FORUMS

Hauwei’s Rapid Rise to Third Place in the Smartphone Race

Huawei has quickly grown to become one of the world’s biggest … more

OnePlus 2 Bares All in New Tear Down Gallery

Last year, the launch of the OnePlus One, dubbed ‘the flagship killer’, visibly … more

Focus – An Attractive But Raw Gallery Replacement

Focus is an attractive new app built by XDA members Liam Spradlin … more

How to Root the LG G4 and Install TWRP Recovery – XDA TV

A rooting method has finally been found for the flagship LG G4. In this … more

How to flash the G1

736 posts
Thanks Meter: 47
 
By JesusFreke, Recognized Developer on 6th November 2008, 03:46 AM
Post Reply Subscribe to Thread Email Thread
WARNING: Following these instructions may brick your phone, void your warranty and kill your dog. You don't want your dog to die do you?


Once I got root access on my G1, I've been messing around with trying to build reflash the recovery partition. That project is still in progress, but I have learned a bit about how to flash the various partitions on the G1.

First things first, you have to have root access. See this thread.


There are 6 mtd devices or partitions on the G1, mtd0-mtd5. They are located at /dev/mtd. You can use the /system/bin/flash_image tool to flash an image to any of these.

The syntax for the flash_image tool is:

Code:
# flash_image
usage: flash_image partition file.img
#
You can see a list of partition names and which device they are associated with by doing a "cat /proc/mtd".

Code:
#cat /proc/mtd
dev:    size   erasesize  name
mtd0: 00040000 00020000 "misc"
mtd1: 00500000 00020000 "recovery"
mtd2: 00280000 00020000 "boot"
mtd3: 04380000 00020000 "system"
mtd4: 04380000 00020000 "cache"
mtd5: 04ac0000 00020000 "userdata"
#

These should all be self explanatory, except maybe "misc", which just appears to have a few string values.. Not really sure what it's used for..


Before you do any erasing or writing, it's a "really good idea" (tm) to make backups of each of these. Even if you don't plan on writing to them. I had accidentally erased the bootloader partition (typed mtd0 instead of mtd1), which I'm fairly sure would have bricked my phone if I had tried to reboot it. Ugh! Luckily, I had created a backup earlier, so I was able to restore it. (And then was nervous as heck when I tried to reboot it... "Please boot up! Please boot up!")

To create the backups:

Code:
# cat /dev/mtd/mtd0 > /sdcard/mtd0.img
# cat /dev/mtd/mtd1 > /sdcard/mtd1.img
# cat /dev/mtd/mtd2 > /sdcard/mtd2.img
# cat /dev/mtd/mtd3 > /sdcard/mtd3.img
# cat /dev/mtd/mtd4 > /sdcard/mtd4.img
# cat /dev/mtd/mtd5 > /sdcard/mtd4.img
#
Now you can use flash_image to write the new image.

Code:
#flash_image recovery /system/recovery.img
#
And that's how it's done.

Update: You normally don't need to erase the flash before you write, as long as you don't corrupt the flash first, by trying to "cat" an image directly to the mtd device, like I did . If you get a lot of ECC errors when you use flash_image then you need to erase it

Code:
# cat /dev/zero > /dev/mtd/mtd1
write: No space left on device
#

On a related note, Based on my experience so far, the recovery partition is not critical to booting the G1. When I first tried this, I used flash_image to write a new image without erasing the partition first, and it corrupted it pretty good. When I tried to boot the G1 into recovery mode (power+home), it would go to the bootloader screen instead. But it would boot into normal mode just fine.

Additionally, I've verified that the device will boot into recovery mode if you screw up the boot partition (mtd2). So as long as you at least have a good recovery image *or* a good boot image, you should be able to get back in business. Just don't try to update both at the same time.


Even so.. be careful, and don't come crying to me when you brick your phone. Or if your dog dies. You don't want your dog to die do you?
Last edited by JesusFreke; 7th November 2008 at 02:00 AM. Reason: Updated info on mtd0
 
 
6th November 2008, 03:54 AM |#2  
Senior Member
Flag Phoenix, AZ, USA
Thanks Meter: 29
 
More
Excellent work!

So if misc is the boot loader, it looks like it is roughly 266k. If you can dump it, have you tried to "open" the image and see if you can see files?

Now you have given me more ideas
6th November 2008, 04:03 AM |#3  
Member
Thanks Meter: 1
 
More
readonly sdcard?
When I run: cat /dev/mtd/mtd1 > /sdcard/mtd1.img

I got this:
cannot create /sdcard/mtd1.img: read-only file system

I know I am root...
6th November 2008, 04:03 AM |#4  
JesusFreke's Avatar
OP Recognized Developer
Flag Dallas
Thanks Meter: 47
 
More
Quote:
Originally Posted by staulkor

So if misc is the boot loader, it looks like it is roughly 266k. If you can dump it, have you tried to "open" the image and see if you can see files?

Actually, now that I look at it.. I'm not positive that mtd0 is the bootloader. There's not much data there at all. Just a few strings in the beginning, then lots of nothing. Mostly all FFs, with a few blocks of 00s thrown in. It doesn't look like there's any code at all, so it can't be the bootloader.
6th November 2008, 04:10 AM |#5  
Chainfire's Avatar
Senior Moderator / Senior Recognized Developer - Where is my shirt?
Thanks Meter: 61,535
 
Donate to Me
More
Nice work. How about the signing? Does the image you flash have to be correctly signed this way?
6th November 2008, 04:10 AM |#6  
JesusFreke's Avatar
OP Recognized Developer
Flag Dallas
Thanks Meter: 47
 
More
Quote:
Originally Posted by blues

When I run: cat /dev/mtd/mtd1 > /sdcard/mtd1.img

I got this:
cannot create /sdcard/mtd1.img: read-only file system

I know I am root...

Do you have the sdcard mounted for USB access? If so, just unplug the usb cable and plug it back in. (don't select "mount" in the usb notification thingy that pops up)
6th November 2008, 04:16 AM |#7  
JesusFreke's Avatar
OP Recognized Developer
Flag Dallas
Thanks Meter: 47
 
More
Quote:
Originally Posted by Chainfire

Nice work. How about the signing? Does the image you flash have to be correctly signed this way?

Nope. This is a raw write directly to the flash device. The whole signing thing is only applicable to the OTA updates (or Update.zip style update).


But the other project I'm working on is to rebuild the recovery mode and disable the signature check for OTA/update.zip updates.
6th November 2008, 04:31 AM |#8  
Member
Thanks Meter: 0
 
More
If you check out the SDK and build the open-source version for the phone, it builds a custom recovery-image that accepts only things signed with the testkeys - which is cool. Since the test keys are in the directory, you can easily resign the images yourself.

I know a guy who has done this now. I'll do it when I get a chance.

There are two proprietary files that you have to suck off the device in addition to the ones that the "extract_files" script in the android build pulls off - I sent in a patch to fix this but who knows if they'll apply it or not (I thnk they think that the crap in the msm7k dir will do something)

What I'm wondering is if we can write an update mode that will backup the contents of the /cache and /data to the SDCard - then erase the three partitions - then recreate /data as a huge partition and leave only 10 or 15 megs for /cache - because... well.. /cache is worthless since OTA updates aren't gonna happen to our phones anymore anyway. It would be nice to get an extra 40 megs for app storage.
6th November 2008, 04:34 AM |#9  
Senior Member
Flag Phoenix, AZ, USA
Thanks Meter: 29
 
More
Quote:
Originally Posted by JesusFreke

Actually, now that I look at it.. I'm not positive that mtd0 is the bootloader. There's not much data there at all. Just a few strings in the beginning, then lots of nothing. Mostly all FFs, with a few blocks of 00s thrown in. It doesn't look like there's any code at all, so it can't be the bootloader.

I just looked at my dumped mtd0.img and I see a few interesting strings:

T-MOB010
DeviceWarmBoot
CE Serial InUse
Debug Cable Ena
CE USB InUse
ClearAutoImage

And then a mountain of FFs, lol
6th November 2008, 04:34 AM |#10  
Member
Thanks Meter: 1
 
More
You are right. I am on XP machine. So I disabled the usb storage, and it works fine
Quote:
Originally Posted by JesusFreke

Nope. This is a raw write directly to the flash device. The whole signing thing is only applicable to the OTA updates (or Update.zip style update).


But the other project I'm working on is to rebuild the recovery mode and disable the signature check for OTA/update.zip updates.

It works for me now.
6th November 2008, 04:44 AM |#11  
JesusFreke's Avatar
OP Recognized Developer
Flag Dallas
Thanks Meter: 47
 
More
Quote:
Originally Posted by RyeBrye

If you check out the SDK and build the open-source version for the phone, it builds a custom recovery-image that accepts only things signed with the testkeys - which is cool. Since the test keys are in the directory, you can easily resign the images yourself.

Yep, that's exactly what I'm doing. I'm planning on posting a recovery.img for others to use, since trying to build the thing from scratch is a pain, and takes forever.

Quote:
Originally Posted by RyeBrye

There are two proprietary files that you have to suck off the device in addition to the ones that the "extract_files" script in the android build pulls off - I sent in a patch to fix this but who knows if they'll apply it or not (I thnk they think that the crap in the msm7k dir will do something)

I assume you're talking about libaudio.so and librpc.so?

Quote:
Originally Posted by RyeBrye

What I'm wondering is if we can write an update mode that will backup the contents of the /cache and /data to the SDCard - then erase the three partitions - then recreate /data as a huge partition and leave only 10 or 15 megs for /cache - because... well.. /cache is worthless since OTA updates aren't gonna happen to our phones anymore anyway. It would be nice to get an extra 40 megs for app storage.

Good idea. Even better would be if we could put the installed apps and all data on the sdcard.. But that would probably be a harder modification than just resizing the partitions.

Read More
Post Reply Subscribe to Thread

Tags
android, flash, recovery, root
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes