Good evening all!!
Well after two days of hitting my head against the wall I decided to ask for help.. typical guy here!!
Problem: when using the blobtools to create a boot blob it soft bricks my transformer. No idea why.
Objective: Create a bootable boot blob with init.rc changes
Steps token to create the boot blob:
::Tools Used::
- BlobTools created by RaYmAn
- BootTools created by RaYmAn
::Blob used:: Stock kernel provided by clemsyn ( h t t p : / / w w w . megaupload.com/?d=GSIHUPJ6 ) kernelblob
1. After compiling blobtools I used "blobunpack" to unpack my blob
Code:
./blobunpack /home/mike/Android/kernelblob
Once done it produced "kernelblob.HEADER" and "kernelblob.LNX"
2. After compiling boottools I used "bootunpack" to unpack "kernelblob.LNX"
Code:
./bootunpack /home/mike/Android/kernelblob.LNX
Which produced "kernelblob.LNX-kernel.gz" and "kernelblob.LNX-ramdisk.cpio.gz"
3. Then I uncompressed "kernelblob.LNX-ramdisk.cpio.gz"
Code:
gunzip -c /home/mike/Android/kernelblob.LNX-ramdisk.cpio.gz | cpio -i
Which produced the initramfs. Made my changes to init.rc
4. Re-created ramdisk using this command
Code:
find . | cpio -o -H newc | gzip > ../newkernelblob.LNX-ramdisk.cpio.gz
5. Then re-create kernelblob.LNX (boot.img) with mkbootimg
Code:
mkbootimg --cmdline 'no_console_suspend=1 console=null' --kernel kernelblob.LNX-kernel.gz --ramdisk newkernelblob.LNX-ramdisk.cpio.gz -o newkernelblob.LNX
6. re-created blob using blobpack
Code:
./blobpack kernelblob.HEADER boot_blob LNX newkernelblob.LNX
Example provided by RaYmAn
Code:
./blobpack blobname.HEADER outputfile LNX boot.img
Then I try to flash the new boot_blob but after I reboot it just gets stuck on the ASUS screen...
Thanks for taking the time to read this and help me!!!! Hope this will help others
Just to note:: Even if I do not make changes to init.rc it still does not boot which tells me it might have something to do with the way I'm repacking the blob..... Thanks again for anyones help!!!
Anyone?????
trying to keep the thread alive.... I've tried with the offical blob too. No luck!
I am running ubuntu 64-bit with jdk installed!
The problem is the fact that you pass a cmdline to the mkbootimg command.
On most tegra2 based devices, the cmdline is passed by the bootloader UNLESS the boot.img has a cmdline. Your cmdline is obviously wrong for a tegra2 device, so it never boots.
Hi guys! I want to know how to have root permission on my Htc Hd Mini with NAND ROM CM9 RC2...
Thanks!
Repack boot.img, repack initrd and edit default.prop (change ro.secure=1 to ro.secure=0), pack initrd than pack boot.img again...done
munjeni said:
Repack boot.img, repack initrd and edit default.prop (change ro.secure=1 to ro.secure=0), pack initrd than pack boot.img again...done
Click to expand...
Click to collapse
Ok...so after I must to reinstall the rom?
fra18061988 said:
Ok...so after I must to reinstall the rom?
Click to expand...
Click to collapse
No! Just install only boot.img
Can you edit boot.img for me? I haven't software to unpack .img...is impossible for me...
My boot.img is attached in this post...
Thank you so much!!!!
You can do it using your recovery!
Procedure:
reboot to recovery
installing tools:
adb push unpackbootimg /
adb push mkbootimg /
adb push mkbootfs /
adb shell chmod 6755 /unpackbootimg
adb shell chmod 6755 /mkbootimg
adb shell chmod 6755 /mkbootfs
unpacking boot.img:
adb push boot.img /tmp/
adb shell
cd /tmp
/unpackbootimg -i boot.img
mkdir initr
cd initr
ls ../
gunzip < ../boot.img-ramdisk.gz | cpio -i --make-directories
cd ..
edit default.prop that is located in /tmp/initr (you can do it by adb push and adb pull... just for idea)!
/mkbootfs ./initr | gzip > initrd.gz
/mkbootimg --kernel boot.img-zImage --ramdisk initrd.gz --cmdline 'no_console_suspend=1 console=null' --base 0x12c00000 -o new_boot.img
and you are done, press ctrl+c to exit from adb, than:
adb pull /tmp/new_boot.img
Or if you want to install new boot.img:
adb push new_boot.img /
adb shell
erase_image boot
flash_image boot /new_boot.img
To repack boot.img I used Cygwin...but in default.prop, "ro.secure" is already set to ro.secure=0 ...see below
#
# ADDITIONAL_DEFAULT_PROPERTIES
#
ro.secure=0
ro.allow.mock.location=0
ro.debuggable=1
persist.sys.usb.config=adb
So...root permission are on CM9 RC2
My big problem was to move applications like Facebook, Google Play etc...on SD Card. I solved the problem with Titanium Backup and Link2SD...
I think I've found a way to root tf300. I'm sorry but it does require unlook. It works for me.
Short story: update asus blob with su.
Warning: Do not update to jelly bean from official asus updates unless you want to lost the option to restore. Set up nvflash first!
Warning #2: Do not unlock! I have to find a knew way.
For those who have made the same mistake as I (installing jelly bean) here is a guide to root.
Requirements: Windows with fastboot / Linux if you can run fastboot and a lot of time
Tools (I haven't found an official qemu.exe and it's tricky to compile that):
-blobunpack and blobupdate
-qemu emulator with a minimalistic linux (bzimage initramfs) where android su is on /root
-fastboot
-official asus firmware blob (asus website)
For windows users:
Unzip all to a directory. Unzip blob twice.
Get blob.APP:
Code:
blobunpack blob APP
Now start Linux:
Code:
qemu -kernel bzImage -initrd initramfs -hda blob.APP
After booting you are in a Linux shell. Run:
Code:
mkdir /mnt
mount -t ext4 /dev/sda /mnt
cp su /mnt/xbin/su
umount /mnt
Close it and run:
Code:
blobupdate blob APP blob.APP
You can transfer the file in fastboot mode:
Code:
fastboot flash system blob
For Linux these steps are much simplier and you don't need qemu:
Code:
$ make
$ chmod 6755 su
$ ./blobunpack blob APP
$ mkdir mnt
$ su
# mount -t ext4 blob.APP mnt
# cp su mnt/xbin/su
# umount mnt
# exit
$ rmdir mnt
$ ./blobupdate blob APP blob.APP
You can download su binary from http://forum.xda-developers.com/showthread.php?t=1704209 and http://db.tt/FBUNeVmo . I don't know if you can run fastboot.
Does the tf300 require a unlocked bootloader?
xSvenHD said:
Does the tf300 require a unlocked bootloader?
Click to expand...
Click to collapse
please read the 1st line of the thread.
Sorry i was reading it fast.
Is this brick free?
Sorry for my bad English Sent From My TF300
Can anyone confirm this?
And does it stay root or do you need an app for su?
grlks said:
Code:
qemu -kernel bzImage -initrd initrd -hda blob.APP
Click to expand...
Click to collapse
This command is not working.Qemu doesn`t start.Maybe wrong linux kernel or some parameters.
UPD:initrd is missing.Only initramfs.
UPD2:Seems like included Linux is corrupted.Can`t get it to work.
UPD3:The whole instruction is a trolling.I can`t mount blob.APP.And string "-hda blob.APP" doesn`t have any sense,because u need a bootable linux image to run qemu,otherwise it will show only bios.And when i `ve booted,i can`t mount blob.app.
OP is a ******.Need another instructions.I have lost 4 hours.
grlks said:
Code:
blobunpack blob APP
Know start Linux:
Code:
qemu -kernel bzImage -initrd initrd -hda blob.APP
After booting you are in a Linux shell. Run:
Code:
mount -t ext4 /dev/sda /mnt
cp su /mnt/xbin/su
poweroff
If it has shuted down update blob:
Code:
blobupdate blob APP blob.APP
You can transfer the file in fastboot mode:
Code:
fastboot flash system blob
Click to expand...
Click to collapse
What I have to do to get updated blob file (I don't have with me the Asus' wire to test the fastoot (last command)) :
Code:
qemu -kernel bzImage -initrd [COLOR="Red"]initramfs[/COLOR] -hda blob.APP
After booting you are in a Linux shell. Run:
Code:
[COLOR="Red"]mkdir /mnt
[/COLOR]mount -t ext4 /dev/sda /mnt
cp [COLOR="Red"]/[/COLOR]su /mnt/xbin/su
[COLOR="Red"]umount /mnt[/COLOR]
poweroff
The poweroff command above didn't work, I kill the quemu proccess after umount /mnt .
If it has shuted down update blob:
Code:
blobupdate blob APP blob.APP
I will try fastboot this afternoon or tomorow.
xSvenHD said:
Sorry i was reading it fast.
Is this brick free?
Click to expand...
Click to collapse
If you downloaded the correct blob file from asus.
It does not require extra tools on android (it will replace any custom recovery with the original SOS / recovery partition).
MantusRus said:
This command is not working.Qemu doesn`t start.Maybe wrong linux kernel or some parameters.
UPD:initrd is missing.Only initramfs.
UPD2:Seems like included Linux is corrupted.Can`t get it to work.
UPD3:The whole instruction is a trolling.I can`t mount blob.APP.And string "-hda blob.APP" doesn`t have any sense,because u need a bootable linux image to run qemu,otherwise it will show only bios.And when i `ve booted,i can`t mount blob.app.
OP is a ******.Need another instructions.I have lost 4 hours.
Click to expand...
Click to collapse
The bootable Linux image is bzImage and initramfs. Sorry for wasting your time.
grlks said:
I think I've found a way to root tf300. There is no unlook required. It works for me.
Short story: update asus blob with su.
Warning: Do not update to jelly bean from official asus updates unless you want to lost the option to restore. Set up nvflash first!
For those who have made the same mistake as I (installing jelly bean) here is a guide to root.
Requirements: Windows with fastboot / Linux if you can run fastboot and a lot of time
Tools (I haven't found an official qemu.exe and it's tricky to compile that):
-blobunpack and blobupdate
-qemu emulator with a minimalistic linux (bzimage initramfs) where android su is on /root
-fastboot
-official asus firmware blob (asus website)
Unzip all to a directory. Unzip blob twice.
Get blob.APP:
Code:
blobunpack blob APP
Now start Linux:
Code:
qemu -kernel bzImage -initrd initramfs -hda blob.APP
After booting you are in a Linux shell. Run:
Code:
mkdir /mnt
mount -t ext4 /dev/sda /mnt
cp su /mnt/xbin/su
umount /mnt
Close it and run:
Code:
blobupdate blob APP blob.APP
You can transfer the file in fastboot mode:
Code:
fastboot flash system blob
For Linux these steps are much simplier:
Code:
$ chmod 6755 su
$ ./blobunpack blob APP
$ mkdir mnt
$ su
# mount -t ext4 blob.APP mnt
# cp su mnt/xbin/su
# umount mnt
$ rmdir mnt
$ ./blobupdate blob APP blob.APP
You can download su binary from http://forum.xda-developers.com/showthread.php?t=1704209 and http://db.tt/FBUNeVmo . I don't know if you can run fastboot.
Click to expand...
Click to collapse
Hello!
Which qemu are you using?
I installed the package from the official fedora repos, I don't have "qemu" alone and "qemu-arm" was not exactly working with the arguments you gave us..
Thanks for the help
edit:
Here an exception thrown when trying to run qemu-system-arm,
I don't know if the problem comes from a wrong usage of the command or if something went wron in the blob unpack...
qemu-system-arm -kernel bzImage -initrd initramfs -hda blob.APP
qemu: fatal: Trying to execute code outside RAM or ROM at 0xff91c756
R00=00000000 R01=00000113 R02=00000100 R03=00000000
R05=00000000 R06=00000000 R07=00000000
R08=00000000 R09=00000000 R10=00000000 R11=00000000
R12=00000000 R13=00000000 R14=00010010 R15=ff91c756
PSR=400001f3 -Z-- T svc32
Click to expand...
Click to collapse
aachour said:
Hello!
Which qemu are you using?
I installed the package from the official fedora repos, I don't have "qemu" alone and "qemu-arm" was not exactly working with the arguments you gave us..
Thanks for the help
Click to expand...
Click to collapse
qemu-system-i386 but for linux see the buttom. Linux can mount blob.APP if it has loopback support. You just need qemu for windows.
grlks said:
qemu-system-i386 but for linux see the buttom. Linux can mount blob.APP if it has loopback support. You just need qemu for windows.
Click to expand...
Click to collapse
Hej!
Thanks a lot
I thought you had to emulate an arm cpu to run the image.
Thanks again!
Any idea how to mount the tablet in linux while in fastboot mode?
I set the rule :
Code:
SUBSYSTEM=="usb", SYSFS{idVendor}=="0b05", MODE="0666", OWNER="aachour"
in /etc/udev/rules.d/51-android.rules
but this doesn't seem to change anyhing, fastboot wait for the device
I've been searching but didn't find any different rule...
thanks!
The most interesting question-how to fastboot it wit the locked bootloader?It`s "waiting for device" for me.
MantusRus said:
The most interesting question-how to fastboot it wit the locked bootloader?It`s "waiting for device" for me.
Click to expand...
Click to collapse
You have to install the drivers for tf300.
grlks said:
Code:
fastboot flash system blob
Click to expand...
Click to collapse
Fastboot returns :
Code:
writing 'system'.... failed (remote: (InvalidState))
Apparently due to the locked bootloader.
If someone got an idea ?
RaS_KoR said:
Fastboot returns :
Code:
writing 'system'.... failed (remote: (InvalidState))
Apparently due to the locked bootloader.
If someone got an idea ?
Click to expand...
Click to collapse
Same here.I think it`s a dead end.
Problems with locked bootloader
I was wrong. You can't flash with fastboot on locked bootloaders. I am sorry for all those testing it. I will fix it!
grlks said:
I was wrong. You can't flash with fastboot on locked bootloaders. I am sorry for all those testing it. I will fix it!
Click to expand...
Click to collapse
Yeah, that would be awesome
Thanks for all your efforts!
Does it is possible to re-zip the modified blob into the original Asus's zip and install it with a Sd card ?
Hello to everyone,
I'm trying to boot my Nexus 10 with another kind of kernel version,because I'm not interested to use the Android kernel,but the Ubuntu pure kernel. I've chosen to use the linux-kvm-arm kernel version 3.13 :
These are the commands that I have used :
git clone git://github.com/virtualopensystems/linux-kvm-arm.git
cd linux-kvm-arm
git checkout origin/chromebook-3.13 -b chromebook-3.13
curl http://www.virtualopensystems.com/downloads/guides/kvm_on_chromebook/config > .config
and then I've added these lines to the .config file :
CONFIG_ANDROID=y
CONFIG_ANDROID_BINDER_IPC=y
CONFIG_ASHMEM=y
CONFIG_ANDROID_LOGGER=y
CONFIG_ANDROID_PERSISTENT_RAM=y
CONFIG_ANDROID_RAM_CONSOLE=y
CONFIG_ANDROID_TIMED_OUTPUT=y
CONFIG_ANDROID_TIMED_GPIO is not set
CONFIG_ANDROID_LOW_MEMORY_KILLER=y
CONFIG_ANDROID_SWITCH is not set
CONFIG_ANDROID_INTF_ALARM is not set
CONFIG_FB_TILEBLITTING=y
CONFIG_PHONE is not set
CONFIG_USB_WPAN_HCD is not set
CONFIG_WIMAX_GDM72XX is not set
CONFIG_ARM_PLATFORM_DEVICES=y
CONFIG_ARM_CHROMEOS_FIRMWARE=y
CONFIG_CHROMEOS=y
CONFIG_CHROMEOS_VBC_BLK=y
CONFIG_CHROMEOS_VBC_EC=y
CONFIG_CHROMEOS_RAMOOPS_RAM_START=0x41f00000
CONFIG_CHROMEOS_RAMOOPS_RAM_SIZE=0x00100000
CONFIG_CHROMEOS_RAMOOPS_RECORD_SIZE=0x00020000
CONFIG_CHROMEOS_RAMOOPS_DUMP_OOPS=0x1
CONFIG_CLKDEV_LOOKUP=y
and then I did :
ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- make uImage dtbs
from here I've followed the tutorial that I've found here :
http://forum.xda-developers.com/showthread.php?t=1981788
and here :
http://forum.xda-developers.com/showthread.php?t=1981788&page=2
mkdir -p newkernel
cd newkernel
wget -c https://dl.google.com/dl/android/aosp/mantaray-kot49h-factory-174ba74f.tgz
tar xvzf mantaray-kot49h-factory-174ba74f.tgz
cd mantaray-kot49h
unzip image-mantaray-kot49h.zip
wget -c http://android-serialport-api.googlecode.com/files/getramdisk.py
chmod +x getramdisk.py
./getramdisk.py boot.img --> ramdisk.img
wget -c http://android-serialport-api.googlecode.com/files/android_bootimg_tools.tar.gz
tar xvf android_bootimg_tools.tar.gz
./mkbootimg --kernel ../../linux-kvm-arm/arch/arm/boot/zImage --ramdisk ramdisk.img --cmdline bootimg.cfg -o new-boot.img
fastboot flash boot new-boot.img
I think that something is wrong here,because it is not able to boot....I see a black screen and nothing else happens...
Hi,
probably too simple, but:
How does your .config look?
Did the curl actually work? (I ask because I tried your URL and it didn't work for me).
Did you actually compile a guest kernel too and boot it?
Special ChromeOS suupport does not exist in that branch.
Keep up the work, if you succeed booting linux, I got a prize for you.
Don't take it wrong, I'm just too bored of the tablet as it is now.
Wejgomi
Hello,
I am trying to edit the boot.img (modified to not force encrypt the userdata) of my device.
I extracted the boot image with umkbootimage and then I extracted the initramfs with the following command:
Code:
gunzip -c ../initramfs.cpio.gz | cpio -i
Then i repacked the ramfs with the command (without changing nothing):
Code:
find . | cpio -o -H newc | gzip > ../new-ramdisk.cpio.gz
Finally, I repacked the boot image with mkbootimg and the following arguments:
Code:
mkbootimg --kernel zImage --ramdisk new-ramdisk.cpio.gz --base 0x0 --ramdisk_offset 0x002000000 --tags_offset 0x01e00000 --cmdline 'androidboot.hardware=angler androidboot.console=ttyHSL0 msm_rtb.filter=0x37 ehci-hcd.park=3 lpm_levels.sleep_disabled=1 boot_cpus=0-3' --pagesize 4096 -o new_boot.img
The new boot image won't boot up. When I use the original initramfs to create the boot image, everything works great.
Another issue is that after the repacking the size of the initramfs changed.
Someone have any idea what should I do?
@batman1010 you need that