[Arrangement] Android-recovery mode (detailed recover Mode)

Recovery Overview

Android uses the recovery mode to restore factory settings, OTA upgrades, patch upgrades, and firmware upgrades.

The upgrade is generally performed by running the META-INF/COM/Google/Android/update-Script script in the upgrade package to execute a custom upgrade, the script is a set of recovery system can recognize the UI control, file System Operation commands, such as write_raw_image (write flash partition) and copy_dir (copy directory ). This package is generally downloaded to the sdcard and cache partitions. If you are interested in the content of this package, can you go from the http://forum.xda-developers.com/showthread.php? T = 442480 download the JF upgrade package.

The upgrade also involves the package's digital signature. The signature method is not bad with the normal JAR file signature. The Public Key is hard compiled into recovery, which is generated at: Out/target/product/XX/obj/packaging/ota_keys_inc_intermediates/keys. Inc.

Three startup modes in G1

Magic key:

• Camera + power: bootloader mode. You can use fastboot mode in ADP.

• Home + power: recovery mode

• Normal start

The bootloader can be started normally. There are three more methods, which are categorized by the command in BCB (bootloader control block, described in the next section:

• Command = 'boot-recovery '→ start recovery. IMG. Recovery mode

• Command = 'Update-Radio/hboot' → update firmware (bootloader)

• Others → start boot. img

Other systems and files involved in recovery

• Cache partition File

The recovery tool deals with the primary system through three files on the NAND cache partition. The master system (including restoring factory settings and OTA upgrades) can write the commands required for recovery and read the logs and intent during the recovery process.

• /Cache/recovery/command: the recovery command, written by the main system. All commands are as follows:

  • -- Send_intent = anystring-write the text out to recovery. Intent

  • -- Update_package = root: Path-verify install an OTA package file

  • -- Wipe_data-erase user data (and cache), then reboot

  • -- Wipe_cache-Wipe cache (but not user data), then reboot

• /Cache/recovery/log: the recovery process log, which is read by the main system.

• /Cache/recovery/intent: intent output by recovery

• Misc partition content

  The bootloader control block (BCB) stores the recovery bootloader message. The structure is as follows:

  Struct bootloader_message {

  Char Command [32];

  Char recovery [1024];

  };

  • Command can have the following two values:

    "Boot-recovery": indicates that the recovery is in progress, or indicates that the bootloader should enter the recovery mode.

    "Update-hboot/Radio": indicates that bootloader updates firmware.

  • Recovery content

    "Recovery \ n

    <Recovery command> \ n

    <Recovery command>"

    The recovery command is the cache:/recovery/command.

Two recovery cases

• Factory reset (Restore factory settings)

1. Select "Restore factory settings"

2. Set the system to write the "-- wipe_data" command to/Cache/recovery/command

3. The system restarts and enters the recover mode (/sbin/recovery)

4. Get_args () writes "boot-recovery" and "-- wipe_data" to BCB

5. Erase_root () format (erase) Data Partition

6. Erase_root () format (erase) cache Partition

7. Finish_recovery () erased BCB

8. Restart the system

• OTA install (OTA update)

1. Upgrade the system to download the OTA package to/Cache/some-filename.zip

2. Upgrade system write recovery command "-- update_package = cache: some-filename.zip"

3. Restart and enter recovery mode

4. Get_args () writes "boot-recovery" and "-- update_package =..." To BCB

5. Install_package () for upgrade

6. Finish_recovery () erased BCB

7. ** If the installation package fails ** prompt_and_wait () is waiting for user operation, select Alt + S or Alt + W to upgrade or restore the factory settings

8. Main () call maybe_install_firmware_update ()

   1. If there is firmware of hboot/radio in the package, continue; otherwise, return

   2. Write "boot-recovery" and "-- wipe_cache" to BCB

   3. Write firmware image to the cache Partition

   4. Write "Update-Radio/hboot" and "-- wipe_cache" to BCB

   5. Restart the system

   6. Bootloader update firmware

   7. Bootloader writes "boot-recovery" to BCB

   8. Erase_root () erased the cache Partition

   9. Clear BCB

9. Main () calls reboot () to restart the system

Recovery mode process

/Init → init. RC →/sbin/recovery →

Main (): recovery. c

• Ui_init (): Ui. C [UI initialize]

  • Gr_init (): minui/graphics. C [set tty0 to graphic mode, open fb0]

  • Ev_init (): minui/events. C [open/dev/input/event *]

  • Res_create_surface: minui/resource. C [Create surfaces for all bitmaps used later, include icons, BMP]

  • Create 2 threads: progress/input_thread [create progress show and input event handler thread]

• Get_args (): recovery. c

  • Get_bootloader_message (): bootloader. C [read mtdblock0 (Misc partition) 2nd page for CommandLine]

  • Check if nand misc partition has boot message. If yes, fill argc/argv.

  • If no, get arguments from/Cache/recovery/command, and fill argc/argv.

  • Set_bootloader_message (): bootloader. C [set bootloader message back to mtdblock0]

• Parser argv [] filled abve

• Register_update_commands (): commands. C [register all commands with name and hook function]

  • Registercommand (): commands. c

    • Register command with name, Hook, type, Cookie.

    • Commands, e. g: assert, delete, copy_dir, symlink, write_raw_image.

  • Registerfunction (): commands. c

    • Register function with name, Hook, Cookie.

    • Function, e. g: get_mark, matches, getprop, file_contains

• Install_package ():

  • Translate_root_path (): roots. C ["system: lib" and turns it into a string like "/system/lib", translate the updater.zip path]

  • Mzopenziparchive (): Zip. C [open updater.zip file (uncompass)]

  • Handle_update_package (): Install. c

    • Verify_jar_signature (): verifier. C [verify signature with keys. inc key; Verify manifest and zip package Archive]

      • Verifysignature () [verify the signature file: cert. SF/RSA.]

        • Digestentry (): verifier. C [get SHA-1 digest of cert. SF file]

        • Rsa_verify (Public Key: keys. INC, signature: cert. RSA, cert. SF's Digest): libc/RSA. c [verify a 2048 bit RSA pkcs1.5 signature against an expected SHA-1 hash. use public key to decrypt the cert. RSA
          To get original Sha digest, then compare to digest of cert. SF]

      • Verifymanifest () [get manifest SHA1-Digest from cert. SF. Then do digest to manifest. MF. Compare them]

      • Verifyarchive () [verify all the files in update.zip with digest listed in manifest. MF]

    • Find_update_script (): Install. C [find META-INF/COM/Google/Android/update-script Updater script]

    • Handle_update_script (): Install. C [read cmds from script file, and do parser, exec]

      • Parseamendscript (): Amend. C [Call yyparse () to parse to command]

      • Execommandlist (): Install. c

        • Execommand (): Execute. C [Call Command hook function]

• Erase data/cache Partition

• Prompt_and_wait (): recovery. C [wait for user input: 1) reboot 2) update.zip 3) Wipe Data]

  • Ui_key_xxx get Alt + X keys

  • 1) do nothing

  • 2) install_package ('sdcard: update.zip ')

  • 3) erase_root () → format_root_device () Data/Cache

• May_install_firmware_update (): firmware. C [remember_firmware_update () is called by write_hboot/radio_image command, it stores the bootloader image to cache partition, and write Update-hboot/Radio
  Command to MISC partition for Bootloader message to let bootloader update itself after reboot]

  • Set_bootloader_message ()

  • Write_update_for_bootloader (): bootloader. C [write firmware image into cache partition with update_header, busyimage and failimage]

• Finish_recovery (): recovery. c [clear the recovery command and prepare to boot a (hopefully working) system, copy our log file to cache as well (for the system to read), and record any intent
  We were asked to communicate back to the system.]

• Reboot ()

Recovery mode Flowchart
The following flowchart illustrates the process of loading bootloader from startup.