Hi.
My problem is on a SGSII, but I suppose it could be on any phone.
All last rom I flashed had problems with adb : after flashing, I am unable to use some adb command. For example :
Code:
$ adb uninstall <mypackage>
/sbin/sh: pm: not found
the pm script exists in /system/bin, but is not useable "as is" because it lacks of "#!/system/bin/sh" on the first line.
What I have to do is
Code:
mount -o remount,rw - /
echo '#!/system/bin/sh' >/sbin/am
cat /system/bin/am >>/sbin/am
chmod 0777 /sbin/am
echo '#!/system/bin/sh' >/sbin/pm
cat /system/bin/pm >>/sbin/pm
chmod 0777 /sbin/pm
mount -o remount,ro - /
And then it works again.
But my problem is that on each reboot I have to do this again.
So my questions are :
- do you know why those rom (I'm actually using Lite'ning) does not have those scripts ?
- how can I make those change permanent ? how /system is build ? for example, there is a "build.prop" file in it but it is nowhere else on my phone ...
Thanks a lot for your help !
Mike
The problem is twofold. First, a proper shell script should have the first line as a path to the command interpreter ("#!/system/bin/sh"), but for some reason, am and pm scripts don't have this. The second part of the problem is that the default shell as shipped in the AOSP code base ignores that line and happily executes these broken shell scripts. Depending on just how your rooted ROM was cooked, you may have any of a number of shell interpreters; bash, busybox sh, and the original sh being the most common. Bash is more tolerant of broken scripts, but the busybox interpreter won't execute these.
I don't know why your editing doesn't keep between boots though. It seems it should based on what's posted above. I don't have any knowledge of the internals of the SGSII so you probably need to ask that question in a forum dedicated to that device.
Tanks for your reply.
OK, it don't work anymore because default shell has been changed.
2 questions remains :
- why those scrips are not any more in /sbin
- why they don't stay when I reboot.
If anybody knows ...
I'll try to ask on the rom maker thread ...
Mike
I must have missed that. /sbin is part of the ramdisk. It is stored in the boot image and gets expanded to RAM at every boot, so any changes in /sbin will be destroyed on next boot.
all I have to do then is find where this ramdisk and update it ? ...
I'll try and let you know
Thanks again !
mbaroukh said:
all I have to do then is find where this ramdisk and update it ? ...
I'll try and let you know
Thanks again !
Click to expand...
Click to collapse
The ramdisk is a cpio archive gzipped to save space, then concatenated with a kernel into a single file. A short header on the whole thing tells where to split the two, and the kernel command lines and some other housekeeping tasks. Together that all makes up the boot.img partition (at least this is how it is on most androids I've played with). When the bootloader launches, it loads the header that tells where the kernel is in the file. It then loads the kernel into RAM. It then passes control to the kernel. The kernel knows how to gunzip the cpio archive and how to create a ramdisk partition of the required size. It then un-archives it into the newly created ramdisk, then passes control to `init' to do the rest of the boot process.
You can't just modify the ramdisk on the device. You have to extract the whole boot.img from flash, then separate its two parts (ramdisk and kernel) then gunzip and un-archive the cpio filesystem somewhere (preferably a *nix system that understands unix permissions, simlinks, etc), then modify whatever it is you want, then archive the contents again to a cpio archive, gzip it up, then recombine it with the kernel and the appropriate header for the whole thing, then re-flash it to the NAND partition on your device where the boot.img normally resides.
Thanks !
This is my next week-end task to try all this.
I'll let you know if I succeed or not.
I will be using this thread to post my scripts and link them to other threads as needed. For this thread, I am assuming you know what you're doing. You don't need mad hacking skills and you don't need to be an expert (I'm sure as hell not), but knowing your way around the file system and basic shell scripting are helpful.
Some background: I am using the stock ROM and kernel (SGS2 - GB27, SGS4 - MDC), so all of my tips revolve around using stock and all of my scripts (even the flashable ones) will work without flashing from recovery (just extract the script from the ZIP and execute it while the phone is in phone-mode - you know... powered on ).
You are welcome to use my scripts in your apps. I only ask that you give me some credit.
I am not responsible for bricking your phone. I have only tested my scripts on my personal Samsung Galaxy S2 and S4 from Sprint. You are welcome to try on your phone, but I offer no warranties or guarantees as to whether they will work or not. Back up your ****!
All of this requires root!
Below is a list of the scripts I have written for y'alls. Enjoy.
Custom df: Shows where irregular mounts ("mount -o bind") are mounted. [ Forum post | Download ]
Currently doesn't work on my SGS4.
Easily move Phonesky.apk and GoogleServicesFramework.apk to /system or /preload for Multi DPI Play Store. [ Forum post | Download ]
Untested on my SGS4, but there's no reason to think that it won't work.
Use your SGS2's internal SD card for Link2SD instead of making a second partition on your external SD card (although, depending on the setup, you may still need to make a tiny partition on your external SD card) and your external SD card as your internal SD card [ Forum post ]
Untested on my SGS4. I have no need for it.
Clean up Link2SD: Delete files associated with Link2SD when uninstalling it. It does not revert the links Link2SD makes. It only deletes the mount scripts. [ Forum post | Download ]
If you use the debuggerd script to enable init.d, running this script will cause you to lose init.d.
Untested on my SGS4, but there's no reason to think that it won't work.
Delete Samsung's bloatware from the Sprint SGS2. [ Forum post | Download ]
Untested on my SGS4, but there's no reason to think that it won't work; however, it was written specifically for the SGS2's bloatware. See thread S4 System Apps Safe To Remove for a list of SGS4 bloatware apps.
Google Home Launcher (from Kit Kat).
Works on Jelly Bean.
Below are some other tweaks.
You can use custom boot animations with the stock ROM. All you need to do is swipe a "/system/bin/bootanimation" binary file from another ROM (such as @rujelus22's Blu Kuban FL24 (ICS) or Blu Kuban GB27 (JB 4.1.2)), paste it into "/system/bin", and make it executable.
For JB 4.2.2, make sure the user and group are root and shell respectively. This doesn't seem to be a problem with JB 4.1.2 and below. It's also possible that my initial testing involved a boot animation that didn't work on my SGS4, so if it works with root as both user and group, then roll with it. :good:
Also for JB 4.2.2, use the file from a JB 4.2.2 ROM, such as The Blu Kuban S4.
You can enable init.d scripts very easily by renaming "/system/bin/debuggerd" to "/system/bin/debuggerd.bin", replace it with the following, and make both files executable. If "/system/bin/debugger.bin" already exists, then edit "/system/xbin/busybox run-parts /system/etc/init.d" into "/system/bin/debuggerd".
As with the above, make sure the user and group are root and shell.
Code:
[color=green]#!/system/bin/sh[/color]
LOG=/data/debuggerd.log
echo "$(date)" > $LOG
echo "init.d" >> $LOG
/system/xbin/busybox run-parts /system/etc/init.d 1>>$LOG 2>>$LOG
echo "$(date) finished" >> $LOG
echo debuggerd.bin launched >> $LOG
exec /system/bin/debuggerd.bin
Below are some tips.
Most of the things you can do with a custom kernel, you can do with the stock kernel, it just requires more work and more risk.
If you replace an odexed system app with a deodexed system app, make sure you delete the app's ODEX file (it's the same file name except with the extension .odex).
Conversely: if you replace a deodexed system app with an odexed system app, you better have the ODEX file to go with it.
You can clear the dalvik-cache without a custom kernel by deleting the contents of "/data/dalvik-cache". You can even delete an individual app's dalvik-cache by finding the file "/data/dalvik-cache/[email protected]@[email protected]" or "/data/dalvik-cache/[email protected]@[email protected]" and delete it.
You can manually uninstall a system app's update by finding the file "/data/app/.apk" and delete it.
You can manually delete all user data by deleting the contents of "/data/data". You can even delete an individual app's data by finding the folder "/data/data/" and delete it.
Making scripts and binaries executable:
They must be on an EXT formatted filesystem (e.g. /data, /system, /preload).
They must be at least readable and executable by the user 'shell' (755 (read/execute for all, write only for user - "u=rwx,a=rx" if your busybox supports that method) is what I usually use).
Code:
chown root:shell ""
chmod 755 ""
chmod u=rwx,a=rx "" # busybox must support symbolic modes
Changing file permissions requires read/write access to the filesystem on which the file resides:
Code:
mount -o remount,rw /system # make the /system partition read/write
mount -o remount,ro /system # make the /system partition read only
The stock kernel is considered "production" whether or not it's rooted; therefore, you cannot use ADB to push or pull files directly to or from protected partitions, nor run ADB as root, nor use ADB's remount command, so you have to use unprotected partitions as a sort of buffer. You can, however, access the ADB shell and issue the "su" command wherein you can use "cp" to copy files to or from protected partitions prior to using ADB to push or pull the desired file. However, there is an app aptly named [root] adbd Insecure by @Chainfire that patches the ADB daemon to get around this limitation.
Example:
Code:
c:/android-sdk> adb shell
[email protected]:/ $ su
[email protected]:/ # cp /system/bin/debuggerd /sdcard/debuggerd
[COLOR="green"]-- open a new command prompt window --[/COLOR]
c:\android-sdk> adb pull /sdcard/debuggerd debuggerd
c:\android-sdk> adb push debuggerd /sdcard/debuggerd
[COLOR="green"]-- switch to the first command prompt window --[/color]
[email protected]:/ # mount -o remount,rw /system
[email protected]:/ # cp /sdcard/debuggerd /system/bin/debuggerd
[email protected]:/ # chown root:shell /system/bin/debuggerd
[email protected]:/ # chmod 755 /system/bin/debuggerd
[email protected]:/ # mount -o remount,ro /system
Some noteworthy files and folders:
/proc/self/mountinfo: If you can read it, it tells you where your partitions and folder binds are mounted.
/proc/partitions: Shows all of your SD card's partitions, how many blocks each has, and their vold numbers (eg "179 1 30578964 mmcnlk0p1").
/dev/block/platform/dw_mmc/by-name: This folder contains symlinks to your internal eMMC's partitions indexed by what they are for (eg UMS for your internal SD card - "realpath /dev/block/platform/dw_mmc/by-name/UMS" will print out the device path (ie "/dev/block/mmcblk0p11")).
/dev/block/platform/dw_mmc/by-num: This folder is like the previous except that they are indexed by partition number (eg "p11").
/proc/version: Shows what version of Linux is currently being used.
/data/system/batterystats.bin: Delete this when your battery is fully charged and still plugged in to recalibrate it.
Footnotes:
For "/data/app", "/data/data", and "/data/dalvik-cache" files you need to know the package name. There are various apps that will tell you, including Link2SD (mentioned above), Titanium Backup, and the web URL of the app in the Play Store (ex: https://play.google.com/store/apps/details?id=com.devname.appname).
More:
Random boot sound using your notification sounds
Make ADB work for all users - Jelly Bean 4.2.2 (Updated 07/15/13 00:35 MST)
Stock ROM - SGS4 - init.d
No-data restore tips
SGS4 Bloatware Remover
Make apps run faster and increase battery life
Random boot sound using your notification sounds
The attached ZIP contains a script that can be run pre or post boot. It just needs to be executable.
Preboot requires init.d. See the OP for enabling it if you are on a stock rooted ROM and requires the file to be readable and executable ("chmod 755" works fine).
Postboot requires an app such as Scripter (ROM Toolbox) or Script Manager to execute the script at boot.
Requires the variable $RANDOM. You can make sure it's available from the command line ("echo $RANDOM").
Use this script at your own risk. I provide no warranties or guarantees.
What does this script do?
Check for carrier boot up sounds (sub folders in the "/system/media/audio/ui" folder) and moves them to "/system/media/audio/notifications" renaming them as needed.
Create symlinks in the above folders to "/system/media/audio/ui/PowerOn.ogg".
Check if "/system/media/audio/notifications/PowerOn.ogg" is present and copy it to "/system/media/audio/ui/PowerOn.ogg" it's not.
Count the number of files in "/system/media/audio/notifications".
Grab a random number between 1 and the number of files found inclusive (math notation: "[1, numFiles]").
Go through "/system/media/audio/notifications" and copy the file at index random to "/system/media/audio/ui/PowerOn.ogg".
Notes:
The stock file is included. If you want a different sound in its place, you can either comment out that line in the script and delete the "/system/media/audio/notifications/<subfolder>_PowerOn.ogg" files from "/system/media/audio/notifications" or just replace "/system/media/audio/notifications/PowerOn.ogg" with some other sound file and still delete the "/system/media/audio/notifications/<subfolder>_PowerOn.ogg" files from "/system/media/audio/notifications".
If you want more sounds, just copy them to "/system/media/audio/notifications" (OGG files only).
The script does not check for valid files and blindly renames the destination file to "PowerOn.ogg".
It does not look in "/sdcard/media/audio/notifications" or anywhere else for audio files.
I do not recommend using alarms or ringtones files as they are usually looped which can cause the media scanner to get stuck and overheat your phone or tablet - those files may continue to play even if you can't hear them.
If you can't hear a sound on boot, it is likely that the file is either invalid or has no audio (ex: my /system/media/audio/ui/BST/PowerOn.ogg has no audio).
It was tested and works on a Samsung Galaxy S2 (stock JB 4.1.2) and a Samsung Galaxy S4 (stock JB 4.2.2) both from Sprint and using stock kernels.
