Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,731,116 Members 48,360 Now Online
XDA Developers Android and Mobile Development Forum

[Without PC] Unpack, Edit, Repack boot.img

Tip us?
 
Modding.MyMind
Old
(Last edited by Modding.MyMind; 25th March 2014 at 02:55 AM.)
#1  
Modding.MyMind's Avatar
Senior Member - OP
Thanks Meter 1255
Posts: 1,441
Join Date: Nov 2013
Location: Richmond, Virginia

 
DONATE TO ME
Exclamation [Without PC] Unpack, Edit, Repack boot.img

Hello friends, I'm back again with something I wish to share with you all. I have compiled three files to work flawlessly for ARM devices which will allow users to unpack, edit, and repack their boot.img without the use of a PC and all straight from their device.

---unmkbootimg, mkbootfs, mkbootimg---

Click here for the source on my Github.

Note:
-- The mkbootimg binary is based upon the AOSP with some added modifications to work in conjunction with unmkbootimg.
-- The unmkbootimg binary is based on the original mkbootimg source but with reverse engineering to compliment its helpful use in extraction and thus providing the needed command to rebuild properly.
-- The mkbootfs binary is based on the source provided within the dsixda kitchen to insure the proper structural repacking of the ramdisk, etc.


Requirements:
-- BusyBox (cpio, gunzip and gzip is mandatory)
-- /System Write Permissions (Does not need to be a modified kernel)
-- Terminal Emulator
-- ES File Explorer (or similar)
-- Hex Editor (or use of DD)

-- Unzip boot_manipulation.zip on your device and copy the three files over to /system/bin. Those three files inside the .zip will be named unmkbootimg, mkbootfs and mkbootimg.
-- EDIT: I have included a flashable zip for these files.
-- Set permissions to rwxr-xr-x (755) on each binary. Note: The flash zip does this already.

-- Open up your android terminal emulator.

-- Now go ahead and pull your boot.img from your device (or use another one if you wish). Here is an example:
Code:
root@android:/ # dd if=/dev/block/mmcblk0p20 of=/data/local/tmp/boot.img
dd if=/dev/block/mmcblk0p20 of=/data/local/tmp/boot.img
32768+0 records in
32768+0 records out
16777216 bytes transferred in 1.496 secs (11214716 bytes/sec)
root@android:/ #

-- Open up your boot.img with the Hex Editor and look for: ANDROID!. Remove everything before it so that the ANDROID! header is the first to be read then save it over top of the boot.img. NOTE: This is only required if you are using a stock boot.img. Here is an example:
Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000  A5 F0 BA B7 B0 43 E3 F8 3C E1 63 55 AE 75 C6 69  𺷰C<cUui
00000010  11 27 16 2F 51 48 E5 41 6F ED E1 7D C9 61 FB 3B  .'./QHAo}a;
00000020  5F 45 49 EE 48 79 6E 4E FB DE 18 FC A0 F4 9A C3  _EIHynN.*
00000030  43 11 35 67 AD 7E 2F D8 F6 E8 B1 4D 7D E0 45 B6  C.5g.~/M}E
00000040  E2 08 5F 0B 56 7F 45 71 3D 38 E2 C4 76 3E 53 EE  ._.V.Eq=8v>S
00000050  A4 3D 83 9F A2 BE D5 F4 75 5D B5 08 4E CC 9B BC  =u].N̛
00000060  7F 7A 9E 3D 4B 19 1B 91 6D FB 82 A0 B5 A8 38 88  .z=K..m*8
00000070  25 07 B5 1B 74 A2 03 62 BE 78 FA 33 96 A0 32 70  %..t.bx3*2p
00000080  05 56 50 EF 88 C1 F3 73 E4 C5 73 6A 4E F8 CA 0A  .VPssjN.
00000090  D7 EF 2A 7F 09 30 21 BF 63 61 35 9A 9B 8A 62 42  *..0!ca5bB
000000A0  28 C2 78 08 B0 CD 94 5F 7E EC F6 BA AD E6 AE 23  (x.͔_~.#
000000B0  3E FD D8 A0 F1 F6 6D E2 D9 1E 2C E5 9F 91 84 92  >*m.,埑
000000C0  2E F0 6E 3C 1D 2B 1A D5 61 18 B2 F4 E0 66 B5 2F  .n<.+.a.f/
000000D0  AE 97 9F F8 53 65 CE ED 68 43 4B 2B D5 A1 B6 D9  SehCK+ա
000000E0  7D 36 CE A9 CC EC F4 5A 07 D8 99 5A 91 CC 8F 71  }6ΩZ.ؙZ.q
000000F0  A1 8D D7 82 C3 20 AB 7A 07 68 10 2D CC F6 A8 F9  .ׂ z.h.-
00000100  41 4E 44 52 4F 49 44 21 08 D6 56 00 00 80 40 80  ANDROID!.V..@
00000110  0E F0 07 00 00 80 80 81 00 00 00 00 00 00 30 81  ...........0.
00000120  00 01 40 80 00 08 00 00 00 00 00 00 00 00 00 00  ..@............
00000130  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

-- Please note, HTC uses a 256 bit signature prior to the ANDROID! magic found in the boot.img. This may vary with other devices so keep that in mind. To remove the 256 bit junk so the boot.img is read properly you can use a hex editor and delete it or you can use DD. The following dd command I will be using is based on K2_CL in regards to the partition for our boot.img. Please make necessary adjustments to this command by insuring you know the location and where abouts of your own boot.img; Example:
Code:
dd bs=256 skip=1 if=/dev/block/mmcblk0p20 of=/data/local/tmp/boot.img

-- Alright, so we have the unmkbootimg, mkbootfs and mkbootimg located in /system/bin. We have pulled our boot.img and removed the junk before the magic android value: ANDROID!. Let's continue.

-- Go back to your android terminal emulator and change directories to /data/local/tmp. Here is an example:
Code:
root@android:/ # cd /data/local/tmp
cd /data/local/tmp
root@android:/data/local/tmp #

-- Now run unmkbootimg. Here is an example:
Code:
root@android:/data/local/tmp # unmkbootimg -i boot.img
unmkbootimg -i boot.img
kernel written to 'kernel' (5690888 bytes)
ramdisk written to 'ramdisk.cpio.gz' (521735 bytes)

To rebuild this boot image, you can use the command:
  mkbootimg --base 0 --pagesize 2048 --kernel_offset 0x80408000 --ramdisk_offset 0x81808000 --second_offset 0x81300000 --tags_offset 0x80400100 --cmdline 'console=ttyHSL0,115200,n8 user_debug=31' --kernel kernel --ramdisk ramdisk.cpio.gz -o boot.img
root@android:/data/local/tmp #

-- Before you go any futher, copy all text within your android terminal emulator and paste it in to a text document. I personally use 920 Text Editor from the play store. You will do this so when the time comes you can open it back up and copy/paste the command to rebuild your boot.img as listed (This will save you some time).

-- Congratulations, you have done well so far. By typing and entering the command 'ls', you can see what all is in your directory. Here is an example:
Code:
root@android:/data/local/tmp # ls
ls
boot.img
init.rc
kernel
ramdisk.cpio.gz
root@android:/data/local/tmp #

-- Now lets create a folder and lets call it ramdisk. Here is an example:
Code:
root@android:/data/local/tmp # mkdir ramdisk
mkdir ramdisk
root@android:/data/local/tmp #

-- Now lets change directories to that ramdisk folder. Here is an example:
Code:
root@android:/data/local/tmp # cd ramdisk
cd ramdisk
root@android:/data/local/tmp/ramdisk #

-- Go ahead and extract ramdisk.cpio.gz. Here is an example:
Code:
root@android:/data/local/tmp/ramdisk # gunzip -c ../ramdisk.cpio.gz | cpio -i
isk.cpio.gz | cpio -i     <                                                   
1851 blocks
root@android:/data/local/tmp/ramdisk #

-- Congratulations, you have done well so far. By typing and entering the command 'ls', you can see what all is in your directory. Here is an example:
Code:
root@android:/data/local/tmp/ramdisk # ls
ls
cwkeys
data
default.prop
dev
fstab.k2_cl
init
init.goldfish.rc
init.qcom.rc
init.qcom.sh
init.rc
init.target.rc
init.target.recovery.rc
init.trace.rc
init.usb.rc
proc
sbin
sys
system
ueventd.goldfish.rc
ueventd.rc
ueventd.target.rc
root@android:/data/local/tmp/ramdisk #

-- Now feel free at this point to make your edits within the ramdisk folder. When complete then come back and we shall finish the job.

-- Go ahead and move back out of the ramdisk folder by the following command:
Code:
root@android:/data/local/tmp/ramdisk # cd ..
cd ..
root@android:/data/local/tmp #

-- You should now be in /data/local/tmp/.

-- Lets go ahead and repack the contents found in the ramdisk folder. Here, we will make use of the mkbootfs binary. Please take note that your original is named 'ramdisk.cpio.gz'. Here we will be repacking and renaming it to 'myramdisk.gz'. Here is an example:
Code:
root@android:/data/local/tmp # mkbootfs ./ramdisk | gzip > myramdisk.gz
mkbootfs ./ramdisk | gzip > myramdisk.gz
root@android:/data/local/tmp #

-- Open up your saved text file as instructed earlier and scroll to where you see this:
Code:
To rebuild this boot image, you can use the command:
  mkbootimg --base 0 --pagesize 2048 --kernel_offset 0x80408000 --ramdisk_offset
 0x81808000 --second_offset 0x81300000 --tags_offset 0x80400100 --cmdline 'conso
le=ttyHSL0,115200,n8 user_debug=31' --kernel kernel --ramdisk ramdisk.cpio.gz -o
 boot.img

-- Look for --ramdisk ramdisk.cpio.gz and INSURE you change it to --ramdisk myramdisk.gz. Also go ahead and change boot.img to modboot.img. Now copy the mkbootimg command and paste it in to your android terminal emulator. Press enter.

-- There are multiple ways you can apply the new boot.img. The smartest way would be to use fastboot so that you may boot the image vice flashing it in case you screwed something up on your own accord. However, I personally will write the boot.img straight to the boot partition using dd, then I reboot the device. If you wish to do the same then that is fine.

-- Now you have your new Modded Boot Image. Enjoy, and as always... CLICK THANKS if this was helpful to you and....

--- Happy Hunting!!!
Attached Thumbnails
Click image for larger version

Name:	Screenshot_2014-01-11-20-01-39.png
Views:	536
Size:	77.8 KB
ID:	2509987   Click image for larger version

Name:	Screenshot_2014-01-11-20-06-47.png
Views:	395
Size:	36.4 KB
ID:	2509988   Click image for larger version

Name:	Screenshot_2014-01-11-20-08-10.png
Views:	358
Size:	41.5 KB
ID:	2509989   Click image for larger version

Name:	Screenshot_2014-01-11-20-19-24.png
Views:	355
Size:	55.5 KB
ID:	2509990  
Attached Files
File Type: zip boot_manipulation.zip - [Click for QR Code] (16.7 KB, 468 views)
File Type: zip flash_boot_manipulation.zip - [Click for QR Code] (140.7 KB, 368 views)
The Following 20 Users Say Thank You to Modding.MyMind For This Useful Post: [ Click to Expand ]
 
Modding.MyMind
Old
(Last edited by Modding.MyMind; 28th December 2013 at 08:47 PM.)
#2  
Modding.MyMind's Avatar
Senior Member - OP
Thanks Meter 1255
Posts: 1,441
Join Date: Nov 2013
Location: Richmond, Virginia

 
DONATE TO ME
K2_CL Information from my boot.img:

Code:
Android Boot Image Info:

* image size = 16776960 bytes ( 16.00 MB )
  page size  = 2048 bytes

* Boot Name = ""

* kernel size       = 5690888 bytes ( 5.43 MB )
* ramdisk size      = 520206 bytes ( 0.50 MB )

* load addresses:
--  kernel:       0x80408000
--  ramdisk:      0x81808000
--  tags:         0x80400100

* cmdline = console=ttyHSL0,115200,n8 user_debug=31

* id = 0x21db18d6 0x42a1958c 0x090c53f0 0x98cc3e73 0x79f0d879 0x00000000 0x00000000 0x00000000
Sent from my K2_CL using Tapatalk
The Following User Says Thank You to Modding.MyMind For This Useful Post: [ Click to Expand ]
 
Modding.MyMind
Old
#3  
Modding.MyMind's Avatar
Senior Member - OP
Thanks Meter 1255
Posts: 1,441
Join Date: Nov 2013
Location: Richmond, Virginia

 
DONATE TO ME
mkbootimg updated in .zip file. Enjoy

I went through some mess to get it to work correctly lol.

Works like a champ now.

Sent from my K2_CL using Tapatalk
The Following 2 Users Say Thank You to Modding.MyMind For This Useful Post: [ Click to Expand ]
 
xpirt
Old
#4  
xpirt's Avatar
Recognized Contributor
Thanks Meter 2473
Posts: 2,417
Join Date: Feb 2013
Location: 69 6e 20 6d 79 20 68 6f 75 73 65

 
DONATE TO ME
Quote:
Originally Posted by Modding.MyMind View Post
mkbootimg updated in .zip file. Enjoy

I went through some mess to get it to work correctly lol.

Works like a champ now.

Sent from my K2_CL using Tapatalk
Did you compiled mkbootimg?
Please can you say me in detail the not-booting problem? It rebooted continuously between bootloader and bootanimation?

xpirt
 
Modding.MyMind
Old
#5  
Modding.MyMind's Avatar
Senior Member - OP
Thanks Meter 1255
Posts: 1,441
Join Date: Nov 2013
Location: Richmond, Virginia

 
DONATE TO ME
Quote:
Originally Posted by xpirt View Post
Did you compiled mkbootimg?
Please can you say me in detail the not-booting problem? It rebooted continuously between bootloader and bootanimation?

xpirt
Yea, I compiled it. The last one I compiled wasnt done correctly. The sha and rsa was corrupted. But I fixed it.

Sent from my K2_CL using Tapatalk
 
xpirt
Old
#6  
xpirt's Avatar
Recognized Contributor
Thanks Meter 2473
Posts: 2,417
Join Date: Feb 2013
Location: 69 6e 20 6d 79 20 68 6f 75 73 65

 
DONATE TO ME
Quote:
Originally Posted by Modding.MyMind View Post
Yea, I compiled it. The last one I compiled wasnt done correctly. The sha and rsa was corrupted. But I fixed it.

Sent from my K2_CL using Tapatalk
I understand. And the bootloop I said is exactly what happened when packed with old mkbootimg?

xpirt
 
Modding.MyMind
Old
#7  
Modding.MyMind's Avatar
Senior Member - OP
Thanks Meter 1255
Posts: 1,441
Join Date: Nov 2013
Location: Richmond, Virginia

 
DONATE TO ME
@xpirt

No bootloop. It would boot once and show the splash screen. Then reboot straight in to the custom recovery. Basically what happen in the old mkbootimg was the source code having too many white spaces and some other syntax issues. I had to go through every single command line in every single file to fix it. Spent almost 15+ hours reworking the codes. Then I compiled it, placed it on my device in /data/local/tmp. Pulled my boot img from my partition using dd over to /data/local/tmp. Ran the steps to unpacking, editing, and then used the new mkbootimg to repack it. After completion I wrote the new boot.img over to the partition using dd. Then rebooted, worked flawlessly without any bugs, errors, or hiccups.

Sent from my K2_CL using Tapatalk
 
xpirt
Old
#8  
xpirt's Avatar
Recognized Contributor
Thanks Meter 2473
Posts: 2,417
Join Date: Feb 2013
Location: 69 6e 20 6d 79 20 68 6f 75 73 65

 
DONATE TO ME
Quote:
Originally Posted by Modding.MyMind View Post
@xpirt

No bootloop. It would boot once and show the splash screen. Then reboot straight in to the custom recovery. Basically what happen in the old mkbootimg was the source code having too many white spaces and some other syntax issues. I had to go through every single command line in every single file to fix it. Spent almost 15+ hours reworking the codes. Then I compiled it, placed it on my device in /data/local/tmp. Pulled my boot img from my partition using dd over to /data/local/tmp. Ran the steps to unpacking, editing, and then used the new mkbootimg to repack it. After completion I wrote the new boot.img over to the partition using dd. Then rebooted, worked flawlessly without any bugs, errors, or hiccups.

Sent from my K2_CL using Tapatalk
Ok. Good, I'll try it out

xpirt
The Following User Says Thank You to xpirt For This Useful Post: [ Click to Expand ]
 
Modding.MyMind
Old
#9  
Modding.MyMind's Avatar
Senior Member - OP
Thanks Meter 1255
Posts: 1,441
Join Date: Nov 2013
Location: Richmond, Virginia

 
DONATE TO ME
Quote:
Originally Posted by xpirt View Post
Ok. Good, I'll try it out

xpirt
Sounds good. If it is a stock boot.img then you will need to remove everything before the android magic value (ANDROID!). After that, have at it lol. I will be adding additional code later on that will automatically look for the android magic value and make the necessary changes to it so it reads properly. This will keep others from having to do it themselves. Until then, has to be done by the user since I have hard-coded the magic android value.

Sent from my K2_CL using Tapatalk
The Following User Says Thank You to Modding.MyMind For This Useful Post: [ Click to Expand ]
 
Modding.MyMind
Old
#10  
Modding.MyMind's Avatar
Senior Member - OP
Thanks Meter 1255
Posts: 1,441
Join Date: Nov 2013
Location: Richmond, Virginia

 
DONATE TO ME
Also plan to edit the unpackbootimg file so it will automatically extract the ramdisk archive automatically with out the need of the user having to use the ramdisk.sh file or by manually inputing the commands to do so. Got other plans as well. So a lot of improvements and bonuses are to come. Gonna try and make this thing a beast for arm devices.

Sent from my K2_CL using Tapatalk

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes