| Latest product reviews |
|---|
 |
 |
Smartphones  |
TV Connect  |
 |
Register
Log In
HomeClockworkMod (CWM) Recovery easy install for RK3066 and RK3188 -- TWRP/CWM Flash-Tool and root for RK3288
Please donate to support OMA and CrewRKTablets firmware work, thank you !
Firmware Guru
2011/11/19
Offline
For rom development with Linux.
NOTE: The information in this thread should be seen as development chatter and not definative, plese refer to the wiki for the most up to date information:
How do you unpack a rom, modify it and repack it, specifically for the Arnova 10 G2.
Dumping tablet
I've created a perl script to dump all partitions (except the user partition) based on the parameters held on tha tablet, so it should be able to dump any verson of rom on the tablet. See the wiki for more details and scripts.
Here's a demostration of it running:
$ rksp_an10g2_dump.pl
rkflashtool: info: interface claimed
rkflashtool: info: reading flash memory at offset 0x00000000
Reading parameters...
Size of parameters is 607
CRC = c6f69fe0
00: FIRMWARE_VER:0.2.3
01: MACHINE_MODEL:AN10G2
02: MACHINE_ID:007
03: MANUFACTURER:RK29SDK
04: MAGIC: 0x5041524B
05: ATAG: 0x60000800
06: MACHINE: 2929
07: CHECK_MASK: 0x80
08: KERNEL_IMG: 0x60408000
09: #COMBINATION_KEY: 0,6,A,1,0
10: CMDLINE: console=ttyS1,115200n8n androidboot.console=ttyS1 init=/init initrd=0x62000000,0x500000 mtdparts=rk29xxnand:0x00002000@0x00002000(misc),0x00004000@0x00004000(kernel),0x00002000@0x00008000(boot),0x00004000@0x0000A000(recovery),0x00082000@0x0000E000(backup),0x0003a000@0x00090000(cache),0x00100000@0x000ca000(userdata),0x00002000@0x001ca000(kpanic),0x00080000@0x001cc000(system),-@0x0024c000(user)
CMD: CMDLINE
Command line: console=ttyS1,115200n8n androidboot.console=ttyS1 init=/init initrd=0x62000000,0x500000 mtdparts=rk29xxnand
Partitions: 0x00002000@0x00002000(misc),0x00004000@0x00004000(kernel),0x00002000@0x00008000(boot),0x00004000@0x0000A000(recovery),0x00082000@0x0000E000(backup),0x0003a000@0x00090000(cache),0x00100000@0x000ca000(userdata),0x00002000@0x001ca000(kpanic),0x00080000@0x001cc000(system),-@0x0024c000(user)
Partition {misc} of size 0x00002000 at offset 0x00002000
Reading partition...
Partition {kernel} of size 0x00004000 at offset 0x00004000
Reading partition...
Partition {boot} of size 0x00002000 at offset 0x00008000
Reading partition...
Partition {recovery} of size 0x00004000 at offset 0x0000A000
Reading partition...
Partition {backup} of size 0x00082000 at offset 0x0000E000
Reading partition...
Partition {cache} of size 0x0003a000 at offset 0x00090000
Reading partition...
Partition {userdata} of size 0x00100000 at offset 0x000ca000
Reading partition...
Partition {kpanic} of size 0x00002000 at offset 0x001ca000
Reading partition...
Partition {system} of size 0x00080000 at offset 0x001cc000
Reading partition...
Partition {user} of size - at offset 0x0024c000
Firmware Guru
2011/11/19
Offline
Dumping tablet
Trying to figure out how to do a sub topic and hosts scripts...
