Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[DEV][HOWTO] Extracting stock firmware files from .tot files

OP SnowLeopardJB

29th December 2012, 05:48 AM   |  #1  
SnowLeopardJB's Avatar
OP Senior Member
Thanks Meter: 672
 
157 posts
Join Date:Joined: May 2011
More
Hello everyone!

First off:
DISCLAIMER: I AM NOT RESPONSIBLE FOR ANYTHING YOU DO TO YOUR PHONE WHILE USING ANY OF THE INFORMATION LOCATED BELOW. IF YOU DO NOT UNDERSTAND WHAT IS BEING DONE, PLEASE DO NOT TRY ANYTHING DONE HERE!

This is still in a VERY basic phase. I am not sure how helpful it will be, but currently, I have been able to extract some of the smaller partitions from the AT&T firmware file.

Starting off, when LGNPST is used to image a phone, it creates a log file in C:\LG Electronics\LGNPST\Models\LOG\ For example, mine was called LS970Log_COM5.log. We are really only interested in one part of this file, located close to the bottom when the phone is actually being imaged. It should look something like this:

Quote:

0Download mode locking
0Download : PrimaryGPT 0x 0 Size: 0x 512Kb, File Offset: 0x 100000
0 3.182994E-313mmc Init
0Partition Count : 35================================================ ======
0================================================= =====

0Download : modem 0x 800000 Size: 0x 54272Kb, File Offset: 0x 180000
0Download : sbl1 0x4800000 Size: 0x 512Kb, File Offset: 0x3680000
0Download : sbl2 0x4880000 Size: 0x 512Kb, File Offset: 0x3700000
0Download : sbl3 0x4900000 Size: 0x 1024Kb, File Offset: 0x3780000
0Download : aboot 0x4b00000 Size: 0x 512Kb, File Offset: 0x3880000
0Download : rpm 0x4b80000 Size: 0x 512Kb, File Offset: 0x3900000
0Download : boot 0x5000000 Size: 0x 7168Kb, File Offset: 0x3980000
0Download : tz 0x6800000 Size: 0x 512Kb, File Offset: 0x4080000
0(null)kip misc Partition
0Download : system 0xb000000 Size: 0x 131072Kb, File Offset: 0x4900000
0Download : system 0x13000000 Size: 0x 512Kb, File Offset: 0xc900000
0Download : system 0x1325e000 Size: 0x 129024Kb, File Offset: 0xc980000
0Download : system 0x1b1fd000 Size: 0x 129536Kb, File Offset: 0x14780000
0Download : system 0x2325e000 Size: 0x 129024Kb, File Offset: 0x1c600000
0Download : system 0x2b1fd000 Size: 0x 129536Kb, File Offset: 0x24400000
0Download : system 0x3325e000 Size: 0x 129024Kb, File Offset: 0x2c280000
0Download : system 0x3b1fd000 Size: 0x 129536Kb, File Offset: 0x34080000
0Download : system 0x4325e000 Size: 0x 129024Kb, File Offset: 0x3bf00000
0Download : system 0x4b1fd000 Size: 0x 76800Kb, File Offset: 0x43d00000
0Download : system 0x53000000 Size: 0x 512Kb, File Offset: 0x48800000
0Download : system 0x5b000000 Size: 0x 512Kb, File Offset: 0x48880000
0Download : system 0x63000000 Size: 0x 512Kb, File Offset: 0x48900000
0Download : persist 0x7a800000 Size: 0x 4608Kb, File Offset: 0x48980000
0Download : recovery 0x8b000000 Size: 0x 8192Kb, File Offset: 0x48e00000
0Download : BackupGPT 0xab380000 Size: 0x 512Kb, File Offset: 0x49600000
0
************************************************** *******************************************


What do we see that is important here? Image sizes and offsets for data in the file! For example, lets take the boot partition.

Quote:

0Download : boot 0x5000000 Size: 0x 7168Kb, File Offset: 0x3980000

We have a offset of 0x3980000 and a size of 7168Kb. That converts to an equivalent of an offset of 60293120 bytes and a size of 7340032 bytes (I really hope I got that right. As I'm sitting here writing this, I'm thinking of how many different ways I could have messed up that calculation...)

Here, I am using dd on linux in order to separate the partitions from the binary file, but it can be done using equivalent tools on windows.

Quote:

$ dd bs=1 skip=60293120 count=7340032 if=LGE970AT-00-V10o-ATT-US-SEP-29-2012+0.tot of=boot.img

Basically, what I am doing here is copying 7340032 bytes, starting at byte 60293120, from the .tot file to boot.img.

Now, lets check out the backups made with FreeGee when you unlock, to see if it matches with what was actually written to the phone. In order to see if they are equal, we need to trim the backup, because the backup that is taken is actually of the entire partition, not just the actual data.

Quote:

$ dd bs=1 count=7340032 if=boot-att-backup.img of=boot-att-backup-trimmed.img

This is doing basically the same, starting at the first byte, copying 7340032 bytes to boot-att-backup-trimmed.img. This is just making sure you only get the same amount of data that was written.

Now, If of course we want to see if the data is actually the same, so we will also use the diff command, also found on linux, and I'm sure is also available on windows.

Quote:

$ diff -s boot.img boot-att-backup-trimmed.img

If both files are identical, which means everything was done correctly, this should result in the output "Files boot.img and boot-att-backup-trimmed.img are identical", which it does! (The -s flag makes diff report identical files.)

So, now that we know that we can successfully extract the boot partition, I also tried this with the aboot partition, and it worked as well! I have not had success extracting the system partition yet, as it is split up into several partitions. I was hoping that someone with more knowledge could piece together a system image. Enjoy
The Following 6 Users Say Thank You to SnowLeopardJB For This Useful Post: [ View ]
30th December 2012, 09:21 AM   |  #2  
Senior Member
Flag Mississauga
Thanks Meter: 440
 
305 posts
Join Date:Joined: Mar 2012
Donate to Me
More
Quote:
Originally Posted by SnowLeopardJB

Hello everyone!

First off:
DISCLAIMER: I AM NOT RESPONSIBLE FOR ANYTHING YOU DO TO YOUR PHONE WHILE USING ANY OF THE INFORMATION LOCATED BELOW. IF YOU DO NOT UNDERSTAND WHAT IS BEING DONE, PLEASE DO NOT TRY ANYTHING DONE HERE!

This is still in a VERY basic phase. I am not sure how helpful it will be, but currently, I have been able to extract some of the smaller partitions from the AT&T firmware file.

Starting off, when LGNPST is used to image a phone, it creates a log file in C:\LG Electronics\LGNPST\Models\LOG\ For example, mine was called LS970Log_COM5.log. We are really only interested in one part of this file, located close to the bottom when the phone is actually being imaged. It should look something like this:




What do we see that is important here? Image sizes and offsets for data in the file! For example, lets take the boot partition.



We have a offset of 0x3980000 and a size of 7168Kb. That converts to an equivalent of an offset of 60293120 bytes and a size of 7340032 bytes (I really hope I got that right. As I'm sitting here writing this, I'm thinking of how many different ways I could have messed up that calculation...)

Here, I am using dd on linux in order to separate the partitions from the binary file, but it can be done using equivalent tools on windows.



Basically, what I am doing here is copying 7340032 bytes, starting at byte 60293120, from the .tot file to boot.img.

Now, lets check out the backups made with FreeGee when you unlock, to see if it matches with what was actually written to the phone. In order to see if they are equal, we need to trim the backup, because the backup that is taken is actually of the entire partition, not just the actual data.



This is doing basically the same, starting at the first byte, copying 7340032 bytes to boot-att-backup-trimmed.img. This is just making sure you only get the same amount of data that was written.

Now, If of course we want to see if the data is actually the same, so we will also use the diff command, also found on linux, and I'm sure is also available on windows.



If both files are identical, which means everything was done correctly, this should result in the output "Files boot.img and boot-att-backup-trimmed.img are identical", which it does! (The -s flag makes diff report identical files.)

So, now that we know that we can successfully extract the boot partition, I also tried this with the aboot partition, and it worked as well! I have not had success extracting the system partition yet, as it is split up into several partitions. I was hoping that someone with more knowledge could piece together a system image. Enjoy

would it be possible to guide me through this from the very beginning? i want to start cooking for this device, but i need a legit flashable Rom. Please and Thank you.
30th December 2012, 09:35 AM   |  #3  
SnowLeopardJB's Avatar
OP Senior Member
Thanks Meter: 672
 
157 posts
Join Date:Joined: May 2011
More
You are most likely better off just pulling a system image off your device. So, if you are rooted, you can pull your system with something like this:
Quote:

# busybox tar cf /sdcard/system.tar /system/*

That should give you all of the system files all together in a tar archive on your internal sdcard.
31st December 2012, 06:43 AM   |  #4  
evodev's Avatar
Senior Member
Flag LA county
Thanks Meter: 151
 
391 posts
Join Date:Joined: May 2012
More
I messaged you, but is there any way to use this on the Sprint version to create a flashable .zip?
6th November 2013, 12:51 AM   |  #5  
spdwiz18's Avatar
Senior Member
Flag st. charles Missouri
Thanks Meter: 161
 
398 posts
Join Date:Joined: Sep 2010
More
sorry about the resurrection,

but has there been any progress made on this? More of a curiosity, then anything.

Thanks
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes