FORUMS

[HOW TO] Extract kernel image from the Samsung Galaxy S5 VZW firmware

1 posts
Thanks Meter: 0
 
By roman.blachman, Junior Member on 26th May 2014, 08:55 PM
Post Reply Subscribe to Thread Email Thread
If you interested in extracting the kernel image from the Samsung Galaxy S5 ROM, you should follow the following steps.
This is was tested with the G900VVRU1ANCG_G900VVZW1ANCG_VZW stock ROM firmware.
  1. The first is extracting the files from the ROM firmware file, this is explained in many places and won't be covered here.
  2. Extract the boot.img to some directory, using the Android unpackbootimg utility:
    Code:
    unpackbootimg -i boot.img -o boot/
  3. After extracting the boot.img file you will usually end up with the following file list:
    Code:
    boot.img-base
    boot.img-cmdline
    boot.img-pagesize
    boot.img-ramdisk.gz <- this includes the root (/) files, like init*.rc and SELinux policy files
    boot.img-zImage <- compressed image of the Android Linux kernel
  4. Next step will be extracting the compressed kernel image from the zImage file. The Android kernel is a self-extracting compressed file, while different devices use different compression methods. While looking at the file contents using hex editor, you can see the decompression code at the beginning, and then at some point the compressed data begins. The compressed image begins where you find the LZO magic header.

    Code:
    static const unsigned char lzop_magic[9] = {
    	0x89, 0x4c, 0x5a, 0x4f, 0x00, 0x0d, 0x0a, 0x1a, 0x0a
    };
    Save the data from the LZO magic header to the end of the file with the zImage.kernel file name.
  5. This firmware and kernel are using LZO compression, and there is an easy to use utility called lzop that is used for the decompression of the file. Just run the following command to decompress the kernel from the zImage.kernel file:

    Code:
    lzop -d -c zImage.kernel > zImage.kernel.decompressed

And now you have the decompressed kernel for the device ready for exploration, which is also attached to this post.

Note:
Attached Files
File Type: 7z zImage.kernel.decompressed.7z - [Click for QR Code] (5.22 MB, 298 views)
 
 
27th May 2014, 12:51 AM |#2  
lcmazza's Avatar
Senior Member
Thanks Meter: 32
 
More
But it does trip KNOX after flashing, doesn't it?


Quote:
Originally Posted by roman.blachman

If you interested in extracting the kernel image from the Samsung Galaxy S5 ROM, you should follow the following steps.
This is was tested with the G900VVRU1ANCG_G900VVZW1ANCG_VZW stock ROM firmware.

  1. The first is extracting the files from the ROM firmware file, this is explained in many places and won't be covered here.
  2. Extract the boot.img to some directory, using the Android unpackbootimg utility:
    Code:
    unpackbootimg -i boot.img -o boot/
  3. After extracting the boot.img file you will usually end up with the following file list:
    Code:
    boot.img-base
    boot.img-cmdline
    boot.img-pagesize
    boot.img-ramdisk.gz <- this includes the root (/) files, like init*.rc and SELinux policy files
    boot.img-zImage <- compressed image of the Android Linux kernel
  4. Next step will be extracting the compressed kernel image from the zImage file. The Android kernel is a self-extracting compressed file, while different devices use different compression methods. While looking at the file contents using hex editor, you can see the decompression code at the beginning, and then at some point the compressed data begins. The compressed image begins where you find the LZO magic header.

    Code:
    static const unsigned char lzop_magic[9] = {
    	0x89, 0x4c, 0x5a, 0x4f, 0x00, 0x0d, 0x0a, 0x1a, 0x0a
    };
    Save the data from the LZO magic header to the end of the file with the zImage.kernel file name.
  5. This firmware and kernel are using LZO compression, and there is an easy to use utility called lzop that is used for the decompression of the file. Just run the following command to decompress the kernel from the zImage.kernel file:

    Code:
    lzop -d -c zImage.kernel > zImage.kernel.decompressed

And now you have the decompressed kernel for the device ready for exploration, which is also attached to this post.

Note:

8th May 2015, 09:03 AM |#3  
Junior Member
Thanks Meter: 0
 
More
I tried that and was given a warning of trailing bytes by `lzop`. Later when i do a `file` command on the resulting uncompressed file, it is not a vmlinux ELF image, rather it is a data file. How are we able to repack this image back into zImage? Any advise is appreciated thanks.
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes