"Go" Android recovery mode

Original URL: http://leox.iteye.com/blog/975303

(Muddogxp Original, reproduced please specify )

Recovery Introduction

Android uses recovery mode to restore factory settings, OTA upgrades, patch upgrades and firmware upgrades.

An upgrade typically performs a custom upgrade by running the Meta-inf/com/google/android/update-script script in the upgrade package, which is a set of UI controls that the recovery system can recognize, file system operations commands, such as Write_raw _image (write Flash partition), Copy_dir (copy directory). The package is generally downloaded to the SDcard and cache partitions. If you are interested in the content of this package, you can download the JF upgrade package from http://forum.xda-developers.com/showthread.php?t=442480 to see it.

The upgrade also involves the digital signature of the package, the signature method and the normal jar file signature difference is good. The public key is hard-compiled into recovery, which is generated at compile time: out/target/product/xx/obj/packaging/ota_keys_inc_intermediates/keys.inc

Three startup modes in the G1

MAGIC KEY:

• Camera + power:bootloader mode, you can use FastBoot mode in ADP

• Home + power:recovery Mode

• Normal start

Bootloader starts normally, and in three different ways, according to the command category in BCB (Bootloader Control Block, described in the next section):

• Command = = ' Boot-recovery ' → start recovery.img. Recovery mode

• Command = = ' Update-radio/hboot ' → update firmware (bootloader)

• Other → start boot.img

Other systems and documents related to recovery

• Cache partition File

• • /cache/recovery/command:recovery command, written by the main system. All commands are as follows:

    • --send_intent=anystring-write the text out to Recovery.intent

    • --update_package=root:path-verify Install an OTA package file

    • --wipe_data-erase user data (and cache), then reboot

    • --wipe_cache-wipe cache (but not user data) and then reboot

  • /cache/recovery/log:recovery process logs, read out by the main system

  • /cache/recovery/intent:recovery output of Intent

The Recovery tool deals with the main system through three files on the NAND cache partition. The main system (including factory reset and OTA upgrade) can write the required commands to the recovery and read the log and intent in the recovery process.

• Misc Partition Content

  Bootloader Control Block (BCB) stores recovery Bootloader message. The structure is as follows:

  struct Bootloader_message {

  Char command[32];

  Char status[32]; Unknown use

  Char recovery[1024];

  };

  • command can have the following two values

    "Boot-recovery": Mark recovery in progress, or instruct bootloader to enter recovery mode

    "Update-hboot/radio": Indicates bootloader update firmware

  • Recovery content

    "Recovery\n

    <recovery command>\n

    <recovery command> "

    Where recovery command is Cache:/recovery/command

Two recovery case

• FACTORY Reset (Restore factory settings)

1. User selects "Factory reset"

2. Set the system to write the "--wipe_data" command to/cache/recovery/command

3. System restarts and enters recover mode (/sbin/recovery)

4. Get_args () writes "Boot-recovery" and "--wipe_data" to BCB

5. Erase_root () format (erase) data partition

6. Erase_root () format (erase) cache partition

7. Finish_recovery () Erase BCB

8. Rebooting the system

• Ota INSTALL (OTA upgrade)

2. Upgrade system Download OTA package to/cache/some-filename.zip

4. Upgrade system Write Recovery command "--update_package=cache:some-filename.zip"

6. Reboot, and enter recovery mode

8. Get_args () will "Boot-recovery" and "--update_package= ..." Write BCB

10. Install_package () for upgrade

12. Finish_recovery () Erase BCB

14. * * If installation package fails * * prompt_and_wait () Wait for user action, select Alt+s or alt+w upgrade or restore factory settings

16. Main () Call Maybe_install_firmware_update ()

    1. If there is a hboot/radio in the package firmware continue, otherwise return

    2. Write "Boot-recovery" and "--wipe_cache" to BCB

    3. Writes firmware image to the cache partition

    4. Write "Update-radio/hboot" and "--wipe_cache" to BCB

    5. Rebooting the system

    6. bootloader Self Update firmware

    7. Bootloader write "Boot-recovery" to BCB

    8. Erase_root () Erase cache partition

    9. Clear BCB

18. Main () call reboot () reboot system

Recovery mode Flow

/init→init.rc→/sbin/recovery→

Main (): RECOVERY.C

• Ui_init (): Ui.c [UI Initialize]

