Arnova 10 G2 Custom rom development with Linux - Forum

Latest product reviews
ARCHOS 50 Diamond
ARCHOS GamePad2
ARCHOS Smartphones
ARCHOS TV Connect
ARCHOS 101 XS

A A A

Arnova 10 G2 Custom rom development with Linux

Page: 1 2 3 4

ttz642t

Firmware Guru

Forum Posts: 53

Member Since:
2011/11/19

Offline

2011/11/20 - 17:39

For rom development with Linux.

NOTE: The information in this thread should be seen as development chatter and not definative, plese refer to the wiki for the most up to date information:

Arnova 10 G2 rom development using Linux

How do you unpack a rom, modify it and repack it, specifically for the Arnova 10 G2.

Dumping tablet

I've created a perl script to dump all partitions (except the user partition) based on the parameters held on tha tablet, so it should be able to dump any verson of rom on the tablet. See the wiki for more details and scripts.

Here's a demostration of it running:

$ rksp_an10g2_dump.pl
rkflashtool: info: interface claimed
rkflashtool: info: reading flash memory at offset 0x00000000

Reading parameters...
Size of parameters is 607

CRC = c6f69fe0
00: FIRMWARE_VER:0.2.3
01: MACHINE_MODEL:AN10G2
02: MACHINE_ID:007
03: MANUFACTURER:RK29SDK
04: MAGIC: 0x5041524B
05: ATAG: 0x60000800
06: MACHINE: 2929
07: CHECK_MASK: 0x80
08: KERNEL_IMG: 0x60408000
09: #COMBINATION_KEY: 0,6,A,1,0
10: CMDLINE: console=ttyS1,115200n8n androidboot.console=ttyS1 init=/init initrd=0x62000000,0x500000 mtdparts=rk29xxnand:0x00002000@0x00002000(misc),0x00004000@0x00004000(kernel),0x00002000@0x00008000(boot),0x00004000@0x0000A000(recovery),0x00082000@0x0000E000(backup),0x0003a000@0x00090000(cache),0x00100000@0x000ca000(userdata),0x00002000@0x001ca000(kpanic),0x00080000@0x001cc000(system),-@0x0024c000(user)

CMD: CMDLINE
Command line: console=ttyS1,115200n8n androidboot.console=ttyS1 init=/init initrd=0x62000000,0x500000 mtdparts=rk29xxnand
Partitions: 0x00002000@0x00002000(misc),0x00004000@0x00004000(kernel),0x00002000@0x00008000(boot),0x00004000@0x0000A000(recovery),0x00082000@0x0000E000(backup),0x0003a000@0x00090000(cache),0x00100000@0x000ca000(userdata),0x00002000@0x001ca000(kpanic),0x00080000@0x001cc000(system),-@0x0024c000(user)

Partition {misc} of size 0x00002000 at offset 0x00002000
Reading partition...
Partition {kernel} of size 0x00004000 at offset 0x00004000
Reading partition...
Partition {boot} of size 0x00002000 at offset 0x00008000
Reading partition...
Partition {recovery} of size 0x00004000 at offset 0x0000A000
Reading partition...
Partition {backup} of size 0x00082000 at offset 0x0000E000
Reading partition...
Partition {cache} of size 0x0003a000 at offset 0x00090000
Reading partition...
Partition {userdata} of size 0x00100000 at offset 0x000ca000
Reading partition...
Partition {kpanic} of size 0x00002000 at offset 0x001ca000
Reading partition...
Partition {system} of size 0x00080000 at offset 0x001cc000
Reading partition...
Partition {user} of size - at offset 0x0024c000

ttz642t

Firmware Guru

Forum Posts: 53

Member Since:
2011/11/19

Offline

2012/01/08 - 12:15

Dumping tablet

Trying to figure out how to do a sub topic and hosts scripts...

an10g2_dump.pl

#!/usr/bin/perl

# $DUMP=1;#Uncoment to actually dump the partitions, otherwise dry run, ie parse parameters

$raw = `rkflashtool r 0x00 0x20`;
$DUMPDIR = `date +%Y%m%d_%H%M`;
chomp $DUMPDIR;
system "mkdir -p $DUMPDIR" if($DUMP);

print "nReading parameters...n";

$parm=substr($raw,0,4);
$size=ord(substr($raw,4,1))
     +(ord(substr($raw,5,1))<<8)
     +(ord(substr($raw,6,1))<<16)
     +(ord(substr($raw,7,1))<<24);

print "Size of parameters is $sizenn";

system "rkflashtool r 0x00 0x20 > $DUMPDIR/p00" if($DUMP);
system "rkflashtool r 0x20 0x20 > $DUMPDIR/p20" if($DUMP);
system "rkflashtool r 0x40 0x20 > $DUMPDIR/p40" if($DUMP);
system "rkflashtool r 0x60 0x20 > $DUMPDIR/p60" if($DUMP);
system "rkflashtool r 0x80 0x20 > $DUMPDIR/p80" if($DUMP);
system "rkflashtool r 0x00 0x2000 > $DUMPDIR/parameter" if($DUMP);

$crcpsn=$size+8;
$crc=ord(substr($raw,$crcpsn,1))
     +(ord(substr($raw,$crcpsn+1,1))<<8)
     +(ord(substr($raw,$crcpsn+2,1))<<16)
     +(ord(substr($raw,$crcpsn+3,1))<<24);

printf "CRC = %08xn",$crc;

$parameters = substr($raw,8,$size);

@lines = split(chr(13),$parameters);
$numlines=$#lines+1;

for($i=0;$i<$numlines;$i++){
$lines[$i] =~ s/[x00-x1F]//g; #remove control codes
printf "%02d: %sn",$i,$lines[$i];
if($lines[$i] =~ /^CMDLINE:/){
    ($tag,$cmdline,$rk29xxnand) = split(/:/,$lines[$i]);
    print "nCMD: $tagn";
    print "Command line: $cmdlinen";
    print "Partitions: $rk29xxnandnn";
    @mtd = split(/,/,$rk29xxnand);
    for($j=0;$j<($#mtd+1);$j++){
      $i1=index($mtd[$j],"@");
      $i2=index($mtd[$j],"(");
      $i3=index($mtd[$j],")");
      $mtdsize = substr($mtd[$j],0,$i1);
      $mtdoffset = substr($mtd[$j],$i1+1,$i2-$i1-1);
      $mtdname = substr($mtd[$j],$i2+1,$i3-$i2-1);
      print "Partition {$mtdname} of size $mtdsize at offset $mtdoffsetn";
      if($mtdsize=~ /^0x/){
        $cmd = "rkflashtool r $mtdoffset $mtdsize > $DUMPDIR/".$mtdname.".img";
        print "tReading partition...n";
        system $cmd if($DUMP);
      }
    }
}
}

ttz642t

Firmware Guru

Forum Posts: 53

Member Since:
2011/11/19

Offline

2012/01/12 - 17:33

Unpacking boot.img

Written a script to upack the files from the boot.img

[stevep@localhost image]$ ,/rksp_unpack_boot.img.pl
unpacked
3339 blocks
edit files....

[stevep@localhost image]$ ls BOOT*
BOOT-20120112_1630/

[stevep@localhost image]$ ll BOOT-20120112_1630/
total 1600
drwxrwx--x 2 stevep stevep    4096 Jan 12 16:30 data/
-rw-r--r-- 1 stevep stevep     278 Jan 12 16:30 default.prop
drwxr-xr-x 2 stevep stevep    4096 Jan 12 16:30 dev/
-rwxr-x--- 1 stevep stevep   94200 Jan 12 16:30 init*
-rwxr-x--- 1 stevep stevep      45 Jan 12 16:30 init_battery.sh*
-rwxr-x--- 1 stevep stevep    1677 Jan 12 16:30 init.goldfish.rc*
-rwxr-xr-x 1 stevep stevep 1360652 Jan 12 16:30 initlogo.rle*
-rwxr-x--- 1 stevep stevep   15255 Jan 12 16:30 init.rc*
-rwxr-x--- 1 stevep stevep    2710 Jan 12 16:30 init.rk29board.rc*
drwxr-xr-x 2 stevep stevep    4096 Jan 12 16:30 proc/
-rw-r--r-- 1 stevep stevep 113525 Jan 12 16:30 rk29xxnand_ko.ko
drwxr-x--- 2 stevep stevep    4096 Jan 12 16:30 sbin/
drwxr-xr-x 2 stevep stevep    4096 Jan 12 16:30 sys/
drwxr-xr-x 2 stevep stevep    4096 Jan 12 16:30 system/
-rw-r--r-- 1 stevep stevep       0 Jan 12 16:30 ueventd.goldfish.rc
-rw-r--r-- 1 stevep stevep    3764 Jan 12 16:30 ueventd.rc
-rw-r--r-- 1 stevep stevep    1002 Jan 12 16:30 ueventd.rk29board.rc

Here's thescript:

rksp_unpack_boot.img.pl

==================

#!/usr/bin/perl

# $ ./rksp_unpack_boot.img.pl

$imgfn = "boot.img";

$BOOTDIR = "BOOT-".`date +%Y%m%d_%H%M`;
chomp $BOOTDIR;
system "mkdir -p $BOOTDIR";

system "rkunpack $imgfn";
system "mv ".$imgfn."-raw $BOOTDIR/".$imgfn."-cpio.gz";
system "gzip -d $BOOTDIR/".$imgfn."-cpio.gz";
system "(cd $BOOTDIR/; cpio -i < ".$imgfn."-cpio)";
system "rm $BOOTDIR/".$imgfn."-cpio";
print "edit files....\n";

ttz642t

Firmware Guru

Forum Posts: 53

Member Since:
2011/11/19

Offline

2012/01/12 - 17:41

Script to re-pack the boot.img.

# # # INCOMPLETE # # #

./rksp_unpack_boot.img.pl

===================

#!/usr/bin/perl

# $ ./rksp_unpack_boot.img.pl 20120111_2229/

$BOOTDIR = $ARGV[0];

system "rm $BOOTDIR/boot.img-cpio";
print "Create $BOOTDIR/boot.img-cpio from files\n";
#system "gzip $BOOTDIR/".$imgfn."-cpio";
#system "rkcrc -k $BOOTDIR/boot.img-cpio.gz $BOOTDIR/boot.img";

admin

Forum Posts: 5878

Member Since:
2010/09/11

Offline

Thanks Received: 3169

2012/01/12 - 18:05

Thanks a lot ttz642t.

I have hosted some files here:

/assets/tools/Firmware/Rockchip_CPU_based/an10g2_dump.pl

/assets/tools/Firmware/Rockchip_CPU_based/rksp_unpack_boot.img.pl

and naobsd rkutils statically compiled on Linux:

/assets/tools/Firmware/Rockchip_CPU_based/rkutils-bin.tgz

I'll complete/update as necessary.

If you like our web site, applications and firmwares, feel free to support our site. Donations are used to pay the bills for our server hosting costs, development tools and purchase new tablets to support.

finless

Stanton, Ca

Contributor

Forum Posts: 604

Member Since:
2011/12/10

Offline

Thanks Received: 2

2012/01/12 - 19:26

Well it's a lot easier to unpack with this.... This is what I use

#strip the header. The count is set much larger than the file size as DD hits EOF anyway.

dd if=boot.img of=initrd.gz skip=8 bs=1 count=20000000

# unzip boot.img to a work folder. gzip disregards trailing garbage in the footer.

mkdir work;cd work;zcat ../initrd.gz|cpio -idm

Done

finless

Stanton, Ca

Contributor

Forum Posts: 604

Member Since:
2011/12/10

Offline

Thanks Received: 2

2012/01/12 - 19:50

ttz642t, your scripts are perl? If so wont many not have that like in Ubuntu?

Bob

finless

Stanton, Ca

Contributor

Forum Posts: 604

Member Since:
2011/12/10

Offline

Thanks Received: 2

2012/01/12 - 19:57

Repack boot.img

# touch the files you edited to reset touch date and time. For some reason if you don't do this it wont boot.

find . -exec touch -d "1970-01-01 01:00" {} ;

# regzip the files

find . ! -name "."|sort|cpio -oa -H newc|gzip -n >../newinitrd.gz

cd ..

# add CRC and make new boot.img

./rkcrc.exe -p newinitrd.gz newboot.img

Done.

Bob

ttz642t

Firmware Guru

Forum Posts: 53

Member Since:
2011/11/19

Offline

2012/01/12 - 23:00

admin said

Thanks a lot ttz642t.

I have hosted some files here:

/assets/tools/Firmware/Rockchip_CPU_based/an10g2_dump.pl

/assets/tools/Firmware/Rockchip_CPU_based/rksp_unpack_boot.img.pl

and naobsd rkutils statically compiled on Linux:

/assets/tools/Firmware/Rockchip_CPU_based/rkutils-bin.tgz

I'll complete/update as necessary.

I've moved over to the wiki, don't like forums, see:

http://arctablet.com/wiki/index.php/Archos_Arnova_10_G2_Linux_Development

Anybody know how to add attachments to the wiki ?

ttz642t

Firmware Guru

Forum Posts: 53

Member Since:
2011/11/19

Offline

2012/01/15 - 20:56

finless said

ttz642t, your scripts are perl? If so wont many not have that like in Ubuntu?

Bob

Bob,

If you haven't got it installed by default I'm sure it's easy to type: sudo apt-get install perl

I've not come across a linux distro without perl since the early 90's, I doubt any since mid 90's any have shipped without. Perhaps a small distro doesn't install by default but it's there on practically all desktop machines.

I also use dd, but part of the reason for using perl is understandability / readability.

Steve

ttz642t

Firmware Guru

Forum Posts: 53

Member Since:
2011/11/19

Offline

2012/01/15 - 21:07

finless said

Well it's a lot easier to unpack with this.... This is what I use

#strip the header. The count is set much larger than the file size as DD hits EOF anyway.

dd if=boot.img of=initrd.gz skip=8 bs=1 count=20000000

# unzip boot.img to a work folder. gzip disregards trailing garbage in the footer.

mkdir work;cd work;zcat ../initrd.gz|cpio -idm

Done

Bob,

Using the rkunpack tool does an integrity check on the image, ie it checkes the image size and crc.

admin

Forum Posts: 5878

Member Since:
2010/09/11

Offline

Thanks Received: 3169

2012/01/15 - 22:45

ttz642t said

I've moved over to the wiki, don't like forums, see:

http://arctablet.com/wiki/index.php/Archos_Arnova_10_G2_Linux_Development

Anybody know how to add attachments to the wiki ?

Thanks again ttz642t for your help documenting the Arnova G2 firmware manipulation tools.

The WIKI should accept uploads, but perl are currently refused for security. I'll have a look if this can be safely configured or if we should look for another way...

ttz642t

Firmware Guru

Forum Posts: 53

Member Since:
2011/11/19

Offline

2012/01/16 - 23:24

admin said

ttz642t said

I've moved over to the wiki, don't like forums, see:

http://arctablet.com/wiki/index.php/Archos_Arnova_10_G2_Linux_Development

Anybody know how to add attachments to the wiki ?

Thanks again ttz642t for your help documenting the Arnova G2 firmware manipulation tools.

The WIKI should accept uploads, but perl are currently refused for security. I'll have a look if this can be safely configured or if we should look for another way...

I've finished phase 1 of the linux work, have sucessfully reflashed two different 10 G2 tablets with the v1.2 (finless) rom. No more Windowz 🙂

I've re-aranged the wiki pages a bit btw.

finless

Stanton, Ca

Contributor

Forum Posts: 604

Member Since:
2011/12/10

Offline

Thanks Received: 2

2012/01/18 - 17:59

ttz642t, I was looking at your perl script:

#!/usr/bin/perl
# $ rksp_pack_boot.img.pl 20120111_2229/

$BOOTDIR = $ARGV[0];
$BOOTIMGDIR = "BOOTIMG-".`date +%Y%m%d_%H%M`;
chomp $BOOTIMGDIR;
system "mkdir -p $BOOTIMGDIR";

print "Create $BOOTIMGDIR/boot.img from files ,,,\n";
system "find $BOOTDIR -exec touch -d '1970-01-01 01:00' {} \\;";
system "(cd $BOOTDIR; find . ! -name '.' -print | /bin/cpio -oa --format=newc > ../$BOOTIMGDIR/boot.img-cpio)";
system "gzip $BOOTIMGDIR/boot.img-cpio";
system "rkcrc -k $BOOTIMGDIR/boot.img-cpio.gz $BOOTIMGDIR/boot.img";
system "rm $BOOTIMGDIR/boot.img-cpio.gz";

What I do not see (unless I am missing it) is any thing that replace the first 4 bytes of the gzip'ed and rxcrc'd new boot.img. When gzip does it's thng the first four bytes of boot.img say PARM. This needs to be changed to KRNL or the Arnova will not boot. I have been editing the final boot.img with a hex editor to replace PARM with KRNL. Did you possibly modify rkcrc to handle that and thats why I am not seeing it in this script? Maybe thats the -k parameter you added to rkcrc?

Bob

ttz642t

Firmware Guru

Forum Posts: 53

Member Since:
2011/11/19

Offline

2012/01/18 - 20:54

finless said

ttz642t, I was looking at your perl script:

#!/usr/bin/perl
# $ rksp_pack_boot.img.pl 20120111_2229/

$BOOTDIR = $ARGV[0];
$BOOTIMGDIR = "BOOTIMG-".`date +%Y%m%d_%H%M`;
chomp $BOOTIMGDIR;
system "mkdir -p $BOOTIMGDIR";

print "Create $BOOTIMGDIR/boot.img from files ,,,\n";
system "find $BOOTDIR -exec touch -d '1970-01-01 01:00' {} \\;";
system "(cd $BOOTDIR; find . ! -name '.' -print | /bin/cpio -oa --format=newc > ../$BOOTIMGDIR/boot.img-cpio)";
system "gzip $BOOTIMGDIR/boot.img-cpio";
system "rkcrc -k $BOOTIMGDIR/boot.img-cpio.gz $BOOTIMGDIR/boot.img";
system "rm $BOOTIMGDIR/boot.img-cpio.gz";

What I do not see (unless I am missing it) is any thing that replace the first 4 bytes of the gzip'ed and rxcrc'd new boot.img. When gzip does it's thng the first four bytes of boot.img say PARM. This needs to be changed to KRNL or the Arnova will not boot. I have been editing the final boot.img with a hex editor to replace PARM with KRNL. Did you possibly modify rkcrc to handle that and thats why I am not seeing it in this script? Maybe thats the -k parameter you added to rkcrc?

Bob

Corrext, rkcrc calculates the lengeth of the text block and prefixes it and appends the crc and finally prefixes wither PARM or KRNL depending on switch -p or -k.