There's no obvious reason it won't work on other phones and tablets with other ROMs from other carriers.
Nice work E.
cerj said:
Nice work E.
Click to expand...
Click to collapse
:good:
Make ADB work for all users - Jelly Bean 4.2.2 (Updated 07/15/13 00:35 MST)
With Android 4.2.2, ADB now requires RSA keys. This poses a problem when attempting to connect to the device's ADB server from the device itself and the device won't ask for authorization unless it's connected via USB. Well, there's hope, yet.
For the following, I'm assuming you used my method for adding init.d support to your device.
Use these scripts at your own risk. I provide no warranties or guarantees.
Add the following script to /system/bin/debuggerd. If you use an alternate method, please note that it must be executed by the debugger daemon. You must do this first or you'll have to manually restart the debugger daemon after editing this file and executing the run-once script (next step), so edit this file first and save it.
Code:
if [ ! -e "/.android" ]; then
busybox mount -o rw,remount /
mkdir /.android
mount -o bind /data/.android /.android
busybox mount -o ro,remount /
fi
Then run this script once from the device (not over ADB on your PC).
Code:
[COLOR="Green"]#!/system/bin/sh[/COLOR]
HOME=/data
adb kill-server
adb start-server
stop adbd
cat /data/.android/adbkey.pub >> /data/misc/adb/adb_keys
echo "" >> /data/misc/adb/adb_keys # Add a blank line at the end of the file
start adbd
HOME=/
adb kill-server
stop debuggerd
start debuggerd
Notes:
You can also find the abdkey.pub file on your Windows' PC here, C:\Users\<user name>\.android\adbkey.pub. Copy it to your device by whatever means necessary, then append it to /data/misc/adb/adb_keys and you won't need to initially use the USB to allow the PC connection. Not really necessary unless your PC has no USB or you've broken your USB cable.
This may have inadvertently corrected the mounting issue introduced in Jelly Bean 4.2.2.
You can also allow other Android 4.2.2 devices, but it requires ADB version 1.0.31 and for you to manually append the contents of /data/.android/adbkey.pub from device A (the one you want to use to ADB on) to /data/misc/adb/adb_keys on device B (the target device).
Don't delete /data/.android
This won't fix apps. Just allow you to use ADB to connect to your device from itself.
Tested on my SGS4. No reason it won't work on other devices.
If you already have a /data/.android directory, you may not need to do this. On my SGS4, HOME defaults to "/" which the ADB daemon can't write to, so it can't make the RSA key.
The run-once script temporarily changes HOME to "/data", a writable directory, so the ADB daemon can write the RSA key then it append it to the allowed clients file then restarts the debugger daemon thus binding /data/.android to the /.android directory allowing all Linux users ADB access to the device.
Reassigning HOME to a new value on one user only changes its value for that user which is why I'm binding /data/.android to /.android.
Code:
# Example
[email protected]:/ $ echo $HOME
/
[email protected]:/ $ HOME=/data
[email protected]:/ $ echo $HOME
/data
[email protected]:/ $ su 1000
[email protected]:/ $ echo $HOME
/
Alternatively (much easier):
Make the .android folder in /data (mkdir /data/.android).
Add the script, the first code block in this post, to your debuggerd file or an init.d script.
Restart the debugger (stop debuggerd; start debuggerd) or reboot the phone.
Restart ADB (stop adbd; start adbd).
Copy the newly created public key to the allowed clients (cat /data/.android/adbkey.pub >> /data/misc/adb/adb_keys; echo "" >> /data/misc/adb/adb_keys).
Restart the ADB server (adb kill-server; adb start-server).
SGS4 Bloatware Remover
I have written a live-script to delete all of the SGS4 bloatware except GoogleContactsSycAdapter and SecLauncher3. If you want to delete those, remove the "#" from that line in the script. If you want to exclude an app, add a "#" to that line and put the app name in quotes (ie AppName / becomes "#AppName" / (including the forward slash) or just remove that line. If you remove the last item (YouTube in this case), remove the forward slash from the previous line.
Use this scripts at your own risk. I provide no warranties or guarantees.
What this script does:
Move the app's APK and ODEX to /sdcard/SystemAppsBackup.
Delete its dalvik-cache.
Reboot the phone. If it doesn't reboot, you'll have to do this yourself.
What this script does not do:
Delete the app's data. Because the script doesn't know the package name.
Delete its Play Store update (located in /data/app). Because the script doesn't know the package name.
Mount the SD card if it's not mounted. If you want backups, make sure the SD card is mounted.
Care if you delete a system app you wanted to keep. Most apps that you would want to keep may be available in the Play Store.
Restore apps.
Notes:
Apps will crash left and right when you execute this script in running mode. Don't fret, this is normal.
This is a live-script which means you have to manually execute the script either with a terminal emulator, a script executor like Scripter, or ADB.
This is not flashable.
If executing via ADB in Recovery mode, you may need to mount the SD card to /storage/sdcard0 manually or settle for no backups.
If you restore an app from /sdcard/SystemAppsBackup, make sure you get the ODEX file if present and set the permissions for both to 644.
This list is based off the list in the thread, S4 System Apps Safe To Remove.
Here You Go Guys, I took me about 30 mins, but I have successfully added all the app in the Op to a flashable Zip.
The Zip is base of TrulyClean v1.6 script code, I just deleted his ;delete/system/...apk and replaced it with all the ones from the OP
bigtobitobs said:
Here You Go Guys, I took me about 30 mins, but I have successfully added all the app in the Op to a flashable Zip.
The Zip is base of TrulyClean v1.6 script code, I just deleted his ;delete/system/...apk and replaced it with all the ones from the OP
Click to expand...
Click to collapse
Looks like you're deleting bloatware, perhaps you should post that in the right thread... or at least a more appropriate thread.
Sent from my SGS4.
egingell said:
Looks like you're deleting bloatware, perhaps you should post that in the right thread... or at least a more appropriate thread.
Sent from my SGS4.
Click to expand...
Click to collapse
LOL OMG I am so sorry, I had multiple tabs open and put this in the wrong forum. Please Delete
bigtobitobs said:
LOL OMG I am so sorry, I had multiple tabs open and put this in the wrong forum. Please Delete
Click to expand...
Click to collapse
Would that I could.
Sent from my SGS4.
Make apps run faster and increase battery life using Xposed App Settings.
Did you install GravityBox on your SGS4 then uninstall it and now you can't hear your games or music?
I think it has to do with GravityBox's "Volume Steps" option not undoing when GB is uninstalled. This is how I fixed it (forum post).
Stock ROM - SGS4 - init.d
I recently found out that my debuggerd hack to enable init.d support on my stock SGS4 wasn't working. So, I did this and now it works.
Make a file named "install-recovery.sh" and drop it into /system/etc. Whatever script you put in here will execute at boot up so long as the user/permissions are correct.
Code:
chown shell:shell "/system/etc/install-recovery.sh"
chmod 755 "/system/etc/install-recovery.sh"
chmod u=rwx,a=rx "/system/etc/install-recovery.sh" # busybox must support symbolic modes
Use this script at your own risk. I provide no warranties or guarantees.
My "/system/etc/install-recovery.sh" script:
Code:
[COLOR="Green"]#!/system/bin/sh[/COLOR]
LOG="/data/install-recovery.log";
echo "Executing install-recovery.sh" > $LOG;
echo "" >> $LOG;
echo "$(date) install-recovery hack..." > $LOG
echo "" >> $LOG
echo "init.d" >> $LOG
[COLOR="green"]# I can't get run-parts to work for some reason, but this will run every *.sh script in /system/etc/init.d as root.[/COLOR]
for N in /system/etc/init.d/*.sh; do
su -c "$N" 1>>$LOG 2>>$LOG
done;
Notes:
Mount binding (in JB 4.2.2+) seems to work. E.g. mount -o bind /folder1 /folder2
$(date) does not provide the correct date (mine said: "Wed Apr 15 13:24:13 MST 1970").
The Package Manager is not available. (There may be other unavailabilities, but I don't intend to test it thoroughly.)
Somethings I discovered recently while doing a no-data system restore for the second time in the same night and some tips relating to system restores:
* When doing a no-data restore, disabled/frozen system apps remain disabled.
* Apps that can't be disabled even with Titanium Backup will not remain disabled after a reboot and will sometimes crash/FC repeatedly until uninstalled.
* If an app won't open or FCs, try converting it to a system app and back to user app or vice versa.
* Don't integrate system app updates into the ROM. In the event that you have to do a no-data restore, those updates will be retained.
* Don't convert user apps to system apps for the same reason.
* Disregard the previous two tips if disk space is a problem. It's just more time consuming (redownloading updates, reintegrating, and reinstalling) after a restore.
* Save all modified system files, such as /system/bin/debuggerd, /system/build.prop, /system/etc/install-recovery.sh, and if your ROM uses /system/etc/unit.d, any modified or extra files there. If you use them, you'll need them after a restore.
* For a smoother post no-data restore, use Titanium Backup's labels so you can batch-uninstall those pesky system apps you don't want.
SGS2 - JB 4.1.2 GB27
SGS4 - JB 4.2.2 MF9
any command for updater script to make directory in root of android ??
HassanMirza01 said:
any command for updater script to make directory in root of android ??
Click to expand...
Click to collapse
Creating directories in / and all the files contained therein must be redone on every boot. That said, you just need to make root writable and make the directory.
mount -o remount,rw /
mkdir /whatever
mount -o remount,ro /
Note: Every time you wish to create, modify, or delete files you'll have to make root writable.
Sent from my LG-H811 using Tapatalk
egingell said:
Creating directories in / and all the files contained therein must be redone on every boot. That said, you just need to make root writable and make the directory.
mount -o remount,rw /
mkdir /whatever
mount -o remount,ro /
Note: Every time you wish to create, modify, or delete files you'll have to make root writable.
Sent from my LG-H811 using Tapatalk
Click to expand...
Click to collapse
Actually.... I wanna add some files within folder in root of android root... So i need to use above three commands nd then after making directory, i should extract files to that folder ??
HassanMirza01 said:
Actually.... I wanna add some files within folder in root of android root... So i need to use above three commands nd then after making directory, i should extract files to that folder ??
Click to expand...
Click to collapse
Yes.
Sent from my LG-H811 using Tapatalk
:good:
The stock recovery on the Nook Simple Touch has a routine to restore the device to factory state, wiping everything in the process. It is initiated on the 8th unsuccessful boot (unsuccessful := interrupted before the boot counter could be reset). The image is stored on the "/misc" partition, /dev/block/mmcblk0p3, as /factory.zip. On my device, it's version 1.0.1 (file size: 108460423, MD5 sum: 3ae0d4d9869330dec639a7da9c50fa72). Not very useful. So, how about customizing it? Or at least upgrading it to stock 1.2.1?
When restoring to factory state, the /cache and /data partitions are wiped independently by the stock recovery. As for the files inside the ZIP, there is no difference between the factory image and the OTA (over-the-air) update (nook_*_update.zip). The format of both files is the standard Edify ("updater-script") style. If you have your own script you can put it there for easy restoration. If you don't, you can at least upgrade the factory image there to 1.2.1, the latest version. The example is for the latter case, but all the steps will be the same, except the first one.
Please do not follow these instructions blindly. Instead, read them critically and adjust to your situation, adding extra steps such as backups where necessary. Make sure that you don't mind if everything from your device is erased in the process.
Remove B&N cruft from the ZIP update header
Start with the file nook_1_2_update.zip (get it here from B&N). Make sure you have the right file: size 121323347, MD5 sum: 30822c2927482380c325a47dc060daee. Note that while a well-formed ZIP file starts with the letters "PK" (from the initials of Phil Katz, the original developer of the ZIP format), the B&N ZIP has some proprietary gibberish at the beginning:
Code:
...............'1.2.1.24.carbon1_2.gossamer.rrdp.s70455.......XOLBsPWsxv0saXev7rdGBBrQLzdM74ai2CM4h6oD/D3S9xeKq8eFYW7j0+MgLohN4x/3tyIYaZV6YiLEi7gLXq+7XjvWV4KaTGvNw0wM6x11IPOEzYwmHryagnY91XjkfKTjwKR8XC3SkSRu4TT01DZ6lfqsw6MZO18AFz48GEjXcxKy8SQZyhA++kobYWlcC8jNa/EmkGgVJien7QJ4LvR8N5Bftk11WRTOy6+BSQQgdBh4K/i2WI0TqfpH7JC+6vNp5rb61KTXpZIMLHGyZloYca68mnn4rmr1SKqodpffgSmYI+f7DPt7RgBEkXGz20x+3kKA+OcPbd1QKvIwd+A==.........;=.
First 418 bytes of nook_1_2_update.zip. Unprintable characters replaced with dots.
Unzip and other unpackers will get through this just fine so you might not even notice it but it will prevent the file from working as factory image for the stock recovery, so let's start by getting rid of the cruft. There are at least three options here: (1) use dd(1) (UNIX shell or Windows CLI), (2) use Free Hex Editor (Windows GUI), (3) unzip and repack again. The dd command if you're lucky to have a recent version is:
Code:
dd if=nook_1_2_update.zip of=factory.zip skip=418bytes
- or -
Code:
dd if=nook_1_2_update.zip of=factory.zip iflag=skip_bytes skip=418
Option (3) will break the B&N signature on the ZIP. Theoretically, if the signature is preserved, the file should work as-is as the new factory image as it matches the key stored in the recovery). It didn't work for me but I didn't try too hard because what I want to do is to use a custom image anyway so feel free to check for yourself (skip to the last step).
Otherwise, if you are using the stock update file that you want to sign again, you need to remove the signature that is already there. Supposing your soon-to-be new factory image file is called factory.zip, the way to do it is:
Code:
zip -d -q factory.zip META-INF\CERT.SF META-INF\CERT.RSA META-INF\MANIFEST.MF
Insert your key into stock recovery RAM disk image
For customized factory.zip signed with your own key, we need to tweak the recovery image a bit.
Extract the image from the update ZIP:
Code:
unzip -j nook_1_2_update.zip ramdisk-recovery.img
Replace the file res/keys (see attachment) in the image, using XDA user Renate NST's bootutil.exe tool:
Code:
bootutil /r ramdisk-recovery.img res\keys
You can also leave the old key in place and append the new one, just make sure there is nothing in between them (not even whitespace). And here are the alternative steps to unpack and repack the image using just the standard tools, which might come handy on UNIX:
Unpack:
Code:
dd if=ramdisk-recovery.img bs=64 skip=1 | gzip -cd | cpio -id
Repack:
Code:
find . -not -name ramdisk-recovery.img | cpio -oc | gzip -c9 | mkimage -A arm -O linux -T ramdisk -C gzip -a 0 -e 0 -d - ramdisk-recovery.new.img
Now the image just needs to be installed:
Code:
adb shell mkdir /data/boot
adb shell mount -t vfat /dev/block/mmcblk0p1 /data/boot
adb push ramdisk-recovery.img /data/boot/uRecRam
adb shell umount /data/boot
adb shell rm /data/boot
Sign and install the customized factory image ZIP
Suppose our new factory image is called factory.zip. Then to sign it:
Code:
java -jar signapk.jar [B]-w[/B] testkey.x509.pem testkey.pk8 factory.zip factory.signed.zip
See the attachment below for the necessary files. Note the -w switch, which is particularly important in this case.
Now just for the installation part:
Code:
adb shell mkdir /data/factory
adb shell mount -t ext2 /dev/block/mmcblk0p3 /data/factory
adb push -p factory.signed.zip /data/factory/factory.zip
adb umount /data/factory
adb rm /data/factory
Restore to factory image to check if it works
For an easy alternative to the power button marathon:
Code:
adb shell
echo -n -e "\x08\x00\x00\x00" >/rom/devconf/BootCnt
reboot
Warning: this wipes everything, all your data on the device will be lost.
Bonus: What if you want to use your own key?
The testkey.{pk8,x509.pem} is one of these ubiquitous Android debug keys, used all around. Apparently, it was good enough for B&N as well, as they used a version of it too for their OTAs (see /system/etc/security/otacert.zip). If it's not good enough for you though, and you have your own key, the attached keys file will not work for you; instead, you need to generate the key dump in the right format for yourself using the dumpkey utility also provided in the attachment:
Code:
java -jar dumpkey.jar testkey.x509.pem >>res/keys
Replace the references to testkey with the name of your key throughout the examples. If you're doing this on Windows, remember to convert the line ending to UNIX format (CR+LF to LF), not doing so might make the key not work.
General note: If at any stage you need to debug why a key is rejected, there is a log being saved by the stock recovery under /cache/recovery/log.
Disclaimer: Please do not follow these instructions blindly, but instead adjust them to your situation. This is the minimal set of necessary actions, with any optional steps removed for the clarity of illustration. I don't do it this way myself: personally, I'd make a backup here and there, verify MD5 sums after copying large files, etc. In any case, if something goes wrong, you will have to boot from SD card and restore your device. If everything goes right, you will lose all the data on the device. These instructions are provided on an "as is" basis. I will not provide support if anything doesn't work as expected for you. Anything you decide to do based on the above instructions is your sole responsibility.
dumpkey.jar really helped, thanks for that. Had to make exponent 3 type android key else it gets rejected, if you compiled the class, can you remove that check? Out of thanks for today.
Just a short note:
"bootutil" is now called "imgutil" and can be found in the signature.
There are more options than before, but I forget which ones.
Extracting ramdisk image to change fstab.tenderloin to make system read and write allowing permanent root access using any ROM ever created for the HP Touchpad.
I am using Ubuntu 18.04.1 LTS 64-bit (All the software is open source and free, you can get the packages necessary for your distro)
Create a folder in /home (root) name it hpboot ( on the PC ) all work is done on the PC.
Open the custom ROM zip file and extract boot.img to the created directory hpboot
Open Terminal in the hpboot directory, all the commands needs to be enter there.
Text beginning with –>># are for information only. Do not paste into the Linux terminal window.
–>># The following will extract images from boot.img file located in the hpboot direcory.
–>># Copy and paste each individual line in the Terminal window one by one and wait until each command finish processing.
dumpimage -i boot.img kernel.uImage
dumpimage -i boot.img -p 1 ram
dd if=ram of=ramdisk.img.gz bs=64 skip=1
gunzip ramdisk.img.gz
mkdir ramdisk; cd ramdisk
cpio -i < ../ramdisk.img
–>>#The ramdisk files are uncompress in the hpboot/ramdisk directory
–>>#Open file fstab.tenderloin using (text editor) change mnt_flags of/system ext4 from ro to rw
–>>#Look like this when change from (ro ) read only to ( rw ) read and write.
–>>#<src> <mnt_point> <type> <mnt_flags and options>
–>>#/dev/store/cm-system /system ext4 rw,errors=panic
–>># Save and close the fstab.tenderloin file
–>># The next 3 steps will repack the files into the ramdisk and merge Kernel to create the finish boot image.
find . | cpio --create --format=’newc’ | gzip > ../ramdiskRW.img
cd ~/hpboot
mkimage -A arm -O linux -T ramdisk -C none -a 0x00000000 -n “TENDERLOIN RW SYSTEM RAMDISK” -d ./ramdiskRW.img ./ramdisk.uImage
mkimage -A arm -T multi -C none -n “Tenderloin RW System” -d kernel.uImage:ramdisk.uImage uImage.Android_RW
–>>#Boot the touchpad into TWRP, connect to PC, copy uImage.Android_RW to the external Micro SDCard.
–>>#Select MOUNT and touch Boot, go back, touch Advanced, File Manager, touch external_sd, select uImage.Android_RW, touch Copy File, touch boot, touch select Current Folder.
–>>#You should have free space on your boot for both images. At the boot screen you will have the option of Android (with no permanet ROOT access) and Android_RW (RW System), you need to install SuperSu. You can use any of the two options or delete uImage.Android and then rename uImage.Android_RW to uImage.Android for one boot option.
You do not need to re flash the ROM, you can add this boot file and use it with your current installed working ROM.
The process works for all boot.img created for the HP Touchpad. If you have a ROM and would like to have system read and write access then you can do this.
Hopefully a Linux Guru will create a script for this, which will automate the process to 3 seconds!
I like tinkering with my TP but I am running @Windows 7 on a 32 bit.. any suggestions?
Android is base on Linux OS.
Install vmware player and run ubuntu as a virtual machine, both are free.
--SNIP--
Hopefully a Linux Guru will create a script for this, which will automate the process to 3 seconds!
Click to expand...
Click to collapse
Here's a shell script that automates the process (rename the extension from .txt to .sh). Put the script and boot image file in any directory and type
Code:
./rwcreate.sh
If it doesn't execute, it probably needs its permissions changed.. Right click the file you created, select 'properties'. In the properties window, select "Permissions" and check "allow executing as ..." or type
Code:
chmod +x rwcreate.sh
in a terminal window
Thanks for your help and dedicating your time to make it easier for others.
I made suggestion to the script on correcting an error, on DU forum.
Now is just a click to get it done, but if we were in a perfect computer world, it could be even easier as to connect the HP Touchpad to PC using USB.
Then run the script and everything is complete!
Using adb pull command to get (boot.uImage) from hp boot directory, to PC.
Changes are done as per script.
adb push command new boot.uImage to hp boot directory, all done!
But making it easier, will make it more complicated and having to install more software and confusing!
HP_TOUCHPAD said:
Thanks for your help and dedicating your time to make it easier for others.
I made suggestion to the script on correcting an error, on DU forum.
Now is just a click to get it done, but if we were in a perfect computer world, it could be even easier as to connect the HP Touchpad to PC using USB.
Then run the script and everything is complete!
Using adb pull command to get (boot.uImage) from hp boot directory, to PC.
Changes are done as per script.
adb push command new boot.uImage to hp boot directory, all done!
But making it easier, will make it more complicated and having to install more software and confusing!
Click to expand...
Click to collapse
Done. Thanks.
shumash said:
Done. Thanks.
Click to expand...
Click to collapse
The script on this forum is correct, but in the DU the file was wrong, corrected now.
Thanks for the fix and help!