[WIP][MOD][SPLASH][OP6] Splash Screen Image Injector - OnePlus 6 Themes, Apps, and Mods

Hey folks, thanks to @iElvis sharing his or her logo 'data' from the OP6. I have adapted my previous OnePlus programs that let you change the splash screen to work with the OP6. This means that the encoding of the data structure and the encoding of the image data are done. I do not have a OP6 and can not test certain things like where to put the modified file. In the past, flashing was always easy (and always has been especially with the OnePlus models).
My holdup and why I need the XDA/OP6 community support is to find out where to exactly put this modified file. In the past I haphazardly made a super fast in-memory program for altering the splash screen for the Nexus 6p that was (and is currently) at a roadblock for one reason. That reason was Google used ELFs to populate partitions (not short people with pointy ears and green clothing), and at that time utilized separate partitions that the ELFs populate. Not all were ELF generated, but that is outside of the scope of what I do because to a certain point the ones that I wanted to change were generated that way.
This concept of splitting partitions, back then, was just trying to grab a footing on seamless upgrades initially from what I have read up until this newer style. I have put some research into some things involving this, but Google is kind of bland in it's description of what this all means. This is different than the Nexus 6P that I mentioned previously, and if you read that last link, it may be just as easy as flashing it to both partitions logo_a & logo_b. One partition is always active and has two different statuses, which make the device 'ideally' always bootable after an OS update.
Most of my research was done through reading a lot of the open source code put out by the AOSP for "fastboot". You can learn more than you can ever derive from documentation in this realm. I hope to hear some feedback of attempts so that I can delete all of this up above
Please read below so you can better understand this type of encoding being used:
What Is A Raw Image?
A raw image, whether it be a file or an image in memory, is simply pixel data. There is no extra information like width, height, name, end of line... Absolutely nothing, just pixel data. If you have an image that is raw and the resolution is 1080x1920 and you are using a typical RGB24 or BGR24 (like the ones used here), then your exact filesize or size in memory will be 1080x1920x3! We use 3 here because there is one byte for the R or red component, one for the G (green), and one for the B(blue).
What Is A Run Length Encoded Image?
A run length image encoding uses a count ;usually a single byte (char), 2 bytes (short int), or 4 bytes (long int); and then the pixel components. So instead of writing out 300 bytes of '0's to make a line of 100 black pixels. Black is RGB(0,0,0). You could encode this as 100, 0, 0, 0. And only use 4 bytes of data to get the exact same image as the 300 byte raw image. All the run length encoding I've found, except the Motorola style which is a little different, use a run length encoding that is pixel-oriented like this.
Now I've found this new one and it is a byte-oriented run length encoding. This is for runs of bytes, not pixels. You may think, well whats the big deal? When you add a little area of color, you increase the run length encoded image in you logo.bin immensely! You use 6 bytes per pixel if there aren't any runs of color data. If you had an image that was a 1080x1920 black image with a 25 pixel horizontal line in the middle. The encoder would be doing runs of black data efficiently until it reached the red area.
.....0 255 0 255 0 255 0 255 0 255 0 133 /// we've reached the top left corner of the red line /// 13 1 30 1 255 1 // << that was just one red pixel!! in bgr color order (13, 30, 255) <<// And it keeps going through the rest of the red pixels on that line using 6 bytes per pixel, which is the opposite of compression. Before reaching the red line the encoding was decoding to 255 zeros over and over, until finally 133 zeros. 255 zeros is 85 black pixels stored in just 2 bytes!
This type of encoding is ONLY good for grey scale images. It is not good with color, but it still will handle color of course. In grey scale, the Red, Blue, and Green data components are always the same values. All the way from black (0,0,0) to white (255, 255, 255); including every shade of grey in between>>>(1,1,1) (2,2,2) (3,3,3)....(243, 243, 243) (254, 254, 254)<<<
One other difference in this method of run length encoding is that the color byte is before the count, which is backwards from all of the other methods.​
The attachment contains the executable that was compiled using mingw32 on a 64 bit Windows 10 PC. The awesome PNG library that I used for generating the pngs is LodePng, the source can be found here.
To use the OnePlus 6 Logo Injector:
Decode your logo.bin:
Code:
OP6Logo -i logo.bin -d
All the PNG 's will be extracted from logo.bin. Edit the PNG(s) that you want to change...
Note:
Your original "logo.bin" file is never changed, it is just read. If the file you try to load isn't a logo file, or a different style, then the program will tell you and exit.​
Inject the image(s) back in to the logo.bin:
Code:
OP6Logo -i logo.bin -j fhd_oppo fhd_at
To list whats in your logo file:
Code:
OP6Logo -i logo.bin -l
For a more detailed list:
Code:
OP6Logo -i logo.bin -L
If the colors are messed up use the "-s" switch while decoding.
Code:
OP6tLogo -i logo.bin -d -s
If you had to use the "-s" switch to decode properly, you'll have to use it to inject also:
Code:
OP6Logo -i logo.bin -j image_name -s
Note:
You can put as many names after "-j" as you want, and it's not case sensitive. You also don't have to put the whole name. If you just put "-j fhd" every image in the logo.bin that starts with "fhd" will be injected. There has to be a PNG with the name in the directory though​
The size of your modified.logo.bin will displayed along with the original size, if everything went good. The 'splash' partition is 16 MB on the OP6. If you use too much color on too many of the images you will easily go over 16 MB. The program will tell you and delete the "modified.logo.bin" that was created. If for some strange reason you would like to keep it, use the "-B" flag on the command.
The last step is to flash the modified logo file via fastboot with the command
Code:
fastboot flash LOGO modified.logo.bin
Use this at your own risk.
Always make backups.
Always.

Source
Source:

I haven't had a chance to work up a custom splash and flash it just yet, in part because I realized that on this phone, the splash screen only shows up for a split second before it's replaced by the "Your phone is unlocked and insecure, don't put sensitive files on it blah blah" warning. So I'm not sure this is going to do a whole lot for us. I'm going to try later tonight or this weekend and report back. Pretty sure "flash logo" should work fine, but it will flash only to the active partition. We may need to "flash logo_a" and "flash logo_b" to get it on both partitions.
Also, thanks for posting the source. I'm going to see if I can get this to compile in Xcode so we have an OSX version.
Edit 6/10: I can't get it to compile in Xcode, but I'm sure it's something I'm doing wrong.

Anyone tested it splash screen

Okay, welp, I'm throwing in the towel on this one. The bootloader warning is not in text like it was on the HTC phones I've modded to remove it. On those phones, the text showed up in the bootloader file in a hex editor, and could be replaced with empty spaces to remove it.
I pulled the boot file from /dev/block/bootdevice/by-name/ and searched through it. None of the text in the warning can be found with a simple search. As I suspected, that warning screen looks like it's a function coded into the boot process, which means removing it is probably impossible.

work Fine !
file :
lodepng.h
lodepng.c
OP6Logo.c
# gcc lodepng.c -c
# gcc OP6Logo.c -c
# gcc *.o -o OP6_prog OR # gcc lodepng.o OP6Logo.o -o OP6_prog
# ./adb shell
# su
# cd /dev/block/bootdevice/by-name
# ls --color --all
lrwxrwxrwx 1 root root 16 1970-01-06 04:29:20.549999999 +0100 LOGO_a -> /dev/block/sde20
# dd if=LOGO_a of=/sdcard/LOGO_a
exit
# ./adb pull /sdcar/LOGO_a ./
# OP6_prog -i LOGO_a -d
MODIFY YOUR PICTURE .....
# ./OP6logo -i LOGO_a -j fhd_
you have modified.logo.bin
Just dd if of and work fine !
And for the Real Splash :
./adb pull /system/media/bootanimation.zip ../
God bless

gao0309 said:
file :
lodepng.h
lodepng.c
OP6Logo.c
# gcc lodepng.c -c
# gcc OP6Logo.c -c
# gcc *.o -o OP6_prog OR # gcc lodepng.o OP6Logo.o -o OP6_prog
# ./adb shell
# su
# cd /dev/block/bootdevice/by-name
# ls --color --all
lrwxrwxrwx 1 root root 16 1970-01-06 04:29:20.549999999 +0100 LOGO_a -> /dev/block/sde20
# dd if=LOGO_a of=/sdcard/LOGO_a
exit
# ./adb pull /sdcar/LOGO_a ./
# OP6_prog -i LOGO_a -d
MODIFY YOUR PICTURE .....
# ./OP6logo -i LOGO_a -j fhd_
you have modified.logo.bin
Just dd if of and work fine !
And for the Real Splash :
./adb pull /system/media/bootanimation.zip ../
God bless
Click to expand...
Click to collapse
Way to remove bootloader unlocked warning?

NO

Please create flashable zip. Of splash screen

I'm trying this on linux on a 6T boot splash screen but I get a segmentation fault:
Code:
__________________________________________________________-_-
OP6 Logo Injector v1
Written By Makers_Mark @ XDA-DEVELOPERS.COM
_____________________________________________________________
FILE: logo.bin
_____________________________________________________________
RGB is the color order. Use "-s" switch to change it to BGR.
#01: Offset:0
Header=SPLASH!!
Width=1080
Height=1920
Data Length=81798
Special=1
Name=
Metadata=
Segmentation fault
Any idea why?

foobar66 said:
I'm trying this on linux on a 6T boot splash screen but I get a segmentation fault:
Any idea why?
Click to expand...
Click to collapse
For 6T, maybe you need look at this thread
https://forum.xda-developers.com/oneplus-6t/development/tool-splash-screen-modification-t3874158
Sent from my ONEPLUS A6000 using XDA Labs

I tried to report that the error memory could not be read under Windows 10 and wimdows7. Then I executed the following instructions under Linux and still reported the error. What can I do, oneplus 6, Android 9.0?
gcc lodepng.c -c
gcc OP6Logo.c -c
gcc *.o -o a.out
./a.out -i logo.bin -d
The following are the results of implementation:
__________________________________________________________-_-
OP6 Logo Injector v1
Written By Makers_Mark @ XDA-DEVELOPERS.COM _____________________________________________________________
FILE: logo.bin _____________________________________________________________
BGR is the color order. Use "-s" switch to change it to RGB.
#01: Offset:0
Header=SPLASH!!
Width=1080
Height=1920
Data Length=77716
Special=1
Name=
Metadata=
Segmentation fault

Code:
C:\Users\denie\Documents\logo>OP6Logo -i logo.bin -d
__________________________________________________________-_-
OP6 Logo Injector v1
Written By Makers_Mark @ XDA-DEVELOPERS.COM
_____________________________________________________________
FILE: logo.bin
_____________________________________________________________
BGR is the color order. Use "-s" switch to change it to RGB.
#01: Offset:0
Header=SPLASH!!
Width=1080
Height=1920
Data Length=81798
Special=1
Name=
Metadata=
C:\Users\denie\Documents\logo>
Any ideas?

Does this work?

Prakyy said:
Does this work?
Click to expand...
Click to collapse
There's no way to hide the Google warning about unlocked bootloaders, if that's what you mean.

iElvis said:
There's no way to hide the Google warning about unlocked bootloaders, if that's what you mean.
Click to expand...
Click to collapse
Really... This is what I've been searching all over for for my 6t... Get rid of the stupid bootloader unlock warning. On all my other devices we always used a custom made boot-logo.bin and installed it on slot a and slot b using fastboot.. I guess if it could be covered up it definitely would have by now. ?
Edit added: I just read the thread. From what I've gathered basically this device (6&6t) is designed different and that's why we can't tamper with/cover up the bootloader warning message.

flash713 said:
Really... This is what I've been searching all over for for my 6t... Get rid of the stupid bootloader unlock warning. On all my other devices we always used a custom made boot-logo.bin and installed it on slot a and slot b using fastboot.. I guess if it could be covered up it definitely would have by now. ?
Edit added: I just read the thread. From what I've gathered basically this device (6&6t) is designed different and that's why we can't tamper with/cover up the bootloader warning message.
Click to expand...
Click to collapse
I gave up after a lot of experimenting. I'm not aware of anyone managing it.

iElvis said:
I gave up after a lot of experimenting. I'm not aware of anyone managing it.
Click to expand...
Click to collapse
You should get an award for your XDA signature. ?? It's funny because it's real and oh so true! The way some people comment on things never ceases to blow me away. I see some posts and I think to myself, "what the hell?" "Who raised this person!?" There are definitely many different types of humans out there in the world that's a fact. I try and stay out of it as much as possible. ? lol.
It sucks we can't just make a ton of boot logos and cover that up. Oh well the 6 & 6t are awesome devices!! Usually whenever I end up on down the road selling my phone and purchasing another one from eBay or swappa things similar to this begin to be solved and then 15 custom roms all drop outa nowhere all at once. ? Happens every...single...time...haha!! Thanks for giving it a shot! :good:

Related

Extracting splash screen with RBMC

I'm trying to use the RBMC command in the BL to extract the splash screens (as I couldnt find Orange-Israel splash screens anywhere).
I authenticated myself in the BL (btw, I have an exectuable that will do all that is written in POF's wiki). when I use the RBMC command:
rbmc d:\splash.nb 500e0000 40000
alot of garbge starts to flow to the screen in MTTY.
I guess MTTY doesnt saves the file automaticly.
Please help me dumping the Splash using this method (or any other method)
Capture the output with usb-monitor and convert it to binary file.
Pog, can you elaborate in this?
I used USB Monitor to log everything. Now I have a HEX and ASCII dump of every packet that cam from the TYTN. How do I save it into something usfull and how do I convert it to binary and then to BMP?
You can do it with unix command 'xxd' (included in vim) or with a simple C program (do a bucle in a shell script for every hex-char):
Code:
int main () {
unsigned int c;
unsigned char aux[10];
int s=read(0,aux,4);
sscanf(aux,"%x",&c);
printf ("%c",c);
return 0;
}
If you don't have access to a linux box, attach the dump here and I do it for you.
damnit, I wont have access to linux until next week...
I would appritiate your help in converting but I dont know if I did the dump correctly with USB Monitor.
First, it has several packakets with the commands I issued, than it has several LARGE packets with "junk" (I think thats the Splash screen dump).
However, I can export it to TXT and in TXT I see both the HEX and the ASCII part. Is that ok? If not, how do I dump the correct part?
knfevg said:
However, I can export it to TXT and in TXT I see both the HEX and the ASCII part. Is that ok? If not, how do I dump the correct part?
Click to expand...
Click to collapse
Yes this is correct. Attach the dump and if it is useful i make the splashscreens for u.
POF, attached is the zipped file with the TXT dump (in unicode).
It would be GREAT if you could help me.
If there is a need in some other kind of a dump, please let me know.
The dump is incomplete, you only dumped 24Kb, a whole splash screen should be at least 128Kb + 128Kb more of padding. Attached is the partial bin file.
mtty is not good for rbmc'ing... the best is to use linux 'cu' comand (included in uucp) like this:
Code:
((sleep 2 && echo rbmc file 500E0000 40000 ) | cu -l /dev/ttyUSB0 ) > dump.txt
POF,
I think I've attached the wrong file
I hope thats the correct one
there you go, splash in .nb and .bmp
pof said:
The dump is incomplete, you only dumped 24Kb, a whole splash screen should be at least 128Kb + 128Kb more of padding. Attached is the partial bin file.
mtty is not good for rbmc'ing... the best is to use linux 'cu' comand (included in uucp) like this:
Code:
((sleep 2 && echo rbmc file 500E0000 40000 ) | cu -l /dev/ttyUSB0 ) > dump.txt
Click to expand...
Click to collapse
Hi pof.
Have tried this too, but the dump.txt contains only 46 bytes. What's wrong.
mm... post the contents and we'll know
Probably it's failing because you have to authenticate to the bootloader prior to doing the rbmc command (or use a patched SPL which does not require it, for example latest HardSPL).
Pof, THANKS!!!!!
One more question.
The secondary splash is usualy the same as the prime?
What IS SubMain splash? When does it come up?
knfevg said:
The secondary splash is usualy the same as the prime?
Click to expand...
Click to collapse
Generally yes.
knfevg said:
What IS SubMain splash? When does it come up?
Click to expand...
Click to collapse
MainSplash - the one you see with the red letters at bottom when booting
SubSplash - the next one without red letters
If MainSplash and SubSplash are the same, you get the feeling that there's only 1 splash screen, but there are actually two
pof can you make me .bmp from dump?
I can xxd to hex but don't know what's next to got .bmp
Thanks
gromel said:
I can xxd to hex but don't know what's next to got .bmp
Click to expand...
Click to collapse
After you xxd the hex, the binary file you get is the actual splash.nb, so you can use nb_image_converter.exe to make a BMP, you can find it here:
ftp://xda:[email protected]/Hermes/Cooked_ROMs/Hermes_SplashScreen_Pack.zip
BTW, before using xxd you'll need to convert the dump from utf-8 to ascii.
If you can't manage to do it yourself, tell me and I'll do it for you.
Ah, now better understand.
But When I try iconv -f utf8 -t ascii dump -o output
then I got always error iconv: illegal input sequence at position 0
PS. In usb-monitor I can export as UNICODE or ANSI (ASCII).
I'm trying and trying and trying....

Get boot.img From Stock Samsung FW?

