- cygwin (cos I'm using Windows, sucks isn't it)
- Hex editor (I'm using HxD)
- Notepad++ (or any text editor)
- your scatter file
In this guide, I'm using my Hisense EG980ae as an example. It is an MTK6589t phone and it doesn't has an EBR2 file. Setting up things first:
- Put your MBR and/or EBR1 file in the root folder of Cygwin (or linux user can staraight to type) and type:
MBR: x86 boot sector; partition 1: ID=0x5, starthead 0, startsector 1024, 4294967295 sectors; partition 2: ID=0x83, starthead 0, startsector 26624, 20480 sectors; partition 3: ID=0x83, starthead 0, startsector 47104, 20480 sectors; partition 4: ID=0x83, starthead 0, startsector 93184, 12288 sectors, code offset 0x0
EBR1: x86 boot sector; partition 1: ID=0x83, starthead 0, startsector 132096, 1433600 sectors; partition 2: ID=0x83, starthead 0, startsector 1565696, 258048 sectors; partition 3: ID=0x83, starthead 0, startsector 1823744, 4293143551 sectors, code offset 0x0
- Connect your MTK device to your PC and open MTK droid tools. Click "Blocks Map" and leave the window open, like this:
- Open your MBR and/or EBR1/EBR2 with an Hex editor (choose 16 bytes per row), and you'll get a view like this:
On the left is my MBR and on the right is my EBR1. Just concentrate on the highlighted part, and copy them to your text editor and arrange them like this:
Its time to decrypt things!!!!
Now just for an example, we concentrate on the hex value which I highlighted with the pink background (the MBR part):
00 00 00 00 83 00 00 00 00 68 00 00 00 50 00 00
- The first hex number (red) gives two pieces of information. If it is 00, just like the example. then the partition is not the active partition (does not contain the boot loader). If it is 80 or greater, this means it is the active (bootable) partition. Only one partition can be marked as active. The second piece of information applies to fixed disks. If the first fixed disk contains the active partition, this number will be 80. If it were the second fixed disk, this number would be 81, and so on.
- The hex number 83 (in purple) tells which type of file system the partition contains, and whether the Cylinder, Head, Sector (CHS) or the Large Block Addressing (LBA) system is to be used to locate the partition. In our case, 83 means Linux ext2fs partition.
- And finally, there are two ways that the location of the partition is specified in the partition table entry:
- The first is the Cylinder Heads Sectors method (CHS). The three blue numbers (00 00 00) specify the CHS location where the partition begins, and the three orange numbers 00 00 00 specify where it ends.
- The Cylinder Head Sector method only works on drives up to 8 gigabytes because that is the maximum size that can be specified with the three bytes. I guess this is why MTK does not use this and provide a null value. And to get around this, they instead use the second method of specifying the location of the partition. It is called Logical Block Addressing, and it uses the last eight bytes in the partition table entry. These bytes give the location of the partition by counting the number of sectors from the start of the disk, which is much simpler. The four bytes in lime (00 68 00 00) give the number of sectors before the partition, and the following four bytes (00 50 00 00) in YellowGreen give the length of the partition.
We have to know just one thing to interpret these bytes. They are in "little endian" order. This means that the lowest "place value" is held by the first byte. So to use them like we use ordinary numbers, we just have to reverse the order of the bytes. So 00 68 00 00 becomes 00006800 and 00 50 00 00 becomes 00005000. Using any hex converter, now we can convert these new hex numbers (00006800 and 00005000) to decimal (26624 and 20480). This new decimals tell us that there are 26624 sectors before the partition begins at the 26625th sector, and it is 20480 sectors long. Thus the partition ends at sector 26624+20480=47104. Notice that this is the same result we got with the CHS math.
Now can you see how those numbers (26624, 20480, and 47104) correlated with the data we first acquired when we ran the "file" command on cygwin, which is on the second and third partitions of the "MBR":
MBR: x86 boot sector partition 2: ID=0x83, starthead 0, startsector 26624, 20480 sectors; partition 3: ID=0x83, starthead 0, startsector 47104, 20480 sectors;
Since the default sector-size for almost every single HDD is 512 bytes per Sector, why don't we just multiply all our numbers, especially the size of the MBR's partition number two above 20480 by 512.
So we get 20480 X 512 = 10485760
Now please compare the value with the "Blocks Map" window that we open earlier!!!!!!!
However, sometimes it would get more tricky. For example, let us look at the MBR's partition 3 and 4:
MBR: x86 boot sector; partition 3: ID=0x83, starthead 0, startsector 47104, 20480 sectors; 00 B8 00 00 00 50 00 00 0000B800 00005000 47104 20480 10485760 Bytes MBR: x86 boot sector; partition 3: ID=0x83, starthead 0, startsector 93184, 12288 sectors; 00 6C 01 00 00 30 00 00 00016C00 00003000 93184 12288 6291456 Bytes
47104 + 20480 = 67584 not 93184
Ring a bell fellas?!!!!
Happy re-partitioning your MTK devices and keep on improvising!!!!!!!!!!!!!!