I have compiled a kernel for the Ze550ml using ASUS released kernel sources and I got a kernel file. Usually when unpacking boot.img file, I usually see just two files.... the kernel and the ramdisk. With this original boot.img I found a third one which is "second bootloader" file. I included it in remaking the boot.img with my compiled kernel (but won't release it due to possible brick). Any ideas?
If anyone is very close to a ASUS repair shop and have no issues repairing or replacing their ze550ml... LMK if you want to try the boot.img to boot (not flash) and see how it goes.
Just got a hold of support and says that our bootloaders are LOCKED... so a modified boot.img will brick the device hopefully they release an unlock tool soon so we can start developing.
There are "Bootstub" strings in the 2nd bootloader. And from this link, the bootstub is "fixed content" in ZF5/6. Although ZF2's boot.img format is different from 5/6, the function of bootstub should be the same, so I think we can re-use the 2nd bl from official boot image to repack our homemade kernels. (That's only what I think, and thus no guarantee on this)
clemsyn said:
Just got a hold of support and says that our bootloaders are LOCKED... so a modified boot.img will brick the device hopefully they release an unlock tool soon so we can start developing.
Click to expand...
Click to collapse
Yep. Even just a simple ro.secure=0 ro.debuggable=1 in the ramdisk and reassembled to boot.img was diceless..
I should try bullying Asus into providing optional unlocked bootloaders. Unlocked everything dammit.. Last I checked, its my phone.
Hi clemsyn!
Blades said:
Yep. Even just a simple ro.secure=0 ro.debuggable=1 in the ramdisk and reassembled to boot.img was diceless..
I should try bullying Asus into providing optional unlocked bootloaders. Unlocked everything dammit.. Last I checked, its my phone.
Hi clemsyn!
Click to expand...
Click to collapse
BLADES!!!!!! Been awhile =)
http://forum.xda-developers.com/zenfone2/orig-development/tool-zenfone-2-boot-repack-t3146088
When you do get unlocked, recompile the boot.img with the second file added into it.
Just build it with the mkbootimg with
Code:
--kernel zImage --ramdisk initramfs.cpio.gz --second second.gz
And then whatever else you have after it, and of course the boot.img name you want.
That's what I had to do to make the insecure boot.img on the 551.
Related
I've tried fastboot mode on xt720 and it actually worked. It can flash (without signature check) separate partitions system, userdata... But it seems that it checks signature on boot. It also can flash custom boot.img (kernel + ramdisk) but it can't boot because of sig checks. But the most interesting thing is that it can boot custom boot.img without flashing it. It is achieved with "fastboot boot boot.img" command. So we can run custom kernel without checking it. I've created custom boot.img with custom init.rc and it booted fine. Then I've changed one byte in the stock kernel and it also booted fine (many thanks to #milestone-modding devs). I've tried to build custom kernel but unfortunately I haven't figured out how to configure the build for xt720.
For booting to fastboot mode you should do this steps
1. Connect your phone to PC in debug mode
2. Run the following command
adb reboot bootloader
3. Download fastboot for windows from http://forum.xda-developers.com/showthread.php?t=463627
4. Then you can boot custom boot.img with command
fastboot boot boot.img
what revision of the boot is your phone? it might actually be a solution to booting custom roms, ie. 1st boot original kernel, then a hijack in mot_boot_mode to reboot using fastboot with custom boot.img, and wupti! you got your custom kernel loaded.
maybe the same boot loader works on milestone, as it has been tested upto 90.78 and did not work with fastboot, only developer phones has this enabled.
I had alreay do.. like a 2.6.32.9 kernel for milestone
but it doesn't work to my xt720(kor skt)
In my case I made a boot.img(kernel + ramdisk into original boot.img with hex edit)
it works and memory more available
but display 2.6.29-omap1
kernel & ramdisk from froyoModV1 boot.img
Dexter_nlb said:
what revision of the boot is your phone? it might actually be a solution to booting custom roms, ie. 1st boot original kernel, then a hijack in mot_boot_mode to reboot using fastboot with custom boot.img, and wupti! you got your custom kernel loaded.
maybe the same boot loader works on milestone, as it has been tested upto 90.78 and did not work with fastboot, only developer phones has this enabled.
Click to expand...
Click to collapse
The version of bootloader on xt720 is 80.89, there is a dump of mbm and mbmloader on and-developers, but there is no sbf file.
totoro1233 said:
I had alreay do.. like a 2.6.32.9 kernel for milestone
but it doesn't work to my xt720(kor skt)
In my case I made a boot.img(kernel + ramdisk into original boot.img with hex edit)
it works and memory more available
but display 2.6.29-omap1
kernel & ramdisk from froyoModV1 boot.img
Click to expand...
Click to collapse
There is mkbootimg tool which can make boot.img from kernel and ramdisk. Here is the guide http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack,_Edit,_and_Re-Pack_Boot_Images
what do you mean by "memory more available" is it more then 256MB? how much is it exactly now?
korean motoroi(xt720) is available memory about 30MB
but lots of memory leak
(kr xt720 have 256MB RAM)
so I try to make a boot.img
prepare file list
original boot.img in xt720 2.6.29-omap1 dump file
boot.img in milestone 2.6.32.9 dump file
you have to split boot.img for milestone to kernel and ramdisk
now you have 2.6.29 boot.img and kernel, ramdisk
open the boot.img, kernel,ramdisk with hex edit program
boot.img : find 00 00 A0 E1 hex code (first item)
if you find, kernel all things copy and paste write to boot.img
boot.img : find 1F 8B 08 00 hex code (last item)
if you find, ramdisk all things copy and paste write to boot.img
and than save custom boot.img and boot possible
p.s
your custom boot.img file have to same MB with origin
I'm using HxD edit program
Thanks for sharing
I would like to try, but my milestone xt720 is bricked Hope that others will try...
totoro1233: you just booted with fastboot boot boot.img or you actually flashed boot.img with fastboot? If you have just booted then after restarting the phone stock kernel is booted.
resar said:
totoro1233: you just booted with fastboot boot boot.img or you actually flashed boot.img with fastboot? If you have just booted then after restarting the phone stock kernel is booted.
Click to expand...
Click to collapse
sorry ..
I had already flashed in GOT recovery(change the script to md5 checking remove)
So does it work??????
Dexter_nlb said:
what revision of the boot is your phone? it might actually be a solution to booting custom roms, ie. 1st boot original kernel, then a hijack in mot_boot_mode to reboot using fastboot with custom boot.img, and wupti! you got your custom kernel loaded.
maybe the same boot loader works on milestone, as it has been tested upto 90.78 and did not work with fastboot, only developer phones has this enabled.
Click to expand...
Click to collapse
Wow, subscribed to this thread, hopefully totoro1233 can provide more files and information as to how he got it to work.
totoro1233 said:
korean motoroi(xt720) is available memory about 30MB
but lots of memory leak
(kr xt720 have 256MB RAM)
so I try to make a boot.img
Click to expand...
Click to collapse
why make a custom boot.img?
- Milestone 2.6.32 kernel + ramdisk is the only parts in the boot.img
- a Custom boot.img with Milestone kernel + ramdisk xt720 is a NO-GO!!!
2.2 froyo require correct services loaded,and thats not gonna happen with a xt720 ramdisk.
- if you think a XT720 kernel + froyo ramdisk, im sure its not gonna free up any memory like that.
So purpose of splitting boot.img and remerging is less to 0 or lower than 0.
Dexter_nlb said:
why make a custom boot.img?
- Milestone 2.6.32 kernel + ramdisk is the only parts in the boot.img
- a Custom boot.img with Milestone kernel + ramdisk xt720 is a NO-GO!!!
2.2 froyo require correct services loaded,and thats not gonna happen with a xt720 ramdisk.
- if you think a XT720 kernel + froyo ramdisk, im sure its not gonna free up any memory like that.
So purpose of splitting boot.img and remerging is less to 0 or lower than 0.
Click to expand...
Click to collapse
Dexter can't we just boot milestone boot.img? If it can boot milestone kernel then maybe it can boot kernel + ramdisk. If not then we must find a way to configure xt720 build configuration.
Here's any idea: Grab any boot.img (the most inappropriate one, like one from some HTC phone), grab the fastboot tool, reboot into fastboot (not the one where you can flash RSDlite!), then:
Code:
fastboot boot boot.img
...if it crashes, then we know it at least tried to boot the file. [EDIT]This means you lucky people can boot custom kernels![/EDIT] Since we aren't doing the flash command (fastboot flash boot boot.img)....
It should be 20000% safe.
[EDIT]I just tried it on my Milestone - I took a boot.img from a Droid rom (bugless beast, to be exact) and unfortunately it didn't transfer at all. Seems like they locked this one down? According to Dexter, they sure did! It would be nice if someone can confirm my findings.
