Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,728,048 Members 45,743 Now Online
XDA Developers Android and Mobile Development Forum

[DEV][HOWTO] Extracting stock firmware files from .tot files

Tip us?
 
SnowLeopardJB
Old
#1  
SnowLeopardJB's Avatar
Senior Member - OP
Thanks Meter 669
Posts: 157
Join Date: May 2011
Default [DEV][HOWTO] Extracting stock firmware files from .tot files

Hello everyone!

First off:
DISCLAIMER: I AM NOT RESPONSIBLE FOR ANYTHING YOU DO TO YOUR PHONE WHILE USING ANY OF THE INFORMATION LOCATED BELOW. IF YOU DO NOT UNDERSTAND WHAT IS BEING DONE, PLEASE DO NOT TRY ANYTHING DONE HERE!

This is still in a VERY basic phase. I am not sure how helpful it will be, but currently, I have been able to extract some of the smaller partitions from the AT&T firmware file.

Starting off, when LGNPST is used to image a phone, it creates a log file in C:\LG Electronics\LGNPST\Models\LOG\ For example, mine was called LS970Log_COM5.log. We are really only interested in one part of this file, located close to the bottom when the phone is actually being imaged. It should look something like this:

Quote:
0Download mode locking
0Download : PrimaryGPT 0x 0 Size: 0x 512Kb, File Offset: 0x 100000
0 3.182994E-313mmc Init
0Partition Count : 35================================================ ======
0================================================= =====

0Download : modem 0x 800000 Size: 0x 54272Kb, File Offset: 0x 180000
0Download : sbl1 0x4800000 Size: 0x 512Kb, File Offset: 0x3680000
0Download : sbl2 0x4880000 Size: 0x 512Kb, File Offset: 0x3700000
0Download : sbl3 0x4900000 Size: 0x 1024Kb, File Offset: 0x3780000
0Download : aboot 0x4b00000 Size: 0x 512Kb, File Offset: 0x3880000
0Download : rpm 0x4b80000 Size: 0x 512Kb, File Offset: 0x3900000
0Download : boot 0x5000000 Size: 0x 7168Kb, File Offset: 0x3980000
0Download : tz 0x6800000 Size: 0x 512Kb, File Offset: 0x4080000
0(null)kip misc Partition
0Download : system 0xb000000 Size: 0x 131072Kb, File Offset: 0x4900000
0Download : system 0x13000000 Size: 0x 512Kb, File Offset: 0xc900000
0Download : system 0x1325e000 Size: 0x 129024Kb, File Offset: 0xc980000
0Download : system 0x1b1fd000 Size: 0x 129536Kb, File Offset: 0x14780000
0Download : system 0x2325e000 Size: 0x 129024Kb, File Offset: 0x1c600000
0Download : system 0x2b1fd000 Size: 0x 129536Kb, File Offset: 0x24400000
0Download : system 0x3325e000 Size: 0x 129024Kb, File Offset: 0x2c280000
0Download : system 0x3b1fd000 Size: 0x 129536Kb, File Offset: 0x34080000
0Download : system 0x4325e000 Size: 0x 129024Kb, File Offset: 0x3bf00000
0Download : system 0x4b1fd000 Size: 0x 76800Kb, File Offset: 0x43d00000
0Download : system 0x53000000 Size: 0x 512Kb, File Offset: 0x48800000
0Download : system 0x5b000000 Size: 0x 512Kb, File Offset: 0x48880000
0Download : system 0x63000000 Size: 0x 512Kb, File Offset: 0x48900000
0Download : persist 0x7a800000 Size: 0x 4608Kb, File Offset: 0x48980000
0Download : recovery 0x8b000000 Size: 0x 8192Kb, File Offset: 0x48e00000
0Download : BackupGPT 0xab380000 Size: 0x 512Kb, File Offset: 0x49600000
0
************************************************** *******************************************

What do we see that is important here? Image sizes and offsets for data in the file! For example, lets take the boot partition.

Quote:
0Download : boot 0x5000000 Size: 0x 7168Kb, File Offset: 0x3980000
We have a offset of 0x3980000 and a size of 7168Kb. That converts to an equivalent of an offset of 60293120 bytes and a size of 7340032 bytes (I really hope I got that right. As I'm sitting here writing this, I'm thinking of how many different ways I could have messed up that calculation...)

Here, I am using dd on linux in order to separate the partitions from the binary file, but it can be done using equivalent tools on windows.

Quote:
$ dd bs=1 skip=60293120 count=7340032 if=LGE970AT-00-V10o-ATT-US-SEP-29-2012+0.tot of=boot.img
Basically, what I am doing here is copying 7340032 bytes, starting at byte 60293120, from the .tot file to boot.img.

Now, lets check out the backups made with FreeGee when you unlock, to see if it matches with what was actually written to the phone. In order to see if they are equal, we need to trim the backup, because the backup that is taken is actually of the entire partition, not just the actual data.

Quote:
$ dd bs=1 count=7340032 if=boot-att-backup.img of=boot-att-backup-trimmed.img
This is doing basically the same, starting at the first byte, copying 7340032 bytes to boot-att-backup-trimmed.img. This is just making sure you only get the same amount of data that was written.

Now, If of course we want to see if the data is actually the same, so we will also use the diff command, also found on linux, and I'm sure is also available on windows.

Quote:
$ diff -s boot.img boot-att-backup-trimmed.img
If both files are identical, which means everything was done correctly, this should result in the output "Files boot.img and boot-att-backup-trimmed.img are identical", which it does! (The -s flag makes diff report identical files.)

So, now that we know that we can successfully extract the boot partition, I also tried this with the aboot partition, and it worked as well! I have not had success extracting the system partition yet, as it is split up into several partitions. I was hoping that someone with more knowledge could piece together a system image. Enjoy
The Following 6 Users Say Thank You to SnowLeopardJB For This Useful Post: [ Click to Expand ]
 
kifac
Old
#2  
Senior Member
Thanks Meter 437
Posts: 298
Join Date: Mar 2012
Location: Mississauga

 
DONATE TO ME
Quote:
Originally Posted by SnowLeopardJB View Post
Hello everyone!

First off:
DISCLAIMER: I AM NOT RESPONSIBLE FOR ANYTHING YOU DO TO YOUR PHONE WHILE USING ANY OF THE INFORMATION LOCATED BELOW. IF YOU DO NOT UNDERSTAND WHAT IS BEING DONE, PLEASE DO NOT TRY ANYTHING DONE HERE!

This is still in a VERY basic phase. I am not sure how helpful it will be, but currently, I have been able to extract some of the smaller partitions from the AT&T firmware file.

Starting off, when LGNPST is used to image a phone, it creates a log file in C:\LG Electronics\LGNPST\Models\LOG\ For example, mine was called LS970Log_COM5.log. We are really only interested in one part of this file, located close to the bottom when the phone is actually being imaged. It should look something like this:




What do we see that is important here? Image sizes and offsets for data in the file! For example, lets take the boot partition.



We have a offset of 0x3980000 and a size of 7168Kb. That converts to an equivalent of an offset of 60293120 bytes and a size of 7340032 bytes (I really hope I got that right. As I'm sitting here writing this, I'm thinking of how many different ways I could have messed up that calculation...)

Here, I am using dd on linux in order to separate the partitions from the binary file, but it can be done using equivalent tools on windows.



Basically, what I am doing here is copying 7340032 bytes, starting at byte 60293120, from the .tot file to boot.img.

Now, lets check out the backups made with FreeGee when you unlock, to see if it matches with what was actually written to the phone. In order to see if they are equal, we need to trim the backup, because the backup that is taken is actually of the entire partition, not just the actual data.



This is doing basically the same, starting at the first byte, copying 7340032 bytes to boot-att-backup-trimmed.img. This is just making sure you only get the same amount of data that was written.

Now, If of course we want to see if the data is actually the same, so we will also use the diff command, also found on linux, and I'm sure is also available on windows.



If both files are identical, which means everything was done correctly, this should result in the output "Files boot.img and boot-att-backup-trimmed.img are identical", which it does! (The -s flag makes diff report identical files.)

So, now that we know that we can successfully extract the boot partition, I also tried this with the aboot partition, and it worked as well! I have not had success extracting the system partition yet, as it is split up into several partitions. I was hoping that someone with more knowledge could piece together a system image. Enjoy
would it be possible to guide me through this from the very beginning? i want to start cooking for this device, but i need a legit flashable Rom. Please and Thank you.
 
SnowLeopardJB
Old
#3  
SnowLeopardJB's Avatar
Senior Member - OP
Thanks Meter 669
Posts: 157
Join Date: May 2011
You are most likely better off just pulling a system image off your device. So, if you are rooted, you can pull your system with something like this:
Quote:
# busybox tar cf /sdcard/system.tar /system/*
That should give you all of the system files all together in a tar archive on your internal sdcard.
 
evodev
Old
#4  
evodev's Avatar
Senior Member
Thanks Meter 151
Posts: 391
Join Date: May 2012
Location: LA county
I messaged you, but is there any way to use this on the Sprint version to create a flashable .zip?

my first custom rom- http://forum.xda-developers.com/show....php?t=1829515
windows 8 metro ui theme for nook tablet- found here

have I helped you in anyway? well, Im 16, so I dont need donations, but these people do: goo.im, who host my roms.

add me on google+
my devices:
Sprint LG Optimus G running test build of my next rom.
HTC evo 4g running my 5.07 rom
Nook tablet running AOSP 4.2
 
spdwiz18
Old
#5  
spdwiz18's Avatar
Senior Member
Thanks Meter 133
Posts: 376
Join Date: Sep 2010
Location: st. charles Missouri
sorry about the resurrection,

but has there been any progress made on this? More of a curiosity, then anything.

Thanks
ATT SGH-I337
Galaxy nexus
Nexus S 4G
Note 2
LG Optimus pro
Sprint Epic Touch
Spring OG Epic

And that are more that I cant remember.
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes