Hi all,
I am a developer in GT-I9100G sub-section. I made a tutorial over there for I9100G on building a kernel. Since the method is very similar, I thought of posting a tutotial here for N7000 too so that it will help many new and aspiring developers to build their own kernel for GT-N7000.
Okay. Let's learn how to build kernel for Galaxy Note N7000. There are many ways to build. I am just presenting here the way I build and make kernel.
NOTE 1: Follow the instructions exactly.
NOTE 2: Kernel is opensource. If you make any changes to it, you're expected to share your source. (Usually people share it over github )
NOTE 3: FLASHING KERNEL IS RISKY AND DANGEROUS. BE CAREFUL. BUILD AND FLASH ON YOUR OWN RISK.
What you need to have:
Ubuntu 10.04 and above (I use 10.04 )
ARM tool chain (Download HERE. Click on IA32 GNU/Linux TAR under Advanced Packages)
Samsung's opensource kernel for N7000 (Download HERE. Go to Mobile->Mobile Phone-> Select GT-N7000 and download the zip)
Setting up toolchain:
Extract the tar you downloaded(Suggestion: Extract to one folder where you can have everything. In my case /home/superatmos/build_kernel).
After extracting, you'll see a folder named arm-2010q1. Inside there will be many folders (ex. bin, lib and so on.)
Folder structure will be: /home/<your_name>/build_kernel/arm-2010q1
Setting up kernel:
Extract the zip you've downloaded from samsung's opensource.
You'll find two zips.
Extract GT-N7000_Kernel.tar.gz to /home/<your_name>/build_kernel/
Folder structure: /home/<your_name>/build_kernel/GT-N7000_Kernel
Setting up initramfs:
Samsung's zImage is divided into two parts: Opensource kernel (which you downloaded from samsung's website) and initramfs (which is root file system to boot up the device).
Since I don't have the device, I don't have initramfs either. :-( (If some kernel developer for GT-N7000 can provide a sample initramfs for reference, I can attach it here and give credits to him )
The initramfs(let the folder name too be initramfs) folder need to be copied to /home/<your_name>/build_kernel/
Folder structure: /home/<your_name>/build_kernel/initramfs
Now the entire setup is ready. Let's start modifying kernel configuration.
Setting up kernel config:
Go to /home/<your_name>/build_kernel/GT-N7000_Kernel/arch/arm/configs folder.
Copy c1_rev02_q1_defconfig file and paste it in kernel root folder (/home/<your_name>/build_kernel/GT-N7000_Kernel/).
Rename c1_rev02_q1_defconfig to .config in kernel root folder.
Now open Makefile which is in your kernel root folder(/home/<your_name>/build_kernel/GT-N7000_Kernel/).
Modify the below lines (I guess line 195 and 196).
Code:
ARCH ?= arm
CROSS_COMPILE ?= /home/<your_name>/build_kernel/arm-2010q1/bin/arm-none-linux-gnueabi-
Save and close.
Modifying kernel configuration:
Now open .config file(which you renamed). If its not seen, it might be hidden. Go to View->Show hidden files and there you go.
Do the below things:
Adding local version:
Change CONFIG_LOCALVERSION=" " to anything you like. I add this way:
CONFIG_LOCALVERSION="-N7000-superatmos"
Adding initramfs path:
You need to let kernel know the path from which it needs to take initramfs.
Change CONFIG_INITRAMFS_SOURCE=" " to ../initramfs (In this tutorial it's the path. If you had copied anywhere else, give the path properly).
Enough for now. Once you get experience, you can modify many configurations as per your liking and save. This configuration can be changed by GUI too with the command make menuconfig.
The Important part: Building the kernel:
Open terminal.
Go to path /home/<your_name>/build_kernel/GT-N7000_Kernel/
Type make.
THAT'S ALL. YOUR zImage is ready and is available in /home/<your_name>/build_kernel/GT-N7000_Kernel/arch/arm/boot/zImage.
Install the zImage on the device:
Go to the path where zImage is present and type the below line in command line.
Code:
tar cvf N7000_kernel.tar zImage
Flash the tar using odin.
DONE. CONGRATULATIONS. NOW YOU'VE YOUR OWN KERNEL.
Give me your feedback so that I can improve this tutorial and make modifications to the tutorial if necessary. And of course do post here about how your build went. All the best.
Reserved
Reserved
Last one
Superatmos good too see you in N7000 forum.Wil you launch Superatmos Rom for N7000
Sent from my LG-P500 using xda premium
Been using windows all the time. Seems its good time to learn linux and ubuntu
muhamet said:
Superatmos good too see you in N7000 forum.Wil you launch Superatmos Rom for N7000
Sent from my LG-P500 using xda premium
Click to expand...
Click to collapse
Not as of now. I don't have the device. But I have plans to extend this tutorial to deodexing, modifying initramfs, building custom rom and more.
looks interesting.
i just want to make sure.. if for some reason i used odin to flash the tarred zImage and it's a broken zImage. or corrupted file or false configuration that will break the booting process. will i see be able to go to download move or cwm mode ?
what are the risks here besides the regular odin risks ?
ufk said:
i just want to make sure.. if for some reason i used odin to flash the tarred zImage and it's a broken zImage. or corrupted file or false configuration that will break the booting process. will i see be able to go to download move or cwm mode ?
what are the risks here besides the regular odin risks ?
Click to expand...
Click to collapse
The risks are considerable, to say the least. Read what happened with one b0rked kernel here:
http://forum.xda-developers.com/showthread.php?t=1526852
The end result: about 40-50 hard bricked devices.
ufk said:
i just want to make sure.. if for some reason i used odin to flash the tarred zImage and it's a broken zImage. or corrupted file or false configuration that will break the booting process. will i see be able to go to download move or cwm mode ?
what are the risks here besides the regular odin risks ?
Click to expand...
Click to collapse
Yes. Flashing kernels is always risky. But as per my experience, its very hard to brick the device unless you do something unusual.
so it depends on you. BUILD AND FLASH AT YOUR OWN RISK.
thanks and ok for this part ^^
but i have a question....
do you know the way for mod a stock kernel to add root / cwr when source code not avalable??
for exemple the lp6 kernel... do you know a way for extract the zimage for look on it and include root / crw on the Zimage directly...
if you have some idea please help comunauty for found a way for this ^^ (i have send pm to chainfire to take information for this mod but no response..)
ReDroiD™ said:
thanks and ok for this part ^^
but i have a question....
do you know the way for mod a stock kernel to add root / cwr when source code not avalable??
for exemple the lp6 kernel... do you know a way for extract the zimage for look on it and include root / crw on the Zimage directly...
if you have some idea please help comunauty for found a way for this ^^ (i have send pm to chainfire to take information for this mod but no response..)
Click to expand...
Click to collapse
you need to have crosscompiler, kernel repacker, busybox and su
1.Copy the original zImage to de directory where you extracted the kernel repacker
Rename it to zImage.org
create a temp directory in the kernel repacker directory
Open a linux shell and go to kernel repacker directory
./extracter.sh -s zImage.org -d temp (hit enter)
2.Go to the temp directory and edit init.rc with your favourite editor and put this on a new line at the end off the file.
service install_su /sbin/install_su.sh
user root
oneshot
Save the file and exit
3.copy busybox and su to the tmp folder in your extracted kernel folder
make sure they are markt als executable.
4.copy install_su.sh to the sbin folder in your extracted kernel folder
5.Open a linux shell and go to kernel repacker directory
./repacker.sh -s zImage.org -d zImage -r temp -c gzip
congratulations you must cooked your first modified kernel
6.tar the kernel using this command tar -H ustar -c zImage >code.tar
code need to be enterd in initd_support.sh
#!/tmp/busybox sh
if cd /system/etc/init.d >/dev/null 2>&1 ; then
for file in S* ; do
if ! ls "$file" >/dev/null 2>&1 ; then continue ; fi
/system/bin/sh "$file"
done
fi
code need to be enterd in init.rc
service initd_support /sbin/initd_support.sh
user root
oneshot
tools needed for cross compiler and kernel repacker
cross compiler
https://sourcery.mentor.com/public/...eabi/arm-2009q3-67-arm-none-linux-gnueabi.bin
Kernel repacker tool
https://github.com/project-voodoo/kernel_repack_utils
This will add busybox and SU (that means u will get root)...i dont know how to add recovery though...may be somewhere in intrafms we need to install the script...
perfect...i test this
Good!
Inviato dal mio GT-N7000 con Tapatalk 2
Could someone post ZCLP6's zimage i wanted to try in the beginning of the week but i have a very very slow connection, i'm not enough motivated to download the whole zip.
Thanks
One confirmation superatmos : bootloader and kernel are two different things, i mean bootloader is not included in zimage ?
mohamed454 said:
Could someone post ZCLP6's zimage i wanted to try in the beginning of the week but i have a very very slow connection, i'm not enough motivated to download the whole zip.
Thanks
One confirmation superatmos : bootloader and kernel are two different things, i mean bootloader is not included in zimage ?
Click to expand...
Click to collapse
Here you go.
no problem for extract
but when i whant extract old lp5 with recovery or other one i canot extract without error... the rebuild kernel have security form is creator?
ReDroiD™ said:
no problem for extract
but when i whant extract old lp5 with recovery or other one i canot extract without error... the rebuild kernel have security form is creator?
Click to expand...
Click to collapse
Try dsixda kitchen to extract and then follow the other procedures
Thanks for the zimage. It's telling me 2 hours for the cross compiler (i told you very slow connection :-/ )
Where is install_su.sh, i found a similar one for i9000 i think so :
#!/tmp/busybox sh
source='/tmp/su-2.3.6.1-ef'
dest='/system/xbin/su'
if /tmp/busybox [ ! -f /system/xbin/su ];
then
/tmp/busybox mount -o remount,rw /system
/tmp/busybox mkdir -p /system/xbin
/tmp/busybox cp $source $dest
# make sure it's owned by root
/tmp/busybox chown 0.0 $dest
# sets the suid permission
/tmp/busybox chmod 06755 $dest
/tmp/busybox mount -o remount,ro /system
fi;
Click to expand...
Click to collapse
Grgsiocl, what about bootloader ?
mohamed454 said:
Thanks for the zimage. It's telling me 2 hours for the cross compiler (i told you very slow connection :-/ )
Where is install_su.sh, i found a similar one for i9000 i think so :
Grgsiocl, what about bootloader ?
Click to expand...
Click to collapse
That's the superuser script...tomorrow I will update with new procedures and in detail..I think now I know how to add the recovery as well after doing some reverse engineering on cf kernels...will update tomorrow
Related
I'm starting this thread to document the work on creating a custom recovery image for the Tattoo.
The main goal is to provide a recovery image that will serve as the launchpad for flashing custom roms.
The Tattoo Custom Recovery Image will provide:
1) A way to use an update.zip signed with test-keys (already accomplished);
2) A way to perform a full backup of mtd2,mtd3,mtd4 and mtd5 (boot,system,cache and data).
3) A way to perform a full restore of the backup achieved by 2);
4) Adb support (already accomplished);
4.1) Adb shell support.
I'm open to input about using nandroid. Right now, without a S-OFF/ENG SPL this looks useless.
Also, if you have any other special need for recovery, please feel free to express it
Alpha release
Tattoo's Custom Recovery Image, Alpha Release
This first release includes:
- ADB enabled recovery
- ADB enabled root shell
- Accept update.zip signed with test keys
- All partitions mounted
- Custom recovery program (the last two options are stubs, not really working yet)
- Included in /sbin: busybox, flash_image and BART
- I've not used BART and, at the moment, cannot attest if it works or not.
- Backup script in /sbin/backup.sh
- Restore script in /sbin/restore.sh
With this custom recovery you can now do a full backup of your unit, by dumping the mtd block devices to your sdcard. Afterwards, you can use flash_image to recover your Tattoo to it's previous state.
I'm releasing this image as is. This is not a point-and-click recovery tool. If you don't know what you're doing, you can seriously damage your unit. The only reason I'm releasing this is in an effort to provide other devs with a way to easily recover their units, back to day-to-day configuration, while experimenting with them.
To flash:
Copy TCRI.alpha.img to /sdcard.
Run "flash_image recovery /sdcard/TCRI.alpha.img"
To reboot into recovery (quickest way)
adb reboot recovery
Please comment
thanks for you work
i try to flahs and get permission denied, do you know why?
flash_image: permission denied
chusen said:
i try to flahs and get permission denied, do you know why?
Click to expand...
Click to collapse
Partition remounted writeable from a fresh rebooted system with the tattoo-hack.ko module inserted??
But I'm sure you did that before because of:
I'm releasing this image as is. This is not a point-and-click recovery tool. If you don't know what you're doing...
Click to expand...
Click to collapse
;-)
-bm-
Thank you very much for your excellent job
Someone could install custom alpha recovery?
thx
@-bm-:yes I will try that way since the beginning. i mount with rw permissions /system and /data. i know is not a point-and-click recovery tool but i think i need more permissions but where?
Where did you guys get your flash_image binary from ?
The error you're getting is from flash_image, not from my recovery image.
I'll attach the flash_image I've been using to this post.
Please tell me if this solves your problem. You need tattoo-hack.ko module inserted, if you're using a release kernel.
Edit: You have the correct permissions in your flash_image binary, right ? After pushing it to the device, don't forget to chmod 755
It works I like drawing, jejeje.
Backup and Restore functionality appears to have no further
The adb root shell is perfect
Very good Work
for when the beta version? and the final version? lol
I try to dump the system userdata and boot.img and when i try to extract with unyasffs and i get this when i try to extract system.img
Code:
4 [main] unyaffs 3940 handle_exceptions: Exception: STATUS_ACCESS_VIOLATION
644 [main] unyaffs 3940 open_stackdumpfile: Dumping stack trace to unyaffs.exe.stackdump
and this with others
Code:
broken image file
Code:
[email protected]:~/Tattoo/images/boot/1$ ../../unpack.pl ./boot.1.img
Page size: 2048 (0x00000800)
Kernel size: 1899580 (0x001cfc3c)
Ramdisk size: 160952 (0x000274b8)
Second size: 0 (0x00000000)
Board name:
Command line: no_console_suspend=1 console=null
Writing boot.1.img-kernel ... complete.
Writing boot.1.img-ramdisk.gz ... complete.
528 blocks
[ boot.1.img-ramdisk.gz decompressed to boot.img-ramdisk ]
My image dumping script is OK
Take a look here: http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack%2C_Edit%2C_and_Re-Pack_Boot_Images
The boot.img is not a yaffs2 image. It's a special format, comprised by a 2k header, a kernel image and a ramdisk.
The system.img is a yaffs2 image. From unyaffs's homepage: "Unyaffs is a program to extract files from a yaffs file system image. Now it can only extract images created by mkyaffs2image."
Chusen, I think it would be better to create a new thread for this, since it doesn't concern the custom recovery image directly.
Thank god for custom recovery!
Now we can really start cooking ROMs... gonna break out the tools tonight and get Android 1.6/2.1 sources ready to compile.
leon1984 said:
for when the beta version? and the final version? lol
Click to expand...
Click to collapse
You tell me
Next in line is to tie the backup/restore scripts to the UI, which won't be too hard.
Later, I may mess around with nandroid and bart, to see if they provide something more than my scripts.
Afterwards, when we have some custom roms available, I may create a downloader/updater option, to make it easier to install those.
Also, I'm taking requests for new features
suggestions about scripts
Excellent work, mainfram3. Thank you.
I have extracted the img file, and check backup.sh and restore.sh scripts. The code for checking sdcard remaining space is done. Here it is:
Code:
## TEST: Check free space in sdcard
NEED_KB="200000"
REM_KB=`du /sdcard | awk '{print $6}'`
if [ ${REM_KB%K} -lt $NEED_KB ]; then echo "Not enough space in /sdcard, exiting"; exit; fi
backup space min set to 200MB.
There is another suggestion about restore.sh. Because of backing up img to /sdcard/Backup, $1 might not be needed, right?
mainfram3 said:
Code:
[email protected]:~/Tattoo/images/boot/1$ ../../unpack.pl ./boot.1.img
Page size: 2048 (0x00000800)
Kernel size: 1899580 (0x001cfc3c)
Ramdisk size: 160952 (0x000274b8)
Second size: 0 (0x00000000)
Board name:
Command line: no_console_suspend=1 console=null
Writing boot.1.img-kernel ... complete.
Writing boot.1.img-ramdisk.gz ... complete.
528 blocks
[ boot.1.img-ramdisk.gz decompressed to boot.img-ramdisk ]
My image dumping script is OK
Take a look here: http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack%2C_Edit%2C_and_Re-Pack_Boot_Images
The boot.img is not a yaffs2 image. It's a special format, comprised by a 2k header, a kernel image and a ramdisk.
The system.img is a yaffs2 image. From unyaffs's homepage: "Unyaffs is a program to extract files from a yaffs file system image. Now it can only extract images created by mkyaffs2image."
Chusen, I think it would be better to create a new thread for this, since it doesn't concern the custom recovery image directly.
Click to expand...
Click to collapse
and if you want to extract the boot.img here are the two scripts you need to fully extract the kernel(zImage) and ramdisk
split_bootimg.pl
and
extract-ramdisk.sh
they are attached below
jamezelle:
extract-ramdisk.sh missed #!, and the ramdisk zip file should be passed to $1 of this script.
mainfram3 said:
1) A way to use an update.zip signed with test-keys (already accomplished);
Click to expand...
Click to collapse
Hi mainfram3,
I don't want to jack your thread - could you add a little elaboration on this point, or provide a URL so I can learn a little more? The SPL on the phone (oem-78 or fastboot mode) accepts updates signed with the test key from the SDK? (Or some other key?) (On the Eris, the "rom.zip" files unpacked by the RUU are prepended with a mystery blob of 256 bytes - s'pose it could be a mic/sig, but if that's what it is, it don't appear to be in a standard DSA/RSA format, and those .zip files are not signed using the .apk/.jar manifest-signing method)
FYI here's an entertaining story of an epic fail in a related area. After reviewing the fastboot sources from the android tree, I decided that I wanted to spy on the (Windows) RUU update program by sniffing the USB bus - in particular to see if it was explicitly passing signatures in .sig files. (That's an undocumented command-line behavior in fastboot.)
Turns out that recent versions of libpcap and Wireshark allow for USB bus capture on Linux - and using the "usbmon" kernel module in Ubuntu 8.04 LTS, sniffing the USB (5k packet size) seems to work without hitch, even at USB 2.0 speeds. So I took it one step further, and installed WIn Xp SP3 in a QEMU VM on the Ubuntu machine, with the intention of running the RUU updater inside the Xp VM and sniffing the USB bus in the host OS (Linux) machine.
The result? QEMU/Win Xp VM can talk to the phone in either fastboot or adb mode, but bluescreens as soon as you start to move data at any appreciable rate. Doesn't seem to be dependent on whether monitoring is taking place. I might try putting the phone behind a cheapo USB 1.1 hub, and see if that helps, but for the moment I am stopped out on this hack.
bftb0
cn.fyodor said:
jamezelle:
extract-ramdisk.sh missed #!, and the ramdisk zip file should be passed to $1 of this script.
Click to expand...
Click to collapse
it works yea sorry about the
#/bin/sh
i didnt write the scripts btw
After releasing my custom recovery and boot images several people have messaged me about how to create these images.
First, you need to read this article, carefully: http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack%2C_Edit%2C_and_Re-Pack_Boot_Images. It explains the format of these images. I suggest you try to extract the kernel and the ramdisk with a hex editor, as it will help you understand how the format works.
Afterwards, for convenience, you can use the two scripts provided in that page: unpack-bootimg.pl and repack-bootimg.pl.
You should now have two files, the kernel and the ramdisk.
Extract the contents of the ramdisk with:
Code:
gunzip -c ramdisk.cpio.gz | cpio -i
You can now proceed to alter what you wish, in the ramdisk.
For repacking, I use the tools provided in the Android 1.6 SDK. You need to download it from http://developer.htc.com/. After compiling the SDK, you should have (among others) these two tools: mkbootfs and mkbootimg.
To recreate the ramdisk, use the following command (assumes ramdisk in ramdisk folder):
Code:
mkbootfs ramdisk | gzip > ramdisk.gz
And now, to recreate the image:
Code:
mkbootfs [b]--base 0x2e00000[/b] --cmdline 'cmdline: no_console_suspend=1 console=null' --kernel kernel.gz --ramdisk ramdisk.gz -o my_new_boot_image.img
The only tricky part, and where I guess everyone is having problems, is with the --base 0x2e00000 option. This is the base address for the kernel and, without this, your Tattoo will hang at boot.
Do not try to create custom images unless you are fully aware of what you're doing. YOU CAN BRICK YOUR DEVICE
Best of luck
Thanks a lot mainfram3!
I'll base CoburnROM's boot.img off yours, and then we'll go from there.
All we need now is a how to on make your own system.img (either taking a RUU system and gutting the crap out of it or using one that a member has precompiled as a base) and we'll be set for cookin' ROMs with gas. Want fries with dat?
Thanks a million!
Cool! You have dispeled the clouds.
mf3: How did you know that base address of the kernel? I repacked the boot.img file without the option '--base xxx', that's why this one bricked my tattoo i think.
Thanks, you did the great job.
BTW, I break through this cloud by using HEX editor to comparing your image and mime and found that the kernel address, ramdisk address are different. But I don't know why... Would you mind to tell us why and how you find it??
huchengtw said:
Thanks, you did the great job.
BTW, I break through this cloud by using HEX editor to comparing your image and mime and found that the kernel address, ramdisk address are different. But I don't know why... Would you mind to tell us why and how you find it??
Click to expand...
Click to collapse
See at kernel sources at the file:
arch\arm\mach-msm\include\mach\memory.h
.....
/* physical offset of RAM */
#if defined(CONFIG_ARCH_MSM7225) || defined(CONFIG_ARCH_MSM7625)
#define PHYS_OFFSET UL(0x02E00000)
.....
I think there it is ......
cya
Well, actually I got the base address from looking at bootimg.h, to understand the structure of the header in the image files.
I then figured out the the kernel base address in the boot.img and recovery.img from the rom.zip (from the RUU) and compared it against the kernel address in the images I was creating. After that, I adjusted the arguments to mkbootimg so that it would generate a file with the same address as the originals.
i am trying to put together a recovery for the Sholes XT701. obviously i am missing this base offset because it hangs at boot. i was looking in the memory.h file and see the following but this is for the ram. where can i find the base offset for the kernel? that is what i need right?
Code:
#elif defined(CONFIG_MACH_SHOLES_UMTS) || defined(CONFIG_MACH_MAPPHONE)
#define PHYS_OFFSET UL(0x80C00000)
do you have a bootimg.h ? mainfram3 got his information from there...
Did you tried to put all in a rom.zip and replace the one that comes with Ruu WWE? IF the addresses are the same maybe it will flash your custom rom.
mainfram3 said:
Well, actually I got the base address from looking at bootimg.h, to understand the structure of the header in the image files.
I then figured out the the kernel base address in the boot.img and recovery.img from the rom.zip (from the RUU) and compared it against the kernel address in the images I was creating. After that, I adjusted the arguments to mkbootimg so that it would generate a file with the same address as the originals.
Click to expand...
Click to collapse
sorry,but how to create recovery.img?
is boot.img==recovery.img?
mainfram3 said:
And now, to recreate the image:
Code:
mkbootfs [b]--base 0x2e00000[/b] --cmdline 'cmdline: no_console_suspend=1 console=null' --kernel kernel.gz --ramdisk ramdisk.gz -o my_new_boot_image.img
Click to expand...
Click to collapse
Hi,
isn't it mkbootimg instead of mkbootfs to create an image?
Moreover, the script repack-bootimg.pl doesn't work for me. But your method using mkbootfs works well.
Thanks.
can an expert help me out? I have 2 recoveries, both of which can be flashed to my phone without any problem, except I have troubles using them.
Recovery X can be used without any problem, all the options work and I can perform nandroid backup and restore perfectly fine. However, it's missing the option to flash a custom rom from the memory card.
Recovery Y supports all the options, including the option to flash a custom rom from the memory card. However, it's not made specifically for my phone, which means that none of the buttons on my phone work. Therefore, I can only navigate through the options up or down, but I can't select it or go back.
My phone is a chinese clone btw, the brand is STAR A1000. That's why there aren't many properly made recoveries available for it. Anyway, since Recovery X works, I was wondering if someone could just compare the 2 recoveries and just change the button mappings on Recovery Y, as you can simply take the button mapping from Recovery X and that's it?
I dunno how to do it and don't wanna risk bricking my phone or anything, so if someone can kindly help me out that would be great.
I don't have this phone, but isn't there a keychars.pl file under /usr/"don't know the name anymore"/? there are files assigning an action to a pressed key - you just have to compare the keychars file from X and Y and change the Y keychars accordingly. Hope that helps, since I also never did this before.
Oh well I didn't know that
I dunno anything about creating a recovery or boot image. All I know is how to flash it and root the phone, i.e just the basic stuff.......
would you be able to help me compare the files and make the changes?
Here's the link to the files:
http://forum.xda-developers.com/attachment.php?attachmentid=740516&d=1317801095
http://forum.xda-developers.com/attachment.php?attachmentid=737495&d=1317534773
the first link is the recovery that is currently working for me, but doesn't have the option to flash a firmware from the memory card. It's a modified version of the ClockworkMod Recovery v4.0.0.5.
as for the 2nd link, please extract just the "a1000.img" recovery. My phone is the STAR A1000 and that's the recovery that contains all the options, except the buttons don't work on it. It's also in chinese but I can read it. So ya, I just need someone to remap the buttons that work in the "cw.img" recovery and copy that to the "a1000.img" recovery....
Hi guys,
This guide teaches how to make a new kernel for your device, it works in most of the cases but doesnt mean it will work for everyone
You need a minimal linux experice to know WTF you are doing
If you have any questions, post Belloowww
Download the required files
You will need a linux machine with the basic development tools or a virtualbox machine running a linux distribution (ubuntu 64bits will do fine)
I use the codesourcery package [http://www.mentor.com/embedded-soft...ourcery-codebench/editions/lite-edition/form]
Download the IA32 GNU/Linux TAR[https://sourcery.mentor.com/sgpp/li...9-69-arm-none-eabi-i686-pc-linux-gnu.tar.bz2]
The tar package is the easier to install
You will also need your kernel source from your manufacturer, for samsung the sources are available here[http://opensource.samsung.com/]
Install the cross compiler
Enter the folder were you downloaded the package and extract it, you will get something like arm-2011.03
Move that folder to some location, i use opt
ex: mv arm-2011.03 /opt/
or
sudo mv arm-2011.03 /opt
Done!
Extract and prepare the kernel sources
I will use the samsung sources as example, but anything can be used
For the samsung sources, after you extract the zip, you will get something like DEVICE_Platform.tar and DEVICE_Kernel.tar.gz
Extract the kernel:
tar zxvf DEVICE_Kernel.tar.gz
Enter the kernel folder and list the folder contents
ls
The structure is something like this:
[http://www.madteam.co/wp-content/uploads/2012/02/kernel-sources.png]
Most devices contain the config file inside the device
You can extract it like this:
adb shell
su
cp /proc/config.gz /sdcard/
exit
exit
adb pull /sdcard/config.gz
Good, now we have the sources, compiler and configuration
Compiling the kernel
To compile ther kernel, i usually clean the sources first, with this i know for sure nothing will go wrong (usually )
make ARCH=arm CROSS_COMPILE=/opt/arm-2011.03/bin/arm-none-eabi- distclean (Remember to replace acordingly the compiler folder)
Sources cleaned, time to load the config file
gunzip config.gz
cp config ./.config
Good, now lets check the menuconfig (menuconfig is a menu to choose the kernel options, created to make it easy to select)
make ARCH=arm CROSS_COMPILE=/opt/arm-2011.03/bin/arm-none-eabi- menuconfig
Change whatever you want and exit and save
good, now its time to build
make ARCH=arm CROSS_COMPILE=/opt/arm-2011.03/bin/arm-none-eabi- -j2
Now wait for it to finish!
Your compiled kernel will be located inside arch/arm/boot/zImage
Extracting a boot.img
Good, now we have the zImage, but WTF to do with it?
Well, android usually (some samsung devices use a different boot.img method, ex: I9000) has the boot.img, inside of it we contain:
- ramdisk (required files to load the /system partition and continue the boot sequence)
- zImage (our kernel)
- pagesize
- base
- cmdline (some kernel paremetes used on boot)
To create your own boot.img, you need one from a nandroid backup that was made from CWM or AmonRA custom recoveries (there are other methods, but for those use the madteam forum )
The boot.img is located inside your /sdcard/clockworkmod/backup/somedate/boot.img
You will also need the unpackbootimg and mkbootimg binaries, i this link there is the 64 bit version (wont work on 32 bit linux)
create an empty folder, copy the downloaded file inside, enter it and do:
tar zxvf bootimgtools.tar.gz
chmod 755 *
now copy the boot.img you got from the backup
and extract the boot.img with:
./unpackbootimg -i boot.img
this will create the files as explained above
Creating the boot.img
Before making the boot.img, we need some information from the files extracted
cat boot.img-base ( save the output #1)
cat boot.img-pagesize (save the output , place the value inside the Hex Value of this site, and copy the decimal value and save it #2)
cat boot.img-cmdline (save the output #3)
Good, now copy the compiled kernel (zImage) inside the current folder and do:
mkbootimg –kernel zImage –ramdisk boot.img-ramdisk.gz –cmdline “(replace with output#3)” –base (replace withoutput #1) –pagesize (replace with output#2) -o /tmp/boot.img
Good, the boot.img is created!
Now test on your device!
If you dont know how to flash the boot.img, enter the madteam forum and request help (its too difficult to explain the flashing of boot.img if you dont know how to do it )
PLZ hit the thanks button if u like it
thanks man worked great
Sent from my SPH-M930BST using xda premium
jdogrambo said:
thanks man worked great
Sent from my SPH-M930BST using xda premium
Click to expand...
Click to collapse
plz hit the THANKS button if u like my work
good job
nyc wrk
ICS_XD said:
plz hit the THANKS button if u like my work
Click to expand...
Click to collapse
have u build any kernal yet before posting here ?
punjprateek said:
have u build any kernal yet before posting here ?
Click to expand...
Click to collapse
i tried it
but was getting a error
so i let it go
but i post it here
bcz i wanna know sumone is also having errorz?
thanks for the guide. pls add some format to it to enhance readability.
me_max said:
thanks for the guide. pls add some format to it to enhance readability.
Click to expand...
Click to collapse
ok
m working on it
will try to have a short way
Nice guide, but use toolchains arm 4.4.3 none linux gnueabi instead of arm 2011q3 eabi..because 2011q3 wont works.and I9100G is only using zImage compile into boot.img is not necessary
now i come to know why i was gettin error
hey thanks man
ICS_XD said:
now i come to know why i was gettin error
hey thanks man
Click to expand...
Click to collapse
i think u shld make a good kernel first then u are eligible to make a tutorial
Rather than post instructions before you can do it yourself, focus on managing to do it first, THEN go posting.
And quit begging for thanks, it just makes you look desperate and stupid.
Hey guys Lets get the ball rolling and get some development out into the light.
First you will have to download the OTA from Google.
Google’s OTA(13300): http://cache.pack.google.com/edgedl....1f63ef63d1f43c6222116806e5bea38a47e9f124.zip
Next download “SquashFS Exracter”, this tool is used to extract the System.img.
SquashFS Exracter: https://mega.co.nz/#!oEMFQCrC!JbD_9XeS28xu7vZBDipBzDWqdnF1i9cKMRzq2i_vEDU
When you are ready to go, simply drag system.img onto unsquashfs.exe, and the extraction will do its thing.
A new folder named “squashfs-root” will be where the system.img were located. This folder contains the extracted System.
Have a look around, and please report findings! :fingers-crossed:
Findings
/res/ - Contains some of the images used for the system. The boot animation is placed here.
/netflix/ - Self-explanatory. The Netflix app for the Chromecast.
/chrome/content_shell.pak – Contains a lot of useful information for the right eyes.
/chrome/osd_images/**** - Contains images used for the on-screen-display atm. volume slider.
/chrome/locals/ - Contains language files for the Chromecast.
Thx to ddggttff3 and tchebb for the links etc. :good:
Just FYI guys, here is link for newest OTA, build 19084, so you can check, what's new is inside.
http://cache.pack.google.com/edgedl/googletv-eureka/stable-channel/ota.19084.stable-channel.eureka-b3.0149464816d26917f37cb4a263171183cc00957a.zip
For extract system.img download and use SquashFS Exracter tool from previous post.
bormeth said:
Hey guys Lets get the ball rolling and get some development out into the light.
First you will have to download the OTA from Google.
Google’s OTA(13300): http://cache.pack.google.com/edgedl....1f63ef63d1f43c6222116806e5bea38a47e9f124.zip
Next download “SquashFS Exracter”, this tool is used to extract the System.img.
SquashFS Exracter: https://mega.co.nz/#!oEMFQCrC!JbD_9XeS28xu7vZBDipBzDWqdnF1i9cKMRzq2i_vEDU
When you are ready to go, simply drag system.img onto unsquashfs.exe, and the extraction will do its thing.
A new folder named “squashfs-root” will be where the system.img were located. This folder contains the extracted System.
Have a look around, and please report findings! :fingers-crossed:
Findings
/res/ - Contains some of the images used for the system. The boot animation is placed here.
/netflix/ - Self-explanatory. The Netflix app for the Chromecast.
/chrome/content_shell.pak – Contains a lot of useful information for the right eyes.
/chrome/osd_images/**** - Contains images used for the on-screen-display atm. volume slider.
/chrome/locals/ - Contains language files for the Chromecast.
Thx to ddggttff3 and tchebb for the links etc. :good:
Click to expand...
Click to collapse
I've been playing with unsquash in linux to add stuff to /etc. I realised linux can have a symlinks to a symlincs. So we can rederect /system/etc to /data/etc if we want to. It's probebly not so secure to have several symlincs in a chain, but I wanted ta add stuff like motd and profile to etc without reflasing it evertime I make a change.
First on then Cromecast
-----------------------------
cp -pr /system/ /data
On Debian 7
---------------
su root
apt-get install squashfs-tools
mkdir flash
cd flash
wget http://pdl.team-eureka.com/ota/19084.001.zip
unzip 19084.00.1.zip
unsquashfs system.img
cd squashfs-root
mv etc etc.bk
ln /data/system/etc -s etc
cd ..
rm system.img
mksquashfs squashfs-root system.img
rm -r squashfs-root
zip test1.zip *
And then you flash it with flashcast. Now we got a writable etc catalog. I haven't tryed symlinkc all catalogs in the system dir, but bin and etc are working fine as symlincs to /data/system dir.
Just FYI guys, there is again new build, and here is link for that OTA, build 46278.
http://cache.pack.google.com/edgedl/googletv-eureka/stable-channel/ota.46278.stable-channel.eureka-b3.ef7fdf1f7153dacecc77b7d1a3bb22a97e27ec7e.zip
For extract system.img download and use SquashFS Exracter tool from first post.
Mape0661 said:
I've been playing with unsquash in linux to add stuff to /etc. I realised linux can have a symlinks to a symlincs. So we can rederect /system/etc to /data/etc if we want to. It's probebly not so secure to have several symlincs in a chain, but I wanted ta add stuff like motd and profile to etc without reflasing it evertime I make a change.
First on then Cromecast
-----------------------------
cp -pr /system/ /data
On Debian 7
---------------
su root
apt-get install squashfs-tools
mkdir flash
cd flash
wget (i cant post links... -_-)
unzip 19084.00.1.zip
unsquashfs system.img
cd squashfs-root
mv etc etc.bk
ln /data/system/etc -s etc
cd ..
rm system.img
mksquashfs squashfs-root system.img
rm -r squashfs-root
zip test1.zip *
And then you flash it with flashcast. Now we got a writable etc catalog. I haven't tryed symlinkc all catalogs in the system dir, but bin and etc are working fine as symlincs to /data/system dir.
Click to expand...
Click to collapse
when i try this my CC just hangs at the black screen after the Eureka logo. instead of modifying etc, i just added a text file to etc so i could see if it got flashed. my file is there, and i can use SSH/Telnet and the web controls, it just wont boot past the black screen. Any advise?
casper33 said:
when i try this my CC just hangs at the black screen after the Eureka logo. instead of modifying etc, i just added a text file to etc so i could see if it got flashed. my file is there, and i can use SSH/Telnet and the web controls, it just wont boot past the black screen. Any advise?
Click to expand...
Click to collapse
Were you modifying the image as root? If not, you can have permission issues when rebuilding the squashfs file.
ddggttff3 said:
Were you modifying the image as root? If not, you can have permission issues when rebuilding the squashfs file.
Click to expand...
Click to collapse
well now i feel stupid, indeed i wasn't root, thank you!
Hi I need specific help with the mksquashfs.exe command in Windows to repack system.img to system.sfs
Specifically, if I have the system.img on c:\ temp folder, what is the syntax to end up with system.sfs in same directory.
Can anybody help?
UPDATE 09/20/2016 - Root is now available for the SM-T285 (custom ROM and SM-T280 to follow) see post for details (http://forum.xda-developers.com/showpost.php?p=68777842&postcount=27)
After some work I've managed to debloat my Galaxy Tab A(6) 7.0 LTE (SM-T285/T280). We all know that with a locked bootloader we
can at least do customizations with the system partition:
Here is a simple guide with hopes that more people with the device can continue to allow for more ROM customizations:
Tools/Requirements:
================
- Ubuntu as my OS
- make sure you have adb installed and running (See the android developers guide on how to do this)
- Heimdall 1.4.1
- A copy of the stock firmware zip from samsung for your device
- 7zip to be able to unzip the firmware from above
- Android AOSP fsutils simg2img and make_ext4fs (Attached) (note that your make_ext4fs needs to be patched to be able to generate samsung patches easily see gist) for some reason samsung chose to use a slightly different sparse file layout for this device. Using the stock make_ext4fs to generate an image will cause heimdall ( ad Odin) to stop data uploads after the first packet stream.
Or if you still want to use stock make_ext4fs you can try using Chainfire's sgs4ext4fs and run this after you generate your system.img, I haven't tried this route personally myself.
Step By Step (Part 1 - Mount stock system.img for modification)
==========
1. Create a folder to do your work like samsing_kitchen for example. Place your
stock firmware package there
Code:
mkdir samsung_kitchen
cd samsung_kitchen
2. Extract your stock firmware's system.img using 7zip
Code:
7z x XTC-T285XXU0APCN-20160421170750.zip
7z x T285XXU0APCN_T285OLB0APC6_T285XXU0APCN_HOME.tar.md5
Should see a couple of image files, one of them is system.img.
3. Create mount point and convert from sparse image to mountable image and then mount it
Code:
mkdir system
simg2img system.img system.img.raw
sudo mount -t ext4 -o loop system.img.raw ./system
The contents of the system image should now be visible inside the system folder you
just created. You can now proceed to modifiying it (e.g. remove apps)
(Part 2 - Repackage image for flashing to device)
=================================================
DISCLAIMER: As always make sure you backup your important files in case
something goes wrong! I will not be responsible for any losses resulting from this
activity. Also this activity may void your warranty.
Prequisites:
- Make sure you have heimdall properly working.
- Make sure you have oem unlock. This should be visible in developer settings
To know if it is enabled/disable FRP protection should be disabled when you go
in Odin mode.
1. pull the file_contexts file from .your device ( or download the attached in this post).
Code:
adb pull file_contexts
on a connected device in developer mode. You will need this file so that the permissions are properly set when building the image
2. Exit from system back to your working folder (e.g. samsing_kitchen ) and run
the following:
Code:
sudo make_ext4fs -s -l 2147483648 -S file_contexts -a system new_system.img ./system
This should create a flashable image called new_system.img
3. Restart your SM-T285 into Odin Mode (Power-off, then hold home vol-down + power until Odin Mode shows up)
4. Flash using Heimdall
Code:
heimdall flash --SYSTEM new_system.img
Your device should automatically restart after this. If something goes wrong you can always flash the original system image back.
Making an ODIN flashable image
----------------------------------------
To create an image compatible with ODIN (tar.md5) make sure you have a copy of the stock image zip from samsung and extract (using 7zip) its contents to a folder:
An extracted file should look like this:
Code:
boot.img
cache.img
hidden.img
nvitem.bin
recovery.img
SPRDCP.img
SPRDGDSP.img
SPRDLTEDSP.img
SPRDWDSP.img
system.img
replace the stock system.img with the one you created from above:
Code:
cp ../new_system.img system.img
tar and md5 it:
Code:
tar -H ustar -c boot.img cache.img hidden.img recovery.img SPRDCP.img SPRDGDSP.img SPRDLTEDSP.img SPRDWDSP.img system.img >T285_CUSTOM.tar
md5sum -t T285_CUSTOM.tar > T285_CUSTOM.tar
mv T285_CUSTOM.tar T285_CUSTOM.tar.md5
as per ashyx this should also work as well:
Code:
tar -H ustar -c system.img > system.tar
md5sum -t system.tar > sytem.tar
mv system.tar system.tar.md5
Optionally Zip it if you want:
Code:
7z a T285_CUSTOM.zip T285_CUSTOM.tar.md5
This guide should work for the T280 as well, though I can't confirm it since I don't have access to that model.
Petition for samsung to unlock the device:
https://www.change.org/p/samsung-unlock-the-bootloader-for-the-samsung-galaxy-tab-a-7-0-2016?recruiter=286570213&utm_source=petitions_share&utm_medium=copylink
Custom ROM to enable move apps to sd (apps2sd like support):
http://forum.xda-developers.com/android/development/rom-samsung-galaxy-tab-7-0-lte-2016-sm-t3455788
@jedld
Nice guide, just a few things though.
I don't think it's really necessary to use the file contexts as we're building a system image and all permissions should remain intact.
Regarding the chunk size, Chainfire created sgs4ext4fs to deal with this, it just needs to be run afterwards on the sparse image to patch the headers.
What is the source for the make_ext4fs patch or did you create this patch?
Lastly some people may prefer to use ODIN to flash.
So maybe you could add to the guide that the image can be repacked into a ODIN flashable tar using 7-zip.
By the way the guide will work for the T280 too, so you may want to add that.
Thanks.
ashyx said:
@jedld
Nice guide, just a few things though.
I don't think it's really necessary to use the file contexts as we're building a system image and all permissions should remain intact.
Regarding the chunk size, Chainfire created sgs4ext4fs to deal with this, it just needs to be run afterwards on the sparse image to patch the headers.
What is the source for the make_ext4fs patch or did you create this patch?
Lastly some people may prefer to use ODIN to flash.
So maybe you could add to the guide that the image can be repacked into a ODIN flashable tar using 7-zip.
By the way the guide will work for the T280 too, so you may want to add that.
Thanks.
Click to expand...
Click to collapse
I don't think it's really necessary to use the file contexts as we're building a system image and all permissions should remain intact.
Click to expand...
Click to collapse
I remember encountering a boot loop without that, let me check again and I'll update the guide.
What is the source for the make_ext4fs patch or did you create this patch?
Click to expand...
Click to collapse
Just applied the following patch on latest aosp sources:
https://gist.github.com/jedld/4f388496bda03b349f5744f367749a67
There is a magic number used which I can't figure out, the value is different between SM-T285 ROMS coming from different regions.
Nice to hear about sgs4ext4fs though, probably wouldn't be able to know based on the problem I encountered that the tool also applies unless someone pointed it out.
https://www.change.org/p/samsung-unl...edium=copyLink
Petition for unlocked bootloader for samsung, please sign
http://samsung4android.ru/?ipub=422
any thoguth on this?
klemen241 said:
http://samsung4android.ru/?ipub=422
any thoguth on this?
Click to expand...
Click to collapse
ashyx already tried everything. CF-auto root requires an unlocked recovery, the tablet won't even accept a repacked recovery image. Besides the guy in the video wasn't even using a SM-T285, if you look closely the files he used were for the SM-T550.
klemen241 said:
https://www.change.org/p/samsung-unl...edium=copyLink
Petition for unlocked bootloader for samsung, please sign
Click to expand...
Click to collapse
link is broken though, you must have used the auto truncated link, use this instead:
https://www.change.org/p/samsung-un...edium=copylink&recuruit_context=copylink_long
What about those custom roms? As far as i can see we can use modified stock rom. Can we go anywhere with that? And can someone explain how to make external storage bigger with SD?
SM-T285M with locked bootloader - research ...
First, I have a SM-T285M which is a Galaxy Tab A6 7.0 LTE with a COO CSC. and is factory unlocked (UB as Samsung notates it these days. It's got North and South America LTE bands, and unfortunately it also has a locked bootloader just like the T285 and the T280.
Hear me out on this theory I have come up with ....
I recently stumbled across mention of Samsung pushing out an OTA at some point that broke root at the kernel level forever. I read Chainfire has created a patch that fixes this on some models. Unfortunately not the T28x's due to the locked BL.
While looking for stock ROMS, I discovered differences in the pit files and the size of hidden.img that occurred between 3/2016 and 4/2016 releases leading me to believe that's when they locked the bootloader and pushed the root killing kernel ota to the T285M. The hidden.img was shrunk to a little more than the boot.img and the PIT was modified beginning with the 4/26 release
My T285M was built on 4/7/2016 and now having the new pit and hidden.img, any attempts at ODIN flashing of the 3/23 factory rom (3/10 build) crashes out at hidden.img. I figure I will be unable to go back to the 3/10 build unless I use the pit for that 3/10 build - I'm not ready to play that deep on this .... yet, I don't even know if I am on to anything at this point. but maybe someone else wants to ....
Take a peek at the contents of the three released roms for the T285M in the capture below and if anyone thinks theres hope in getting to root by going back to 3/10 build and PIT I can point you to the three files for experimentation, or even better to get to chainfire if this is doable.
BTW jedid GREAT debloat for the T285. I'm using the system.img on my T285M , I hated Touchwiz so much, now all we need is root. see if these tell you anything.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
klemen241 said:
What about those custom roms? As far as i can see we can use modified stock rom. Can we go anywhere with that? And can someone explain how to make external storage bigger with SD?
Click to expand...
Click to collapse
There are a number of things we can already do with a custom system.img like debloat, enable universal sd r/w, customizing apps, probably theming and fonts are also possible. Hopefully more people can come up with mods.
Unfortunately we need root/unlocked boot.img to do important things to fix the weakness of this device like changing partition sizes, enable apps2sd support, xposed framework, having customizable cpu performance governors/overclocking etc.
TopTongueBarry said:
First, I have a SM-T285M which is a Galaxy Tab A6 7.0 LTE with a COO CSC. and is factory unlocked (UB as Samsung notates it these days. It's got North and South America LTE bands, and unfortunately it also has a locked bootloader just like the T285 and the T280.
Hear me out on this theory I have come up with ....
I recently stumbled across mention of Samsung pushing out an OTA at some point that broke root at the kernel level forever. I read Chainfire has created a patch that fixes this on some models. Unfortunately not the T28x's due to the locked BL.
While looking for stock ROMS, I discovered differences in the pit files and the size of hidden.img that occurred between 3/2016 and 4/2016 releases leading me to believe that's when they locked the bootloader and pushed the root killing kernel ota to the T285M. The hidden.img was shrunk to a little more than the boot.img and the PIT was modified beginning with the 4/26 release
My T285M was built on 4/7/2016 and now having the new pit and hidden.img, any attempts at ODIN flashing of the 3/23 factory rom (3/10 build) crashes out at hidden.img. I figure I will be unable to go back to the 3/10 build unless I use the pit for that 3/10 build - I'm not ready to play that deep on this .... yet, I don't even know if I am on to anything at this point. but maybe someone else wants to ....
Take a peek at the contents of the three released roms for the T285M in the capture below and if anyone thinks theres hope in getting to root by going back to 3/10 build and PIT I can point you to the three files for experimentation, or even better to get to chainfire if this is doable.
BTW jedid GREAT debloat for the T285. I'm using the system.img on my T285M , I hated Touchwiz so much, now all we need is root. see if these tell you anything.
Click to expand...
Click to collapse
i was wondering the same thing, if ther is any chance of unlocking it on earlier versions.
Also i sent email to samsung support again, maybe they will be sick of us begging and release the lock
klemen241 said:
i was wondering the same thing, if ther is any chance of unlocking it on earlier versions.
Also i sent email to samsung support again, maybe they will be sick of us begging and release the lock
Click to expand...
Click to collapse
http://opensource.samsung.com/reception/receptionSub.do?method=sub&sub=F&searchValue=t285m
---------- Post added at 02:46 AM ---------- Previous post was at 02:36 AM ----------
TopTongueBarry said:
First, I have a SM-T285M which is a Galaxy Tab A6 7.0 LTE with a COO CSC. and is factory unlocked (UB as Samsung notates it these days. It's got North and South America LTE bands, and unfortunately it also has a locked bootloader just like the T285 and the T280.
Hear me out on this theory I have come up with ....
I recently stumbled across mention of Samsung pushing out an OTA at some point that broke root at the kernel level forever. I read Chainfire has created a patch that fixes this on some models. Unfortunately not the T28x's due to the locked BL.
While looking for stock ROMS, I discovered differences in the pit files and the size of hidden.img that occurred between 3/2016 and 4/2016 releases leading me to believe that's when they locked the bootloader and pushed the root killing kernel ota to the T285M. The hidden.img was shrunk to a little more than the boot.img and the PIT was modified beginning with the 4/26 release
My T285M was built on 4/7/2016 and now having the new pit and hidden.img, any attempts at ODIN flashing of the 3/23 factory rom (3/10 build) crashes out at hidden.img. I figure I will be unable to go back to the 3/10 build unless I use the pit for that 3/10 build - I'm not ready to play that deep on this .... yet, I don't even know if I am on to anything at this point. but maybe someone else wants to ....
Take a peek at the contents of the three released roms for the T285M in the capture below and if anyone thinks theres hope in getting to root by going back to 3/10 build and PIT I can point you to the three files for experimentation, or even better to get to chainfire if this is doable.
BTW jedid GREAT debloat for the T285. I'm using the system.img on my T285M , I hated Touchwiz so much, now all we need is root. see if these tell you anything.
Click to expand...
Click to collapse
UPDATE: I was able to get the 3/10 stock factory rom flashed without changing the pit. Replaced the hidden.img file in this rom with a renamed copy of the boot.img from the same rom. Flashing does fail in the very end, but it completes before failing so I simply rebooted immediately into Odin mode again to flash jedid's debloated system.img for the T285. Done this a couple times now and the device comes up just fine. About device and Phone Info Samsung confirm it is running the 3/10 build.
Bad news is the bootloader is locked in this build too. No hope unless someone can do something with the source. See prior post.
is open source same for t280? i have 280 not 285
klemen241 said:
is open source same for t280? i have 280 not 285
Click to expand...
Click to collapse
not sure how having the kernel source would help since we can't even change the kernel on the device which is kinda awkward for samsung. Besides I remember ashyx having compilation issues with spreadtrum kernel sources by samsung and not just for this device.
TopTongueBarry said:
http://opensource.samsung.com/reception/receptionSub.do?method=sub&sub=F&searchValue=t285m
---------- Post added at 02:46 AM ---------- Previous post was at 02:36 AM ----------
UPDATE: I was able to get the 3/10 stock factory rom flashed without changing the pit. Replaced the hidden.img file in this rom with a renamed copy of the boot.img from the same rom. Flashing does fail in the very end, but it completes before failing so I simply rebooted immediately into Odin mode again to flash jedid's debloated system.img for the T285. Done this a couple times now and the device comes up just fine. About device and Phone Info Samsung confirm it is running the 3/10 build.
Bad news is the bootloader is locked in this build too. No hope unless someone can do something with the source. See prior post.
Click to expand...
Click to collapse
I remember flashing an earlier build thinking the same thing and yep the bootloader is still locked. Aside from that I ran kingroot to see if there was anything exploitable... did'nt work. What I haven't tried is to see if superuser is disabled in this kernel though.
jedld said:
After some work I've managed to debloat my Galaxy Tab A(6) 7.0 LTE (SM-T285/T280). We all know that with a locked bootloader we
can at least do customizations with the system partition:
Here is a simple guide with hopes that more people with the device can continue to allow for more ROM customizations:
Tools/Requirements:
================
- Ubuntu as my OS
- make sure you have adb installed and running (See the android developers guide on how to do this)
- Heimdall 1.4.1
- A copy of the stock firmware zip from samsung for your device
- 7zip to be able to unzip the firmware from above
- Android AOSP fsutils simg2img and make_ext4fs (Attached) (note that your make_ext4fs needs to be patched to be able to generate samsung patches easily see gist) for some reason samsung chose to use a slightly different sparse file layout for this device. Using the stock make_ext4fs to generate an image will cause heimdall ( ad Odin) to stop data uploads after the first packet stream.
Or if you still want to use stock make_ext4fs you can try using Chainfire's sgs4ext4fs and run this after you generate your system.img, I haven't tried this route personally myself.
Step By Step (Part 1 - Mount stock system.img for modification)
==========
1. Create a folder to do your work like samsing_kitchen for example. Place your
stock firmware package there
Code:
mkdir samsung_kitchen
cd samsung_kitchen
2. Extract your stock firmware's system.img using 7zip
Code:
7z x XTC-T285XXU0APCN-20160421170750.zip
7z x T285XXU0APCN_T285OLB0APC6_T285XXU0APCN_HOME.tar.md5
Should see a couple of image files, one of them is system.img.
3. Create mount point and convert from sparse image to mountable image and then mount it
Code:
mkdir system
simg2img system.img system.img.raw
sudo mount -t ext4 -o loop system.img.raw ./system
The contents of the system image should now be visible inside the system folder you
just created. You can now proceed to modifiying it (e.g. remove apps)
(Part 2 - Repackage image for flashing to device)
=================================================
DISCLAIMER: As always make sure you backup your important files in case
something goes wrong! I will not be responsible for any losses resulting from this
activity. Also this activity may void your warranty.
Prequisites:
- Make sure you have heimdall properly working.
- Make sure you have oem unlock. This should be visible in developer settings
To know if it is enabled/disable FRP protection should be disabled when you go
in Odin mode.
1. pull the file_contexts file from .your device.
Code:
adb pull file_contexts
on a connected device in developer mode. You will need this file so that the permissions are properly set when building the image
2. Exit from system back to your working folder (e.g. samsing_kitchen ) and run
the following:
Code:
sudo make_ext4fs -s -l 2147483648 -S file_contexts -a system new_system.img ./system
This should create a flashable image called new_system.img
3. Restart your SM-T285 into Odin Mode (Power-off, then hold home vol-down + power until Odin Mode shows up)
4. Flash using Heimdall
Code:
heimdall flash --SYSTEM new_system.img
Your device should automatically restart after this. If something goes wrong you can always flash the original system image back.
Making an ODIN flashable image
----------------------------------------
To create an image compatible with ODIN (tar.md5) make sure you have a copy of the stock image zip from samsung and extract (using 7zip) its contents to a folder:
An extracted file should look like this:
Code:
boot.img
cache.img
hidden.img
nvitem.bin
recovery.img
SPRDCP.img
SPRDGDSP.img
SPRDLTEDSP.img
SPRDWDSP.img
system.img
replace the stock system.img with the one you created from above:
Code:
cp ../new_system.img system.img
tar and md5 it:
Code:
tar -H ustar -c boot.img cache.img hidden.img recovery.img SPRDCP.img SPRDGDSP.img SPRDLTEDSP.img SPRDWDSP.img system.img >T285_CUSTOM.tar
md5sum -t T285_CUSTOM.tar > T285_CUSTOM.tar
mv T285_CUSTOM.tar T285_CUSTOM.tar.md5
Optionally Zip it if you want:
Code:
7z a T285_CUSTOM.zip T285_CUSTOM.tar.md5
This guide should work for the T280 as well, though I can't confirm it since I don't have access to that model.
Click to expand...
Click to collapse
Anyway to do this on a windows machine?????
lohtse said:
Anyway to do this on a windows machine?????
Click to expand...
Click to collapse
Not sure though since you need to be able to mount an ext4 image, make modifications to it and then write it back. Plus the tools required to write the image back properly are only available in linux so I doubt there will be one for windows unless someone puts in effort to make something for it. The best I can do is to make a docker image where you can run it under windows with those tools if anyone is interested.
Just a note regarding the guide, it's not really necessary to add all the other partition images when creating the ODIN flashable tar.
All that is required is:
tar cvf system.tar system.img
jedld said:
Not sure though since you need to be able to mount an ext4 image, make modifications to it and then write it back. Plus the tools required to write the image back properly are only available in linux so I doubt there will be one for windows unless someone puts in effort to make something for it. The best I can do is to make a docker image where you can run it under windows with those tools if anyone is interested.
Click to expand...
Click to collapse
is there no way to create a set of files(zip etc) we windows users could flash using odin? would be a huge help if that could be done! also anyone have a link to a stock rom??
and finally I noticed that the US samsung site has a pdf manual for this tablet that refers to marshmallow!!!!!
http://www.samsung.com/us/business/support/owners/product/SM-T280NZWAXAR
lohtse said:
is there no way to create a set of files(zip etc) we windows users could flash using odin? would be a huge help if that could be done! also anyone have a link to a stock rom??
and finally I noticed that the US samsung site has a pdf manual for this tablet that refers to marshmallow!!!!!
http://www.samsung.com/us/business/support/owners/product/SM-T280NZWAXAR
Click to expand...
Click to collapse
I highly doubt this thing will get mm. [emoji52]