Current location - Quotes Website - Signature design - How to extract ramdisk file from boot.img
How to extract ramdisk file from boot.img
First, you need a user to unlock fastboot's phone, so that you can swipe into a third-party ROM.

Secondly, you should be able to find the corresponding boot.img or sec_boot.img (with signature) of the current version, usually the sec_boot.img solved in the brush package. I don't know if it's okay to come out through cat mtd. =

Tools:

split_bootimg.pl

Mkbootfs and mkbootimg

1)sec_boot.img signature, the first 0x 1000 bytes of the file need to be deleted, which is ANDROID! All bytes before 8 characters are deleted and saved as boot.img

2) run perl split_bootimg.pl boot.img to solve the kernel and ramdisk file, and write "commandline: vmalloc = 384mmem = 2044m @ 0x200000" in the running result. . . . "A long list of spare characters.

3) Run the instruction to solve the ramdisk file.

Mkdir memory disk

Optical disk storage disk

gzip -dc../boot.img-ramdisk.gz | cpio -i

laser record ..

4) Modify the file, for example, I think that persist.sys.usb.config = manufacturing and ADB in default.prop are not very good, and I want to change them to =adb, so I want to modify and save them. If you want adb to have root permissions, change ro.secure and ro.debuggable

5) repackaging

mkbootfs。 /ramdisk | gzip & gt; ramdisk-new.gz

Of course, if your compiled mkbootfs is not added to the path, take the compiled program to the current directory to run. /mkbootfs。 ...

Generate boot-new.img

Mkbootimg-cmdline' enclosed in single quotation marks is to copy a long string'-kernelboot.img-kernel-ramdisk ramdisk-new.gz-oboot-new.img' after the command line colon just written.

6) Now, if you directly brush in the generated boot-new.img, the mobile phone will not get on. The problem lies in the addresses of kernel, ramdisk, secondary and label.

Look at this. You will know base=0x 10000000 by compiling the c file of mkbootimg yourself, and the generated boot-new.img is based on this rule:

Kernel address =base+0x00008000, memory disk address = base+0x005438+0000000,

The second stage address = base address+0x0000, and the label address = base address +0x00000 100.

This is different from the original address in sec_boot.img I want to find the correct base value, but several addresses in the original img are not this rule. If I can't get the source code, I can only stare.

The easiest way is to use 16 base editor to change the four addresses corresponding to boot-new.img to the original values, as shown in the figure below:

7) After saving, you can brush fastboot into this boot, and then you can verify whether it can be started. If you can't start it, you won't turn the brick, because we haven't brushed recovery and quick start, so we can use these two methods to recover.

Related articles
  • Wechat name of family with children is good or not. Wechat name of family harmony.
  • How to sign an electronic contract? What is the process roughly like?
  • What are the requirements for calligraphers to stamp in that place after writing their works?
  • An excerpt from "The Complete Biography of Boy Jia Li", please ask for the original text. More
  • What does 21 sep 10 on the Japanese visa mean?
  • What is the specific content of student * * * being born in party member?
  • What is the best pen for practicing calligraphy?
  • 300,000 yuan to make up tuition fees and a fake schoolmaster, but I dare not go to the toilet. How difficult is it to review the Madge family late at night?
  • Is it illegal for individuals to take freight forwarding commissions?
  • What embarrassing pictures have you seen in variety shows?

    • copyright 2024 Quotes Website All rights reserved