[DEV] Kernel Injector - LG Optimus Black

I was teaching myself CM7 kernel build process yesterday (more here) and stumbled across AnyKernel. Big thanks to Koush! However whatever I tried I was not able to get rid of segmentation fault error in unpackbootimg. But I liked the AnyKernel idea so much that I cooked up my own version of it. Lets call it Kernel Injector. Whenever you want to deploy your kernel image you don't have to mess around with read-split-merge-write-boot-image procedure any more. This is all done by the update script now:
Code:
ui_print("");
ui_print("Kernel Injector by Aprold");
mount("ext4", "EMMC", "/dev/block/mmcblk0p8", "/system");
ui_print("Extracting files...");
package_extract_file("zImage", "/tmp/zImage");
package_extract_dir("modules", "/system/lib/modules");
package_extract_file("kinjector", "/tmp/kinjector");
set_perm(0, 0, 0777, "/tmp/kinjector");
ui_print("Injecting kernel...");
assert(run_program("/system/bin/dd", "if=/dev/block/mmcblk0p3", "of=/tmp/boot.img")=="0");
assert(run_program("/tmp/kinjector", "/tmp/boot.img", "/tmp/zImage", "/tmp/boot.new")=="0");
assert(run_program("/system/bin/dd", "if=/tmp/boot.new", "of=/dev/block/mmcblk0p3")=="0");
unmount("/system");
ui_print("Done!");
Boot image is read and written using system's own dd. Combining kernel image with existing ramdisk is the job for kinjector:
Code:
/* Kernel Injector by Aprold */
#include <stdio.h>
#include <stdlib.h>
#include <memory.h>
int main(int argc, char **argv) {
FILE *in, *out;
unsigned char *header_buf, *kernel_buf, *ramdisk_buf;
unsigned page_size, *kernel_size, kernel_buf_size, ramdisk_size, ramdisk_buf_size;
if (argc < 3) {
printf("Usage: %s <existing boot image> <new kernel image> [new boot image]\n", argv[0]);
return 1;
}
// open existing boot image for reading header and ramdisk from there
if (in = fopen(argv[1], "rb")) {
// get page size from input file
fseek(in, 36, SEEK_SET);
fread(&page_size, sizeof(page_size), 1, in);
fseek(in, 0, SEEK_SET);
// read header
header_buf = (unsigned char*)malloc(page_size);
fread(header_buf, page_size, 1, in);
// get kernel and ramdisk sizes from header
kernel_size = (unsigned*)header_buf + 2;
ramdisk_size = *((unsigned*)header_buf + 4);
// read ramdisk
ramdisk_buf_size = (ramdisk_size / page_size + 1) * page_size;
ramdisk_buf = (unsigned char*)malloc(ramdisk_buf_size);
fseek(in, (*kernel_size / page_size + 2) * page_size, SEEK_SET);
fread(ramdisk_buf, ramdisk_buf_size, 1, in);
fclose(in);
// open new kernel image
if (in = fopen(argv[2], "rb")) {
// get kernel size
fseek(in, 0, SEEK_END);
*kernel_size = ftell(in);
fseek(in, 0, SEEK_SET);
// read kernel
kernel_buf_size = (*kernel_size / page_size + 1) * page_size;
kernel_buf = (unsigned char*)malloc(kernel_buf_size);
fread(kernel_buf, *kernel_size, 1, in);
memset(kernel_buf + *kernel_size, 0, kernel_buf_size - *kernel_size);
// frite new boot image
out = fopen(argv[argc > 3 ? 3 : 1], "wb");
fwrite(header_buf, page_size, 1, out);
fwrite(kernel_buf, kernel_buf_size, 1, out);
fwrite(ramdisk_buf, ramdisk_buf_size, 1, out);
fclose(out);
free(kernel_buf);
}
else {
printf("Failed to open kernel image %s\n", argv[2]);
return 2;
}
free(header_buf);
free(ramdisk_buf);
}
else {
printf("Failed to open boot image %s\n", argv[1]);
return 1;
}
return 0;
}
Compile it like that:
Code:
/usr/bin/arm-linux-gnueabi-gcc -static -o kinjector kinjector.c
Included is an update.zip which you can use as a reference for your own script. Tested with my phone and I even managed to not brick it.
All comments and suggestions are most welcome!
- Aprold

Nice.
You succeeded where I have failed.
Here was the template I was trying to have working for eMMC devices:
http://dl.dropbox.com/u/13427114/AnyKernel-OB-test.7z

knzo said:
Here was the template I was trying to have working for eMMC devices
Click to expand...
Click to collapse
unpackbootimg from there works just fine. If I had found this working binary before I probably would not have written my own. Still, I'm happy that I did.

Good work dudes!
But the question is... if you want to do changes to ramdisk too? Would Anykernel method be able to get rid of it?
Regards.

Huexxx said:
Would Anykernel method be able to get rid of it?
Click to expand...
Click to collapse
Do you mean replacing kernel and/or ramdisk inside boot image? I must say, I don't know much about ramdisk yet, but it would be simple task to update kinjector to allow both parts replaced. However, then I must change the name of the tool to binjector

Hi,
the question is (I can try by myself, but I've no time ATM), apart from zImage, does the script extract the ramdisk into a folder?
If in the process the ramdisk is extracted, it's possible to make mods to the files with the updater-script.
Regards.

The purpose of AnyKernel (and this kernel injector) is to maximize compatibility by only flashing the zImage and keeping the ramdisk out of it. For this, during the flash process it will unpack boot.img into ramdisk + zImage and replace the latter. But of course, it's possible to change the script to also replace files in the ramdisk (such as init.rc) - at least in AnyKernel - but it somewhat defeats the whole purpose of it.

Huexxx said:
does the script extract the ramdisk into a folder?
Click to expand...
Click to collapse
Yes, unpackbootimg does. But inside extracted compressed ramdisk file there is a ramdisk image. I don't see how you can modify this with update-script.