| an10g2_dump.pl |
|---|
#!/usr/bin/perl
# $DUMP=1;#Uncoment to actually dump the partitions, otherwise dry run, ie parse parameters
$raw = `rkflashtool r 0x00 0x20`;
$DUMPDIR = `date +%Y%m%d_%H%M`;
chomp $DUMPDIR;
system "mkdir -p $DUMPDIR" if($DUMP);print "nReading parameters...n";
$parm=substr($raw,0,4);
$size=ord(substr($raw,4,1))
+(ord(substr($raw,5,1))<<8)
+(ord(substr($raw,6,1))<<16)
+(ord(substr($raw,7,1))<<24);print "Size of parameters is $sizenn";
system "rkflashtool r 0x00 0x20 > $DUMPDIR/p00" if($DUMP);
system "rkflashtool r 0x20 0x20 > $DUMPDIR/p20" if($DUMP);
system "rkflashtool r 0x40 0x20 > $DUMPDIR/p40" if($DUMP);
system "rkflashtool r 0x60 0x20 > $DUMPDIR/p60" if($DUMP);
system "rkflashtool r 0x80 0x20 > $DUMPDIR/p80" if($DUMP);
system "rkflashtool r 0x00 0x2000 > $DUMPDIR/parameter" if($DUMP);$crcpsn=$size+8;
$crc=ord(substr($raw,$crcpsn,1))
+(ord(substr($raw,$crcpsn+1,1))<<8)
+(ord(substr($raw,$crcpsn+2,1))<<16)
+(ord(substr($raw,$crcpsn+3,1))<<24);printf "CRC = %08xn",$crc;
$parameters = substr($raw,8,$size);
@lines = split(chr(13),$parameters);
$numlines=$#lines+1;for($i=0;$i<$numlines;$i++){
$lines[$i] =~ s/[x00-x1F]//g; #remove control codes
printf "%02d: %sn",$i,$lines[$i];
if($lines[$i] =~ /^CMDLINE:/){
($tag,$cmdline,$rk29xxnand) = split(/:/,$lines[$i]);
print "nCMD: $tagn";
print "Command line: $cmdlinen";
print "Partitions: $rk29xxnandnn";
@mtd = split(/,/,$rk29xxnand);
for($j=0;$j<($#mtd+1);$j++){
$i1=index($mtd[$j],"@");
$i2=index($mtd[$j],"(");
$i3=index($mtd[$j],")");
$mtdsize = substr($mtd[$j],0,$i1);
$mtdoffset = substr($mtd[$j],$i1+1,$i2-$i1-1);
$mtdname = substr($mtd[$j],$i2+1,$i3-$i2-1);
print "Partition {$mtdname} of size $mtdsize at offset $mtdoffsetn";
if($mtdsize=~ /^0x/){
$cmd = "rkflashtool r $mtdoffset $mtdsize > $DUMPDIR/".$mtdname.".img";
print "tReading partition...n";
system $cmd if($DUMP);
}
}
}
}
Firmware Guru
2011/11/19
Offline
Unpacking boot.img
Written a script to upack the files from the boot.img
[stevep@localhost image]$ ,/rksp_unpack_boot.img.pl
unpacked
3339 blocks
edit files....
[stevep@localhost image]$ ls BOOT*
BOOT-20120112_1630/
[stevep@localhost image]$ ll BOOT-20120112_1630/
total 1600
drwxrwx--x 2 stevep stevep 4096 Jan 12 16:30 data/
-rw-r--r-- 1 stevep stevep 278 Jan 12 16:30 default.prop
drwxr-xr-x 2 stevep stevep 4096 Jan 12 16:30 dev/
-rwxr-x--- 1 stevep stevep 94200 Jan 12 16:30 init*
-rwxr-x--- 1 stevep stevep 45 Jan 12 16:30 init_battery.sh*
-rwxr-x--- 1 stevep stevep 1677 Jan 12 16:30 init.goldfish.rc*
-rwxr-xr-x 1 stevep stevep 1360652 Jan 12 16:30 initlogo.rle*
-rwxr-x--- 1 stevep stevep 15255 Jan 12 16:30 init.rc*
-rwxr-x--- 1 stevep stevep 2710 Jan 12 16:30 init.rk29board.rc*
drwxr-xr-x 2 stevep stevep 4096 Jan 12 16:30 proc/
-rw-r--r-- 1 stevep stevep 113525 Jan 12 16:30 rk29xxnand_ko.ko
drwxr-x--- 2 stevep stevep 4096 Jan 12 16:30 sbin/
drwxr-xr-x 2 stevep stevep 4096 Jan 12 16:30 sys/
drwxr-xr-x 2 stevep stevep 4096 Jan 12 16:30 system/
-rw-r--r-- 1 stevep stevep 0 Jan 12 16:30 ueventd.goldfish.rc
-rw-r--r-- 1 stevep stevep 3764 Jan 12 16:30 ueventd.rc
-rw-r--r-- 1 stevep stevep 1002 Jan 12 16:30 ueventd.rk29board.rc
Here's thescript:
rksp_unpack_boot.img.pl
==================
#!/usr/bin/perl
# $ ./rksp_unpack_boot.img.pl
$imgfn = "boot.img";
$BOOTDIR = "BOOT-".`date +%Y%m%d_%H%M`;
chomp $BOOTDIR;
system "mkdir -p $BOOTDIR";
system "rkunpack $imgfn";
system "mv ".$imgfn."-raw $BOOTDIR/".$imgfn."-cpio.gz";
system "gzip -d $BOOTDIR/".$imgfn."-cpio.gz";
system "(cd $BOOTDIR/; cpio -i < ".$imgfn."-cpio)";
system "rm $BOOTDIR/".$imgfn."-cpio";
print "edit files....\n";
Firmware Guru
2011/11/19
Offline
Script to re-pack the boot.img.
# # # INCOMPLETE # # #
./rksp_unpack_boot.img.pl
===================
#!/usr/bin/perl
# $ ./rksp_unpack_boot.img.pl 20120111_2229/
$BOOTDIR = $ARGV[0];
system "rm $BOOTDIR/boot.img-cpio";
print "Create $BOOTDIR/boot.img-cpio from files\n";
#system "gzip $BOOTDIR/".$imgfn."-cpio";
#system "rkcrc -k $BOOTDIR/boot.img-cpio.gz $BOOTDIR/boot.img";
admin
2010/09/11
Offline
Thanks a lot ttz642t.
I have hosted some files here:
/assets/tools/Firmware/Rockchip_CPU_based/an10g2_dump.pl
/assets/tools/Firmware/Rockchip_CPU_based/rksp_unpack_boot.img.pl
and naobsd rkutils statically compiled on Linux:
/assets/tools/Firmware/Rockchip_CPU_based/rkutils-bin.tgz
I'll complete/update as necessary.
If you like our web site, applications and firmwares, feel free to support our site. Donations are used to pay the bills for our server hosting costs, development tools and purchase new tablets to support.
Contributor
2011/12/10
Offline
Well it's a lot easier to unpack with this.... This is what I use
#strip the header. The count is set much larger than the file size as DD hits EOF anyway.
dd if=boot.img of=initrd.gz skip=8 bs=1 count=20000000
# unzip boot.img to a work folder. gzip disregards trailing garbage in the footer.
mkdir work;cd work;zcat ../initrd.gz|cpio -idm
Done
Contributor
2011/12/10
Offline
ttz642t, your scripts are perl? If so wont many not have that like in Ubuntu?
Bob
Contributor
2011/12/10
Offline
Repack boot.img
# touch the files you edited to reset touch date and time. For some reason if you don't do this it wont boot.
find . -exec touch -d "1970-01-01 01:00" {} ;
# regzip the files
find . ! -name "."|sort|cpio -oa -H newc|gzip -n >../newinitrd.gz
cd ..
# add CRC and make new boot.img
./rkcrc.exe -p newinitrd.gz newboot.img
Done.
Bob
Firmware Guru
2011/11/19
Offline
admin said
Thanks a lot ttz642t.
I have hosted some files here:
/assets/tools/Firmware/Rockchip_CPU_based/an10g2_dump.pl
/assets/tools/Firmware/Rockchip_CPU_based/rksp_unpack_boot.img.pl
and naobsd rkutils statically compiled on Linux:
/assets/tools/Firmware/Rockchip_CPU_based/rkutils-bin.tgz
I'll complete/update as necessary.
I've moved over to the wiki, don't like forums, see:
Anybody know how to add attachments to the wiki ?
Firmware Guru
2011/11/19
Offline
finless said
ttz642t, your scripts are perl? If so wont many not have that like in Ubuntu?
Bob
Bob,
If you haven't got it installed by default I'm sure it's easy to type: sudo apt-get install perl
I've not come across a linux distro without perl since the early 90's, I doubt any since mid 90's any have shipped without. Perhaps a small distro doesn't install by default but it's there on practically all desktop machines.
I also use dd, but part of the reason for using perl is understandability / readability.
--
Steve
Firmware Guru
2011/11/19
Offline
finless said
Well it's a lot easier to unpack with this.... This is what I use
#strip the header. The count is set much larger than the file size as DD hits EOF anyway.
dd if=boot.img of=initrd.gz skip=8 bs=1 count=20000000
# unzip boot.img to a work folder. gzip disregards trailing garbage in the footer.
mkdir work;cd work;zcat ../initrd.gz|cpio -idm
Done
Bob,
Using the rkunpack tool does an integrity check on the image, ie it checkes the image size and crc.
admin
2010/09/11
Offline
ttz642t said
I've moved over to the wiki, don't like forums, see:
Anybody know how to add attachments to the wiki ?
Thanks again ttz642t for your help documenting the Arnova G2 firmware manipulation tools.
The WIKI should accept uploads, but perl are currently refused for security. I'll have a look if this can be safely configured or if we should look for another way...
If you like our web site, applications and firmwares, feel free to support our site. Donations are used to pay the bills for our server hosting costs, development tools and purchase new tablets to support.
Firmware Guru
2011/11/19
Offline
admin said
ttz642t said
I've moved over to the wiki, don't like forums, see:
Anybody know how to add attachments to the wiki ?
Thanks again ttz642t for your help documenting the Arnova G2 firmware manipulation tools.
The WIKI should accept uploads, but perl are currently refused for security. I'll have a look if this can be safely configured or if we should look for another way...
I've finished phase 1 of the linux work, have sucessfully reflashed two different 10 G2 tablets with the v1.2 (finless) rom. No more Windowz 🙂
I've re-aranged the wiki pages a bit btw.
Contributor
2011/12/10
Offline
ttz642t, I was looking at your perl script:
#!/usr/bin/perl
# $ rksp_pack_boot.img.pl 20120111_2229/
$BOOTDIR = $ARGV[0];
$BOOTIMGDIR = "BOOTIMG-".`date +%Y%m%d_%H%M`;
chomp $BOOTIMGDIR;
system "mkdir -p $BOOTIMGDIR";
print "Create $BOOTIMGDIR/boot.img from files ,,,\n";
system "find $BOOTDIR -exec touch -d '1970-01-01 01:00' {} \\;";
system "(cd $BOOTDIR; find . ! -name '.' -print | /bin/cpio -oa --format=newc > ../$BOOTIMGDIR/boot.img-cpio)";
system "gzip $BOOTIMGDIR/boot.img-cpio";
system "rkcrc -k $BOOTIMGDIR/boot.img-cpio.gz $BOOTIMGDIR/boot.img";
system "rm $BOOTIMGDIR/boot.img-cpio.gz";
What I do not see (unless I am missing it) is any thing that replace the first 4 bytes of the gzip'ed and rxcrc'd new boot.img. When gzip does it's thng the first four bytes of boot.img say PARM. This needs to be changed to KRNL or the Arnova will not boot. I have been editing the final boot.img with a hex editor to replace PARM with KRNL. Did you possibly modify rkcrc to handle that and thats why I am not seeing it in this script? Maybe thats the -k parameter you added to rkcrc?
Bob
Firmware Guru
2011/11/19
Offline
finless said
ttz642t, I was looking at your perl script:
#!/usr/bin/perl
# $ rksp_pack_boot.img.pl 20120111_2229/$BOOTDIR = $ARGV[0];
$BOOTIMGDIR = "BOOTIMG-".`date +%Y%m%d_%H%M`;
chomp $BOOTIMGDIR;
system "mkdir -p $BOOTIMGDIR";print "Create $BOOTIMGDIR/boot.img from files ,,,\n";
system "find $BOOTDIR -exec touch -d '1970-01-01 01:00' {} \\;";
system "(cd $BOOTDIR; find . ! -name '.' -print | /bin/cpio -oa --format=newc > ../$BOOTIMGDIR/boot.img-cpio)";
system "gzip $BOOTIMGDIR/boot.img-cpio";
system "rkcrc -k $BOOTIMGDIR/boot.img-cpio.gz $BOOTIMGDIR/boot.img";
system "rm $BOOTIMGDIR/boot.img-cpio.gz";
What I do not see (unless I am missing it) is any thing that replace the first 4 bytes of the gzip'ed and rxcrc'd new boot.img. When gzip does it's thng the first four bytes of boot.img say PARM. This needs to be changed to KRNL or the Arnova will not boot. I have been editing the final boot.img with a hex editor to replace PARM with KRNL. Did you possibly modify rkcrc to handle that and thats why I am not seeing it in this script? Maybe thats the -k parameter you added to rkcrc?
Bob<!--
NewPP limit report
Preprocessor node count: 19/1000000
Post-expand include size: 0/2097152 bytes
Template argument size: 0/2097152 bytes
Expensive parser function count: 0/100
-->
Corrext, rkcrc calculates the lengeth of the text block and prefixes it and appends the crc and finally prefixes wither PARM or KRNL depending on switch -p or -k.
Most Users Ever Online: 749
Currently Online: Gumian, pedrocox
79 Guest(s)
Currently Browsing this Page:
1 Guest(s)
Devices in use: Desktop (77), Phone (4)
Top Posters:
finless: 604
DarthJabba: 551
maikal: 394
mussonero1: 350
alex: 252
damo: 243
DanielVd: 237
Mark06: 222
Newest Members:
pedrocox
kyegrey
sed2020
Tableciarz
mohyar
Bernd.K
Forum Stats:
Groups: 10
Forums: 185
Topics: 6037
Posts: 60500
Member Stats:
Guest Posters: 43
Members: 262194
Moderators: 5
Admins: 1
Administrators: admin
Moderators: globula_neagra, exelletor, JochenKauz, Oma7144, cracktech
CrewRKTablets moderators: JochenKauz and Astralix
