Just for the hell of it, I'd like to unpack a system.img the easy way. I tried unyaffs for Windows but it doesn't seem to work. Does the factory images from Google even use the yaffs format?
When I try to unyaffs system.img, I get this which I condumped:
Code:
0 [main] unyaffs 6232 exception::handle: Exception: STATUS_ACCESS_VIOLATIO
N
831 [main] unyaffs 6232 open_stackdumpfile: Dumping stack trace to unyaffs.e
xe.stackdump
What am I doing wrong? I open a command window in the directory of the image file, make sure unyaffs.exe and cygwin1.dll is there and then type "unyaffs system.img"
Same question here
Don't forget to hit thanks
I have already posted how to do this in this post... Have a look at the last few lines of the "How to flash" section in blue.
Related
I AM TRYING TO MAKE A FOLDER. TO MAKE A CUSTOM SPLASH SCREEN BUT I DON'T KNOW HOW TO COMPLETE THIS STEP....[Open a command or terminal window and CD to your nbimg folder.
Type in the following command: nbimg -F splash1.bmp -w 480 -h 800
If successful, nbimg should have created an nb file called 'splash1.bmp.nb'.
Rename 'splash1.bmp.nb' to 'splash1.img'.]... I HAVE THE "NBIMG" FOLDER. AND MY CONVRTED IMAGE. I JUST DON'T KNOW TO "CD" TO IT OR WHEN TO TYPE IN THE COMMAND AFTER THAT TO COMBINE THE TWO.....USING COMMAND LINE IS LIKE FRENCH TO ME... PLEASE HELP..
mbancroft41 said:
I AM TRYING TO MAKE A FOLDER. TO MAKE A CUSTOM SPLASH SCREEN BUT I DON'T KNOW HOW TO COMPLETE THIS STEP....[Open a command or terminal window and CD to your nbimg folder.
Type in the following command: nbimg -F splash1.bmp -w 480 -h 800
If successful, nbimg should have created an nb file called 'splash1.bmp.nb'.
Rename 'splash1.bmp.nb' to 'splash1.img'.]... I HAVE THE "NBIMG" FOLDER. AND MY CONVRTED IMAGE. I JUST DON'T KNOW TO "CD" TO IT OR WHEN TO TYPE IN THE COMMAND AFTER THAT TO COMBINE THE TWO.....USING COMMAND LINE IS LIKE FRENCH TO ME... PLEASE HELP..
Click to expand...
Click to collapse
Ok I see no one has answered this so I'll try to take a stab at it.
I've never made a custom splash screen, however, I know my way around a command prompt. I'm assuming that your nbimg folder is on the root of your C:/ drive correct?
If that is so then in a fresh command prompt and type "cd c:\nbimg" now you should be in that folder. If its in a different folder like..idk.. programs files. then you would type cd c:\program files\nbimg, ya see?
Now that your in that folder type "nbimg -F splash1.bmp -w 480 -h 800". Hope that helps out some, if there is anyone else that can shed some more light please take this by the horns.
no actually its in my user \down load folder. should i save it to the root of my c: drive. ....or i would have to figure out what the command for my "downloads" file is ... but I think i'll move it to the root. cause you already gave me the command for that thanks........and yes your the first one to answer on three different fourms i have the same question in..... so thanks so much for your help...
mbancroft41 said:
no actually its in my user \down load folder. should i save it to the root of my c: drive. ....or i would have to figure out what the command for my "downloads" file is ... but I think i'll move it to the root. cause you already gave me the command for that thanks........and yes your the first one to answer on three different fourms i have the same question in..... so thanks so much for your help...
Click to expand...
Click to collapse
Your very welcome. If you can move it to the root of the C: drive then Id do it.
If not then right click in your nbimg folder and click properties and look at your location (ex. C:\users\download). Now, just CD-change directory to that folder with the addition of \nbimg. so it'd look like "C:\users\download\nbimg". Its a little more work but it will give you a little more command prompt experience.
ok... now that it is explained.. it sounds simple.. thanks again
ok.. command line read: c:\users\my name> .. I typed in about three different things but i got it to read: "c:\>" with out the quotations of course by typing in. " cd c:\ "..... but cant get it to the file.....when i type "nbimg" it says " 'nbimg' is not recognized as an internal command opperate program or batch file........ i have relocated the said file to the root of my C drive like u suggested...any ideas????????
ok played around for a while and got it i think.... I found out how to type command in right.. and it spit a whole bunch of stuff back to me.....to bad you cant copy and paste from cmd line window.. cause i sure aint typing all that.. thanks for your help. alot of thanks been waiting two days to get some kinda answer....
mbancroft41 said:
ok played around for a while and got it i think.... I found out how to type command in right.. and it spit a whole bunch of stuff back to me.....to bad you cant copy and paste from cmd line window.. cause i sure aint typing all that.. thanks for your help. alot of thanks been waiting two days to get some kinda answer....
Click to expand...
Click to collapse
You can copy and paste my friend!!! Right click and click paste
c:\nbimg>nbimg -f splash1.bmp -w480 -h800
=== nbimg v1.1
=== Convert NB <--> BMP splash screens
=== (c)2008 Pau Oliva - pof @ xda-developers
nbimg: unknown option -- f
Usage: nbimg -F file.[nb|bmp]
Mandatory arguments:
-F <filename> Filename to convert.
If the extension is BMP it will be converted to NB.
If the extension is NB it will be converted to BMP.
Optional arguments:
-w <width> Image width in pixels. If not specified will be autodetec
.
-h <height> Image height in pixels. If not specified will be autodete
d.
-t <pattern> Manually specify the padding pattern (usually 0 or 255).
-p <size> Manually specify the padding size.
-n Do not add HTC splash signature to NB file.
-s Output smartphone format.
NBH arguments: (only when converting from BMP to NBH)
-D <model_id> Generate NBH with specified Model ID (mandatory)
-S <chunksize> NBH SignMaxChunkSize (64 or 1024)
-T <type> NBH header type, this is typically 0x600 or 0x601
awasome it was just done different then the normal right click and right click paste.so the info it sent back to me is it saying its missing something or did it create the file
sounds like it completed
Hello guys,
I am trying to extract system.img.
I got system.img from this file
RUU_Vision_HTC_ARA_1.83.415.2_Radio_12.28e.60.140f_26.04.02.17_M2_SF_release_168396_signed.exe
I tried unyaffs with no luck. I actually tried to use unyaffs on some other system.img and it worked.
I get this
0 [main] unyaffs 4172 exception::handle: Exception: STATUS_ACCESS_VIOLATIO N
1094 [main] unyaffs 4172 open_stackdumpfile: Dumping stack trace to unyaffs.exe.stackdump
Please help
hey,
maybe you should try this in the android developement forum. here are only g2 users and i guess in the developement forum there might be more ppl who could help you with that!
Unyaffs is used on img files created during a nandroid backup.
For most img files contained in an RUU, it's simply the filesystem it would normally be on the phone, in this case ext3. You need to mount or open the file with the ext3 filesystem.
I found ext2explore tool much easier on Windows.
Download
Edit: Didn't realize it's old thread-
Hi,
As you probably know, ext4 image can be extracted from system.sin but cannot be mounted. When trying to mount it, it fails with :
[ 1476.821582] EXT4-fs (loop0): bad geometry: block count 262144 exceeds size of device (144631 blocks)
I open this thread just to share what I did around the issue and maybe have some helpful quotes about it
Here is what I did (under linux)
# First create an zero filled file. Size is system partition size (262144 blocks of 4096 each)
dd if=/dev/zero of=/home/xperia/virtualfs bs=4096 count=262144
# Attach file to loopback
sudo losetup /dev/loop0 /home/xperia/virtualfs
# Format it with same features as system partition on phone
sudo mkfs.ext4 -O has_journal,^ext_attr,^dir_index,^flex_bg,^huge_file,resize_inode,filetype,extent,sparse_super,large_file,^uninit_bg,^dir_nlink,^extra_isize -v /dev/loop0
# Write extracted system.sin.ext4 extracted image to loopback
sudo dd if=system.sin.ext4 of=/dev/loop0
# Mount filesystem
sudo mount /dev/loop0 /mnt
It can be mounted and I can have folder structure but I can't work with files. Editing default.prop gives me a non readable file.
But we can go a step ahead as we can now mount the image.
Still some issues have to be worked out.
The poit is, why we cant mount system.img on ICS but we can on GB?
maybe someone can contact with sony t oask
im extracting the .sin to .img like always but its impossible to mount.. what are you using to extract the .sin to a .ext4?
BTW, thanks for the info, i've been trying to modify system.img since ICS appeared.
EDIT: of, ext4 can be extracte with flashtool ~.~
maybe we need to read something from system.partinfo
Yakandu said:
The poit is, why we cant mount system.img on ICS but we can on GB?
maybe someone can contact with sony t oask
im extracting the .sin to .img like always but its impossible to mount.. what are you using to extract the .sin to a .ext4?
BTW, thanks for the info, i've been trying to modify system.img since ICS appeared.
EDIT: of, ext4 can be extracte with flashtool ~.~
maybe we need to read something from system.partinfo
Click to expand...
Click to collapse
Yes Flashtool can extract image from system.sin.
partinfo is partition information used by loader in flashmode to identify where to flash image on phone. (Something like start nand address of system partition)
so, any ideas why ext4 cant be mounted? maybe its encrypted or something..
Sorry for double post, i found a solution
Flash the system through a .ftf with flashtools
Flash a custom kernel with recovery (or the nozomi recovery)
Backup nandroid
We get a system.ext4.tar ··· move it to your developement folder
Create a folder (mkdir system)
Enter nautilus with root acces
Extract system files to the created folder
Modify whatever you want
Make a flashable system.img with: "./mkuserimg.sh -s /system ./system.img ext4 ./temp 1024M"
AND ITS WORKING!
Yakandu said:
Sorry for double post, i found a solution
Flash the system through a .ftf with flashtools
Flash a custom kernel with recovery (or the nozomi recovery)
Backup nandroid
We get a system.ext4.tar ··· move it to your developement folder
Create a folder (mkdir system)
Enter nautilus with root acces
Extract system files to the created folder
Modify whatever you want
Make a flashable system.img with: "./mkuserimg.sh -s /system ./system.img ext4 ./temp 1024M"
AND ITS WORKING!
Click to expand...
Click to collapse
This solution is already known
But my goal is to be able to mod a system partition without having to flash it before. And more, understand why extracted system image cannot be mounted and how to work this out
oh, ok xD
i didnt know that solution, its new for me
Yakandu said:
Sorry for double post, i found a solution
Flash the system through a .ftf with flashtools
Flash a custom kernel with recovery (or the nozomi recovery)
Backup nandroid
We get a system.ext4.tar ··· move it to your developement folder
Create a folder (mkdir system)
Enter nautilus with root acces
Extract system files to the created folder
Modify whatever you want
Make a flashable system.img with: "./mkuserimg.sh -s /system ./system.img ext4 ./temp 1024M"
AND ITS WORKING!
Click to expand...
Click to collapse
Have you already tried flashing this img on your device? I have already tried this solution twice but didn't succeed (@Spectre51 that's why I haven't replied your PM yet). system.img was succesfully created but I got boot loop when I flashed it on my device.
Hi Androxyde,
I figured it out, basically we have to dig further in sin format as new ext4 sins skips part of the file. See my thread for more details.
PS: Thanks for flashtool, it's a great tool!
LeTama
letama said:
Hi Androxyde,
I figured it out, basically we have to dig further in sin format as new ext4 sins skips part of the file. See my thread for more details.
PS: Thanks for flashtool, it's a great tool!
LeTama
Click to expand...
Click to collapse
:good:
Technically i have to give credit to scott crossler
www.scottsroms.com
for showing me the method
and then i came upon turges
faq
Thanks Turge and Scott and whomever created these blobpacktools
but since i keep getting pms
and im sure you do to
scott
Here are the steps for repacking the boot.img. Some involve running the commands via cygwin, others involve running them via the Windows Command Prompt.
The instructions for installing cygwin, extracting and repacking the boot.img were found here: http://www.freeyourandroid.com/guide...ot-img-windows
Once you have setup cygwin, extract the attached files in a folder under your "home" folder in cygwin.
Also unzip blob tools into the same folder as your boot.blob
1.
Code:
copy boot.blob to the same folder and run the following via
the Windows Command Prompt to extract the boot.img from the boot.blob:
BlobUnpack.exe boot.blob
ren boot.blob.LNX boot.img
which will create boot.img
2.
Code:
From the cygwin bash terminal window,
switch to the same folder and run the following
to extract the ramdisk from the boot.img:
./extractboot boot.img
You now have an out/ramdisk folder
that contains the files you want to edit.
3.
Code:
Once done, repack the ramdisk and kernel into boot_new.img
with the following command (via cygwin once again):
./packboot
4.
Code:
then from the Command Prompt repack boot_new.img
into boot2.blob using the following:
blobpack -s boot2.blob LNX boot_new.img
5.
Code:
You can now flash the boot.blob to the staging
partition via a command in updater-script:
Code:
package_extract_file("/boot.blob", "/dev/block/mmcblk0p4");
or by using adb while in recovery/android:
Code:
dd if=/sdcard/boot2.blob of=/dev/block/mmcblk0p4
Lastly the rundown is like this
if you want to take a ota blob
and extract the contents for a raw base
and a raw kernel
1
take the ota and extract the blob file and place
in your folder with blobtools
2. then run
Code:
blobunpack.exe blob
Which now creates
Blob.APP =System.img (can be renamed system.img and unyaffed in the kitchen)or straight cygwin
Blob.sos=Recovery Img
Blob.Ebt=Bootloader information
Blob.Lnx=kernel (can also just be renamed boot.img and unyaffed in kitchen)
Blob.pt=Partition info
so to repack lets say your custom remade image
and your custom kernel
and a recovery of your choice
run
Code:
blobpack.exe -s blob lnx boot.img sos twrp.blob app system.img
then simply take the blob replace in the ota file
and flash in recovery
and it should flash a rom packed as a blob
Hi!
...also you can flash the new boot.blob via fastboot mode
>fastboot-i 0x0B05 flash boot boot.blob
:good:
Call me stupid, but what does repacking the boot.img do? I never pm'ed you, but what would we gain from this. a lil lost
unpacking a boot.img allows you to take a stock already built kernel
and make specific changes to the ramdisk
more specifically
default.prop
can make kernel insecure
debuggable
bootanimation enabled
blah blah blah
and init.rc
but also
cardhu
and goldfish.rc
and init.trace
and init.usb
then repacked and good to flash
seanzscreams said:
Lastly the rundown is like this
if you want to take a ota blob
and extract the contents for a raw base
and a raw kernel
1
take the ota and extract the blob file and place
in your folder with blobtools
2. then run
Code:
blobunpack.exe blob
Which now creates
Blob.APP =System.img (can be renamed system.img and unyaffed in the kitchen)or straight cygwin
Blob.sos=Recovery Img
Blob.Ebt=Bootloader information
Blob.Lnx=kernel (can also just be renamed boot.img and unyaffed in kitchen)
Blob.pt=Partition info
so to repack lets say your custom remade image
and your custom kernel
and a recovery of your choice
run
Code:
blobpack.exe -s blob lnx boot.img sos twrp.blob app system.img
then simply take the blob replace in the ota file
and flash in recovery
and it should flash a rom packed as a blob
Click to expand...
Click to collapse
Hi!
For a linux (Ubuntu) machine you can easily unpack blob.APP
> sudo mkdir mnt
> sudo mount -o loop blob.APP mnt
- now in your mnt directory , you will have /system ! :good:
Hi,
My TF300tl can't unlock bootloader. so can I use this way to pack custom ROM ( cm11, liplop...) as official ROM to flash for my tablet ?
konnichiwa said:
Hi,
My TF300tl can't unlock bootloader. so can I use this way to pack custom ROM ( cm11, liplop...) as official ROM to flash for my tablet ?
Click to expand...
Click to collapse
I wouldn't think so, as the ROM would have to be signed to be official
Has anyone installed self signed ROMs using the method described in this blog http://mjg59.dreamwidth.org/31765.html? The goal is to install a self signed image that allows you to only install images signed by a key you generate yourself to avoid the giant security hole caused by custom recoveries that don't check signatures.
Here's the overview :
First: Unlock your bootloader. /data will be wiped.
Second: Get a copy of the stock recovery.img for your device.
Third: Grab mkbootimg from here and build it. Run unpackbootimg against recovery.img.
Fourth: Generate some keys. Get this script and run it.
Fifth: zcat recovery.img-ramdisk.gz | cpio -id to extract your recovery image ramdisk. Do this in an otherwise empty directory.
Sixth: Get DumpPublicKey.java from here and run it against the .x509.pem file generated in step 4. Replace /res/keys from the recover image ramdisk with the output. Include the "v2" bit at the beginning.
Seventh: Repack the ramdisk image (find . | cpio -o -H newc | gzip > ../recovery.img-ramdisk.gz) and rebuild recovery.img with mkbootimg.
Eighth: Write the new recovery image to your device
Ninth: Get signapk from here and build it. Run it against the ROM you want to sign, using the keys you generated earlier. Make sure you use the -w option to sign the whole zip rather than signing individual files.
Tenth: Relock your bootloader
Eleventh: Boot into recovery mode and sideload your newly signed image.
Click to expand...
Click to collapse
I have the 8" Tab (SM-T310) and want to try it. Anyone know if there's an official source of stock recovery images? I have the 4.4.2 update.zip from an OTA update I never installed (my tablet's still on stock 4.2.2), can the recovery somehow be extracted from that? Since I'm still on 4.2.2, I don't need to unlock the bootloader, right? Can I use Heimdall to put the new recovery on the tab?
Here's my step by step if anyone else is crazy enough to try this.
First: Unlock your bootloader. /data will be wiped.
Click to expand...
Click to collapse
Skipped so far, running 4.2.2 which from what I've been reading I think isn't locked.
Second: Get a copy of the stock recovery.img for your device.
Click to expand...
Click to collapse
Grabbed the update from Kies (on Windows VM):
Agreed to Kies update when I plugged in the tablet.
Watched my temp folder (from windows search bar enter %temp%) until tmp*.tmp.zipfolder showed up (wait for tmp*.tmp file to download and get converted to a zip, then it unzips into zipfolder automatically), unplugged the tablet immediately as it booted into download mode, copied tmp*.tmp.zipfolder somewhere else (desktop) before Kies cancelled the update process and deleted the temp files.
Third: Grab mkbootimg from here and build it. Run unpackbootimg against recovery.img.
Click to expand...
Click to collapse
Source is on github: osm0sis/mkbootimg From here on I'm using linux.
cd into mkbootimg folder and run "make"
run
Code:
./unpackbootimg -i recovery.img -o rec
(rec is the folder I unpacked to, make the folder first or it'll segfault)
Fourth: Generate some keys. Get this script and run it.
Click to expand...
Click to collapse
Saved script (posted below, can't post links yet...) to "make_key.sh", then
Code:
chmod +x make_key.sh
to make it executable.
Ran script, usage: /make_key.sh <name> <subject> [<keytype>]
subject must be in the format "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=example.com" (look up "Create CSR using OpenSSL Without Prompt (Non-Interactive)" for what all that means)
Fifth: zcat recovery.img-ramdisk.gz | cpio -id to extract your recovery image ramdisk. Do this in an otherwise empty directory.
Click to expand...
Click to collapse
Make a directory, cd into it, run
Code:
zcat recovery.img-ramdisk.gz | cpio -id
with recovery.img-ramdisk.gz pointing to where your file is (mine was ../recovery.img-ramdisk.gz).
Sixth: Get DumpPublicKey.java from here and run it against the .x509.pem file generated in step 4. Replace /res/keys from the recover image ramdisk with the output. Include the "v2" bit at the beginning.
Click to expand...
Click to collapse
Not sure why he's using a different DumpPublicKey.java than the one that's in the mkbootimg git... but it's in the "libmincrypt/tools/DumpPublicKey.java" that was in the mkbootimg git, I didn't see any differences using diff.
Running
Code:
javac DumpPublicKey.java
tells me I need BouncyCastleProvider. And now I'm stuck.
Downloaded the Bouncy Castle jar and put it in the same folder as DumpPublicKey.java and ran
Code:
javac -cp bcprov-jdk15on-152.jar DumpPublicKey.java
echo "Main-Class: DumpPublicKey" > manifest.txt
jar cvfm DumpPublicKey.jar manifest.txt DumpPublicKey.java
Then running
Code:
java com.android.dumpkey.DumpPublicKey
gave me various class not found errors and I ended up with a file structure like this trying to make it find the bouncy castle. Annnnnd I'm stuck.
.
├── bcprov-jdk15on-152.jar
├── com
│** └── android
│**** └── dumpkey
│****** ├── bcprov-jdk15on-152.jar
│****** ├── DumpPublicKey.class
│****** ├── DumpPublicKey.jar
│****** ├── DumpPublicKey.java
│****** └── manifest.txt
├── DumpPublicKey.class
├── DumpPublicKey.java
└── manifest.txt
I obviously don't know how to java at all.... any suggestions?
I just needed to put the "-cp" in the java command as well as the javac command.
Code:
java -cp .:./bcprov-jdk15on-152.jar com.android.dumpkey.DumpPublicKey
The full command is
Code:
java -cp .:./bcprov-jdk15on-152.jar com.android.dumpkey.DumpPublicKey /path/to/key.x509.pem > keys
After deleting stuff and testing, I found I only needed files in these locations:
.
├── bcprov-jdk15on-152.jar
├── com
│** └── android
│** └── dumpkey
│** ├── DumpPublicKey.class
│** └── DumpPublicKey.jar
├── DumpPublicKey.java
└── manifest.txt
Then I replaced the "/res/keys" file with the "keys" file I just made.
Seventh: Repack the ramdisk image (find . | cpio -o -H newc | gzip > ../recovery.img-ramdisk.gz) and rebuild recovery.img with mkbootimg.
Click to expand...
Click to collapse
From the folder that the ramdisk image was extracted into, run
Code:
find . | cpio -o -H newc | gzip > ../recovery.img-ramdisk.gz
mkbootimg needs offsets that were printed when I ran unpackbootimg:
BOARD_KERNEL_CMDLINE
BOARD_KERNEL_BASE 10000000
BOARD_NAME
BOARD_PAGE_SIZE 2048
BOARD_KERNEL_OFFSET 00008000
BOARD_RAMDISK_OFFSET 01000000
BOARD_TAGS_OFFSET 00000100
Still in the folder where I unpacked the recovery image (mkbootimg is one directory up)
Code:
../mkbootimg --kernel recovery.img-zImage --ramdisk recovery.img-ramdisk.gz --base 10000000 --pagesize 2048 --kernel_offset 00008000 --ramdisk_offset 01000000 --tags_offset 00000100 -o newrecovery.img
Eighth: Write the new recovery image to your device
Click to expand...
Click to collapse
This thread says Heimdall 1.4.0 works for T31x: http://forum.xda-developers.com/showthread.php?t=2522091
Oh how nice, Heimdall 1.4.1 is in my package manager.
Connect device and restart in download mode (held the "HOME" button, "Volume Down" and "Power" all at the same time (for about 5 seconds). Hit the "Volume Up" to enter download mode when prompted.)
Code:
sudo heimdall flash --verbose --no-reboot --RECOVERY recovery.img
Ninth: Get signapk from here and build it. Run it against the ROM you want to sign, using the keys you generated earlier. Make sure you use the -w option to sign the whole zip rather than signing individual files.
Click to expand...
Click to collapse
signapk is on github in android/platform_build/tools. And it gives more bouncy castle errors. Put bcpkix-jdk15on-152.jar and bcprov-jdk15on-152.jar in the signapk folder and run
Code:
javac -cp .:./bcprov-jdk15on-152.jar:./bcpkix-jdk15on-152.jar SignApk.java
echo "Main-Class: SignApk" > manifest.txt
jar cvfm SignApk.jar manifest.txt SignApk.java
make directory com/android/signapk/ and move in all the *.class files and the SignApk.jar
Code:
java -cp .:./bcprov-jdk15on-152.jar:./bcpkix-jdk15on-152.jar com.android.signapk.SignApk /path/to/key.x509.pem /path/to/key.pk8 ../original.zip ../signed.zip
I just replaced the recovery in the OTA with the recovery with my keys from earlier, then rezipped it before signing. And after starting sideloading I noticed I left the "-w" option off the signing command, so I made another file with "-w".
Sideloaded with:
Code:
adb reboot recovery
(then volume down to select apply update from ADB)
adb sideload signed.zip
Then saw:
loading: 'update.zip'
sending: 'update.zip' <completion percent>
(might have to do some adb stopping/starting or adb usb beforehand to make it work, I was getting "error: closed" at first. If it just sits on "loading" something's wrong, as I found out last night when I waited hours for "loading" to turn into something else.)
After the file finished uploading, In terminal I got the response "* failed to write data 'protocol fault (couldn't read status): Success' *"
And on the device I got (for a few seconds before it showed only the sad robot on its back). Then after a couple minutes it rebooted back into recovery.
E: Footer is wrong
E: Footer is wrong
E: Signature verification failed
Installation aborted
So I tried again, but this time selected the option to wipe the cache before adb sideload. Then I tried again, using the update.zip that I forgot to add the "-w" option when signing. So far all fails.
I have no idea if the issue is how the recovery was flashed or what, so I'm doing it manual...
Code:
adb shell
su
#first backup current recovery
dd if=/dev/block/mmcblk0p10 of=/sdcard/recoverybk.img
adb pull /sdcard/recoverybk.img
# now push and dd my signed recovery
adb push /sdcard/recovery.img
dd if=/sdcard/recovery.img of=/dev/block/mmcblk0p10
And still having the same signature verification issue.
Edit: I went back and unpacked the recovery I pulled off the device (unpackbootimg), and it looks like somehow I managed to run mkbootimg with the old ramdisk image.
New problem with the new recovery: "E:failed to load keys". Maybe it had something to do with using ec keys just for funsies. So I remade the keys with the default, redumped into the ramdisk image, rebuild/reflashed recovery, resigned the update.zip. Now it's back to the "footer is wrong, signature verification failed" error.
But this is still trying to use the OTA 4.4.something update, not a full ROM. What's it do with Cyanogen?
First attempt: Download Cyanogen and sideload it (unmodified)
E:failed to verify whole-file signature
E:signature verification failed
Ok, expected behavior, it's not signed with my keys.
Attempt 2: sign Cyanogen with my keys and sideload it
Install from ADB complete!! Success!!
@user0002,
great thread! have you considered assembling a toolkit/suite for this process?
Thanks.
m
moonbutt74 said:
@user0002,
great thread! have you considered assembling a toolkit/suite for this process?
Thanks.
m
Click to expand...
Click to collapse
Hmmm... that's a good idea.