Related

[HOWTO][LINUX] Compile 9.png and xml files on the command-line without Eclipse

Developed and tested on Linux. Its a shell script that requires the Android SDK to be installed with the tools directory in the PATH variable.
INTRO
Android Binary Resource Compiler (abrc). This is a command-line
script to compile resources such as NinePatch PNGs and layout XML
files to Android binary format. The compiled resources named in the
command are extracted and saved out into a separate location. This
script was developed as an alternative to using Eclipse and "unzip" to
compile and extract NinePatch PNGs during the creation of custom
Android UI themes.
USAGE
abrc usage
abrc help
abrc [options] compile <project dir> <output dir> <resource file1> <resource file2> ...
abrc [options] setup <project dir>
OPTIONS:
-v Enable verbose output
-o Overwrite files without prompting
Click to expand...
Click to collapse
COMPILE
The compile operation compiles the resources in the <project dir>
location. This can be any Android Eclipse project directory which
contains the resources you wish to compile and extract. You can also
use this script's "setup" syntax to create a minimal project without
using Eclipse. See the SETUP section below for more information.
The named resource files <resource file1> <resource file2>, etc., are
then extracted into the <output directory>. Parent path components in
the resource file names are preserved and also determine the extracted
location within the output directory.
Example:
Consider the following path in "MyProject" which contains, among other
things, the statusbar_background.9.png file. This file is in the format
created by draw9patch program.
MyProject/res/drawable-mdpi/statusbar_background.9.png
The following command compiles the resources in MyProject and writes
the output to the MyTheme/framework-res directory using the leading
path components of the specified resource file(s). I.e., In this
example the resulting output file is
MyTheme/framework-res/res/drawable-mdpi/statusbar_background.9.png
abrc compile MyProject MyTheme/framework-res res/drawable-mdpi/statusbar_background.9.png
Click to expand...
Click to collapse
SETUP
The setup operation is completely optional. It creates a minimal
project skeleton for compiling resources. Eclipse projects can also
be used in the compile step above.
abrc setup MyProject
Click to expand...
Click to collapse
The above command creates the following directory structure/files:
MyProject/res/drawable
MyProject/res/drawable-mdpi
MyProject/res/drawable-hdpi
MyProject/res/layout
MyProject/AndroidManifest.xml
Click to expand...
Click to collapse
Copy your resources into the appropriate location within the project
and then use the compile operation to compile and extract the binary
files.
How does it work? It calls aapt and then unzip compiled resources? It's too small to do this directly.
Yes, that's what it does. It's just a shell script so you can look at it and see. There are some comments in the script that explains things.
It relies on the Android SDK which is assumed to already be installed.
Sent from my FroyoEris using XDA App
Nice! Makes a lot of things easier.
how can we use this script with windows 7?
h_zee13 said:
how can we use this script with windows 7?
Click to expand...
Click to collapse
There's a chance it might work using Cygwin (www.cygwin.com). Be sure to include the zip compression utilities package when installing.
this is great! i hated having to fire up eclipse for this. thanks!
This is a great tool. It was a little confusing at first, I don't think I had my path set up correctly. I've found the easiest way to use this, for me anyway, was to use the setup command and make a new folder with it, I deleted the m and ldpi folders because i'm not using them, copied my .9s into the drawable-hdpi folder, and from inside the "project" directory ran,
abrc compile . done res/drawable-hdpi/*
This compiles all the images in there and places them in the done folder.
Hope i'm not stepping on any toes, just what I found to be the easiest after placing aapt in /usr/tools/ and android.jar in /usr/ as I was kinda confused when I first downloaded it.
abrc for cygwin
h_zee13 said:
how can we use this script with windows 7?
Click to expand...
Click to collapse
I've edited this script and it works on cygwin. go here and download it. -> https ://plus.google.com/118270346235276777406/posts/EJGWifY5kTh
so im trying to get this to work but no luck if someone could help me
first i set paths
Code:
export PATH=${PATH}:/home/suphi/Documents/android-sdk-linux/tools:/home/suphi/Documents/android-sdk-linux/platform-tools:/home/suphi/Documents/android-sdk-linux/apktool
then i run this code
Code:
abrc compile before after res/drawable-hdpi/*
then i get this error
Code:
Using aapt to compile resources to /tmp/resources-82KEfVduDK.zip
W/asset ( 4429): Asset path /home/suphi/Documents/android-sdk-linux/android.jar is neither a directory nor file (type=1).
ERROR: Asset package include '/home/suphi/Documents/android-sdk-linux/android.jar' not found.
i also put the aapt from platform-tools into tools folder as i was getting errors before saying aapt was missing from tools folder
Splder said:
so im trying to get this to work but no luck if someone could help me
<snip>
i also put the aapt from platform-tools into tools folder as i was getting errors before saying aapt was missing from tools folder
Click to expand...
Click to collapse
There are several 'tools' folders. It belongs in the platforms/android-N/tools folder where the 'N' in android-N is a number (API level). Making copies might also cause problems, so I would try and figure out why its missing from the tools directory in the first place.
Ken
no need to use abrc to prepare compiled 9patch pngs, just using aapt in android-sdk is ok, the command line is like this: aapt.exe c -v -S /path/to/project -C /path/to/destination
Hi @kellinwood and ALL
Had being advised by your awesome work by @Modding.MyMind here, I've came to ask for your orientation.
At the moment, AFAIK, we are uncapable to compile xml's without providing all the resources addressed by them.
My objective here is try to compile modded XMLs only. While trying to accomplish this task, I've got to the following Python script that will generate all the /res/values/*.xml's that addresses local resources.
Code:
import os
import shutil
input_folder = '/home/Kdio/apk/Phone'
output_folder = os.path.join(os.path.dirname(os.path.abspath(__file__)), "out")
if not os.path.isdir(output_folder):
os.mkdir(output_folder)
tokens = {}
xmlExist = {}
for root, dirs, files in os.walk(input_folder):
for f in files:
inputFile = os.path.join(root, f)
filename, ext = os.path.splitext(inputFile)
if (ext != '.xml'):
continue
xmlExist[os.path.basename(inputFile)] = 1
with open(inputFile, 'r') as f:
for line in f:
token = ''
read_token = False
for c in line:
if (c == '@'):
read_token = True
continue
if (read_token is True):
if (c == '"'):
read_token = False
tokens[token] = 1
token = ''
else:
token += c
f.close()
xmls = {}
for token in sorted(tokens):
if (token == 'null'):
continue
if (':' in token):
continue
#token = token.split(':')[-1]
head, tail = token.split('/')
if (head == 'anim'):
continue
if ((tail + '.xml') in xmlExist.keys()):
continue
if (not head in xmls.keys()):
xmls[head] = {}
xmls[head][tail] = 1
#for xml in xmls:
# for res in xmls[xml]:
# print(xml + ' -> ' + res)
for xml in xmls:
xmlText = '<?xml version="1.0" encoding="utf-8"?>\n<resources>\n'
for res in xmls[xml]:
if (xml == 'bool'):
xmlText += ' <bool name="' + res + '">false</bool>\n'
if ((xml == 'id') or (xml == 'drawable') or (xml == 'style') or (xml == 'layout')):
xmlText += ' <item type="' + xml + '" name="' + res + '">false</item>\n'
if (xml == 'array'):
xmlText += ' <string-array name="' + res + '">\n <item>array-dummy</item>\n </string-array>\n'
if (xml == 'attr'):
xmlText += ' <attr name="' + res + '" format="string" />\n'
if (xml == 'color'):
xmlText += ' <color name="'+ res + '">#00000000</color>\n'
if (xml == 'dimen'):
xmlText += ' <dimen name="' + res + '">1.0dip</dimen>\n'
if (xml == 'integer'):
xmlText += ' <integer name="' + res + '">1</integer>\n'
if (xml == 'plural'):
xmlText += ' <plurals name="' + res + '">\n <item quantity="other">a</item>\n <item quantity="one">b</item>\n </plurals>\n'
if (xml == 'string'):
xmlText += ' <string name="' + res + '">a</string>\n'
if (xml == 'fraction'):
xmlText += ' <fraction name="' + res + '">1%</fraction>\n'
xmlText += '</resources>\n'
f = open(os.path.join(output_folder, xml + 's.xml'), 'w')
f.write(xmlText)
f.close
Please edit 'input_folder' accordingly.
Then, issuing the below command:
Code:
aapt p -f -M onlyXMLs/AndroidManifest.xml -F onlyXMLs.zip -S onlyXMLs/res -I android.jar
What I get from it now are errors regarding external resources references not being found only.
This is exactly the point where my shallow knowledge ends ...
Could you (and all) someway point me the light (if there is any) how could we 'dummy' external resources as done with local ones?
Thank you all.
Nice regards.
.

[RECOVERY][v500] TWRP 2.8.6.0 - No loki needed

Team Win Recovery Project 2.x, or twrp2 for short, is a custom recovery built with ease of use and customization in mind. Its a fully touch driven user interface no more volume rocker or power buttons to mash. The GUI is also fully XML driven and completely theme-able. You can change just about every aspect of the look and feel.
TWRP 2.8.6.0 Changelog: http://teamw.in/site/update/2015/03/26/twrp-2.8.6.0-released.html
Why another thread of TWRP?
This build of TWRP doesn't need loki to bypass the bootloader, and it works with both 4.2 and 4.4 bootloaders. It also has the advantage that when you boot the device into recovery it doesn't show that nasty bootloader warning. The kernel in this build is based on cm-12.1 official, but it has the backlight adapted for 4.4 bootloader. You can also use it with a 4.2 bootloader, but you'll probably have brightness issues.
Image: https://www.androidfilehost.com/?fid=95916177934551824
Flashable zip: https://www.androidfilehost.com/?fid=95916177934551825
Install instructions: flash the zip from recovery or install the image using THIS APP (needs root).
XDA:DevDB Information
TWRP v500, Tool/Utility for the LG G Pad 8.3
Contributors
jsevi83
Source Code: https://github.com/awifi-dev/twrp_device_lge_v500
Version Information
Status: Stable
Created 2015-04-07
Last Updated 2015-04-30
Thanks! Working so far...
This is very cool. How does Bump work? Is Bump a utility, similar to loki?
Are you using Open Bump?
http://forum.xda-developers.com/lg-g2/orig-development/tool-bump-sign-boot-images-t2950595
Deltadroid said:
This is very cool. How does Bump work? Is Bump a utility, similar to loki?
Are you using Open Bump?
http://forum.xda-developers.com/lg-g2/orig-development/tool-bump-sign-boot-images-t2950595
Click to expand...
Click to collapse
Open Bump. It's just a python script. As you can see, it's very easy to implement, I think every custom rom/recovery should be using this.
This is how I added it to my recovery repo: https://github.com/awifi-dev/twrp_device_lge_v500/commit/090f1930fe5b0feaada35b6ba1abc5cbd05a8f72
This is how I added it to my cm repo: https://github.com/awifi-dev/androi...mmit/7a8418e656cbc0862a23e3a95ece02cd3c6c277d
That is awesome. I see that python script has some magic signing key from lg embedded in it. Does Open Bump require any modifications to work with our device images?
It would be super cool if there was c based version so that I could create a flashable script to remove loki from the boot image and sign with bump to remove that ugly boot loader error message on boot up.
Something I could flash after applying a nightly update. Just like the script I just made for setting the kernel into permissive mode.
I can't seem to flash roms with this.
E: Errror executing updater binary in zip xxxx
@jsevi83
Do you have more commits for v500 to change the cm kernel update system to remove the loki stuff? Great work!
---------- Post added at 12:25 PM ---------- Previous post was at 12:22 PM ----------
Everyone flashing this should realize that your aboot must still be loki exploitable because of the way cm installs it's kernel. I believe that the cm install script calls loki to install the boot.img.
So, this works on stock 20d version with root (Towelroot) and Flashify? I didn't get TWRP with the tons of the methods found here on xda, and also softbricked the tablet.
I will not try again unless this method really works!
Flashify will try to use loki. Don't use that. Use the command line with the dd command.
---------- Post added at 12:30 PM ---------- Previous post was at 12:27 PM ----------
Btw, stock 20d won't work on cm without an exploitable aboot.
ASW1 said:
E: Errror executing updater binary in zip
Click to expand...
Click to collapse
I keep getting this error no matter what ROM I try to flash.
I am basically stuck now with a tablet that will only boot into TWRP 2.8.6, I messed up the system so TWRP is all I have now.
Any suggestions about what to do?
Should I maybe use TWRP to flash CMW and try that instead?
edit: tried flashing CMW but it won't work; even then I get the same error message.
So all I have now is TWRP that fails to flash anything....
ASW1 said:
I keep getting this error no matter what ROM I try to flash.
I am basically stuck now with a tablet that will only boot into TWRP 2.8.6, I messed up the system so TWRP is all I have now.
Any suggestions about what to do?
Should I maybe use TWRP to flash CMW and try that instead?
edit: tried flashing CMW but it won't work; even then I get the same error message.
So all I have now is TWRP that fails to flash anything....
Click to expand...
Click to collapse
See this
http://forum.xda-developers.com/showthread.php?p=48942830
When I softbricked my tablet this solved my problem.
I can confirm that this method works beautifully. Many many thanks to the OP.
I just wanted to also confirm that the current state of the Open Bump project requires the following patch to work properly with v500 kernel parameters.
Code:
--- open_bump.py 2014-11-23 21:56:00.000000000 +0100
+++ open_bump.v500.py 2015-04-08 21:28:17.098864000 +0200
@@ -27,6 +27,10 @@
# Proof of Concept
POC = False
+if POC:
+ from Crypto.Cipher import AES
+ import hashlib
+
usage = """\
Usage: open_bump.py [-ha] "<image_file>" "<output_image>"
@@ -35,22 +39,29 @@
-a/--apend image_file - <required> if in append mode, the <image_file> is appended rather than <output_file> being generated\
"""
+lg_key = "b5e7fc2010c4a82d6d597ba040816da7832e0a5679c81475a0438447b711140f"
+lg_iv = "[email protected]|[email protected]"
lg_magic = "41a9e467744d1d1ba429f2ecea655279"
+lg_dec_magic = "696e6877612e77651000000047116667"
-def get_kernel_size(image_name):
- page_size = get_page_size(image_name)
- f_image = open(image_name, 'a+b')
- paged_kernel_size = get_size_from_kernel(f_image, page_size, 8)
- paged_ramdisk_size = get_size_from_kernel(f_image, page_size, 16)
- paged_second_size = get_size_from_kernel(f_image, page_size, 24)
- if paged_second_size <= 0:
- paged_second_size = 0
- paged_dt_size = get_size_from_kernel(f_image, page_size, 40)
- if paged_dt_size <= 0:
- paged_dt_size = 0
- f_image.close()
- return page_size + paged_kernel_size + paged_ramdisk_size + paged_second_size + paged_dt_size
+def generate_signature(image_hash):
+ # the iv and key were extracted from the lg g2 aboot.img. I can explain how to find it on request.
+ iv = lg_iv
+ key = binascii.unhexlify(lg_key)
+ # this "magic" number was found after decrypting the bumped images
+ # Without codefire, this would not have been possible as I can find no reference in
+ # the images of the g2 or the g3
+ magic = binascii.unhexlify(lg_magic)
+ image_hash = binascii.unhexlify(image_hash) # insert your hash here
+ # the structure of the signature in bump starts with a magic number, then seemingly random
+ # bytes. 2 zeros follow, then the hash of the image, then 6 zeros, then 512 bytes of random data again
+ data = magic + os.urandom(16) + '\x00'*2 + image_hash + '\x00'*6 + os.urandom(512)
+ # this is then padded to fill the needed 1024 bytes
+ padded_data = data + '\x00'*(1024-len(data))
+ # AES-256 is then used to encrypt the above data
+ cipher = AES.new(key, AES.MODE_CBC, iv)
+ return cipher.encrypt(padded_data)
def bumped(image_data):
@@ -80,10 +91,18 @@
image_size = os.path.getsize(image_name)
num_pages = image_size / page_size
- calculated_size = get_kernel_size(image_name)
-
f_image = open(image_name, 'a+b')
+ paged_kernel_size = get_size_from_kernel(f_image, page_size, 8)
+ paged_ramdisk_size = get_size_from_kernel(f_image, page_size, 16)
+ paged_second_size = get_size_from_kernel(f_image, page_size, 24)
+ if paged_second_size <= 0:
+ paged_second_size = 0
+ paged_dt_size = get_size_from_kernel(f_image, page_size, 40)
+ if paged_dt_size <= 0:
+ paged_dt_size = 0
+ calculated_size = page_size + paged_kernel_size + paged_ramdisk_size + paged_second_size + paged_dt_size
+
if calculated_size > image_size:
print("Invalid image: %s: calculated size greater than actual size" % image_name)
f_image.close()
@@ -91,8 +110,7 @@
if image_size > calculated_size:
difference = image_size - calculated_size
if difference not in [page_size, page_size*2]:
- if difference not in [1024, page_size + 1024, 2 * page_size + 1024,
- 16, page_size + 16, 2 * page_size + 16]:
+ if difference not in [1024, page_size + 1024, 2 * page_size + 1024]:
print("Image already padded. Attempting to remove padding...")
print("Beware: this may invalidate your image.")
i = num_pages - 1
@@ -128,7 +146,11 @@
print("Image already bumped")
finish(out_image)
pad_image(out_image)
- magic = binascii.unhexlify(lg_magic)
+ if POC:
+ sha1sum = get_sha1(out_image)
+ magic = generate_signature(sha1sum)
+ else:
+ magic = binascii.unhexlify(lg_magic)
with open(out_image, 'a+b') as f_out_image:
f_out_image.write(magic)
finish(out_image)
ASW1 said:
I keep getting this error no matter what ROM I try to flash.
I am basically stuck now with a tablet that will only boot into TWRP 2.8.6, I messed up the system so TWRP is all I have now.
Click to expand...
Click to collapse
Something else I noticed after a failed flash:
"assert failed: run_program("/tmp/loki/sh") == 0
(I did use flashify to install 2.8.6.0)
Fyi for those new to bump... (I have a g3, been with it from the beginning). Bump rom flashing requires the rom zip boot (kernel) to be bumped. All rom developers will need to adopt this if we are going to switch from loki to bump. All current lp builds for other lg devices do not have "bumpable" bootloaders due to bump being open sourced (cooperation with lg failed with its open release and they patched it), so once the lp updates become standard, the jb boots may cause problems for aosp while the kk one is working, so this will likely be the preferred method for us down the road, but all new roms will need to be updated accordingly. I can already see this is going to get messy for many that aren't up to speed, and some new guides will need to be made once we get the methods working.
annoyingduck said:
Fyi for those new to bump... (I have a g3, been with it from the beginning). Bump rom flashing requires the rom zip boot (kernel) to be bumped. All rom developers will need to adopt this if we are going to switch from loki to bump. All current lp builds for other lg devices do not have "bumpable" bootloaders due to bump being open sourced (cooperation with lg failed with its open release and they patched it), so once the lp updates become standard, the jb boots may cause problems for aosp while the kk one is working, so this will likely be the preferred method for us down the road, but all new roms will need to be updated accordingly. I can already see this is going to get messy for many that aren't up to speed, and some new guides will need to be made once we get the methods working.
Click to expand...
Click to collapse
Officially, cm will never adopt this method because of the keys that it contains. But, my goal is to make a flashable zip that will automatically convert a loki kernel to a bumped kernel.
We just need to convert this python script to a standalone c application so that I can package it.
---------- Post added at 10:45 AM ---------- Previous post was at 10:30 AM ----------
ASW1 said:
Something else I noticed after a failed flash:
"assert failed: run_program("/tmp/loki/sh") == 0
(I did use flashify to install 2.8.6.0)
Click to expand...
Click to collapse
You still need to have a loki exploitable aboot to install official CyanogenMod.
@Deltadroid: you told us to not use flashify to update twrp... so best method is flash twrp-(bump edition) inside twrp (loki edition)?
and then flash only bump compliant rom? (like euphoria-os, sure other dev will convert their rom to this new method, except CM official build as you mentioned earlier)
odjinan said:
@Deltadroid: you told us to not use flashify to update twrp... so best method is flash twrp-(bump edition) inside twrp (loki edition)?
and then flash only bump compliant rom? (like euphoria-os, sure other dev will convert their rom to this new method, except CM official build as you mentioned earlier)
Click to expand...
Click to collapse
If you already have a custom recovery installed, then the safest method is to use the flashable zip to install the bumped version of twrp. Just flash it in your recovery to install the new bumped recovery.
If you don't have a custom recovery installed yet, but you have root, then you can use the dd command to flash the boot image to your boot partition.
---------- Post added at 02:12 PM ---------- Previous post was at 01:21 PM ----------
The ROMs you flash don't need to be "bump compliant" if you have a loki exploitable aboot.
thank for the quick reply!
I flashed the zip version from OP and it working well. No more alert on boot screen~
annoyingduck said:
Fyi for those new to bump... (I have a g3, been with it from the beginning). Bump rom flashing requires the rom zip boot (kernel) to be bumped. All rom developers will need to adopt this if we are going to switch from loki to bump. All current lp builds for other lg devices do not have "bumpable" bootloaders due to bump being open sourced (cooperation with lg failed with its open release and they patched it), so once the lp updates become standard, the jb boots may cause problems for aosp while the kk one is working, so this will likely be the preferred method for us down the road, but all new roms will need to be updated accordingly. I can already see this is going to get messy for many that aren't up to speed, and some new guides will need to be made once we get the methods working.
Click to expand...
Click to collapse
The best option would be to use kitkat bootloader and bump for all custom roms and recoveries. It's very easy, I already shared the commits needed to implement this, and I could make a flashable zip with kitkat bootloader so everyone can easily install it.
Deltadroid said:
Officially, cm will never adopt this method because of the keys that it contains. But, my goal is to make a flashable zip that will automatically convert a loki kernel to a bumped kernel.
We just need to convert this python script to a standalone c application so that I can package it.
---------- Post added at 10:45 AM ---------- Previous post was at 10:30 AM ----------
You still need to have a loki exploitable aboot to install official CyanogenMod.
Click to expand...
Click to collapse
That's not true, some LG devices like v400 already use bump in CyanogenMod (officially), check this:
https://github.com/CyanogenMod/andr...mmit/6a647d5664df1bada7d1a36abe8faad79e0096cb
If they have it we could also get it.
Deltadroid said:
I can confirm that this method works beautifully. Many many thanks to the OP.
I just wanted to also confirm that the current state of the Open Bump project requires the following patch to work properly with v500 kernel parameters.
Code:
--- open_bump.py 2014-11-23 21:56:00.000000000 +0100
+++ open_bump.v500.py 2015-04-08 21:28:17.098864000 +0200
@@ -27,6 +27,10 @@
# Proof of Concept
POC = False
+if POC:
+ from Crypto.Cipher import AES
+ import hashlib
+
usage = """\
Usage: open_bump.py [-ha] "<image_file>" "<output_image>"
@@ -35,22 +39,29 @@
-a/--apend image_file - <required> if in append mode, the <image_file> is appended rather than <output_file> being generated\
"""
+lg_key = "b5e7fc2010c4a82d6d597ba040816da7832e0a5679c81475a0438447b711140f"
+lg_iv = "[email protected]|[email protected]"
lg_magic = "41a9e467744d1d1ba429f2ecea655279"
+lg_dec_magic = "696e6877612e77651000000047116667"
-def get_kernel_size(image_name):
- page_size = get_page_size(image_name)
- f_image = open(image_name, 'a+b')
- paged_kernel_size = get_size_from_kernel(f_image, page_size, 8)
- paged_ramdisk_size = get_size_from_kernel(f_image, page_size, 16)
- paged_second_size = get_size_from_kernel(f_image, page_size, 24)
- if paged_second_size <= 0:
- paged_second_size = 0
- paged_dt_size = get_size_from_kernel(f_image, page_size, 40)
- if paged_dt_size <= 0:
- paged_dt_size = 0
- f_image.close()
- return page_size + paged_kernel_size + paged_ramdisk_size + paged_second_size + paged_dt_size
+def generate_signature(image_hash):
+ # the iv and key were extracted from the lg g2 aboot.img. I can explain how to find it on request.
+ iv = lg_iv
+ key = binascii.unhexlify(lg_key)
+ # this "magic" number was found after decrypting the bumped images
+ # Without codefire, this would not have been possible as I can find no reference in
+ # the images of the g2 or the g3
+ magic = binascii.unhexlify(lg_magic)
+ image_hash = binascii.unhexlify(image_hash) # insert your hash here
+ # the structure of the signature in bump starts with a magic number, then seemingly random
+ # bytes. 2 zeros follow, then the hash of the image, then 6 zeros, then 512 bytes of random data again
+ data = magic + os.urandom(16) + '\x00'*2 + image_hash + '\x00'*6 + os.urandom(512)
+ # this is then padded to fill the needed 1024 bytes
+ padded_data = data + '\x00'*(1024-len(data))
+ # AES-256 is then used to encrypt the above data
+ cipher = AES.new(key, AES.MODE_CBC, iv)
+ return cipher.encrypt(padded_data)
def bumped(image_data):
@@ -80,10 +91,18 @@
image_size = os.path.getsize(image_name)
num_pages = image_size / page_size
- calculated_size = get_kernel_size(image_name)
-
f_image = open(image_name, 'a+b')
+ paged_kernel_size = get_size_from_kernel(f_image, page_size, 8)
+ paged_ramdisk_size = get_size_from_kernel(f_image, page_size, 16)
+ paged_second_size = get_size_from_kernel(f_image, page_size, 24)
+ if paged_second_size <= 0:
+ paged_second_size = 0
+ paged_dt_size = get_size_from_kernel(f_image, page_size, 40)
+ if paged_dt_size <= 0:
+ paged_dt_size = 0
+ calculated_size = page_size + paged_kernel_size + paged_ramdisk_size + paged_second_size + paged_dt_size
+
if calculated_size > image_size:
print("Invalid image: %s: calculated size greater than actual size" % image_name)
f_image.close()
@@ -91,8 +110,7 @@
if image_size > calculated_size:
difference = image_size - calculated_size
if difference not in [page_size, page_size*2]:
- if difference not in [1024, page_size + 1024, 2 * page_size + 1024,
- 16, page_size + 16, 2 * page_size + 16]:
+ if difference not in [1024, page_size + 1024, 2 * page_size + 1024]:
print("Image already padded. Attempting to remove padding...")
print("Beware: this may invalidate your image.")
i = num_pages - 1
@@ -128,7 +146,11 @@
print("Image already bumped")
finish(out_image)
pad_image(out_image)
- magic = binascii.unhexlify(lg_magic)
+ if POC:
+ sha1sum = get_sha1(out_image)
+ magic = generate_signature(sha1sum)
+ else:
+ magic = binascii.unhexlify(lg_magic)
with open(out_image, 'a+b') as f_out_image:
f_out_image.write(magic)
finish(out_image)
Click to expand...
Click to collapse
so for a bumped kernel to work we need to use your modified version of the script?
i still dont get the concept

[MOD][CM12][COLOROS 2][HYDROGENOS] Splash Screen Image Injector v1.2

This is a program that I wrote to decode the newer style "logo.bin" files used in some OPPO, and OnePlus devices. Please read below so you can better understand this type of encoding being used:
What Is A Raw Image?
A raw image, whether it be a file or an image in memory, is simply pixel data. There is no extra information like width, height, name, end of line... Absolutely nothing, just pixel data. If you have an image that is raw and the resolution is 1080x1920 and you are using a typical RGB24 or BGR24 (like the ones used here), then your exact filesize or size in memory will be 1080x1920x3! We use 3 here because there is one byte for the R or red component, one for the G (green), and one for the B(blue).
What Is A Run Length Encoded Image?
A run length image encoding uses a count ;usually a single byte (char), 2 bytes (short int), or 4 bytes (long int); and then the pixel components. So instead of writing out 300 bytes of '0's to make a line of 100 black pixels. Black is RGB(0,0,0). You could encode this as 100, 0, 0, 0. And only use 4 bytes of data to get the exact same image as the 300 byte raw image. All the run length encoding I've found, except the Motorola style which is a little different, use a run length encoding that is pixel-oriented like this.
Now I've figured out this new one and it is a byte-oriented run length encoding. This is for runs of bytes, not pixels. You may think, well whats the big deal? When you add a little area of color, you increase the run length encoded image in you logo.bin immensely! You use 6 bytes per pixel if there aren't any runs of color data. If you had an image that was a 1080x1920 black image with a 25 pixel wide, by 25 pixel high red box in the middle. The encoder would be doing runs of black data efficiently until it reached the red area.
.....0 255 0 255 0 255 0 255 0 255 0 133 /// we've reached the top left corner of the red square /// 13 1 30 1 255 1 // << that was just one red pixel!! in bgr color order (13, 30, 255) <<// And it keeps going through the rest of the red pixels on that line using 6 bytes per pixel, which is the opposite of compression. Before reaching the red square the encoding was decoding to 255 zeros over and over, until finally 133 zeros. 255 zeros is 85 black pixels stored in just 2 bytes!
This type of encoding is only good for grey scale images. It is not good with color, but it still will handle color of course. In grey scale, the Red, Blue, and Green data components are always the same values. All the way from black (0,0,0) to white (255, 255, 255); including every shade of grey in between>>>(1,1,1) (2,2,2) (3,3,3)....(243, 243, 243) (244, 244, 244)<<<
One other difference in this method of run length encoding is that the color byte is before the count, which is backwards from all of the other methods.​
The attachment contains the C source code (which is also in the 2nd post) and the executable that was compiled using mingw32 on a 64 bit Windows 7 pc. The png library that I used is LodePng, the source is in the download.
To use logoinjector:
Decode your logo.bin:
Code:
logoInjector.exe -i logo.bin -d
All the PNG 's will be extracted from logo.bin. Edit the PNGs that you want to change...
Note:
Your original "logo.bin" file is never changed, it is just read. If the file you try to load isn't a logo.bin file, or if it is the older style, then the program will tell you and exit​
Inject the image(s) back in to the logo.bin:
Code:
logoinjector.exe -i logo.bin -j image_name_1 image_name_3
To list whats in your logo file:
Code:
logoinjector.exe -i logo.bin -l
For a more detailed list:
Code:
logoinjector.exe -i logo.bin -L
If the colors are messed up use the "-s" switch while decoding.
Code:
logoinjector.exe -i logo.bin -d -s
If you had to use the "-s" switch to decode properly, you'll have to use it to inject also:
Code:
logoinjector.exe -i logo.bin -j image_name -s
Note:
With version 1.2, you can put as many names after "-j" as you want, and it's not case sensitive. You also don't have to put the whole name. If you just put "-j fhd" every image in the logo.bin that starts with "fhd" will be injected. There has to be a PNG with the name in the directory though​
The size of your modified.logo.bin will displayed along with the original size, if everything went good. Please know the size of you logo partition. I made this program to encompass any device using this format, and there is no set size of the logo partition between devices. Fastboot will just error out if you try to flash data bigger than the partition before it writes anything. But if someone gets brave and trys to "DD" to the logo partition, it could get ugly.:cyclops:
Flash the "modified.logo.bin" file through fastboot.
v1.2
made it possible for multiple injections in one command
doesn't add png to the decoded png if it was already in the name
fixed out of scope with image 26 in OPPO find 7 logo.bin
added LodePng source in the download
made the default color order BGR
displays the modified logo file size as well as the original file size
runs the modified.logo.bin back through the list function after injecting
checks the number of offsets between the original and modified logo.bin
Use this at your own risk.
Always make backups.
Always.
Code:
/*
/*
* Logo Injector v1.2
*
* Copyright (C) 2015 Joseph Andrew Fornecker
* makers_mark @ xda-developers.com
* [email protected]
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 3 of the License, or (at your
* opinion) any later version. See <http://www.gnu.org/licenses/gpl.html>
*
* New in v1.2:
*
* - Fixed out of scope crash involving image #26 in oppo find 7 logo.bin (26 IS BIG)
* - Multiple injection names possible after the -j parameter
* - Injection names are now case insensitive
* - BGR is the the default color order, instead of RGB
* - Added more error checks
* - Show the change in file size of original logo.bin compare to the modified logo.bin
* - Several small changes dealing with readability
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <stdint.h>
#include "lodepng.h"
#define SWAP32(x) (( x >> 24 )&0xff) | ((x << 8)&0xff0000) | ((x >> 8)&0xff00) | ((x << 24)&0xff000000)
#define BLOCK 512
#define OFFSETSTART 48
#define BYTESPERPIXEL 3
#define MAXOFFSETS 28
#define SIZEOFLONGINT 4
#define TWOTOTHETEN 1024
typedef struct {
uint8_t header[8];
uint8_t blank[24];
uint32_t width;
uint32_t height;
uint32_t lengthOfData;
uint32_t special;
uint32_t offsets[MAXOFFSETS];
uint8_t name[64];
uint8_t metaData[288];
} IMAGEHEAD;
uint16_t Copy(FILE *, IMAGEHEAD *, uint16_t , uint16_t, FILE *);
int32_t InjectNewStyle(FILE *, IMAGEHEAD *, uint16_t , uint8_t *, uint16_t, FILE *, uint32_t * );
int32_t RewriteHeaderZero( uint32_t , uint16_t, FILE* , int32_t, uint32_t * );
uint32_t Encode(uint8_t*, uint8_t*, uint32_t);
uint32_t GetEncodedSize(uint8_t*, uint32_t);
uint32_t GetWidth(FILE*);
uint32_t GetHeight(FILE*);
uint64_t BlockIt(uint32_t);
uint16_t GetNumberOfOffsets(FILE*);
int32_t DecodeLogoBin(FILE*, IMAGEHEAD *);
int32_t ListFileDetails(FILE*, IMAGEHEAD *);
uint8_t* Decode(FILE*, uint32_t, uint32_t, uint32_t, uint8_t*);
int32_t IsItTheNewStyle(FILE*);
IMAGEHEAD* ParseHeaders(FILE*, uint16_t);
int32_t IsItALogo(FILE*);
void PrintFileSize(uint32_t);
uint32_t GetFileSize(FILE *);
uint16_t badAss = 0;
int16_t rgb2bgr = 1;
uint16_t convertToPNG = 1;
uint8_t HEADER[] = {0x53,0x50,0x4C,0x41,0x53,0x48,0x21,0x21};
int32_t IsItALogo(FILE *originalLogoBin){
uint8_t string[9];
uint16_t i;
fread(string, 1, 8, originalLogoBin);
for (i = 0 ; i < 8 ; i++){
if (string[i] == HEADER[i]){
continue;
} else {
return 0;
}
}
return 1;
}
int32_t IsItTheNewStyle(FILE *originalLogoBin){
int32_t newStyle = 0;
fread(&newStyle, 1, SIZEOFLONGINT, originalLogoBin);
if (newStyle == 0){
return 1;
} else {
return 0;
}
}
IMAGEHEAD *ParseHeaders(FILE *originalLogoBin, uint16_t numberOfOffsets){
uint8_t i = 0;
IMAGEHEAD *imageHeaders;
imageHeaders = malloc(BLOCK * numberOfOffsets);
memset(imageHeaders, 0, BLOCK * numberOfOffsets);
fseek(originalLogoBin, 0, SEEK_SET);
fread(&imageHeaders[i], 1 , BLOCK, originalLogoBin);
for ( i = 1 ; i < numberOfOffsets ; ++i ){
fseek(originalLogoBin, imageHeaders[0].offsets[i], SEEK_SET);
fread(&imageHeaders[i], 1 , BLOCK, originalLogoBin);
}
return imageHeaders;
}
uint16_t GetNumberOfOffsets(FILE *originalLogoBin){
uint16_t i = 0;
uint32_t readAs = 0;
fseek(originalLogoBin, OFFSETSTART, SEEK_SET);
while(i < MAXOFFSETS){
fread(&readAs, 1, SIZEOFLONGINT, originalLogoBin);
if ((readAs == 0) && (i != 0)){
break;
} else {
i++;
}
}
return i;
}
uint8_t* Decode(FILE *originalLogoBin, uint32_t start, uint32_t length, uint32_t imageBytes, uint8_t* image){
uint32_t decodedBytes = 0, i = 0;
uint8_t* data;
fseek(originalLogoBin, start, SEEK_SET);
data = (uint8_t*)malloc(length);
if (fread(data, 1, length, originalLogoBin) != length) {
fprintf(stderr, "Could not read file!!\n");
exit(0);
}
while((i < length) && (decodedBytes < imageBytes)){
memset(&image[decodedBytes], data[i], (data[i + 1]));
decodedBytes += (uint8_t)data[i+1];
i += 2;
if ((i < length) && (imageBytes - decodedBytes < (uint8_t)data[i + 1])){
memset(&image[decodedBytes], data[i], imageBytes - decodedBytes);
decodedBytes = imageBytes;
fprintf(stdout, "More information was in encoding than resolution called for.\n");
break;
}
}
fprintf(stdout, "%ld decoded bytes\n", decodedBytes);
free(data);
if( rgb2bgr == 1 ){
uint8_t old;
i = 0;
while( i < imageBytes){
old = image[i];
memset(&image[i], image[i + 2], 1);
memset(&image[i + 2], old, 1);
i += BYTESPERPIXEL;
}
}
return image;
}
int32_t DecodeLogoBin(FILE *originalLogoBin, IMAGEHEAD *imageHeaders){
uint32_t size, imageBytes, start;
uint8_t* image;
uint8_t name[65];
uint8_t r = 0;
uint16_t i , numberOfOffsets = GetNumberOfOffsets(originalLogoBin);
for ( i = 0 ; i < numberOfOffsets ; i++ ){
fprintf(stdout,"\n\n\n#%d: Offset:%ld\n", i + 1, imageHeaders[0].offsets[i]);
if ((imageHeaders[i].width == 0) || (imageHeaders[i].height == 0)){
fprintf(stdout, "Placeholder for %s\n", imageHeaders[i].metaData);
continue;
}
fprintf(stdout, "Header=%s\nWidth=%ld\nHeight=%ld\nData Length=%ld\nSpecial=%ld\nName=%s\nMetadata=%s\n",
imageHeaders[i].header, imageHeaders[i].width, imageHeaders[i].height,
imageHeaders[i].lengthOfData, imageHeaders[i].special, imageHeaders[i].name, imageHeaders[i].metaData);
if (convertToPNG){
start = imageHeaders[0].offsets[i] + BLOCK;
imageBytes = imageHeaders[i].width * (imageHeaders[i].height) * BYTESPERPIXEL;
image = malloc(imageBytes);
uint8_t lengthOfName = strlen(imageHeaders[i].name);
uint8_t *ext;
ext = strrchr(imageHeaders[i].name, '.');
if (((ext[1] == 'p') || (ext[1] == 'P')) &&
((ext[2] == 'n') || (ext[2] == 'N')) &&
((ext[3] == 'g') || (ext[3] == 'G')) &&
((ext[0] == '.'))){
sprintf(name, "%s", imageHeaders[i].name);
} else {
sprintf(name, "%s.png", imageHeaders[i].name);
}
lodepng_encode24_file(name, Decode(originalLogoBin, (uint32_t)start, (uint32_t)imageHeaders[i].lengthOfData, (uint32_t)imageBytes, image) , (unsigned)imageHeaders[i].width, (unsigned)imageHeaders[i].height);
free(image);
}
}
return 0;
}
int32_t ListFileDetails(FILE *originalLogoBin, IMAGEHEAD *imageHeaders){
uint32_t i = 0, j = 0;
fseek(originalLogoBin, 0, SEEK_SET);
uint16_t numberOfOffsets = GetNumberOfOffsets(originalLogoBin);
fprintf(stdout, "Resolution\tOffset\tName\n");
fprintf(stdout, "-------------------------------------------------------------\n");
for ( i = 0 ; i < numberOfOffsets ; i++ ){
if ((imageHeaders[i].width == 0) || (imageHeaders[i].height == 0)){
fprintf(stdout, "(placeholder) for %s\n", imageHeaders[i].metaData);
continue;
}
fprintf(stdout,"%dx%d\t", imageHeaders[i].width, imageHeaders[i].height);
if ((imageHeaders[i].width < 1000) && (imageHeaders[i].height <1000)){fprintf(stdout, "\t");}
fprintf(stdout, "%ld\t%s\n", imageHeaders[0].offsets[i], imageHeaders[i].name );
}
return 1;
}
uint16_t Copy(FILE *originalLogoBin, IMAGEHEAD *imageHeaders, uint16_t numberOfOffsets, uint16_t injectionNumber, FILE *modifiedLogoBin){
uint8_t *data;
uint32_t offset, originalOffset;
uint32_t imageSize = BlockIt(BLOCK + imageHeaders[injectionNumber].lengthOfData);
if( imageHeaders[injectionNumber].name[0] == 0){
fprintf(stdout, "Copying \t#%d:(placeholder) %s\n", injectionNumber + 1 , imageHeaders[injectionNumber].metaData);
} else {
fprintf(stdout, "Copying \t#%d:%s\n", injectionNumber + 1 , imageHeaders[injectionNumber].name);
}
data = malloc(imageSize);
memset(data, 0 , imageSize);
fread(data, 1, imageSize, originalLogoBin);
fwrite(data, 1 , imageSize, modifiedLogoBin);
free(data);
}
int32_t InjectNewStyle(FILE *originalLogoBin, IMAGEHEAD *imageHeaders, uint16_t numberOfOffsets, uint8_t *injectionName, uint16_t injectionNumber, FILE *modifiedLogoBin, uint32_t *ihMainOffsets ){
uint32_t encodedSize = 0, actualWritten = 0, imageSize = 0;
uint8_t *data, *header;
int8_t inFileName[69];
int32_t blockDifference;
uint32_t offset, originalOffset;
FILE *pngFile;
sprintf(inFileName, "%s", injectionName);
if (imageHeaders[injectionNumber].special != 1){
fprintf(stdout, "ERROR: \"Special\" is not equal to '1' \nThis would not be safe to flash!\nPlease email logo.bin in question to:\[email protected]\n");
fclose(originalLogoBin);
fclose(modifiedLogoBin);
return 0;
}
if ((pngFile = fopen(inFileName, "rb")) == NULL){
sprintf(inFileName, "%s.png", injectionName);
if ((pngFile = fopen(inFileName, "rb")) == NULL){
fclose(pngFile);
fclose(modifiedLogoBin);
fclose(originalLogoBin);
fprintf(stderr, "%s could not be read\n", inFileName);
return 0;
}
}
IMAGEHEAD new;
memset(new.blank, 0, sizeof(new.blank));
memset(new.metaData, 0, sizeof(new.metaData));
memset(new.offsets, 0, SIZEOFLONGINT * MAXOFFSETS);
strncpy(new.header, HEADER , 8);
strncpy(new.metaData, imageHeaders[injectionNumber].metaData, sizeof(imageHeaders[injectionNumber].metaData));
strncpy(new.name, injectionName, 64);
new.special = 1;
fprintf(stdout, "Injecting\t#%d:%s\n", injectionNumber + 1 , imageHeaders[injectionNumber].name);
if (((new.width = GetWidth(pngFile)) != imageHeaders[injectionNumber].width) && (!badAss)){
fprintf(stderr, "Error: Width of PNG to be injected is %d, it must be %d!\n", new.width, imageHeaders[injectionNumber].width);
fclose(pngFile);
fclose(modifiedLogoBin);
fclose(originalLogoBin);
return 0;
}
if (((new.height = GetHeight(pngFile)) != imageHeaders[injectionNumber].height) && (!badAss)){
fprintf(stderr, "Error: Height of PNG to be injected is %d, it must be %d!\n", new.height, imageHeaders[injectionNumber].height);
fclose(pngFile);
fclose(modifiedLogoBin);
fclose(originalLogoBin);
return 0;
}
uint32_t rawBytes = new.width * new.height * BYTESPERPIXEL;
uint8_t *decodedPNG = malloc(rawBytes);
lodepng_decode24_file(&decodedPNG, (uint32_t*)&new.width, (uint32_t*)&new.height , (const uint8_t*)inFileName);
if (rgb2bgr == 1){
uint8_t old;
uint32_t k = 0;
while( k < rawBytes ){
old = decodedPNG[k];
memset(&decodedPNG[k], decodedPNG[k + 2], 1);
memset(&decodedPNG[k + 2], old, 1);
k += BYTESPERPIXEL;
}
}
encodedSize = GetEncodedSize(decodedPNG, (new.width * new.height * BYTESPERPIXEL));
new.lengthOfData = encodedSize;
uint8_t *rlEncoded = malloc(BlockIt(encodedSize));
memset(rlEncoded, 0, BlockIt(encodedSize));
actualWritten = Encode(decodedPNG, rlEncoded, (new.width * new.height * BYTESPERPIXEL));
blockDifference = (((BLOCK + BlockIt(actualWritten)) - (BLOCK + BlockIt(imageHeaders[injectionNumber].lengthOfData))) / BLOCK);
fwrite(&new, 1 , BLOCK, modifiedLogoBin);
fwrite(rlEncoded, 1 , BlockIt(actualWritten), modifiedLogoBin);
free(decodedPNG);
free(rlEncoded);
RewriteHeaderZero( injectionNumber , numberOfOffsets , modifiedLogoBin , blockDifference, ihMainOffsets);
fclose(pngFile);
return 1;
}
int32_t RewriteHeaderZero( uint32_t injectionImageNumber , uint16_t numberOfOffsets, FILE *modifiedLogoBin , int32_t blockDifference, uint32_t *ihMainOffsets){
uint8_t i, j = injectionImageNumber + 1 ;
uint32_t filePosition = ftell(modifiedLogoBin);
uint32_t offset = 0;
for( ; j < numberOfOffsets; j++){
fseek(modifiedLogoBin, OFFSETSTART + (SIZEOFLONGINT * j), SEEK_SET);
offset = ihMainOffsets[j];
offset += (blockDifference * BLOCK);
fseek(modifiedLogoBin, OFFSETSTART + (SIZEOFLONGINT * j), SEEK_SET);
fwrite(&offset, 1 , SIZEOFLONGINT , modifiedLogoBin);
ihMainOffsets[j] = offset;
}
fseek(modifiedLogoBin, filePosition , SEEK_SET);
return;
}
uint32_t GetEncodedSize(uint8_t* data, uint32_t size){
uint32_t pos = 0, ret = 0;
uint16_t count = 1;
for( pos = 0 ; pos < size ; ++pos , count = 1){
while((pos < size - 1) && (count < 0xFF) && ((memcmp(&data[pos], &data[pos+1], 1)) == 0)){
count++;
pos++;
}
ret += 2;
}
return ret;
}
uint32_t Encode(uint8_t* rawRgbReading, uint8_t* rlEncoded, uint32_t rawSize){
uint32_t writePosition = 0 , readPosition = 0;
uint16_t count = 1;
for( readPosition = 0 ; readPosition < rawSize ; ++readPosition , count = 1){
while((readPosition < rawSize - 1 ) && (count < 0xFF) && ((memcmp(&rawRgbReading[readPosition], &rawRgbReading[readPosition+1], 1)) == 0)){
count++;
readPosition++;
}
rlEncoded[writePosition] = rawRgbReading[readPosition];
rlEncoded[writePosition + 1] = count;
writePosition += 2;
}
return writePosition;
}
uint32_t GetWidth(FILE *pngFile){
uint32_t width;
fseek(pngFile, 16, SEEK_SET);
fread(&width, 1, SIZEOFLONGINT, pngFile);
return(SWAP32(width));
}
uint32_t GetHeight(FILE *pngFile){
uint32_t height;
fseek(pngFile, 20, SEEK_SET);
fread(&height, 1, SIZEOFLONGINT, pngFile);
return(SWAP32(height));
}
uint64_t BlockIt(uint32_t isize){
uint32_t blockSize = BLOCK;
if ((isize % blockSize) == 0){
return isize;
}else{
return isize + (blockSize - (isize % blockSize));
}
}
void Usage(){
fprintf(stdout, "Usage: logoinjector -i \"input file\" [-l] | [-L] | [-d [-s]] | [-j \"image to be replaced\" [-b] | [-s]]\n\n");
fprintf(stdout, "Mandatory Arguments:\n\n");
fprintf(stdout, "\t-i \"C:\\xda\\logo.bin\"\n");
fprintf(stdout, "\t This is the logo.bin file to analyze or inject an image\n\n");
fprintf(stdout, "Optional Arguments:\n\n");
fprintf(stdout, "\t-d Decode all images into PNGs, (-s)wap parameter may be needed for proper color.\n");
fprintf(stdout, "\t-l Lower case 'L' is to display a short list of what is inside the input file.\n");
fprintf(stdout, "\t-L Upper case 'L' is for a more detailed list of logo.bin image contents.\n");
fprintf(stdout, "\t-b 'b' is used to tell the program to disregard width or height differences\n");
fprintf(stdout, "\t when encoding an image, the program also won't fail if it can't find a name\n");
fprintf(stdout, "\t that can't be found on the inject list when encoding images\n");
fprintf(stdout, "\t-s 's' is used to swap RGB and BGR color order. Can be used on decoding or encoding.\n");
fprintf(stdout, "\t NEW IN THIS V1.2: Swap is on by default, meaning the color order will be BGR. Using\n");
fprintf(stdout, "\t the \"-s\" switch will result in a RGB color order. Bottom line: If you (-d)ecode the\n");
fprintf(stdout, "\t images (that have color) and the colors aren't right, then you should use (-s) to \n");
fprintf(stdout, "\t decode and inject images.\n");
fprintf(stdout, "\t-j \"image(s) to be replaced\"\n");
fprintf(stdout, "\t The image(s) name to be replaced as seen in the (-l)ist\n");
fprintf(stdout, "\t NEW IN THIS V1.2: Multiple image names may be put after \"-j\"\n");
fprintf(stdout, "\t The names simply need to be separated by a space. The names now also are not case\n");
fprintf(stdout, "\t sensitive, and it doesn't matter if you put the extension at the end of the name.\n");
fprintf(stdout, "\t You actually only need to put the first characters of the name.\nExample:\n");
fprintf(stdout, "\t logoinjector -i \"your_logo.bin\" -j FHD \n\n");
fprintf(stdout, "\t This will inject a PNG for every name in the logo bin that begins with \"fhd\"\n");
return;
}
void PrintFileSize(uint32_t bytes){
float megaBytes = 0, kiloBytes = 0;
kiloBytes = (float)bytes / (float)TWOTOTHETEN;
megaBytes = kiloBytes / (float)TWOTOTHETEN;
if (kiloBytes < (float)TWOTOTHETEN){
fprintf(stdout, "\t%.2f KB\n", kiloBytes);
} else {
fprintf(stdout, "\t%.2f MB\n", megaBytes);
}
return;
}
uint32_t GetFileSize(FILE *temp){
fseek(temp, 0 , SEEK_END);
uint32_t fileSizeZ = ftell(temp);
return(fileSizeZ);
}
int32_t main(int32_t argc, int8_t **argv){
int32_t c;
int16_t h, i , j , k = 0;
FILE *originalLogoBin = NULL, *modifiedLogoBin = NULL;
uint8_t *inputFile = NULL;
uint8_t *injectNames[MAXOFFSETS];
int16_t decodeAllOpt = 0;
int16_t encodeOpt = 0;
int16_t inject = 0;
int16_t listFile = 0;
uint16_t numberOfOffsets = 0, injected = 0;
for(i = 0; i < MAXOFFSETS; i++){
injectNames[i] = NULL;
}
fprintf(stdout, "__________________________________________________________-_-\n");
fprintf(stdout, "Logo Injector v1.2\n\nWritten By Makers_Mark @ XDA-DEVELOPERS.COM\n");
fprintf(stdout, "_____________________________________________________________\n\n");
while ((c = getopt (argc, (char**)argv, "sSj:J:hHbBdDlLi:I:")) != -1){
switch(c)
{
case 'l':
listFile = 1;
break;
case 'L':
decodeAllOpt = 1;
convertToPNG = 0;
break;
case 'i':
case 'I':
inputFile = optarg;
break;
case 'b':
case 'B':
badAss = 1;
break;
case 'j':
case 'J':
h = optind - 1 ;
uint8_t *nextArg;
while(h < argc){
inject = 1;
nextArg = strdup(argv[h]);
h++;
if(nextArg[0] != '-'){
injectNames[k++] = nextArg;
} else {
break;
}
}
optind = h - 1;
break;
case 'd':
case 'D':
decodeAllOpt = 1 ;
break;
case 's':
case 'S':
rgb2bgr = -1 ;
break;
case 'h':
case 'H':
Usage();
return 0;
break;
default:
Usage();
return 0;
break;
}
}
if (inputFile == NULL){
Usage();
return 0;
}
fprintf(stdout, "FILE: %s\n_____________________________________________________________\n\n", inputFile);
if (rgb2bgr == 1){
fprintf(stdout, "BGR is the color order. Use \"-s\" switch to change it to RGB.\n\n");
} else {
fprintf(stdout, "RGB is the color order. Use \"-s\" switch to change it to BGR.\n\n");
}
if ((originalLogoBin = fopen(inputFile, "rb")) == NULL){
fprintf(stderr, "%s could not be opened\n", inputFile);
return 0;
}
if (!IsItALogo(originalLogoBin)){
fprintf(stdout, "\nThis is NOT a valid Logo.bin\n\n");
fclose(originalLogoBin);
return 0;
}
if (!IsItTheNewStyle(originalLogoBin)){
fprintf(stdout, "\nThis is the old style logo.bin\n\n");
fclose(originalLogoBin);
return 0;
}
numberOfOffsets = GetNumberOfOffsets(originalLogoBin);
IMAGEHEAD *imageHeaders = ParseHeaders(originalLogoBin, numberOfOffsets);
if (listFile){
ListFileDetails(originalLogoBin, imageHeaders);
return 1;
}
if(inject){
uint32_t ihMainOffsets[MAXOFFSETS];
uint8_t found = 0, exitFlag = 0;
for (i = 0; i < MAXOFFSETS ; i++){
ihMainOffsets[i] = 0;
}
for (j = 0; j < k ; j++){
for (i = 0 ; i < numberOfOffsets ; i++ ){
if((strcasecmp(imageHeaders[i].name, injectNames[j]) == 0) ||
(strncasecmp(imageHeaders[i].name, injectNames[j], strlen(injectNames[j])) == 0)){
found = 1;
break;
} else {
found = 0;
}
}
if (!found){
fprintf(stdout, "ERROR: \"%s\" is not in the logo bin !!!!\n", injectNames[j]);
exitFlag = 1;
}
}
if ((exitFlag) && (!badAss)){
fclose(originalLogoBin);
exit(0);
}
memcpy(&ihMainOffsets , &imageHeaders[0].offsets, SIZEOFLONGINT * MAXOFFSETS);
fseek(originalLogoBin, 0, SEEK_SET);
if ((modifiedLogoBin = fopen("modified.logo.bin", "wb+")) == NULL){
fclose(modifiedLogoBin);
fclose(originalLogoBin);
fprintf(stderr, "modified.logo.bin could not be opened\n");
return 0;
}
for (i = 0 ; i < numberOfOffsets ; i++ , injected = 0 ){
for (j = 0; j < k ; j++){
if((strcasecmp(imageHeaders[i].name, injectNames[j]) == 0) ||
(strncasecmp(imageHeaders[i].name, injectNames[j], strlen(injectNames[j])) == 0)){
if (InjectNewStyle(originalLogoBin, imageHeaders , numberOfOffsets, imageHeaders[i].name, i, modifiedLogoBin, ihMainOffsets) == 0){
fprintf(stderr, "Error: Injecting %s\n", imageHeaders[i].name);
fclose(originalLogoBin);
fclose(modifiedLogoBin);
return 0;
}
if ( i != numberOfOffsets - 1 ){
fseek(originalLogoBin, imageHeaders[0].offsets[i+1], SEEK_SET);
}
injected = 1;
break;
}
}
if (!injected){
Copy(originalLogoBin , imageHeaders, numberOfOffsets, i, modifiedLogoBin);
}
}
uint16_t modifiedNumberOfOffsets = 0;
if (GetNumberOfOffsets(modifiedLogoBin) != numberOfOffsets){
fprintf(stderr, "ERROR: The number of offsets doesn't match the Original file!!\n");
fclose(modifiedLogoBin);
if (!badAss){
unlink("modified.logo.bin");
}
exit(0);
}
fprintf(stdout, "\n\nContents of the NEW \"modified.logo.bin\":\n");
fprintf(stdout, "VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV\n\n");
ListFileDetails(modifiedLogoBin, imageHeaders);
fprintf(stdout, "\n\n_____________________________________________________________\nOriginal filesize: ");
PrintFileSize(GetFileSize(originalLogoBin));
fprintf(stdout, "Modified filesize: ");
PrintFileSize(GetFileSize(modifiedLogoBin));
fprintf(stdout, "-------------------------------------------------------------\n");
fclose(originalLogoBin);
fclose(modifiedLogoBin);
return 1;
}
if (decodeAllOpt){
DecodeLogoBin(originalLogoBin, imageHeaders);
fclose(originalLogoBin);
return 1;
}
fclose(originalLogoBin);
return 1;
}
Terrific, this works. Thank you a lot!
After a little trial-and-error and some time in our beloved QHSUSB_DLOAD mode, I finally got it to work! I own a OnePlus One, and I had to use the -s parameter to get it to work correctly. Just a heads-up for any OPO owners who wants to use this. Great work, OP!
treChoy said:
After a little trial-and-error and some time in our beloved QHSUSB_DLOAD mode, I finally got it to work! I own a OnePlus One, and I had to use the -s parameter to get it to work correctly. Just a heads-up for any OPO owners who wants to use this. Great work, OP!
Click to expand...
Click to collapse
Thanks for chiming in, I was going to ask you to test for me initially. Can you elaborate on what happened?
makers_mark said:
Thanks for chiming in, I was going to ask you to test for me initially. Can you elaborate on what happened?
Click to expand...
Click to collapse
Just a foreword that I was using a Windows 8.1 machine, which is bound to be the cause of some of the issues I ran into.
After I unzipped the program and put the logo.bin in the extracted folder, I kept running the commands, but each time, I'd get an error message saying that the program didn't support my OS version, or something to that effect. I tried rewording the commands, but to no avail. Eventually, I just deleted the whole folder and extracted the package again. That seemed to do the trick.
So I had all the images extracted, and I created the ones I wanted to replace. There was a bit of confusion repackaging the image, since the OPO's logo.bin places the ".png" into the name of the images, but eventually, I got it all right. I flashed the modified logo.bin, but when I tried to reboot, my computer started installing drivers for QHSUSB. This had happened before when I was playing around with the LOGO partition, and it was an easy fix. I just jammed the power button for 30 seconds, and prayed to God. Thankfully, the phone booted up, but the splash screen I had created had its colors messed up. I assumed that I needed to swap the red and the blue, so I used the parameter you provided and packaged a new splash screen. I flashed it, and everything looked fine.
It's definitely a little more intimidating than the tool that @chillstep1998 created, but with a little trial-and-error, it's certainly doable. Great work!
Oh, yeah. I needed to use the -s parameter too and I skipped putting the logo.bin in through fastboot - I just modded an install zip and flashed it in with TWRP.
Thanks for this program. Glad that it's back from someone for CM12 as we waited for quite some time now. I have a query though about repacking.
logoinjector.exe -i logo.bin -j (image name you want to replace)
Is it possible to put different file names at the same time if I want to replace two or three files at the same time like this
logoinjector.exe -i logo.bin -j 4-fastboot.png 5-lowpower.png
because it doesn't work for me, I will have to run this command for the number of times I have files to replaced?
Does this method work with custom roms based on nightly cm 12.1?I'm currently on exodus rom.
Spyrious said:
Does this method work with custom roms based on nightly cm 12.1?I'm currently on exodus rom.
Click to expand...
Click to collapse
I suppose it should because logo.bin would be same for all those roms.
Sent from my "GT-I9300/1+1" powered by Carbon Rom & Boeffla/ak Kernel
Fueled by 7000mAh ZeroLemon Battery
Awesome! I had to also use the -s parameter but it worked great. Thanks OP.
Is this an appropriate place to start sharing logos or do we need a separate thread for that?
makers_mark said:
Code:
/*
* Logo Injector v1.0
[/QUOTE]
WOW - Thanks !
I've waited a LONG time for this !
Few things to let you know
1. On my Win 8.1 x64 I run Comodo CIS - which prevents LogoInjector.exe from creating the PNG images after I run "logoInjector.exe -i logo.bin -d".
This is of course the behavior of a false-positive, the overprotection of comodo A/V.
So once I temporary disable it -LogoInjector can successfully create the PNGs.
2. I also, as already reported, needed to use the -s switch inorder to get the right colors
3. I would also very much appreciate if it will be possible to inject multiple images at once with one command.
4. I can advise to update the OP with the size limits of the logo.bin ( if there is at all )
I injected a 276KB png into 335KB logo.bin and got a modified logo.bin size 12,171KB ( 12MB ! ) - never the less - After I flashed it - everything is OK.
5. I can advise to put in the OP a link to a tool/method ( if exist at all ) that can enable extraction of the current installed logo.bin from the phone it self.
button line - VERY GOOD WORK ! :good: :good: :good::highfive:
[B][U]EDIT:[/U][/B]
I attach a[B] FLASHABLE ZIP FILE that INSTALLS the logo.bin[/B] found inside the zip.
just replace the logo.bin in the root of the zip with your custom made "logo.bin".
This method is an alternative to the fastboot command "fastboot flash LOGO logo.bin"
Click to expand...
Click to collapse
330kb modified bootlogo
I got a 330KB modified logo.bin file
Isn't it supposed to be around 16MB?
I'm currently on cm12.1 06/08/2015 (DD/MM/YYYY)
ranger1021994 said:
I got a 330KB modified logo.bin file
Isn't it supposed to be around 16MB?
I'm currently on cm12.1 06/08/2015 (DD/MM/YYYY)
Click to expand...
Click to collapse
Size depends on the size of embedded images.
Sent from my "GT-I9300/1+1" powered by Carbon Rom & Boeffla/ak Kernel
Fueled by 7000mAh ZeroLemon Battery
LOGO.bin file size
nicesoni_ash said:
Size depends on the size of embedded images.
Sent from my "GT-I9300/1+1" powered by Carbon Rom & Boeffla/ak Kernel
Fueled by 7000mAh ZeroLemon Battery
Click to expand...
Click to collapse
My original LOGO file is 16MB big.
How can my modified file be only 330KB?
I don't know what is causing the file size to come down drastically from 16MB to just 330KB. Is it normal? Because I'm not sure it is
ranger1021994 said:
My original LOGO file is 16MB big.
How can my modified file be only 330KB?
I don't know what is causing the file size to come down drastically from 16MB to just 330KB. Is it normal? Because I'm not sure it is
Click to expand...
Click to collapse
Check all image files size individually and if the difference is not that huge then surely something is wrong.
Sent from my "GT-I9300/1+1" powered by Carbon Rom & Boeffla/ak Kernel
Fueled by 7000mAh ZeroLemon Battery
nicesoni_ash said:
Check all image files size individually and if the difference is not that huge then surely something is wrong.
Click to expand...
Click to collapse
ranger1021994 said:
My original LOGO file is 16MB big.
How can my modified file be only 330KB?
I don't know what is causing the file size to come down drastically from 16MB to just 330KB. Is it normal? Because I'm not sure it is
Click to expand...
Click to collapse
gps3dx said:
I injected a 276KB png into 335KB logo.bin and got a modified logo.bin size 12,171KB ( 12MB ! ) - never the less - After I flashed it - everything is OK.
Click to expand...
Click to collapse
@read my quote.
if you enter an image with only ONE COLOR background ( Same RBG values, not gradient ! ) it can drastically lower the final file size.
You can of course use black as background color and crop the images size to your content, so that the cropped areas will be filled automatically by the OPO as black color.
The idea here is that if you'll have full sized photo (1080x1920) with small area content (like 300x400), it contains black areas ( for no reason ) which enlarges the final file size - which make no sense.
nevertheless, Read my quote, as you can see I flash a ~12MB file while the original file was 335KB - and everything works!
I have a stupid question, how can I know whether I have a CM12 or CM11 logo in my oneplus? I have flashed CM11 as a primary rom and flashed CM12 as a secondary rom. I do remember that I flashed a CM12 zip to be able to flash CM12 as a secondary rom but that's a faint memory and I want to be sure before flashing a logo because last time I did that, I lost everything in my Oneplus and had to start from the beginning first by reviving it from its dead state.
Thanks.
nicesoni_ash said:
I have a stupid question, how can I know whether I have a CM12 or CM11 logo in my oneplus? I have flashed CM11 as a primary rom and flashed CM12 as a secondary rom. I do remember that I flashed a CM12 zip to be able to flash CM12 as a secondary rom but that's a faint memory and I want to be sure before flashing a logo because last time I did that, I lost everything in my Oneplus and had to start from the beginning first by reviving it from its dead state.
Thanks.
Click to expand...
Click to collapse
EDIT: Deleted for misinformation
It works!!
gps3dx said:
@read my quote.
if you enter an image with only ONE COLOR background ( Same RBG values, not gradient ! ) it can drastically lower the final file size.
You can of course use black as background color and crop the images size to your content, so that the cropped areas will be filled automatically by the OPO as black color.
The idea here is that if you'll have full sized photo (1080x1920) with small area content (like 300x400), it contains black areas ( for no reason ) which enlarges the final file size - which make no sense.
nevertheless, Read my quote, as you can see I flash a ~12MB file while the original file was 335KB - and everything works!
Click to expand...
Click to collapse
AMAZING!
It works!!
Finally
Thanks a lot!

Need advice about “mkbootimg” (compiling android kernel)

I´m working on compiling an kernel from SonyXperiaDev source, have already build kernel zImage with:
HTML:
make ARCH=<arch> CROSS_COMPILE=$CROSS_COMPILE <device_defconfig>
make ARCH=<arch> CROSS_COMPILE=$CROSS_COMPILE -j <cpu_thread_number>
make ARCH=arm CROSS_COMPILE=$CROSS_COMPILE -j12 -C M=$PWD CONFIG_PRIMA_WLAN=m CONFIG_PRIMA_WLAN_LFR=y KERNEL_BUILD=1 WLAN_ROOT=$PWD
I extract the ramdisk.cpio.gz from my device now i´m able to assemble the new boot image. But i'm not sure about the mkbootimg file that is neccessary for assemble the boot.img here a request of the compiling guide:
Assemble the boot image file The kernel image and the RAM image need to be assembled in a boot image file. The boot image file will then be flashed to your phone or tablet. Depending on your device, you need to use the tool mkqcdtbootimg, provided by SonyXperiaDev on GitHub, or mkbootimg, provided by the Android Open Source Project, to create the boot image. Please note that the program must be compiled differently depending on which system you are running.
Click to expand...
Click to collapse
In my case i need the mkbootimg from AOSP but how can i find the right one?
here the command for the next step:
HTML:
./mkbootimg --base 0x80200000 --kernel zImage --ramdisk_offset 0x02000000 --cmdline "androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x3F ehci-hcd.park=3 vmalloc=400M androidboot.emmc=true" --ramdisk ramdisk.cpio.gz -o boot.img
Details to my Device:
[ro.product.cpu.abilist32]: [armeabi-v7a,armeabi]
[Xperia Z]
[ro.com.google.gmsversion]: [5.1_r2]
[Sony/C6603/C6603:5.1.1/10.7.A.0.222]
Click to expand...
Click to collapse
I was looking here for the source mkbootimg:
https://android.googlesource.com/platform/system/core/+/android-5.1.1_r2
https://android.googlesource.com/platform/system/core/+refs
it contains the mkbootimmg.c but the kernel and ramdisk offset are diffrent to the sony instrucktion.
HTML:
boot_img_hdr hdr;
char *kernel_fn = 0;
void *kernel_data = 0;
char *ramdisk_fn = 0;
void *ramdisk_data = 0;
char *second_fn = 0;
void *second_data = 0;
char *cmdline = "";
char *bootimg = 0;
char *board = "";
unsigned pagesize = 2048;
int fd;
SHA_CTX ctx;
const uint8_t* sha;
unsigned base = 0x10000000;
unsigned kernel_offset = 0x00008000;
unsigned ramdisk_offset = 0x01000000;
unsigned second_offset = 0x00f00000;
unsigned tags_offset = 0x00000100;
size_t cmdlen;
How can i identify the right mkbootimg file for assembly zImage and ramdisk.gz?
Thank you
You can just use AnyKernel2, it has mkbootimg included, so it automatically makes boot image with ramdisk of currently installed kernel when flashed.

Teclast M40 Android 12L

Hi! I managed to get Android 12L running on the Teclast M40 by making some changes to the AOSP source code. A build of the modified AOSP source code can be downloaded from here, but I would not suggest trying it on other devices except the Teclast M40.
I will describe the changes I made to the AOSP source code so that you can reproduce this build.
1. change PRODUCT_SHIPPING_API_LEVEL from 30 to 29 in gsi_release.mk, since the Teclast M40 is shipped with Android 10.
Diff:
diff --git a/target/product/gsi_release.mk b/target/product/gsi_release.mk
index a2a29ed0fc..9a75bf8b3b 100644
--- a/target/product/gsi_release.mk
+++ b/target/product/gsi_release.mk
@@ -34,7 +34,7 @@ PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST += \
# GSI should always support up-to-date platform features.
# Keep this value at the latest API level to ensure latest build system
# default configs are applied.
-PRODUCT_SHIPPING_API_LEVEL := 30
+PRODUCT_SHIPPING_API_LEVEL := 29
# Enable dynamic partitions to facilitate mixing onto Cuttlefish
PRODUCT_USE_DYNAMIC_PARTITIONS := true
2. change PRODUCT_CHARACTERISTICS from emulator to tablet in emulator_vendor.mk.
Diff:
diff --git a/target/product/emulator_vendor.mk b/target/product/emulator_vendor.mk
index b9f33abb9a..93ad9482b3 100644
--- a/target/product/emulator_vendor.mk
+++ b/target/product/emulator_vendor.mk
@@ -28,7 +28,7 @@ PRODUCT_PACKAGES += \
DEVICE_PACKAGE_OVERLAYS := device/generic/goldfish/overlay
-PRODUCT_CHARACTERISTICS := emulator
+PRODUCT_CHARACTERISTICS := tablet
PRODUCT_FULL_TREBLE_OVERRIDE := true
3. change EngineBase.cpp, so that fix audioserver crash during startup.
Diff:
diff --git a/services/audiopolicy/engine/common/src/EngineBase.cpp b/services/audiopolicy/engine/common/src/EngineBase.cpp
index 150a9a8e4f..9d5dff6d9f 100644
--- a/services/audiopolicy/engine/common/src/EngineBase.cpp
+++ b/services/audiopolicy/engine/common/src/EngineBase.cpp
@@ -165,16 +165,7 @@ engineConfig::ParsingResult EngineBase::loadAudioPolicyEngineConfig()
android::status_t ret = engineConfig::parseLegacyVolumes(config.volumeGroups);
result = {std::make_unique<engineConfig::Config>(config),
static_cast<size_t>(ret == NO_ERROR ? 0 : 1)};
- } else {
- // Append for internal use only volume groups (e.g. rerouting/patch)
- result.parsedConfig->volumeGroups.insert(
- std::end(result.parsedConfig->volumeGroups),
- std::begin(gSystemVolumeGroups), std::end(gSystemVolumeGroups));
}
- // Append for internal use only strategies (e.g. rerouting/patch)
- result.parsedConfig->productStrategies.insert(
- std::end(result.parsedConfig->productStrategies),
- std::begin(gOrderedSystemStrategies), std::end(gOrderedSystemStrategies));
ALOGE_IF(result.nbSkippedElement != 0, "skipped %zu elements", result.nbSkippedElement);
4. change AudioPolicyManager.cpp, so that fix audioserver crash when headset plugs in.
Diff:
diff --git a/services/audiopolicy/managerdefault/AudioPolicyManager.cpp b/services/audiopolicy/managerdefault/AudioPolicyManager.cpp
index 5a18762967..f3f50f513c 100644
--- a/services/audiopolicy/managerdefault/AudioPolicyManager.cpp
+++ b/services/audiopolicy/managerdefault/AudioPolicyManager.cpp
@@ -5349,15 +5349,7 @@ status_t AudioPolicyManager::checkOutputsForDevice(const sp<DeviceDescriptor>& d
}
if (state == AUDIO_POLICY_DEVICE_STATE_AVAILABLE) {
- // first call getAudioPort to get the supported attributes from the HAL
- struct audio_port_v7 port = {};
- device->toAudioPort(&port);
- status_t status = mpClientInterface->getAudioPort(&port);
- if (status == NO_ERROR) {
- device->importAudioPort(port);
- }
-
- // then list already open outputs that can be routed to this device
+ // first list already open outputs that can be routed to this device
for (size_t i = 0; i < mOutputs.size(); i++) {
desc = mOutputs.valueAt(i);
if (!desc->isDuplicated() && desc->supportsDevice(device)
Tried this just now, it fixed the headset jack and the audio is now properly routed. Thanks!
Is there a way to apply this fix without building another system.img?
I've installed it on my M40 and it works. Unfortunately, ADB no longer will function with it. Drivers are loaded correctly and it will work with any other GSI rom I put on the tablet. With this one, when performing adb devices, it comes up with a blank list.
Edit: Nevermind. Helps if I read more
Hi, I'm trying to get this working on my M40, but I'm not sure how to install.
My device is rooted using Magisk.
I tried flashing via fastboot:
Bash:
fastboot -S 100M flash system system.img
The process completed, but after booting I was still at Android 10.
Any advice?
SapuSeven said:
Hi, I'm trying to get this working on my M40, but I'm not sure how to install.
My device is rooted using Magisk.
I tried flashing via fastboot:
Bash:
fastboot -S 100M flash system system.img
The process completed, but after booting I was still at Android 10.
Any advice?
Click to expand...
Click to collapse
Flash,then switch your device to recovery mode using volume and power buttons, wipe all data and reboot.
There is no GMS on this system, and Bluetooth audio cannot be used, I would like to know how to solve it, thank you
When using this, is there any way to get Magisk and Gapps installed without twrp? As far as I know there is no twrp for Teclast m40 Pro, but this rom installed great.
HisokaRyodan said:
When using this, is there any way to get Magisk and Gapps installed without twrp? As far as I know there is no twrp for Teclast m40 Pro, but this rom installed great.
Click to expand...
Click to collapse
[For_Tablet]_PixelExperience_Plus_treble_arm64_bgN-12.1-20230514-01002-UNOFFICIAL

Categories

Resources