[DEVS only] Unpacking RAZR i boot images

Search This thread
By:
Advanced…
zainifame

zainifame

Senior Member
Aug 26, 2015
509
129
Lampung
Lenovo K900
Samsung Galaxy Fame
@osm0sis sorry sir mentioning you... just wondering few years ago i give the sample image for lenovo k900 i forgot the sample is signed or unsigned but seeing your research i assume the sample i give you is unsigned... so... i just want give the proper file here to research with signed file contain $OS$ on all header... because lenovo k900 only have 4.2 and 4.3... thank you sir
 
Last edited:
osm0sis

osm0sis

Senior Recognized Developer / Contributor
Mar 14, 2012
16,767
40,430
Halifax
GT-i9250
Google Nexus 4
zainifame said:
@osm0sis sorry sir mentioning you... just wondering few years ago i give the sample image for lenovo k900 i forgot the sample is signed or unsigned but seeing your research i assume the sample i give you is unsigned... so... i just want give the proper file here to research with signed file contain $OS$ on all header... because lenovo k900 only have 4.2 and 4.3... thank you sir
Click to expand...
Click to collapse
Thanks, yes it was unsigned. Should work already though, did you try repacking it with mboot/AIK?
 
zainifame

zainifame

Senior Member
Aug 26, 2015
509
129
Lampung
Lenovo K900
Samsung Galaxy Fame
osm0sis said:
Thanks, yes it was unsigned. Should work already though, did you try repacking it with mboot/AIK?
Click to expand...
Click to collapse
Sorry for late respond... Already try unpack & repacking it was smooth but i'm not able to flash it to the phone to test boot or not because my lenovo k900 dont know where

Try it with all signed image from all android version lenovo k900 421, 422, 43
On all signed image bootstub was 4kb and yes all intel from android 43 below was 4k bootstub and 44 above was 8k bootstub... But i didnt find this 8 byte 'BD 02 BD 02 BD 12 BD 12' hex on all lenovo image signed or unsigned but on some intel phone with ICS android that hex is present but not all phone... Just curious about that...

And this old... but nice explanation
github.com

android_device_dell_venue3x40-common/mkosimage at cm-13.0 · venue3x40-dev/android_device_dell_venue3x40-common

Common device configuration for Dell Venue 3740/3840 - venue3x40-dev/android_device_dell_venue3x40-common
github.com github.com

This old one too
github.com

GitHub - alan-shen/sign_stitch_intel: A tool for stitch and signing intel atom's boot images

A tool for stitch and signing intel atom's boot images - alan-shen/sign_stitch_intel
github.com github.com

Almost forgot... I try unpack 'bos_signed' from razr i jellybean and failed after seeing with hexedit the image have royax signature 480 byte the rest was same like boot and recovery i guess
github.com

intel_android/Medfield_(Z24xx)/Motorola_RAZR_i_XT890/9.8.2I-50_SML-29_Retail_BR_SIGNED_SLATAMUnlk_USASMI01RETBRLA022.0R_S1FF_CFC_fb/bos_signed at master · arizaini/intel_android

Contribute to arizaini/intel_android development by creating an account on GitHub.
github.com github.com

I dont know what is 'bos_signed' file but i guess its same like lenovo k900 'pos.bin'

I have all sample image from all intel platform smartphone android here:
github.com

GitHub - arizaini/intel_android

Contribute to arizaini/intel_android development by creating an account on GitHub.
github.com github.com

I'm interest on something like this but have no knowledge... Trying to understand but nothing...
 
zainifame

zainifame

Senior Member
Aug 26, 2015
509
129
Lampung
Lenovo K900
Samsung Galaxy Fame

Attachments

  • razri.PNG
    razri.PNG
    42 KB · Views: 10
  • zf5droid_1.PNG
    zf5droid_1.PNG
    63.6 KB · Views: 9
  • zf5droid_2.PNG
    zf5droid_2.PNG
    11.7 KB · Views: 10
  • Like
Reactions: osm0sis
zainifame

zainifame

Senior Member
Aug 26, 2015
509
129
Lampung
Lenovo K900
Samsung Galaxy Fame
osm0sis said:
Some of those are bootloader files, so likely no kernel or ramdisk to unpack
Click to expand...
Click to collapse

there is kernel and ramdisk inside both file above... here:
Code: 
zenfone 5 android L firmware
24 4F 53 24 00 00 01 AB | boot
24 4F 53 24 00 00 01 23 | recovery
24 4F 53 24 00 00 00 25 | droidboot
                 |  |
after change it to 01 AIK can unpack and repack the droidboot.img

RAZR i android JB firmware
after remove 480 byte "RðŸåx" signature from bos_signed AIK can unpack and repack the bos_signed see screenshot bellow
 

Attachments

  • a.PNG
    a.PNG
    84.9 KB · Views: 9
  • b.PNG
    b.PNG
    40.3 KB · Views: 9
Last edited:
W

wairrior

Member
Oct 23, 2016
6
1
Thanks for this post. I can build and download boot.bin for my ramos i9 z2580 pad now. The boot.bin is signed by intel tool isu. Since mainline linux no longer supports SFI, can we do anything with bootstub, pxe loader or droidboot to load zImage with a device tree? ARM SoC supports zImge appended with dtb. Can we do the same thing on this x86 platform?
 
You must log in or register to reply here.

Similar threads

mattlgroff
Unlock the Bootloader on Your RAZR i
Replies
157
Views
160K
F
flameseewa
mattlgroff
  • Sticky
RAZR i Root
Replies
133
Views
129K
N
Normanjhicks
Pzyduck
RAZR i XT890 Firmwares SuperThread (Jelly Bean)
Replies
75
Views
155K
1stStep
1stStep
Omar-Avelar
[ROM/KERNEL] Motorola 4.1.2 - Optimized & 4.3/4.4 Goodies (Nov-10-2014 & Final)
Replies
4K
Views
785K
G
gekkorist
mattlgroff
  • Sticky
RAZR i Root 2 (Jellybean 4.1.2)
Replies
124
Views
137K
orbirixx
orbirixx

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 26
    T
    turl1
    I've seen you haven't been able to unpack the boot images so I investigated a bit on this "weird format" Moto used. This is what I could figure out by looking at the image and the bootstub code Motorola released:

    Code: 
    0x00000000 kernel CMDLINE, filled with zeroes where unused
0x00000400 bzImage size
0x00000404 initrd size
0x00000408 SPI UART suppression
0x0000040B SPI type (0: SPI0, 1: SPI1)
0x00001000 future stack for bootstub (?)
0x00002000 actual bzImage start
    On the boot image I grabbed from the root post, using the awesome "hexdump" tool we can see at 0x400

    Code: 
    60 a8 46 00 90 6c 1a 00
    Which means (remember x86 is Little Endian) bzImage size 0x0046A860 (~4.5MB) and initrd size of 0x001A6C90 (~1.65MB)


    So let's go to the practical side:

    0x00002000 + 0x0046A860 = 4638816

    Code: 
    $ dd if=razr_i_boot.img of=ramdisk.cpio skip=4638816 bs=1
$ zcat ramdisk.cpio|cpio -i

gzip: ramdisk.cpio: decompression OK, trailing garbage ignored
8927 blocks
$ ls
android.fstab  dev               init.moto.usb.rc  init.sc1.rc      init.wifi.rc  ramdisk.cpio  system               ueventd.smi.rc
charger        init              init.moto.usb.sh  init.sdcard1.rc  init.xmm.rc   res           ueventd.goldfish.rc  xbin
data           init.goldfish.rc  init.nfs.rc       init.sdcard2.rc  lib           sbin          ueventd.rc
default.prop   init.moto.rc      init.rc           init.sdcard.rc   proc          sys           ueventd.sc1.rc
    Code: 
    $ dd if=razr_i_boot.img of=bzImage skip=8192 count=4630624 bs=1
$ file bzImage 
bzImage: Linux kernel x86 boot executable bzImage, version 3.0.8-g229e199 (hudsoncm@il93lnxdroid52) #1 SMP PREEMPT Sat Sep, RO-rootFS, root_dev 0x806, swap_dev 0x4, Normal VGA
    Ta-da! Unpacked. It wasn't that hard really :p

    Now, is there interest on a tool to repack/unpack these images? I don't own the phone (and probably won't, no $$ :() but if there's enough interest I can make one, it should be relatively easy.

    EDIT: Okay, so I wrote a pair of tools to unpack existing images and package new images, you can get them at

    https://github.com/turl/razr-i-boot-tools

    Just run "make" to build the tools, the usage is really simple
    Code: 
    $ ./pack 
Usage: ./pack <valid image> <bzImage> <ramdisk> <output>
    From left to right, an already existing boot image (to copy bootstub from, it could be built from source on the future), the kernel, the gzipped cpio ramdisk and the output filename

    Code: 
    $ ./unpack
Usage: ./unpack <image to unpack> <bzImage out> <ramdisk out>
    From left to right, the image you want to unpack, and the destination files for bzImage and ramdisk. You can then unpack the ramdisk with something like
    Code: 
    $ mkdir ramdisk-unpack
$ cd ramdisk-unpack
$ zcat ../ramdisk.cpio.gz|cpio -i
    And then repack it with something like
    Code: 
    $ find . | cpio -o -H newc | gzip > ../newramdisk.cpio.gz
    View
    4
    T
    turl1
    Okay, so I wrote a tool to package images, check the edit on the first post and let me know how it works. I'll make another one to unpack current images when I get some more time :)
    View
    4
    mattlgroff
    mattlgroff
    turl1 said:
    Well, it turns out I fail when programming on the late AM :p

    https://github.com/turl/razr-i-boot-tools/commit/34f618b5cb2d6fb4b4c7d8affb194113a0b11270

    Update/reclone your tools repo, rebuild it and try again. Rebuild your ramdisk image too, just in case the tool corrupted it.
    Click to expand...
    Click to collapse

    Updated tools, rebuilt tools, rebuilt ramdisk....

    6.5 MB newboot.img now.

    Boot animation....
    Booted!

    Yat71.png


    Where's your donation link? :)
    View
    3
    mattlgroff
    mattlgroff
    turl1 said:
    Ta-da! Unpacked. It wasn't that hard really :p

    Now, is there interest on a tool to repack/unpack these images? I don't own the phone (and probably won't, no $$ :() but if there's enough interest I can make one, it should be relatively easy.
    Click to expand...
    Click to collapse
    Making it look so simple ;)

    I really appreciate you taking the time to look at this, especially since you don't even have the device. I definitely have interest in a tool if at all possible. I'd donate and encourage others to as well :)
    View
    3
    T
    turl1
    mattlgroff said:
    Updated tools, rebuilt tools, rebuilt ramdisk....

    6.5 MB newboot.img now.

    Boot animation....
    Booted!

    [image]

    Where's your donation link? :)
    Click to expand...
    Click to collapse

    Awesome! I just wrote the unpack tool by the way, same repo. Check the first post for more info and let me know if you have any issues with it.

    I also completed the "donate to me" box on the XDA profile for those looking for it :)
    View

New posts