After releasing my custom recovery and boot images several people have messaged me about how to create these images.
First, you need to read this article, carefully: http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack%2C_Edit%2C_and_Re-Pack_Boot_Images. It explains the format of these images. I suggest you try to extract the kernel and the ramdisk with a hex editor, as it will help you understand how the format works.
Afterwards, for convenience, you can use the two scripts provided in that page: unpack-bootimg.pl and repack-bootimg.pl.
You should now have two files, the kernel and the ramdisk.
Extract the contents of the ramdisk with:
Code:
gunzip -c ramdisk.cpio.gz | cpio -i
You can now proceed to alter what you wish, in the ramdisk.
For repacking, I use the tools provided in the Android 1.6 SDK. You need to download it from http://developer.htc.com/. After compiling the SDK, you should have (among others) these two tools: mkbootfs and mkbootimg.
To recreate the ramdisk, use the following command (assumes ramdisk in ramdisk folder):
Code:
mkbootfs ramdisk | gzip > ramdisk.gz
And now, to recreate the image:
Code:
mkbootfs [b]--base 0x2e00000[/b] --cmdline 'cmdline: no_console_suspend=1 console=null' --kernel kernel.gz --ramdisk ramdisk.gz -o my_new_boot_image.img
The only tricky part, and where I guess everyone is having problems, is with the --base 0x2e00000 option. This is the base address for the kernel and, without this, your Tattoo will hang at boot.
Do not try to create custom images unless you are fully aware of what you're doing. YOU CAN BRICK YOUR DEVICE
Best of luck
Thanks a lot mainfram3!
I'll base CoburnROM's boot.img off yours, and then we'll go from there.
All we need now is a how to on make your own system.img (either taking a RUU system and gutting the crap out of it or using one that a member has precompiled as a base) and we'll be set for cookin' ROMs with gas. Want fries with dat?
Thanks a million!
Cool! You have dispeled the clouds.
mf3: How did you know that base address of the kernel? I repacked the boot.img file without the option '--base xxx', that's why this one bricked my tattoo i think.
Thanks, you did the great job.
BTW, I break through this cloud by using HEX editor to comparing your image and mime and found that the kernel address, ramdisk address are different. But I don't know why... Would you mind to tell us why and how you find it??
huchengtw said:
Thanks, you did the great job.
BTW, I break through this cloud by using HEX editor to comparing your image and mime and found that the kernel address, ramdisk address are different. But I don't know why... Would you mind to tell us why and how you find it??
Click to expand...
Click to collapse
See at kernel sources at the file:
arch\arm\mach-msm\include\mach\memory.h
.....
/* physical offset of RAM */
#if defined(CONFIG_ARCH_MSM7225) || defined(CONFIG_ARCH_MSM7625)
#define PHYS_OFFSET UL(0x02E00000)
.....
I think there it is ......
cya
Well, actually I got the base address from looking at bootimg.h, to understand the structure of the header in the image files.
I then figured out the the kernel base address in the boot.img and recovery.img from the rom.zip (from the RUU) and compared it against the kernel address in the images I was creating. After that, I adjusted the arguments to mkbootimg so that it would generate a file with the same address as the originals.
i am trying to put together a recovery for the Sholes XT701. obviously i am missing this base offset because it hangs at boot. i was looking in the memory.h file and see the following but this is for the ram. where can i find the base offset for the kernel? that is what i need right?
Code:
#elif defined(CONFIG_MACH_SHOLES_UMTS) || defined(CONFIG_MACH_MAPPHONE)
#define PHYS_OFFSET UL(0x80C00000)
do you have a bootimg.h ? mainfram3 got his information from there...
Did you tried to put all in a rom.zip and replace the one that comes with Ruu WWE? IF the addresses are the same maybe it will flash your custom rom.
mainfram3 said:
Well, actually I got the base address from looking at bootimg.h, to understand the structure of the header in the image files.
I then figured out the the kernel base address in the boot.img and recovery.img from the rom.zip (from the RUU) and compared it against the kernel address in the images I was creating. After that, I adjusted the arguments to mkbootimg so that it would generate a file with the same address as the originals.
Click to expand...
Click to collapse
sorry,but how to create recovery.img?
is boot.img==recovery.img?
mainfram3 said:
And now, to recreate the image:
Code:
mkbootfs [b]--base 0x2e00000[/b] --cmdline 'cmdline: no_console_suspend=1 console=null' --kernel kernel.gz --ramdisk ramdisk.gz -o my_new_boot_image.img
Click to expand...
Click to collapse
Hi,
isn't it mkbootimg instead of mkbootfs to create an image?
Moreover, the script repack-bootimg.pl doesn't work for me. But your method using mkbootfs works well.
Thanks.
can an expert help me out? I have 2 recoveries, both of which can be flashed to my phone without any problem, except I have troubles using them.
Recovery X can be used without any problem, all the options work and I can perform nandroid backup and restore perfectly fine. However, it's missing the option to flash a custom rom from the memory card.
Recovery Y supports all the options, including the option to flash a custom rom from the memory card. However, it's not made specifically for my phone, which means that none of the buttons on my phone work. Therefore, I can only navigate through the options up or down, but I can't select it or go back.
My phone is a chinese clone btw, the brand is STAR A1000. That's why there aren't many properly made recoveries available for it. Anyway, since Recovery X works, I was wondering if someone could just compare the 2 recoveries and just change the button mappings on Recovery Y, as you can simply take the button mapping from Recovery X and that's it?
I dunno how to do it and don't wanna risk bricking my phone or anything, so if someone can kindly help me out that would be great.
I don't have this phone, but isn't there a keychars.pl file under /usr/"don't know the name anymore"/? there are files assigning an action to a pressed key - you just have to compare the keychars file from X and Y and change the Y keychars accordingly. Hope that helps, since I also never did this before.
Oh well I didn't know that
I dunno anything about creating a recovery or boot image. All I know is how to flash it and root the phone, i.e just the basic stuff.......
would you be able to help me compare the files and make the changes?
Here's the link to the files:
http://forum.xda-developers.com/attachment.php?attachmentid=740516&d=1317801095
http://forum.xda-developers.com/attachment.php?attachmentid=737495&d=1317534773
the first link is the recovery that is currently working for me, but doesn't have the option to flash a firmware from the memory card. It's a modified version of the ClockworkMod Recovery v4.0.0.5.
as for the 2nd link, please extract just the "a1000.img" recovery. My phone is the STAR A1000 and that's the recovery that contains all the options, except the buttons don't work on it. It's also in chinese but I can read it. So ya, I just need someone to remap the buttons that work in the "cw.img" recovery and copy that to the "a1000.img" recovery....
Hi all!
First of all, sorry if this has been asked earlier, I tried to find an answer to this but couldn't.
If I'm not mistaken we need a so called 'insecure' boot img to be able to do a adb remount, and then the superuser apk to get full root. Now, if I build AOSP from the sources, will the generated boot img be insecure?
If not, is there a way of building it? (besides getting it from MoDaCo) Or is it some super-duper-secret stuff?
Thanks in advance!
After some more deep reading I think I found what I was looking for:
boot.img needs to be repacked with ro.secure set to 0 and that way adb will run as the root user.
Please, someone correct me if I'm wrong.
just a stupid question, how did you repack a boot.img with ro.secure=0 ?
Hello,
I need any help I can get in making a boot.img for and update.zip. I don't know Unix or Linux but have some common knowledge of computers and have baked a few rom myself(no coding more copy paste). I have disassemble two boot.imgs and gotten the ramdisk.img form one and the zImage from the other. I used the unpackbootimg command to get these parts. I then used the mkbootimg to put them back together. When using this newly created boot.img in an update.zip the phone doesn’t get past the initial startup screen with the x and padlock. If I don’t disassemble the boot.imgs and use the one with the ramdisk I want in the update.zip, then flash the zImage with another update.zip it works fine.
OK that might sound a little confusing as it does even to me.
Layman's Terms
WHAT DOESN'T WORK:
1 - Unpack boot.img-A to Ramdisk.img-A and zImage-A
2 - Unpack boot.img-B to Ramdisk.img-B and zImage-B
3 - Repacked Ramdisk.img-A and zImage-B in to boot.img-C
4 - Create update.zip using boot.img-C and flash
5 - Stuck at x with padlock
WHAT WORKS:
1 - Create update.zip using boot.img-A and flash
2 - Setup phone
3 - Create another update.zip containing zImage-B and flash
In closing I know that doing it the way it works is fine but I would like to maybe eliminate one step and maybe even figure out what I am doing and how to do it the right way.
I can upload anything that you think you need to help.
Thanks in advance,
Robert
I've tried to port ubuntu touch to my Xperia L with Sony provided aosp and FXP's kernel source code. Problem is I've got 6 img files and there's I only know how to flash 2 of them to my phone .
List of img files:
android-ramdisk.img
boot.img
cache.img
ramdisk.img
system.img
userdata.img
I've also got a file named kernel
So anyone you can tell me some thing about flashing other 5 files.
Also I've tried to flash just boot.img and system .img but the result was that flash mode and fastboot buttons got inverted and when i tried to boot into system,phone vibrated but nothing happened and even fastboot and flashmode were gone. Later i removed and reinserted battery and then got flashmode and fastboot to work again.
Thread closed at user's request.
Hello,
I have a quick question?
I made an unsecure boot.img for stock rom and added init.d support using android kitchen. After I flash the boot.img and reboot it says:
Code:
[460] fastboot_init()
[560] USB init ept @ 0xffc1000
[590] udc_start()
pops up and It wont boot into the system like normal. Is there something inside the boot.img that I need to modify to bypass this?
See attachment for my boot.img
[DO NOT FLASH THIS BOOT.IMG! YOU WILL SOFT BRICK!]
try it
androidguy1991 said:
Hello,
I have a quick question?
I made an unsecure boot.img for stock rom and added init.d support using android kitchen. After I flash the boot.img and reboot it says:
Code:
[460] fastboot_init()
[560] USB init ept @ 0xffc1000
[590] udc_start()
pops up and It wont boot into the system like normal. Is there something inside the boot.img that I need to modify to bypass this?
See attachment for my boot.img
[DO NOT FLASH THIS BOOT.IMG! YOU WILL SOFT BRICK!]
Click to expand...
Click to collapse
had the same problem and used this method. everything worked
http://forum.xda-developers.com/lg-l90/general/guide-flash-stock-kdz-offline-lg-l90-t2803479
androidguy1991 said:
Hello,
I have a quick question?
I made an unsecure boot.img for stock rom and added init.d support using android kitchen. After I flash the boot.img and reboot it says:
Code:
[460] fastboot_init()
[560] USB init ept @ 0xffc1000
[590] udc_start()
pops up and It wont boot into the system like normal. Is there something inside the boot.img that I need to modify to bypass this?
See attachment for my boot.img
[DO NOT FLASH THIS BOOT.IMG! YOU WILL SOFT BRICK!]
Click to expand...
Click to collapse
No. If you're seeing fastboot, there is something wrong with your boot.img. Reflash stock boot.img with fastboot
What device do you have?
---------- Post added at 05:00 PM ---------- Previous post was at 04:59 PM ----------
FenixBrasil said:
had the same problem and used this method. everything worked
http://forum.xda-developers.com/lg-l90/general/guide-flash-stock-kdz-offline-lg-l90-t2803479
Click to expand...
Click to collapse
OP's not looking for a KDZ fix. He's wanting information on how to fix his unsecure boot image.
Yes, after I flashed the unsecure boot.IMG it keeps going straight to the boot loader.
I have a D415. All I added was init.d and made it rooted with android kitchen.
androidguy1991 said:
Yes, after I flashed the unsecure boot.IMG it keeps going straight to the boot loader.
I have a D415. All I added was init.d and made it rooted with android kitchen.
Click to expand...
Click to collapse
If you don't have a copy of your stock boot image, see this thread
Hopefully you have the fastboot executable. If not, you can download the latest ADB and fastboot executables from my Dev-Host account here.
If you need any assistance using the fastboot executable, please let me know.
Fastboot mode could not flash anything says remote unknown command
Is possible the issue will be fixed on the future?
Sent from my Andromax A16C3H using Tapatalk