From 4bce4a0f394e4d94c4dfa3589ac1a611f81535b7 Mon Sep 17 00:00:00 2001 From: cfig Date: Thu, 30 Jul 2020 14:50:04 +0800 Subject: [PATCH] fix dtbo support - fix dtbo support with correct file path - refine README --- README.md | 128 +++++++++++------- .../src/main/kotlin/packable/DtboParser.kt | 5 +- bbootimg/src/main/resources/general.cfg | 5 +- tools/free.py | 22 +++ 4 files changed, 109 insertions(+), 51 deletions(-) create mode 100755 tools/free.py diff --git a/README.md b/README.md index 830d961..768d0e8 100644 --- a/README.md +++ b/README.md @@ -1,48 +1,38 @@ -[中文](doc/short.md) # Android_boot_image_editor [![Codacy Badge](https://api.codacy.com/project/badge/Grade/fa6a49bb22b84307b12e7a8878867c1e)](https://app.codacy.com/manual/cfig97/Android_boot_image_editor?utm_source=github.com&utm_medium=referral&utm_content=cfig/Android_boot_image_editor&utm_campaign=Badge_Grade_Dashboard) [![Build Status](https://travis-ci.org/cfig/Android_boot_image_editor.svg?branch=master)](https://travis-ci.org/cfig/Android_boot_image_editor) [![License](http://img.shields.io/:license-apache-blue.svg?style=flat-square)](http://www.apache.org/licenses/LICENSE-2.0.html) -This tool focuses on editing Android boot.img(also recovery.img, and vbmeta.img). +A tool for reverse engineering Android ROM images. (working on ![Linux](doc/linux24.png) and ![Mac](doc/apple24.png)) -## 1. Prerequisite -#### 1.1 Host OS requirement: +## Getting Started -![Linux](doc/linux24.png) or ![Mac](doc/apple24.png) development env. To get the most of the toolkit, following packages are also needed: python, jdk 8+, zlib1g-dev, cpio, device-tree-compiler. +#### Installation +* install required packages -#### 1.2 Target Android requirement: + ```bash + sudo apt install device-tree-compiler lz4 zlib1g-dev cpio + ``` -(1) Target boot.img MUST follows AOSP verified boot flow, either [Boot image signature](https://source.android.com/security/verifiedboot/verified-boot#signature_format) in VBoot 1.0 or [AVB HASH footer](https://android.googlesource.com/platform/external/avb/+/master/README.md#The-VBMeta-struct) (a.k.a. AVB) in VBoot 2.0. +* get the tool + ```bash + git clone https://github.com/cfig/Android_boot_image_editor.git --depth=1 + ``` -Supported images: + or clone it from mirror: -| Image Type | typical file names | | -|-----------------|-------------------------------------|---| -| boot images | boot.img, vendor_boot.img | | -| recovery images | recovery.img, recovery-two-step.img | | -| vbmeta images | vbmeta.img, vbmeta_system.img etc. | | -| sparse images | system.img, vendor.img etc. | | -| dtbo images | dtbo.img | | + ```bash + git clone https://gitee.com/cfig/Android_boot_image_editor.git --depth=1 + ``` -(2) These utilities are known to work for Nexus/Pixel boot.img for the following Android releases: - - - AOSP master - - Lollipop (5.0) - Android 10 - -## 2. Usage -Clone this repo with minimal depth: - - git clone https://github.com/cfig/Android_boot_image_editor.git --depth=1 - -or clone it from mirror: - - git clone https://gitee.com/cfig/Android_boot_image_editor.git --depth=1 +#### Parsing and packing Put your boot.img to current directory, then start gradle 'unpack' task: - cp boot.img - ./gradlew unpack +```bash +cp boot.img +./gradlew unpack +``` Your get the flattened kernel and /root filesystem under **./build/unzip\_boot**: @@ -64,28 +54,28 @@ You get the repacked boot.img at $(CURDIR): boot.img.signed -Well done you did it! The last step is to add the star to this repo :smile +Well done you did it! The last step is to star this repo :smile -#### If you are working with recovery.img -If you are working with recovery.img, the steps are similar: - cp recovery.img - ./gradlew unpack - ./gradlew pack +### live demo + +

+ +

-And you get recovery.img.signed +## Supported ROM image types +| Image Type | file names | | +| --------------- | ----------------------------------- | ---- | +| boot images | boot.img, vendor_boot.img | | +| recovery images | recovery.img, recovery-two-step.img | | +| vbmeta images | vbmeta.img, vbmeta_system.img etc. | | +| sparse images | system.img, vendor.img etc. | | +| dtbo images | dtbo.img | | -### usage demo -![](doc/op.gif) +Please note that the boot.img MUST follows AOSP verified boot flow, either [Boot image signature](https://source.android.com/security/verifiedboot/verified-boot#signature_format) in VBoot 1.0 or [AVB HASH footer](https://android.googlesource.com/platform/external/avb/+/master/README.md#The-VBMeta-struct) (a.k.a. AVB) in VBoot 2.0. -## 3. example & test -An example boot.img has been placed at **src/test/resources/boot.img**, which is extracted from Nexus 5x(code: bullhead) factory images from [Google](https://dl.google.com/dl/android/aosp/bullhead-mda89e-factory-29247942.tgz), you can take it as a quick start. - -## 4. boot.img layout -Read [layout](doc/layout.md) of Android boot.img and vendor\_boot.img. - -## 5. compatible devices +## compatible devices | Device Model | Manufacturer | Compatible | Android Version | Note | |--------------------------------|--------------|----------------------|--------------------------|------| @@ -98,7 +88,51 @@ Read [layout](doc/layout.md) of Android boot.img and vendor\_boot.img. | Moto X (2013) T-Mobile | Motorola | N | | | | X7 (PD1602_A_3.12.8) | VIVO | N | ? | [Issue 35](https://github.com/cfig/Android_boot_image_editor/issues/35) | -## 6. References +## more examples + +* recovery.img + +If you are working with recovery.img, the steps are similar: + + cp recovery.img + ./gradlew unpack + ./gradlew pack + +* vbmeta.img + +```bash +cp vbmeta.img +./gradlew unpack +./gradlew pack +``` + +* boot.img and vbmeta.img +```bash +cp boot.img +cp vbmeta.img +./gradlew unpack +./gradlew pack +``` +Your boot.img.signed and vbmeta.img.signd will be updated together. + +* sparse vendor.img + +```bash +cp vendor.img +./gradlew unpack +./gradlew pack +``` + +You get vendor.img.unsparse, then you can mount it. +```bash +mkdir mnt +sudo mount -o ro vendor.img mnt +``` + +## boot.img layout +Read [layout](doc/layout.md) of Android boot.img and vendor\_boot.img. + +## References boot\_signer https://android.googlesource.com/platform/system/extras diff --git a/bbootimg/src/main/kotlin/packable/DtboParser.kt b/bbootimg/src/main/kotlin/packable/DtboParser.kt index b5575ad..d71b92e 100644 --- a/bbootimg/src/main/kotlin/packable/DtboParser.kt +++ b/bbootimg/src/main/kotlin/packable/DtboParser.kt @@ -20,6 +20,7 @@ class DtboParser(val workDir: File) : IPackable { private val log = LoggerFactory.getLogger(DtboParser::class.java) private val envv = EnvironmentVerifier() private val outDir = Helper.prop("workDir") + private val dtboMaker = Helper.prop("dtboMaker") override fun capabilities(): List { return listOf("^dtbo\\.img$") @@ -29,7 +30,7 @@ class DtboParser(val workDir: File) : IPackable { cleanUp() val dtbPath = File("$outDir/dtb").path val headerPath = File("$outDir/dtbo.header").path - val cmd = CommandLine.parse("external/mkdtboimg.py dump $fileName").let { + val cmd = CommandLine.parse("$dtboMaker dump $fileName").let { it.addArguments("--dtb $dtbPath") it.addArguments("--output $headerPath") } @@ -57,7 +58,7 @@ class DtboParser(val workDir: File) : IPackable { val headerPath = File("${outDir}/dtbo.header").path val props = Properties() props.load(FileInputStream(File(headerPath))) - val cmd = CommandLine.parse("external/mkdtboimg.py create $fileName.clear").let { + val cmd = CommandLine.parse("$dtboMaker create $fileName.clear").let { it.addArguments("--version=1") for (i in 0 until Integer.parseInt(props.getProperty("dt_entry_count"))) { val dtsName = File("$outDir/dtb.$i").path diff --git a/bbootimg/src/main/resources/general.cfg b/bbootimg/src/main/resources/general.cfg index af40d48..0f5db1d 100644 --- a/bbootimg/src/main/resources/general.cfg +++ b/bbootimg/src/main/resources/general.cfg @@ -1,10 +1,11 @@ workDir = build/unzip_boot/ mkbootfsBin = aosp/mkbootfs.%d/build/exe/mkbootfs/mkbootfs avbtool = aosp/avb/avbtool -kernelExtracter = aosp/build/tools/extract_kernel.py bootSigner = aosp/boot_signer/build/libs/boot_signer.jar verity_pk8 = aosp/security/verity.pk8 verity_pem = aosp/security/verity.x509.pem -mkbootimg = aosp/system/tools/mkbootimg/mkbootimg.py kernelVersionFile = build/unzip_boot/kernel_version.txt kernelConfigFile = build/unzip_boot/kernel_configs.txt +kernelExtracter = aosp/build/tools/extract_kernel.py +mkbootimg = aosp/system/tools/mkbootimg/mkbootimg.py +dtboMaker = aosp/system/libufdt/utils/src/mkdtboimg.py diff --git a/tools/free.py b/tools/free.py new file mode 100755 index 0000000..fcd1aba --- /dev/null +++ b/tools/free.py @@ -0,0 +1,22 @@ +#! /usr/bin/env python3 +# -*- coding: utf-8 -*- +# vim:fenc=utf-8 +# +import subprocess + +""" + +""" + +def run(cmd): + print(cmd) + subprocess.check_call(cmd, shell = True) + + +run("touch vbmeta.img") +run("gradle pull") +run("gradle unpack") +run('vim build/unzip_boot/vbmeta.avb.json -c ":19s/0/2/g" -c ":wq"') +run("gradle pack") +run("gradle flash") +