Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[Without PC] Unpack, Edit, Repack boot.img

OP Modding.MyMind

Modding.MyMind
28th December 2013, 12:32 AM   |  #1  
Guest
Thanks Meter: 0
 
n/a posts
Hello friends, I'm back again with something I wish to share with you all. I have compiled three files to work flawlessly for ARM devices which will allow users to unpack, edit, and repack their boot.img without the use of a PC and all straight from their device.

---unmkbootimg, mkbootfs, mkbootimg---

Click here for the source on my Github.
Hey guys, since I have made this thread a while back there has been a LOT of changes made to the resource. For starters, it is now a multi call binary. In addition, I have updated mkbootfs for better support, mkbootimg.c has dt support, unmkbootimg.c has dt support, bootimg.h has dt support, as well as adding dtbtool, and dtc. Lets not also forget about lz4 for those whos ramdisks are not gz compressed. I am continuously making changes to the source and the op attachment will not be kept up to date. To stay up to date you will need to build the multi call binary from the source provided by the link above. Just simply run: make multi.

Note:
-- The mkbootimg binary is based upon the AOSP with some added modifications to work in conjunction with unmkbootimg.
-- The unmkbootimg binary is based on the original mkbootimg source but with reverse engineering to compliment its helpful use in extraction and thus providing the needed command to rebuild properly.
-- The mkbootfs binary is based on the source provided within the dsixda kitchen to insure the proper structural repacking of the ramdisk, etc.


Requirements:
-- BusyBox (cpio, gunzip and gzip is mandatory)
-- /System Write Permissions (Does not need to be a modified kernel)
-- Terminal Emulator
-- ES File Explorer (or similar)
-- Hex Editor (or use of DD)

-- Unzip boot_manipulation.zip on your device and copy the three files over to /system/bin. Those three files inside the .zip will be named unmkbootimg, mkbootfs and mkbootimg.
-- EDIT: I have included a flashable zip for these files.
-- Set permissions to rwxr-xr-x (755) on each binary. Note: The flash zip does this already.

-- Open up your android terminal emulator.

-- Now go ahead and pull your boot.img from your device (or use another one if you wish). Here is an example:
Code:
root@android:/ # dd if=/dev/block/mmcblk0p20 of=/data/local/tmp/boot.img
dd if=/dev/block/mmcblk0p20 of=/data/local/tmp/boot.img
32768+0 records in
32768+0 records out
16777216 bytes transferred in 1.496 secs (11214716 bytes/sec)
root@android:/ #

-- Open up your boot.img with the Hex Editor and look for: ANDROID!. Remove everything before it so that the ANDROID! header is the first to be read then save it over top of the boot.img. NOTE: This is only required if you are using a stock boot.img. Here is an example:
Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000  A5 F0 BA B7 B0 43 E3 F8 3C E1 63 55 AE 75 C6 69  𺷰C<cUui
00000010  11 27 16 2F 51 48 E5 41 6F ED E1 7D C9 61 FB 3B  .'./QHAo}a;
00000020  5F 45 49 EE 48 79 6E 4E FB DE 18 FC A0 F4 9A C3  _EIHynN.*
00000030  43 11 35 67 AD 7E 2F D8 F6 E8 B1 4D 7D E0 45 B6  C.5g.~/M}E
00000040  E2 08 5F 0B 56 7F 45 71 3D 38 E2 C4 76 3E 53 EE  ._.V.Eq=8v>S
00000050  A4 3D 83 9F A2 BE D5 F4 75 5D B5 08 4E CC 9B BC  =u].N̛
00000060  7F 7A 9E 3D 4B 19 1B 91 6D FB 82 A0 B5 A8 38 88  .z=K..m*8
00000070  25 07 B5 1B 74 A2 03 62 BE 78 FA 33 96 A0 32 70  %..t.bx3*2p
00000080  05 56 50 EF 88 C1 F3 73 E4 C5 73 6A 4E F8 CA 0A  .VPssjN.
00000090  D7 EF 2A 7F 09 30 21 BF 63 61 35 9A 9B 8A 62 42  *..0!ca5bB
000000A0  28 C2 78 08 B0 CD 94 5F 7E EC F6 BA AD E6 AE 23  (x.͔_~.#
000000B0  3E FD D8 A0 F1 F6 6D E2 D9 1E 2C E5 9F 91 84 92  >*m.,埑
000000C0  2E F0 6E 3C 1D 2B 1A D5 61 18 B2 F4 E0 66 B5 2F  .n<.+.a.f/
000000D0  AE 97 9F F8 53 65 CE ED 68 43 4B 2B D5 A1 B6 D9  SehCK+ա
000000E0  7D 36 CE A9 CC EC F4 5A 07 D8 99 5A 91 CC 8F 71  }6ΩZ.ؙZ.q
000000F0  A1 8D D7 82 C3 20 AB 7A 07 68 10 2D CC F6 A8 F9  .ׂ z.h.-
00000100  41 4E 44 52 4F 49 44 21 08 D6 56 00 00 80 40 80  ANDROID!.V..@
00000110  0E F0 07 00 00 80 80 81 00 00 00 00 00 00 30 81  ...........0.
00000120  00 01 40 80 00 08 00 00 00 00 00 00 00 00 00 00  ..@............
00000130  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

-- Please note, HTC uses a 256 bit signature prior to the ANDROID! magic found in the boot.img. This may vary with other devices so keep that in mind. To remove the 256 bit junk so the boot.img is read properly you can use a hex editor and delete it or you can use DD. The following dd command I will be using is based on K2_CL in regards to the partition for our boot.img. Please make necessary adjustments to this command by insuring you know the location and where abouts of your own boot.img; Example:
Code:
dd bs=256 skip=1 if=/dev/block/mmcblk0p20 of=/data/local/tmp/boot.img

-- Alright, so we have the unmkbootimg, mkbootfs and mkbootimg located in /system/bin. We have pulled our boot.img and removed the junk before the magic android value: ANDROID!. Let's continue.

-- Go back to your android terminal emulator and change directories to /data/local/tmp. Here is an example:
Code:
root@android:/ # cd /data/local/tmp
cd /data/local/tmp
root@android:/data/local/tmp #

-- Now run unmkbootimg. Here is an example:
Code:
root@android:/data/local/tmp # unmkbootimg -i boot.img
unmkbootimg -i boot.img
kernel written to 'kernel' (5690888 bytes)
ramdisk written to 'ramdisk.cpio.gz' (521735 bytes)

To rebuild this boot image, you can use the command:
  mkbootimg --base 0 --pagesize 2048 --kernel_offset 0x80408000 --ramdisk_offset 0x81808000 --second_offset 0x81300000 --tags_offset 0x80400100 --cmdline 'console=ttyHSL0,115200,n8 user_debug=31' --kernel kernel --ramdisk ramdisk.cpio.gz -o boot.img
root@android:/data/local/tmp #

-- Before you go any futher, copy all text within your android terminal emulator and paste it in to a text document. I personally use 920 Text Editor from the play store. You will do this so when the time comes you can open it back up and copy/paste the command to rebuild your boot.img as listed (This will save you some time).

-- Congratulations, you have done well so far. By typing and entering the command 'ls', you can see what all is in your directory. Here is an example:
Code:
root@android:/data/local/tmp # ls
ls
boot.img
init.rc
kernel
ramdisk.cpio.gz
root@android:/data/local/tmp #

-- Now lets create a folder and lets call it ramdisk. Here is an example:
Code:
root@android:/data/local/tmp # mkdir ramdisk
mkdir ramdisk
root@android:/data/local/tmp #

-- Now lets change directories to that ramdisk folder. Here is an example:
Code:
root@android:/data/local/tmp # cd ramdisk
cd ramdisk
root@android:/data/local/tmp/ramdisk #

-- Go ahead and extract ramdisk.cpio.gz. Here is an example:
Code:
root@android:/data/local/tmp/ramdisk # gunzip -c ../ramdisk.cpio.gz | cpio -i
isk.cpio.gz | cpio -i     <                                                   
1851 blocks
root@android:/data/local/tmp/ramdisk #

-- Congratulations, you have done well so far. By typing and entering the command 'ls', you can see what all is in your directory. Here is an example:
Code:
root@android:/data/local/tmp/ramdisk # ls
ls
cwkeys
data
default.prop
dev
fstab.k2_cl
init
init.goldfish.rc
init.qcom.rc
init.qcom.sh
init.rc
init.target.rc
init.target.recovery.rc
init.trace.rc
init.usb.rc
proc
sbin
sys
system
ueventd.goldfish.rc
ueventd.rc
ueventd.target.rc
root@android:/data/local/tmp/ramdisk #

-- Now feel free at this point to make your edits within the ramdisk folder. When complete then come back and we shall finish the job.

-- Go ahead and move back out of the ramdisk folder by the following command:
Code:
root@android:/data/local/tmp/ramdisk # cd ..
cd ..
root@android:/data/local/tmp #

-- You should now be in /data/local/tmp/.

-- Lets go ahead and repack the contents found in the ramdisk folder. Here, we will make use of the mkbootfs binary. Please take note that your original is named 'ramdisk.cpio.gz'. Here we will be repacking and renaming it to 'myramdisk.gz'. Here is an example:
Code:
root@android:/data/local/tmp # mkbootfs ./ramdisk | gzip > myramdisk.gz
mkbootfs ./ramdisk | gzip > myramdisk.gz
root@android:/data/local/tmp #

-- Open up your saved text file as instructed earlier and scroll to where you see this:
Code:
To rebuild this boot image, you can use the command:
  mkbootimg --base 0 --pagesize 2048 --kernel_offset 0x80408000 --ramdisk_offset
 0x81808000 --second_offset 0x81300000 --tags_offset 0x80400100 --cmdline 'conso
le=ttyHSL0,115200,n8 user_debug=31' --kernel kernel --ramdisk ramdisk.cpio.gz -o
 boot.img

-- Look for --ramdisk ramdisk.cpio.gz and INSURE you change it to --ramdisk myramdisk.gz. Also go ahead and change boot.img to modboot.img. Now copy the mkbootimg command and paste it in to your android terminal emulator. Press enter.

-- There are multiple ways you can apply the new boot.img. The smartest way would be to use fastboot so that you may boot the image vice flashing it in case you screwed something up on your own accord. However, I personally will write the boot.img straight to the boot partition using dd, then I reboot the device. If you wish to do the same then that is fine.

-- Now you have your new Modded Boot Image. Enjoy, and as always... CLICK THANKS if this was helpful to you and....

--- Happy Hunting!!!
Attached Thumbnails
Click image for larger version

Name:	Screenshot_2014-01-11-20-01-39.png
Views:	1056
Size:	77.8 KB
ID:	2509987   Click image for larger version

Name:	Screenshot_2014-01-11-20-06-47.png
Views:	818
Size:	36.4 KB
ID:	2509988   Click image for larger version

Name:	Screenshot_2014-01-11-20-08-10.png
Views:	767
Size:	41.5 KB
ID:	2509989   Click image for larger version

Name:	Screenshot_2014-01-11-20-19-24.png
Views:	698
Size:	55.5 KB
ID:	2509990  
Attached Files
File Type: zip boot_manipulation.zip - [Click for QR Code] (16.7 KB, 967 views)
File Type: zip flash_boot_manipulation.zip - [Click for QR Code] (140.7 KB, 795 views)
Last edited by Modding.MyMind; 8th August 2014 at 11:20 PM.
The Following 22 Users Say Thank You to For This Useful Post: [ View ]
Modding.MyMind
28th December 2013, 09:44 PM   |  #2  
Guest
Thanks Meter: 0
 
n/a posts

Original Author: xiaolu (GITHUB SOURCE: https://github.com/xiaolu/mkbootimg_tools)
Heavily Modified By: @Modding.MyMind

This project is originally based from xiaolu. To make this compatible for ARM I modified the script, compiled some binaries such as file, bash, grep, gzip, lzma, xz, mkbootimg, etc.

-- This project uses busybox but due to how stripped and limited busybox is ultimately led to me having to compile a few binaries from source. These binaries must be part of the project in order for the project to be succesfull. For example, busybox grep will not always give accurate offsets for the android header. One of MANY bugs found with busybox.

This project supports device tree binaries found inside the Boot.img and Recovery.img.

This project supports multiple Ramdisk compressions.

-- This project will check the ramdisk compression and if it determines that the tool does not support that particular compression then it will display a hazard warning letting the user know that the compression is not supported and that the ramdisk currently cannot be decompressed or compressed until support has been officially added.
-- If the compression is supported it will display what type of compression the Ramdisk is and how many blocks it has when unpacked.

This project will determine your kernel size, ramdisk size, and TRUE OFFSETS (not just the standard mkbootimg.c offsets).

-- With respect to the offsets; You will learn that many available tools found available specifically handle images where the ANDROID! header is located at 0x0. Not all images are built like this from stock. This project will find the header, base, kernel offset, ramdisk offset, second offset, and tags offset. It will rebuild the image using DD to insure the android header is located at 0x0. The found offsets inside the image will be cross referenced to see if the OEM of that image built it using the standard mkbootimg.c. If it detects any offsets which are built using NON-standard offsets then it will display a warning as well as show you what the image TRUE offsets actually are. Those same offsets are then applied to properly rebuild your image to insure that it boots like it was intended to do.
-- The warning will let you know that you may modify mkbootimg.c with the NON-standard values if you wish to have a binary specific to your device. The offsets displayed are not the address. Because the offsets are determined and not the address this makes it possible for this project to not have to rebuild mkbootimg.c. When the project is used to rebuild your image using the mkbootimg args such as --ramdisk_offset, --kernel_offsets, etc, etc, this then tells mkbootimg.c to ignore the hardcoded offsets and only use the ones it has been instructed to use. This is even more successful by insuring the BASE is accurate and applying the base as one of the mkbootimg args (--base 0 <-- this is lazy and stupid).

The mkboot script requires two args whether unpacking the image or repacking the image.

-- mkboot boot.img bootfolder (This will unpack the image)
1. mkboot is the script.
2. boot.img is the actual image.
3. bootfolder will be created and become the project folder.

-- mkboot bootfolder newboot.img (This will repack the image)
1. mkboot is the script.
2. bootfolder is the project folder which has the needed files and information to repack.
3. This will be the name of the finished build.


UNPACK STANDARD IMAGE

This image uses standard mkbootimg.c:
Quote:

root@android:/data/local/tmp/mkbootimg_tools-master # ./mkboot boot.img work

Unpack & decompress boot.img to work

kernel : zImage
ramdisk : ramdisk
page size : 2048
kernel size : 2529072
ramdisk size : 230255
base : 0x12200000
kernel offset : 0x00008000
ramdisk offset : 0x01000000
second_offset : 0x00f00000
tags offset : 0x00000100
cmd line : mem=471M console=ttyMSM2,115200n8 androidboot.hardware=thunderc lge.rev=10

Ramdisk is lzma format.
1436 blocks
Unpack completed.

root@android:/data/local/tmp/mkbootimg_tools-master #

REPACK STANDARD IMAGE

Image repacked with standard mkbootimg.c:
Quote:

root@android:/data/local/tmp/mkbootimg_tools-master # ./mkboot work boot.img

mkbootimg from work/img_info.

kernel : zImage
ramdisk : new_ramdisk.lzma
page size : 2048
kernel size : 2529072
ramdisk size : 230029
base : 0x12200000
kernel offset : 0x00008000
ramdisk offset : 0x01000000
tags offset : 0x00000100
cmd line : mem=471M console=ttyMSM2,115200n8 androidboot.hardware=thunderc lge.rev=10

Kernel size: 2529072, new ramdisk size: 230029, boot.img: 2762752.

boot.img has been created.

root@android:/data/local/tmp/mkbootimg_tools-master #

UNPACK NON-STANDARD IMAGE

This image uses non-standard mkbootimg.c:
Quote:

root@android:/data/local/tmp/mkbootimg_tools-master # ./mkboot recovery.img work

Unpack & decompress recovery.img to work

****** WARNING ******* WARNING ******* WARNING ******

This image is built using NON-standard mkbootimg!

RAMDISK_OFFSET is 0x01608000

You can modify mkbootimg.c with the above value(s)

****** WARNING ******* WARNING ******* WARNING ******

kernel : zImage
ramdisk : ramdisk
page size : 2048
kernel size : 5834192
ramdisk size : 4351685
base : 0x80600000
kernel offset : 0x00008000
ramdisk offset : 0x01608000
second_offset : 0x00f00000
tags offset : 0x00000100
cmd line : console=ttyHSL0,115200,n8 user_debug=31

Ramdisk is gzip format.
14837 blocks
Unpack completed.

root@android:/data/local/tmp/mkbootimg_tools-master #

REPACK NON-STANDARD IMAGE

Image repacked with non-standard mkbootimg.c:
Quote:

root@android:/data/local/tmp/mkbootimg_tools-master # ./mkboot work recovery.img

mkbootimg from work/img_info.

kernel : zImage
ramdisk : new_ramdisk.gzip
page size : 2048
kernel size : 5834192
ramdisk size : 4358038
base : 0x80600000
kernel offset : 0x00008000
ramdisk offset : 0x01608000
tags offset : 0x00000100
cmd line : console=ttyHSL0,115200,n8 user_debug=31

Kernel size: 5834192, new ramdisk size: 4358038, recovery.img: 10194944.

recovery.img has been created.

root@android:/data/local/tmp/mkbootimg_tools-master #

UNPACK IMAGE WITH INCOMPATIBLE RAMDISK

Quote:

root@android:/data/local/tmp/mkbootimg_tools-master # ./mkboot boot-1.img work

Unpack & decompress boot-1.img to work

kernel : zImage
ramdisk : ramdisk
page size : 2048
kernel size : 3580032
ramdisk size : 594701
base : 0x10000000
kernel offset : 0x00008000
ramdisk offset : 0x01000000
second_offset : 0x00f00000
tags offset : 0x00000100
cmd line :

****** HAZARD ******* HAZARD ******* HAZARD ******

Ramdisk is data format. Can't unpack ramdisk.
This tool currently does not support data.

****** HAZARD ******* HAZARD ******* HAZARD ******

root@android:/data/local/tmp/mkbootimg_tools-master #

REPACK IMAGE WITH INCOMPATIBLE RAMDISK

Quote:

root@android:/data/local/tmp/mkbootimg_tools-master # ./mkboot work boot-1.img

mkbootimg from work/img_info.


****** HAZARD ******* HAZARD ******* HAZARD ******

Ramdisk is data format. Can't repack ramdisk.
This tool currently does not support data.

****** HAZARD ******* HAZARD ******* HAZARD ******

root@android:/data/local/tmp/mkbootimg_tools-master #

Last edited by Modding.MyMind; 4th October 2014 at 10:30 PM. Reason: Fixed github link
The Following User Says Thank You to For This Useful Post: [ View ]
Modding.MyMind
2nd January 2014, 03:34 PM   |  #3  
Guest
Thanks Meter: 0
 
n/a posts
mkbootimg updated in .zip file. Enjoy

I went through some mess to get it to work correctly lol.

Works like a champ now.

Sent from my K2_CL using Tapatalk
The Following 2 Users Say Thank You to For This Useful Post: [ View ]
2nd January 2014, 03:39 PM   |  #4  
Recognized Contributor
Thanks Meter: 2,669
 
2,552 posts
Join Date:Joined: Feb 2013
Donate to Me
More
Quote:
Originally Posted by Modding.MyMind

mkbootimg updated in .zip file. Enjoy

I went through some mess to get it to work correctly lol.

Works like a champ now.

Sent from my K2_CL using Tapatalk

Did you compiled mkbootimg?
Please can you say me in detail the not-booting problem? It rebooted continuously between bootloader and bootanimation?

xpirt
Modding.MyMind
2nd January 2014, 03:41 PM   |  #5  
Guest
Thanks Meter: 0
 
n/a posts
Quote:
Originally Posted by xpirt

Did you compiled mkbootimg?
Please can you say me in detail the not-booting problem? It rebooted continuously between bootloader and bootanimation?

xpirt

Yea, I compiled it. The last one I compiled wasnt done correctly. The sha and rsa was corrupted. But I fixed it.

Sent from my K2_CL using Tapatalk
2nd January 2014, 03:56 PM   |  #6  
Recognized Contributor
Thanks Meter: 2,669
 
2,552 posts
Join Date:Joined: Feb 2013
Donate to Me
More
Quote:
Originally Posted by Modding.MyMind

Yea, I compiled it. The last one I compiled wasnt done correctly. The sha and rsa was corrupted. But I fixed it.

Sent from my K2_CL using Tapatalk

I understand. And the bootloop I said is exactly what happened when packed with old mkbootimg?

xpirt
Modding.MyMind
2nd January 2014, 04:05 PM   |  #7  
Guest
Thanks Meter: 0
 
n/a posts
@xpirt

No bootloop. It would boot once and show the splash screen. Then reboot straight in to the custom recovery. Basically what happen in the old mkbootimg was the source code having too many white spaces and some other syntax issues. I had to go through every single command line in every single file to fix it. Spent almost 15+ hours reworking the codes. Then I compiled it, placed it on my device in /data/local/tmp. Pulled my boot img from my partition using dd over to /data/local/tmp. Ran the steps to unpacking, editing, and then used the new mkbootimg to repack it. After completion I wrote the new boot.img over to the partition using dd. Then rebooted, worked flawlessly without any bugs, errors, or hiccups.

Sent from my K2_CL using Tapatalk
2nd January 2014, 04:08 PM   |  #8  
Recognized Contributor
Thanks Meter: 2,669
 
2,552 posts
Join Date:Joined: Feb 2013
Donate to Me
More
Quote:
Originally Posted by Modding.MyMind

@xpirt

No bootloop. It would boot once and show the splash screen. Then reboot straight in to the custom recovery. Basically what happen in the old mkbootimg was the source code having too many white spaces and some other syntax issues. I had to go through every single command line in every single file to fix it. Spent almost 15+ hours reworking the codes. Then I compiled it, placed it on my device in /data/local/tmp. Pulled my boot img from my partition using dd over to /data/local/tmp. Ran the steps to unpacking, editing, and then used the new mkbootimg to repack it. After completion I wrote the new boot.img over to the partition using dd. Then rebooted, worked flawlessly without any bugs, errors, or hiccups.

Sent from my K2_CL using Tapatalk

Ok. Good, I'll try it out

xpirt
The Following User Says Thank You to xpirt For This Useful Post: [ View ]
Modding.MyMind
2nd January 2014, 04:35 PM   |  #9  
Guest
Thanks Meter: 0
 
n/a posts
Quote:
Originally Posted by xpirt

Ok. Good, I'll try it out

xpirt

Sounds good. If it is a stock boot.img then you will need to remove everything before the android magic value (ANDROID!). After that, have at it lol. I will be adding additional code later on that will automatically look for the android magic value and make the necessary changes to it so it reads properly. This will keep others from having to do it themselves. Until then, has to be done by the user since I have hard-coded the magic android value.

Sent from my K2_CL using Tapatalk
The Following User Says Thank You to For This Useful Post: [ View ]
Modding.MyMind
2nd January 2014, 05:23 PM   |  #10  
Guest
Thanks Meter: 0
 
n/a posts
Also plan to edit the unpackbootimg file so it will automatically extract the ramdisk archive automatically with out the need of the user having to use the ramdisk.sh file or by manually inputing the commands to do so. Got other plans as well. So a lot of improvements and bonuses are to come. Gonna try and make this thing a beast for arm devices.

Sent from my K2_CL using Tapatalk

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes