Mural Watchface Brings 500px to Android Wear

On a traditional watch, you can’t really do too much to change its appearance once … more

Android 5.0 Favorite Features, Release November 3rd? – XDA TV

Google Confirms Android 5.0 Lollipop for November 3rd! That and much more … more

Prepare Your Build Machines: Ubuntu 14.10 Utopic Unicorn Now Official

Today is an important day for any and all Linux enthusiasts. One of the … more

Track the Time You Waste on Social Media with Socials Addict

When you use your phone, you often don’t even realize how much time you … more
Post Reply

How to flash the G1

OP JesusFreke

6th November 2008, 03:46 AM   |  #1  
JesusFreke's Avatar
OP Recognized Developer
Flag Dallas
Thanks Meter: 41
 
736 posts
Join Date:Joined: Oct 2008
WARNING: Following these instructions may brick your phone, void your warranty and kill your dog. You don't want your dog to die do you?


Once I got root access on my G1, I've been messing around with trying to build reflash the recovery partition. That project is still in progress, but I have learned a bit about how to flash the various partitions on the G1.

First things first, you have to have root access. See this thread.


There are 6 mtd devices or partitions on the G1, mtd0-mtd5. They are located at /dev/mtd. You can use the /system/bin/flash_image tool to flash an image to any of these.

The syntax for the flash_image tool is:

Code:
# flash_image
usage: flash_image partition file.img
#
You can see a list of partition names and which device they are associated with by doing a "cat /proc/mtd".

Code:
#cat /proc/mtd
dev:    size   erasesize  name
mtd0: 00040000 00020000 "misc"
mtd1: 00500000 00020000 "recovery"
mtd2: 00280000 00020000 "boot"
mtd3: 04380000 00020000 "system"
mtd4: 04380000 00020000 "cache"
mtd5: 04ac0000 00020000 "userdata"
#

These should all be self explanatory, except maybe "misc", which just appears to have a few string values.. Not really sure what it's used for..


Before you do any erasing or writing, it's a "really good idea" (tm) to make backups of each of these. Even if you don't plan on writing to them. I had accidentally erased the bootloader partition (typed mtd0 instead of mtd1), which I'm fairly sure would have bricked my phone if I had tried to reboot it. Ugh! Luckily, I had created a backup earlier, so I was able to restore it. (And then was nervous as heck when I tried to reboot it... "Please boot up! Please boot up!")

To create the backups:

Code:
# cat /dev/mtd/mtd0 > /sdcard/mtd0.img
# cat /dev/mtd/mtd1 > /sdcard/mtd1.img
# cat /dev/mtd/mtd2 > /sdcard/mtd2.img
# cat /dev/mtd/mtd3 > /sdcard/mtd3.img
# cat /dev/mtd/mtd4 > /sdcard/mtd4.img
# cat /dev/mtd/mtd5 > /sdcard/mtd4.img
#
Now you can use flash_image to write the new image.

Code:
#flash_image recovery /system/recovery.img
#
And that's how it's done.

Update: You normally don't need to erase the flash before you write, as long as you don't corrupt the flash first, by trying to "cat" an image directly to the mtd device, like I did . If you get a lot of ECC errors when you use flash_image then you need to erase it

Code:
# cat /dev/zero > /dev/mtd/mtd1
write: No space left on device
#

On a related note, Based on my experience so far, the recovery partition is not critical to booting the G1. When I first tried this, I used flash_image to write a new image without erasing the partition first, and it corrupted it pretty good. When I tried to boot the G1 into recovery mode (power+home), it would go to the bootloader screen instead. But it would boot into normal mode just fine.

Additionally, I've verified that the device will boot into recovery mode if you screw up the boot partition (mtd2). So as long as you at least have a good recovery image *or* a good boot image, you should be able to get back in business. Just don't try to update both at the same time.


Even so.. be careful, and don't come crying to me when you brick your phone. Or if your dog dies. You don't want your dog to die do you?
Last edited by JesusFreke; 7th November 2008 at 02:00 AM. Reason: Updated info on mtd0
6th November 2008, 03:54 AM   |  #2  
Senior Member
Flag Phoenix, AZ, USA
Thanks Meter: 29
 
259 posts
Join Date:Joined: Jan 2007
More
Excellent work!

So if misc is the boot loader, it looks like it is roughly 266k. If you can dump it, have you tried to "open" the image and see if you can see files?

Now you have given me more ideas
6th November 2008, 04:03 AM   |  #3  
Member
Thanks Meter: 1
 
35 posts
Join Date:Joined: Sep 2007
readonly sdcard?
When I run: cat /dev/mtd/mtd1 > /sdcard/mtd1.img

I got this:
cannot create /sdcard/mtd1.img: read-only file system

I know I am root...
6th November 2008, 04:03 AM   |  #4  
JesusFreke's Avatar
OP Recognized Developer
Flag Dallas
Thanks Meter: 41
 
736 posts
Join Date:Joined: Oct 2008
Quote:
Originally Posted by staulkor

So if misc is the boot loader, it looks like it is roughly 266k. If you can dump it, have you tried to "open" the image and see if you can see files?

Actually, now that I look at it.. I'm not positive that mtd0 is the bootloader. There's not much data there at all. Just a few strings in the beginning, then lots of nothing. Mostly all FFs, with a few blocks of 00s thrown in. It doesn't look like there's any code at all, so it can't be the bootloader.
6th November 2008, 04:10 AM   |  #5  
Chainfire's Avatar
Senior Moderator / Senior Recognized Developer - Where is my shirt?
Thanks Meter: 51,510
 
9,238 posts
Join Date:Joined: Oct 2007
Donate to Me
More
Nice work. How about the signing? Does the image you flash have to be correctly signed this way?
6th November 2008, 04:10 AM   |  #6  
JesusFreke's Avatar
OP Recognized Developer
Flag Dallas
Thanks Meter: 41
 
736 posts
Join Date:Joined: Oct 2008
Quote:
Originally Posted by blues

When I run: cat /dev/mtd/mtd1 > /sdcard/mtd1.img

I got this:
cannot create /sdcard/mtd1.img: read-only file system

I know I am root...

Do you have the sdcard mounted for USB access? If so, just unplug the usb cable and plug it back in. (don't select "mount" in the usb notification thingy that pops up)
6th November 2008, 04:16 AM   |  #7  
JesusFreke's Avatar
OP Recognized Developer
Flag Dallas
Thanks Meter: 41
 
736 posts
Join Date:Joined: Oct 2008
Quote:
Originally Posted by Chainfire

Nice work. How about the signing? Does the image you flash have to be correctly signed this way?

Nope. This is a raw write directly to the flash device. The whole signing thing is only applicable to the OTA updates (or Update.zip style update).


But the other project I'm working on is to rebuild the recovery mode and disable the signature check for OTA/update.zip updates.
6th November 2008, 04:31 AM   |  #8  
Member
Thanks Meter: 0
 
46 posts
Join Date:Joined: Oct 2008
If you check out the SDK and build the open-source version for the phone, it builds a custom recovery-image that accepts only things signed with the testkeys - which is cool. Since the test keys are in the directory, you can easily resign the images yourself.

I know a guy who has done this now. I'll do it when I get a chance.

There are two proprietary files that you have to suck off the device in addition to the ones that the "extract_files" script in the android build pulls off - I sent in a patch to fix this but who knows if they'll apply it or not (I thnk they think that the crap in the msm7k dir will do something)

What I'm wondering is if we can write an update mode that will backup the contents of the /cache and /data to the SDCard - then erase the three partitions - then recreate /data as a huge partition and leave only 10 or 15 megs for /cache - because... well.. /cache is worthless since OTA updates aren't gonna happen to our phones anymore anyway. It would be nice to get an extra 40 megs for app storage.
6th November 2008, 04:34 AM   |  #9  
Senior Member
Flag Phoenix, AZ, USA
Thanks Meter: 29
 
259 posts
Join Date:Joined: Jan 2007
More
Quote:
Originally Posted by JesusFreke

Actually, now that I look at it.. I'm not positive that mtd0 is the bootloader. There's not much data there at all. Just a few strings in the beginning, then lots of nothing. Mostly all FFs, with a few blocks of 00s thrown in. It doesn't look like there's any code at all, so it can't be the bootloader.

I just looked at my dumped mtd0.img and I see a few interesting strings:

T-MOB010
DeviceWarmBoot
CE Serial InUse
Debug Cable Ena
CE USB InUse
ClearAutoImage

And then a mountain of FFs, lol
6th November 2008, 04:34 AM   |  #10  
Member
Thanks Meter: 1
 
35 posts
Join Date:Joined: Sep 2007
You are right. I am on XP machine. So I disabled the usb storage, and it works fine
Quote:
Originally Posted by JesusFreke

Nope. This is a raw write directly to the flash device. The whole signing thing is only applicable to the OTA updates (or Update.zip style update).


But the other project I'm working on is to rebuild the recovery mode and disable the signature check for OTA/update.zip updates.

It works for me now.

Post Reply Subscribe to Thread

Tags
android, flash, recovery, root
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes