Since our the G Watch uses the SquashFS for it's system image, I thought it would be helpful to know, how to modify it (Tested on Ubuntu 16.04).
Download and build googles squashfs tools:
Important: Yes, squashfs-tools/squashfs-tools is correct.
Code:
git clone https://android.googlesource.com/platform/external/squashfs-tools/
cd squashfs-tools/squashfs-tools/
make
Unsquash the image
Important: Use 'sudo' to preserve ownership of files
Code:
sudo unsquashfs -d path/to/unpacked/dir path/to/image
Modify the contents
Resquash
Code:
mksquashfs path/to/unpacked/dir path/to/final/image.img -comp gzip -b 131072 -no-exports
Final things:
There is a difference in blocks if you only unsquash and resquash the image (2869 for the original to 2873 for the resquashed one).
The links are not perfectly recreated, some permissions are lost, and times are modified.
The options for resquasing (-comp gzip -b 131072 -no-exports) are from the output of
Code:
unsquashfs -s path/to/image
You can preview the image and the permissions with
Code:
unsquashfs -ll path/to/image
Here's a guide + script for installing SuperSU root on the Mi 5c.
I haven't yet managed to build a TWRP recovery image for it (I haven't really tried) - so this can be used to get root in the mean-time. (I also saw a Chinese TWRP ROM on the MIUI forums, but I haven't tried it myself)
Obviously modifying the phone system is risky, you may void the warranty, break it etc. I take no responsibility for that, and you use the instructions below at your own risk.
The script, and a few other tools I'm using for the Mi 5c can be found in my git repo: github.com/usedbytes/meri_tools
To use the script, you'll need a linux (or Mac, probably) computer with gcc and git installed, as well as a new-ish version of adb and fastboot. I'm running it on Arch Linux fine.
First get the phone into developer mode (tap on the MIUI version in About Phone 7 times), and enable adb debugging, and approve your computer to access debugging.
Then you need to download and extract the SuperSU "Installable Recovery" zip, and the Xiaomi stock ROM, which we will use for the install files.
Then, run the script below (meri_root.sh in the git repo).
The script installs all the bits needed, then reboots the phone with a rooted boot image. To make the root persistent, you need to flash the boot.supersu.img to the boot partition with fastboot (it just boots it by default).
Code:
#!/bin/bash
#
# Script to root the Xiaomi Mi 5c, by manually installing SuperSU
#
# Copyright 2017 Brian Starkey
#
# Permission is hereby granted, free of charge, to any person obtaining a
# copy of this software and associated documentation files (the "Software"),
# to deal in the Software without restriction, including without limitation
# the rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Software, and to permit persons to whom the
# Software is furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
# DEALINGS IN THE SOFTWARE.
#
# -- Disclaimer
#
# Obviously modifying your phone can be dangerous, void the warranty etc. etc.
# Use this script and the instructions within it at your own risk.
#
# -- Description
#
# The SuperSU installer seems to assume you already have root, and is intended
# to be run from a custom recovery (like TWRP). We don't have that, so we'll do
# some funny dances to do a systemless root without having root to begin with.
#
# The crux of the matter is using SuperSU's tools to patch the ramdisk and
# sepolciy (in /data/local/tmp, without root), then building a ramdisk with
# those components
#
# -- Usage
#
# Plug in the phone, make sure you have (persistent) adb debugging permissions
# and run this script like so:
# meri_root.sh SUPERSU_DIR ROM_DIR
# Where SUPERSU_DIR is a directory where you have downloaded and extracted the
# SuperSU "Recovery Flashable" zip file: http://www.supersu.com/download
# and ROM_DIR is a directory where you have downloaded and extracted the ROM
# from Xiaomi's download page: http://en.miui.com/download-322.html
#
# The script will make and boot a boot.img which enacts a systemless root.
# To make it persisent, you must flash it instead:
# fastboot flash boot.supersu.img
#
# By default, SuperSU removes dm-verity from /system and encryption from /data
# To prevent this, set PRESERVE_VERITY=1 before running the script:
# PRESERVE_VERITY=1 ./meri_root.sh ...
if [ $# -ne 2 ];
then
cat >&2 <<EOM
Usage: $(basename $0) SUPERSU_DIR ROM_DIR
Extract SuperSU zip file into SUPERSU_DIR, and the Xiaomi ROM into ROM_DIR,
then run this script.
EOM
exit 1
fi
SUPERSU_DIR=$1
echo ${SUPERSU_DIR}/arm64/su
if [ ! -f ${SUPERSU_DIR}/arm64/su ]
then
echo "Invalid SUPERSU_DIR" >&2
exit 1
fi
ROM_DIR=$2
if [ ! -f ${ROM_DIR}/boot.img ]
then
echo "Invalid ROM_DIR" >&2
exit 1
fi
# 1. Get mkbootimg and build it
git clone --depth 1 https://github.com/osm0sis/mkbootimg.git || exit 1
cd mkbootimg
make || ( cd .. && exit 1 )
cd ..
# 2. Copy the SuperSU binaries to the device
echo "Waiting for device..."
adb wait-for-usb-device
adb push ${SUPERSU_DIR}/arm64/*su* /data/local/tmp/ || exit 1
adb shell chmod +x /data/local/tmp/su*
# 3. Create the SuperSU systemless root image
# Ideally we'd set up security contexts too, but then you need to be running
# on an SELinux-enabled kernel in permissive mode.
# Instead, we will fix it on first boot.
dd if=/dev/zero bs=1M count=96 of=su.img
mkfs.ext4 su.img
mkdir mnt
sudo mount su.img mnt
sudo mkdir mnt/{bin,xbin,lib,etc,su.d}
sudo chmod 0751 mnt/bin
sudo chmod 0755 mnt/{xbin,lib,etc}
sudo chmod 0700 mnt/su.d
sudo cp ${SUPERSU_DIR}/arm64/{su,sukernel} mnt/bin/
sudo cp ${SUPERSU_DIR}/arm64/su mnt/bin/daemonsu
sudo cp ${SUPERSU_DIR}/arm64/supolicy mnt/bin/supolicy_wrapped
sudo ln -s /su/bin/su mnt/bin/supolicy
sudo chown root:root mnt/bin/{su,daemonsu,sukernel,supolicy_wrapped}
sudo chmod 0755 mnt/bin/{su,daemonsu,sukernel,supolicy_wrapped}
sudo cp ${SUPERSU_DIR}/arm64/libsupol.so mnt/lib/libsupol.so
sudo chown root:root mnt/lib/libsupol.so
sudo chmod 0644 mnt/lib/libsupol.so
# Run a script at first-boot to fix up the SELinux contexts on the image
# It will remove itself after running
sudo bash -c "cat > mnt/su.d/firstboot.rc" <<EOF
#/system/bin/sh
chcon -hR u:object_r:system_data_file:s0 /su /data/local/tmp/su.img
rm /su/su.d/firstboot.rc
sync
EOF
sudo chmod 0750 mnt/su.d/firstboot.rc
sync
sudo umount mnt
# 4. Copy the systemless root image to the device
adb push su.img /data/local/tmp/su.img
# 5. Extract boot.img
mkdir bootimg
mkbootimg/unpackbootimg -o bootimg -i ${ROM_DIR}/boot.img
# 6. Unzip the ramdisk
cat bootimg/boot.img-ramdisk.gz | gunzip > ramdisk
# 7. Copy the ramdisk to the device, for patching
adb push ramdisk /data/local/tmp
# 8. Patch sepolicy and the ramdisk, using the SuperSU tools we copied over
# earlier
adb shell "
cd /data/local/tmp
LD_LIBRARY_PATH=. ./supolicy --file /sepolicy ./sepolicy.patched
LD_LIBRARY_PATH=. ./sukernel --patch ./ramdisk ramdisk.patched
"
# 9. Pull back the patched files
adb pull /data/local/tmp/sepolicy.patched /data/local/tmp/ramdisk.patched .
