Android recovery Working Principle

Source: Internet
Author: User

Http://www.itqun.net/content-detail/76360_2.html

What is Android recovery? What functions does the Android system recovery provide? See:Http://www.anzhuoba.com/thread-5984-1-1.html ]! ^ "? 2 P/N-B-J0 I $ V;

% | 0 d $ W8 {4G! M ^
The Android system uses the recovery mode to restore factory settings, OTA upgrades, patch upgrades, firmware upgrades, and system backup. The strength and weakness of the recovery mode function are related to the recovery image software version, that is, the number of features that developers can add to the recovery image when creating the recovery image. This is a completely feasible task.
1 D: N % H 'r$ B9} $ Z, V3 K7} "}-C;] 'H) \ 8 Z-W ({
1. Introduction to recovery upgrade
. D 'f3]. J + d (P: ^ *] upgrade is generally performed by running the META-INF/COM/Google/Android/update-Script script in the upgrade package, the script contains a set of UI control that the recovery system can recognize, file system operation commands, such as write_raw_image (write flash partition) and copy_dir (copy directory ). This package is generally downloaded to the sdcard and cache partitions. If you are interested in the content of this package, can you go from the http://forum.xda-developers.com/showthread.php? T = 442480 download the JF upgrade package. 3
D + [5x3 W0 X! Y) '-F5 I
The upgrade also involves the package's digital signature. The signature method is not bad with the normal JAR file signature. The public key will be hard compiled into recovery and generated at: Out/target/product/XX/obj/packaging/ota_keys_inc_intermediates/keys. inc2 C. O-o! D) X: W & P7? * O (G

% J "B5 o # T $ q % G5}Ii. Three startup modes of the android System
# '& G3 ?; H0} 8 M8 A9 C here we use the G1 mobile phone as an example to learn about the recovery mechanism. The subsequent Android versions may be slightly different, but they are similar. 6]-G2 V! Q) V, N "I
The magic key operations on the G1 mobile phone include:
*? +} * A; R9 V1 v % [& X (1) Camera + power: bootloader mode, which can be used in ADP
, B % J "x + [! A (2) Home + power: recovery mode
! @ 'G; l' C (R + V; O & \: Q-K5 Bg1 mobile phones have three normal start modes, or three bootloader boot modes. Sort by command in BCB (bootloader control block, as described in the next section:
-O8 I + o8 o! A2 u'v (1) command = 'boot-recovery '→ start recovery. IMG. Recovery mode
! N4 g E5 H/J + m2 y (2) command = 'Update-Radio/hboot' → update firmware (bootloader)
/N-W4 G-M, _ + Y ,[(~ 8 V (3) Others → start boot. img
1 {6 B # A8 Z "[) @ 'f3 {# U' t/R9] 7} 6 B
Iii. Other systems and files involved in rediscovery
5 F-\ 3 C! P6 M0 t
D *?! O/N4 Y2 _ 2 Z1. cache partition File
* D & ^ 5 '! [0 {2 F $ f * \ * n 'a * @ 'K recovery tool deals with the Master System through the three files on the NAND cache partition. Master System (including restoring factory settings and % | * R7 R "J "? 6 A2 U, Q
OTA update) you can write the commands required for recovery to read the logs and intent during the recovery process. 3 M: q0 W9 F! V, '# ^ 8 B "E
1)/Cache/recovery/command: the recovery command, written by the main system. All the commands are as follows: 7 H6 E: E ,? /K5 K
-- Send_intent = anystring-write the text out to recovery. Intent
: C-C6 A6 [5 n' ^ # X6 Z-I/D -- update_package = root: Path-verify install an OTA package file8 |, W7 I)! T ++ ~
-- Wipe_data-erase user data (and cache), then reboot9 C8 | '] # C0 T + F
-- Wipe_cache-Wipe cache (but not user data), then reboot _ 5 W9 V/Z, Y; P: R4 p * J "Q
2)/Cache/recovery/log: the recovery process log, which is read by the main system.
& M2 F1 s! O5 A. G6 q0 O + w y 'a 3)/Cache/recovery/intent: intent. R' output by recovery '? 2 Z L7 E & O) K4 a u
& B O1 @: @ 7 J! W)]) [
2. Misc partition content, U1 t "D3 J! B) \ 8 ?! V j: t "E % _ 7 y
The bootloader control block (BCB) stores the recovery bootloader message. ) S6 '2 W3 G $ '/h! V8 e # O
The structure is as follows:
8} * S. x0 J-u struct bootloader_message {
2 Z) V "E ('& H9 F-N char Command [32]; 9 Q1 T: F" P4 o! B6 F
Char status [32]; // unknown purpose; C: S. Z! B9 x
Char recovery [1024]; 7 D9 G4 d $ w *?) K5 R/o
}; 'P $ [,? 3G * \ 'w1'/V0 m
Command can have the following two values:
(] (B. i/O ^ "B z/D" H4 h) N 1) boot-recovery: indicates that the recovery ing is in progress, or indicates that the bootloader should enter the recovery mode % F; L & q1 O. @ 9g * z
2) Update-hboot/Radio: indicates that bootloader updates firmware.
-? 0 L * V2 A0 J # U1 K $ V # Z recovery value:
8 _ 9 s # S, O (Listen L5 T2 N & L * L4 Z 1) <recovery command>
4 t "U1 W (O5 Y: R # E; V" Y: P where the recovery command is cache:/recovery/command.
(C9 G7] S6 p-Z # Z $ G4 T4 B1 N) R1 T (n, F7 W n
Iv. Analysis of Two Operations9 | ^ 7 L7 S-V9 G8] "y0 T % B

3 h) | # I9 Y4 m1. factory reset (Restore factory settings)
"? -Y & E7 W $ R;] J2 I) M 1) Select "Restore factory settings" E. L; L) C * | # S. K; G
2) set the system to write the "-- wipe_data" command to/Cache/recovery/command
6 B + W $ s 'o2], R. {$ W 3) restart the system and enter recover mode (/sbin/recovery) 4 O1 S $. n1 L, F0 v a $ R
4) get_args () writes "boot-recovery" and "-- wipe_data" to BCB (bootloader control block) 2 N & i7 A6 E & F0 M6 Q2 I * o % t
5) erase_root () format (erase) Data Partition
"T. X; G0 S5 h ${5 Q 6) erase_root () format (erase) cache Partition
5 Q4 R0 Q: H 'P/_:] 7) finish_recovery () Erase BCB # B/N2 _. z6! O5 F3 O Z
8) restart the system $ W & J0 X "m) k'c9 K2 ~

7 U *] & {0 E4 P & A5 X 'q2 x9 H2. Ota install (OTA update)$ O V :? -? 1 y' U:] 5 o
1) Upgrade the system to download the OTA package to/Cache/some-filename.zip
; S! ^ J2 ^) l "~ 6 y 2) upgrade system write recovery command "-- update_package = cache: some-filename.zip"/D3 F % C "{'P
3) restart and enter the recovery mode 7 K7 N4 J $ E3]! Q: {) N4 ~
4) get_args () writes "boot-recovery" and "-- update_package =..." To BCB & U4 R! D7 E1 M6 J4 ^-o
5) install_package () for upgrade 'v! C8 F $ G9 S0 T ([5 S; y
6) finish_recovery () erased BCB
* F * U/F9 V7 M & Z 7) ** if the installation package fails ** prompt_and_wait, select Alt + S or Alt + W to upgrade or restore the factory settings 4 Y & Y8 _. o9 | "M $ \ 5 h
8) Main () calls maybe_install_firmware_update () 5 S) B "D1 F-J/f B (n
8.1) if the firmware of hboot/radio is contained in the package, continue. Otherwise, & }# l0 k'q-I % B $ g % i8 H is returned.
8.2) write "boot-recovery" and "-- wipe_cache" to BCB
; E, P6 y @. G5 W3 C 8.3) Write firmware image to the cache partition: W & Q4 K "x s y, I
8.4) write "Update-Radio/hboot" and "-- wipe_cache" to BCB, M7 G1 j9 A2 y'e * F
8.5) restart the system
0 T "Z 'f8 O. A 8.6) bootloader updates firmware
+} 5 D0 P7 P2 @: Z3 \ 8.7) bootloader writes "boot-recovery" to BCB
% X5] + {2 S % F! S5 D (M, A6 ~ % O 8.8) erase_root () erased cache partition & S + W7 s) U, I6 K % A) N2 O
8.9) Clear BCB
6 Z/G $ ^ 1 y * t 'P 9) Main () call reboot () to restart the system
"N7 E % B3 U/D3 M0 y0 M1 C-B1 A (z * K0 @ 1 I1 {
V. recovery mode process
3 P5 @ 2 H * E8 l 'G '? 6'2 u
. H3 T (H % S % I/init → init. RC →/sbin/recovery →
9 H7 [0 ^ $ W 't9 Q/F9 [L. V6 F % 'v0 V' Y4 s
Main (): recovery. C:
8 v/w $ p-G1 F % E 'z3 _ 5 Q & @ % F ui_init (): Ui. C [UI initialize]
+ G0 s 'o! A6 D gr_init (): minui/graphics. C [set tty0 to graphic mode, open fb0]
K-X (] 'G, J ev_init (): minui/events. C [open/dev/input/event *]
+ R, z f + O) Z + E * r$ U res_create_surface: minui/resource. C [Create surfaces for all bitmaps used
: U-Q. R6 o8 D2 n later, include icons, bmp s] + \ & L. [. m1 [1 J # J
Create 2 threads: progress/input_thread [create progress show and input event
"T3 S & O * M & |) E. D & A/G handler thread]
* V; @ % Q A5 l get_args (): recovery. c
) H! L # J * O1? 1 W0 s) X _ get_bootloader_message (): bootloader. C [read mtdblock0 (Misc partition) 2nd page
"J & G0 U: P2 N for CommandLine]
; S6 Z! D * X1}; L + ^: T check if nand misc partition has boot message. If yes, fill argc/argv. $ {-] 9 V "W )? (B "}, u
If no, get arguments from/Cache/recovery/command, and fill argc/argv.
8 M0 [9 J: {u # \ set_bootloader_message (): bootloader. C [set bootloader message back to mtdblock0]
) Q * '6 M8 U $ H parser argv [] filled above F6 T & _. [1 _ 5 Q7 P4 H (R
Register_update_commands (): commands. C [register all commands with name + m2 C % V' V (B! B0 W8 v
And hook function]
2 F2 A (M! G + P; Y & H-K % K registercommand (): commands. c
9 N * '2 C & ^ % _ 3 z * F1 y6 H register command with name, Hook, type, Cookie.
# B, T + B "_ 0 I, E! G8 ~ 3 O: D commands, e. g: assert, delete, copy_dir, symlink, write_raw_image.
. Q3 H, J. K1 w c * x registerfunction (): commands. c
% S4 W # B; L's/Q3 | $ R "S8 v register function with name, Hook, Cookie.
7 O1 l 'w3 W0 [5 r)}; P1 S7 K "Z (J function, E. g: get_mark, matches, getprop, file_contains (W-A + I, I, [9 p (f (V
Install_package (): 8 GB "@ 9 S * N2 w-'" Y
Translate_root_path (): roots. C ["system: lib" and turns it into a string l8 ^ (J! R & O
Like "/system/lib", translate the updater.zip path] 7 Z2 H "H: J + I; U. {: E; C7 D9 K
Mzopenziparchive (): Zip. C [open updater.zip file (uncompass)]
+ T + x/R; K9 t handle_update_package (): Install. C (H & {3 [. C # X6 d
Verify_jar_signature (): verifier. C [verify signature with keys. inc key; Verify
; _: M3 T5 K # T manifest and zip package Archive] "X3 H9 G0 G & Y N7 I
Verifysignature () [verify the signature file: cert. SF/RSA.] & F9 M! T9 h} # P! '
Digestentry (): verifier. C [get SHA-1 digest of cert. SF file]
4 m. H * B & ^ $ O (h6 M % t; \ % I, P rsa_verify (Public Key: keys. INC, signature: cert. RSA, cert. SF's Digest):/m. d. Z '?. W7 C/H + S3 t
Libc/RSA. C [verify a 2048 bit RSA pkcs1.5 signature against an expected. P/B * p * r + q
SHA-1 hash. Use public key to decrypt the CERT. RSA to get
! '3 ';? & A 'd3 F original Sha digest, then compare to digest of cert. SF]
3 W2 p) G # Z, O, d $ d) K "| verifymanifest () [get manifest SHA1-Digest from cert. SF. then do digest to + '; y $ Z2 Y % Y: ^) O4 [9 o
Manifest. MF. Compare them]
# O $ P: Z, P0 n8 C + F verifyarchive () [verify all the files in update.zip with digest listed in 0] (A4 B8 '. t7 '/C # g l-C
Manifest. MF] 7 I + | 1 g/w! _ 2 V
Find_update_script (): Install. C [find META-INF/COM/Google/Android/update-
! E & O0 K7 T2 o script Updater script]
! H (S4 \: V4 C/G7 H ({'x handle_update_script (): Install. C [read cmds from script file, and do parser,
: P: F4 P: U6 L + W8 D & E exec] (T & M6 h. R # l
Parseamendscript (): Amend. C [Call yyparse () to parse to command]
; L4 K' | 8 C & N2 P # J execommandlist (): Install. C; L + p) F "@, K7 U % G, C & X 'K
Execommand (): Execute. C [Call Command hook function]/K-U6 T6 E0 a3 ~ 3 x
Erase data/cache Partition
9 B6 G-I6 M-I. g. | "U2 C6] prompt_and_wait (): recovery. c [wait for user input: 1) reboot 2) update.zip-S/g. O # Z, R. [) X3 Q
3) Wipe Data]
) W2 O5 R % P "F & X! ~ 6 E3 R * '* x + F ui_key_xxx get Alt + X keys! [) I2 @ * f0 G1 V1 t) o6 S/B; ^ 8 t
1) do nothing
"M9 v) W & R # u! C4 N 2) install_package ('sdcard: update.zip ')
$ C-V (R "Y1 M4 Q; E % J 3) erase_root () → format_root_device () Data/cache3 D2 x'h; T * r ,\
May_install_firmware_update (): firmware. C [remember_firmware_update () is
7 Q7 L; H + t r-I % l called by write_hboot/radio_image command, it stores the bootloader Image
! Z1 V1 T # Q-Q5 T-N # X3 h to cache partition, and write Update-hboot/radio command to MISC Partition
$ N7 \/K5 K) e 'f for Bootloader message to let bootloader update itself after reboot]
6 V # Z! S * E/V % O: D & n set_bootloader_message (); W; q/O5 [9 J # V
Write_update_for_bootloader (): bootloader. C [write firmware image into cache (n! M $ ^: G7 t) B0 [# B 'E9 L # l
Partition with update_header, busyimage and failimage] 8 J: N & Q, J2 G! ] 1 C & U # K
Finish_recovery (): recovery. C [clear the recovery command and prepare
H2 W. P $ R; V1 N "e # z7 W: L-B5 o boot a (hopefully working) system, copy our log file to cache as well (
"Q & Y @ n: \ The system to read), and record any intent we were asked to communicate back
, B * Q7 O (k0 K: J ''1G to the system.]. X: R) J4 A * E (D3 N $ s
! @ 8 [: ^ # L $ X1 I % O
Reboot () 0 n % y6 D5 X2 H

:]-M3 N6 N4 O2 i8 D-] # T + H; Q8 F-R (Q8 U/F
% [7 x &} (Y "B + A * I
Vi. recovery mode Flowchart
# O + F5? /Y7 H9 G6] & |) the following flowchart illustrates the process of loading bootloader from startup.
, R8 ~ 3 Z2 C * Z3 B (B $ N2011-10-24 04:49:27 upload

Download Attachment(27.25 KB)

'N1 J4 R7 F; [5 o6 X5 T2011-10-24 04:49:29 upload

Download Attachment(51 KB)

$? : M & R, J m2? 1 D # D "J:

Http://www.anzhuoba.com/thread-5985-1-1.html

04:59:48 upload

Download Attachment(30.24 KB)

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.