How to unpack boot.img modify the file and repack the image then flash

Refer my previous article “HOW TO BUILD ANDROID KERNEL AND FLASH IT TO THE TARGET” to get the boot.img for device.

you can extract the image from the device or you can download it from manufacturer’s website.

 

Precondition:

To decompress, modify and Re-compress the boot image you need following tools.

  1. mkbootimg & unmkbootimg
  2. mkbootfs

Download thoes tools into a folder:

$ mkdir down_tools

$ mkdir tool-chain

$ cd down_tools

$ git clone https://github.com/osm0sis/mkbootimg.git

$ git clone https://github.com/osm0sis/mkbootfs.git

$ cd mkbootimg

$ make

$ cp mkbootimg unmkbootimg ../tool-chain

$ cd ..

$ cd mkbootfs

$ make

$ cp mkbootfs ../tool-chain

$ export  PATH=tool-chain-path/bin:$PATH

 

Extract ramdisk from boot.img:

$ unmkbootimg -i boot.img
kernel written to ‘kernel’ (6682776 bytes)
ramdisk written to ‘ramdisk.cpio.gz’ (913311 bytes)

To rebuild this boot image, you can use the command:
mkbootimg –base 0 –pagesize 2048 –kernel_offset 0x80208000 –ramdisk_offset 0x82200000 –second_offset 0x81100000 –tags_offset 0x80200100 –cmdline ‘console=ttyHSL0,115200,n8 androidboot.hardware=flo user_debug=31 msm_rtb.filter=0x3F ehci-hcd.park=3 vmalloc=340M’ –kernel kernel –ramdisk ramdisk.cpio.gz -o boot.img

Now you will get two files – kernel and ramdisk.cpio.gz

Mark command to re-build the boot.img later.

 

Decompress ramdisk to the real files:

The ramdisk format is a bit odd. The files have first been concatenated into an archive using cpio (this means the files are all strung together into one single big file, but not compressed), then compressed using gzip. So, to undo all this, we need to first gunzip the ramdisk and then use cpio to extract the files from the archive. This is mentioned, for example, here.

So, make a new directory called ramdisk. cd into it. Then use a combination of gunzip and cpio to extract the initramfs.cpio.gz file. Here’s the commands:

$ mkdir ramdisk
$ cd ramdisk
$ gunzip -c ../ramdisk.cpio.gz | cpio -i
$ ls
charger file_contexts init.flo.diag.rc init.trace.rc oem sbin service_contexts ueventd.rc
data fstab.flo init.flo.rc init.usb.configfs.rc proc seapp_contexts sys
default.prop init init.flo.usb.rc init.usb.rc property_contexts selinux_version system
dev init.environ.rc init.rc init.zygote32.rc res sepolicy ueventd.flo.rc

The -c switch on gunzip makes it send its output to the standard output (i.e. the terminal). This is then piped (the | symbol) to cpio. The -i switch with cpio makes it work in copy-in mode – it copies files in from an archive, and outputs them as real files. Now have a look at the contents of the ramdisk directory.

 

You may have some changes to make for this directory.

Now it’s time to modify the ramdisk!

Blah Blah~

 

Compress the files back into a ramdisk:

I tried method from online tutorial which saying that using cpio and gzip will work for creating the ramdisk like following:

However, when carried through to completion, this does not result in a bootable image. I don’t know what mkbootfs does, but it seems irrelevant – why not just reverse the action of gunzip and cpio to get back to a ramdisk file? In fact, this is exactly what’s described here. While still in the ramdisk directory, run the following:

find . | cpio -o -H newc | gzip > ../newramdisk.cpio.gz

This consists of three parts. find . spits out (to the terminal) a list of all filenames in the current (ramdisk) directory, including files in sub-directories. This is piped to cpio. It uses the switches -o for copy-out mode, so it combines files from find . into an archive, and -H newc to specify the output format. This is then piped to gzipwhich compresses the output from cpio into a final, new ramdisk file, called newramdisk.cpio.gz. Here’s the resulting files in the recovery directory now

However that failed me with system unbootable.

so I tried with other method – using mkbootfs:

$ mkbootfs ramdisk | gzip > ramdisk-new.gz

Then finally it worked for me. don’t know reason. and didn’t have time to figure it out.

(If you’re interested, compare the file sizes of the ramdisk files produced by mkbootfs and the other command – they are different, which probably explains why the final image doesn’t boot. On mine, mkbootfs produced a file 2035130 bytes in size, while the find . | cpio -o -H newc | gzip > ../newramdisk.cpio.gz command produced 2033625 bytes.)

the tutorial says mkbootfs didn’t work out for him, but oppositely the cpio and gz didn’t work out for me.

Now let’s recompress the boot.img

$ cd ..

$ mkbootimg –base 0 –pagesize 2048 –kernel_offset 0x80208000 –ramdisk_offset 0x82200000 –second_offset 0x81100000 –tags_offset 0x80200100 –cmdline ‘console=ttyHSL0,115200,n8 androidboot.hardware=flo user_debug=31 msm_rtb.filter=0x3F ehci-hcd.park=3 vmalloc=340M’ –kernel zImage –ramdisk ramdisk-new.gz -o newboot.img

 

Flash the device:

$ adb reboot-bootloader

$ sudo fastboot flash boot newboot.img

$ sudo fastboot reboot

 

walah, you will able to see the ramdisk is changed now!

 

 

 

Ref.:

https://github.com/pbatard/bootimg-tools

https://github.com/osm0sis/mkbootimg

https://github.com/osm0sis/mkbootfs

http://whiteboard.ping.se/Android/Rooting

http://www.imajeenyus.com/computer/20130301_android_tablet/android/unpack_repack_recovery_image.html

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s