# 10. Extract the patched ramdisk, and install the patched sepolicy into it
mkdir ramdir
cat ramdisk.patched | sudo cpio --no-absolute-filenames -D ramdir -i
sudo cp sepolicy.patched ramdir/sepolicy
sudo chown root:root ramdir/sepolicy
sudo chmod 0644 ramdir/sepolicy
# 11. Install the SuperSU init scripts
sudo mkdir ramdir/su
sudo chmod 755 ramdir/su
sudo cp ${SUPERSU_DIR}/common/launch_daemonsu.sh ramdir/sbin
sudo chmod 744 ramdir/sbin/launch_daemonsu.sh
sudo chown root:root ramdir/sbin/launch_daemonsu.sh
sudo cp ${SUPERSU_DIR}/common/init.supersu.rc ramdir
sudo chmod 750 ramdir/init.supersu.rc
sudo chown root:root ramdir/init.supersu.rc
# 12. Patch the initscript for our img location and set the su.img context
sudo sed -i 's;/data/su.img;/data/local/tmp/su.img;' ramdir/init.supersu.rc
sudo sed -i '\;on property:sukernel.mount=1;a\ \ \ \ restorecon /data/local/tmp/su.img' ramdir/init.supersu.rc
sudo bash -c "echo /data/local/tmp/su.img u:object_r:system_data_file:s0 >> ramdir/file_contexts"
# Optional: Preserve dm-verity on /system, encryption on /data
if [ ! -z "$PRESERVE_VERITY" ] && [ $PRESERVE_VERITY -ne 0 ]
then
echo "Preserving dm-verity"
mkdir ramdir-stock
cat ramdisk | sudo cpio --no-absolute-filenames -D ramdir-stock -i
sudo cp ramdir-stock/{fstab.song,verity_key} ramdir/
sudo rm -rf ramdir-stock
fi
# 13. Repack the ramdisk
cd ramdir
sudo find . ! -path . | sudo cpio -H newc -o | gzip > ../ramdisk.gz
cd ..
# 14. Repack the boot image
mkbootimg/mkbootimg \
--kernel bootimg/boot.img-zImage \
--ramdisk ramdisk.gz \
--cmdline "console=ttyS0,115200 earlyprintk=uart8250-32bit,0xF900B000 androidboot.hardware=song no_console_suspend debug user_debug=31 loglevel=8" \
--base 0x0 \
--pagesize 4096 \
--kernel_offset 0x0a080000 \
--ramdisk_offset 0x0c400000 \
--dt bootimg/boot.img-dtb \
--tags_offset 0xc200000 \
--os_version 0.0.0 \
--os_patch_level 0 \
--second_offset 0x00f00000 \
--hash sha256 \
--id \
-o boot.supersu.img
# 15. Boot it! (flash it if you want to make it persistent)
adb reboot-bootloader
fastboot boot boot.supersu.img
echo "Waiting for device..."
adb wait-for-usb-device
Hi ,
Can you give me some advice on how to run this on Windows? I can get a adb shell but thats as far as I can get. I don't know how I am supposed to run the script.
Thanks
Stewart
Hello,
I am trying to root my mi 5c with your script, but I can't find sepolicy file on my phone, so for example this line can't be executed:
Code:
LD_LIBRARY_PATH=. ./supolicy --file /sepolicy ./sepolicy.patched
Do you know where I could find this file? I am using xiaomi.eu_multi_MI5c_7.4.6_v8-7.1 rom.
Hello,
I've had exactly the same issue on a multirom and on xiaomi.eu_multi_MI5c_7.4.20(although i'm not sure if installed rom has something to do with it)
blagon said:
...I am trying to root my mi 5c with your script, but I can't find sepolicy file on my phone...
Click to expand...
Click to collapse
I recently got my hands on a WeTek Hub. All round quite a nice little box, but the default lowmemorykiller settings are a little annoying, and sometimes result in the boot failing because the kernel decided to kill one of the startup processes. I'm trying to modify the settings in the init.rc, but I'm having a spot of trouble with a boot loop after repacking the boot image.
I copied the image off the device by using dd to extract the partition to a file, and then used the built-in FTP server to copy it off the device, and extracted it using unmkbootimg. after unzipping, extracting, modifying, and re-packing, I used mkbootimg to recreate the image, and dd'd it back onto the box (commands below).
Code:
dd if=/dev/block/boot of=/sdcard/boot.img
Code:
./unmkbootimg boot.img
mv initrd.img{,.gz}
gunzip initrd.img.gz
mkdir initrd
cp initrd.img initrd
cd initrd
cpio -i < initrd.img
rm initrd.img
# change stuff here
find . | cpio -o -H newc > ../initrd.cpio
cd ..
gzip initrd.cpio
./mkbootimg --kernel kernel.gz --ramdisk initrd.img.gz -o new_boot.img
Code:
dd if=/sdcard/new_boot.img of=/dev/block/boot
Unfortunately, that left me with a flashing WeTek logo as the it continuously rebooted. examining the logs from u-boot didn't give anything useful, but luckily I was able to get it into recovery and flash Ricardo's Android TV ROM back on there. Unfortunately, I'm still stuck with the original boot failure issue. Any clues as to what I've missed?
I do so
Code:
cd boot
../mkboot boot.img unpaсk
cd unpack/ramdisk
find . | cpio -o -H newc | gzip > ../ramdisk.packed
[I][B]# (edit size ramdisk in /boot/unpack/img_info file)[/B][/I]
cd ../..
../mkboot unpack boot.img
all is working
Huami watches use a MIPS processor from Ingenic (M200S), which lacks support for MP4/x264 codecs (at least in the Android 5.1 builds), so it's not possible to record the screen directly to these formats and that's why some apps like Vysor do not work either. So you must record the video in RAW format and then convert the file to MP4 using ffmpeg or some other tool.
You need adb and ffmpeg binary in order to convert the video.
Code:
adb shell screenrecord --verbose --time-limit 30 --o raw-frames /sdcard/test.raw
adb pull /sdcard/test.raw
ffmpeg -f rawvideo -vcodec rawvideo -s 320x300 -pix_fmt rgb24 -r 10 -i test.raw -an -c:v libx264 -pix_fmt yuv420p test.mp4
For Verge probably you need to replace 320x300 with 360x360. ?
You can find more info about how to do this with Wear devices and other tools to convert the video here:
http://www.tinmith.net/wayne/blog/2014/08/android-wear-screenrecord.htm
The command line options for Linux/WSL/WSL2/Mac are a result of all the requests for a way to build img files outside of the kitchen. Now there is a way to do exactly this and more.
This post will be updated as features/commands are added or changed. The example commands below will work with the latest version of the kitchen.
If you have problems, make sure you are fully updated.
If something works in the kitchen but does not work in the CLI, please post about it in this thread.
If something does not work in the kitchen and does not work in the CLI, please post in the main kitchen thread.
Command Line Examples:
Unpack img file
Code:
$ /path/to/kitchen/superr -f unpack_img system.img -p superr_project-name
Pack img file
Code:
$ /path/to/kitchen/superr -f pack_img system.img raw -p superr_project-name
$ /path/to/kitchen/superr -f pack_img system.img sparse -p superr_project-name
$ /path/to/kitchen/superr -f pack_img system.img dat -p superr_project-name
$ /path/to/kitchen/superr -f pack_img system.img lz4 -p superr_project-name
Unpack super.img
Code:
$ /path/to/kitchen/superr -f unpack_super super.img -p superr_project-name
Pack super.img
Code:
$ /path/to/kitchen/superr -f pack_super system_new.img vendor_new.img product_new.img raw -p superr_project-name
$ /path/to/kitchen/superr -f pack_super system_new.img vendor_new.img product_new.img sparse -p superr_project-name
$ /path/to/kitchen/superr -f pack_super system_new.img vendor_new.img product_new.img dat -p superr_project-name
$ /path/to/kitchen/superr -f pack_super system_new.img vendor_new.img product_new.img lz4 -p superr_project-name
Deodex
Code:
$ /path/to/kitchen/superr -f deodex -p superr_project-name
Remove dm-verity
Code:
$ /path/to/kitchen/superr -f dmverity -p superr_project-name
Remove forceencrypt
Code:
$ /path/to/kitchen/superr -f forcee -p superr_project-name
Reserved
amazing, thank you!
Want to thank you for this. Awesome !!!
Thank you
PLZ HELP
I am trying to unpack stock rom for moto g play 2021 (C:\Users\Code3p0\Downloads\XT2093-3_GUAMNA_BOOST_11_RZA31.Q2-146-14-6_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip)
super.img_sparsechunk.0
cannot upload rom to Kitchen
cannot unpack due to errno 2 (file not found no such file system.img)
hi, good move.
adding plugins options via cli will be appeciated