition - for example in that small unused section at the beginning of the partition/image. If that's the case, is there some documentation about the process, or at least some ready-made tool that would generate the proper hash check?
Thanks very much for any assistance.
/* edit */ Oh, i forgot to mention that this device is running Android 4.1.1.
/* edit2 */ Also thought it might be a good idea to share the actual resulting image. Here it is: (sorry, message board is preventing me from attaching/linking to files :/ )

Most shipping devices have locked bootloaders that allow only booting signed kernels. Is your bootloader unlocked?

I still don't know the answer to my original question, but using a utility called 'mkbootimg' instead of manually assembling the image myself, solved the problem. There doesn't seem to be any (other) locking mechanism on the boot loader of this device.
Thanks for your reply!

Related

Android on Beagleboard-Xm

Hi all. I have compiled 0xdroid Gingerbread for beagleboard-xm following the official wiki.
the system stops during kernel boot
Here is my output:
Code:
reading boot.scr
462 bytes read
Running bootscript from mmc ...
## Executing script at 82000000
reading uImage
3502776 bytes read
reading uInitrd
173707 bytes read
## Booting kernel from Legacy Image at 80200000 ...
Image Name: Linux-2.6.38.6-g3298421-dirty
Image Type: ARM Linux Kernel Image (uncompressed)
Data Size: 3502712 Bytes = 3.3 MiB
Load Address: 80008000
Entry Point: 80008000
Verifying Checksum ... OK
## Loading init Ramdisk from Legacy Image at 81600000 ...
Image Name: Android Ramdisk Image
Image Type: ARM Linux RAMDisk Image (gzip compressed)
Data Size: 173643 Bytes = 169.6 KiB
Load Address: 00000000
Entry Point: 00000000
Verifying Checksum ... OK
Loading Kernel Image ... OK
OK
Starting kernel ...
Uncompressing Linux... done, booting the kernel.
<5>Linux version 2.6.38.6-g3298421-dirty (sarasini-64bit)
(gcc version 4.5.4 20110505 (prerelease) (Linaro GCC 4.5-2011.05-0) )
#6 Mon Jan 2 21:02:10 CET 2012
CPU: ARMv7 Processor [413fc082] revision 2 (ARMv7), cr=10c53c7f
CPU: VIPT nonaliasing data cache, VIPT aliasing instruction cache
Machine: OMAP3 Beagle Board
<6>Reserving 33554432 bytes SDRAM for VRAM
Memory policy: ECC disabled, Data cache writeback
<5>Truncating RAM at a0000000-bfffffff to -afffffff (vmalloc region
overlap).
<6>OMAP3630 ES1.2 (l2cache iva sgx neon isp 192mhz_clk )
<6>SRAM: Mapped pa 0x40200000 to va 0xfe400000 size: 0x10000
No more output. all leds on the board are turned on. Any help?
thanks
Francesco
Repo Sync , Sync'd all projects for over 8 hrs on my 2mbps plan
This is the guide i took for reference and changed the repositories address to the one for beagleboard , using this command
Code:
repo init -u https://bitbucket.org/sola/android_manifest
Yet all 239 odd projects got downloaded , how to only download the beagleboard source files and not all aosp project on the main android source code git
Please clarify this (i know how to use -b option in repo sync to take only branches of a project from the manifest i point it to)
repo should only download files from bitbucket.org and not all android sources files correct?

cant modify ANY parttions - I want to totally ZAP the flash

I have a NOOK tablet 16GB that is somehow locked from modifying partitions
I have tried
the repart image , which has worked many times for me in the past
the AdamOutler Ubuntu Disk
formatting / wiping options in various versions of CWM and TWRP
fastboot erases
fastboot formats
dd'ing /zero to various partitions
parted
sgdisk
a zillion scripts
something at a low level is preventing modifications to the partitions
Im wasting far too much time on this , but I hate being beat (-:
I have a backup of rom and factory , and dd images of stock parttions so I am 100% comfortable with something that
will COMPLETELY ZAP the device
if I boot a known good CM10 image from SD card, it fails to boot , I was assuming if I could get a running android from the card, I'd have access to lots of tools... , but it just fails to tun CM10
any help appreciated.
Thanks
To completely zap the device, erase the partition table. That will leave you one, giant, unallocated space.
From there, you need to recreate all partitions from scratch.
You will not be able to boot without a bootable CWM SD, so have that handy.
sagirfahmid3 said:
To completely zap the device, erase the partition table. That will leave you one, giant, unallocated space.
From there, you need to recreate all partitions from scratch.
You will not be able to boot without a bootable CWM SD, so have that handy.
Click to expand...
Click to collapse
Thanks for responding, Yes, I have tried multiple ways to to zap the table and it doesnt stick.
sgdisk -Z, sgdisk -z parted,
no matter what I do the partitions remain untouched.
I reboot and it still boots into an old stock OS that has a FC shortly after startup, and the internal recovery (factory) , which I can not overwrite, gives the please restart and try again message.
hmm,
I WAS able to get a CM7 SD card image to boot and run
appears to work "normally" , but Internal storage shows as "not available" in settings
mikeataol said:
hmm,
I WAS able to get a CM7 SD card image to boot and run
appears to work "normally" , but Internal storage shows as "not available" in settings
Click to expand...
Click to collapse
You're supposed to do:
# gdisk
# o
# w
# q
That will for sure give you an empty partition table. You probably forgot to write the changes before exiting.
sagirfahmid3 said:
You're supposed to do:
# gdisk
# o
# w
# q
That will for sure give you an empty partition table. You probably forgot to write the changes before exiting.
Click to expand...
Click to collapse
Hi, no, I didnt forget to "write" after the "o"
/tmp # ./gdisk /dev/block/mmcblk0
./gdisk /dev/block/mmcblk0
GPT fdisk (gdisk) version 0.8.4
Caution: invalid backup GPT header, but valid main header; regenerating
backup header from main header.
Warning! Main and backup partition tables differ! Use the 'c' and 'e' options
on the recovery & transformation menu to examine the two tables.
Warning! One or more CRCs don't match. You should repair the disk!
Partition table scan:
MBR: protective
BSD: not present
APM: not present
GPT: damaged
****************************************************************************
Caution: Found protective or hybrid MBR and corrupt GPT. Using GPT, but disk
verification and recovery are STRONGLY recommended.
****************************************************************************
Command (? for help): o
o
This option deletes all partitions and creates a new protective MBR.
Proceed? (Y/N): y
y
Command (? for help): w
w
Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING
PARTITIONS!!
Do you want to proceed? (Y/N): y
y
OK; writing new GUID partition table (GPT) to /dev/block/mmcblk0.
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot.
The operation has completed successfully.
/tmp # q
/tmp #
after reboot
Command (? for help): p
p
Disk /dev/block/mmcblk0: 31105024 sectors, 14.8 GiB
Logical sector size: 512 bytes
Disk identifier (GUID): CE21388C-B927-4A5C-91CE-DBD1DE4AB3BC
Partition table holds up to 128 entries
First usable sector is 34, last usable sector is 30535678
Partitions will be aligned on 256-sector boundaries
Total free space is 1285 sectors (642.5 KiB)
Number Start (sector) End (sector) Size Code Name
1 256 511 128.0 KiB 8300 xloader
2 512 1023 256.0 KiB 8300 bootloader
3 1024 31743 15.0 MiB 8300 recovery
4 32768 65535 16.0 MiB 8300 boot
5 65536 163839 48.0 MiB 8300 rom
6 163840 262143 48.0 MiB 8300 bootdata
7 262144 1019903 370.0 MiB 8300 factory
8 1019904 2273279 612.0 MiB 8300 system
9 2273280 3145727 426.0 MiB 8300 cache
10 3145728 5242879 1024.0 MiB 8300 media
11 5242880 30535639 12.1 GiB 8300 userdata
Humm...wow, that's pretty crazy. Try writing zeroes to your emmc and then retrying.
# dd if=/dev/zero of=/dev/block/mmcblk0

Need .img files for LG G3 vs985

I attempted to install Jasmine rom, after it failed twice I tried to recover and failed at that. Then after trying to resinstall twrp i got it into a bootloop and no recovery and no download and no recovery.
I need the following .img for the LG G3 vs985 to try to use the method in the link below:
NEED THESE FILES:
1- sbl1.img
2- aboot.img
3- rpm.img
4- tz.img
http://forum.xda-developers.com/showthread.php?t=2582142
Here are the files from 10b:
http://downloads.codefi.re/autoprime/LG/LG_G3/VS985/stock_partitions/10B
Be careful (those are things that mere mortals like I wouldn't mess with )
THANK YOU!!
markfm said:
Here are the files from 10b:
http://downloads.codefi.re/autoprime/LG/LG_G3/VS985/stock_partitions/10B
Be careful (those are things that mere mortals like I wouldn't mess with )
Click to expand...
Click to collapse
Thank you very much. now i just need to figure out why It wont show me the locations of all those files when i enter the terminal in linux... I'm getting something like this:
Partition table scan:
MBR: MBR only
BSD: not present
APM: not present
GPT: not present
************************************************** *****************************************
Found invalid GPT and MBR valid; Converting MBR to GPT format in memory.
************************************************** *****************************************
Disk /dev/sda: 625142448 sectors, 298.1 GiB
Logical sector size: 512 bytes
Disk identifier (GUID): 4746570D-B91E-4A91-917C-D94BCEBD34F3
Partitions table holds up to 128 entries
First usable sector in 34, last usable sector is 625142414
Partitions will be aligned on 2048-sector boundaries
Total free space is 310512237 sectors (148.1 GiB)
Number Start (sector) End (sector) Size Code Name
1 2048 52430847 25.0 GiB 0700 Microsoft Basic data
2 52430848 314632191 125.0 GiB 0700 Microsoft Basic data
Only this was copied from another post. I am using linux.
Any suggestions?
No idea. What you posted doesn't make sense to me. Hopefully someone else will pop in.
I copied from another post but I am getting roughly the same response when I rum the gdisk Dev command in Linux terminal. It does recognize the device as lg. But it doesn't appear to find the device while running the command to see the list of img files.
Also having trouble coding the file extension to push the img files with dd command.

Recovery image unpack problem

Hello Everyone,
I'm porting twrp recovery for GFive 77A. but facing the below problem to unpack original recovery.img using carliv. how do i solve that problem? please find recovery.img-ramdisk.gz
Code:
Your image: recoveryold.img
Create the recoveryold folder.
Printing information for "recovery.img"
Unpack image utility by [email protected]
[!] This image has a MTK header
Header:
Magic : ANDROID!
Magic offset : 0
Page size : 2048 (0x00000800)
Base address : 0x10000000
Kernel address : 0x10008000
Kernel size : 3983464 (0x003cc868)
Kernel offset : 0x00008000
>> kernel written to 'recoveryold/recovery.img-kernel' (3982952 bytes)
Ramdisk address : 0x11000000
Ramdisk size : 1145048 (0x001178d8)
Ramdisk offset : 0x01000000
>> ramdisk written to 'recoveryold/recovery.img-ramdisk.gz' (1144536 bytes)
Second address : 0x10f00000
Tags address : 0x10000100
Tags offset : 0x00000100
Compression used: gz
Unpacking the ramdisk....
../recovery.img-ramdisk.gz:
gzip: ../recovery.img-ramdisk.gz: unexpected end of file
cpio: premature end of file
Your ramdisk archive is corrupt or unknown format. Exit script.

Compiling TWRP for TicWatch Pro 2020 (catfish_ext)

Hello, I recently got a TicWatch Pro 2020 model (1 GB RAM, no LTE), and wanted to install Magisk. I tried booting TWRP for the original TicWatch Pro (catfish) as well as the LTE model (catshark) to no avail. I decided to try and port the recovery myself. So I cloned the repository for the original model and tried just changing the codename. I had never done it before so I had no idea that I first needed to get the kernel for my watch (which requires TWRP to pull). Eventually I found a TWRP image that worked on my watch and I wanted to see if I could manage to compile one myself. I pulled boot.img from my watch and this is what binwalk shows on it:
Code:
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 Android bootimg, kernel size: 8469500 bytes, kernel addr: 0x80008000, ramdisk size: 1869123 bytes, ramdisk addr: 0x81000000, product name: ""
2048 0x800 Linux kernel ARM boot executable zImage (little-endian)
18675 0x48F3 gzip compressed data, maximum compression, from Unix, last modified: 1970-01-01 00:00:00 (null date)
7879104 0x7839C0 Flattened device tree, size: 197476 bytes, version: 17
8053880 0x7AE478 Unix path: /dev/block/platform/soc/7824900.sdhci/by-name/vendor
8076580 0x7B3D24 Flattened device tree, size: 197492 bytes, version: 17
8251372 0x7DE7EC Unix path: /dev/block/platform/soc/7824900.sdhci/by-name/vendor
8274072 0x7E4098 Flattened device tree, size: 197476 bytes, version: 17
8448848 0x80EB50 Unix path: /dev/block/platform/soc/7824900.sdhci/by-name/vendor
8472576 0x814800 gzip compressed data, maximum compression, from Unix, last modified: 1970-01-01 00:00:00 (null date)
I used dd to cut off the first and last entry, to (hopefully) give me the zImage-dtb that I needed. Amazingly, it worked! The recovery compiled and I was able to boot it. However it's not perfect and I would like to ask for help with two things:
1: When I run:
Code:
mka recoveryimage
the process finishes and the recovery.img is built, but make returns an error: recovery.img too large. Luckily it doesn't affect me as for now I'm just using fastboot boot and not flashing anything. But if I wanted to flash the image I guess I would need to find a way to reduce the image size. Also the other recovery that I found online is much smaller (~14 kB vs ~21 kB). What can I do to make the final image smaller?
2: When running fastboot boot recovery.img, the screen changes to a random colorful noise for about 10 seconds before showing the TWRP logo and booting successfully. What could cause that and how can I fix it?
Here is the repository with all of the files: https://github.com/sasodoma/android_device_mobvoi_catfish_ext

Categories

Resources