Mods help with boot.img [Root only]

[viVaPaLeStIne]

Hello, and thanks for your help.
I have android dongle I want to disable the splash screen for it. so I installed CWM and made a backup for boot.img, I used tools for windows to unpack it and renamed initlogo.rle to initlogo.rle.old than repacked it again. the original size was 32 MB and the new size was 9.6 MB. I went back to CWM menu and restored the new boot.img. after that the dongle stopped working or showing anything on the TV.
I tried unpacking and repacking boot.img with different methods and scripts but I had the same results.
I would appreciate your support if you can take my boot.img and modify it for me.

Thanks again

 

[scary alien]

Welcome to our AndroidForums, ameen shanaa.

What exactly did you do in ClockworkMod recovery (i.e., how did you try to install the new boot.img file)?

Typically, you have to use a flashing tool that will write the boot.img over your boot partition.

Is there another .zip file that you used that is actually flashable by CWM (i.e., it's to a META-INF\com\google\android directory structure that contains an appropriate update-binary and updater-script file, etc.).?

You can also flash it manually using fastboot or using some other flash utilty (flash_image, dd, etc.).

 

[viVaPaLeStIne]

Welcome to our AndroidForums, ameen shanaa.

What exactly did you do in ClockworkMod recovery (i.e., how did you try to install the new boot.img file)?

Typically, you have to use a flashing tool that will write the boot.img over your boot partition.

Is there another .zip file that you used that is actually flashable by CWM (i.e., it's to a META-INF\com\google\android directory structure that contains an appropriate update-binary and updater-script file, etc.).?

You can also flash it manually using fastboot or using some other flash utilty (flash_image, dd, etc.).

Hi, and thanks for your reply. I don't have much experience and I didn't have adb or the right drivers but now I do. so this is what I did.
my hardware is an android HDMI Dongle model IP878c, it is an allwinner a10s based, I couldn't find how to reboot it into recovery but I came across a CWM zip file for allwinner a10, but I installed the 9 partitions instead the 10 partitions which my hardware has. im not sure how does that affect nandc. after rebooting into recovery using an application i made a full backup, which gave me boot.img and recovery.img ..etc
and with some research I found a tool for windows that will unpack and repack the boot.img. after that I changed the md5 file in the backup from CWM and went back to recovery mode and clicked on advanced restore and choose restore boot, and after rebooting everything went dark. I cant see the dongle when connecting it to my laptop and nothing shows on tv.
now I have another dongle, same model but I don't want to break it so im trying to learn as much as I can before doing anything.
one of the things I really wants to know is, can I make an update.zip from CWM recovery files??
can I back up the rom.img for my device??
can I make the device I broke boot into recovery??

I know I have a lot of questions and im trying to research them all, thank you again for your help

 

[scary alien]

Okay, first off, let me tell you I'm not at all familiar with your device...so, instead of specifically answering your questions (which would be dangerous/irresponsible of me to have you do something for which I cannot be sure of or vouch since I don't have experience with your device), I'll try to give you some general information (it does seem like you have a good grasp of many of the concepts for getting where you want to go, so maybe I can just fill-in some gaps ).

1. Regarding renaming initlogo.rle to initlogo.rle.old: I'm not sure that doing that will change the splash screen or break something when it goes to look for the initlogo.rle file (a special image file). As you've probably researched, these files are a bit odd and are not just simple image files we're all used to dealing with. I've never successfully been able to create a new initlogo.rle file on my previous attempts a few years back.

2. When you re-pack a bootable image file (boot.img or recovery.img), you need:

- re-pack the updated ramdisk to a new ramdisk.gz file

- rebuild the .img file using mkbootimg utility, specifying the kernel file and the updated ramdisk.gz file

- it's might also be important / necessary to specify the base boot address using the --base <address> parameters when issuing the mkbootimg command where <address> is the base boot address of your device; your bootable image split/unpacking utility should tell you what it sees that the base address is; here is the information I saw when I unpacked the boot.img file that you supplied in your first post:​

ScaryAlien@LV-426 ~/boot-img-split-tools/ameen
$ ../split_boot.pl boot.img
Page size: 2048 (0x00000800)
Kernel size: 9600396 (0x00927d8c)
Ramdisk size: 1313051 (0x0014091b)
Second size: 0 (0x00000000)
Board name:
Command line: 'console=ttyS0,115200 rw init=/init loglevel=5'
Base address: (0x40000000)

Writing boot/boot.img-kernel ... complete.
Writing boot/boot.img-ramdisk.cpio.gz ... complete.
Unpacking ramdisk... complete.

ScaryAlien@LV-426 ~/boot-img-split-tools/ameen​

- not having properly set the base boot address might explain why your device didn't boot

- not properly re-packing the ramdisk might explain why your device didn't boot

- not properly rebuilding the bootable image (using the mkbootimg utility)​

3. I kind of understand what you were trying to do by changing the the .md5 file...I'm guessing that you calculated a new MD5 sum of the new boot.img file thinking that would help CWM restore it; that probably doesn't matter unless you've got the MD5/checksum verification enabled; asking/using CWM to restore / install your boot.img is an interesting and non-traditional way of doing that

4. Is the CWM custom recovery specifically built for your device? I did a quick search for it and couldn't find anything. You do indeed need a custom recovery that is built specifically for your device and it's hardware & partition / filesystem layouts and sizes. Just want to make sure that you were aware of that...using the "wrong" custom recovery might be "problematic" (bad).

Edit: I think I might have found which one you used? http://forum.xda-developers.com/showthread.php?t=2189640

5. If you had previously booted into custom recovery on your "broken" device, you still should be able to re-flash or re-launch the custom recovery in the same way that you originally did, yes? The boot and recovery partitions should be separate--so, if you only messed with the boot partition, then you should be okay--unless you've got an incompatible custom recovery that overwrote important things (like your recovery partition...).

I hope that helps...I know I didn't touch on all of your questions...that's probably enough for this post and for what follow-up questions you might have .

Cheers!

 

[viVaPaLeStIne]

Okay, first off, let me tell you I'm not at all familiar with your device...so, instead of specifically answering your questions (which would be dangerous/irresponsible of me to have you do something for which I cannot be sure of or vouch since I don't have experience with your device), I'll try to give you some general information (it does seem like you have a good grasp of many of the concepts for getting where you want to go, so maybe I can just fill-in some gaps ).

1. Regarding renaming initlogo.rle to initlogo.rle.old: I'm not sure that doing that will change the splash screen or break something when it goes to look for the initlogo.rle file (a special image file). As you've probably researched, these files are a bit odd and are not just simple image files we're all used to dealing with. I've never successfully been able to create a new initlogo.rle file on my previous attempts a few years back.

2. When you re-pack a bootable image file (boot.img or recovery.img), you need:

- re-pack the updated ramdisk to a new ramdisk.gz file

- rebuild the .img file using mkbootimg utility, specifying the kernel file and the updated ramdisk.gz file

- it's might also be important / necessary to specify the base boot address using the --base <address> parameters when issuing the mkbootimg command where <address> is the base boot address of your device; your bootable image split/unpacking utility should tell you what it sees that the base address is; here is the information I saw when I unpacked the boot.img file that you supplied in your first post:​

ScaryAlien@LV-426 ~/boot-img-split-tools/ameen
$ ../split_boot.pl boot.img
Page size: 2048 (0x00000800)
Kernel size: 9600396 (0x00927d8c)
Ramdisk size: 1313051 (0x0014091b)
Second size: 0 (0x00000000)
Board name:
Command line: 'console=ttyS0,115200 rw init=/init loglevel=5'
Base address: (0x40000000)

Writing boot/boot.img-kernel ... complete.
Writing boot/boot.img-ramdisk.cpio.gz ... complete.
Unpacking ramdisk... complete.

ScaryAlien@LV-426 ~/boot-img-split-tools/ameen​

- not having properly set the base boot address might explain why your device didn't boot

- not properly re-packing the ramdisk might explain why your device didn't boot

- not properly rebuilding the bootable image (using the mkbootimg utility)​

3. I kind of understand what you were trying to do by changing the the .md5 file...I'm guessing that you calculated a new MD5 sum of the new boot.img file thinking that would help CWM restore it; that probably doesn't matter unless you've got the MD5/checksum verification enabled; asking/using CWM to restore / install your boot.img is an interesting and non-traditional way of doing that

4. Is the CWM custom recovery specifically built for your device? I did a quick search for it and couldn't find anything. You do indeed need a custom recovery that is built specifically for your device and it's hardware & partition / filesystem layouts and sizes. Just want to make sure that you were aware of that...using the "wrong" custom recovery might be "problematic" (bad).

Edit: I think I might have found which one you used? http://forum.xda-developers.com/showthread.php?t=2189640

5. If you had previously booted into custom recovery on your "broken" device, you still should be able to re-flash or re-launch the custom recovery in the same way that you originally did, yes? The boot and recovery partitions should be separate--so, if you only messed with the boot partition, then you should be okay--unless you've got an incompatible custom recovery that overwrote important things (like your recovery partition...).

I hope that helps...I know I didn't touch on all of your questions...that's probably enough for this post and for what follow-up questions you might have .

Cheers!

This is my first time with CWM, and android firmware customization, I was depending on logic more than information because my hardware is unknown Chinese one. so this is what I think I did wrong so far:
1-the CWM I used was made for allwinner a10, 9 partitions. my hardware is allwinner a10s 10 partitions. and they are not even close to each other. a10s is more close to a13 than a10,
2- I was depending on an application to boot into recovery, I need to find the hardware combination to boot into recovery.
3- I should change the file initlogo.rle , rather than changing the name.


how can I find the hardware combination to boot into recovery??
is there a key combination from external keyboard that can work??
all I have is a factory reset button and its powered by usb cable

Thanks again

 

[scary alien]

You'll have to find some detailed information about your specific device for your questions...I can't answer those since I don't have or have experience with that particular device.

 

[viVaPaLeStIne]

so it was the base after all, I checked the boot.img I repacked and the base for it was 0x0, I made another one with the right base. but still I couldn't find a CWM version for the a10s, and the adb cant see the device, I guess its a problem with the usb driver. I will try to make a zip file and flash it from the updater that came inside the device "the same way I installed the CWM". If you have any hints for me like the base one i'll appreciate it .
thank you again, I couldn't have done this without you

 

[scary alien]

Ah, glad I could help!

So, is your device rooted?

If it is, you could flash the boot.img file from within running Android (a bit scary, but doable, I think--not 100% sure though if the boot partition would be locked/read-only, though).

You'd have to make sure you knew what the proper name of the boot partition is (you might be able to discover that from viewing the /cache/recovery/last_log file for a boot reference). You might also have a "by-name" folder/directory in your /dev/block/platform path that might have a symbolic link to your boot partition.

If you can identify it, then you could use the dd command or the flash_image utility to write your boot.img file to/over the proper boot partition (you could do this from an Android Terminal Emulator app--an adb session would certainly be better and certainly better to try to do it from custom recovery).

 

[viVaPaLeStIne]

yes its rooted, and im sure the partition for boot.img is nandc. I will check out your suggestions but I want to show you what was I working on before I read your reply.
I was reading about how to make a flashable Zip, and its not that hard. so I opened the zip file of CWM I downloaded and flashed to my device, what I found is 3 files "install-recovery.sh; reboot-recovery.sh; recovery.img" and I don't need any of them so I will delete them and put boot.img instead.
and I found one folder called META-INF, inside of it there are 3 files "CERT.RSA; CERT.SF; MANIFEST.MF". I have no idea what do they do but i'll search a little and see what I find.
and there is a folder called com, inside it there is a folder called google, and inside it there is a folder called android which has 2 files "update-binary; updater-script"
the updater script is the file I guess I need to modify. it has this
"ui_print("-- CWM-based Recovery 6.0.2.8 for A13 tablets (dopa) --");
assert(package_extract_file("recovery.img", "/dev/block/nandg"));
ui_print("-- Installation completed --");"
so I will just change it to "package_extract_file("boot.img", "/dev/block/nandc"
in theory this should give me a flashable zip file that will modify nandc
what do you think??

 

[scary alien]

LOL, yes, you've found the updater-script (it uses the Edify language/syntax) that's part of most flashable .zip files (I say most because you can actually replace the update-binary with a shell script instead).

So, the recovery partition is /dev/block/nandg and the boot partition is /dev/block/nandc?

If you modify the updater-script file, be sure to use an editor like notepad or vi or gvim or ultraedit--you don't want extraneous carriage returns or line feeds in your file--they'll cause the script to fail to flash (you'll get errors--it's very touchy ).

So, yes, I think you'll want to end-up with something like this in your updater-script:

ui_print("-- ameen shanaa's modified boot.img --");
assert(package_extract_file("boot.img", "/dev/block/nandc"));
ui_print("-- Installation completed --");​

I'm very impressed with your curiosity and the way you've been able to put 2+2 together--it took me a loooooong time to get where I think you are already at .

Best of luck!

 

[viVaPaLeStIne]

Thanks , its all because of your help
so I did what we talked about, I made a new Zip file and I signed it. but it didn't work. the OTA kept giving me failed to verify. I unzipped the CWM and signed it again to make sure my process is correct and it gave me the same signature for the original file. so now im kind of stuck.
attached is the new boot.img signed zip file, please check it for me and let me know if there is something wrong with it.

 

[bcrichster]

Thanks , its all because of your help
so I did what we talked about, I made a new Zip file and I signed it. but it didn't work. the OTA kept giving me failed to verify. I unzipped the CWM and signed it again to make sure my process is correct and it gave me the same signature for the original file. so now im kind of stuck.
attached is the new boot.img signed zip file, please check it for me and let me know if there is something wrong with it.

Cwm has option to turn off signature verification (in Advanced section of cwm) "Toggle Signature verification". Turn that off and try reflashing your zip..??

 

[viVaPaLeStIne]

Cwm has option to turn off signature verification (in Advanced section of cwm) "Toggle Signature verification". Turn that off and try reflashing your zip..??

I didn't install CWM on this device. I did install a version of CWM on the device I broke, which im not sure if its compatible or not with my device. but even though when I installed CWM I used the OTA and a signed zip file. the only difference was one had those files"install-recovery.sh and reboot-recovery.sh" and the other didn't have them.

 

[scary alien]

Lemme take a look at your new .zip file that you posted and see how it looks...it would be helpful if you could also post the /cache/recovery/last_log file right after you attempt this flash (that will contain the output & status of the flash attempt near the bottom of the output).

(I'm not sure that your .zip file needs to be "properly" signed to flash in CWM--the .zip files that I've built have been copies of copies of copies of .zip files that I've used before...no telling what the signature was originally meant for in those files ).

 

[scary alien]

Well, the updater-script file looks good/fine to me--each line ends with just a newline character (no carriage-returns in sight ).

So, to debug this further ameen, I think we'd need to see the contents of your /cache/recovery/last_log file after the flashing attempt.

 

[viVaPaLeStIne]

Well, the updater-script file looks good/fine to me--each line ends with just a newline character (no carriage-returns in sight ).

So, to debug this further ameen, I think we'd need to see the contents of your /cache/recovery/last_log file after the flashing attempt.

attached last_log, thanks

 

[scary alien]

Hmm, did you try to sideload the ameen.zip as an update.zip using the stock recovery or did you try to flash it in the custom recovery (ClockworkMod)?

The last_log looks like it was the "package.zip" file being sideloaded and flashed by the stock recovery--hence the signature verification (and failure) that the stock recovery will indeed do (that's one of the biggest reasons why we need/want a custom recovery so that we can "flash" files that were not signed using the signing keys from the manufacturer).

 

[viVaPaLeStIne]

Hmm, did you try to sideload the ameen.zip as an update.zip using the stock recovery or did you try to flash it in the custom recovery (ClockworkMod)?

The last_log looks like it was the "package.zip" file being sideloaded and flashed by the stock recovery--hence the signature verification (and failure) that the stock recovery will indeed do (that's one of the biggest reasons why we need/want a custom recovery so that we can "flash" files that were not signed using the signing keys from the manufacturer).

the last_log i sent you was after i tried to install it from stock recovery. but let me explain more.
my device comes with an app called "update" its all in chinese with title "Homlet" and there are two buttons "online update" and "local update" when i click on local update it let me choose a zip file from sdcard. so when i choose CWM.zip it verified it and installed CWM on recovery, when i choose ameen.zip to install, the verification failed. whats the difference between the 2 zip files??
attached cwm.zip i was talking about

 

[viVaPaLeStIne]

i want to add, i know i can install CWM like the last time i did and from there disable the signature verification or install my ameen.zip file. but if i can install CWM using the update app i think i should be able to install ameen.zip from there with no problem

 

[WarrantyVoider]

Let me see if I understand your situation correctly. You have two devices. One has been modded but is bricked, and the other is stock (no CWM). So are you trying to mod the good one now?

From the boot image you posted, it seems your device comes with root ADB and busybox. So while CWM makes some things easier, technically you don't need it. ADB is more useful and powerful if you know how to use it.

Android has two independent boot images, "boot" and "recovery" (or more, if a device manufacturer chooses to implement). Since you don't know how to boot directly to "recovery", I'd suggest leaving "boot" alone. Experiment on "recovery" instead. You can reboot to "recovery" with an app like you've done or with "adb reboot recovery". If the image in "recovery" won't boot, you should be able to power off then on to get back to normal "boot". I hope that makes sense.

 

[scary alien]

Ah, that helps a bit--thanks, ameen!

Do you know where the "cwm6028-a10-10part-v2.zip" file is? (i.e., is it on you /sdcard?)

If so, you could rename it with a "-backup" extension and rename your ameen.zip file to get the "Homlet" app to use your file instead of the original cwm6028-a10-10part-v2.zip file (i.e., tricking him into using your file).

Also, if ClockworkMod recovery is being installed, can you not directly boot-up into it and then flash your ameen.zip file from there? (I think I'm confused now as to if you've actually ever been able to directly use CWM recovery?)

edit: yes, as @WarrantyVoider said, if you can get an adb connection while in recovery, doing stuff that you want to do is a piece of cake .

 

[viVaPaLeStIne]

Thank you all for your help, and for sharing your knowledge with me. specially you scary alien.
my problem was solved once I found about the base address for boot.img. but I tried to take it farther by trying to make a flashable signed zip file without the need for custom recovery. at the end I downloaded CWM from the zip file I attached earlier. rebooted to recovery, and restored the zip file with customized boot.img. and it worked just fine
Thanks again

 

[scary alien]

Thank you, too, @ameen shanaa .

This was a very interesting thread and am very glad you reached a happy resolution.

I hope you'll stick-around and that we'll see more of you here at AF .