[Q] How to unpack system.img and modify it for Pixel4? - Google Pixel 4 Questions & Answers

Hi all,
Is there a tool that can unpack system.img for the Pixel 4 (that actually works..) ?
What I want is to create a system.img that will have the following change:
Replace the below apex zip file:
`/system/apex/com.android.runtime.release.apex`
to an extracted version of it:
`/system/apex/com.android.runtime.release`
I've tried most of the online tools and tutorials with no luck.
So I unzip the ` flame-qd1a.190821.007` factory image, and then unzip the `image-flame-qd1a.190821.007` within in.
This gives me many .img files, including system.img, system_other.img, and super_empty.img.
I guess in some phones super.img had included the system.img, but that's not the case with `flame`.
imjtool can extract the `system.img` using:
Code:
imjtool system.img extract
With the below warning:
Warning: system.img is likely truncated or still compressed
Sparse image v1.0 detected, 196053 blocks of 4096 bytes
196053 blocks of 4096 bytes compressed into 15 chunks (1% compressed)
Click to expand...
Click to collapse
Then `extract/image.img` cannot be further recognized by the tool:
Code:
imjtool extracted/image.img
extracted/image.img is not a recognized image. Sorry
Click to expand...
Click to collapse
I've also tried simg2img to convert a sparse android img to a normal one,
but then mounting failed, in both Linux and mac.

Paschalis said:
Hi all,
Is there a tool that can unpack system.img for the Pixel 4 (that actually works..) ?
What I want is to create a system.img that will have the following change:
Replace the below apex zip file:
`/system/apex/com.android.runtime.release.apex`
to an extracted version of it:
`/system/apex/com.android.runtime.release`
I've tried most of the online tools and tutorials with no luck.
So I unzip the ` flame-qd1a.190821.007` factory image, and then unzip the `image-flame-qd1a.190821.007` within in.
This gives me many .img files, including system.img, system_other.img, and super_empty.img.
I guess in some phones super.img had included the system.img, but that's not the case with `flame`.
imjtool can extract the `system.img` using:
Code:
imjtool system.img extract
With the below warning:
Then `extract/image.img` cannot be further recognized by the tool:
Code:
imjtool extracted/image.img
I've also tried simg2img to convert a sparse android img to a normal one,
but then mounting failed, in both Linux and mac.
Click to expand...
Click to collapse
I use SuperR Kitchen
It unpacks everything. You must then use Apktool or third party software (ticklemyandroid) to decompile and recompile apks for editing. I don't have a way to edit a .apex file.
Here is the file in question. Just rename it by taking off the .zip. only way I could upload it.
https://www.androidfilehost.com/?fid=8889791610682898672

The full Android SDK. But it's definitely not a beginner friendly process. If you have to ask how to do it then you probably shouldn't try it until you learn more. ?

Related

[Q] loop device

Sorry for the totally newbie question (for both android and linux).
I've rom images from legend ruu: android-info.txt, boot.img, hboot_legend_7227_1.01.0000_101108.nb0, radio.img, rcdata.img, recovery.img, splash1.nb0, system.img, userdata.img.
Is there any way to mount them (especially boot.img, recovery.img and system.img) on a linux box using a loop device?
The files boot.img and recovery.img are starting with magic word "ANDROID!°¨#", while I cannot recognize any string in system.img. What kind of file systems are these?
Thank you in advance,
TiceRex
system.img should just be a yaffs image and can be mounted loopback if you have the yaffs drivers installed. boot.img and recovery.img are ramdisk images which consist of a kernel and a cpio archive (containing the files for the root filesystem) bundled together in a package. HBOOT loads the kernel first, then unzips the cpio archive into a newly created ramdisk. Once all is loaded, execution is passed off to the kernel which has a nice ramdisk full of the init files needed for the remainder of the boot process. system and data images are then mounted to mountpoints in the ramdisk.
To extract and manipulate boot.img and recovery.img, see this thread:
http://forum.xda-developers.com/showthread.php?t=551711
Thank you very much.
Seeing into dsixda's rom kitchen scripts I was able to extract the boot.img and recovery.img files (and found the kernel and initrd).
I will look for the yaffs drivers.
Regards, TiceRex

[GUIDE] How to extract system files from stock firmware

First of all: Tool to be used in this guide was developed by user And_pda from Russian 4pda.ru forum. So all credits must go to And_pda
The original thread (in Russian) is here. Actually the original thread is about several tools to works with different images for different phones. But we will talk only about Moto X.
The guide will describe how to extract all files from system partition from stock firmware. The tools works under Windows (I personally tested it on Win 7).
If you unzip any stock firmware you will find one file, which represents system partition: system.img.
To extract all files from system.img please do:
1. Download ImgExtractor_1_3_4.rar and extract it.
2. Create directory System in the folder where system.img is located;
3. Copy ImgExtractor.exe into the folder where system.img is located;
4. Run CMD and "cd" to the folder where system.img is located
5. In CMD run the following: ImgExtractor system.img System
After ImgExtractor finished you will have all system files and folders in System directory.
That's all
PS. ImgExtractor also can extract modem firmware (NON-HLOS.bin)
Anyway to extract system image on 4.4, inject su binary re-image, and msfastboot flash?
Sent from my XT1080 using Tapatalk
djnikko said:
Anyway to extract system image on 4.4, inject su binary re-image, and msfastboot flash?
Sent from my XT1080 using Tapatalk
Click to expand...
Click to collapse
Maybe. But to get the locked recovery to flash it must be signed by moto thousand bit code.
extract for something like my signature?
Hey this will mos def save some time. Thanks my dude
Sent from my XT1095
Can you get this to work with motoboot.img? It'll make it possible to downgrade to bootloaders such as 4-21, 3-15, etc.
mr_verystock said:
Can you get this to work with motoboot.img? It'll make it possible to downgrade to bootloaders such as 4-21, 3-15, etc.
Click to expand...
Click to collapse
Phone's cid partition changes with every firmware update so bootloader downgrade will not work. The phone just won't boot up. I know the man who tried all this tricks - he flashed dumps from phones with unlocked bootloaders.
Pretty cool tool... I just wished it would keep the original timestamps for the directories and files....
Is there any way to assemble extracted files and build original system files?
Sent from my SM-N910C using Tapatalk
Latest version if any need it
It can't handle large img files though.
works on Samsung Galaxy S6 , Note 4 , cache.img , hidden.img , files which ext4 unpacker couldn't handle.
How big were the img files? It can't handle the 4GB LG G4 .img files but works fine with the smaller Motorola RAZR HD Maxx .img files.
i used it only for cache and hidden, so <250MB. I didn't tried on larger files.
That's why it works.... the Motorola img files were 1 GB or less... it can't handle the LG G4 files.
it would be great if the author patched/forked the original ext4 unpacker, so it can open newer img's like this (sparse with moded header) , so we would've had a GUI, because imgextractor is only text.
imgextractor is the only one that works on Motorola img files.
yes, even with Samsung Galaxy Note 4 / S6 and newer devices, on the IMG file - the ext4 sparse header is not standard, but i said, since this program (imgextractor) is based on ext4 unpacker sources, it could've keeped that GUI and only mod a little.
Anyway, you could also open IMG with the original ext4 unpacker if you fix it first with IMGEXTRACTOR. to fix: convert IMG file from MODED SPARSE EXT4 to normal EXT4 (> imgextractor.exe original.img temp.ext4 -conv) and then back to FIXED SPARSE EXT4 (> imgextractor.exe temp.ext4 fixed.img -conv). Now open fixed.img in ext4 unpacker program and it will work.
l.e. I found what the problem was, on Samsung Exynos devices, and the newer ones, the IMG files headers are 32 bytes, instead of the normal 28, Chainfire explains it here. So that's why ext4 unpacker gives error on opening. For alternative fix (instead of the conversion i explain upper in this post using imgextractor) you can use Chainfire's sgs4ext4fs tool , works on Windows/Linux, builds and other useful tool here.
Also there is a tool for Motorola IMG files there, see the Usage section.
gracias
tanks bro work in motorola razr hd stock kitkat system.img
BenjaminW8 said:
can you maybe make a more detailed guide how you did this
i cant seem to make sytem.img to extract for the s7 Edge
Click to expand...
Click to collapse
I believe you want be able to utilize Imgextractor as the S7 system.img exceeds the supported size of the Imgextractor

[Solved] Best way to make system.img into a recovery flashable zip?

Hi, I've been trying to make sparse system.img from firmware tar file into a twrp-flashable zip file but I'm not sure which is the best way.
All operations are performed on latest linux mint and I'm not going to use any kitchen. All binaries used to convert images are compiled from latest AOSP sources.
Here are some of the methods I've tried.
a) Extract everything from system.img and set metadata infos in updater-script, just like any other "rom"s. (e.g. SuperMan Rom)
Probably one of the simplest ways, and system files inside the zip can be modified easily - extract, edit, recompress.
But this method has a potential of destroying unique permissions/owner infos, such as those of symlinks.
I'd like to flash the system.img "as-is," without making a mess with whatever's inside the image.
b) Extract raw system.img directly to /dev/block/platform/155a0000.ufs/by-name/SYSTEM.
Not so bad. Raw system.img can be easily generated with simg2img. But turns out to take too much time to flash and doesn't get along well with DualBoot patcher.
c) Sparse dat, like the ones used in most AOSP-based roms
Probably the most ideal one. But when I took the following steps to make it, I found out that system partition size gets kinda damaged or something.
- Convert system.img to raw system.img with simg2img.
- Convert the raw system.img to sparse image again with ext2simg, to make img2sdat.py work properly.
- Convert the sparse image to sparse dat with @xpirt's img2sdat.py.
- Finally, convert the generated sparse dat to raw system image with sdat2img.py to check if partition size matches.
Then I get the following results.
- Size of original raw system.img : 4404019200
- Size of raw system.img generated in last step : about ~100MB smaller
I know I can loop mount system.img and then make a new sparse image with make_ext4fs,
but it also breaks some permissions and make_ext4fs won't recognize file_contexts.bin from nougat firmware whereas it worked well with marshmallow's.
If anyone's got a better method or a solution for method c please leave a reply. Thanks in advance.

how to flash/edit system.img

on p8 lite ale-l21, when i want to flash system.img, size is more than 1.5gbs, the adb refuse with these sentence;
TARGET REPORTED MAX DOWNLOAD SIZE OF 471859200 BYTES,. what anyone guide how to flash system.img.
Q.2: i extracted update.app, it has files with .img extension, how to edit/repack these and make a flashable.zip file?
huawei2016 said:
on p8 lite ale-l21, when i want to flash system.img, size is more than 1.5gbs, the adb refuse with these sentence;
TARGET REPORTED MAX DOWNLOAD SIZE OF 471859200 BYTES,. what anyone guide how to flash system.img.
Q.2: i extracted update.app, it has files with .img extension, how to edit/repack these and make a flashable.zip file?
Click to expand...
Click to collapse
Try with Minimal ADB & Fastboot... Default ADB & Fastboot cannot flash large files...
it just failed.
huawei2016 said:
it just failed.
Click to expand...
Click to collapse
Even with Minimal AFB & Fastboot?
That shouldn't happen..
Put the system.img in Minimal ADB & Fastboot folder (C:/Program Files (x86) / Minimal ADB & Fastboot) and then try to flash.. That should do the job...
i'll tell later, this worked or not. thanks
Now i tested, it also failed. but no problem.
i just flashed the whole update.app.
but curious, how to modify system.img and make flashable zip of rom.

Add Apk to X96Q's priv-app dir

Hi,
I have some experience modifying rookchip Firmware. Unpacking, modifying repacking and flashing. Was a long way but finally I got it to work.
Now I have a X96Q device and downloaded it's stock firmware. I can open the archive with 7zip.
If I try to extract the super.img from the firmware.img with 7zip or other tools I get error "unexpected end of archive" at 78% progress.
Some ideas how to unpack the super.img to modify the system-dir?
Thanks!
PS: if it would help I can provide this Firmware-file.
super.img?
or system.img?
if system.img try this tool Multi Image Kitchen
I got it finally to work using imgRePacker and simg2img.
Fage91 said:
I got it finally to work using imgRePacker and simg2img.
Click to expand...
Click to collapse
can you share simg2img to me?
i try unpack and repack system.img on multi image kitchen but something bug like wifi can't on after flash the repack system.img
ijrx001 said:
can you share simg2img to me?
i try unpack and repack system.img on multi image kitchen but something bug like wifi can't on after flash the repack system.img
Click to expand...
Click to collapse
Try this:
GitHub - anestisb/android-simg2img: Tool to convert Android sparse images to raw images
Tool to convert Android sparse images to raw images - GitHub - anestisb/android-simg2img: Tool to convert Android sparse images to raw images
github.com
The steps I got it to work:
First step: unpack with imgRePacker
Second step: unpack super with simg2img
Third step: loop mount it with offset in debian
Forth step: make modifications and !! Umount!!
Fifth step: Pack super with img2simg
Sixth step: Pack it all togeher with imgRePacker
I cant Flash it using phoenix usbpro oder phoenix suit. Do you have some Tips for me? After connectng my Box in downloadmode it seems to Start flashing but nothing happens.

Categories

Resources