Hi,
I am trying to build a custom boot image to get rid of the immutable files of my P7-L00.
Specifically I haved done this : At a specific point in the boot process the rc scripts execute the set_immutable command with a 1 parameters that sets the immutable bits in all the files mentioned in the set_immutable.list file. If this command is changed to a 0 it clears the immutable bit for all the files. I have buit the custom ramfs necesary for this but when I repack the boot image it will not boot.
I am using the following command for mkbootimg ....
mkbootimg --kernel mykernel.img --ramdisk ramdisk.cpio.gz --ramdisk_offset 0x04000000 --base 0x07000000 --cmdline "k3v2mem k3v2_ion=1 vmalloc=448M maxcpus=4 initcall_debug=n" -o newimg.img
The resulting first page looks ok, it has the same offsets as my original working boot image, but as I mentioned before, it does not boot, but just cycles back to fastboot mode after about 1 minute.
Any help will be appreciated,
Thanks
The most probable that there's a problem with permissions.
Make
Code:
chown 0:0 init.rc
chmod 750 init.rc
before packing ramdisk.
Kostyan_nsk said:
The most probable that there's a problem with permissions.
Make
Code:
chown 0:0 init.rc
chmod 750 init.rc
before packing ramdisk.
Click to expand...
Click to collapse
Thanks a lot ! .... I had not checked the user/groups for the extracted files ...
gguemez said:
Hi,
I am trying to build a custom boot image to get rid of the immutable files of my P7-L00.
Specifically I haved done this : At a specific point in the boot process the rc scripts execute the set_immutable command with a 1 parameters that sets the immutable bits in all the files mentioned in the set_immutable.list file. If this command is changed to a 0 it clears the immutable bit for all the files. I have buit the custom ramfs necesary for this but when I repack the boot image it will not boot.
I am using the following command for mkbootimg ....
mkbootimg --kernel mykernel.img --ramdisk ramdisk.cpio.gz --ramdisk_offset 0x04000000 --base 0x07000000 --cmdline "k3v2mem k3v2_ion=1 vmalloc=448M maxcpus=4 initcall_debug=n" -o newimg.img
The resulting first page looks ok, it has the same offsets as my original working boot image, but as I mentioned before, it does not boot, but just cycles back to fastboot mode after about 1 minute.
Any help will be appreciated,
Thanks
Click to expand...
Click to collapse
I suggest, use kitchen.
gguemez said:
Hi,
I am trying to build a custom boot image to get rid of the immutable files of my P7-L00.
Specifically I haved done this : At a specific point in the boot process the rc scripts execute the set_immutable command with a 1 parameters that sets the immutable bits in all the files mentioned in the set_immutable.list file. If this command is changed to a 0 it clears the immutable bit for all the files. I have buit the custom ramfs necesary for this but when I repack the boot image it will not boot.
I am using the following command for mkbootimg ....
mkbootimg --kernel mykernel.img --ramdisk ramdisk.cpio.gz --ramdisk_offset 0x04000000 --base 0x07000000 --cmdline "k3v2mem k3v2_ion=1 vmalloc=448M maxcpus=4 initcall_debug=n" -o newimg.img
The resulting first page looks ok, it has the same offsets as my original working boot image, but as I mentioned before, it does not boot, but just cycles back to fastboot mode after about 1 minute.
Any help will be appreciated,
Thanks
Click to expand...
Click to collapse
You are correct in saying that modifying the setimmutable binary flag from 1 to 0 in the boot image solves the set_immutable.list problem referred to many times in various posts in this forum..
I have a P7-L07 emui2.3 B125 and a P7-L10 emui3.0 B609. I had no trouble modifying the boot.img for the L07 using
linux-kernelkitchen-0.002 under xubuntu. The L10 is a different story but the main problem is faulty flash memory.
At any rate, you don't really need to worry about the boot.img file at all. A simple and easy work around is to replace the file set_immutable.list with another empty file of the same name. This works quite well on my L10. I used the file manager FX to achieve this. As long as you have root access and can change file permissions correctly this method will work for you.
arthios said:
You are correct in saying that modifying the setimmutable binary flag from 1 to 0 in the boot image solves the set_immutable.list problem referred to many times in various posts in this forum..
I have a P7-L07 emui2.3 B125 and a P7-L10 emui3.0 B609. I had no trouble modifying the boot.img for the L07 using
linux-kernelkitchen-0.002 under xubuntu. The L10 is a different story but the main problem is faulty flash memory.
At any rate, you don't really need to worry about the boot.img file at all. A simple and easy work around is to replace the file set_immutable.list with another empty file of the same name. This works quite well on my L10. I used the file manager FX to achieve this. As long as you have root access and can change file permissions correctly this method will work for you.
Click to expand...
Click to collapse
Thank your for the info. In the P7-L00 with a KingUser Root I could not change the set_immutable.list to anything. Any attempt to modify the file, replace or change the permissions would fail, since the immutable bit was set.
Having fixed the problem I mentioned above I now find myself with the situation that if I change some, I can't say all files, in the system directory the phone reboot immediately. I dont know if this is due to the "partial" root some people say kinguser provides or to some other issue.
I will keep playing around, thanks for the help.
gguemez said:
Thank your for the info. In the P7-L00 with a KingUser Root I could not change the set_immutable.list to anything. Any attempt to modify the file, replace or change the permissions would fail, since the immutable bit was set.
Having fixed the problem I mentioned above I now find myself with the situation that if I change some, I can't say all files, in the system directory the phone reboot immediately. I dont know if this is due to the "partial" root some people say kinguser provides or to some other issue.
I will keep playing around, thanks for the help.
Click to expand...
Click to collapse
changing the 1 to 0 of set_immutable in rc won't work. i already tried that thing. i used 609 boot.img, unpack and repack it successfully but it wont work.
majcomtech said:
changing the 1 to 0 of set_immutable in rc won't work. i already tried that thing. i used 609 boot.img, unpack and repack it successfully but it wont work.
Click to expand...
Click to collapse
Thanks, do you also get the same effect of an immediate reboot when you modify system files? That is what I am really after, since I can't change anything I can't even update the SU or change any files ...
gguemez said:
Thanks, do you also get the same effect of an immediate reboot when you modify system files? That is what I am really after, since I can't change anything I can't even update the SU or change any files ...
Click to expand...
Click to collapse
if you want full root, i already made tut for that. http://forum.xda-developers.com/ascend-p7/general/rooted-p7-l10-609-t3003605
majcomtech said:
changing the 1 to 0 of set_immutable in rc won't work. i already tried that thing. i used 609 boot.img, unpack and repack it successfully but it wont work.
Click to expand...
Click to collapse
Thanks, I have tried this but in my case it has not worked. Everytime I reboot the phone the files are all back, as if there is a backup partition or something. I an now trying to do this via a UPDATE with CWM...
Thanks again.
gguemez said:
Thanks, I have tried this but in my case it has not worked. Everytime I reboot the phone the files are all back, as if there is a backup partition or something. I an now trying to do this via a UPDATE with CWM...
Thanks again.
Click to expand...
Click to collapse
I expect you are quite fed up by now and I offer my commiserations. There may be however be another solution to your problem. Have you considered downloading a custom ROM for your L00 created (say) by KangVIP or Killprocess, and then extracting the boot image from the zip file and flashing that? These boot images have the set_immutable flag set to 0. As I recall, the ROMs from KangVIP are password protected so a Killprocess ROM or one from someone else might be better. If you do decide to try this out, make sure the build number of the downloaded ROM is similar to yours. The boot images differ between emui2.3 and emui3.0. Good luck!
gguemez said:
Thanks, I have tried this but in my case it has not worked. Everytime I reboot the phone the files are all back, as if there is a backup partition or something.
Click to expand...
Click to collapse
Seems like you have locked bootloader.
Kostyan_nsk said:
Seems like you have locked bootloader.
Click to expand...
Click to collapse
No, the bootloader is unlocked. I can change the boot partition at will, I have many times letf it unbootable and restored it with no problem. I will try to do something via the recovery parition but, the only one I have found that worked in my phone, always gives me errors when running my scripts (so I am obviously doing something wrong).
I got to the point of sending a script that says ... ui_print ("Hello World"); ... but that gives me an error too!
I will keep trying to figure this out, thanks for your help.
Guillermo
What value has "fblock=" parameter in "/proc/cmdline"?
Related
I'm starting this thread to document the work on creating a custom recovery image for the Tattoo.
The main goal is to provide a recovery image that will serve as the launchpad for flashing custom roms.
The Tattoo Custom Recovery Image will provide:
1) A way to use an update.zip signed with test-keys (already accomplished);
2) A way to perform a full backup of mtd2,mtd3,mtd4 and mtd5 (boot,system,cache and data).
3) A way to perform a full restore of the backup achieved by 2);
4) Adb support (already accomplished);
4.1) Adb shell support.
I'm open to input about using nandroid. Right now, without a S-OFF/ENG SPL this looks useless.
Also, if you have any other special need for recovery, please feel free to express it
Alpha release
Tattoo's Custom Recovery Image, Alpha Release
This first release includes:
- ADB enabled recovery
- ADB enabled root shell
- Accept update.zip signed with test keys
- All partitions mounted
- Custom recovery program (the last two options are stubs, not really working yet)
- Included in /sbin: busybox, flash_image and BART
- I've not used BART and, at the moment, cannot attest if it works or not.
- Backup script in /sbin/backup.sh
- Restore script in /sbin/restore.sh
With this custom recovery you can now do a full backup of your unit, by dumping the mtd block devices to your sdcard. Afterwards, you can use flash_image to recover your Tattoo to it's previous state.
I'm releasing this image as is. This is not a point-and-click recovery tool. If you don't know what you're doing, you can seriously damage your unit. The only reason I'm releasing this is in an effort to provide other devs with a way to easily recover their units, back to day-to-day configuration, while experimenting with them.
To flash:
Copy TCRI.alpha.img to /sdcard.
Run "flash_image recovery /sdcard/TCRI.alpha.img"
To reboot into recovery (quickest way)
adb reboot recovery
Please comment
thanks for you work
i try to flahs and get permission denied, do you know why?
flash_image: permission denied
chusen said:
i try to flahs and get permission denied, do you know why?
Click to expand...
Click to collapse
Partition remounted writeable from a fresh rebooted system with the tattoo-hack.ko module inserted??
But I'm sure you did that before because of:
I'm releasing this image as is. This is not a point-and-click recovery tool. If you don't know what you're doing...
Click to expand...
Click to collapse
;-)
-bm-
Thank you very much for your excellent job
Someone could install custom alpha recovery?
thx
@-bm-:yes I will try that way since the beginning. i mount with rw permissions /system and /data. i know is not a point-and-click recovery tool but i think i need more permissions but where?
Where did you guys get your flash_image binary from ?
The error you're getting is from flash_image, not from my recovery image.
I'll attach the flash_image I've been using to this post.
Please tell me if this solves your problem. You need tattoo-hack.ko module inserted, if you're using a release kernel.
Edit: You have the correct permissions in your flash_image binary, right ? After pushing it to the device, don't forget to chmod 755
It works I like drawing, jejeje.
Backup and Restore functionality appears to have no further
The adb root shell is perfect
Very good Work
for when the beta version? and the final version? lol
I try to dump the system userdata and boot.img and when i try to extract with unyasffs and i get this when i try to extract system.img
Code:
4 [main] unyaffs 3940 handle_exceptions: Exception: STATUS_ACCESS_VIOLATION
644 [main] unyaffs 3940 open_stackdumpfile: Dumping stack trace to unyaffs.exe.stackdump
and this with others
Code:
broken image file
Code:
[email protected]:~/Tattoo/images/boot/1$ ../../unpack.pl ./boot.1.img
Page size: 2048 (0x00000800)
Kernel size: 1899580 (0x001cfc3c)
Ramdisk size: 160952 (0x000274b8)
Second size: 0 (0x00000000)
Board name:
Command line: no_console_suspend=1 console=null
Writing boot.1.img-kernel ... complete.
Writing boot.1.img-ramdisk.gz ... complete.
528 blocks
[ boot.1.img-ramdisk.gz decompressed to boot.img-ramdisk ]
My image dumping script is OK
Take a look here: http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack%2C_Edit%2C_and_Re-Pack_Boot_Images
The boot.img is not a yaffs2 image. It's a special format, comprised by a 2k header, a kernel image and a ramdisk.
The system.img is a yaffs2 image. From unyaffs's homepage: "Unyaffs is a program to extract files from a yaffs file system image. Now it can only extract images created by mkyaffs2image."
Chusen, I think it would be better to create a new thread for this, since it doesn't concern the custom recovery image directly.
Thank god for custom recovery!
Now we can really start cooking ROMs... gonna break out the tools tonight and get Android 1.6/2.1 sources ready to compile.
leon1984 said:
for when the beta version? and the final version? lol
Click to expand...
Click to collapse
You tell me
Next in line is to tie the backup/restore scripts to the UI, which won't be too hard.
Later, I may mess around with nandroid and bart, to see if they provide something more than my scripts.
Afterwards, when we have some custom roms available, I may create a downloader/updater option, to make it easier to install those.
Also, I'm taking requests for new features
suggestions about scripts
Excellent work, mainfram3. Thank you.
I have extracted the img file, and check backup.sh and restore.sh scripts. The code for checking sdcard remaining space is done. Here it is:
Code:
## TEST: Check free space in sdcard
NEED_KB="200000"
REM_KB=`du /sdcard | awk '{print $6}'`
if [ ${REM_KB%K} -lt $NEED_KB ]; then echo "Not enough space in /sdcard, exiting"; exit; fi
backup space min set to 200MB.
There is another suggestion about restore.sh. Because of backing up img to /sdcard/Backup, $1 might not be needed, right?
mainfram3 said:
Code:
[email protected]:~/Tattoo/images/boot/1$ ../../unpack.pl ./boot.1.img
Page size: 2048 (0x00000800)
Kernel size: 1899580 (0x001cfc3c)
Ramdisk size: 160952 (0x000274b8)
Second size: 0 (0x00000000)
Board name:
Command line: no_console_suspend=1 console=null
Writing boot.1.img-kernel ... complete.
Writing boot.1.img-ramdisk.gz ... complete.
528 blocks
[ boot.1.img-ramdisk.gz decompressed to boot.img-ramdisk ]
My image dumping script is OK
Take a look here: http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack%2C_Edit%2C_and_Re-Pack_Boot_Images
The boot.img is not a yaffs2 image. It's a special format, comprised by a 2k header, a kernel image and a ramdisk.
The system.img is a yaffs2 image. From unyaffs's homepage: "Unyaffs is a program to extract files from a yaffs file system image. Now it can only extract images created by mkyaffs2image."
Chusen, I think it would be better to create a new thread for this, since it doesn't concern the custom recovery image directly.
Click to expand...
Click to collapse
and if you want to extract the boot.img here are the two scripts you need to fully extract the kernel(zImage) and ramdisk
split_bootimg.pl
and
extract-ramdisk.sh
they are attached below
jamezelle:
extract-ramdisk.sh missed #!, and the ramdisk zip file should be passed to $1 of this script.
mainfram3 said:
1) A way to use an update.zip signed with test-keys (already accomplished);
Click to expand...
Click to collapse
Hi mainfram3,
I don't want to jack your thread - could you add a little elaboration on this point, or provide a URL so I can learn a little more? The SPL on the phone (oem-78 or fastboot mode) accepts updates signed with the test key from the SDK? (Or some other key?) (On the Eris, the "rom.zip" files unpacked by the RUU are prepended with a mystery blob of 256 bytes - s'pose it could be a mic/sig, but if that's what it is, it don't appear to be in a standard DSA/RSA format, and those .zip files are not signed using the .apk/.jar manifest-signing method)
FYI here's an entertaining story of an epic fail in a related area. After reviewing the fastboot sources from the android tree, I decided that I wanted to spy on the (Windows) RUU update program by sniffing the USB bus - in particular to see if it was explicitly passing signatures in .sig files. (That's an undocumented command-line behavior in fastboot.)
Turns out that recent versions of libpcap and Wireshark allow for USB bus capture on Linux - and using the "usbmon" kernel module in Ubuntu 8.04 LTS, sniffing the USB (5k packet size) seems to work without hitch, even at USB 2.0 speeds. So I took it one step further, and installed WIn Xp SP3 in a QEMU VM on the Ubuntu machine, with the intention of running the RUU updater inside the Xp VM and sniffing the USB bus in the host OS (Linux) machine.
The result? QEMU/Win Xp VM can talk to the phone in either fastboot or adb mode, but bluescreens as soon as you start to move data at any appreciable rate. Doesn't seem to be dependent on whether monitoring is taking place. I might try putting the phone behind a cheapo USB 1.1 hub, and see if that helps, but for the moment I am stopped out on this hack.
bftb0
cn.fyodor said:
jamezelle:
extract-ramdisk.sh missed #!, and the ramdisk zip file should be passed to $1 of this script.
Click to expand...
Click to collapse
it works yea sorry about the
#/bin/sh
i didnt write the scripts btw
After releasing my custom recovery and boot images several people have messaged me about how to create these images.
First, you need to read this article, carefully: http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack%2C_Edit%2C_and_Re-Pack_Boot_Images. It explains the format of these images. I suggest you try to extract the kernel and the ramdisk with a hex editor, as it will help you understand how the format works.
Afterwards, for convenience, you can use the two scripts provided in that page: unpack-bootimg.pl and repack-bootimg.pl.
You should now have two files, the kernel and the ramdisk.
Extract the contents of the ramdisk with:
Code:
gunzip -c ramdisk.cpio.gz | cpio -i
You can now proceed to alter what you wish, in the ramdisk.
For repacking, I use the tools provided in the Android 1.6 SDK. You need to download it from http://developer.htc.com/. After compiling the SDK, you should have (among others) these two tools: mkbootfs and mkbootimg.
To recreate the ramdisk, use the following command (assumes ramdisk in ramdisk folder):
Code:
mkbootfs ramdisk | gzip > ramdisk.gz
And now, to recreate the image:
Code:
mkbootfs [b]--base 0x2e00000[/b] --cmdline 'cmdline: no_console_suspend=1 console=null' --kernel kernel.gz --ramdisk ramdisk.gz -o my_new_boot_image.img
The only tricky part, and where I guess everyone is having problems, is with the --base 0x2e00000 option. This is the base address for the kernel and, without this, your Tattoo will hang at boot.
Do not try to create custom images unless you are fully aware of what you're doing. YOU CAN BRICK YOUR DEVICE
Best of luck
Thanks a lot mainfram3!
I'll base CoburnROM's boot.img off yours, and then we'll go from there.
All we need now is a how to on make your own system.img (either taking a RUU system and gutting the crap out of it or using one that a member has precompiled as a base) and we'll be set for cookin' ROMs with gas. Want fries with dat?
Thanks a million!
Cool! You have dispeled the clouds.
mf3: How did you know that base address of the kernel? I repacked the boot.img file without the option '--base xxx', that's why this one bricked my tattoo i think.
Thanks, you did the great job.
BTW, I break through this cloud by using HEX editor to comparing your image and mime and found that the kernel address, ramdisk address are different. But I don't know why... Would you mind to tell us why and how you find it??
huchengtw said:
Thanks, you did the great job.
BTW, I break through this cloud by using HEX editor to comparing your image and mime and found that the kernel address, ramdisk address are different. But I don't know why... Would you mind to tell us why and how you find it??
Click to expand...
Click to collapse
See at kernel sources at the file:
arch\arm\mach-msm\include\mach\memory.h
.....
/* physical offset of RAM */
#if defined(CONFIG_ARCH_MSM7225) || defined(CONFIG_ARCH_MSM7625)
#define PHYS_OFFSET UL(0x02E00000)
.....
I think there it is ......
cya
Well, actually I got the base address from looking at bootimg.h, to understand the structure of the header in the image files.
I then figured out the the kernel base address in the boot.img and recovery.img from the rom.zip (from the RUU) and compared it against the kernel address in the images I was creating. After that, I adjusted the arguments to mkbootimg so that it would generate a file with the same address as the originals.
i am trying to put together a recovery for the Sholes XT701. obviously i am missing this base offset because it hangs at boot. i was looking in the memory.h file and see the following but this is for the ram. where can i find the base offset for the kernel? that is what i need right?
Code:
#elif defined(CONFIG_MACH_SHOLES_UMTS) || defined(CONFIG_MACH_MAPPHONE)
#define PHYS_OFFSET UL(0x80C00000)
do you have a bootimg.h ? mainfram3 got his information from there...
Did you tried to put all in a rom.zip and replace the one that comes with Ruu WWE? IF the addresses are the same maybe it will flash your custom rom.
mainfram3 said:
Well, actually I got the base address from looking at bootimg.h, to understand the structure of the header in the image files.
I then figured out the the kernel base address in the boot.img and recovery.img from the rom.zip (from the RUU) and compared it against the kernel address in the images I was creating. After that, I adjusted the arguments to mkbootimg so that it would generate a file with the same address as the originals.
Click to expand...
Click to collapse
sorry,but how to create recovery.img?
is boot.img==recovery.img?
mainfram3 said:
And now, to recreate the image:
Code:
mkbootfs [b]--base 0x2e00000[/b] --cmdline 'cmdline: no_console_suspend=1 console=null' --kernel kernel.gz --ramdisk ramdisk.gz -o my_new_boot_image.img
Click to expand...
Click to collapse
Hi,
isn't it mkbootimg instead of mkbootfs to create an image?
Moreover, the script repack-bootimg.pl doesn't work for me. But your method using mkbootfs works well.
Thanks.
can an expert help me out? I have 2 recoveries, both of which can be flashed to my phone without any problem, except I have troubles using them.
Recovery X can be used without any problem, all the options work and I can perform nandroid backup and restore perfectly fine. However, it's missing the option to flash a custom rom from the memory card.
Recovery Y supports all the options, including the option to flash a custom rom from the memory card. However, it's not made specifically for my phone, which means that none of the buttons on my phone work. Therefore, I can only navigate through the options up or down, but I can't select it or go back.
My phone is a chinese clone btw, the brand is STAR A1000. That's why there aren't many properly made recoveries available for it. Anyway, since Recovery X works, I was wondering if someone could just compare the 2 recoveries and just change the button mappings on Recovery Y, as you can simply take the button mapping from Recovery X and that's it?
I dunno how to do it and don't wanna risk bricking my phone or anything, so if someone can kindly help me out that would be great.
I don't have this phone, but isn't there a keychars.pl file under /usr/"don't know the name anymore"/? there are files assigning an action to a pressed key - you just have to compare the keychars file from X and Y and change the Y keychars accordingly. Hope that helps, since I also never did this before.
Oh well I didn't know that
I dunno anything about creating a recovery or boot image. All I know is how to flash it and root the phone, i.e just the basic stuff.......
would you be able to help me compare the files and make the changes?
Here's the link to the files:
http://forum.xda-developers.com/attachment.php?attachmentid=740516&d=1317801095
http://forum.xda-developers.com/attachment.php?attachmentid=737495&d=1317534773
the first link is the recovery that is currently working for me, but doesn't have the option to flash a firmware from the memory card. It's a modified version of the ClockworkMod Recovery v4.0.0.5.
as for the 2nd link, please extract just the "a1000.img" recovery. My phone is the STAR A1000 and that's the recovery that contains all the options, except the buttons don't work on it. It's also in chinese but I can read it. So ya, I just need someone to remap the buttons that work in the "cw.img" recovery and copy that to the "a1000.img" recovery....
I have already successfully removed the boot and shutdown animations (incl. sound) via "adb shell" commands:
Code:
su
mount -o remount,rw /dev/mtdblock3 /system
mv /system/media/bootani.qmg /system/media/_bootani.qmg
mv /system/media/samsungani.qmg /system/media/_samsungani.qmg
mv /system/media/video/shutdown/shutdown.qmg /system/media/video/shutdown/_shutdown.qmg
mv /system/media/audio/ui/PowerOff.wav /system/media/audio/ui/_PowerOff.wav
mv /system/etc/PowerOn.snd /system/etc/_PowerOn.snd
mv /system/etc/PowerOn.wav /system/etc/_PowerOn.wav
mount -o remount,ro /dev/mtdblock3 /system
exit
or just download the attached shell script and execute it as su:
adb push nobootani.sh /data/local/nobootani.sh
adb shell
Code:
su
cd /data/local
chmod 777 nobootani.sh
./nobootani.sh
exit
Btw the tablet now boots much faster.
But the boot splash screen from Samsung is still there.
EDIT:
I found out that the boot logo is actually a JPEG image located in the Secondary Bootloader (sbl.bin) on partitions bml4 and bml5 (both are identical on my Tab).
The partion layout seems to be the same as for the Galaxy S series:
http://forum.xda-developers.com/wiki/index.php?title=Samsung_Galaxy_S#Modifications
(here you can also find the secret codes to check firmware etc.)
This command gives the partition info:
cat /proc/LinuStoreIII/bmlinfo
To dump any partition (e.g. SBL) to SD card:
dd if=/dev/block/bml4 of=/sdcard/bml4_dump bs=1
I attached the extracted boot logo.
Thanks xdadevel,
Followed your instructions above and it worked like a charm - my Tab boots up MUCH faster now.
I think to remove the Samsung boot logo you would have to edit something like init.rc in the bootimg, repackage it, and then copy it across.
Im trying to do this and get
Can not mount permission denied.
Failed for bootani.qmg, Read-only system file.
Any ideas?
xdadevel said:
I have already successfully removed the boot and shutdown animations (incl. sound) via "adb shell" commands:
Code:
su
mount -o remount,rw /dev/mtdblock3 /system
cd /system/media
rm bootani.qmg
rm samsungani.qmg
cd /system/media/video/shutdown
rm shutdown.qmg
cd /system/media/audio/ui
rm PowerOff.wav
cd /system/etc
rm PowerOn.snd
rm PowerOn.wav
mount -o remount,ro /dev/mtdblock3 /system
exit
Btw the tablet now boots much faster.
But the boot splash screen from Samsung is still there.
I've been reading about the methods for other Samsung devices, such as:
flashing a PDA tar with Odin
fastboot flash splash1
packing the logo png as an update.zip
None of these worked.
Instead I bricked my tablet and flashed "P1_20100909.pit" and "GT-P1000_P1000XXJK1.rar" (from samfirmware.com) to make it work again.
Click to expand...
Click to collapse
Very easy, thanks for the idea! I copied the files to my external SDcard just in case though... Maybe it would be nice for you to remind people of that. Cheers!
mklass said:
Im trying to do this and get
Can not mount permission denied.
Failed for bootani.qmg, Read-only system file.
Any ideas?
Click to expand...
Click to collapse
Have you rooted your phone?
smithdc said:
Have you rooted your phone?
Click to expand...
Click to collapse
Yes it is
Cheers
I hope this work on the US TMobile verison?
Sent from my Samsung Galaxy Tab
It does work on the U.S. TMobile tab, I tried it. to me it boots faster, but seems to shut down slower.
Thanks! I follow your instruction but instead of deleting, I just rename them with .old extension (maybe one day will need them.. who knows.. )
Now it boot much faster!!
Hi,
is there any way to replace the boot logo?
deafjam said:
It does work on the U.S. TMobile tab, I tried it. to me it boots faster, but seems to shut down slower.
Click to expand...
Click to collapse
Thanks in might give it a shot.
Sent from my Samsung Galaxy Tab
So again is there a way to replace the boot logo?
Sent from my GT-P1000 using XDA App
saintxseiya said:
So again is there a way to replace the boot logo?
Click to expand...
Click to collapse
As I pointed out in the first post the boot logo is located in the secondary bootloader partition which an ARM binary. The logo is not accessible via the file system. You would have to dump this binary, modify it and flash it again (e.g. with Odin).
The risk is that if something goes wrong (corrupted binary, signature check failed etc.) your device will not boot anymore. Not even into the flashing mode because it is also part of the secondary bootloader.
Such perma brick can maybe reverted with professional tools like JTAG if you are willing to disassemble your device.
http://www.ifixit.com/Teardown/Samsung-Galaxy-Tab-Teardown/4103/1
Noone so far seemed to replace the boot logo successfully.
One way could be to overwrite the original jpeg (see first post) with a black jpeg of exactly the same size (=20701 bytes). If there's no signature check and the jpeg format is valid this should work.
xdadevel said:
As I pointed out in the first post the boot logo is located in the secondary bootloader partition which an ARM binary. The logo is not accessible via the file system. You would have to dump this binary, modify it and flash it again (e.g. with Odin).
The risk is that if something goes wrong (corrupted binary, signature check failed etc.) your device will not boot anymore. Not even into the flashing mode because it is also part of the secondary bootloader.
Such perma brick can maybe reverted with professional tools like JTAG if you are willing to disassemble your device.
http://www.ifixit.com/Teardown/Samsung-Galaxy-Tab-Teardown/4103/1
Noone so far seemed to replace the boot logo successfully.
One way could be to overwrite the original jpeg (see first post) with a black jpeg of exactly the same size (=20701 bytes). If there's no signature check and the jpeg format is valid this should work.
Click to expand...
Click to collapse
Thanks for the answer!
I searched the net also about these mysterious qmg Files, i do not understand why is Samsung using that kind of files, it just makes us unhappy not to customize the tabs
thanks worked very well, however, I have the t-mobile tab and the t-mobile splash screen stills shows up on boot is there any way to get rid of that one or is it similar to the samsung one that your having trouble removing?
Just flash an unbranded firmware, they will be gone then
Sent from my GT-P1000 using XDA App
xdadevel said:
Noone so far seemed to replace the boot logo successfully.
One way could be to overwrite the original jpeg (see first post) with a black jpeg of exactly the same size (=20701 bytes). If there's no signature check and the jpeg format is valid this should work.
Click to expand...
Click to collapse
Actually it works to overwrite the boot logo in sbl.bin with a custom jpeg file. The size must be less or equal 20701 bytes. I filled the remaining bytes of the original jpeg data with 0x00 but be careful NOT to overwrite the bytecode after the jpeg!!
When booting the device I can see the custom logo for 2-3 seconds.
After that, however, the Samsung boot logo shows up again!
Must be located in another place as well.
This sounds great! Could you make a quick tut how to do that exactly please?
Is there a virtual testlab for the tab or an emulator?
Sent from my GT-P1000 using XDA App
saintxseiya said:
This sounds great! Could you make a quick tut how to do that exactly please?
Is there a virtual testlab for the tab or an emulator?
Sent from my GT-P1000 using XDA App
Click to expand...
Click to collapse
No, unfortunately not. Just flash the european firmware
kg4mxz said:
No, unfortunately not. Just flash the european firmware
Click to expand...
Click to collapse
I am already on jk5 i want to customize my tab.
Sent from my GT-P1000 using XDA App
If somebody want to replace provider/operator/or any other splash screen on Huawei device just do as follow:
Root required
First way:
Install Adb and Fastboot
Download this utility to ADB folder on PC
By Windows CMD go to ADB folder and use this commands:
(observe phone and make appropriate permissions if needed)
adb shell su -c "dd if=/dev/block/platform/hi_mci.0/by-name/oeminfo of=/sdcard/oeminfo"
adb pull /sdcard/oeminfo oeminfo
Make copy original oeminfo file
Download stock HW splash (logo) or make your own picture *.bmp. Bitmap resolution should match your device resolution (1080x1920 pixels). Put it to ADB folder.
In ADB folder use commands:
oem_logo.exe oeminfo logo.bmp
adb push oeminfo /sdcard/oeminfo
adb shell su -c "dd if=/sdcard/oeminfo of=/dev/block/platform/hi_mci.0/by-name/oeminfo"
adb rm -f /sdcard/oeminfo
Reboot
More options described here.
Second way:
Download this (translated bye me) utility
Unzip and use it
Additionally:
If you want to use Huawei stock splash screen you can install this file by custom recovery. It replace any splash screen you have installed by original HW.
Off course you can use this script to installing your own logo. Just replace file \dev\block\platform\hi_mci.0\by-name\oeminfo in downloaded zip by your own file created accordingly to above first method (by oem_logo.exe).
All credits to:
Kostyan_nsk
wistonbogarde
For my just click thanks
Notice !
Everything you are doing on your own RISK !
nice ,but warning oeminfo contain such things as IMEI
Z!L0G80 said:
nice ,but warning oeminfo contain such things as IMEI
Click to expand...
Click to collapse
Are you sure? I'dont think so. At least, I was unable to find IMEI there. And it would be too easy to change IMEI if it could be in oeminfo partition...
Kostyan_nsk said:
Are you sure? I'dont think so. At least, I was unable to find IMEI there. And it would be too easy to change IMEI if it could be in oeminfo partition...
Click to expand...
Click to collapse
imei is crypted by aes key, oeminfo probably contain some other phone related information I DONT RECOMENDED TO FLASH THIS < YOU CAN PROBABLY BRICK YOUR PHONE
hi Kostyan_nsk and z!log80 !
I have recently flashed oeminfo.img without isssues (thanks again Kostyan_nsk)
I wanted to give it a try and ask please Kostyan_nsk or z!log80 for a brief explanation about how oem_logo.exe performs the bitmap replacement. Is it possible to mount oeminfo.img browse its file system and replace a particular file, or is it by searching bitmap signature, …?
Thanks Ziolek67 for starting this thread :laugh:
Printusrzero said:
hi Kostyan_nsk and z!log80 !
I have recently flashed oeminfo.img without isssues (thanks again Kostyan_nsk)
I wanted to give it a try and ask please Kostyan_nsk or z!log80 for a brief explanation about how oem_logo.exe performs the bitmap replacement. Is it possible to mount oeminfo.img browse its file system and replace a particular file, or is it by searching bitmap signature, …?
Thanks Ziolek67 for starting this thread :laugh:
Click to expand...
Click to collapse
do you have same imei as before ? oeminfo doesnt contain filesystem - no mount
yes, same as before
if no file system or mount then I guest search for a pattern or dedicated tool to package... I have been trying to find further more precise information about oeminfo.img but had not found much so far. I would appreciate if you can contribute to make this a bit clearer for me
thanks
[Edited]
After a bit of research I have found other mods for factory device location, etc. writing to particular offsets, tools to modify, backup and restore oeminfo.img. It is a data store. No embedded code. Thnx!
Z!L0G80 said:
imei is crypted by aes key, oeminfo probably contain some other phone related information I DONT RECOMENDED TO FLASH THIS < YOU CAN PROBABLY BRICK YOUR PHONE
Click to expand...
Click to collapse
Eazy. I tried it many times... It works perfectly. I never publish potentially dangerous untested features.
Z!L0G80 said:
imei is crypted by aes key, oeminfo probably contain some other phone related information I DONT RECOMENDED TO FLASH THIS < YOU CAN PROBABLY BRICK YOUR PHONE
Click to expand...
Click to collapse
I flashed whole oeminfo partition from other device and my IMEI stayed the same. As I supposed, it's somewhere else, but not in oeminfo partition. You are wrong.
You must NOT be alarm
Kostyan_nsk said:
I flashed whole oeminfo partition from other device and my IMEI stayed the same. As I supposed, it's somewhere else, but not in oeminfo partition. You are wrong.
Click to expand...
Click to collapse
Do not worry, I also used HW-OEM_LOGO.ZIP to change the booting logo for the original one, and my IMEI is the same as I bought it in the store, so do not be alarmed !!!!:laugh:
Also worked on P8 B321, IMEI stayed the same.
Download links not working, could someone provide new ones please?
Fedroid said:
Download links not working, could someone provide new ones please?
Click to expand...
Click to collapse
Hi!
You can to use the last version File, this is for change the intial Logo and/or bootanimation.
Thanks!
For digital wellbeing reasons* I'd like to lock myself out a handful of websites by redirecting them to local.
I've tried to follow the guideline using Magisk, only to nearly brick my phone (a friend had to flash the original image). What is the easiest way to simply modify the hosts file without changing too much?
lg lngo
I've been using this Magisk module for a long to block Ads. Just edit etc/hosts and install!
That means you recommend to simply follow this guideline and install Magisk including this plugin?
It may be that the websites you are concerned about are blocked in the hostlist that AdAway would install. If your phone is rooted, consider installing AdAway. I think it can only be installed using F-Droid.
@Rafiul Bari Chowdhury: I edited the hosts file in your zipped module, run it in Magisk: worked fine, after restart I saw the changes (shell cat /etc/hosts). However, after locking it again the device is bricked. I'm looking how to flash the factory image again.
Any ideas what went wrong? Is it not possible to edit root files and relock the phone again so it seems "normal"?
Edit: re-unlocked the phone and it works again. Reset OS (and hosts file), but works. When locked again: "Can't find valid operating system". Any ideas?
Fnokrer said:
@Rafiul Bari Chowdhury: I edited the hosts file in your zipped module, run it in Magisk: worked fine, after restart I saw the changes (shell cat /etc/hosts). However, after locking it again the device is bricked. I'm looking how to flash the factory image again.
Any ideas what went wrong? Is it not possible to edit root files and relock the phone again so it seems "normal"?
Edit: re-unlocked the phone and it works again. Reset OS, but works. When locked again: "Can't find valid operating system". Any ideas?
Click to expand...
Click to collapse
i doubt the phone is bricked. it is either locked up that you can force off by holding down power + vol up + vol down all 3 at the same time for 15 to 30 seconds to force off. you can get into boot loader by power + vol down. then flash the stock image from https://developers.google.com/android/images#barbet
make sure you have the google usb drivers and use chrome installed or nothing work when trying to flash back to stock.
it pretty hard to mess up the bootloader section of the phone. it can be done but you would have to flash a corrupt image to the boot partition.
i use to use adaway https://github.com/AdAway/AdAway/releases/tag/v5.12.0 if i remember right you can modify the host file using that apk
I did id all over again: Flashed latest firmware (barbet-sp2a.220305.012), installed Magisk acc. to Guideline here in the forum. Same result.
Phone wasn't bricked, Boot loader worked fine all the time, sorry for unprecise description. Editing the hosts file simply doesn't last (maybe I have to change the file on partition A and b??!) and 2nd, if locked again the phone won't find the OS.
Gives me two questions:
1.) how actually does the script from Rafiul Bari Chowdhury work, how can it replace the hosts file while I can't do it manually due to read-only partition.
2.) If I change both partitions, A and B, would the change last after I lock the phone again? Then how do I do it and how do I make sure the OS is found.
Is it even possible to change system files and go back into "locked" mode again without any other impacts?
Fnokrer said:
I did id all over again: Flashed latest firmware (barbet-sp2a.220305.012), installed Magisk acc. to Guideline here in the forum. Same result.
Phone wasn't bricked, Boot loader worked fine all the time, sorry for unprecise description. Editing the hosts file simply doesn't last (maybe I have to change the file on partition A and b??!) and 2nd, if locked again the phone won't find the OS.
Gives me two questions:
1.) how actually does the script from Rafiul Bari Chowdhury work, how can it replace the hosts file while I can't do it manually due to read-only partition.
2.) If I change both partitions, A and B, would the change last after I lock the phone again? Then how do I do it and how do I make sure the OS is found.
Is it even possible to change system files and go back into "locked" mode again without any other impacts?
Click to expand...
Click to collapse
did you try adb shell then su ? you can try chmod -R 775 or 777 a file to give full permisions. you probably could get away with just 660 for read and write without execute command. so chmod -R 660 (filename) should allow you to change the file permisions and allow you to write to the file.
as for relocking. i usually leave mine unlocked. i think if you relock it does a verification process of the rom. not sure on that one. maybe a developer can answer that question.
Hey I am trying to figure this out. did OP ever find an answer?
For me, I am on a pixel 5 with android 13, a phone I got from Backmarket. It is an "Unlocked" pixel 5. I thought this would make things easier. According to an article, pixel 5 is "one of the easiest phones to root"
:/
The phone is not A/B, only A
I pulled the magisk image using adb to the file with platform tools
I tried sideloading a hosts file through ADB but I got Error 21.
I have tried rooting the phone with Magisk boot.img but it fails because in Fastboot "Remote: failed to write to partition not found" and in FastbootD there is also an error.
SU is not found when I attempt to use the adb shell. It is Greyed out in the Magisk App
I have mounted the /system with Recovery but then I receive "Remote: no such file or directory"
I am using the most current Platform tools.
Any advice? Really I just want to edit the hosts file
Gnome_chomsky said:
Hey I am trying to figure this out. did OP ever find an answer?
For me, I am on a pixel 5 with android 13, a phone I got from Backmarket. It is an "Unlocked" pixel 5. I thought this would make things easier. According to an article, pixel 5 is "one of the easiest phones to root"
:/
The phone is not A/B, only A
I pulled the magisk image using adb to the file with platform tools
I tried sideloading a hosts file through ADB but I got Error 21.
I have tried rooting the phone with Magisk boot.img but it fails because in Fastboot "Remote: failed to write to partition not found" and in FastbootD there is also an error.
SU is not found when I attempt to use the adb shell. It is Greyed out in the Magisk App
I have mounted the /system with Recovery but then I receive "Remote: no such file or directory"
I am using the most current Platform tools.
Any advice? Really I just want to edit the hosts file
Click to expand...
Click to collapse
Don't do this method...
Once you're rooted with Magisk, open Magisk and go to settings and tap Systemless hosts. This installs the Systemless Hosts module. Then you can just use an app like AdAway (https://f-droid.org/en/packages/org.adaway/) and block the domains you want there.