FORUMS
Remove All Ads from XDA

[Q] [Bootloader] Build bootloader.img for the Nexus 4 from AOSP

2 posts
Thanks Meter: 1
 
By TounToun, Junior Member on 15th March 2013, 11:59 AM
Post Reply Email Thread
Hi xda-developers!


I'm new in xda! I request your help on how to build bootloader and baseband from AOSP. I'm not sure that it is possible. It's not the common thread to know how to unlock the bootloader, this is quite harder . I want to reproduce the bootloader.img like a Google's developer will do for the Nexus 4.

What I have done :
- Build and install CyanogenMod 10.1 Nightly for the Nexus 4(mako). It works fine, but the bootloader is not compiled.
- Build "full_mako" from AOSP.
- Updated the Nexus 4 with the official update of the Nexus 4: https://developers.google.com/androi...s/images#occam
It contains what I want to recreate from source code:
- bootloader-mako-makoz10o.img
- radio-mako-m9615a-cefwmazm-2.0.1700.48.img
- flash-all.sh
- flash-all.bat
- flash-base.sh

I found the script which create the last 3 files but I need to have bootloader.img in TARGET_FILES. It means that I need to compile and generate it before. The script related is this one :
https://github.com/winner00/device-l...ges-package.sh
This file launch the common file :
https://code.google.com/p/android-so...device--common

I also found one interesting file in device/lge/mako :
https://android.googlesource.com/dev...eleasetools.py
This is a python script that I don't know where he is launched.
It seems that the purpose of thsi file is to write a realease bootloader.img and radio.img, from already builded img files.
However we have interesting information in it :
Code:
/* mako bootloader.img format */

define BOOTLDR_MAGIC "BOOTLDR!"
define BOOTLDR_MAGIC_SIZE 8

struct bootloader_images_header {
        char magic[BOOTLDR_MAGIC_SIZE];
         unsigned int num_images;
         unsigned int start_offset;
         unsigned int bootldr_size;
         struct {
                 char name[64];
                 unsigned int size;
         } img_info[];
 };
Fortunately, this script can give us good informations in order to hack properly the bootloader.img. Enjoy

What I want to do:
- Compile bootloader code from AOSP and generate the file: bootloader.img. By this way I will be able to flash it to my phone.


What I think I have understood:
I need to add variables to the BoardConfig.mk in https://android.googlesource.com/dev...droid-4.2.2_r1
Indeed the README from the bootable/bootloader source code is clear :

The product_config.mk defines three important build variables:
Code:
DEVICE_BOOTLOADER_LIBS := \
	libboot_board_brick.a \
	libboot_arch_65002.a \
	libboot_arch_armv6.a

DEVICE_BOOTLOADER_LINK_SCRIPT := \
	partner/semi/boot/boot.ld

DEVICE_BOOTLOADER_INIT := \
	partner/semi/boot/init.S
What I found:
A .ld file for msm7k, but I don't know if it will works for Nexus 4. I don't want to brick my Nexus 4
https://android.googlesource.com/pla...1/boot/boot.ld

A BoardConfig.mk for htc sapphire :
https://android.googlesource.com/dev...BoardConfig.mk
It seems that variables are well configured to build the bootloader :
Code:
TARGET_BOOTLOADER_LIBS := \
        libboot_board_dream_sapphire \
        libboot_arch_msm7k \
        libboot_arch_armv6

TARGET_BOOTLOADER_LINK_SCRIPT := \
        hardware/msm7k/boot/boot.ld
I am not able to find a .ld file for the Nexus 4. This can be due to the fact that they use the msm7k boot.ld file


I found also two good threads from E:V:A about MSM8960 :
http://forum.xda-developers.com/show....php?t=1856327.
http://forum.xda-developers.com/show...php?p=33813888
But this is more about hacking the bootloader than building from sources. I might go this way if I have no choice.

My question : Do you think that it is possible to generate this bootloader.img with the public source code?

I will appreciate your help,
Thanks in advance,
TounToun.
The Following User Says Thank You to TounToun For This Useful Post: [ View ] Gift TounToun Ad-Free
 
 
13th April 2013, 05:21 PM |#2  
Junior Member
Flag Dunkirk
Thanks Meter: 1
 
More
Hi!

I'm sorry I won't be able to help you a lot because as you I'm new to xda, but i'm really interested in hacking the bootloader, therefore your subject is interesting =)

This is what I believe, after my researches in the source code of Android (tell me if you think I'm wrong): The problem is, the source code for the bootloader doesn't seem to be given.
What is given is the source code and the functions needed to build "boot.img". For example, we have the "mkbootimg" function, but that's it, nothing for the bootloader, except the python script you gave.

Therefore, the only option is to take the bootloader.img given by the update, and to hack, as some people did with the boot.img (thanks to perl script), but we do not have lots of informations about the bootloader.img =S I've opened bootloader.img with an hex editor, but I'm not used to it and I don't understand that much except the header thanks to the description given in the python script. Perhaps it is possible to unpack this .img but nothing sure...
16th April 2013, 06:07 PM |#3  
Junior Member
Flag Dunkirk
Thanks Meter: 1
 
More
Hi,

I've made some discoveries, here is the composition of the file bootloader-mako-makoz10o.img
There are 6 differents parts:
  1. sbl1
  2. sbl2
  3. sbl3
  4. tz
  5. rpm
  6. aboot

Their sizes are the following (/!\ only for bootloader-mako-makoz10o.img!!):
taille de sbl1 : 94440
taille de sbl2 : 145448
taille de sbl3 : 1430152
taille de tz : 190572
taille de rpm : 144892
taille de aboot : 234704

Therefore, I googled "aboot", and I found this:
Moboot (Mobile Open Bootloader) was developed for the HP Touhcpad and is based on the little kernel by Travis Geiselbrecht. But it was planned to be used for other devices:
Quote:

moboot is a bootloader for the HP Touchpad

It may may move on to other devices in the future.

The code is available on code.google.com/p/moboot

Perhaps the Nexus 4 bootloader is inspired by this moboot? (this is only an hypothesis)
bye!
The Following User Says Thank You to KIRGO For This Useful Post: [ View ] Gift KIRGO Ad-Free
8th October 2013, 08:55 AM |#4  
TounToun's Avatar
OP Junior Member
Thanks Meter: 1
 
More
Quote:
Originally Posted by KIRGO

Hi,

I've made some discoveries, here is the composition of the file bootloader-mako-makoz10o.img
There are 6 differents parts:

  1. sbl1
  2. sbl2
  3. sbl3
  4. tz
  5. rpm
  6. aboot

Their sizes are the following (/!\ only for bootloader-mako-makoz10o.img!!):
taille de sbl1 : 94440
taille de sbl2 : 145448
taille de sbl3 : 1430152
taille de tz : 190572
taille de rpm : 144892
taille de aboot : 234704

Therefore, I googled "aboot", and I found this:
Moboot (Mobile Open Bootloader) was developed for the HP Touhcpad and is based on the little kernel by Travis Geiselbrecht. But it was planned to be used for other devices:

The code is available on code.google.com/p/moboot

Perhaps the Nexus 4 bootloader is inspired by this moboot? (this is only an hypothesis)
bye!

Thank you, I just realize how it is hard. This is a very hard reverse engineering challenge !
3rd February 2014, 07:22 AM |#5  
open source bootloader
Quote:
Originally Posted by TounToun

Thank you, I just realize how it is hard. This is a very hard reverse engineering challenge !

Indeed it is. w/o the help of a developer board community [the kind of low level technicians we'd need], its darn near impossible. But history lesson: LK bootloader was nice; it was a project on codeaurora [where qualcomm dishes a small bit of open source help out once in awhile], but unfortunately I think that project is defunct [hasn't seen updates in like 2 years]. Moboot... I'm familiar with it [got a hp touchpad]; it was used by hp but they've dished their wares to LG and LG is revamping webos for smart tv usage methinks. Still, I beleive some of the wares did see open source light, and their might be a moboot floating around under the MIT license. Best bet [if we had the balls to build and test it] would be uboot or das u-boot. They've ported that one to gnex; I don't doubt the panda board community helped in that venture, but that's omap and we're qualcomm; so, its a whole new ball game. I'll ride with you should you like to try. First problem [after we port such] would usually be the sacrifice... The open source bootloaders I've had experience w/ do NOT support fastboot natively. On the plus side though, they do open the door to true multiboot [w/ separate kernels & protected system, unlike kexec], but again its a swap out/sacrifice some would go for. I'd help just to have it be free and open source. But before you or I trod down that path.. I gotta find my ripcord for writing back the stock bootloaders [for when things go awry]. Gnex had omapflash. I'll check and see if there's some solution for us [like riffbox or something that uses QDM driver(s)].

Rob

Update: Checked into it... and riffbox supports this device [even for bootloader ref: http://www.riffbox.org/jtag-news/rif...air-supported/ ]; so, I'm golden; as I have a riff

Update2 small[er than panda board] development board community.. still gotta find it, but I spied the boards. Ref: http://www.inforcecomputing.com/product/6400series.html
31st July 2015, 03:50 PM |#6  
Member
Thanks Meter: 14
 
More
Anyone still interested in this?
7th February 2016, 11:02 PM |#7  
jhonnyx's Avatar
Senior Member
Flag Buenos Aires
Thanks Meter: 608
 
More
This still alive?
5th September 2017, 02:54 PM |#8  
Junior Member
Thanks Meter: 1
 
More
I am still interested.
Not only for reverse engineering bootloader.img but also radio.img
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes