Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,805,233 Members 50,523 Now Online
XDA Developers Android and Mobile Development Forum

How to flash the G1

Tip us?
 
JesusFreke
Old
(Last edited by JesusFreke; 7th November 2008 at 02:00 AM.) Reason: Updated info on mtd0
#1  
JesusFreke's Avatar
Recognized Developer - OP
Thanks Meter 41
Posts: 736
Join Date: Oct 2008
Location: Dallas
Exclamation How to flash the G1

WARNING: Following these instructions may brick your phone, void your warranty and kill your dog. You don't want your dog to die do you?


Once I got root access on my G1, I've been messing around with trying to build reflash the recovery partition. That project is still in progress, but I have learned a bit about how to flash the various partitions on the G1.

First things first, you have to have root access. See this thread.


There are 6 mtd devices or partitions on the G1, mtd0-mtd5. They are located at /dev/mtd. You can use the /system/bin/flash_image tool to flash an image to any of these.

The syntax for the flash_image tool is:

Code:
# flash_image
usage: flash_image partition file.img
#
You can see a list of partition names and which device they are associated with by doing a "cat /proc/mtd".

Code:
#cat /proc/mtd
dev:    size   erasesize  name
mtd0: 00040000 00020000 "misc"
mtd1: 00500000 00020000 "recovery"
mtd2: 00280000 00020000 "boot"
mtd3: 04380000 00020000 "system"
mtd4: 04380000 00020000 "cache"
mtd5: 04ac0000 00020000 "userdata"
#

These should all be self explanatory, except maybe "misc", which just appears to have a few string values.. Not really sure what it's used for..


Before you do any erasing or writing, it's a "really good idea" (tm) to make backups of each of these. Even if you don't plan on writing to them. I had accidentally erased the bootloader partition (typed mtd0 instead of mtd1), which I'm fairly sure would have bricked my phone if I had tried to reboot it. Ugh! Luckily, I had created a backup earlier, so I was able to restore it. (And then was nervous as heck when I tried to reboot it... "Please boot up! Please boot up!")

To create the backups:

Code:
# cat /dev/mtd/mtd0 > /sdcard/mtd0.img
# cat /dev/mtd/mtd1 > /sdcard/mtd1.img
# cat /dev/mtd/mtd2 > /sdcard/mtd2.img
# cat /dev/mtd/mtd3 > /sdcard/mtd3.img
# cat /dev/mtd/mtd4 > /sdcard/mtd4.img
# cat /dev/mtd/mtd5 > /sdcard/mtd4.img
#
Now you can use flash_image to write the new image.

Code:
#flash_image recovery /system/recovery.img
#
And that's how it's done.

Update: You normally don't need to erase the flash before you write, as long as you don't corrupt the flash first, by trying to "cat" an image directly to the mtd device, like I did . If you get a lot of ECC errors when you use flash_image then you need to erase it

Code:
# cat /dev/zero > /dev/mtd/mtd1
write: No space left on device
#

On a related note, Based on my experience so far, the recovery partition is not critical to booting the G1. When I first tried this, I used flash_image to write a new image without erasing the partition first, and it corrupted it pretty good. When I tried to boot the G1 into recovery mode (power+home), it would go to the bootloader screen instead. But it would boot into normal mode just fine.

Additionally, I've verified that the device will boot into recovery mode if you screw up the boot partition (mtd2). So as long as you at least have a good recovery image *or* a good boot image, you should be able to get back in business. Just don't try to update both at the same time.


Even so.. be careful, and don't come crying to me when you brick your phone. Or if your dog dies. You don't want your dog to die do you?
 
staulkor
Old
#2  
Senior Member
Thanks Meter 29
Posts: 259
Join Date: Jan 2007
Location: Phoenix, AZ, USA
Excellent work!

So if misc is the boot loader, it looks like it is roughly 266k. If you can dump it, have you tried to "open" the image and see if you can see files?

Now you have given me more ideas
 
blues
Old
#3  
Member
Thanks Meter 1
Posts: 35
Join Date: Sep 2007
Default readonly sdcard?

When I run: cat /dev/mtd/mtd1 > /sdcard/mtd1.img

I got this:
cannot create /sdcard/mtd1.img: read-only file system

I know I am root...
 
JesusFreke
Old
#4  
JesusFreke's Avatar
Recognized Developer - OP
Thanks Meter 41
Posts: 736
Join Date: Oct 2008
Location: Dallas
Quote:
Originally Posted by staulkor View Post
So if misc is the boot loader, it looks like it is roughly 266k. If you can dump it, have you tried to "open" the image and see if you can see files?
Actually, now that I look at it.. I'm not positive that mtd0 is the bootloader. There's not much data there at all. Just a few strings in the beginning, then lots of nothing. Mostly all FFs, with a few blocks of 00s thrown in. It doesn't look like there's any code at all, so it can't be the bootloader.
 
Chainfire
Old
#5  
Chainfire's Avatar
Senior Moderator / Senior Recognized Developer - Where is my shirt?
Thanks Meter 49,881
Posts: 9,074
Join Date: Oct 2007

 
DONATE TO ME
Nice work. How about the signing? Does the image you flash have to be correctly signed this way?
BLOG - G+(Chainfire) - G+(Personal) - TWITTER - IRC - PAYPAL - BTC 1JeoxivKEXbbiegsv1BrUC7fD7GgSPcqkG

A proper quote includes only the relevant paragraphs, and a proper post never ends with the word "why"

 

Android
HTC G1, Hero, One
LG G Pad 8.3, G Watch, G3
Moto E
Samsung i5800, i9000*2, P1000*2, P7100, i9100*2, N7000, P6800, i9300, N7100, i9505, N9005, G900F
Sony T LT30p, Z C6603
Nexus Galaxy*2, N7*2, N10, N7-2013, N7-2013-3G, N5

SuperSU, Mobile ODIN, TriangleAway, DSLR Controller, CF-Root, 500 Firepaper, OpenDelta, USB Host Diagnostics, ExynosAbuseAPK, Live dmesg+logcat, NoMoarPowah!, CF-Bench, Chainfire3D, CF.lumen, SGS2 SIM Unlocker, GingerBreakAPK, SuperPower, and more!

Windows Mobile 5/6
E-Mobile EM-ONE
HTC Wizard*2, Kaiser, Touch, Diamond, Pro, HD*2, Diamond 2, Pro 2*2, HD2*2
Samsung i780, i900*2, i8000*2, b7300, b7320, b7330, b7620*2, b6520

WMWifiRouter, KaiserTweak, FPUEnabler, WMLongLife, WMRegOptimizer, CFC+GUI, TF3D+v2 ports, Kaiser+Omnia2+Snapdragon 3D drivers, GfxBoost, and more!

Windows Phone 7
LG GW910

iOS
Apple iPad 3, iPad Mini 2


NOTICE: I do not respond to tech support questions through PM.
 
JesusFreke
Old
#6  
JesusFreke's Avatar
Recognized Developer - OP
Thanks Meter 41
Posts: 736
Join Date: Oct 2008
Location: Dallas
Quote:
Originally Posted by blues View Post
When I run: cat /dev/mtd/mtd1 > /sdcard/mtd1.img

I got this:
cannot create /sdcard/mtd1.img: read-only file system

I know I am root...
Do you have the sdcard mounted for USB access? If so, just unplug the usb cable and plug it back in. (don't select "mount" in the usb notification thingy that pops up)
 
JesusFreke
Old
#7  
JesusFreke's Avatar
Recognized Developer - OP
Thanks Meter 41
Posts: 736
Join Date: Oct 2008
Location: Dallas
Quote:
Originally Posted by Chainfire View Post
Nice work. How about the signing? Does the image you flash have to be correctly signed this way?
Nope. This is a raw write directly to the flash device. The whole signing thing is only applicable to the OTA updates (or Update.zip style update).


But the other project I'm working on is to rebuild the recovery mode and disable the signature check for OTA/update.zip updates.
 
RyeBrye
Old
#8  
Member
Thanks Meter 0
Posts: 46
Join Date: Oct 2008
If you check out the SDK and build the open-source version for the phone, it builds a custom recovery-image that accepts only things signed with the testkeys - which is cool. Since the test keys are in the directory, you can easily resign the images yourself.

I know a guy who has done this now. I'll do it when I get a chance.

There are two proprietary files that you have to suck off the device in addition to the ones that the "extract_files" script in the android build pulls off - I sent in a patch to fix this but who knows if they'll apply it or not (I thnk they think that the crap in the msm7k dir will do something)

What I'm wondering is if we can write an update mode that will backup the contents of the /cache and /data to the SDCard - then erase the three partitions - then recreate /data as a huge partition and leave only 10 or 15 megs for /cache - because... well.. /cache is worthless since OTA updates aren't gonna happen to our phones anymore anyway. It would be nice to get an extra 40 megs for app storage.
 
staulkor
Old
#9  
Senior Member
Thanks Meter 29
Posts: 259
Join Date: Jan 2007
Location: Phoenix, AZ, USA
Quote:
Originally Posted by JesusFreke View Post
Actually, now that I look at it.. I'm not positive that mtd0 is the bootloader. There's not much data there at all. Just a few strings in the beginning, then lots of nothing. Mostly all FFs, with a few blocks of 00s thrown in. It doesn't look like there's any code at all, so it can't be the bootloader.
I just looked at my dumped mtd0.img and I see a few interesting strings:

T-MOB010
DeviceWarmBoot
CE Serial InUse
Debug Cable Ena
CE USB InUse
ClearAutoImage

And then a mountain of FFs, lol
 
blues
Old
#10  
Member
Thanks Meter 1
Posts: 35
Join Date: Sep 2007
Default You are right. I am on XP machine. So I disabled the usb storage, and it works fine

Quote:
Originally Posted by JesusFreke View Post
Nope. This is a raw write directly to the flash device. The whole signing thing is only applicable to the OTA updates (or Update.zip style update).


But the other project I'm working on is to rebuild the recovery mode and disable the signature check for OTA/update.zip updates.
It works for me now.

Tags
android, flash, recovery, root
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes