Root modifying PB00IMG files

[scotty85]

so i downloaded the v3 leak and root rom PB00IMG files and extracted them with 7 zip. looks like it would be pretty easy to delete and replace the files with others,if one were so inclined,then just zip them back up,rename PB00IMG and flash. but i assume theres got to me more to it than that even tho the recovery hboot file we made was in fact as simple as zipping the recovery image with the android info from the root rom.

for example,could i take the v3 leak rom,and remove the hboot so that one could flash it without overwriting the s-off hboot(since obviously it would be required to flash such things)?

or possibly even remove the hboot,then replace the recovery image to "tracball optional" ?

what would i have to do to be able to modify files like this,and then flash them and have them not melt my lil buddy into a pile of goo on the carpet

last and not least, let me go ahead and say sorry,scary, if this makes your brain hurt

 

[scary alien]

Scotty (i.e., "Dexter" ),

LOL, there was/is a little head-scratching going on over here in alien-land .

I actually think you can do what you are talking about above...although I'm not sure that there are not relationships or inter-dependencies in the files that are not immediately obvious.

The only thing is that you would need to have the S-OFF bootloader installed to make use of a modified PB00IMG.zip file since the security-off bootloader won't do the signature checks on the modified .zip file.

I seem to remember (or at least think I do) erisuser1 (of course ) talking about this or some derivation thereof (heck, even if he didn't, he probably sent his brain waves in your direction, LOL).

What I'm not sure of is if you would be allowed to remove some of the components from this file or if that is what HBOOT is checking when it first sees the PB00IMG.zip file. I don't see why you couldn't simply replace the pieces, like the recovery.img like you were suggesting with the trackball-optional one. I would think that if you can't, it would fail during the verification step.

I just wrote and then redacted a comment that I think the installer might just operate on the files that he finds, but now I'm thinking that the file contents must match exactly. I say this because I don't know how he "maps" the various partition images to the ones he will write (i.e., "userdata.img" is probably /data, but since the names don't match, the installer must be coded to look exactly for that file in the .zip).

If you do try this, I would recommend using 7zip like you mentioned or winrar (can't believe you don't only use win-raar to complement your avatar ) to use when tweaking the .zip file, since I'm not certain that winzip wouldn't monkey (unnecessarily) with the re-packed .zip files.

Let me know if you want me to try this in your stead. The "powers that be" have us guides a little busy right now re-cataloging threads for some forums with a new labeling system (that's why I didn't see your thread until just recently). But, I'd be happy to try to find some time to do this on my phone.

Cheers and good luck, mate!

 

[scotty85]

as usual,all i needed was a lil encouragement

so the first thing i did,was take the v3 leak,remove hboot,and replace the recovery. zipped it back up and (somewhat nervously) flashed it,lol. it checked the file and found no issues. it updated each section with no failures or errors,and then asked if i wanted to reboot.

bam! stuck at the skateboarding droids pulled the battery and apparently the recovery flash worked(or maybe it was left over from before) so i was able to volume up/power into recovery and flash the "flashback" file there.

back on a completely stock rom,i tried again,this time simply removing recovery and hboot.

bam! stuck on the skateboaring guys again. pulled battery and vol up/power and bam! hello red triangle stock recovery. makes sense as i was on the stock rom prior. in retrospect is was pretty silly to remove the stock recovery,so it wouldnt overwrite the stock recovery i should have changed back to tracball optional prior to flashing.

hmm what do do now? surprisingly no panic,i just (somewhat nervously) removed the sd card and put it into a cardreader. stuck it into the pc deleted that PB00IMG and replaced it with tracball optional back to hboot,flash recovery,pull battery,volume up/power bam! hello tracball optional (somewhat nervously)flashed "flashback" again and bam,back to stock again.

so it appears that the images and files and not just like modules in the framework,they prolly do have the inter-dependencies and relationships you mentioned. it flashed the modified file fine,but i guess we have to actually modify the files and images inside and get the right relationships/dependencies if we want it to actually boot

unless it maybe was just something to do with modifying the v3 leak... i guess i could remove hboot and add tracball optional to the root rom... but im pretty sure the same thing will happen.

and again,no erii were harmed in the making of this post

 

[scary alien]

Yeah, sounds like you might only be able to replace things (i.e., 1-for-1 swap) instead of removing things. I don't think you tried just replacing without also having removed a component...

Of course, there's other, simpler options for replacing the various components you've experimented with, but its interesting nonetheless .

The HBOOT installer must be expecting specific files in the PB00IMG.zip and must not be happy when they aren't all there.

I haven't done a Google search to see if there's any information out there about the format and makeup of these files.

Dunno...still, its interesting, eh?

 

[scotty85]

Yeah, sounds like you might only be able to replace things (i.e., 1-for-1 swap) instead of removing things. I don't think you tried just replacing without also having removed a component...

this is true... its back to stock with s-off,now maybe ill give it one last shot and try swapping out the recovery in the root rom,without removing something else and see what happens

Of course, there's other, simpler options for replacing the various components you've experimented with, but its interesting nonetheless .

yes,ill be the first to admit that this prolly has no practical value

The HBOOT installer must be expecting specific files in the PB00IMG.zip and must not be happy when they aren't all there.

if that is the case... i wonder how it knows? comparing the root rom to the v3 leak,the root rom has an extra image in it called "userdata"... plus we are able to flash only recovery with our tracball optional hboot file so it doesnt appear just look for a certain number of files,or for specific files.

hmmm...

i compared the android info text documents,and the only difference between the 2 is the main version number. IIRC we used the android info from the root rom with our hboot file,so maybe that has something to do with it?

i dunno,but ill give it a couple more tries

 

[scotty85]

oh wow...

so i took the root rom,deleted the hboot and replaced the recovery. zipped it up and flashed it...

Bam! stuck on skateboarding droids again... or so it seemed. it was plugged in and i could hear the pc connecting and unconnecting,so i went ahead and(somewhat nervously) left it. after what seemd like forever(but prolly was just a couple minutes ) it kept booting,and then hung at the verizon screen for what seemed like forever again. i (somewhat nervously) left it... eventually... Bam! lockscreen i signe in and synced and everything seems to be in order. went to hboot,about phone,and to recovery, and sure enuff... this lil experiment took me back to 2.19.605.1 firmware,gave me custom recovery,and didnt pester my eng bootloader

so a couple of things...
1)it could very well be in prior experiments,i simply didnt give him enuff time to boot.
2)it clicked this time to check and make sure usb debugging was on. it wasnt. so its pretty likely it wasnt on yesterday when i transfered those files,either i dont know what affect that would have had.

so i wonder if its something to do with "userdata" being present? or maybe because of 1 or 2 above? maybe i should try with the v3 leak 1 more time

 

[scary alien]

 

[scotty85]

hmm... i think i may have a new avatar

 

[scary alien]

hmm... i think i may have a new avatar

LOL....I do like it (although I'm rather fond of your original too...maybe you'll have to change 'em up like Frisco used to ).

Cheers!

 

[scotty85]

LOL....I do like it (although I'm rather fond of your original too...maybe you'll have to change 'em up like Frisco used to ).

Cheers!

lol,yeah i will... the original one i drew a long time ago one day bored at work on my env touch used to use it as wall paper on it.

im now in 2.36.605.1 firmware(v3 leak),with an eng bootloader,and tracball optional recovery,and no root access prolly not a combination youre likely to see,lol.

this time i dint even watch it boot looks like it is that easy to modify hboot files

 

[Bob Cat]

I'm jealous.

 

[doogald]

I'm jealous.

Then, obviously, this one is for you:

 

[Bob Cat]

Then, obviously, this one is for you:

Bwahahahaha

 

[Bob Cat]

Then, obviously, this one is for you:

Got something more plumberish. That dude is wearing a white collar shirt and a tie. I don't even own a white collar shirt and tie.

 

[doogald]

Got something more plumberish. That dude is wearing a white collar shirt and a tie. I don't even own a white collar shirt and tie.

That is, of course, Mandark, who would be the only one jealous that Scotty is using Dexter as his avatar. (And, yes, I know way too much about this. Especially for somebody my age.)

 

[scary alien]

That is, of course, Mandark, who would be the only one jealous that Scotty is using Dexter as his avatar. (And, yes, I know way too much about this. Especially for somebody my age.)

LOL, my son had to tell me who he was...I remember his watching this cartoon when he was younger .

 

[erisuser1]

Scotty,

I zipped through this thread (pun intended) rather quickly, so perhaps I missed something: are you saying you got this to succeed with a secure bootloader (S-ON)?

I can see it working - partly - with the S-OFF bootloader, as it is unlikely to check the .zip archive for an HTC signature (the first 256 bytes of a PB00IMG.zip file)... but I am shocked if it works with a S-ON bootloader. That's the whole point of the PB00IMG.zip files being signed.

As for booting, remember that the bootloader always calls the shots, but looks at the misc partition for booting instructions (and possibly sometimes the hidden misc3 partition?)
. That's how it is possible for booting instructions to be communicated across a hardware reset - for instance via something like "reboot recovery" when the OS is running.

Usually when a PB00IMG.zip file is flashed, one of the first things that happens is that the bootloader itself is flashed, and then a reboot/hardware reset occurs. During the immediately subsequent boot, the bootloader does not load the OS or the recovery boot, but rather continues to flash image files from the PB00IMG.zip archive. That suggests that the bootloader itself is writing boot instructions to misc... which are intended to be read by the new bootloader flashed in the first part of the process.




eu1

 

[scotty85]

Scotty,

I zipped through this thread (pun intended) rather quickly, so perhaps I missed something: are you saying you got this to succeed with a secure bootloader (S-ON)?

no... not by any means. i am s-off,i just wondered if changing some things was as easy as unzipping and changing the images around if we were still getting regular updates,this could be a way to flash leak RUUs without the risk of becoming unrooted to check out new firmware-simply remove hboot and recoverey but for us at this stage of the game,i admit its pretty pointless. as scary mentioned there are simpler(and less scary ) ways to change things.

as always,thanks for your comments on the matter

 

[scotty85]

That is, of course, Mandark, who would be the only one jealous that Scotty is using Dexter as his avatar. (And, yes, I know way too much about this. Especially for somebody my age.)

whaaaa



how bout this BC:

or this one(action hank):