I'm working on my first ROM that is based on the "stock" Samsung firmware. I am used to messing around with AOSP and CM ROMs where there's a nice flashable ZIP with a boot.img in it. Working from the "stock" Samsung image has been less clean.
My device is a Samsung SGH-T869 (the T-Mobile version of the Galaxy Tab 7.0 Plus).
I began with the file T869TMBLG7_T869UVLG7_T869UVLG7_HOME.tar.md5, which is the newest firmware available for this device.
I am able to extract the image using 7-zip, which gives me the error "There is no correct record at the end of archive", but otherwise appears to extract perfectly.
Extracted files include:
-boot.bin
-cache.img
-factoryfs.img
-hidden.img
-modem.bin
-param.lfs
-recovery.img
-Sbl.bin
-zImage
These files are enough to give Android Kitchen something to start with, but AK is complaining about the lack of a boot.img, plus I want to do some ramdisk tweaking. I have been researching this for hours, and I get the impression that what I need is in there, just in a proprietary format. I have installed KernelKitchen, which I guess I can use to build boot.img from zImage and a ramdisk, I'm just not sure where to go from here.
I also tried dumping ADB (dd if=/dev/block/mmcblk0pX of=/sdcard/boot.img, tried all partitions one by one).
I also looked at a backup made via CWM 6 of the 'stock' untouched ROM running on my tab. My backup contains:
-boot.img
-cache.ext4.dup
-data.ext4.dup
-nandroid.md5
-recovery.img
-system.ext4.dup
So far, no success. The various imgs I have pulled are all treated as invalid by Android Kitchen and also split_bootimg.pl by William Enck. When running that nice Perl script I get the error "Android Magic not found".
My general first goal is a cleaned up stock ROM which has been deodexed, zipaligned, with insecure boot enabled, and of course, root.I would like to also do a sweet custom boot image and boot animation, but I believe its best to start with a solid foundation before jumping into the other stuff. Any suggestions, XDA gang? Somewhere in that mix did I get the actual boot.img but Samsung uses a weird header? Or something else?
Rename file.tar.md5 to file.tar and unzip
Find an updater-script of custom based stock rom and you get "name' of kernel partition
Sent from my X10i using xda app-developers app
xSkArx said:
Rename file.tar.md5 to file.tar and unzip
Find an updater-script of custom based stock rom and you get "name' of kernel partition
Sent from my X10i using xda app-developers app
Click to expand...
Click to collapse
Your first instruction (to "rename and unzip") makes no difference at all.
The second suggestion seems like it may be useful.
From the CM9 flash script I found that /dev/block/mmcblk0p5 is the boot partition.
I am not sure what's wrong with the boot.img I am pulling.
Here's my command session:
Code:
adb shell
su
dd if=dev/block/mmcblk0p5 of=/mnt/sdcard/boot.img
exit
adb pull /mnt/sdcard/boot.img
I attached the resulting file. I looked at it a bit in a hex editor but I'm not sure what I'm lookin for...
DivinityCycle said:
Your first instruction (to "rename and unzip") makes no difference at all.
The second suggestion seems like it may be useful.
From the CM9 flash script I found that /dev/block/mmcblk0p5 is the boot partition.
I am not sure what's wrong with the boot.img I am pulling.
Here's my command session:
Code:
adb shell
su
dd if=dev/block/mmcblk0p5 of=/mnt/sdcard/boot.img
exit
adb pull /mnt/sdcard/boot.img
I attached the resulting file. I looked at it a bit in a hex editor but I'm not sure what I'm lookin for...
Click to expand...
Click to collapse
It seems that you managed to extract a kernel image (zImage). What you are looking for is an image starting with the signature "ANDROID!".
What do you see if you enter the following command?
Code:
$ cat /proc/mtd
It should read something similar to:
Code:
dev: size erasesize name
mtd0: xxxxxxxx xxxxxxxx "system"
...
DivinityCycle said:
Your first instruction (to "rename and unzip") makes no difference at all.
The second suggestion seems like it may be useful.
From the CM9 flash script I found that /dev/block/mmcblk0p5 is the boot partition.
I am not sure what's wrong with the boot.img I am pulling.
Here's my command session:
Code:
adb shell
su
dd if=dev/block/mmcblk0p5 of=/mnt/sdcard/boot.img
exit
adb pull /mnt/sdcard/boot.img
I attached the resulting file. I looked at it a bit in a hex editor but I'm not sure what I'm lookin for...
Click to expand...
Click to collapse
My first instruction is to get boot.bin without error when unzip it.
With the boot.img that you attached try this http://forum.xda-developers.com/showthread.php?t=1849666
Sent from my X10i using xda app-developers app
You are probably going to have to trim some extra data off the front of your boot.img so that the tool finds the needed Hex address. If you haven't already I'd pull the applicable scripts out of dsixda's kitchen and see how he handles it.
k02a said:
It seems that you managed to extract a kernel image (zImage). What you are looking for is an image starting with the signature "ANDROID!".
What do you see if you enter the following command?
Code:
$ cat /proc/mtd
It should read something similar to:
Code:
dev: size erasesize name
mtd0: xxxxxxxx xxxxxxxx "system"
...
Click to expand...
Click to collapse
I'm pretty sure you're after the partitions. However, there's no /proc/mtd on the SGH-T869 running stock.
Code:
[email protected]:/proc # cat partitions
cat partitions
major minor #blocks name
179 0 15388672 mmcblk0
179 1 20480 mmcblk0p1
179 2 1280 mmcblk0p2
179 3 1280 mmcblk0p3
179 4 8192 mmcblk0p4
179 5 8192 mmcblk0p5
179 6 8192 mmcblk0p6
179 7 204800 mmcblk0p7
259 0 16384 mmcblk0p8
259 1 786432 mmcblk0p9
259 2 13791232 mmcblk0p10
259 3 524288 mmcblk0p11
259 4 8192 mmcblk0p12
179 8 30318592 mmcblk1
179 9 30317568 mmcblk1p1
When looking at /proc/mounts, I see that partitions 1, 4, 7, 9, and 10 are all mounted. I'm also relatively certain that mmcblk1 is the microSD card slot, based on its size (I've got a 32GB card installed at the moment).
So, ruling those out, we're left with:
Code:
major minor #blocks name
179 2 1280 mmcblk0p2
179 3 1280 mmcblk0p3
179 5 8192 mmcblk0p5
179 6 8192 mmcblk0p6
259 0 16384 mmcblk0p8
259 3 524288 mmcblk0p11
259 4 8192 mmcblk0p12
I have already extracted the first 8 partitions and tried running each through Android Kitchen's boot.img unpack tool without success. The script fails to locate the ANDROID header within any of the files. I'm guessing Samsung uses some sort of custom header, because if it works perfectly fine, why not mess with it?
I've searched through a few of the files with XVI32 for "ANDROID" but didn't get any hits.
As posted earlier, other ROMs flash boot.img to mmcblk0p5 so I'm pretty sure that's the right space.
Any hints on an application I can use to analyze the dump and locate the offsets where the header and ramdisk are inside it?
Update. In my research I have come across this article:
http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack,_Edit,_and_Re-Pack_Boot_Images
It wasn't directly helpful but it did give me a key idea: "Find the Magic Number for a GZ archive and you'll find the ramdisk inside the raw image"
As per http://www.garykessler.net/library/file_sigs.html, the "Magic Number" for a GZ archive is 1F 8B 08. The first article only mentions "look for a bunch of zeros and then 1F 8B." That never occurs in my dumped file, and the number 1F 8B occurs 65 times. However, "1F 8B 08" only occurs once in the entire file, indicating the spot where the header and kernel end and the ramdisk begins.
I deleted everything before 1F 8B 08 and saved the result as ramdisk.gz.
Then, I threw the resulting file onto one of my Linux boxes and used the following commands to extract:
Code:
mkdir ramdisk
cd ramdisk
gunzip < ../ramdisk.gz | cpio -i --make-directories
ls
(results of ls command here:)
data init.goldfish.rc lpm.rc ueventd.goldfish.rc
default.prop init.rc proc ueventd.rc
dev init.smdk4210.rc sbin ueventd.smdk4210.rc
fota.rc init.smdk4210.usb.rc sys vendor
init lib system
I did this stuff in a command terminal connected over Putty, and I got a ton of crazy output during extraction, mostly the line "cpio: Malformed number" over and over.
My next planned task is to take 3 boot.img dumps from my tablet and them compare MD5s on all 3 dumps, to ensure I got a "good" copy.
I imagine this is largely unnecessary, but I've learned from working on other embedded devices that you can't be too careful about raw reads / writes.
I'm pretty sure now that I have extracted the ramdisk I am OK. The factory firmware has zImage as a discrete file, so I'm pretty sure I can use either Android Kitchen or Kernel Kitchen to repack the stuff into a "normal" boot.img.
I'll post my results here, since there may be like one other person interested in doing ROMs for the T869
Just a little update, the md5sums on ALL of my various dumps matched.
By that I mean CWM's backup and all the various dumps I did via ADB (using the dd command) all match.
md5sum for this firmware's boot.img appears to be 1e4367954524901c7dfff14b02023163
Interesting and a great research!
I look forward to see more of your progressive work.
Sent from my Xperia Arc via Tapatalk 2
---------- Post added 11th October 2012 at 12:00 AM ---------- Previous post was 10th October 2012 at 11:39 PM ----------
DivinityCycle said:
As per http://www.garykessler.net/library/file_sigs.html, the "Magic Number" for a GZ archive is 1F 8B 08. The first article only mentions "look for a bunch of zeros and then 1F 8B." That never occurs in my dumped file, and the number 1F 8B occurs 65 times. However, "1F 8B 08" only occurs once in the entire file, indicating the spot where the header and kernel end and the ramdisk begins.
I deleted everything before 1F 8B 08 and saved the result as ramdisk.gz.
Then, I threw the resulting file onto one of my Linux boxes and used the following commands to extract:
Click to expand...
Click to collapse
According to RFC1952, the gzip header only contains two bytes (ID1, ID2), while the third byte (CM) normally seems to be set to 0x08 (deflate) - so you did the right thing to include the third byte.
http://tools.ietf.org/html/rfc1952
Sent from my Xperia Arc via Tapatalk 2
k02a said:
Interesting and a great research!
I look forward to see more of your progressive work.
Sent from my Xperia Arc via Tapatalk 2
Hell yeah, I'm surprised at how much I've achieved, since today has been pretty busy at work. I use Putty, WinSCP, and SplashTop to access my home machines from the office, and I've got an ADB command line connection to my tab on my workstation here, so I've been able to get a lot done.
My current task is reverse-engineering dsixda's scripts that do the task of taking apart the boot.img. I should have looked at them before, they're well-written and self-documented. It's looking like I'll have to figure out the weird offsets Samsung is using (already half done) and then I can tweak the scripts so they'll probably be able to unpack / repack the image.
If I'm building a stock ROM do the offsets and header have to all be the same on my modified boot.img? I would assume so, but I'm new to this
I only want to modify the ramdisk a bit, no kernel tweaks.
Click to expand...
Click to collapse
After much searching, it looks Samsung's boot.imgs sometimes simply have no header at all, so like the first chunk is the kernel, and the second is the ramdisk. I'm gonna test out unpacking ramdisk, making the changes I need, repacking it, and then combining the two chunks back together for flashing.
Will post results
DivinityCycle said:
After much searching, it looks Samsung's boot.imgs sometimes simply have no header at all, so like the first chunk is the kernel, and the second is the ramdisk. I'm gonna test out unpacking ramdisk, making the changes I need, repacking it, and then combining the two chunks back together for flashing.
Will post results
Click to expand...
Click to collapse
I took a new look at your boot.img today.
Besides the gzip header at address 0000:4634 (which you found), I also noticed that there are 256 (0x100) bytes at 007f:fc00.
Any clue about this?
DivinityCycle said:
I'm working on my first ROM that is based on the "stock" Samsung firmware. I am used to messing around with AOSP and CM ROMs where there's a nice flashable ZIP with a boot.img in it. Working from the "stock" Samsung image has been less clean.
My device is a Samsung SGH-T869 (the T-Mobile version of the Galaxy Tab 7.0 Plus).
I began with the file T869TMBLG7_T869UVLG7_T869UVLG7_HOME.tar.md5, which is the newest firmware available for this device.
I am able to extract the image using 7-zip, which gives me the error "There is no correct record at the end of archive", but otherwise appears to extract perfectly.
Extracted files include:
-boot.bin
-cache.img
-factoryfs.img
-hidden.img
-modem.bin
-param.lfs
-recovery.img
-Sbl.bin
-zImage
These files are enough to give Android Kitchen something to start with, but AK is complaining about the lack of a boot.img, plus I want to do some ramdisk tweaking. I have been researching this for hours, and I get the impression that what I need is in there, just in a proprietary format. I have installed KernelKitchen, which I guess I can use to build boot.img from zImage and a ramdisk, I'm just not sure where to go from here.
I also tried dumping ADB (dd if=/dev/block/mmcblk0pX of=/sdcard/boot.img, tried all partitions one by one).
I also looked at a backup made via CWM 6 of the 'stock' untouched ROM running on my tab. My backup contains:
-boot.img
-cache.ext4.dup
-data.ext4.dup
-nandroid.md5
-recovery.img
-system.ext4.dup
So far, no success. The various imgs I have pulled are all treated as invalid by Android Kitchen and also split_bootimg.pl by William Enck. When running that nice Perl script I get the error "Android Magic not found".
