Related
Hi,
For countless times I've downloaded the tools found on this thread and tried to create my own unsecure boot.img file, but I can ever make it work. Every time I do, the boot process freezes on the boot screen.
Basically, I unpack boot.img using unpack_bootimg.pl, do the apropriate changes to default.pro, repack it with repack_bootimg.pl and then use the new boot.img.
What am I missing?
Nazgulled said:
Hi,
For countless times I've downloaded the tools found on this thread and tried to create my own unsecure boot.img file, but I can ever make it work. Every time I do, the boot process freezes on the boot screen.
Basically, I unpack boot.img using unpack_bootimg.pl, do the apropriate changes to default.pro, repack it with repack_bootimg.pl and then use the new boot.img.
What am I missing?
Click to expand...
Click to collapse
Send me a link of the one you are trying to root and I will see what I can do
Thanks but I don't want you to root it, I already have a rooted version of this specific ROM. I want to be able to do it myself...
I have a feeling the mkbootimg i'm using is outdated, can someone share a recent version so I can try it out?
Are you correctly using the base address? 0x19200000
adwinp said:
Are you correctly using the base address? 0x19200000
Click to expand...
Click to collapse
What do you mean? Care to be more specific?
Nazgulled said:
What do you mean? Care to be more specific?
Click to expand...
Click to collapse
He means: mkbootimg --kernel boot.img-kernel --ramdisk ramdisk-boot --cmdline "no_console_suspend=1 console=null" -o newBoot.img --base 0x19200000
Well, I'm using the repack_bootimg.pl and from what I can see on that script, that --base parameter is not used. I'll try it and see how it goes...
Just so I know, that 0x19200000 address is specific to the Hero boot or it should be used for any ROM boot.img file?
Nazgulled said:
Well, I'm using the repack_bootimg.pl and from what I can see on that script, that --base parameter is not used. I'll try it and see how it goes...
Just so I know, that 0x19200000 address is specific to the Hero boot or it should be used for any ROM boot.img file?
Click to expand...
Click to collapse
Yes that is the full command for the hero boot.
It worked
Thank you all...
I've put together a tool undoing what mkbootimg does. There are other tools splitting a boot image into the
kernel and root file system, but I didn't find any extracting the command line and base addresses, so I wrote this one.
It handles plain boot images as well as boot images embedded in larger filer, e.g. update-images.
Code:
$ unmkbootimg boot.img
Kernel size 2419636
Kernel address 0x20008000
Ramdisk size 152656
Ramdisk address 0x21000000
Secondary size 0
Secondary address 0x20f00000
Kernel tags address 0x20000100
Flash page size 2048
Board name is ""
Command line "no_console_suspend=1"
This image is built using standard mkbootimg
Extracting kernel to file zImage ...
Extracting root filesystem to file initramfs.cpio.gz ...
All done.
---------------
To recompile this image, use:
mkbootimg --kernel zImage --ramdisk initramfs.cpio.gz --base 0x20000000 --cmdline 'no_console_suspend=1' -o new_boot.img
---------------
$ ls -l
totalt 5044
-rw-r--r-- 1 kuisma kuisma 2576384 9 sep 09.44 boot.img
-rw-r--r-- 1 kuisma kuisma 152656 9 sep 09.44 initramfs.cpio.gz
-rw-r--r-- 1 kuisma kuisma 2419636 9 sep 09.44 zImage
Version 1.2 - Support for embedded boot images
Version 1.1 - Support for non-standard mkbootimg images.
Version 1.0 - Initial release.
Including a gziped binary for GNU/Linux in this post (32 bit, linked static). Download, unzip, make sure it is executable.
If running on a 64bit machine, make sure you've got the ia32-libs installed to be able to run 32bit binaries.
Great Tool........ i Always use it..........Thanks For Share
I've updated unmkbootimg. Now it detects and warns if the boot.img is built using a non-standard mkbootimg, and tells you how to patch it.
$ unmkbootimg samsung-boot.img
Kernel size 4905092
Kernel address 0x40408000
Ramdisk size 893395
Ramdisk address 0x41800000
Secondary size 0
Secondary address 0x41300000
Kernel tags address 0x40400100
Flash page size 2048
Board name is ""
Command line "androidboot.hardware=qcom msm_watchdog.appsbark=0 msm_watchdog.enable=1 loglevel=4"
*** WARNING ****
This image is built using NON-standard mkbootimg!
OFF_RAMDISK_ADDR is 0x01400000
Please modify mkbootimg.c using the above values to build your image.
****************
Extracting kernel to file zImage ...
Extracting root filesystem to file initramfs.cpio.gz ...
All done.
---------------
To recompile this image, use:
mkbootimg --kernel zImage --ramdisk initramfs.cpio.gz --base 0x40400000 --cmdline 'androidboot.hardware=qcom msm_watchdog.appsbark=0 msm_watchdog.enable=1 loglevel=4' -o new_boot.img
---------------
Click to expand...
Click to collapse
Thank you for your tool my friend
Though I have one question regarding this:
--cmdline 'no_console_suspend=1'
Click to expand...
Click to collapse
When I attempt to compile kernel from source, Sony said in the read me file that memory layout and other stuff are passed to kernel via cmdline. I do that just like it's written in the cmdline I quoted?! because I want to use the latest kernel source with an existing zRam but i'm unable to make the newly compiled kernel to boot because I am unable to pass arguments via cmdline on boot :crying:
DeepUnknown said:
Thank you for your tool my friend
Though I have one question regarding this:
When I attempt to compile kernel from source, Sony said in the read me file that memory layout and other stuff are passed to kernel via cmdline. I do that just like it's written in the cmdline I quoted?! because I want to use the latest kernel source with an existing zRam but i'm unable to make the newly compiled kernel to boot because I am unable to pass arguments via cmdline on boot :crying:
Click to expand...
Click to collapse
As far as I know, Sony passes all important parameters via kernel ATAGs, not command line.
kuisma said:
As far as I know, Sony passes all important parameters via kernel ATAGs, not command line.
Click to expand...
Click to collapse
I'm sorry I wasn't clear in the previous comment, here is what Sony mentioned:
In the official SW the following command line arguments are given
to the kernel:
cachepolicy=writealloc
noinitrd
init=init
board_id=1
logo.nologo
root=/dev/ram0
rw
rootwait
console=ttyAMA2,115200n8
androidboot.console=ttyAMA2
androidboot.hardware=st-ericsson
<memory layout>
mpcore_wdt.mpcore_margin=359
Click to expand...
Click to collapse
I'm sorry I went out of subject but I was using tools like yours to get zRam from other boot.img file.
Very nice tool, thanks for sharing.
unmkbootimg as of version 1.2 now supports embedded boot images, e.g. a boot image embedded deep in an update.img file.
$ unmkbootimg update.img
unmkbootimg version 1.2 - Mikael Q Kuisma <[email protected]>
File update.img not a plain boot image, seeking for embedded image ... found!
Kernel size 8073252
Kernel address 0x60408000
Ramdisk size 6380372
Ramdisk address 0x62000000
Secondary size 0
Secondary address 0x60f00000
Kernel tags address 0x60088000
Flash page size 16384
Board name is ""
Command line ""
*** WARNING ****
This image is built using NON-standard mkbootimg!
OFF_KERNEL_ADDR is 0x00380100
OFF_RAMDISK_ADDR is 0x01F78100
OFF_SECOND_ADDR is 0x00E78100
Please modify mkbootimg.c using the above values to build your image.
****************
Extracting kernel to file zImage ...
Extracting root filesystem to file initramfs.cpio.gz ...
All done.
---------------
To recompile this image, use:
mkbootimg --kernel zImage --ramdisk initramfs.cpio.gz --base 0x60087f00 --pagesize 16384 -o new_boot.img
---------------
$ ls
initramfs.cpio.gz update.img zImage
$
Click to expand...
Click to collapse
kuisma said:
unmkbootimg as of version 1.2 now supports embedded boot images, e.g. a boot image embedded deep in an update.img file.
Click to expand...
Click to collapse
Thanks for the update, very cool feature.
Can not extract zImage?
Could you check why I Can not extract zImage from this Kernel:
http://forum.xda-developers.com/showpost.php?p=37909023&postcount=56
mafamafa said:
Could you check why I Can not extract zImage from this Kernel:
http://forum.xda-developers.com/showpost.php?p=37909023&postcount=56
Click to expand...
Click to collapse
It's because it's not an Android boot image, but a Rockchip specific kernel image file.
Hi, could you please post the source here or upload in github or similar and provide the link. That will be much better.
Sent from my Amazon Kindle Fire HD using xda app-developers app
jeevas.v said:
Hi, could you please post the source here or upload in github or similar and provide the link. That will be much better.
Click to expand...
Click to collapse
Why? It's a trivial hack, and if you're a programmer, you'll put one together in minutes anyway.
So, no.
That is very bad and unethical. It is not a question of I or somebody can do it. Even it violates many things by saying no. What a pathetic situation.
Sent from my Amazon Kindle Fire HD using xda app-developers app
jeevas.v said:
That is very bad and unethical. It is not a question of I or somebody can do it. Even it violates many things by saying no. What a pathetic situation.
Click to expand...
Click to collapse
Say what? I'm providing the community a useful software for free - and you blame me for being unethical? :laugh:
I'm saying that you are using Foss as you like and hesitating to publish even a trivial change that you made. How can the community trust your binaries unless they don't have the source. What kind of mindset is that? Have you ever read GPL?
What do you think you are doing? Social service the Microsoft way? What a joke!
Sent from my Amazon Kindle Fire HD using xda app-developers app
jeevas.v said:
I'm saying that you are using Foss as you like and hesitating to publish even a trivial change that you made. How can the community trust your binaries unless they don't have the source. What kind of mindset is that? Have you ever read GPL?
What do you think you are doing? Social service the Microsoft way? What a joke!
Click to expand...
Click to collapse
GPL? My code is written from scratch, and is not a subject of GPL whatsoever.
You, my friend, are making a fool of your self. Please, don't let me hinder you.
I am trying to spread the awareness against the closed source behaviour and I hope I achieved that in whatever miniscule way.
I don't care about your binary or code but thought of asking you to know if you are intentionally not giving the source by giving just the 32bit binaries. Anyway so now everyone knows...
Sent from my Amazon Kindle Fire HD using xda app-developers app
how to build Rockchip specific kernel image file?
kuisma said:
It's because it's not an Android boot image, but a Rockchip specific kernel image file.
Click to expand...
Click to collapse
Can you tell how to build Rockchip specific kernel image file - or where to loog for that information?
mafamafa said:
Can you tell how to build Rockchip specific kernel image file - or where to look for that information?
Click to expand...
Click to collapse
I have no idea whatsoever how Rocketchip manages its boot images.
I've just got a new Samsung Galaxy TAB A 7.0 LTE SM-T285, For some reason I can't seem to find any resources for this hardware yet in this forum, anyone know where I could find one? I'll try to find out if the current methods (custom recovery and root) for other tab versions work on this.
CUSTOM ROMS
============
Android 5.1.1 Lollipop (Stock)
Tinker V5 Edition based on the Samsung Stock Rom SM-T280/T285
Android 6.0 Marshmallow
Cyanogenmod 13 for the SM-T285 Only
OMNIRom for the SM-T285 Only
Android 7.1 Nougat
Cyanogenmod 14.1 for the SM-T285 Only (Experimental, things are broken, depcrated in favor of LOS 14.1)
LineageOS 14.1 for the SM-T285 Only
Other Operating systems
Porting for Sailfish OS is currently in progress for the SM-T285, stay tuned
TWRP RECOVERY AND ROOT
=======================
TWRP is available for both the T280 and T285. You should find the relevant threads in this Galaxy Tab A forum.
If you want to root stock, easiest way is to install TWRP and go for SuperSU. Please see the TWRP threads for SM-T280/T285 on how to root after TWRP is installed.
KERNEL
======
Custom kernel with working sources for the SM-T285 can be found Here
DEVELOPMENT
============
If you want to build LineageOS 14.1 on your SM-T285 LTE device, you can use this manifest, not that this is still a work in progress:
https://github.com/jedld/android.git
UPDATE 10/06/2016
================
After a couple of weeks of trial and error and tinkering, I've been able to compile a kernel for the SM-T285 from source and so far it seems to work flawlessly!
Screenshot here: http://imgur.com/a/HRgsq
link to my kernel sources here: https://github.com/jedld/kernel_samsung_gtexslte.git
You can also thank samsung for giving us a "broken by default" kernel source. I had to mix and match defconfigs from their other kernel releases just to make this thing work. Download modified boot.img here:
http://forum.xda-developers.com/galaxy-tab-a/development/kernel-galaxy-tab-7-0-2016-lte-sm-t285-t3474967
UPDATE 09/20/2016
================
This device is now ROOTED!
http://forum.xda-developers.com/galaxy-tab-a/help/resources-samsung-galaxy-tab-7-0-2016-t3431022/post68777842#post68777842
Download Pre-rooted Tinker Edition V5 in this thread: Tinker Edition Thread
Post Root Post Mortem Analysis for the SM-T285 (09/21/2016)
=========================
Q: How were you able to find root? What did you do?
A: Surprisingly the SM-T285 bootloader isn't actually locked like we thought it was (Once you OEM unlock of course and disable FRP). The bottomline is that
we simply needed patches to mkbootimg to properly package a boot image for this device as there were additional fields and sections not found on a normal boot image. There were even minor breaking difference between the tab 4 and the boot image for this device.
Q: I thought the bootloader was locked?? Why did it take so long?
A: I blame it on the really vague errors the bootloader shows when loading an improperly packaged boot image. What helped was my faith to open up a hex editor when I needed to, and really look at the stock images and the images we were making. What really pushed me to investigate further was the fact that I was able to make a really small modification to the ramdisk and use the abootimg -u update function instead of the create options.
Q: So the bootloader doesn't really check the image?
A: Yup, The bootloader doesn't do any check. I haven't checked if that is the case for the recovery partition though. Even without the SELINUXENFORCE headers at the end it still continues like other samsung devices do.
Q: So the mkbootimg patches are all that we need?
A: Yup, if you have CM, AOSP build env ready you can simply add the modified mkbootimg to system/core:
https://github.com/jedld/degas-mkbootimg/commit/b63ae38e2ab7040cc7ddaef777652a56b2e48322
Sample usage below:
Code:
degas-mkbootimg -o boot.img --base 0 --pagesize 2048 \
--kernel boot.img-zImage --cmdline "console=ttyS1,115200n8" --ramdisk boot_kitchen/boot.img-ramdisk-new.gz --dt boot.img-dt
Next challenge will be getting Cyanogenmod on this device as well as TWRP.
You won't because it has a locked bootloader, therefore not currently rootable and certainly no custom recovery.
jaritico said:
any idea to unlock bootloader?
Click to expand...
Click to collapse
Not unless Samsung provides one.
jaritico said:
any idea to unlock bootloader?
Click to expand...
Click to collapse
Probably no hope for root. the PIT, boot and recovery are basically untouchable, selinux enforcing enabled also does not help. You can still debloat and customize the system partition though:
http://forum.xda-developers.com/android/development/guide-samsung-galaxy-tab-7-0-sm-t285-t3438296
I'm working on getting CM 12.1 to run on this device.
jedld said:
Probably no hope for root. the PIT, boot and recovery are basically untouchable, selinux enforcing enabled also does not help. You can still debloat and customize the system partition though:
http://forum.xda-developers.com/android/development/guide-samsung-galaxy-tab-7-0-sm-t285-t3438296
I'm working on getting CM 12.1 to run on this device.
Click to expand...
Click to collapse
Yes at least the saving grace is that Samsung left Dm-verity off for this device.
If only they'd have left out the root restriction in the kernel too we'd have a rootable device.
I have an idea for this that I haven't tried yet.
Basically Samsung sends out security Policy updates via OTA, they recently released an SEPOLICY update to most devices breaking root. Chainfire patched this.
As this policy is stored in DATA and over rides the one in the boot.img it may be possible to use a patched SEPOLICY by creating a flashable DATA image with the patched SEPOLICY thereby removing the SElinux root restriction.
I ran it by Chainfire and he said in theory it should work except for that fact that the SEPOLICY in DATA is signed.
I have yet to try this out.
I think it would be difficult to get CM running as the kernel may need some patches and as we know that can't be touched.
ashyx said:
Yes at least the saving grace is that Samsung left Dm-verity off for this device.
If only they'd have left out the root restriction in the kernel too we'd have a rootable device.
I have an idea for this that I haven't tried yet.
Basically Samsung sends out security Policy updates via OTA, they recently released an SEPOLICY update to most devices breaking root. Chainfire patched this.
As this policy is stored in DATA and over rides the one in the boot.img it may be possible to use a patched SEPOLICY by creating a flashable DATA image with the patched SEPOLICY thereby removing the SElinux root restriction.
I ran it by Chainfire and he said in theory it should work except for that fact that the SEPOLICY in DATA is signed.
I have yet to try this out.
I think it would be difficult to get CM running as the kernel may need some patches and as we know that can't be touched.
Click to expand...
Click to collapse
I ran it by Chainfire and he said in theory it should work except for that fact that the SEPOLICY in DATA is signed.
I have yet to try this out.
Click to expand...
Click to collapse
Would probably need to brush up on se policies in linux. If there are already files available that I just need to flash over to /data I can try it out and also a means to test it if it works.
I've created a petition here:
https://www.change.org/p/samsung-unlock-the-bootloader-for-the-samsung-galaxy-tab-a-7-0-2016?recruiter=286570213&utm_source=petitions_show_components_action_panel_wrapper&utm_medium=copylink&recuruit_context=copylink_long
Not sure if samsung is the type that listens to this sort of thing though.
ashyx said:
As this policy is stored in DATA and over rides the one in the boot.img it may be possible to use a patched SEPOLICY by creating a flashable DATA image with the patched SEPOLICY thereby removing the SElinux root restriction.
I ran it by Chainfire and he said in theory it should work except for that fact that the SEPOLICY in DATA is signed.
I have yet to try this out.
Click to expand...
Click to collapse
I made an attempt to patch sepolicy using data however all I got in the logs was
Code:
E/SELinux ( 733): Function: fileToArray, File Open Unsuccessful:
E/SELinux ( 733): Function: getVersionhash, signature is NULL
I/SELinux ( 733): Function: selinux_init_verify_sepolicy, getVersionhash return false
E/SELinux ( 733): Function: VerifyPolicy , selinux_init_verify_sepolicy is failed
So far I have no indication that my patch worked
Code:
sepolicy-inject -s shell -t system -c file -p read -P sepolicy -o sepolicy
The error above only comes up if I place sepolicy in /data/security and sepolicy_version in /data/security/spota
sha256 hashes were also updated in the version file so I'm not sure what I'm missing.
If I could have a copy of a samsung ota that actually updates the policies I can probably have better direction
jedld said:
I made an attempt to patch sepolicy using data however all I got in the logs was
Code:
E/SELinux ( 733): Function: fileToArray, File Open Unsuccessful:
E/SELinux ( 733): Function: getVersionhash, signature is NULL
I/SELinux ( 733): Function: selinux_init_verify_sepolicy, getVersionhash return false
E/SELinux ( 733): Function: VerifyPolicy , selinux_init_verify_sepolicy is failed
So far I have no indication that my patch worked
Code:
sepolicy-inject -s shell -t system -c file -p read -P sepolicy -o sepolicy
The error above only comes up if I place sepolicy in /data/security and sepolicy_version in /data/security/spota
sha256 hashes were also updated in the version file so I'm not sure what I'm missing.
If I could have a copy of a samsung ota that actually updates the policies I can probably have better direction
Click to expand...
Click to collapse
Finally found a way to patch the kernel on this device. Stay tuned...
jedld said:
Finally found a way to patch the kernel on this device. Stay tuned...
Click to expand...
Click to collapse
Turns out I was just able to modify files in the boot.img, though when I try to update the sepolicy itself, it won't boot.
jedld said:
Turns out I was just able to modify files in the boot.img, though when I try to update the sepolicy itself, it won't boot.
Click to expand...
Click to collapse
Can you at least explain a bit further?
What modifications allow you to create a boot able image?
How have you overcome image signing?
Only way I can think of is hex editing the signature, however I was under the impression this was crc based.
ashyx said:
Can you at least explain a bit further?
What modifications allow you to create a boot able image?
How have you overcome image signing?
Only way I can think of is hex editing the signature, however I was under the impression this was crc based.
Click to expand...
Click to collapse
Yeah I was able to flash a modified boot.img using heimdall, turns out that you just need to use abootimg -u boot.img -r yourmodifiedramdisk so that you don't overwrite the SELINUXENFORCE headers appended at the end of the boot.img file, it appears the bootloader only checks for the presence of those headers but does not actually compute the sig.
Modifying ramdisk works, haven't tried modifying the kernel itself.
I tried to modify the sepolicy files after using sepolicy-inject but it throws a KERNEL not SEnforced error. I am not certain if this is just a blanket error if the kernel doesn't boot due to modifying the policy files incorrectly or if there is legit checking going on. Nevertheless I am able to modify the init.rc files now.
jedld said:
I tried to modify the sepolicy files after using sepolicy-inject but it throws a KERNEL not SEnforced error. I am not certain if this is just a blanket error if the kernel doesn't boot due to modifying the policy files incorrectly or if there is legit checking going on. Nevertheless I am able to modify the init.rc files now.
Click to expand...
Click to collapse
Continued checking it out. So even though I can modify the ramdisk, I am unable to add more than 1000 - 2000 bytes before setting off the SEAndroid enforce error on bootup. Might be some headers on the boot.img that I fail to update when the ramdisk size gets bigger. Trying to modify the sepolicy in any way even if there is minimal change in size prevents it from booting. I have no idea what is checking it, I'll try to hexedit and see what happens.
jedld said:
Continued checking it out. So even though I can modify the ramdisk, I am unable to add more than 1000 - 2000 bytes before setting off the SEAndroid enforce error on bootup. Might be some headers on the boot.img that I fail to update when the ramdisk size gets bigger. Trying to modify the sepolicy in any way even if there is minimal change in size prevents it from booting. I have no idea what is checking it, I'll try to hexedit and see what happens.
Click to expand...
Click to collapse
So I used a hexedit on the sepolicy file and was able to modify one byte of it effectively changing its sha256sum... and it worked. So the sepolicy file CAN be changed, however current sepolicy-inject and supolicy tools does something to it that trips it, looks like samsung has again added a proprietary modification sepolicy format.
I've never known a kernel not boot due to the kernel not SEANDROID enforcing warning.
It's a meaningless warning and easily bypassed.
However this is on bootloader unlocked devices.
So just let me get this straight, you have been able to repack the boot.img with modifications to the ramdisk then force flash it via Heimdall and it still boots?
ashyx said:
I've never known a kernel not boot due to the kernel not SEANDROID enforcing warning.
It's a meaningless warning and easily bypassed.
However this is on bootloader unlocked devices.
So just let me get this straight, you have been able to repack the boot.img with modifications to the ramdisk then force flash it via Heimdall and it still boots?
Click to expand...
Click to collapse
yup. that's correct. I'll post my modified boot.img in a while
jedld said:
yup. that's correct. I'll post my modified boot.img in a while
Click to expand...
Click to collapse
note that using the update only method of abootimg "abootimg -u boot.img -r xxxxxx " is the only one that works for repacking the ramdisk. Trying to build the boot.img from scratch using any other method has so far failed for me.
Here is a flashable boot.img for the SM-T285.
It contains the following modifications to the ramdisk:
a file at /this_device_is_owned
and a modified init.rc that creates a /tmp folder
jedld said:
Here is a flashable boot.img for the SM-T285.
It contains the following modifications to the ramdisk:
a file at /this_device_is_owned
and a modified init.rc that creates a /tmp folder
Click to expand...
Click to collapse
now managed to patch sepolicy using chainfire's supolicy tool. needed to use a customized mkbootimg due to changes in the Tab A image format for this. now attempting to root the device... wish me luck
So in this guide or tutorial i'll show you how to patch boot.img so it doesn't fails to boot.
what you'll need
Python (We're using a python script to unpack/repack)
This python script https://github.com/liudongmiao/bootimg
Text editor (notepad++) for windows is a good thing
Patience
Now if you have python installed navigate to the folder where your bootimg.py & boot.img exist
now open cmd or terminal depending on what system you're using. and enter:
python bootimg.py --extract-bootimg
python bootimh.py --extract-ramdisk
Now we need to disable dm-verity and such
To disable system check change: ro,barrier=1 wait,verify > ro,barrier=1 wait
it is recommended to do this to all partitions u want to be able to modify later.
now you can also remove dm-verity executable and is not needed and it most likely will cause your boot.img to fail.
There's probably need to patch se policy file as well so you could use phh zip to do this.
And thats it. Post 2 is to add superuser access but it'll be later
How to swap from phh to chainfire supersu
Open init.environ.rc and add
export PATH /su/bin:/sbin:/vendor/bin:/system/sbin:/system/bin:/su/xbin:/system/xbin
Above bootlogo
Now download the two zips and extract su folder to root of ramdisk
And the sbin to sbin folder but don't remove any files!
Now if u have trouble with remount system as rw you need to edit the fstab and remove the verify on its partition. Now just repack ramdisk and then repack boot and you should be done
LastStandingDroid said:
So in this guide or tutorial i'll show you how to patch boot.img so it doesn't fails to boot.
what you'll need
Python (We're using a python script to unpack/repack)
This python script https://github.com/liudongmiao/bootimg
Text editor (notepad++) for windows is a good thing
Patience
Now if you have python installed navigate to the folder where your bootimg.py & boot.img exist
now open cmd or terminal depending on what system you're using. and enter:
python bootimg.py --extract-bootimg
python bootimh.py --extract-ramdisk
Now we need to disable dm-verity and such
To disable system check change: ro,barrier=1 wait,verify > ro,barrier=1 wait
it is recommended to do this to all partitions u want to be able to modify later.
now you can also remove dm-verity executable and is not needed and it most likely will cause your boot.img to fail.
There's probably need to patch se policy file as well so you could use phh zip to do this.
And thats it. Post 2 is to add superuser access but it'll be later
Click to expand...
Click to collapse
Sorry, which tool do you use in order to extract boot img from UPDATE.APP?
And after unpack and repack ramdisk and boot is it normale that the new boot.img is smaller than the "original" boot.img?
Thanks, I'm trying to patch honor 5c boot image in order to root it.
Huawei Firmware Extractor will unpack the UPDATE.APP.
LastStandingDroid said:
So in this guide or tutorial i'll show you how to patch boot.img so it doesn't fails to boot.
what you'll need
Python (We're using a python script to unpack/repack)
This python script https://github.com/liudongmiao/bootimg
Text editor (notepad++) for windows is a good thing
Patience
Now if you have python installed navigate to the folder where your bootimg.py & boot.img exist
now open cmd or terminal depending on what system you're using. and enter:
python bootimg.py --extract-bootimg
python bootimh.py --extract-ramdisk
Now we need to disable dm-verity and such
To disable system check change: ro,barrier=1 wait,verify > ro,barrier=1 wait
it is recommended to do this to all partitions u want to be able to modify later.
now you can also remove dm-verity executable and is not needed and it most likely will cause your boot.img to fail.
There's probably need to patch se policy file as well so you could use phh zip to do this.
And thats it. Post 2 is to add superuser access but it'll be later
Click to expand...
Click to collapse
In which file we have to edit this line "ro,barrier=1 wait,verify > ro,barrier=1 wait". I have infinix smart 5 x657b. I extracted the boot file and from some instructions on google, I opened fstab file. But there is nothing like that line.
hassansuriya said:
In which file we have to edit this line "ro,barrier=1 wait,verify > ro,barrier=1 wait". I have infinix smart 5 x657b. I extracted the boot file and from some instructions on google, I opened fstab file. But there is nothing like that line.
Click to expand...
Click to collapse
There is a way to remove dm-verity and forceencrypt by just flashing a file in twrp.
[Deprecated] Universal DM-Verity, ForceEncrypt, Disk Quota Disabler [11/2/2020]
Hi all! For the past couple of months, I've been looking into making a more universal solution to disable dm-verity and forceencrypt. Needing to take different zips, modify them for different devices, and then cross your fingers when you switch...
forum.xda-developers.com
CHECK_123 said:
There is a way to remove dm-verity and forceencrypt by just flashing a file in twrp.
[Deprecated] Universal DM-Verity, ForceEncrypt, Disk Quota Disabler [11/2/2020]
Hi all! For the past couple of months, I've been looking into making a more universal solution to disable dm-verity and forceencrypt. Needing to take different zips, modify them for different devices, and then cross your fingers when you switch...
forum.xda-developers.com
Click to expand...
Click to collapse
but there is not any version of twrp recovery for my device. From where should I download it?
hassansuriya said:
but there is not any version of twrp recovery for my device. From where should I download it?
Click to expand...
Click to collapse
I found this "auto twrp recovery porter"
Mediatek (MTK) Auto TWRP recovery porter by Team Hovatek
If you wish to root your Mediatek Android phone, we'd dropped a guide on rooting using Magisk and stock boot.img at https://www.hovatek.com/forum/thread-21427.html , no custom recovery is required. Se
forum.hovatek.com
I dont know if it would work, you should try
You may have to sign up to get the andorid 9 and 10 version of the tool
How to close selinux in the kernel with boot.img.I tried a lot of ways, but can not achieve my goal.
1.
Unzip boot.img, and then modify the configuration file. androidboot.selinux=permissive
invalid
It is said that the reason is ro.build.type=user???
2.
Unzip boot.img add set enforce 0 to init.rc.
invalid
And it was temporarily closed after the start.Theory is feasible, but still lacking.
Is there any way to unpack boot.img after disabling or permission seLinux, please tell me the way I am looking for a Nexus 6p official 6.0.1 mtc20l ROM kernel boot.img with disabled selinux.