  • Gr_init (): MINUI/GRAPHICS.C [set Tty0 to graphic mode, open fb0]

  • Ev_init (): MINUI/EVENTS.C [open/dev/input/event*]

  • res_create_surface:minui/resource.c [Create surfaces for all bitmaps used later, include icons, BMPs]

  • Create 2 Threads:progress/input_thread [create progress Show and input event handler thread]

• Get_args (): recovery.c

  • Get_bootloader_message (): bootloader.c [Read mtdblock0 (Misc partition) 2nd page for CommandLine]

  • Check if NAND misc partition has a boot message. If Yes, fill argc/argv.

  • If No, get arguments from/cache/recovery/command, and fill argc/argv.

  • Set_bootloader_message (): bootloader.c [set bootloader message back to Mtdblock0]

• Parser argv[] filled above

• Register_update_commands (): commands.c [Register all commands with name and hook function]

  • Registercommand (): COMMANDS.C

    • Register command with Name, hook, type, cookie.

    • Commands, E.g:assert, delete, Copy_dir, Symlink, Write_raw_image.

  • Registerfunction (): COMMANDS.C

    • Register function with name, hook, cookie.

    • Function, E.g:get_mark, Matches, Getprop, File_contains

• Install_package ():

  • Translate_root_path (): roots.c ["System:lib" and turns it into a string like "/system/lib", translate the Updater.zip path ]

  • Mzopenziparchive (): zip.c [Open Updater.zip file (uncompass)]

  • Handle_update_package (): INSTALL.C

    • Verify_jar_signature (): verifier.c [Verify signature with Keys.inc key, verify manifest and zip package archive]

      • VerifySignature () [Verify the Signature file:cert.sf/rsa.]

        • Digestentry (): verifier.c [Get SHA-1 Digest of CERT.SF file]

        • Rsa_verify (Public key:keys.inc, Signature:CERT.rsa, cert.sf ' s Digest): LIBC/RSA.C [Verify a 2048 bit RSA PKCS1.5 signature Against an expected SHA-1 hash. Use public key to decrypt the Cert.rsa-get original SHA Digest, then compare to digest of CERT.SF]

      • Verifymanifest () [Get manifest sha1-digest from CERT.SF. Then does digest to MANIFEST. Mf. Compare them]

      • Verifyarchive () [Verify all the files in Update.zip with digest listed in MANIFEST. MF]

    • Find_update_script (): install.c [Find meta-inf/com/google/android/update-script Updater Script]

    • Handle_update_script (): install.c [Read cmds from script file, and do parser, exec]

      • Parseamendscript (): AMEND.C [Call Yyparse () to parse to command]

      • Execommandlist (): INSTALL.C

        • Execommand (): execute.c [Call command hook function]

• Erase Data/cache Partition

• Prompt_and_wait (): recovery.c [wait for user input:1) reboot 2) Update.zip 3) wipe data]

  • Ui_key_xxx get alt+x Keys

  • 1) do nothing

  • 2) install_package (' SDCARD:update.zip ')

  • 3) Erase_root () →format_root_device () Data/cache

• May_install_firmware_update (): firmware.c [Remember_firmware_update () is called by Write_hboot/radio_image command, it Stores the bootloader image to CACHE partition, and write Update-hboot/radio command to MISC partition for bootloader mess bootloader update itself after reboot]

  • Set_bootloader_message ()

  • Write_update_for_bootloader (): bootloader.c [write firmware image to CACHE partition with Update_header, Busyimage and F Ailimage]

• Finish_recovery (): recovery.c [clear the Recovery command and prepare to boot a (hopefully working) system, copy our log f Ile to cache as well (for the system to read), and record any intent we were asked to communicate back to the system. ]

• Reboot ()

Recovery mode flowchart

The following flowchart draws the system's behavior flow from the start load bootloader.

No bed, see blog Bar ~

Examples of actual use:

adb shell "echo \" send_intent=xxx\ ">/cache/recovery/command"

adb shell "echo \"--update_package=sdcard:update.zip\ ">>/cache/recovery/command"

adb Shell Sync

ADB reboot Recovery

"Go" Android recovery mode