My general first goal is a cleaned up stock ROM which has been deodexed, zipaligned, with insecure boot enabled, and of course, root.I would like to also do a sweet custom boot image and boot animation, but I believe its best to start with a solid foundation before jumping into the other stuff. Any suggestions, XDA gang? Somewhere in that mix did I get the actual boot.img but Samsung uses a weird header? Or something else?
Click to expand...
Click to collapse
Feel free to use my updater-script in the scorched kernel thread. The updater works for ics boot images. just remove the parts about copying lib files and setting permissions ... and remove the lib files from the zip. they are specific to the kernel. a stock kernel will break if those lib files are copied to /system/lib/modules.
Oh, and you can get the boot image easily in CWM by doing a backup of the stock rom and grabbing it from the clockworkmod folder on the sdcard.
merwin said:
Feel free to use my updater-script in the scorched kernel thread. The updater works for ics boot images. just remove the parts about copying lib files and setting permissions ... and remove the lib files from the zip. they are specific to the kernel. a stock kernel will break if those lib files are copied to /system/lib/modules.
Oh, and you can get the boot image easily in CWM by doing a backup of the stock rom and grabbing it from the clockworkmod folder on the sdcard.
Click to expand...
Click to collapse
As posted earlier in this thread, I pulled a boot.img from a CWM backup, but that was back before I knew how to do anything useful with it yet.
The md5sum of the CWM-generated backup boot.img matches the dumps I did over ADB using the dd command, so they're different ways to get the same end result. I have a pretty good understanding of the syntax used in the CWM flashable ZIPs. My rough plan was to first build a "restore to stock boot.img" flashable zip (so I can fix it if I make my tab unbootable ), then experiment with building my own boot.img and flashing it using the same methods. The only thing that'll be different about the "flash modded boot.img" and "flash stock boot.img" is the actual boot.img file included in the zip. Didn't get a chance to do it while off work last night, but should be able to knock it out today.
k02a said:
I took a new look at your boot.img today.
Besides the gzip header at address 0000:4634 (which you found), I also noticed that there are 256 (0x100) bytes at 007f:fc00.
Any clue about this?
Click to expand...
Click to collapse
Your guess is probably better than mine, honestly. I would think that second address is actually within the 'ramdisk' part of things, so that seems pretty odd. I'm a relative noob when it comes to hex stuff, as that's a couple levels down from where I usually operate with computers
If I unpack, modify, and repack the ramdisk, any suggestions on the 'best' way to reattach the header/kernel to it?
k02a said:
I took a new look at your boot.img today.
Besides the gzip header at address 0000:4634 (which you found), I also noticed that there are 256 (0x100) bytes at 007f:fc00.
Any clue about this?
Click to expand...
Click to collapse
Following up on this earlier point, it looks like there are a few more regions within the 8 MB file than I initially saw.
I use XVI32, so the addresses I found are formatting as such.
it seems like the following is the layout of the file contents:
Part 1 - $000000 to $004633 = 17.5 KB header?
Part 2 - $004634 to $4768A6 = 4.44 MB ramdisk (?)
Part 3 - $4768A7 to $7FFBFF = 3.53 MB of zero padding
Part 4 - $7FFC00 to $7FFCFF = 241 bytes footer
Part 5 - $7FFD00 to $7FFFFF = 768 bytes of zero padding
My initial attempt to unpack / repack the image of course made the device unbootable. My "restore" flashable zip worked as expected, so I'm now able to mess around with this stuff with relative ease.
I'm still getting a bunch of weird crap in my terminal when extracting the ramdisk. The command I am running is gunzip -c ../ramdisk.gz | cpio -i run within the directory where I want the files to extract. Both under Cygwin in Windows and under Ubuntu Server, I get tons of "cpio: Malformed number" followed by garbage. Under Ubuntu Server, despite this weird output, the files actually DO appear to extract and I get 1.65 MB of unpacked files, all in the expected format and directory structure.
Under Cygwin it didn't extract at all.
I'll continue to mess around but for your hacky fun, I have attached the parts all split up and then packed into a single ZIP.
Post if you have any ideas. I'm gonna try and repack the ramdisk and then re-assemble the whole thing. The repacked ramdisk will be smaller, but I'll just fill in the empty spot with zero padding so that the footer still ends up at the same address. We'll see if that works
Quite interesting result so far...
I wonder if there are some documentation on the data structure of the footer information floating around in public, and secondly if the offset is static.
Speaking of padding zeros. Maybe the number of trailing zeroes depends on the payload size and the page size (evenly divided by given page size), which is the case for e. g. boot.img?
Sent from my Xperia Arc via Tapatalk 2
k02a said:
Quite interesting result so far...
I wonder if there are some documentation on the data structure of the footer information floating around in public, and secondly if the offset is static.
Speaking of padding zeros. Maybe the number of trailing zeroes depends on the payload size and the page size (evenly divided by given page size), which is the case for e. g. boot.img?
Sent from my Xperia Arc via Tapatalk 2
Click to expand...
Click to collapse
It will take some experimentation to see how picky the boot loader is. I have been sidetracked today by actual work (imagine that!) and also I have been working on exhaustively cataloging and documenting the contents of the stock ROM, particularly /system/app. Cutting the Samsung bloat has been challenging only in that there's so much stuff to remove
I just had a brainstorm: I'm going to examine the boot.img from the CM9 and CM10 ROMs for the T869. After all, both of them are accepted by the bootloader, so those two and the "stock" boot.img must share some common properties, which one would think would be the "key" stuff to make the boot.img work.
The boot.imgs from CM9 and CM10 both lack any useful "handles" to try and understand their contents.
I'm uncertain how else to proceed.
I have tried creating a modified ramdisk archive, then padding out the rest of the space with zeros so that the various pieces of boot.img fall at the same location, but no success.
I'm beginning to think everything about the Samsung boot.img is weird. I was able to locate the boot logo, but its located in the ramdisk at /sbin/fota.png.
I've been knocking away on this for like a week now, and I'm beginning to think maybe it ain't worth it. All this so I can get insecure boot and maybe a modified boot image? Freakin Samsung

[Tutorial] Changing the XOOM Splash Screen

Being new to XDA, I originally posted this information in the General Discussion forum under Changing the XOOM Splash Screen". Having had time to dig around more and read, I think this information is better suited here in the "Chef" area.
I have searched the web and many forums regarding this issue and found many many discussions on how to use utilities to do this and that to the Motorola XOOM Splash Screen. Most of which involved cropping the image to 256x320. This seemed a bit odd on 2 levels. First, no one ever seems to what to explain the process or the whys and wherefores, and second with a 1280x800 screen, having such a small splash screen just seemed odd.
So starting with the utility in :
http://forum.xda-developers.com/showthread.php?t=1410040
and found I was randomly able to change my splash screen. I say randomly as it did not always seem to succeed, even though it appeared it had. As there was no feed back to indicate success or failure, one must presume it worked. So I did a bit of digging on how it worked and found that the image is an RGBA image with a depth of 8 for the XOOM. Additionally the image is simple stored on the partition pointed to by :
/dev/block/platform/sdhci-tegra.3/by-name/logo
This is simply a link to /dev/block/mmcblkXp4 (where the 'X' is 0 or 1 depending on if and when the external SD card was mounted). I therefore INSIST that the long path to the logo name be used to reference this partition as it will always point to the proper partition as mounted.
Another note -- sdhci-tegra.3 is the internal SD card while sdhci-tegra.2 is the external SD card.
Also, I found that the link above and the utility are only partly accurate. The utility requires you to crop an image to 256x320 before applying it the splash. This is actually not accurate. You can use an image up to 1280x800. The full size of the XOOM sxcreen. As long as you know the secret, and the BIN file isn't over 4M (4,194,304 bytes), which I am going to show you. For some reason I can find a lot of information on special tools to do this, but no one seems to want to just give away the format details. If you're like me, tools are nice, but you like to know what they are doing.
The best tool I found for converting an image to the RGBA format needed is ImageMagicK. If you used the utility I mentioned before, then you already have it installed. I think it's best because of the many features and simplicity. Plus the price is right. To modify the splash as I describe or use the tools I have attached below, you need to have ImageMagicK installed. With it you can do a convert of any image to the proper RGBA format by using the following command:
convert -size <W>x<H> -depth 8 <FILE> <RGBA>
Where <W> is the width of the image. Up to 1280.
<H> is the image height. Up to 800.
<FILE> is the image file (jpg, png, tiff, etc)
<RGBA> the name of the output rgba file, MUST have rgba as the file extension
This will create the RGBA file of the image needed to create the BIN file. This is where the utility in the other post fails out. The RGBA file must be converted to a "BIN" file. Which is basically nothing but the RGBA file with 20 extra bytes at the front. These bytes are:
ID - "SOL:"
xOffset - Offset from the left side of the screen (Being in landscape mode), up to 1280
yOffset - Offset from the top of the screen, up to 800
Width - Image width
Height - Image height
All values are in big endian format. Meaning that the value for 256 would be x'00000100' as opposed to the PC storage mode of little endian which would produce x'00010000'. I am including a windows program as an attachment that will make the BIN file. It is a command line program, and if you run it with no options, you get :
USAGE: MakeBIN.exe <input> <output> <width> <height>
Where -- <input> is the rgba file to be converted to bin
<output> is the name of the bin file to create
Note that for flashing to XOOM logo, the output BIN file
cannot be more than 4 meg in size.
If the width and height of the image are not specified to the MakeBIN utility, it defaults to 256x320. Additionally, the offsets are dynamically calculated to center image on the XOOM.
With this header in the front of the image, you are ready to "flash" the new splash screen. All you have to do for this is use ADB. First push the new file over to the XOOM using something like:
adb push mysplash.bin /data/local/.tmp
Once the file is there, you flash it. Again turning to ADB:
adb shell
This will put you at the command line on the XOOM. From there perform the following:
cd /data/local/tmp
dd if=mysplash.bin of=/dev/block/platform/sdhci-tegra.3/by-name/logo
exit
When you return to the command line, you are ready to go. Just reboot the XOOM your preferred way and enjoy your new splash screen. I like to do :
adb reboot
I hope this information has been helpful to others looking to make a bigger splash with the XOOM.
Oh. Two other things to keep in mind. The default background is black. So unless you're going full screen, you want to be sure you're using a black background. Or the second thing comes in handy - Transparency works. As the image is an RGBA format image, the attribute information for the pixel is supplied allowing transparency.
Now. I usually like to back up things before I do changes like this. If you do as well, simply perform the following prior to writing the above image out. This will create a 4M copy of the splash partition. Not all of the partition contains the existing image, but it doesn't hurt to have it all.
adb shell
cd /data/local/tmp
dd if=/dev/block/platform/sdhci-tegra.3/by-name/logo of=backup_splash.bin
exit
adb pull /data/local/tmp/backup_splash.bin
You can always reimage it to the partition by following the steps above.
I have attached a Apple image I used as a test. As it is 1280x800, the full screen was presented with my image. It's really an awesome site to see your full screen splash for the first time.
Further, I decided to make things easy. I developed a simple batch script for the Windows command like that will perform all the steps addressed above. It first verifies that the tools it needs are available, the creates the image and will flash it. Each sequence of steps it reported to the command window and you are prompted to perform each block. A "N" or empty response to the continuation questions causes the script to exit. So you could generate the BIN file without flashing it.
This is a very basic script. I could have developed a Windows application, and hidden all these steps so only I knew how to do it. Or even developed a XOOM app that would do it so you'd never know what I was doing. But I think the best way for others to learn about their systems is to know where things are and how they are used.
With that in mind, I have included the batch file in the zip.
Lastly, some information about partition sizes. I mentioned above that the partition size for the XOOM logo partition is 4M. That is to say it is 4,194,304 bytes in length. Why is this important? Because it will hold a full size 1280x800 image. When converted, a 1280x800 image using a depth of 8-bits is calculated as follows:
Size = Width x Height x 4
Why '4'? Because this is an RGBA file. The type says it all. As there is a depth of 8 bits, each color representation is 1 byte in length. 1 for Red, 1 for Green, 1 for Blue, and 1 for the attribute. That makes 4 bytes per pixel on the screen.
We then have to add the 20 byte header that tells the loader where to place the image and how big it is.
In total, the most a full screen splash will EVER be is : 4,096,020 bytes
This leaves 98,284 bytes as a buffer in case someone makes a boo boo.
Following the steps and using the tools I have documented in this thread, you will never make a boo boo and you will have lots of fun putting any image you like as your splash screen. (I'm using a photo of my family).
Thanks for taking the time to read my ramblings.
Thanks for the info! Nice work my friend.

[TOOL] Fix TWRP Backup Dates / Find Your Phone's Birthday

Well, a week into my Nexus 5 and the dates on backups got to me. "Was that the one before or after I pooched my phone?"
I was doing rough conversions at first, then convinced myself that there was a reasonably fixed offset between "real time" and what TWRP was labeling things. @helicopter88 let me know that there was a missing ability in the chip, so I looked for a run-time solution. Unfortunately, adjtimex wouldn't take a large enough offset.
Since the reasonably useless date stamps on backups were, well, reasonably useless, I did write a little script that converted the dates on the backups to something that matched my local time, given the offset.
Looks like @Dees_Troy has saved me a bunch of coding inside TWRP as there is a going-forward fix in the TWRP sources now. Since he found the magic file where the offset is stored, you don't have to try to "guess" it from looking at your clock and your phone's (though $ date && adb shell date will get you the information you need).
For those backups you already have, here's how you can get the dates and times fixed up on them.
Edit -- Shell scripts made up for on-phone use:
sh birthday.sh while on the phone will give you offset and your phone's birthday (Yes, Korean time, of course!)
Code:
[email protected]:/ # sh /data/media/0/twrp-dates-tool/birthday.sh <
1386550085
Mon Dec 9 09:48:05 KST 2013
sh spew-twrp-rename.sh /path/to/TWRP/BACKUPS will write the commands to move the directories to the terminal (stdout)
The "spew" script finds the offset itself.
It will rewrite both old (20th century) dates and current ones, but only time-shift the older ones.
It will also convert spaces in the file names to underscore characters.
See attached files (.txt added to allow upload)
No, there isn't a "zip" for this -- checking that the right things are being done with your backups before they can't be undone is important
Read on only if you want to do this using perl.
Now, you can adb pull /data/system/time/ to get two files, ats_1 and ats_2 that have the offset in milliseconds as a 64-bit unsigned integer. Pick one or the other, get the human-readable output trim off the last three digits, and there is your offset (within a second). Mine drifts a second each week or so, but hey, this is a lot closer than 1970 something!
Once you have the offset, this script will take a list of files and spit out the commands to rename them, if they match a TWRP-format date in the 1970s. (Edit $offset to match yours.)
Code:
#!/usr/bin/perl
use strict;
use Date::Parse;
use Date::Format;
my $offset = 1386550084; # Edit this to match your offset
my $line;
my ($year,$mo,$day,$h,$m,$s);
my $twrp_time;
my $new_time_string;
my $before;
my $after;
LINE:
while ( defined ( $line = <> ) ) {
chomp $line; chomp $line;
next LINE unless $line =~ m/((197\d)-(\d\d)-(\d\d)--(\d\d)-(\d\d)-(\d\d))/;
$before = $`; $after = $';
$twrp_time = str2time("$2/$3/$4 $5:$6:$7 GMT");
$new_time_string = time2str("%Y-%m-%d_%H%M%S%z", $twrp_time + $offset);
$before =~ s/ /_/g;
$after =~ s/ /_/g;
print "mv '$line' ${before}${new_time_string}${after}\n";
}
Output looks like
Code:
mv '1970-02-22--23-02-13 omni_hammerhead-userdebug 4.4.2 KOT49H 128' 2014-01-30_155017-0800_omni_hammerhead-userdebug_4.4.2_KOT49H_128
mv '1970-02-23--13-50-29 omni_hammerhead-userdebug 4.4.2 KOT49H 128' 2014-01-31_063833-0800_omni_hammerhead-userdebug_4.4.2_KOT49H_128
mv '1970-02-23--15-22-06 omni_hammerhead-userdebug 4.4.2 KOT49H 126' 2014-01-31_081010-0800_omni_hammerhead-userdebug_4.4.2_KOT49H_126
mv '1970-02-23--16-10-01 omni_hammerhead-userdebug 4.4.2 KOT49H 126' 2014-01-31_085805-0800_omni_hammerhead-userdebug_4.4.2_KOT49H_126
mv '1970-02-25--17-11-08 omni_hammerhead-userdebug 4.4.2 KOT49H 127' 2014-02-02_095912-0800_omni_hammerhead-userdebug_4.4.2_KOT49H_127
which you can copy and paste into a shell on your device, or other places you have your TWRP backups backed up.
.
Whoa! Nice one man! A bit of extra work is just fine rather than renaming each of the backups! Thanks a bunch
Sent from my Nexus 5 using Tapatalk
good work bro.
Possible a zip file to flash for this ?
tks
jonata said:
Possible a zip file to flash for this ?
Click to expand...
Click to collapse
Let me look into what options there are in toolbox/busybox for the date parsing. As this was a quick-and-dirty solution, I didn't dive into trying to get it to run on the device.
Umm,, huh?
NEXUS 5
dave2metz said:
Umm,, huh?
Click to expand...
Click to collapse
To be clear, the perl scripts run on something that has perl installed, like your laptop or desktop. The output runs just fine over adb shell to rename files on your phone. It also works just fine to rename the backup copies that you are keeping on your Mac, Linux, FreeBSD box. For Windows without Cygwin or similar, you'd want to change "mv" to "move"
Edit -- shell scripts for on-phone use added to lead post
So open in terminal on phone and run ?
sent from my hammerhead
Yes, or over "adb shell" which makes cut-and-paste a lot easier.
Posted from whatever phone booted today.
Mine has it on the box!
Sent by mobile telephone.

How To Change The Splash Screen or Boot Logo In Huawei Honor 7?

Hello Everyone!
After i managed to change the boot animation, i started researching some ways to change the boot logo or the splash screen that appears before the boot animation.
Boot animations and splash screens are two different things. The splash screen is the first static frame that you see the moment you turn on your phone. It is displayed before boot animation and it is usually much harder to change.
To change your boot animation, view my post at: http://forum.xda-developers.com/honor-7/help/how-to-change-boot-animation-huawei-t3247851
Back to the splash screen, so far I know the following:
1. The image file must be stored in RGB565 format. Photoshop and Paint.Net (with a plugin) are capable of saving in this format. In Photoshop, you can find it from the advanced options of .bmp.
2. There is a file called "oemlogo.mbn" which i think is responsive for the boot logo. After changing it though, it did not have any affect on the boot logo or splash screen.
If someone knows which file is responsive for the splash screen or he/she can point out a way to change that, it would be greatly appreciated.
Thanks in advance for your help!
Best Regards,
Ken
Here is the solution​
All the credits goes to Ziolek67 and Kostyan_nsk, I just made the zip to revert back to our stock logo, and made his guide compatible to our device. Thanks to @kenshiwara for helping me.
**TAKE NANDROID BACKUP VIA TWRP RECOVERY BEFORE DOING THIS**
1. Install adb and fastboot in your PC.
2. Dump your "oeminfo" partition by executing this command
Code:
adb shell su -c "dd if=/dev/block/platform/hi_mci.0/by-name/oeminfo of=/sdcard/oeminfo"
this will be saved in your internal storage as "oeminfo". Saving this to PC is recommended. To do that execute this command
Code:
adb pull /sdcard/oeminfo oeminfo
3. Now, Ziolek67 mentioned to edit the pulled "oeminfo" but in our case I tried and got error "resolution mismatch", so I pulled out his provided stock "oeminfo" of Huawei Ascend P7, which works fine, the sizes are also same of both the "oeminfo". Download this tool, extract and save it to the folder having adb and fastboot.
4. Make your own image with extension *.bmp. The resolution of the image should match your device resolution (1080x1920 pixels). Put it to adb folder.
5. Download OEMinfo.zip extract it and put "oeminfo" in adb folder.
6. Put your *.bmp image in "oeminfo" by executing this command.
Code:
OEM_logo.exe oeminfo *your_logo.bmp*
7. Push new "oeminfo" to your internal storage by executing this command
Code:
adb push oeminfo /sdcard/oeminfo
8. Put new "oeminfo" with new logo in your device by executing this command
Code:
adb shell su -c "dd bs=32768 if=/sdcard/oeminfo of=/dev/block/platform/hi_mci.0/by-name/oeminfo"
**UPDATED THE ABOVE COMMAND, THANKS TO @sminki
9. Now reboot your device to see your changed logo.
10. To revert back to stock Honor logo simply flash this file using TWRP recovery.
You can get more info here thanks to Kostyan_nsk.
How to make a compatible *.bmp image​
Create a new file in Adobe Photoshop with these parameters:
Width: 1080 pixels
Height: 1920 pixels
Resolution: 72 pixels/inch
Color Mode: RGB Color, 8-bit
Click to expand...
Click to collapse
After making your image save it with these parameters:
Extension: *.bmp
File Format: Windows
In "Advanced Options"
Select R5 G6 B5 from 16-bit depth options.
Click to expand...
Click to collapse
The Android Hero Of Today! ~ Amazing guide. Thank you very much!
Thank you @kenshiwara
it should be noted that in the wrong hands dd can brick your device, you are writing directly to the block device and dd does not care what you are doing.. especially if you do not add bs and/or count
I don't think adding bs would do any good, as dd automatically stops when the input of blocks runs out, in our case that is 32768, it can't go forever . Hope this was what you were pointing out, if no then please explain, I don't know much about other attribs and if the commands need any improvements then please suggest it so that I can add it.
Thank you
no it's fine, just giving general advice
when i said "you" i didn't mean you
you never know who is reading these things and what they might do, dd can be very dangerous, as you (DigiGoon) know... Man that was confusing
Oh, Okay
I have just written a clearer version of your solution, at my post here:
http://forum.xda-developers.com/honor-7/general/guide-beginners-how-to-root-update-fix-t3255452
Everything is the same, i just made it bit more organized for the absolute beginners to understand.
Thank you @DigiGoon and @sminki for writing and updating this guide.
Anytime buddy @kenshiwara

Categories

Resources