It seems that no one interested to try....
Can anyone try to boot Milestone boot.img?
If you wanna flash tune image, your phone have to stock firmware
If you not than you'll should brick the phone..
In my case also brick my phone
so I had flashed sbf image
In addition fastboot isn't recommanded, fastboot is force flashing not available
Interested to try but it seems that it can brick the phone... So i wait for you to find a way resar..... loool
And sorry but i don t know a thing about boot img so you ll have to explain more what to do....
B_e_n said:
Interested to try but it seems that it can brick the phone... So i wait for you to find a way resar..... loool
And sorry but i don t know a thing about boot img so you ll have to explain more what to do....
Click to expand...
Click to collapse
As Lollipop_Lawlipop said you can just boot custom boot.img(kernel + ramdisk). It won't brick your phone. If it won't boot you can just restart your phone and and it will boot fine. There is no risk in booting boot.img. If you flash boot image it can of course brick your phone, but we don't need to flash.
totoro1233 said:
If you wanna flash tune image, your phone have to stock firmware
If you not than you'll should brick the phone..
In my case also brick my phone
so I had flashed sbf image
In addition fastboot isn't recommanded, fastboot is force flashing not available
Click to expand...
Click to collapse
You can flash only signed images to your phone but fastboot can boot custom image. If the milestone image won't work, we'll have to build custom kernel for xt720, and I'm 90% sure that it'll work.
Hi everyone,
I pulled down images made from AOSP for the Nexus 7 device successfully. I am trying to flash the zImage onto the Nexus 7 device via fastboot. But in the terminal I get a "Invalid partition" error after doing "fastboot flash zimage zImage". I can flash the boot.img, userdata.img, and system.img just fine. But I get an error for zImage.
I also tried a different method. I did a "make otapackage" and flashed the zip through CWM to I get a "no file_context warning". Afterwards when rebooting, the device shows the google logo but is a blank black screen after a few seconds.
That is when I fastboot flash all the stock images back on and try again... but no success.
Has anyone encountered something similar? Or has some idea of what I steps I can take to remedy this?
Thanks!
mdrdroid said:
Hi everyone,
I pulled down images made from AOSP for the Nexus 7 device successfully. I am trying to flash the zImage onto the Nexus 7 device via fastboot. But in the terminal I get a "Invalid partition" error after doing "fastboot flash zimage zImage". I can flash the boot.img, userdata.img, and system.img just fine. But I get an error for zImage.
I also tried a different method. I did a "make otapackage" and flashed the zip through CWM to I get a "no file_context warning". Afterwards when rebooting, the device shows the google logo but is a blank black screen after a few seconds.
That is when I fastboot flash all the stock images back on and try again... but no success.
Has anyone encountered something similar? Or has some idea of what I steps I can take to remedy this?
Thanks!
Click to expand...
Click to collapse
Not sure if your question was answered in another post as I found this thread searching on google for my own issue.
You can't fastboot flash zImage at all. You may be able to fastboot boot zImage but trying to flash the zimage is an incomplete image. You'd have to add the zimage to a boot.img to flash it with fastboot. Then you'd fastboot flash boot boot.img.
You should be able to fastboot boot zImage to boot the kernel from your pc with the existing boot.img. Hope this helps. I may not even see a response to this thread but I check Nexus 7 Q&A so I hope I hear it helps.
tiny4579 said:
Not sure if your question was answered in another post as I found this thread searching on google for my own issue.
You can't fastboot flash zImage at all. You may be able to fastboot boot zImage but trying to flash the zimage is an incomplete image. You'd have to add the zimage to a boot.img to flash it with fastboot. Then you'd fastboot flash boot boot.img.
You should be able to fastboot boot zImage to boot the kernel from your pc with the existing boot.img. Hope this helps. I may not even see a response to this thread but I check Nexus 7 Q&A so I hope I hear it helps.
Click to expand...
Click to collapse
Thank you for the reply!!! I really appreciate it as I didn't really know what to do about this issue. I don't know how to add the zimage to the boot.img, but I will look into it... do you have any more advice on this?
Before, when after building, I did flash boot.img, zImage (which failed), system.img, and userdata... and I did get it to boot, and everything seems to be working okay in general but I have an inkling that the zImage generated will be needed for what I aim to accomplish.
Anyhow, thanks again for the information I'm new to android development and am glad for any help!
Google decompiling a boot.Img
You can't flash a zimage (ramdisk) because it is not a partition
The boot partition or boot.Img contains both the kernel and the ramdisk
So what you need to do is decompile the boot.Img of your rom
Then put your new ramdisk into the decompiled one
Then recompile the boot and flash that
Sent from my Nexus 7
I have compiled a kernel (zImage) for the Nexus 4, using the msm tree and mako checkout. I have also compiled android using lunch full_mako-userdebug. I grabbed the boot.img from the android build output and used mkbootimg and unpackbootimg to rebuild it using the zImage from the msm mako kernel build I mentioned earlier. When I use
Code:
fastboot boot boot.img
the phone boots using the newly created boot.img just fine. The kernel version checks out being the one that I built and there is no problems. However, when i reboot the phone into the bootloader and use
Code:
fastboot flash boot boot.img
the phone boot loops. Why does the phone boot fine using fastboot boot boot.img but loops when I go ahead and flash it? I have unpacked the original boot.img (from the android build) and repacked it using the original zImage extracted from it to see if the mkbootimg process is the problem. The same thing happens, boots using fastboot boot boot.img but fastboot flash boot boot.img causes boot loop. Any help?
arynhard said:
I have compiled a kernel (zImage) for the Nexus 4, using the msm tree and mako checkout. I have also compiled android using lunch full_mako-userdebug. I grabbed the boot.img from the android build output and used mkbootimg and unpackbootimg to rebuild it using the zImage from the msm mako kernel build I mentioned earlier. When I use
Code:
fastboot boot boot.img
the phone boots using the newly created boot.img just fine. The kernel version checks out being the one that I built and there is no problems. However, when i reboot the phone into the bootloader and use
Code:
fastboot flash boot boot.img
the phone boot loops. Why does the phone boot fine using fastboot boot boot.img but loops when I go ahead and flash it? I have unpacked the original boot.img (from the android build) and repacked it using the original zImage extracted from it to see if the mkbootimg process is the problem. The same thing happens, boots using fastboot boot boot.img but fastboot flash boot boot.img causes boot loop. Any help?
Click to expand...
Click to collapse
Come to find that fastboot will not work because the Nexus 4 has a secure boot option. In the bootloader you can see that it is enabled. Although I managed to flash another developers kernel via recovery update.zip method. This worked, but now I am having trouble getting my own update.zip to flash.
Looks like I was wrong in both of my posts above. The problem seems to have been related to entering the wrong pagesize when using "mkbootimg". I found that the "abootimg" is much better, and I have attached it below. simply use:
EDIT: I have updated the code and the attachment. I have created a modified program that blends a fastboot function with abootimg. ENJOY!
Code:
./zhack -x boot.img
to extract all the contents of boot.img
then replace the zImage that is extracted with the new zImage you have compiled.
now execute:
Code:
./zhack -z boot.img -f bootimg.cfg -k <new zImage> -r initrd.img
fastboot boot zImage
I have also the nexus4 and i use msm / mako
Is it possible that i boot like this?
fastboot boot arch/arm/boot/zImage
everytime my phone stops after the "google" logo?
i used:
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/home/marcel/Android/rom/prebuilts/gcc/linux-x86/arm/arm-eabi-4.7/bin/"
export ARCH=arm
export SUBARCH=arm
export CROSS_COMPILE=arm-eabi-
make mako_defconfig
make
But when i compile my "rom" the boot.img is flashing correct to my device.
So i can't update my kernel into the boot.img because the kernel is not working?
very strange?
any tips?
arynhard said:
Looks like I was wrong in both of my posts above. The problem seems to have been related to entering the wrong pagesize when using "mkbootimg". I found that the "abootimg" is much better, and I have attached it below. simply use:
EDIT: I have updated the code and the attachment. I have created a modified program that blends a fastboot function with abootimg. ENJOY!
Code:
./zhack -x boot.img
to extract all the contents of boot.img
then replace the zImage that is extracted with the new zImage you have compiled.
now execute:
Code:
./zhack -z boot.img -f bootimg.cfg -k <new zImage> -r initrd.img
Click to expand...
Click to collapse
. .
is there any way to flash a bootloader for example the testpoint? would be funny to build it from source
. .
munjeni said:
There is no source for our bootloaders! I not tried to flash bootloader but I think its posible using dd since I know ta flashing is possible with dd so I think bootloader is possible too. I do not know if there is a hach check for bootloader partition (case if we flash cracked bootloader) but I will see very soon! In case, if there is no hash check and or if we are able to flash cracked bootloader, than we can bypass security check by cracking bootloader!
I wanted to mmap 0x80110000 memory and see what I can see there... but seems we can not open them? Since:
Do you have idea how we can read them?
Click to expand...
Click to collapse
sorry i don't know much about that..
can't we build a lk bootloader modified for our device?
munjeni said:
There is no source for our bootloaders! I not tried to flash bootloader but I think its posible using dd since I know ta flashing is possible with dd so I think bootloader is possible too. I do not know if there is a hach check for bootloader partition (case if we flash cracked bootloader) but I will see very soon! In case, if there is no hash check and or if we are able to flash cracked bootloader, than we can bypass security check by cracking bootloader!
Click to expand...
Click to collapse
I would be very surprised if there's no signature-check for the bootloader partition, even the original (first) iPhone had a signature-check for the user-modifiable bootloader.
Perhaps a BROWN device (in SonyEricsson terms) would not have a check, but a retail device sure will.
CoolDevelopment said:
sorry i don't know much about that..
can't we build a lk bootloader modified for our device?
Click to expand...
Click to collapse
I am not sure since our phone use aboot. Did you found here on xda that somebody had luck with lk and xperia device? I not searched but maybe somebody had luck?
. .
Will have a look at it later
The qualcomm boot chain verifies each part with a signature. I think what you modified is not part of the data which is used for calculating the signature.
There was a exploit in lk which allowed overwriting the signature check in lk with a modified ramdisk offset in the kernel (this allowed booting custom kernels with locked bootloader). But this exploit is patched now (you can see in lk, it checks ramdisk offset now) (see also http://blog.azimuthsecurity.com/2013/05/exploiting-samsung-galaxy-s4-secure-boot.html )
. .
. .
munjeni said:
We have runing ABOOT and not LK ! Every part of an binary is part of binary! In our way s1sbl is not signature checked! I think we are ready for cracking s1sbl!
Click to expand...
Click to collapse
ABOOT is a modified LK very close to source. Try modifing actual code of the bootloader binary first. I'm still pretty sure it's signature checked.
The boot files from the firmware are only flashed if the version is different. Each configuration is read and the phone checks the 'ATTRIBUTES VALUE'. If the attributes on the phone matches the attributes in the configuration, the files from the said configuration are flashed.
For example OTP_LOCK_STATUS you can find in service menu under Service tests => Security.
Bad thing I have no flash mode and no fastboot
. .
Try flashing different commercial files and see which one lets you use fastboot and flashmode
Another thing which could be possible with a modified bootloader is using the fotakernel partition as our recovery, that would be great
. .
this might be interesting: http://forum.xda-developers.com/showthread.php?t=2147997
and after reading through the lk bootloader source it seems aboot is included in lk
Flashed now 007B30E1 comercial version (have biger size) and its boot but no flashmode, seems we need to flash booth files provided in xml file for every configuration for getting fastboot and flashmode active.
Strange thing:
dd if=/dev/zero of=/dev/block/platform/msm_sdcc.1/by-name/s1sbl
WTF not bricked? There is another partition similar with s1sbl with name alt_s1sbl (alternate partition), seems these partition is used if s1sbl partition is broken?
munjeni said:
On HTC phones you have right, but seems you are wrong for xperia! I have flashed it using DD command and its persistent!
Click to expand...
Click to collapse
Yes, of course.. I am talking about official firmware upgrade procedure.
Hello.
I would like to use custom kernels with enabled modprobe supporting. But I am afraid to flash third party modules with magisk because of potential data lost or boot loops or something like that.
So I want to loading kernel without flashing with fastboot like a:
Code:
fastboot boot boot.img
However, I don't know why, all custom kernels ditribute with 'zImage' file. Therefore I need to repack boot.img manualy:
Code:
abootimg -x boot.img
(abootimg deb package)
or
Code:
unpack boot.img
(whiteboard[at]ping[at]se/Android/Unmkbootimg)
or
Code:
mkboot boot.img out/
(github[at]com/xiaolu/mkbootimg_tools)
In all cases I have the same result (files have identical md5sum).
But when I try to build boot.img I've obtain not bootable image.
Also I noticed that after rebuilds boot.img lose 100MB:
original boot.img - 128M
new_boot.img - 17M
Also notice, I didn't make anything changes!
Please tell me, what I do wrong?
Thank you.