Latest product reviews
ARCHOS 50 Diamond
ARCHOS GamePad2
ARCHOS
Smartphones
ARCHOS
TV Connect
ARCHOS 101 XS

A A A
Avatar

Please consider registering
Guest

sp_Registration Register sp_LogInOut Log In
sp_Search Search
Advanced Search
Search

— Forum Scope —





— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Search Search

Register Lost password?

ClockworkMod (CWM) Recovery easy install for RK3066 and RK3188 -- TWRP/CWM Flash-Tool and root for RK3288

 Please donate to support OMA and CrewRKTablets firmware work, thank you !

sp_Feed sp_TopicIcon
Arnova 10 G2 Custom rom development with Linux
Page: 123Jump to page
Avatar
ttz642t

Firmware Guru
Forum Posts: 53
Member Since:
2011/11/19
sp_UserOfflineSmall Offline
1
2011/11/20 - 17:39
sp_Permalink sp_Print sp_EditHistory

For rom development with Linux.

NOTE: The information in this thread should be seen as development chatter and not definative, plese refer to the wiki for the most up to date information:

How do you unpack a rom, modify it and repack it, specifically for the Arnova 10 G2.

Dumping tablet

I've created a perl script to dump all partitions (except the user partition) based on the parameters held on tha tablet, so it should be able to dump any verson of rom on the tablet. See the wiki for more details and scripts.

Here's a demostration of it running:

$ rksp_an10g2_dump.pl
rkflashtool: info: interface claimed
rkflashtool: info: reading flash memory at offset 0x00000000

Reading parameters...
Size of parameters is 607

CRC = c6f69fe0
00: FIRMWARE_VER:0.2.3
01: MACHINE_MODEL:AN10G2
02: MACHINE_ID:007
03: MANUFACTURER:RK29SDK
04: MAGIC: 0x5041524B
05: ATAG: 0x60000800
06: MACHINE: 2929
07: CHECK_MASK: 0x80
08: KERNEL_IMG: 0x60408000
09: #COMBINATION_KEY: 0,6,A,1,0
10: CMDLINE: console=ttyS1,115200n8n androidboot.console=ttyS1 init=/init initrd=0x62000000,0x500000 mtdparts=rk29xxnand:0x00002000@0x00002000(misc),0x00004000@0x00004000(kernel),0x00002000@0x00008000(boot),0x00004000@0x0000A000(recovery),0x00082000@0x0000E000(backup),0x0003a000@0x00090000(cache),0x00100000@0x000ca000(userdata),0x00002000@0x001ca000(kpanic),0x00080000@0x001cc000(system),-@0x0024c000(user)

CMD: CMDLINE
Command line: console=ttyS1,115200n8n androidboot.console=ttyS1 init=/init initrd=0x62000000,0x500000 mtdparts=rk29xxnand
Partitions: 0x00002000@0x00002000(misc),0x00004000@0x00004000(kernel),0x00002000@0x00008000(boot),0x00004000@0x0000A000(recovery),0x00082000@0x0000E000(backup),0x0003a000@0x00090000(cache),0x00100000@0x000ca000(userdata),0x00002000@0x001ca000(kpanic),0x00080000@0x001cc000(system),-@0x0024c000(user)

Partition {misc} of size 0x00002000 at offset 0x00002000
Reading partition...
Partition {kernel} of size 0x00004000 at offset 0x00004000
Reading partition...
Partition {boot} of size 0x00002000 at offset 0x00008000
Reading partition...
Partition {recovery} of size 0x00004000 at offset 0x0000A000
Reading partition...
Partition {backup} of size 0x00082000 at offset 0x0000E000
Reading partition...
Partition {cache} of size 0x0003a000 at offset 0x00090000
Reading partition...
Partition {userdata} of size 0x00100000 at offset 0x000ca000
Reading partition...
Partition {kpanic} of size 0x00002000 at offset 0x001ca000
Reading partition...
Partition {system} of size 0x00080000 at offset 0x001cc000
Reading partition...
Partition {user} of size - at offset 0x0024c000

Avatar
ttz642t

Firmware Guru
Forum Posts: 53
Member Since:
2011/11/19
sp_UserOfflineSmall Offline
2
2012/01/08 - 12:15
sp_Permalink sp_Print sp_EditHistory

Dumping tablet

Trying to figure out how to do a sub topic and hosts scripts...

 

an10g2_dump.pl

 #!/usr/bin/perl

# $DUMP=1;#Uncoment to actually dump the partitions, otherwise dry run, ie parse parameters

$raw = `rkflashtool r 0x00 0x20`;
$DUMPDIR = `date +%Y%m%d_%H%M`;
chomp $DUMPDIR;
system "mkdir -p $DUMPDIR" if($DUMP);

print "nReading parameters...n";

$parm=substr($raw,0,4);
$size=ord(substr($raw,4,1))
     +(ord(substr($raw,5,1))<<8)
     +(ord(substr($raw,6,1))<<16)
     +(ord(substr($raw,7,1))<<24);

print "Size of parameters is $sizenn";

system "rkflashtool r 0x00 0x20 > $DUMPDIR/p00" if($DUMP);
system "rkflashtool r 0x20 0x20 > $DUMPDIR/p20" if($DUMP);
system "rkflashtool r 0x40 0x20 > $DUMPDIR/p40" if($DUMP);
system "rkflashtool r 0x60 0x20 > $DUMPDIR/p60" if($DUMP);
system "rkflashtool r 0x80 0x20 > $DUMPDIR/p80" if($DUMP);
system "rkflashtool r 0x00 0x2000 > $DUMPDIR/parameter" if($DUMP);

$crcpsn=$size+8;
$crc=ord(substr($raw,$crcpsn,1))
     +(ord(substr($raw,$crcpsn+1,1))<<8)
     +(ord(substr($raw,$crcpsn+2,1))<<16)
     +(ord(substr($raw,$crcpsn+3,1))<<24);

printf "CRC = %08xn",$crc;

$parameters = substr($raw,8,$size);

@lines = split(chr(13),$parameters);
$numlines=$#lines+1;

for($i=0;$i<$numlines;$i++){
  $lines[$i] =~ s/[x00-x1F]//g; #remove control codes
  printf "%02d: %sn",$i,$lines[$i];
  if($lines[$i] =~ /^CMDLINE:/){
    ($tag,$cmdline,$rk29xxnand) = split(/:/,$lines[$i]);
    print "nCMD: $tagn";
    print "Command line: $cmdlinen";
    print "Partitions: $rk29xxnandnn";
    @mtd = split(/,/,$rk29xxnand);
    for($j=0;$j<($#mtd+1);$j++){
      $i1=index($mtd[$j],"@");
      $i2=index($mtd[$j],"(");
      $i3=index($mtd[$j],")");
      $mtdsize = substr($mtd[$j],0,$i1);
      $mtdoffset = substr($mtd[$j],$i1+1,$i2-$i1-1);
      $mtdname = substr($mtd[$j],$i2+1,$i3-$i2-1);
      print "Partition {$mtdname} of size $mtdsize at offset $mtdoffsetn";
      if($mtdsize=~ /^0x/){
        $cmd = "rkflashtool r $mtdoffset $mtdsize > $DUMPDIR/".$mtdname.".img";
        print "tReading partition...n";
        system $cmd if($DUMP);
      }
    }
  }
}

Avatar
ttz642t

Firmware Guru
Forum Posts: 53
Member Since:
2011/11/19
sp_UserOfflineSmall Offline
3
2012/01/12 - 17:33
sp_Permalink sp_Print

Unpacking boot.img

Written a script to upack the files from the boot.img

 [stevep@localhost image]$  ,/rksp_unpack_boot.img.pl
unpacked
3339 blocks
edit files....

[stevep@localhost image]$ ls BOOT*
BOOT-20120112_1630/

[stevep@localhost image]$ ll BOOT-20120112_1630/
total 1600
drwxrwx--x 2 stevep stevep    4096 Jan 12 16:30 data/
-rw-r--r-- 1 stevep stevep     278 Jan 12 16:30 default.prop
drwxr-xr-x 2 stevep stevep    4096 Jan 12 16:30 dev/
-rwxr-x--- 1 stevep stevep   94200 Jan 12 16:30 init*
-rwxr-x--- 1 stevep stevep      45 Jan 12 16:30 init_battery.sh*
-rwxr-x--- 1 stevep stevep    1677 Jan 12 16:30 init.goldfish.rc*
-rwxr-xr-x 1 stevep stevep 1360652 Jan 12 16:30 initlogo.rle*
-rwxr-x--- 1 stevep stevep   15255 Jan 12 16:30 init.rc*
-rwxr-x--- 1 stevep stevep    2710 Jan 12 16:30 init.rk29board.rc*
drwxr-xr-x 2 stevep stevep    4096 Jan 12 16:30 proc/
-rw-r--r-- 1 stevep stevep  113525 Jan 12 16:30 rk29xxnand_ko.ko
drwxr-x--- 2 stevep stevep    4096 Jan 12 16:30 sbin/
drwxr-xr-x 2 stevep stevep    4096 Jan 12 16:30 sys/
drwxr-xr-x 2 stevep stevep    4096 Jan 12 16:30 system/
-rw-r--r-- 1 stevep stevep       0 Jan 12 16:30 ueventd.goldfish.rc
-rw-r--r-- 1 stevep stevep    3764 Jan 12 16:30 ueventd.rc
-rw-r--r-- 1 stevep stevep    1002 Jan 12 16:30 ueventd.rk29board.rc

 

Here's thescript:

 

rksp_unpack_boot.img.pl

==================

#!/usr/bin/perl

#    $ ./rksp_unpack_boot.img.pl

$imgfn = "boot.img";

$BOOTDIR = "BOOT-".`date +%Y%m%d_%H%M`;
chomp $BOOTDIR;
system "mkdir -p $BOOTDIR";

system "rkunpack $imgfn";
system "mv ".$imgfn."-raw $BOOTDIR/".$imgfn."-cpio.gz";
system "gzip -d $BOOTDIR/".$imgfn."-cpio.gz";
system "(cd $BOOTDIR/; cpio -i < ".$imgfn."-cpio)";
system "rm $BOOTDIR/".$imgfn."-cpio";
print "edit files....\n";

Avatar
ttz642t

Firmware Guru
Forum Posts: 53
Member Since:
2011/11/19
sp_UserOfflineSmall Offline
4
2012/01/12 - 17:41
sp_Permalink sp_Print

Script to re-pack the boot.img.

 

# # # INCOMPLETE # # #

 

./rksp_unpack_boot.img.pl

===================

#!/usr/bin/perl

#    $ ./rksp_unpack_boot.img.pl  20120111_2229/

$BOOTDIR = $ARGV[0];

system "rm $BOOTDIR/boot.img-cpio";
print "Create $BOOTDIR/boot.img-cpio from files\n";
#system "gzip $BOOTDIR/".$imgfn."-cpio";
#system "rkcrc -k $BOOTDIR/boot.img-cpio.gz $BOOTDIR/boot.img";


Avatar
admin

admin
Forum Posts: 5878
Member Since:
2010/09/11
sp_UserOfflineSmall Offline
sp_UserWebsite

Thanks Received: 3168
5
2012/01/12 - 18:05
sp_Permalink sp_Print sp_EditHistory

Thanks a lot ttz642t.

 

I have hosted some files here:

/assets/tools/Firmware/Rockchip_CPU_based/an10g2_dump.pl

/assets/tools/Firmware/Rockchip_CPU_based/rksp_unpack_boot.img.pl

and naobsd rkutils statically compiled on Linux: 

/assets/tools/Firmware/Rockchip_CPU_based/rkutils-bin.tgz

 

I'll complete/update as necessary.

If you like our web site, applications and firmwares, feel free to support our site. Donations are used to pay the bills for our server hosting costs, development tools and purchase new tablets to support.

Avatar
finless
Stanton, Ca

Contributor
Forum Posts: 604
Member Since:
2011/12/10
sp_UserOfflineSmall Offline
sp_UserWebsite

Thanks Received: 2
6
2012/01/12 - 19:26
sp_Permalink sp_Print sp_EditHistory

Well it's a lot easier to unpack with this.... This is what I use

#strip the header. The count is set much larger than the file size as DD hits EOF anyway.

dd if=boot.img of=initrd.gz skip=8 bs=1 count=20000000

# unzip boot.img to a work folder. gzip disregards trailing garbage in the footer.

mkdir work;cd work;zcat ../initrd.gz|cpio -idm

 

Done

Avatar
finless
Stanton, Ca

Contributor
Forum Posts: 604
Member Since:
2011/12/10
sp_UserOfflineSmall Offline
sp_UserWebsite

Thanks Received: 2
7
2012/01/12 - 19:50
sp_Permalink sp_Print sp_EditHistory

ttz642t, your scripts are perl?  If so wont many not have that like in Ubuntu?

