How to unpack, edit, repackage boot images

Howto:unpack, Edit, and RePack Boot Images

http://forum.xda-developers.com/showthread.php?t=443994

Several people had already figured out the details on their own, but I had gotten requests to does a more comprehensive tu Torial on how the boot and recovery images is structured, and how can edit them.

Some friends have figured out their doubts, but many friends still want a more detailed tutorial on how the boot and recovery images are made, and how do you edit them?

Background
Your phone have several devices which hold different parts of the filesystem:

Different devices in the phone (partition?) ) has a different file system.

Code:

#cat/proc/mtddev:    size   erasesize  namemtd0:00040000 00020000 "misc" mtd1:00500000 00020000 "Recovery" mtd2:00280000 00020000 "boot" mtd3:04380000 00020000 "System" mtd4:04380000 00020000 "cache" mtd5:04ac0000 00020000 "user Data

In this tutorial, we'll deal with "recovery" and "boot". The "boot" device holds the files that is automatically loaded onto the root of your filesystem every time you boot (deta ILS below).
"System" holds everything that gets mounted in your system/directory, and userdata/is everything the shows up in Da ta/(This was all of the apps you ' ve installed, your preferences, etc).
The recovery and boot partitions is AT/DEV/MTD/MTD1 AND/DEV/MTD/MTD2, and before you do anything else you should BA ck These up ( Note: This is the best to doing this because it may not deal properly with bad blocks etc, But it's all we've got until somebody comes up with a better method, and besides you'll probably be restoring from UPDA Te.zip anyway):

In this tutorial, we will talk about "recovery" and "boot", and the boot partition holds the files that are loaded into the filesystem at the initial stage after each boot. "System" saves everything mounted in the system directory, "UserData" is the date directory (which wraps the app you say installs and some personal configuration, etc.). Recovery and boot partitions are in/DEV/MTD1 and/DEV/MTD2, so before you start, you have to back them up. (Note: This may not be the best way to deal with bad blocks, but there is no better way to do this before, but you can still recover through update.zip anyway.) ）

Code:

# CAT/DEV/MTD/MTD1 >/sdcard/mtd1.img# cat/dev/mtd/mtd2 >/sdcard/mtd2.img

The other thing your should do be put your favorite update.zip file into the root directory of the your SD card so that if Y OU screw up your boot partition you can boot into recovery mode and re-apply the update. You probably want one of the pre-rooted recovery images found elsewhere on the forums.
There is also another important file you should know about. In /system/recovery.img There are a full copy of everything which is loaded on MTD1. This file is automatically flashed onto MTD1 every time to shut down. That means, things:1. Any changes to directly to/dev/mtd/mtd1 get blown away on reboot and 2. If you want to change/dev/mtd/mtd1 you ' re probably better off just sticking the image in/system/recovery.img and Rebooti Ng. When creating your own custom Update.zip files (especially when adapting the stock images), you can get tripped up if you Forget to replace/system/recovery.img and it ends up OVERWRITING/DEV/MTD/MTD1 unbeknownst to you. Watch out.

Another thing you should put your favorite update.zip into your sdcard's root directory folder, if you destroy the boot partition, you can go into recovery mode and reapply the update. You can find the recovery image already rooted on the forum. Another important document you need to know is/system/recovery.img, which is a complete copy of MTD1. This file will be automatically brushed into the MTD1 after each shutdown. This means two things: 1. Any changes you make directly at/DEV/MTD/MTD1 will be restored after the reboot. 2. If you want to change/DEV/MTD/MTD1 it is best to change and restart in/system/recovery. When you make your own update.zip (especially for porting images?) ), if you forget to replace the/system/recovery.img in Update.zip, it will be written to/DEV/MTD/MTD1 by default, which will cause problems.

Structure of boot and recovery images
The boot and recovery images is not proper filesystems. Instead, they is a custom Android format consisting of a 2k header, followed by a gzipped kernel, followed by a RAMDisk, Followed by a second stage loader (optional, we had not seen these in the wild yet). This structure was outlined in Mkbootimg.h:

Structure of boot and recovery mirrors

This two image is not a standard file system. There is a 2k file header for Android customization, then a gzipped kernel, followed by a RAMDisk, the last two-stage loader (optional, most of which is not used). This structure is defined in the mkbootimg.h.

Code:

+-----------------+ | Boot Header     | 1 page+-----------------+| kernel          | n pages  +-----------------+| ramdisk         | m pages  +- ----------------+| Second Stage    | o pages+-----------------+n = (kernel_size + page_size-1)/Page_sizem = (ramdisk_size + page_size- 1)/Page_sizeo = (second_size + page_size-1)/PAGE_SIZE0. All entities is page_size aligned in FLASH1. Kernel and RAMDisk are required (size! = 0) 2. Second is optional (Second_size = = 0-no second)

A ramdisk is basically a small filesystem containing the core files needed to initialize the system. It includes the critical init process, as well as init.rc, which are where you can set many System-wide properties. If you really want to know more about it, this is the documentation. Here's a list of files on a typical ramdisk:

RAMDisk is a small file system that includes the core files of the initialization system. Includes some interrupt routine processes, as well as the init.rc of setting the system initialization properties forcefully, if you want to know more, this is the document. The following files are listed in the RAMDisk.

The Ps.ramdisk is loaded into the main memory (RAM) operating system and does not depend on the secondary storage device.

Code:

./init.trout.rc./default.prop./proc./dev./init.rc./init./sys./init.goldfish.rc./sbin./sbin/adbd./system./data

The recovery image typically has a few extra files, which constitute the recovery binary and supporting files (the Applica tion that gets run if the hold is down home+power when rebooting). These files are:

This recovery image has some other files, the recovery binaries and some supporting files (reboot press and hold home and power key to activate recovery). These files are:

PS. The keys for each phone start recovery are not the same. This article says HTC's G1.

Code:

./res./res/images./res/images/progress_bar_empty_left_round.bmp./res/images/icon_firmware_install.bmp./ res/images/indeterminate3.bmp./res/images/progress_bar_fill.bmp./res/images/progress_bar_left_round.bmp./res/ images/icon_error.bmp./res/images/indeterminate1.bmp./res/images/progress_bar_empty_right_round.bmp./res/ images/icon_firmware_error.bmp./res/images/progress_bar_right_round.bmp./res/images/indeterminate4.bmp./res/ images/indeterminate5.bmp./res/images/indeterminate6.bmp./res/images/progress_bar_empty.bmp./res/images/ Indeterminate2.bmp./res/images/icon_unpacking.bmp./res/images/icon_installing.bmp./sbin/recovery 

Unpacking, Editing, and re-packing the images
Note: below I give you the details for unpacking and repacking manually, but I had attached II Perl scripts tha t do most of the
If you is good with a hex editor, you can open up any of these images and strip off the first 2k of data. Then, look for a bunch of zeroes followed by the hex 1F 8B (which is the magic number of a gzip file). Copy everything from the first line of the file, through the zeroes, and stopping at the 1F 8B. That's the kernel. Everything from the 1F 8B through the end is the RAMDisk. You could save each of the these files separately. In order to see the contents of the RAMDisk, you need to un-gzip it and then un-cpio it. You could use a command like this (ideally after creating a new directory and CD ' ing into it):

Unpacking, editing, repackaging mirrors

Note: Below I will be able to understand the detailed methods of package and repack files, but I have put two Perl scripts to do most of your work on your behalf.

If you are good at using the 16 binary editor, you can use the 16 binary editor to open these files, the front 2k data is the head, ignore it. Then find a bunch of 0 behind with 1f 8b (this is the magic number of the gzip file). Copy the contents of the previous two. This is the kernel. From 1f to 8b is RAMDisk. You can save them separately. In order to see the contents of RAMDisk, you need to unzip, and then Up-cpio (a Linux replication Backup tool, do not know what to do with this decompression). You can use a command like this:

Code:

Gunzip-c. /your-ramdisk-file | Cpio-i

That'll place all of the files from the RAMDisk in your working directory. You can now edit them.
In order to re-create the RAMDisk, you need to re-cpio them and re-gzip those files, with a command like the following (re Member, Cpio would include everything in the current working directory, so we probably want to remove any other cruft you Might has in there):

Code:

Find. | Cpio-o-H NEWC | Gzip >. /newramdisk.cpio.gz

The final step is to combine the kernel and your new ramdisk into the full image, using the MKBOOTIMG program (which you s Hould download and compile from the Git repository):

Code:

Mkbootimg--cmdline ' no_console_suspend=1 console=null '--kernel your-kernel-file--ramdisk newramdisk.cpio.gz-o Mynewimage.img

Now, there's a lot of hassle in pulling apart files in hex editors and remembering all of these commands, so I wrote Unpac K and RePack Perl scripts for You (attached). Hooray.

Flashing your new image back onto the phone
You'll probably only ever is flashing boot images directly to the phone, given the fact that/system/recovery.img Automa Tically flashes the recovery device for you (as noted above). If you have created a new recovery image, just stick it in/system/recovery.img and reboot. If you is flashing a boot image, stick it on your phone via ADB (a tool included in the Android SDK):

Code:

ADB push./mynewimage.img/sdcard

Then, open a shell-to-your phone via ' adb shell ', get root, and do the following-commands to flash your new boot image :

Code:

# Cat/dev/zero >>/dev/mtd/mtd2   write:no space left on device [The is OK, you can ignore]# flash_image boot/ Sdcard/mynewimage.img

Reboot.
If your phone starts all the the-up, congratulations. If not, do something wrong and you'll need to boot into recovery mode and apply your Update.zip file (reboot while Ho Lding down Home+power If you get the recovery screen press alt+l and then Alt+s).

Something your new found power
If you place a file titled Initlogo.rle in the root directory of your boot image, the phone would display this image upon B Oot (After the "G1" image and before the Android animation). In order to create the this file, you need to create a 320x480 image in Photoshop or Gimp and save it as a "raw image" file. You then need to compress this image with the program to565. More details on the here.

This isn't the same thing as applying an update.zip
You'll see other places on the forums, so describe how to create customized Update.zip files, as well as Update.zip fil Es that people is sharing. For example, there is a recent update.zip which are a modified version of RC30 (with the anti-root aspects disabled). The Update.zip files include new boot images, recovery images, and typically replacements for the entire system/directory As well as other updates. If you are creating a custom boot or recovery image, it's typically a good idea to start with the image distributed with The most recent update has applied (flashing an image from an older release could has unintended consequences).

How to unpack, edit, repackage boot images