FORUMS
Remove All Ads from XDA

[GUIDE][TOOL][v1.2]-=Solved=-The Google Splash Sceen & Bootloader Graphics

180 posts
Thanks Meter: 390
 
By makers_mark, Senior Member on 27th May 2014, 09:46 AM
Post Reply Email Thread
22nd November 2014, 11:24 PM |#31  
makers_mark's Avatar
OP Senior Member
Flag Kings Mountain
Thanks Meter: 390
 
More

The rest of the images are behind this button:






 
 
31st January 2015, 07:14 AM |#32  
Senior Member
Thanks Meter: 31
 
More
Hi Makers_Mark.
I've tried to follow along with your commentary here so that I could mod my N7-2013 Deb boot screen. (It uses the bootloader-deb-flo-04.04.img)
Firstly, even though I haven't been able to follow it to conduct the mod, thanks for the informative write up - I managed to get the gist of it

My Nexus 7-2013 is mounted in the dash of my car, in a reverse landscape orientation.
All I'd like to change for the splash screen is to remove the Google text (just replace it with black) and to turn the padlock 90 degrees (so it's upright when the tablet is in reverse landscape). Fairly simple (I think).
Is there any chance you can do a very quick write up for me on this so I can do the mod?

I just haven't managed to connect the dots between your commentary and what I'm trying to do.

Thanks in advance
3rd November 2016, 04:55 AM |#33  
osm0sis's Avatar
Recognized Developer / Recognized Contributor
Flag Halifax
Thanks Meter: 21,056
 
Donate to Me
More
Since the Nexus 2013 is now EOL for OTA updates, here are the highlights I just found for our final bootloader:

bootloader-flo-flo-04.08.img
4 byte pp
bgr0
(offsets are in decimal)

logo:
search string 9C030000 00000000 01000000 09090900
size 518x179
length 43768

offset 1187772 (311688 in aboot)
offset 3270044 (2393960 in aboot)
offset 3955364 (3079280 in aboot)
offset - (3167460 in aboot only)

lock:
search string 1C000000 00000000 01000000 24242400
size 72x94
length 4616

offset 1127848 (251764 in aboot)
offset 1267360 (391276 in aboot)
offset 3102124 (2226040 in aboot)

Worth restating that the corresponding partition on-device containing the images, mmcblk0p12 (as mentioned several times by @makers_mark), is named aboot. When the device is locked, abootb (mmcblk0p19) is a byte-for-byte copy of aboot with the exception of the bootloader's lockstate storage area located near 5242368 with another "ANDROID-BOOT!". When unlocked this is also the case, and the only further change is at the lockstate offset in aboot.

Also.. *cough*

Now.. to generate a replacement image and see about hacking it in...
The Following User Says Thank You to osm0sis For This Useful Post: [ View ]
3rd November 2016, 09:23 AM |#34  
makers_mark's Avatar
OP Senior Member
Flag Kings Mountain
Thanks Meter: 390
 
More
Quote:
Originally Posted by osm0sis

Since the Nexus 2013 is now EOL for OTA updates, here are the highlights I just found for our final bootloader:

bootloader-flo-flo-04.08.img
4 byte pp
bgr0

logo:
search string 9C030000 00000000 01000000 09090900
size 518x179
length 43768

offset 1187772 (311688 in aboot)
offset 3270044 (2393960 in aboot)
offset 3955364 (3079280 in aboot)
offset - (3167460 in aboot only)

lock:
search string 1C000000 00000000 01000000 24242400
size 72x94
length 4616

offset 1127848 (251764 in aboot)
offset 1267360 (391276 in aboot)
offset 3102124 (2226040 in aboot)

Worth restating that the corresponding partition on-device containing the images, mmcblk0p12 (as mentioned several times by @makers_mark), is named aboot. When the device is locked, abootb (mmcblk0p19) is a byte-for-byte copy of aboot with the exception of the bootloader's lockstate storage area located near 5242368 with another "ANDROID-BOOT!". When unlocked this is also the case, and the only further change is at the lockstate offset.

Also.. *cough*

Now.. to generate a replacement image and see about hacking it in...

I will make a lock image that has a long white line ,corresponding to their oblivious pixel, and replace it in all three spots. It will contain no more and no less data (no padding in testing scenarios). If you want to "dd" it to the partition or use otherwise "cough" mentions, then feel free. Very nice find there. I used a popular internet archive to get the source (thread) that I was referring to. The cough seems about the same caliber as far as knowledge and insight.

Let me know if you want me to make a 4.08 bootloader for you. I will not go off of your offsets, I will re-verify all that and quintuple check everything. You can do the same as well if you want to be extra sure. If that was the case we would have bianrily exact files. When I wrote this thread, the N7 was the only (and first) android that I owned. Hence it was not sacrificial to me, but an enjoyment that I couldn't just test like that. It is dead now (probably just the battery) and getting ready to set sail on an equitable distribution-end of life garbage cycle, or straight to the data recovery center for cheating wives who want to find any dirt they can to make themselves look better

The Following User Says Thank You to makers_mark For This Useful Post: [ View ] Gift makers_mark Ad-Free
3rd November 2016, 09:42 AM |#35  
osm0sis's Avatar
Recognized Developer / Recognized Contributor
Flag Halifax
Thanks Meter: 21,056
 
Donate to Me
More
Quote:
Originally Posted by makers_mark

I will make a lock image that has a long white line ,corresponding to their oblivious pixel, and replace it in all three spots. It will contain no more and no less data (no padding in testing scenarios). If you want to "dd" it to the partition or use otherwise "cough" mentions, then feel free. Very nice find there. I used a popular internet archive to get the source (thread) that I was referring to. The cough seems about the same caliber as far as knowledge and insight.

Let me know if you want me to make a 4.08 bootloader for you. I will not go off of your offsets, I will re-verify all that and quintuple check everything. You can do the same as well if you want to be extra sure. If that was the case we would have bianrily exact files. When I wrote this thread, the N7 was the only (and first) android that I owned. Hence it was not sacrificial to me, but an enjoyment that I couldn't just test like that. It is dead now (probably just the battery) and getting ready to set sail on an equitable distribution-end of life garbage cycle, or straight to the data recovery center for cheating wives who want to find any dirt they can to make themselves look better

Hmm, I'll have to check out the popular internet archives since perhaps the pictures, etc. would still be intact in their coughs..

I tried hacking the bootloader.img already and fastboot throws a "signature failed!" error, so it seems aboot is the only way to go.

I decided to get crazy with it so I already tried replacing the lock image with the new version in all 3 places in aboot and flashing it and it hard bricked my device. But not so hard that I couldn't recover it myself with some more poking around.

So it seems your original assessment may have been correct, or perhaps I was just a bit cavalier since the new lock image was shorter in data length than the old and required some minor 00 padding. Since I can reliably recover my device (tried it again by fully zeroing aboot), I'm definitely up for some more testing, and agree that a more methodic/scientific approach where the data is the same length (perhaps just changing a single pixel or something to start with) would probably be the best approach.
The Following User Says Thank You to osm0sis For This Useful Post: [ View ]
3rd November 2016, 11:24 AM |#36  
makers_mark's Avatar
OP Senior Member
Flag Kings Mountain
Thanks Meter: 390
 
More
Quote:
Originally Posted by osm0sis

Hmm, I'll have to check out the popular internet archives since perhaps the pictures, etc. would still be intact in their coughs..

I tried hacking the bootloader.img already and fastboot throws a "signature failed!" error, so it seems aboot is the only way to go.

I decided to get crazy with it so I already tried replacing the lock image with the new version in all 3 places in aboot and flashing it and it hard bricked my device. But not so hard that I couldn't recover it myself with some more poking around.

So it seems your original assessment may have been correct, or perhaps I was just a bit cavalier since the new lock image was shorter in data length than the old and required some minor 00 padding. Since I can reliably recover my device (tried it again by fully zeroing aboot), I'm definitely up for some more testing, and agree that a more methodic/scientific approach where the data is the same length (perhaps just changing a single pixel or something to start with) would probably be the best approach.

Attached is my aboot.img backup for you to modify and generate your tests.

You have done your research on the bootloader in question, and maximized efficiency in a recovery of a failed attempt. Good job!
One of the good things about RLE (pertaining to this particular scenario) is that you don't have to alter just one pixel to make the image size the same. That is actually really difficult based on the image. I was simply putting out there the random white dot at the bottom right of the lock as a "shove it" move, whereas the ideal way would be to move some pixels that do not go from a white/grey to another white/grey (or black/grey vice versa). The solution was obvious (after the fact):

. It is the exact same size and doesn't have to mess with any of the grey areas, and should not be hard to recognize if it takes and boots. I just made a black line white by changing 000 at byte 2884 (in the cut out image, not the complete bootloader) to ÿÿÿ. Here is the data for it.
Attached Files
File Type: zip lock.zip - [Click for QR Code] (4.6 KB, 6 views)
The Following User Says Thank You to makers_mark For This Useful Post: [ View ] Gift makers_mark Ad-Free
3rd November 2016, 09:33 PM |#37  
osm0sis's Avatar
Recognized Developer / Recognized Contributor
Flag Halifax
Thanks Meter: 21,056
 
Donate to Me
More
Quote:
Originally Posted by makers_mark

You have done your research on the bootloader in question, and maximized efficiency in a recovery of a failed attempt. Good job!
One of the good things about RLE (pertaining to this particular scenario) is that you don't have to alter just one pixel to make the image size the same. That is actually really difficult based on the image. I was simply putting out there the random white dot at the bottom right of the lock as a "shove it" move, whereas the ideal way would be to move some pixels that do not go from a white/grey to another white/grey (or black/grey vice versa). The solution was obvious (after the fact):


It is the exact same size and doesn't have to mess with any of the grey areas, and should not be hard to recognize if it takes and boots. I just made a black line white by changing 000 at byte 2884 (in the cut out image, not the complete bootloader) to ÿÿÿ. Here is the data for it.

No luck. Tried it in all 3 locations, tried it in only last 2 and last 1 just to see, and still nothing. Then returned to untouched manually by changing the bytes back and flashing that, and that unbricked with no issue (just to rule out something weird with the editing/flashing process).

I guess our only hope would be to figure out where/how the signature is stored and update it (probably trustzone/tz?), but the same could be said for a whole bootloader.img and that might be a safer prospect mediated by fastboot. And of course figuring out the signing procedure/key might be next to impossible. No new logo for us.
Post Reply Subscribe to Thread

Tags
google splash bootloader nexus rle
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes