From being used to a Linux PC with everything on a couple of partitions, trying to suss out how Android works has baffled me a bit what with having so many things hidden away in so many different places. I couldn't find a partition map for our phone so I made one by looking at /proc/partitions, using the mount command, analysing s5830i ODIN pit files and searching the internet. I realise that this isn't new information in that I'm pretty sure this stuff is known by some people but I still thought that this was worth putting out there.
I've listed the information in the following format:
#blocks <device file name> <partition name> (<flash file name> <Odin part>) <information>
Mount points are given where relevant. Partition name and flash file name are from the Odin pit file. To get the 'Odin part' I looked inside my “Full Firmware Backup To Odin Format”, which is a CWM script by Rafael.Baugis.
I've tried to be as accurate as possible and make it clear where I'm not 100% sure but please help me improve it if you can as I done this as a learning exercise in the first place!
Figures from /proc/partitions (also see the mount command):
#blocks name
31166976 mmcblk0 – sdcard (entire device)
29179904 mmcblk0p1 – sdcard partition 1 *
1945600 mmcblk0p2 - sdcard partition 2 *
513024 bml0/c – All bml partitions (figures add up to 513024)
256 bml1 – bcm_boot (BcmBoot.img – BOOT) – Bootloader
2048 bml2 – loke (sbl.bin - PDA) - Secondary bootloader
2048 bml3 – loke_bk (no flash file) - Presumably SBL backup
256 bml4 – systemdata (totoro.pit) – A copy of the Odin pit file by the looks of it
12800 bml5 – modem (BcmCP.img – PHONE) - baseband/modem
5120 bml6 – see stl6 **
5120 bml7 – boot (boot.img - PDA) - The kernel and ramdisk
5120 bml8 – boot_backup (no flash file) – Presumably boot.img backup
235520 bml9 – see stl9 **
40960 bml10 – see stl10 **
201984 bml11 – see stl11 **
256 bml12 – efs (?) (no flash file) – Not sure why this is called 'efs' as efs is well documented as being on bml15 and the number of blocks isn't even the same
256 bml13 – sysparm (sysparm_dep.img – BOOT) – part of the bootloader?
256 bml14 – umts_cal - (HEDGE_NVRAM8_RF_LE.bin – BOOT) – part of the bootloader?
1024 bml15 – cal (no flash file) - Not sure about the name but this is the EFS partition containing IMEI + network/region lock info
1280 stl6 – param_lfs (param.lfs – PDA) - mount point: /mnt/.lfs – SBL data including settings and images such as Samsung S5830i boot logo.
227840 stl9 – system (system.img - PDA) - mount point: /system – Operating System / ROM
36864 stl10 - cache (csc.rfs - CSC) - mount point: /cache – App/system cache storage but apparently CSC (region specific) data is also flashed here which seems odd but true!
194816 stl11 - userdata (userdata.img) - mount point: /data
- (dm-0 to dm-18) - Each app that is stored via SD card has its own virtual partition. I have 19 applications stored via traditional apps2sd, hence dm-0 to dm-18. Mount Point: /mnt/asec/<app's Java package name>
- (loop0 to loop18) – Loop devices. Each numbered loop is directly related to its dm counterpart, filesystem size is practically identical. I don't really understand loop devices that well so I can't say more than that!
* SD card partitions have other block device files, from which they are mounted via, at:
/dev/block/vold/179:1 - sdcard 1st partition – mount points: /mnt/sdcard and /mnt/secure/asec
/dev/block/vold/179:2 - sdcard 2nd partition – mount point: /data/sdext2
** This is from XDA user Darkshado in the following post:
“From what I've gathered bml is essentially a lower level interface to the same blocks accessed by stl, but the results differ somewhat in resulting file size”
http://forum.xda-developers.com/showpost.php?p=16963172&postcount=1
In actual fact bml and stl counterparts don't differ very much at all in size. From what I've read elsewhere the reason for the availability of stl interfaces on only some partitions may be related to the need for regular read-write access.
*** stl* and bml* interfaces can be accessed through device files such as /dev/stl*, dev/bml*, /dev/block/stl* and dev/block/bml*.
Of course just because they can be doesn't mean it's necessarily a good idea!
I have a fresh unconnected BLU R1 HD. I want to do the following to it:
1. Unlock the Bootloader. The Device appears to run V6.1 of the firmware.
2. Install TWRP Recovery.
3. Install LineageOS
4. Install GAPPS
5. Install SuperSU.
I will do these tasks in whatever order is required to achieve the result of a Rooted Phone, running LineageOS and F-Droid, with no ADUPS. I do not wish to have simply a rooted Stock Rom, as eventually, I want to move to LineageOS 14, and get Nougat.
I will be using a Mageia Linux PC for this task. I have downloaded LineageOS 13.0 R1 HD V3.8. If I should need a newer port, say so. In addition, I have DirtyCow For Linux V3. Please, instruct me further.
zombie_ryushu said:
I have a fresh unconnected BLU R1 HD. I want to do the following to it:
1. Unlock the Bootloader. The Device appears to run V6.1 of the firmware.
2. Install TWRP Recovery.
3. Install LineageOS
4. Install GAPPS
5. Install SuperSU.
I will do these tasks in whatever order is required to achieve the result of a Rooted Phone, running LineageOS and F-Droid, with no ADUPS. I do not wish to have simply a rooted Stock Rom, as eventually, I want to move to LineageOS 14, and get Nougat.
I will be using a Mageia Linux PC for this task. I have downloaded LineageOS 13.0 R1 HD V3.8. If I should need a newer port, say so. In addition, I have DirtyCow For Linux V3. Please, instruct me further.
Click to expand...
Click to collapse
Few notes for you.
Use newest port build, not the one you mentioned. Many bugs on that version.
No need for superSU , Root is built into rom. In developer options menu
The tool has the directions and instructions for you. No need for another step by step here.
mrmazak said:
Few notes for you.
Use newest port build, not the one you mentioned. Many bugs on that version.
No need for super super. Root is built into room. In developer options menu
The tool has the directions and instructions for you. No need for another step by step here.
Click to expand...
Click to collapse
Alright in response to that, I have downloaded port V5.2. Is that the latest version?
Additionally, my distribution renames fastboot fastboot-android because there is another command called fastboot that has nothing to do with Android. (so I did a find and replace in your script to rename all instances of fastboot to fastboot-android.)
The file I downloaded seems to be a zip file, not an image file of any sort. Is that fine?
The step-by-step for dirty-cow seems to be about removing adups, installing TWRP, removing the Ads.
Additionally. The version of adb-tools I have is 4.4.2
zombie_ryushu said:
Alright in response to that, I have downloaded port V5.2. Is that the latest version?
Additionally, my distribution renames fastboot fastboot-android because there is another command called fastboot that has nothing to do with Android. (so I did a find and replace in your script to rename all instances of fastboot to fastboot-android.)
The file I downloaded seems to be a zip file, not an image file of any sort. Is that fine?
The step-by-step for dirty-cow seems to be about removing adups, installing TWRP, removing the Ads.
Click to expand...
Click to collapse
Yes 5.2 is right.
I believe I included fastboot binary in the tool and call that binary from the script, so you must verify your changes are correct.
The step-by-step , (that I wrote) has nothing to do with adups.
The tool is just collection of batch file (she'll script) and a replacement from.bin file, dirty-cow binary, and modified system file with a root shell built in. This is all done simply to force the ability to unlock bootloader.
mrmazak said:
Yes 5.2 is right.
I believe I included fastboot binary in the tool and call that binary from the script, so you must verify your changes are correct.
The step-by-step , (that I wrote) has nothing to do with adups.
The tool is just collection of batch file (she'll script) and a replacement from.bin file, dirty-cow binary, and modified system file with a root shell built in. This is all done simply to force the ability to unlock bootloader.
Click to expand...
Click to collapse
The fastboot binary is not inthe Zip I have for Linux. (DirtyCow-R1_HD-V6-Linux-V3.zip) Is this too old a version?
Do you use IRC by any chance?
zombie_ryushu said:
The fastboot binary is not inthe Zip I have for Linux. (DirtyCow-R1_HD-V6-Linux-V3.zip) Is this too old a version?
Do you use IRC by any chance?
Click to expand...
Click to collapse
there are too more updated version of the linux script.
this one is latest. It has not been "universal" and may have bugs based on version of linux you use.
DirtyCow-R1_HD-TOOL-V9+linux.zip : https://forum.xda-developers.com/devdb/project/dl/?id=23649
mrmazak said:
there are too more updated version of the linux script.
this one is latest. It has not been "universal" and may have bugs based on version of linux you use.
DirtyCow-R1_HD-TOOL-V9+linux.zip : https://forum.xda-developers.com/devdb/project/dl/?id=23649[/QUO
Due to my Anxiety on the issue, I accidentally adbed up the version I had, but I did not run the dirtycow exploit yet, should I start over, or keep going with what I have? (this is very Nerve Racking.)
Only Step 1 has been carried out.
Click to expand...
Click to collapse
zombie_ryushu said:
mrmazak said:
there are too more updated version of the linux script.
this one is latest. It has not been "universal" and may have bugs based on version of linux you use.
DirtyCow-R1_HD-TOOL-V9+linux.zip : https://forum.xda-developers.com/devdb/project/dl/?id=23649[/QUO
Due to my Anxiety on the issue, I accidentally adbed up the version I had, but I did not run the dirtycow exploit yet, should I start over, or keep going with what I have? (this is very Nerve Racking.)
Only Step 1 has been carried out.
Click to expand...
Click to collapse
you should be fine. The newer versions realy just add additional checks along the way in hopes of preventing trouble, and a way to find the cause of that trouble.
Click to expand...
Click to collapse
mrmazak said:
zombie_ryushu said:
you should be fine. The newer versions realy just add additional checks along the way in hopes of preventing trouble, and a way to find the cause of that trouble.
Click to expand...
Click to collapse
Alright. I will proceed with what I have. I downloaded your updated version and all of your Linux Binaries are x86_32 while my Distribution is x86_64.
Click to expand...
Click to collapse
#exit
> > > > > > > > > > > > > > > > Waiting 5 seconds...
[*] COPYING UNLOCK.IMG OVER TOP OF COPIED FRP IN /data/local/test NOT AS ROOT WITH DIRTYCOW
[*]
cowing. Start: 0, size: 102400
cowing. Start: 102400, size: 102400
cowing. Start: 204800, size: 102400
cowing. Start: 307200, size: 102400
cowing. Start: 409600, size: 102400
cowing. Start: 512000, size: 102400
cowing. Start: 614400, size: 102400
cowing. Start: 716800, size: 102400
cowing. Start: 819200, size: 102400
cowing. Start: 921600, size: 102400
cowing. Start: 1024000, size: 24576
checking md5 of new frp before copying to mmcblk0p17
unlock file does not match
Something Went Wrong Restarting phone and try again
press enter to exit
Does SP Flash Tool work on this version of the Blu ROM? If so, I found Colton's non-scripted procedure posted here easy to follow and it worked great on my Fedora Linux system when I did both of my phones. There are Linux versions of the flash tool: https://spflashtool.com/ Sorry, I am not familiar with the "dirty cow" stuff as SP Flash Tool worked well for me as detailed in this thread: https://forum.xda-developers.com/r1-hd/how-to/guide-convert-to-prime-rollback-ota-t3432499
yaconsult said:
Does SP Flash Tool work on this version of the Blu ROM? If so, I found Colton's non-scripted procedure posted here easy to follow and it worked great on my Fedora Linux system when I did both of my phones. There are Linux versions of the flash tool: https://spflashtool.com/ Sorry, I am not familiar with the "dirty cow" stuff as SP Flash Tool worked well for me as detailed in this thread: https://forum.xda-developers.com/r1-hd/how-to/guide-convert-to-prime-rollback-ota-t3432499
Click to expand...
Click to collapse
I don't know yet. I'm just sort of following the instructions.
zombie_ryushu said:
#exit
> > > > > > > > > > > > > > > > Waiting 5 seconds...
[*] COPYING UNLOCK.IMG OVER TOP OF COPIED FRP IN /data/local/test NOT AS ROOT WITH DIRTYCOW
[*]
cowing. Start: 0, size: 102400
cowing. Start: 102400, size: 102400
cowing. Start: 204800, size: 102400
cowing. Start: 307200, size: 102400
cowing. Start: 409600, size: 102400
cowing. Start: 512000, size: 102400
cowing. Start: 614400, size: 102400
cowing. Start: 716800, size: 102400
cowing. Start: 819200, size: 102400
cowing. Start: 921600, size: 102400
cowing. Start: 1024000, size: 24576
checking md5 of new frp before copying to mmcblk0p17
unlock file does not match
Something Went Wrong Restarting phone and try again
press enter to exit
Click to expand...
Click to collapse
please check if the file "working/new_frp_md5.txt" was created on you pc. Should have been in the folder "working" created in the tool folder
mrmazak said:
please check if the file "working/new_frp_md5.txt" was created on you pc. Should have been in the folder "working" created in the tool folder
Click to expand...
Click to collapse
It has not been. The folder mentioned is empty.
I can retry from Step 1 is thats required, but I really wish I had a more immediate way to respond to you.
zombie_ryushu said:
It has not been. The folder mentioned is empty.
I can retry from Step 1 is thats required, but I really wish I had a more immediate way to respond to you.
Click to expand...
Click to collapse
That seems odd. The earlier section of the script does the same md5 check , of the files pushed with adb in order to do the dirty-caw part. And it saves to same folder. And if folder is empty , that does not add up.
***unless you did an exit from the tool #7****
during exit by #7 the working folder is emptied.
So please start over and before exiting check the folder "working" for the new_frp_md5.txt file
#pwd
/
#exit
> > > > > > > > > > > > > > > > Waiting 5 seconds...
[*] COPYING UNLOCK.IMG OVER TOP OF COPIED FRP IN /data/local/test NOT AS ROOT WITH DIRTYCOW
[*]
cowing. Start: 0, size: 102400
cowing. Start: 102400, size: 102400
cowing. Start: 204800, size: 102400
cowing. Start: 307200, size: 102400
cowing. Start: 409600, size: 102400
cowing. Start: 512000, size: 102400
cowing. Start: 614400, size: 102400
cowing. Start: 716800, size: 102400
cowing. Start: 819200, size: 102400
cowing. Start: 921600, size: 102400
cowing. Start: 1024000, size: 24576
checking md5 of new frp before copying to mmcblk0p17
new FRP matches md5
[*] WAITING 5 SECONDS BEFORE WRITING FRP TO EMMC
[*] DD COPY THE NEW (UNLOCK.IMG) FROM /data/local/test/frp TO PARTITION mmcblk0p17
ciao
#dd if=/data/local/test/frp of=/dev/block/mmcblk0p17
2048+0 records in
2048+0 records out
1048576 bytes transferred in 0.109 secs (9619963 bytes/sec)
#exit
> > > > Waiting 5 seconds...
coping new frp is done phone will now reboot and script will return to start screen
press enter to exit
R1-HD-TOOL.sh: line 222: kill-server: command not found
It worked this time, I think.
Its rebooted into Fastboot mode. trying to look up the next step.
The Phone is in Fastboot Mode, but not doing much else. fastboot-android says there are no fastboot devices connected. Your script does not kill the adb server correctly. Do I need to kill it myself by doing control+Z and then adb kill-server?
$ fastboot-android devices
QCUCORS8PFMV85KN fastboot
zombie_ryushu said:
Its rebooted into Fastboot mode. trying to look up the next step.
The Phone is in Fastboot Mode, but not doing much else. fastboot-android says there are no fastboot devices connected. Your script does not kill the adb server correctly. Do I need to kill it myself by doing control+Z and then adb kill-server?
Click to expand...
Click to collapse
dont think that the kill-server was nescisary.
cant help with the fastboot-android part.
once you can use fastboot. next step is to check again that phone is unlockable
Code:
fastboot flashing get_unlock_ability
if result of that command is a number larger than 1 , continue with
Code:
fastboot oem unlock
then
Code:
fastboot reboot
this should make phone reboot and it will do factory reset. (needed when bootloader is unlocked)
mrmazak said:
dont think that the kill-server was nescisary.
cant help with the fastboot-android part.
once you can use fastboot. next step is to check again that phone is unlockable
Code:
fastboot flashing get_unlock_ability
if result of that command is a number larger than 1 , continue with
Code:
fastboot oem unlock
then
Code:
fastboot reboot
this should make phone reboot and it will do factory reset. (needed when bootloader is unlocked)
Click to expand...
Click to collapse
The fastboot-android nor your fastbootlinux binary included with your tool does not understand the
Code:
fastboot flashing get_unlock_ability
command.
(bootloader) Start unlock flow
OKAY [ 44.663s]
finished. total time: 44.663s
was the result of fastboot oem unlock
zombie_ryushu said:
The fastboot-android nor your fastbootlinux binary included with your tool does not understand the
Code:
fastboot flashing get_unlock_ability
command.
(bootloader) Start unlock flow
OKAY [ 44.663s]
finished. total time: 44.663s
was the result of fastboot oem unlock
Click to expand...
Click to collapse
ok so it looks like it worked.
you need to do the reboot and allow the reset before flashing anything.
i want to remove some apk from system. so i plan make odin flashable tarball.
i just test the extract and repack, didn't do any modify, but it was fail.
1.
system.img.ext4.lz4 -> lz4 -> system.img.ext4 -> simg2img -> system.img -> img2simg -> system.img.ext4 -> N960U.tar(only system.img.ext4)
with system.img , i didn't modify anything,
after img2simg :
file system.img.ext4
system.img.ext4: Android sparse image, version: 1.0, Total of 1291776 4096-byte output blocks in 6335 input chunks.
Odin flash fail (auth), mobile show : security check fail system.
2.
system.img.ext4.lz4 -> lz4 -> system.img.ext4 -> N960U.tar(only system.img.ext4)
do not use simg2img or img2simg
after lz4:
file system.img.ext4
system.img.ext4: Android sparse image, version: 1.0, Total of 1291776 4096-byte output blocks in 6277 input chunks.
Odin flash success.
i also try to use mkuserimg.sh to repack android sparse image, but it also make fail.
mkuserimg.sh -s /Volumes/sysmain system.img.ext4 ext4 /system 529114496
The tow system.img.ext4 has some different, i want to compare the tow img file , but it to huge.
Any good idea? how the samsung mobile to check if it own img?
Sorry for my poor english.
[Q] Help on unpack repack ext4 system image
Does any one know how can I unpack and repack ext4 system images using cygwin? can you give me the complete and understandable tutorials on it? I have tried all of the tutorials here in XDA, but it seems that I can't follow the right way. Please...
forum.xda-developers.com
auth fail = OEM lock = BL Lock
must unlock bl or sampwnd
zalmen hatotach said:
[Q] Help on unpack repack ext4 system image
Does any one know how can I unpack and repack ext4 system images using cygwin? can you give me the complete and understandable tutorials on it? I have tried all of the tutorials here in XDA, but it seems that I can't follow the right way. Please...
forum.xda-developers.com
Click to expand...
Click to collapse
What errors do you get?