 

Bob

Avatar
finless
Stanton, Ca

Contributor
Forum Posts: 604
Member Since:
2011/12/10
sp_UserOfflineSmall Offline
sp_UserWebsite

Thanks Received: 2
8
2012/01/12 - 19:57
sp_Permalink sp_Print sp_EditHistory

Repack boot.img

 

# touch the files you edited to reset touch date and time. For some reason if you don't do this it wont boot.

find . -exec touch -d "1970-01-01 01:00" {} ;

# regzip the files

find . ! -name "."|sort|cpio -oa -H newc|gzip -n >../newinitrd.gz

cd ..

# add CRC and make new boot.img

./rkcrc.exe -p newinitrd.gz newboot.img

 

Done.

Bob

Avatar
ttz642t

Firmware Guru
Forum Posts: 53
Member Since:
2011/11/19
sp_UserOfflineSmall Offline
9
2012/01/12 - 23:00
sp_Permalink sp_Print

admin said

Thanks a lot ttz642t.

 

I have hosted some files here:

/assets/tools/Firmware/Rockchip_CPU_based/an10g2_dump.pl

/assets/tools/Firmware/Rockchip_CPU_based/rksp_unpack_boot.img.pl

and naobsd rkutils statically compiled on Linux: 

/assets/tools/Firmware/Rockchip_CPU_based/rkutils-bin.tgz

 

I'll complete/update as necessary.

I've moved over to the wiki, don't like forums, see:

 

Anybody know how to add attachments to the wiki ?

Avatar
ttz642t

Firmware Guru
Forum Posts: 53
Member Since:
2011/11/19
sp_UserOfflineSmall Offline
10
2012/01/15 - 20:56
sp_Permalink sp_Print

finless said

ttz642t, your scripts are perl?  If so wont many not have that like in Ubuntu?

 

Bob

Bob,

If you haven't got it installed by default I'm sure it's easy to type: sudo apt-get install perl

 

I've not come across a linux distro without perl since the early 90's, I doubt any since mid 90's any have shipped without. Perhaps a small distro doesn't install by default but it's there on practically all desktop machines.

 

I also use dd, but part of the reason for using perl is understandability / readability.

--

Steve

Avatar
ttz642t

Firmware Guru
Forum Posts: 53
Member Since:
2011/11/19
sp_UserOfflineSmall Offline
11
2012/01/15 - 21:07
sp_Permalink sp_Print

finless said

Well it's a lot easier to unpack with this.... This is what I use

#strip the header. The count is set much larger than the file size as DD hits EOF anyway.

dd if=boot.img of=initrd.gz skip=8 bs=1 count=20000000

# unzip boot.img to a work folder. gzip disregards trailing garbage in the footer.

mkdir work;cd work;zcat ../initrd.gz|cpio -idm

 

Done

Bob,

Using the rkunpack tool does an integrity check on the image, ie it checkes the image size and crc.

Avatar
admin

admin
Forum Posts: 5878
Member Since:
2010/09/11
sp_UserOfflineSmall Offline
sp_UserWebsite

Thanks Received: 3168
12
2012/01/15 - 22:45
sp_Permalink sp_Print sp_EditHistory

ttz642t said

I've moved over to the wiki, don't like forums, see:

Anybody know how to add attachments to the wiki ?

Thanks again ttz642t for your help documenting the Arnova G2 firmware manipulation tools.

The WIKI should accept uploads, but perl are currently refused for security. I'll have a look if this can be safely configured or if we should look for another way... 

If you like our web site, applications and firmwares, feel free to support our site. Donations are used to pay the bills for our server hosting costs, development tools and purchase new tablets to support.

Avatar
ttz642t

Firmware Guru
Forum Posts: 53
Member Since:
2011/11/19
sp_UserOfflineSmall Offline
13
2012/01/16 - 23:24
sp_Permalink sp_Print

admin said

ttz642t said

I've moved over to the wiki, don't like forums, see:

Anybody know how to add attachments to the wiki ?

Thanks again ttz642t for your help documenting the Arnova G2 firmware manipulation tools.

The WIKI should accept uploads, but perl are currently refused for security. I'll have a look if this can be safely configured or if we should look for another way... 

I've finished phase 1 of the linux work, have sucessfully reflashed two different 10 G2 tablets with the v1.2 (finless) rom. No more Windowz 🙂

 

I've re-aranged the wiki pages a bit btw.

Avatar
finless
Stanton, Ca

Contributor
Forum Posts: 604
Member Since:
2011/12/10
sp_UserOfflineSmall Offline
sp_UserWebsite

Thanks Received: 2
14
2012/01/18 - 17:59
sp_Permalink sp_Print

ttz642t, I was looking at your perl script:

 #!/usr/bin/perl
# $ rksp_pack_boot.img.pl 20120111_2229/

$BOOTDIR = $ARGV[0];
$BOOTIMGDIR = "BOOTIMG-".`date +%Y%m%d_%H%M`;
chomp $BOOTIMGDIR;
system "mkdir -p $BOOTIMGDIR";

print "Create $BOOTIMGDIR/boot.img from files ,,,\n";
system "find $BOOTDIR -exec touch -d '1970-01-01 01:00' {} \\;";
system "(cd $BOOTDIR; find .  ! -name '.' -print | /bin/cpio -oa --format=newc > ../$BOOTIMGDIR/boot.img-cpio)";
system "gzip $BOOTIMGDIR/boot.img-cpio";
system "rkcrc -k $BOOTIMGDIR/boot.img-cpio.gz $BOOTIMGDIR/boot.img";
system "rm $BOOTIMGDIR/boot.img-cpio.gz";

 

What I do not see (unless I am missing it) is any thing that replace the first 4 bytes of the gzip'ed and rxcrc'd new boot.img.  When gzip does it's thng the first four bytes of boot.img say PARM.  This needs to be changed to KRNL or the Arnova will not boot.  I have been editing the final boot.img with a hex editor to replace PARM with KRNL.  Did you possibly modify rkcrc to handle that and thats why I am not seeing it in this script?  Maybe thats the -k parameter you added to rkcrc?

 

Bob

Avatar
ttz642t

Firmware Guru
Forum Posts: 53
Member Since:
2011/11/19
sp_UserOfflineSmall Offline
15
2012/01/18 - 20:54
sp_Permalink sp_Print

finless said

ttz642t, I was looking at your perl script:

 #!/usr/bin/perl
# $ rksp_pack_boot.img.pl 20120111_2229/

$BOOTDIR = $ARGV[0];
$BOOTIMGDIR = "BOOTIMG-".`date +%Y%m%d_%H%M`;
chomp $BOOTIMGDIR;
system "mkdir -p $BOOTIMGDIR";

print "Create $BOOTIMGDIR/boot.img from files ,,,\n";
system "find $BOOTDIR -exec touch -d '1970-01-01 01:00' {} \\;";
system "(cd $BOOTDIR; find .  ! -name '.' -print | /bin/cpio -oa --format=newc > ../$BOOTIMGDIR/boot.img-cpio)";
system "gzip $BOOTIMGDIR/boot.img-cpio";
system "rkcrc -k $BOOTIMGDIR/boot.img-cpio.gz $BOOTIMGDIR/boot.img";
system "rm $BOOTIMGDIR/boot.img-cpio.gz";

 

What I do not see (unless I am missing it) is any thing that replace the first 4 bytes of the gzip'ed and rxcrc'd new boot.img.  When gzip does it's thng the first four bytes of boot.img say PARM.  This needs to be changed to KRNL or the Arnova will not boot.  I have been editing the final boot.img with a hex editor to replace PARM with KRNL.  Did you possibly modify rkcrc to handle that and thats why I am not seeing it in this script?  Maybe thats the -k parameter you added to rkcrc?

 

Bob<!--
NewPP limit report
Preprocessor node count: 19/1000000
Post-expand include size: 0/2097152 bytes
Template argument size: 0/2097152 bytes
Expensive parser function count: 0/100
-->

Corrext, rkcrc calculates the lengeth of the text block and prefixes it and appends the crc and finally prefixes wither PARM or KRNL depending on switch -p or -k.

Page: 123Jump to page
sp_Feed
Go to top
Forum Timezone: Europe/Paris

Most Users Ever Online: 749

Currently Online: moraless83, hotair1983
133 Guest(s)

Currently Browsing this Page:
1 Guest(s)


Devices in use: Desktop (123), Phone (12)

Top Posters:

Oma7144: 6234

globula_neagra: 2424

finless: 604

DarthJabba: 551

exelletor: 450

JochenKauz: 450

cracktech: 432

maikal: 394

Newest Members:

grancapitan

zeitch

danylook

gamarule

ivanopulus2012

ivanopulu2012

Forum Stats:

Groups: 10

Forums: 185

Topics: 5982

Posts: 60061

 

Member Stats:

Guest Posters: 43

Members: 259487

Moderators: 5

Admins: 1

Administrators: admin

Moderators: globula_neagra, exelletor, JochenKauz, Oma7144, cracktech


CrewRKTablets moderators: JochenKauz and Astralix