FORUMS
Remove All Ads from XDA

[Samsung GT-S5570] my experiments - call for experts contributions

119 posts
Thanks Meter: 31
 
By stepph, Senior Member on 21st September 2011, 04:21 PM
Post Reply Email Thread
Hi all,

Here I'll describe every Hack/Mod/Discovery i'll do on my phone,
the Samsung Galaxy Next/Mini/Pop GT-S5570.

ASSUMPTION : I will not install CWM.

I've already made some experiments, and bricked the phone...
... but i'm still going on.
I'll log every step i made - while expecting a repaired device from service.

Every suggestion from other experience are welcome!
22nd September 2011, 07:43 AM |#2  
OP Senior Member
Thanks Meter: 31
 
More
Summary & Status
--------------------------------------------------------------------------------------------------

This is the summary/status of the work i made - direct on the phone (Configuration, APKs, Mods, ...)

1) Root the phone AND ADB demon. [post 3]

2) Add Essential APKs. [post 3]

3) Remove/Replace Stock applications. [post 6]

4) Got a personalized Restore. [post 6]

5) my device is back, with new GB ROM ... and personalized /system. [post 58]

--------------------------------------------------------------------------------------------------

This is the summary/status of every experiment i do with the ROM ...

1) use of ADB and related tools. [post 7]

2) backup copy of /system folder [URL="http://forum.xda-developers.com/showpost.php?p=17900113&postcount=7"][post 7]/URL]

3) dump of partitions. [post 7]

4) extract the list of partitions. [post 8]

Analizing the dumped files...

5) the dumped images can be flashed with odin !!! [post TODO]

6) extract the /system filesystem. [post 9]

7) extract the boot & recovey images. [post 12]

8) after extracting boot images...rebuild them (thanks to Doc_cheilvenerdi.org ) [post 32] and [post 40]

9) add ext4 FileSystem and busybox! (thanks to Doc_cheilvenerdi.org ) [post 44]

10) moved /data to SD !! (thanks to Doc_cheilvenerdi.org ) [post 50] and [post 52]

after explaining here how to modify the boot.img, Doc_cheilvenerdi.org wrote some exellent guides to describe his methods to to add ext4 support and move /data to SD and then move /system to SD. He also guides you in hacking the initial logos and animations and gaining root privileges on every ROM(here the IT source). Since he's not only a master in hacking and developing, but he explain it all, this 3ds are a must read !!
Only... they're in italian languages... (need help in translation, please)



ToDo

...) share my PC connection to device (Reverse-Tethering) - investigation starts in [post 59]

...) understand and investigate init*** files in ramdisk ( apart from init.rc, when are they started? what they'll do ?).

...) understand and investigate the APK install process

...) understand and investigate the android framework.

...) move /data/apps/ /data/data and /data/dal***-cache to SD (should be simple, after Doc effort !!)

...) load and adapt my dumped images to androind_x86 (porting to PC/VM of android) [post ...]


--------------------------------------------------------------------------------------------------


>>> OPENED QUESTIONS <<<

1.a) why some apk copied in /system/app/ does not work ? they do not appere in the apps list ...
1.b) why some apk removed from /system/app/ cannot be installed after the delete ?

2) where in ROMS are stored the set up of the Launcher ? i.e. the widget and icons appearing after a wipe ?

3) why bloatware removed from /system are present in the dumped BML12 ? where the 'they are removed' inormation are stored ?
please see also my considerations in [post27]

4) how files inside BML13 for /data and BL14 for /cache can be extracted ?
please see also my considerations in [post27]

5) what are MIBIB, QCSBL, OEMSBL, AMSS, EFS2, NVBACKUP, APPSBL, PARAM, FOTA partitions ?

6) why the kernel has a gziped part in it ?

The Following 5 Users Say Thank You to stepph For This Useful Post: [ View ] Gift stepph Ad-Free
22nd September 2011, 03:11 PM |#3  
OP Senior Member
Thanks Meter: 31
 
More
================================================== =====================================

Quote:
Originally Posted by stepph

1) Root the phone AND ADB demon.

I used SuperOneClick tool. Its easy.
Only remeber to root also the adb shell, in order to be able to acess as super user.

As you use the tool, the SuperUser.apk is added to your ROM.
This tool make a window appear every time an apps need root access, and you have a log.

Even if you reset the device, the rooting and SU will survive.

================================================== =====================================

Quote:
Originally Posted by stepph

2) Add Essential APKs.

I install RootExplorer, ES_FileManager in order to be able to navigate in the filesystem.
With rooting, i can also mount /system as R/W... and RootExplorer also indicate the mountpoint of some folders...

Eploring the FS, I notice :

/system/apps - where the preloade apks are. Some are systems apps (unknow), some are apps that i have in the apps folder.
/cache - where tempoarary data are stored.
/data - where apps save info

================================================== =====================================

... continue in [post 6]...
22nd September 2011, 03:26 PM |#4  
Junior Member
Thanks Meter: 0
 
More
3x. Would you like to tell how you modify the recovery.img and boot.img?
23rd September 2011, 08:07 AM |#5  
OP Senior Member
Thanks Meter: 31
 
More
Quote:
Originally Posted by dongbincpp

3x. Would you like to tell how you modify the recovery.img and boot.img?

at now i'm studing on that...
... reading "HOWTO: Unpack, Edit, and Re-Pack Boot Images".
23rd September 2011, 08:46 AM |#6  
OP Senior Member
Thanks Meter: 31
 
More
Quote:
Originally Posted by stepph

3) Remove/Replace Stock applications.

So I manage to remove (and backup on SD and then o my PC) the unused apk
from /systems/apps/
Some APKs have odex file (that are a way to speed up loading...) - the unused one to be removed too.

After a wipe - I noticed that the apks are DEFINITELY removed - WOW i delete something from the ROM of my phone...

If i put the backup copy of the removed files back, they still work.
Instead, if i try to install them, some of them does not work anymore (why?)

I notice the SuperUser apks too... so I try to add different apk here, or change the old one with an updated version...

So when i'll wipe the phone i'll get it with what i want.

Sometimes it works, sometimes i got errors on startup, sometimes the device ignore the new apps (??)

================================================== =====================================

Quote:
Originally Posted by stepph

4) Got a personalized Restore.

When I wipe the phone, widget and links are the defult ones... how can i modify this ??

I notice dat inside /data/ folder are stored the Launcher dta & options - inside a *.db file.
So i can save & restore what i set.

But i still not understand where the setting are recorder on wipe...

================================================== =====================================

... continue in [post 7]...
27th September 2011, 06:52 AM |#7  
OP Senior Member
Thanks Meter: 31
 
More
Quote:
Originally Posted by stepph

1) use of ADB and related tools.

great ... it is like a shell working on my terminal...
i'm not so experienced with linux command, buti'll try

I also use adb mask control, thas has a GUI to rapidly make some operation.
so i push sqlite and a new version of busybox on my device

Quote:
Originally Posted by stepph

2) backup copy of /system folder

playing with mount and my adb shell, i found:

Code:
d rwx r-x r-x  root     root              2011-09-09 10:10 acct		
d r-x --- ---  root     root              2011-09-09 10:10 config	
d rwx r-x r-x  root     root              1970-01-01 01:00 lib		
d rwx --- ---  root     root              2011-05-02 04:40 root		
d rwx r-x ---  root     root              1970-01-01 01:00 sbin
d rwx rwx --x  system   system            2011-09-09 10:10 persist	
d rwx r-x r-x  root     root              2011-09-09 10:12 dev		mount from tmpfs
d r-x r-x r-x  root     root              1970-01-01 01:00 proc		mount from proc
d rwx r-x r-x  root     root              1970-01-01 01:00 sys		mount from sysfs

d rwx rwx ---  system   cache             2011-09-09 10:10 cache	mount from /dev/stl14 (rfs)
d rwx rwx --x  system   system            2011-09-09 10:10 data		mount from  /dev/stl13 (rfs)
d rwx r-x r-x  root     root              2011-09-09 10:10 system	mount from /dev/stl12 (rfs)

d rwx rwx r-x  root     system            2011-09-09 10:10 mnt
						/mnt/asec	??							
						/mnt/sdcard	??
						/mnt/secure	??

l rwx rwx rwx  root     root              2011-09-09 10:10 d 		link from /sys/kernel/debug
l rwx rwx rwx  root     root              2011-09-09 10:10 etc 		link from  /system/etc
l rwx rwx rwx  root     root              2011-09-09 10:10 sdcard 	link from  /mnt/sdcard
i simply make a backup of files in / and of /system/ on my PC...
since other folders have 'strange' mountpoints... i let them apart for now.

Quote:
Originally Posted by stepph

3) dump of partitions.

i found this list: cat proc/partition/

Code:
major minor  #blocks  name

 137        0     513024 bml0/c
 137        1       1536 bml1
 137        2        512 bml2
 137        3        768 bml3
 137        4      25600 bml4
 137        5       9216 bml5
 137        6       5120 bml6
 137        7       2048 bml7
 137        8       8192 bml8
 137        9       8192 bml9
 137       10        768 bml10
 137       11       6144 bml11
 137       12     222464 bml12
 137       13     192768 bml13
 137       14      29696 bml14
 138       12     214784 stl12
 138       13     185600 stl13
 138       14      25856 stl14
 179        0    1927168 mmcblk0
 179        1    1926144 mmcblk0p1
so i start with cat /dev/bml0 >/sdcard/bml0.img
and so on for each BML to 14.

Then i try with STL... and I brick my PHONE !!!

Reading around...
>>>> DO NOT TRY TO ACCESS TO STL5<<<<


Now my phone is at service for repairing - i hope they accept warranty -
I'll continue my investigations on the BMLxx.img files...

================================================== =====================================

... continue in [post 8] - without phone - ...
28th September 2011, 07:33 AM |#8  
OP Senior Member
Thanks Meter: 31
 
More
Now, i have the segunt dumped images:

Code:
       0     513024 bml0/c
       1       1536 bml1
       2        512 bml2
       3        768 bml3
       4      25600 bml4
       5       9216 bml5
       6       5120 bml6
       7       2048 bml7
       8       8192 bml8
       9       8192 bml9
      10        768 bml10
      11       6144 bml11
      12     222464 bml12
      13     192768 bml13
      14      29696 bml14
an easy check prove me that the first and bigger one is simply the join on the others... so first of all i look for some indication about the partitioning of BML0, from which the others are derived.

With a hex editor, I found :

Code:
00081000h: AA 73 EE 55 DB BD 5E E3 03 00 00 00 0E 00 00 00  ªsîUÛ½^ã........
00081010h: 30 3A 4D 49 42 49 42 00 00 00 00 00 00 00 00 00  0:MIBIB.........
00081020h: 00 00 00 00 06 00 00 00 12 10 FF 00 30 3A 51 43  ..........ÿ.0:QC
00081030h: 53 42 4C 00 00 00 00 00 00 00 00 00 06 00 00 00  SBL.............
00081040h: 02 00 00 00 12 10 FF 00 30 3A 4F 45 4D 53 42 4C  ......ÿ.0:eek:EMSBL
00081050h: 31 00 00 00 00 00 00 00 08 00 00 00 03 00 00 00  1...............
00081060h: 12 10 FF 00 30 3A 41 4D 53 53 00 00 00 00 00 00  ..ÿ.0:AMSS......
00081070h: 00 00 00 00 0B 00 00 00 64 00 00 00 12 10 FF 00  ........d.....ÿ.
00081080h: 30 3A 45 46 53 32 00 00 00 00 00 00 00 00 00 00  0:EFS2..........
00081090h: 6F 00 00 00 24 00 00 00 01 11 FF 00 30 3A 4E 56  o...$.....ÿ.0:NV
000810a0h: 42 41 43 4B 55 50 00 00 00 00 00 00 93 00 00 00  BACKUP......“...
000810b0h: 14 00 00 00 01 11 FF 00 30 3A 41 50 50 53 42 4C  ......ÿ.0:APPSBL
000810c0h: 00 00 00 00 00 00 00 00 A7 00 00 00 08 00 00 00  ........§.......
000810d0h: 12 10 FF 00 30 3A 41 50 50 53 00 00 00 00 00 00  ..ÿ.0:APPS......
000810e0h: 00 00 00 00 AF 00 00 00 20 00 00 00 12 10 FF 00  ....¯... .....ÿ.
000810f0h: 30 3A 52 45 43 4F 56 45 52 59 00 00 00 00 00 00  0:RECOVERY......
00081100h: CF 00 00 00 20 00 00 00 12 10 FF 00 30 3A 50 41  Ï... .....ÿ.0:PA
00081110h: 52 41 4D 00 00 00 00 00 00 00 00 00 EF 00 00 00  RAM.........ï...
00081120h: 03 00 00 00 12 10 FF 00 30 3A 46 4F 54 41 00 00  ......ÿ.0:FOTA..
00081130h: 00 00 00 00 00 00 00 00 F2 00 00 00 18 00 00 00  ........ò.......
00081140h: 01 10 FF 00 30 3A 53 59 53 41 50 50 53 00 00 00  ..ÿ.0:SYSAPPS...
00081150h: 00 00 00 00 0A 01 00 00 65 03 00 00 01 11 FF 00  ........e.....ÿ.
00081160h: 30 3A 44 41 54 41 00 00 00 00 00 00 00 00 00 00  0:DATA..........
00081170h: 6F 04 00 00 F1 02 00 00 01 11 FF 00 30 3A 43 41  o...ñ.....ÿ.0:CA
00081180h: 43 48 45 00 00 00 00 00 00 00 00 00 60 07 00 00  CHE.........`...
00081190h: 74 00 00 00 01 11 FF 00 FF FF FF FF FF FF FF FF  t.....ÿ.ÿÿÿÿÿÿÿÿ
i.e.

Code:
name		start		len		??	
MIBIB		00000000	00000600	12 10
QCSBL		00000600	00000200	12 10
OEMSBL		00000800	00000300	12 10
AMSS		00000B00	00006400	12 10
EFS2		00006F00	00002400	01 11
NVBACKUP	00009300	00001400	01 11
APPSBL		0000A700	00000800	12 10
APPS		0000AF00	00002000	12 10
RECOVERY	0000CF00	00002000	12 10
PARAM		0000EF00	00000300	12 10
FOTA		0000F200	00001800	01 10
SYSAPPS		00010A00	00036500	01 11
DATA		00046F00	0002F100	01 11
CACHE		00076000	00007400	01 11
that is not only the list of the partition of BML0 in BML1..14, with the correspondant sizes, but also the name of each - they match with what i read in some posts !!

Here it is also some binary tags for ech BML; and adding a quick examiation of the head of each file, i get the following table of preliminary infos:

Code:
Disk		MB	KB	bytes		Name	  flags	FSR_STL	note			Start	 Lenght	
/dev/bml0:	525	513.024	525.336.576										
/dev/bml1:	1	1.536	1.572.864	MIBIB	  12 10					00000000 00000600
/dev/bml2:	0	512	524.288		QCSBL	  12 10					00000600 00000200
/dev/bml3:	0	768	786.432		OEMSBL	  12 10					00000800 00000300
/dev/bml4:	26	25.600	26.214.400	AMSS	  12 10		ELF			00000B00 00006400
/dev/bml5:	9	9.216	9.437.184	EFS2	  01 11	X	dev/stl5  ! Attento!	00006F00 00002400
/dev/bml6:	5	5.120	5.242.880	NVBACKUP  01 11	X	dev/stl6 (empty) 	00009300 00001400
/dev/bml7:	2	2.048	2.097.152	APPSBL	  12 10		arm11boot ?		0000A700 00000800
/dev/bml8:	8	8.192	8.388.608	APPS	  12 10		ANDROID! - boot image 	0000AF00 00002000
/dev/bml9:	8	8.192	8.388.608	RECOVERY  12 10		ANDROID! - recovery image  0000CF00 00002000
/dev/bml10:	1	768	786.432		PARAM	  12 10					0000EF00 00000300
/dev/bml11:	6	6.144	6.291.456	FOTA	  01 10		empty			0000F200 00001800
/dev/bml12:	217	222.464	227.803.136	SYSAPPS	  01 11	X	/dev/stl12 - /system (rfs) 00010A00 00036500
/dev/bml13:	197	192.768	197.394.432	DATA	  01 11	X	/dev/stl13 - /data (rfs) 00046F00 0002F100
/dev/bml14:	30	29.696	30.408.704	CACHE	  01 11	X	/dev/stl14 - /cache (rfs) 00076000 00007400
================================================== =====================================

... continue in post 9 - without phone - ...
The Following User Says Thank You to stepph For This Useful Post: [ View ] Gift stepph Ad-Free
30th September 2011, 07:18 AM |#9  
OP Senior Member
Thanks Meter: 31
 
More
First, i work on the BML12, that is the file related to /system folder.

I read a lot of stuff about Samsung BML, STL, RFS, and so on...

My understanding is that BML is the layer of block level devices,
and STL is the 'file system like' layer on it. I read also that STL are FAT compatible, and that images can be opened with MagicISO.

So i found in BML12.img file the signature MSWIN4.1, cut the previus part (two byte more) and i get a fat-12 image.

MagicISO was able to extract this files.

I compare the extracted /system folder wit the backup i done directly from the phone ... SURPRISE... the files i removed from ROM are there again !! why this ??

On the other side i wander where the others files in original filesystem are...

Same tecnich on BML13 & BML14 for /data and /cach partition does'n work at all -- why ?


================================================== =====================================

... continue in post 12 - without phone - ...
30th September 2011, 09:31 AM |#10  
roofrider's Avatar
Senior Member
Bangalore, IN
Thanks Meter: 927
 
More
stepph
wat ur doing here is great.
but didn u notice a few other mini threads here already..a few roms n cm7?
http://forum.xda-developers.com/show....php?t=1167750

http://forum.xda-developers.com/show....php?t=1176927

there are other threads too

---------- Post added at 02:01 PM ---------- Previous post was at 01:52 PM ----------

Quote:
Originally Posted by stepph


1.a) why some apk copied in /system/app/ does not work ? they do not appere in the apps list ...

I dont think u can install any app as a system, think u can only replace an already existing system app with another of ur wish by renaming the app correctly and replacing it in /system/app
Quote:

1.b) why some apk removed from /system/app/ cannot be installed after the delete ?

u cannot install app as a system app. as said abv u can only replace them.

Quote:

3) why bloatware removed from /system are present in the dumped BML12 ? where the 'they are removed' inormation are stored ?

maybe u need to remove them frm the dalvik-cache too
----edit------
clearly I have not played with my phone enough to be answering such questions.
The Following 2 Users Say Thank You to roofrider For This Useful Post: [ View ] Gift roofrider Ad-Free
3rd October 2011, 02:11 PM |#11  
OP Senior Member
Thanks Meter: 31
 
More
Quote:
Originally Posted by roofrider

stepph wat ur doing here is great.
but didn u notice a few other mini threads here already..a few roms n cm7?

http://forum.xda-developers.com/show....php?t=1167750

http://forum.xda-developers.com/show....php?t=1176927

there are other threads too

Thank you for the links,

I notice that already...but none of them talk about HOW it was made...
... i don't want a " download and install " work, but explain to everybody what i do.

Quote:
Originally Posted by roofrider


I dont think u can install any app as a system, think u can only replace an already existing system app with another of ur wish by renaming the app correctly and replacing it in /system/app

u cannot install app as a system app. as said abv u can only replace them.

maybe u need to remove them frm the dalvik-cache too

Ok, it was what i think about 1st & 2nd point...I'll look for technical infos about those 'system' apps.
About the 3rd, you may be right if it was about a running device; but i worked on dumped images, so VM cache should not be involved... i'll investigate.
Post Reply Subscribe to Thread

Tags
backup, firmware, recovery, s5570

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes