Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[LIBRARY]libpit-X Online PIT analysis Tool and Library

OP AdamOutler

24th November 2013, 04:28 AM   |  #1  
I would like to first start by sharing a bit of history behind this library. @Benjamin Dobell started the Heimdall project where he packet-sniffed the Odin(desktop client)/Loke(on-device server) protocol in order to create Heimdall, an open source flashing tool which I've personally used in my own projects Heimdall one-click and One-Click UnBrick as well as my current project, CASUAL. Heimdall was released with a very rough, but working, analysis of the PIT files and has been slowly increasing over time.

@Ralekdev , @Rebellos and myself began looking at the PIT files much later than Benjamin. Ralekdev and Rebellos were to reverse-engineer the bootloaders of several Samsung devices and was able to come up exploits while I somewhat brought the work together and assisted where I could. Ralekdev even identified proper sizes of data blocks and has created a few tools to assist.

Introduction
I'm happy to announce that we have 100% identification of all parts of the PIT files as they stand today. We are no longer working on identifying variables thanks to Ralekdev, Rebellos and Benjamin's work. We can read, and write and integrate PIT files into our Java Applications. As a demonstration of this library, i encourage you to
Analyze Your Pit File Online
If you don't have a PIT file, you can use this one. This will provide you with human-readable analysis of a PIT file.
This can also be accomplished locally on your computer with this file: http://goo.im/devs/AdamOutler/libpitX/libpit-X-R917.jar
Code:
adamoutler@adam-desktop:~$libpit-X.jar GalaxyCamera.pit
PIT Name: Mx
Entry Count: 17
File Type: COM_TAR2


--- Entry #0 ---
ID: 80   Partition Name: BOOTLOADER
Filename: sboot.bin   param: md5
Block Size: 1734 (887.8 kB)
Block range: 0 - 1733 (hex 0x0 - 0x6c5)
PartType: 2   FilesystemType: 1   BinType: 0   DevType: 2
Offset:0   Size: 0   FOTA: 
This Basic format Bootloader partition resides on the AP EMMC.


--- Entry #1 ---
ID: 81   Partition Name: TZSW
Filename: tz.img   param: md5
Block Size: 312 (159.7 kB)
Block range: 1734 - 2045 (hex 0x6c6 - 0x7fd)
PartType: 5   FilesystemType: 1   BinType: 0   DevType: 2
Offset:0   Size: 0   FOTA: 
This Basic format Data partition resides on the AP EMMC.


--- Entry #2 ---
ID: 70   Partition Name: PIT
Filename: camera.pit
Block Size: 16 (8.2 kB)
Block range: 34 - 49 (hex 0x22 - 0x31)
PartType: 5   FilesystemType: 1   BinType: 0   DevType: 2
Offset:0   Size: 0   FOTA: 
This Basic format Data partition resides on the AP EMMC.


--- Entry #3 ---
ID: 71   Partition Name: MD5HDR
Filename: md5.img   param: in.md5
Block Size: 2048 (1.0 MB)
Block range: 50 - 2097 (hex 0x32 - 0x831)
PartType: 5   FilesystemType: 1   BinType: 0   DevType: 2
Offset:0   Size: 0   FOTA: 
This Basic format Data partition resides on the AP EMMC.


--- Entry #4 ---
ID: 1   Partition Name: BOTA0
Filename: -
Block Size: 8192 (4.2 MB)
Block range: 8192 - 16383 (hex 0x2000 - 0x3fff)
PartType: 5   FilesystemType: 1   BinType: 0   DevType: 2
Offset:0   Size: 0   FOTA: 
This Basic format Data partition resides on the AP EMMC.


--- Entry #5 ---
ID: 2   Partition Name: BOTA1
Filename: -
Block Size: 8192 (4.2 MB)
Block range: 16384 - 24575 (hex 0x4000 - 0x5fff)
PartType: 5   FilesystemType: 1   BinType: 0   DevType: 2
Offset:0   Size: 0   FOTA: 
This Basic format Data partition resides on the AP EMMC.


--- Entry #6 ---
ID: 3   Partition Name: EFS
Filename: efs.img   param: md5
Block Size: 40960 (21.0 MB)
Block range: 24576 - 65535 (hex 0x6000 - 0xffff)
PartType: 5   FilesystemType: 5   BinType: 0   DevType: 2
Offset:0   Size: 0   FOTA: 
This EXT4 format Data partition resides on the AP EMMC.


--- Entry #7 ---
ID: 4   Partition Name: PARAM
Filename: param.bin   param: md5
Block Size: 16384 (8.4 MB)
Block range: 65536 - 81919 (hex 0x10000 - 0x13fff)
PartType: 5   FilesystemType: 1   BinType: 0   DevType: 2
Offset:0   Size: 0   FOTA: 
This Basic format Data partition resides on the AP EMMC.


--- Entry #8 ---
ID: 5   Partition Name: BOOT
Filename: boot.img   param: md5
Block Size: 16384 (8.4 MB)
Block range: 81920 - 98303 (hex 0x14000 - 0x17fff)
PartType: 5   FilesystemType: 1   BinType: 0   DevType: 2
Offset:0   Size: 0   FOTA: 
This Basic format Data partition resides on the AP EMMC.


--- Entry #9 ---
ID: 6   Partition Name: RECOVERY
Filename: recovery.img   param: md5
Block Size: 16384 (8.4 MB)
Block range: 98304 - 114687 (hex 0x18000 - 0x1bfff)
PartType: 5   FilesystemType: 1   BinType: 0   DevType: 2
Offset:0   Size: 0   FOTA: 
This Basic format Data partition resides on the AP EMMC.


--- Entry #10 ---
ID: 7   Partition Name: RADIO
Filename: modem.bin   param: md5
Block Size: 65536 (33.6 MB)
Block range: 114688 - 180223 (hex 0x1c000 - 0x2bfff)
PartType: 5   FilesystemType: 1   BinType: 0   DevType: 2
Offset:0   Size: 0   FOTA: 
This Basic format Data partition resides on the AP EMMC.


--- Entry #11 ---
ID: 8   Partition Name: CACHE
Filename: cache.img   param: md5
Block Size: 2097152 (1.1 GB)
Block range: 180224 - 2277375 (hex 0x2c000 - 0x22bfff)
PartType: 5   FilesystemType: 5   BinType: 0   DevType: 2
Offset:0   Size: 0   FOTA: 
This EXT4 format Data partition resides on the AP EMMC.


--- Entry #12 ---
ID: 9   Partition Name: SYSTEM
Filename: system.img   param: md5
Block Size: 3145728 (1.6 GB)
Block range: 2277376 - 5423103 (hex 0x22c000 - 0x52bfff)
PartType: 5   FilesystemType: 5   BinType: 0   DevType: 2
Offset:0   Size: 0   FOTA: 
This EXT4 format Data partition resides on the AP EMMC.


--- Entry #13 ---
ID: 10   Partition Name: HIDDEN
Filename: hidden.img   param: md5
Block Size: 737280 (377.5 MB)
Block range: 5423104 - 6160383 (hex 0x52c000 - 0x5dffff)
PartType: 5   FilesystemType: 5   BinType: 0   DevType: 2
Offset:0   Size: 0   FOTA: 
This EXT4 format Data partition resides on the AP EMMC.


--- Entry #14 ---
ID: 11   Partition Name: OTA
Filename: -
Block Size: 16384 (8.4 MB)
Block range: 6160384 - 6176767 (hex 0x5e0000 - 0x5e3fff)
PartType: 5   FilesystemType: 1   BinType: 0   DevType: 2
Offset:0   Size: 0   FOTA: 
This Basic format Data partition resides on the AP EMMC.


--- Entry #15 ---
ID: 12   Partition Name: TDATA   param: TA
Filename: -   param: erdata.img   param: md5
Block Size: 409600 (209.7 MB)
Block range: 6176768 - 6586367 (hex 0x5e4000 - 0x647fff)
PartType: 5   FilesystemType: 5   BinType: 0   DevType: 2
Offset:0   Size: 0   FOTA:    param: Dmained
This EXT4 format Data partition resides on the AP EMMC.


--- Entry #16 ---
ID: 13   Partition Name: USERDATA
Filename: userdata.img
Block Size: 0 (0 B)
Block range: 6586368 - 6586367 (hex 0x648000 - 0x647fff)
PartType: 5   FilesystemType: 5   BinType: 0   DevType: 2
Offset:0   Size: 0   FOTA: remained
This EXT4 format Data partition resides on the AP EMMC. The partition will expand to fill the remainder of the EMMC.
Development Library/Downloads/Documentation
The libpit-X library is an extremely heavy overhaul of the libpit--Java- library by Benjamin Dobell. It features 100% accurate read/write/modification ability. It is also very well documented. I've submitted an issue for Benjamin to pull my changes. Until then you can find the library here.

Online documentation can be found here: http://javadoc.casual-dev.com/namesp...1libpit_x.html

When you load a Library into your development environment, you need three parts. The Package, the Javadoc and the Source. The latest version of these three parts can be found here:
Package: http://jenkins.casual-dev.com/view/A...t/libpit-X.jar
Javadoc: http://jenkins.casual-dev.com/view/A...p*/javadoc.zip
Source: http://jenkins.casual-dev.com/view/A.../*zip*/src.zip

Library Archives can be found here: http://goo.im/devs/AdamOutler/libpitX


Here's a picture of the library in action: http://dl.xda-developers.com/attachd...3_21_16_36.png


Automated Testing
Testing is conducted on EVERY SINGLE REVISION and compiled code is not published to the archvies if testing fails.
Latest test results: http://jenkins.casual-dev.com/job/CA...tBuild/console
Test code for this $X project: https://code.google.com/p/android-ca...iving%2Flibpit
And of course you can always test version yourself with our Analyze Your Pit File Online utility.


About
This is a $X project. The $ represents CASUAL for two reasons; CASUAL commands start with $, and the way CASUAL is commonly pronounced is cash-ual. In $X projects, the $ is silent. $X projects are not CASUAL core projects but rather offshoots. Rather than create an entire new repository for $X projects, we will host them in the http://android-casual.googlecode.com repository. For example, the working source code for this project is located in the CASUAL-Core and during build, the $X project is automatically created in the X.casual_dev.libpitX pacakge.

If you wish to contribute to this project, or any other CASUAL project, check out the "Developers" section of this page: http://casual-dev.com/about/. There's a lot to do and we are wiling to help you learn.
Attached Thumbnails
Click image for larger version

Name:	Screenshot from 2013-11-23 21:16:36.png
Views:	599
Size:	116.1 KB
ID:	2411378  
Last edited by AdamOutler; 26th November 2013 at 02:46 AM.
The Following 11 Users Say Thank You to AdamOutler For This Useful Post: [ View ]
1st December 2013, 08:49 PM   |  #2  
igoa's Avatar
Member
Flag Nizhny Novgorod
Thanks Meter: 15
 
74 posts
Join Date:Joined: Feb 2009
More
Please tell how to redistribute space from cache and hidden partions to increase user space with your utility?
1st December 2013, 10:51 PM   |  #3  
Surge1223's Avatar
Recognized Contributor
Flag Iowa
Thanks Meter: 4,814
 
1,842 posts
Join Date:Joined: Nov 2012
Donate to Me
More
Adam, most PIT files I analyze have one or two strange partitions at the end..is this the fault of the analysis software or is just something else completely? Also, have you ever been able to extract the pit from a device that you was the same as ( md5 match) one you would get in a odin tar? The pit files I extract never end up being the exact same as the pit files that come in the odin tar for a particular device regardless of the method used; Heimdall and/or using dd if/of= w/ correct skip/count don't yield the right results. The PIT analysis tool you helped make lists everything correctly for the VZW GS4 but doesnt list the strange partition at the end thats found with other analysis tools like the one below, so I assume the last thing isn't a partition then?

TL;DR - What is the partition at the end with strange characters?

Last edited by Surge1223; 1st December 2013 at 11:02 PM.
1st December 2013, 11:07 PM   |  #5  
neo4uo's Avatar
Senior Member
Flag Alabama
Thanks Meter: 218
 
673 posts
Join Date:Joined: Nov 2010
More
Please tell me this is going to lead 16gig Samsung Sg4 users to get more than 9 gigs free space when using a non touch wiz ROM . Great project and congrats
1st December 2013, 11:12 PM   |  #6  
Quote:
Originally Posted by igoa

Please tell how to redistribute space from cache and hidden partions to increase user space with your utility?

This isn't a utility, it's a library. You would include it in your Android Application or Java Desktop App.

Here's how you would use it for your project
Code:
Class BlockResizer{
public void remove100BlocksFromCACHE(){
  //Open the PIT file
  PitData pd=new PitData("mypit.pit");
 
  //get the CACHE partition
  PitEntry CACHE=pd.findEntry(String partitionName);

  //Remove 100 blocks from CACHE
  int blocksToRemove=100;
  CACHE.block_count=CACHE.block_count-blocksToRemove; 
  
  //Loop through the rest of the partitions and bump them up 100 blocks. 
  for (int i=CACHE.part_id+1; i<pd.entryCount; i++){
    pd.getEntry(i).BLOCK_START=pd.getEntry(i).BLOCK_START-blocksToRemove;
  }
 
  //write out the new PIT to "newPit.pit"
  pd.pack(new DataOutputStream(new FileOutputStream("newPit.pit");
}
This would work just fine assuming that the rest of the partitions after the CACHE are in proper order.
The Following User Says Thank You to AdamOutler For This Useful Post: [ View ]
2nd December 2013, 02:59 AM   |  #7  
Quote:
Originally Posted by igoa

Please tell how to redistribute space from cache and hidden partions to increase user space with your utility?

Hey, i just added the ability to do this easily after reviewing the code for a bit. The commit is still processing and the new library and documentation should be up shortly... Here goes a partition resize

Code:
 
public void resize(){
        PitData instance = new PitData("MyPitFile.pit");
        String partName="CACHE"; //partition name to change
        int changeToSize=-2000; //size to change partition (-2000 blocks= 1 megabyte smaller)
        try {
            instance.resizePartition(partName, changeToSize); //actually resizes the partiton and all others are moved.
        } catch (ClassNotFoundException ex) {
            Logger.getLogger(PitDataTest.class.getName()).log(Level.SEVERE, null, ex); //this occurs if the partition specified is not found
        }
        instance.pack(new DataOutputStream(new FileOutputStream("newPit.pit"); //write out the new PIT to "newPit.pit"
}
This code has accompanying test code. So, if you'd like to resize a PIT, all you need to do is add the libpitX library into an existing project then run the code above.
The Following 3 Users Say Thank You to AdamOutler For This Useful Post: [ View ]
5th December 2013, 01:50 AM   |  #8  
Senior Member
Flag Minnesota
Thanks Meter: 1,021
 
467 posts
Join Date:Joined: Jan 2008
More
Quote:
Originally Posted by AdamOutler

That would appear to be a signature.

This is very interesting. Is there anything we can do with it? Or is this read only/unknown flash protocol?
5th December 2013, 02:57 AM   |  #9  
Quote:
Originally Posted by ryanbg

This is very interesting. Is there anything we can do with it? Or is this read only/unknown flash protocol?

You can append it to the end of the file.
5th December 2013, 11:36 PM   |  #10  
Senior Member
Flag Minnesota
Thanks Meter: 1,021
 
467 posts
Join Date:Joined: Jan 2008
More
Quote:
Originally Posted by AdamOutler

You can append it to the end of the file.

So it's not possible to write my own certificate to this 'partition' yet?

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes