[TOOL][WIN,LIN,AND,DARW] Super image tools | extract or make partitions RW in super partition

Search This thread

munjeni

Senior Member
Jun 2, 2011
9,590
22,241
Maybe he should be in the dtbo.img?
Maybe. I'm just looking here https://gitlab.com/cryptsetup/cryptsetup/-/wikis/DMVerity , it might be that dm-verity header is not on a block device but on kernel memory which we probably can't access without special kernel module or to modify ramdisk, change kernel command line and all the things related to it inside ramdisk. It can be done from magisk mannager. Anybody tried superrepack v11? Is dm verity disabled? Verification disabled? Also I have found right now location of the vbmetaa headers, its on all partitions after last byte of the every ext4 partition. Also found it also in your vbmeta dups. This is not clear for me do we need to write AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED to the vbmeta or we need to write it to the end of each ext4 partition or we need to write it to booth ext4 partition which we want to disable verity + write it to the vbmeta partition. Here is some usefull info https://android.googlesource.com/platform/external/avb/+/0922bf8970fd2a61b9053a6fca81d8165cc0af67^!/ . What I have done is I have implemented avbctl tool to disable the things in v11. I don't know if it work and I would be glad if somebody try v11 and give me log
 
Last edited:

munjeni

Senior Member
Jun 2, 2011
9,590
22,241
Also this is intersting https://android.googlesource.com/platform/external/avb/+/master/libavb/avb_vbmeta_image.h

based on it header I have found :

Code:
  /* 120: Flags from the AvbVBMetaImageFlags enumeration. This must be
   * set to zero if the vbmeta image is not a top-level image.
   */
  uint32_t flags;

Further research I found that super partition (all partitions in super partition) and also your vbmeta dumps contain zero flag, see attachment, I don't have idea where is a top partition contain vbmeta top-level image, super and vbmeta is definitelly not a top level. Anybody have idea where is top-level vbmeta???

To manualy disable avb verification its done by writing flag AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED to top level vbmeta.

as clearly stated here:
Code:
/* Flags for the vbmeta image.
 *
 * AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED: If this flag is set,
 * hashtree image verification will be disabled.
 *
 * AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED: If this flag is set,
 * verification will be disabled and descriptors will not be parsed.
 */
typedef enum {
  AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED = (1 << 0),
  AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED = (1 << 1)
} AvbVBMetaImageFlags;

Verification enabled check is done this way: (flags & (1 << 1)),. So to disable hashtree & verification we need to write 0x03 to the flags location from screenshoot, instead of zero it must be 03 00 00 00. But it must be done to the top level vbmeta. And I have no idea where is a top level vbmeta :)
 

Attachments

  • 1.jpg
    1.jpg
    211.9 KB · Views: 71
  • 2.jpg
    2.jpg
    212.8 KB · Views: 69
Last edited:
  • Like
Reactions: adfree

munjeni

Senior Member
Jun 2, 2011
9,590
22,241
And this is one more interesting thing, rollback index (aka rollback protection) location is till after flags, but we see it zero too, so definitelly top level is somewhere else and in most case probably without access from userspace? I'm believing only a way for disable verification is via fastboot only?
 

Attachments

  • 3.jpg
    3.jpg
    179.1 KB · Views: 45
  • Like
Reactions: adfree and f1^ter

f1^ter

Member
Jan 8, 2016
47
41
33
Nadym
Sony Xperia 1 II
And this is one more interesting thing, rollback index (aka rollback protection) location is till after flags, but we see it zero too, so definitelly top level is somewhere else and in most case probably without access from userspace? I'm believing only a way for disable verification is via fastboot only?
I tried using the commands:
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
fastboot --disable-verity --disable-verification flash vbmeta_system vbmeta_system.img
I didn't get any results with your kitchen. I haven't tried your v11 yet, I'll come back from work later and try the same thing with v11. I will unsubscribe about the results.
And yet... I looked at v11 and saw that there is no "superrepack.arm64_pie", is this normal?
 
Last edited:
  • Like
Reactions: munjeni

munjeni

Senior Member
Jun 2, 2011
9,590
22,241
I tried using the commands:
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
fastboot --disable-verity --disable-verification flash vbmeta_system vbmeta_system.img
I didn't get any results with your kitchen. I haven't tried your v11 yet, I'll come back from work later and try the same thing with v11. I will unsubscribe about the results.
And yet... I looked at v11 and saw that there is no "superrepack.arm64_pie", is this normal?
Sorry I forgot to include superrepack. I'm reupoaded right now v11
 
  • Like
Reactions: f1^ter

Spaceminer

Senior Member
Maybe. I'm just looking here https://gitlab.com/cryptsetup/cryptsetup/-/wikis/DMVerity , it might be that dm-verity header is not on a block device but on kernel memory which we probably can't access without special kernel module or to modify ramdisk, change kernel command line and all the things related to it inside ramdisk. It can be done from magisk mannager. Anybody tried superrepack v11? Is dm verity disabled? Verification disabled? Also I have found right now location of the vbmetaa headers, its on all partitions after last byte of the every ext4 partition. Also found it also in your vbmeta dups. This is not clear for me do we need to write AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED to the vbmeta or we need to write it to the end of each ext4 partition or we need to write it to booth ext4 partition which we want to disable verity + write it to the vbmeta partition. Here is some usefull info https://android.googlesource.com/platform/external/avb/+/0922bf8970fd2a61b9053a6fca81d8165cc0af67^!/ . What I have done is I have implemented avbctl tool to disable the things in v11. I don't know if it work and I would be glad if somebody try v11 and give me log
I tried v11 on my Moto G Fast running stock Android 11. Verity is disabled and everything is working great. Logs attached.
 

Attachments

  • script.log
    2.2 MB · Views: 23
  • Like
Reactions: munjeni

munjeni

Senior Member
Jun 2, 2011
9,590
22,241
I attach my log! Unfortunately still the same errors.
Please post booth logs, superrepack log and script.log! Script.log is concentated with old logs so if you look at the start of the log you see old logs errors, but your latest run in log tells that its done right and without errors! I will make v12 to alway delete old logs before making new log. This is from your latest run:

Code:
Resizing the filesystem on /dev/block/loop27 to 366 (4k) blocks.
The filesystem on /dev/block/loop27 is now 366 (4k) blocks long.

Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
odm: 41/48 files (0.0% non-contiguous), 338/366 blocks
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
odm: 41/48 files (0.0% non-contiguous), 338/366 blocks
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
odm: 41/48 files (0.0% non-contiguous), 338/366 blocks
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
odm: 41/48 files (0.0% non-contiguous), 338/366 blocks

Everything done right! As you see your partition is rw now and not contain errors! :)
 
Last edited:

munjeni

Senior Member
Jun 2, 2011
9,590
22,241
Version 12 is out!

- version 12 (05.05.2021) make old logs always deleted before fresh log is created, this prevent concentation with old logs
 
  • Like
Reactions: f1^ter

f1^ter

Member
Jan 8, 2016
47
41
33
Nadym
Sony Xperia 1 II
Please post booth logs, superrepack log and script.log! Script.log is concentated with old logs so if you look at the start of the log you see old logs errors, but your latest run in log tells that its done right and without errors! I will make v12 to alway delete old logs before making new log. This is from your latest run:

Code:
Resizing the filesystem on /dev/block/loop27 to 366 (4k) blocks.
The filesystem on /dev/block/loop27 is now 366 (4k) blocks long.

Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
odm: 41/48 files (0.0% non-contiguous), 338/366 blocks
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
odm: 41/48 files (0.0% non-contiguous), 338/366 blocks
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
odm: 41/48 files (0.0% non-contiguous), 338/366 blocks
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
odm: 41/48 files (0.0% non-contiguous), 338/366 blocks

Everything done right! As you see your partition is rw now and not contain errors! :)
Did the same with v12. Thank you for your interest in our devices.
 

Attachments

  • script_v12.log
    504 bytes · Views: 27
  • superrepack_log_v12.txt
    218.7 KB · Views: 33
  • Like
Reactions: munjeni

munjeni

Senior Member
Jun 2, 2011
9,590
22,241
Did the same with v12. Thank you for your interest in our devices.
Thanks! Unfornuately it not work! Even with disabled verification and disabled verity it fail with error: Could not allocate block in ext2 filesystem returned from clone_file_block, I am realy out of idea!

Error, script null response is bug in my tool. I will delete superrepack tool definitelly, you, evorybody and me wasting time with it. Design of the tool is wrong from the start. Did you tried on Ubuntu to do it? See instruction at the end of superrepack log
 
Last edited:
  • Like
Reactions: f1^ter

munjeni

Senior Member
Jun 2, 2011
9,590
22,241
Version 13 is out!

Changelog:
- version 13 (06.05.2021) make linux version so you should do the things on your super partition dump directly on linux machine

I have good news for you! After I made linux version (x86_64) of the superrepack I have got the same errors: Couldn't clone file: Could not allocate block in ext2 filesystem
but runing tool 4-5 times errors is less and less until it totaly disapears, when all errors disapears filesystem is fully repaired and without any single problem! So it will be the same with android version in most case! So try run tool 4-5 times until error (Couldn't clone file: Could not allocate block in ext2 filesystem) totaly disapear! Make sure your script.log not contain any single error, without error mean filesystem is fully ok otherwise your partition is not done right! Its not recommend to leave partition with errors! If tool unable to repair filesystem and contain errors try dump your super partition and do the things using linux version of the tool than if all is done right simple restore repaired dump back to phone. I'm believing android version will be ok now and you will not have need for linux version. Let me know! :)
 
Last edited:
  • Like
Reactions: f1^ter

pandavova

Senior Member
Feb 9, 2016
121
16
Tried it out, kinda doesn't work.
The script.log doesn't get filled out.

My Device is an Sony Xperia 5ii on Android 11 with the currently latest version EEA_58.1.A.5.159.

Here's the log from my cmd window (I did run that tool several times, I don't know which run is this):
 

Attachments

  • XQ-AS52_EEA_58.1.A.5.159_superrepack_v13.log
    6 KB · Views: 131
  • Like
Reactions: f1^ter and munjeni

munjeni

Senior Member
Jun 2, 2011
9,590
22,241
Thanks! Android ndk toolchain interpreted my today linux x86_64 implementation and included it into android binary, thats crazy, tommorow I will fix it and make final version v14 and it will definitelly do the things right
 
  • Like
Reactions: f1^ter

pandavova

Senior Member
Feb 9, 2016
121
16
Btw, @munjeni, I don't know if you read the full log, did you catch line 48 and line 52? Can you explain that?
Code:
line 48: losetup: Unknown option 'offset=1048576' (see "losetup --help")
Code:
line 52: losetup: /dev/block/loop27: No such device or address
Also, it currently just tries to make the system partition r/w, when this script finally works on my Xperia 5ii, will it be possible to also make the vendor and product partitions r/w? If I understand the script, I just need to change the normal "./superrepack /dev/block/bootdevice/by-name/super system_a" command to the partion I want r/w on, right?
 

bobbyp1086

Senior Member
Back on verity real quick, the disable command is ran when flashing it. I have that img file if it's still of use. If you get the stock moto firmware it's all there laid out, including a file telling you what order to flash and when. It's just a huge file, 4 gb I wanna say. So I can extract what you want and upload to Google drive?
 

munjeni

Senior Member
Jun 2, 2011
9,590
22,241
Back on verity real quick, the disable command is ran when flashing it. I have that img file if it's still of use. If you get the stock moto firmware it's all there laid out, including a file telling you what order to flash and when. It's just a huge file, 4 gb I wanna say. So I can extract what you want and upload to Google drive?
No need realy, anyway thanks!
 

munjeni

Senior Member
Jun 2, 2011
9,590
22,241
Btw, @munjeni, I don't know if you read the full log, did you catch line 48 and line 52? Can you explain that?
Code:
line 48: losetup: Unknown option 'offset=1048576' (see "losetup --help")
Code:
line 52: losetup: /dev/block/loop27: No such device or address
Also, it currently just tries to make the system partition r/w, when this script finally works on my Xperia 5ii, will it be possible to also make the vendor and product partitions r/w? If I understand the script, I just need to change the normal "./superrepack /dev/block/bootdevice/by-name/super system_a" command to the partion I want r/w on, right?
Hi, please wait version 14, version 1 is curently not working on your device, explained why in post 195
 

Top Liked Posts

  • There are no posts matching your filters.
  • 46
    Disclaimer:

    Super image tools was made for testing and educational purposes, ME is not responsible for what you do on/with your device using our tools, you must agree that you using our tools on your own risk, I am not responsible for anything else!


    How to use superunpack:

    - First step, unpack super.sin using my tool or use @IgorEisberg unsin tool
    - Step two, Superunpack. On windows just drag and drop unpacked super image onto our exe to start extraction. Also you can use it from command line, from script or from etc. On Linux use it from command line. No need to set slot like it was a case on lpunpack, our tool will auto extract all slot images for you, enjoy!
    - If you need to unpack partition images in RW mode add parameter 1 at the end of command line e.g. "superunpack super.img 1", than resize partition using resize2fs, repair and unshare blocks using e2fsck. Or if you unpack without rw you no need to resize or repair it, just mount it ro.

    How to manualy patch super partition in under Linux:
    https://forum.xda-developers.com/t/...s-rw-in-super-partition.4120963/post-87112415

    Note that, superunpack is a tool for extract all logical partitions from super image or directly from super partition.

    How to use superrepack:

    adb push superrepack.arm64_pie /data/local/tmp
    adb shell
    su
    cd /data/local/tmp
    mv superrepack.arm64_pie superrepack
    chmod 755 superrepack
    stop
    ./superrepack /dev/block/bootdevice/by-name/super system_a
    sync
    reboot

    Note that, superrepack is a tool to convert logical RO partitions iside your phone super partition to RW mode without extracting anything, all things is done on the fly directly inside super partition/image! In this example system_a partiton is converted to the rw mode, if you need other partitions to rw just change system_a argument. Or if you need all partitions to rw mode do it without partition rw argumet e.g: "./superrepack /dev/block/bootdevice/by-name/super". YOU MUST RUN TOOL 4-5 TIMES UNTIL ALL ERRORS DISAPEARS!!! One of the well known errors is: "Couldn't clone file: Could not allocate block in ext2 filesystem". Look at /data/local/tmp/script.log each time and make sure it not contain any error otherwise you are not done things right and partition is not repaired yet!!! More info -> https://forum.xda-developers.com/t/...s-rw-in-super-partition.4120963/post-84966715

    Platform:

    - Superunpack is working on Windows, Linux, Android, Darwin11, just chose right binary.
    - Superrepack is working only under android


    Changelog:

    - version 1 (21.Jun.2020), initial version
    - version 1.1 (22.Jun.2020), dump file format detection, partition size correction in case ext4, partition group detection, have extraction progress bar, improvements
    - version 2 (03.04.2021) implemented possibility to extract partition images to rw mode using Superunpack & I have made new tool called Superrepack
    - version 2 (04.04.2021) implemented arguments so you would do conversion on single partition instead of doing it on all partitions
    - version 3 (04.04.2021) implemented return codes and implemented output logs to be more scripting friendly
    - version 4 - not released
    - version 5 (08.04.2021) implemented resize and repair partitions after switching to rw mode. Implemented build script for building resize2fs, e2fsck, simg2ims, img2simg, lptools
    - version 6 (08.04.2021) better loop device detection and setup
    - version 7 (08.04.2021) fix selinux status detection
    - version 8 (15.04.2021) fix loop device setup in superrepack
    - version 9 (16.04.2021) make losetup android compatible
    - version 10 - not released
    - version 11 (01.05.2021) simplified, removed needs for parameter rw, implemented dm-verity disabler
    - version 12 (05.05.2021) make old logs always deleted before fresh log is created, this prevent concentation with old logs
    - version 13 (06.05.2021) make linux version so you should do the things on your super partition dump in linux machine
    - version 14 (07.05.2021) fix compilation mess between linux and android
    - version 15 (08.05.2021) use libselinux to determine and set selinux to permissive mode instead of popening getenforce-setenforce tools

    Credits:

    - me and me :)


    Source code:

    - source code -> https://github.com/munjeni/super_image_dumper
    19
    I'm not one of those who make paid software and promote on xda, my work is always free. Even I'm always providing source code for free, source code of this tool is here -> https://github.com/munjeni/super_image_dumper , enjoy! ;)
    3
    Version 7 is out! V6 had error detecting slinux status. I do not have device with super partition for test my tool but I have only hope that all is ok. Let me know! :)
    3
    Pixel 4a, working. V13
    3
    how about simg2img