diff --git a/README.expert.md b/README.expert.md
index 91d98ae..3816f80 100644
--- a/README.expert.md
+++ b/README.expert.md
@@ -22,7 +22,7 @@
     |--------------------------------+-------------------------|
     |<page size>                     |     4                   |
     |--------------------------------+-------------------------|
-    | RESERVED                       |     4                   |
+    |<header version>                |     4                   |
     |--------------------------------+-------------------------|
     |<os version& os patch level>    |     4                   |
     |--------------------------------+-------------------------|
@@ -34,25 +34,59 @@
     |--------------------------------+-------------------------|
     |<cmdline part 2>                |     1024                |
     |--------------------------------+-------------------------|
-    |<padding>                       | min(n * page_zie - 1632)|
+    |<dtbo length>                   |     4                   |
+    |--------------------------------+-------------------------|
+    |<dtbo offset>                   |     8                   |
+    |--------------------------------+-------------------------|
+    |<header size>                   |     4                   |
+    |--------------------------------+-------------------------|
+    |<padding>                       | min(n * page_zie - 1648)|
     +----------------------------------------------------------+
-    
+
 ### 2. data part
 
     +----------------------------------------------------------+
     |<kernel>                        |   kernel length         |
     |--------------------------------+-------------------------|
-    |<padding>                       |                         |
+    |<padding>                       |  min(n * page_zie - len)|
     +----------------------------------------------------------+
-    
+
     +--------------------------------+-------------------------+
     |<ramdisk>                       |   ramdisk length        |
     |--------------------------------+-------------------------|
-    |<padding>                       |                         |
+    |<padding>                       |  min(n * page_zie - len)|
     +----------------------------------------------------------+
-    
+
     +--------------------------------+-------------------------+
     |<second bootloader>             | second bootloader length|
     |--------------------------------+-------------------------|
-    |<padding>                       |                         |
+    |<padding>                       |  min(n * page_zie - len)|
+    +----------------------------------------------------------+
+
+    +--------------------------------+-------------------------+
+    |<recovery dtbo>                 | recovery dtbo length    |
+    |--------------------------------+-------------------------|
+    |<padding>                       |  min(n * page_zie - len)|
+    +----------------------------------------------------------+
+
+### 3. signature part
+
+#### 3.1 Boot Image Signature (VBoot 1.0)
+
+    +--------------------------------+-------------------------+
+    |<signature>                     | signature length        |
+    |--------------------------------+-------------------------|
+    |<padding>                       | defined by boot_signer  |
+    +----------------------------------------------------------+
+
+#### 3.2 AVB Footer (VBoot 2.0)
+
+    +--------------------------------+-------------------------+
+    |<signature>                     | signature length        |
+    |--------------------------------+-------------------------|
+    | ...                            | ...                     |
+    |<padding>                       | defined by avbtool,     |
+    |<padding>                       | it will pad to requested|
+    |<padding>                       | image size              |
+    | ...                            | ...                     |
     +----------------------------------------------------------+
diff --git a/README.md b/README.md
index 65a54a0..9c9c4be 100644
--- a/README.md
+++ b/README.md
@@ -8,12 +8,13 @@ This tool focuses on editing Android boot.img(also recovery.img and recovery-two
 #### Host OS requirement:
 
 Linux or Mac.
+Also need python and java 8.
 
 #### Target Android requirement:
 
-(1) Targeted boot.img(or recovery.img / recovery-two-step.img) MUST follows AOSP [verified boot flow](https://source.android.com/security/verifiedboot/index.html), which means it packs linux kernel, rootfs , and a optional second state bootloader, then sign it with OEM/USER keys.
+(1) Target boot.img(or recovery.img / recovery-two-step.img) MUST follows AOSP verified boot flow, either [Boot image signature](https://source.android.com/security/verifiedboot/verified-boot#signature_format) in VBoot 1.0 or [AVB HASH footer](https://android.googlesource.com/platform/external/avb/+/master/README.md#The-VBMeta-struct) in VBoot 2.0.
 
-(2) These utilities are known to work for Nexus (or Nexus compatible) boot.img(or recovery.img/recovery-two-step.img) for the following Android releases:
+(2) These utilities are known to work for Nexus/Pixel (or Pixel compatible) boot.img(or recovery.img/recovery-two-step.img) for the following Android releases:
 
  - AOSP master
  - Lollipop (API Level 21,22) - Oreo (API Level 26,27)
@@ -62,8 +63,8 @@ And you get recovery.img.signed
 An example boot.img has been placed at **src/test/resources/boot.img**, which is extracted from Nexus 5x(code: bullhead) factory images from [Google](https://dl.google.com/dl/android/aosp/bullhead-mda89e-factory-29247942.tgz), you can take it as a quick start.
 
 ## boot.img layout
-Read [layout](https://github.com/cfig/Android_boot_image_editor/blob/master/README.expert.md) of Android boot.img.
-We now support **os\_version** and **os\_patch\_level**.
+Read [layout](README.expert.md) of Android boot.img.
+We now support **os\_version** ,**os\_patch\_level**, **header_version** and **dtbo**
 
 ## References
 
diff --git a/abootimg/build.gradle b/abootimg/build.gradle
deleted file mode 100644
index 40867dc..0000000
--- a/abootimg/build.gradle
+++ /dev/null
@@ -1,69 +0,0 @@
-apply plugin: 'groovy'
-
-sourceCompatibility = 1.7
-
-repositories {
-    mavenCentral()
-}
-
-dependencies {
-    compile 'org.codehaus.groovy:groovy-all:2.4.7'
-    compile group: 'net.sf.jopt-simple', name: 'jopt-simple', version: '5.0.2'
-    testCompile group: 'junit', name: 'junit', version: '4.11'
-}
-
-task abootimg(type: Jar, dependsOn:['build']) {
-    from files(sourceSets.main.output.classesDir)
-    from files("build/classes/groovy/main")
-    from configurations.runtime.asFileTree.files.collect { zipTree(it) }
-
-    baseName = 'abootimg'
-    manifest {
-        attributes 'Main-Class': 'cfig.bootimg.abootimg'
-    }
-}
-
-task mkbootimg(type: Jar, dependsOn:['build']) {
-    from files(sourceSets.main.output.classesDir)
-    from files("build/classes/groovy/main")
-    from configurations.runtime.asFileTree.files.collect { zipTree(it) }
-
-    baseName = 'mkbootimg'
-    manifest {
-        attributes 'Main-Class': 'cfig.bootimg.mkbootimg'
-    }
-}
-
-task repack(type: Jar, dependsOn:['build']) {
-    from files(sourceSets.main.output.classesDir)
-    from files("build/classes/groovy/main")
-    from configurations.runtime.asFileTree.files.collect { zipTree(it) }
-
-    baseName = 'repack'
-    manifest {
-        attributes 'Main-Class': 'cfig.bootimg.repack'
-    }
-}
-
-//call Google's 'mkbootimg' program
-task pack_clear(type: JavaExec, dependsOn:[':pack_ramdisk_and_gz', 'build']) {
-    classpath = sourceSets.main.runtimeClasspath
-    main = "cfig.bootimg.repack_with_cmd"
-    args rootProject.outClearIMg, rootProject.rootWorkDir, rootProject.mkbootimgBin
-}
-
-//call our 'mkbootimg.groovy'
-task pack_clear2(type: JavaExec, dependsOn:[':pack_ramdisk_and_gz', 'mkbootimg']) {
-    classpath = sourceSets.main.runtimeClasspath
-    main = "cfig.bootimg.repack_with_cmd"
-    args rootProject.outClearIMg + "2" , rootProject.rootWorkDir, "java -jar build/libs/mkbootimg.jar"
-}
-
-//directly calls engine of 'mkbootimg.groovy' from 'repack'
-task pack_clear3(type: JavaExec, dependsOn: [':pack_ramdisk_and_gz', 'repack']) {
-    classpath = files("build/libs/repack.jar")
-    main = 'cfig.bootimg.repack'
-    maxHeapSize '512m'
-    args rootProject.outClearIMg + "3", rootProject.rootWorkDir
-}
-
diff --git a/abootimg/src/main/groovy/cfig/bootimg/CArgs.groovy b/abootimg/src/main/groovy/cfig/bootimg/CArgs.groovy
deleted file mode 100644
index 4d522f6..0000000
--- a/abootimg/src/main/groovy/cfig/bootimg/CArgs.groovy
+++ /dev/null
@@ -1,82 +0,0 @@
-package cfig.bootimg
-
-import groovy.transform.ToString
-
-/**
- * Created by yu at 09:57 on 2016-06-17
- */
-@groovy.transform.TypeChecked
-@ToString(includeNames = true, includeFields = true, excludes = "toCommandLine, CArgs")
-class CArgs {
-    public String kernel;
-    public String ramdisk;
-    public String output;
-    public String cfg;
-    public String board;
-    public String second;
-    public String cmdline;
-    public String os_version;
-    public String os_patch_level;
-    public long base;
-    public long kernel_offset;
-    public long ramdisk_offset;
-    public long second_offset;
-    public int pagesize;
-    public long tags_offset;
-    public boolean id;
-
-    public CArgs() {
-        kernel = "kernel";
-        ramdisk = "ramdisk.img.gz";
-        second = "second";
-        output = "boot.img";
-        cfg = "bootimg.json";
-    }
-
-    public List<String> toCommandList() {
-        List<String> ret = new ArrayList<String>();
-        ret.add("--base");
-        ret.add("0x" + Long.toHexString(base));
-        ret.add("--kernel");
-        ret.add(kernel);
-        ret.add("--kernel_offset");
-        ret.add("0x" + Long.toHexString(kernel_offset));
-        if (null != ramdisk) {
-            ret.add("--ramdisk");
-            ret.add(ramdisk);
-        }
-        ret.add("--ramdisk_offset");
-        ret.add("0x" + Long.toHexString(ramdisk_offset));
-        if (null != second) {
-            ret.add("--second");
-            ret.add(second);
-        }
-        ret.add("--second_offset");
-        ret.add("0x" + Long.toHexString(second_offset));
-        if (null != board) {
-            ret.add("--board");
-            ret.add(board);
-        }
-        ret.add("--pagesize");
-        ret.add(Integer.toString(pagesize));
-        ret.add("--cmdline");
-        ret.add(cmdline);
-        if (null != os_version) {
-            ret.add("--os_version");
-            ret.add(os_version);
-        }
-        if (null != os_patch_level) {
-            ret.add("--os_patch_level");
-            ret.add(os_patch_level);
-        }
-        ret.add("--tags_offset");
-        ret.add("0x" + Long.toHexString(tags_offset));
-        if (id) {
-            ret.add("--id");
-        }
-        ret.add("--output");
-        ret.add(output);
-
-        return ret;
-    }
-}
diff --git a/abootimg/src/main/groovy/cfig/bootimg/CImgInfo.groovy b/abootimg/src/main/groovy/cfig/bootimg/CImgInfo.groovy
deleted file mode 100644
index 8b27794..0000000
--- a/abootimg/src/main/groovy/cfig/bootimg/CImgInfo.groovy
+++ /dev/null
@@ -1,99 +0,0 @@
-package cfig.bootimg
-
-import groovy.json.JsonSlurper
-import groovy.json.JsonBuilder
-import groovy.transform.ToString
-
-/**
- * Created by yu at 09:58 on 2016-06-17
- */
-@ToString(includeNames=true, includeFields=true, includeSuper = true)
-class CImgInfo  extends CArgs {
-    public int kernel_len;
-    public int ramdisk_len;
-    public int second_len;
-    public int kernel_pos;
-    public int ramdisk_pos;
-    public int second_pos;
-    public byte[] hash;
-
-    public static CImgInfo fromJson(String outFile, String workDir) {
-        CImgInfo aArg = new CImgInfo();
-        //preset info
-        aArg.kernel = workDir + File.separator + aArg.kernel;
-        aArg.ramdisk = workDir + File.separator + aArg.ramdisk;
-        aArg.second = workDir + File.separator + aArg.second;
-        aArg.cfg = workDir + File.separator + aArg.cfg;
-        aArg.output = outFile;
-
-        JsonSlurper jsonSlurper = new JsonSlurper()
-        Map result = jsonSlurper.parseText(new File(aArg.cfg).text);
-
-        //arg info
-        aArg.board = result.bootimg.args.board;
-        aArg.cmdline = result.bootimg.args.cmdline;
-        aArg.base = Long.decode(result.bootimg.args.base);
-        aArg.kernel_offset = Long.decode(result.bootimg.args.kernel_offset);
-        aArg.ramdisk_offset = Long.decode(result.bootimg.args.ramdisk_offset);
-        aArg.second_offset = Long.decode(result.bootimg.args.second_offset);
-        aArg.tags_offset = Long.decode(result.bootimg.args.tags_offset);
-        aArg.id = true;
-        aArg.pagesize = result.bootimg.args.pagesize;
-        aArg.os_version = result.bootimg.args.os_version;
-        aArg.os_patch_level = result.bootimg.args.os_patch_level;
-        //image info
-        aArg.kernel_len = Integer.decode(result.bootimg.img.kernel_len);
-        aArg.ramdisk_len = Integer.decode(result.bootimg.img.ramdisk_len);
-        aArg.second_len = Integer.decode(result.bootimg.img.second_len);
-        //adjust preset info
-        if (0 == aArg.ramdisk_len) {
-            aArg.ramdisk = null;
-        }
-        if (0 == aArg.second_len) {
-            aArg.second = null;
-        }
-
-        return aArg;
-    }
-
-    private String bytes2String(byte[] inData) {
-        StringBuilder sb = new StringBuilder("");
-        for (int i = 0; i < inData.length; i++) {
-            sb.append(Integer.toString((inData[i] & 0xff) + 0x100, 16).substring(1));
-        }
-        return sb.toString();
-    }
-
-    public void toJson() {
-        JsonBuilder jb = new JsonBuilder();
-        String hashString = bytes2String(this.hash);
-        jb.bootimg {
-            args {
-                base "0x" + Integer.toHexString((int)this.base);
-                kernel_offset "0x" + Integer.toHexString((int)this.kernel_offset);
-                ramdisk_offset "0x" + Integer.toHexString((int)this.ramdisk_offset);
-                second_offset "0x" + Integer.toHexString((int)this.second_offset);
-                tags_offset "0x" + Integer.toHexString((int)this.tags_offset);
-                pagesize this.pagesize;
-                board this.board;
-                cmdline this.cmdline;
-                os_version this.os_version;
-                os_patch_level this.os_patch_level;
-                id this.id;
-            }
-            img {
-                kernel_pos "0x" + Integer.toHexString(this.kernel_pos);
-                kernel_len "0x" + Integer.toHexString(this.kernel_len);
-                ramdisk_pos "0x" + Integer.toHexString(this.ramdisk_pos);
-                ramdisk_len "0x" + Integer.toHexString(this.ramdisk_len);
-                second_pos "0x" + Integer.toHexString(this.second_pos);
-                second_len "0x" + Integer.toHexString(this.second_len);
-                hash hashString;
-            }
-        }
-        FileWriter fw = new FileWriter(this.cfg);
-        fw.write(jb.toPrettyString());
-        fw.flush();
-        fw.close();
-    }
-}
diff --git a/abootimg/src/main/groovy/cfig/bootimg/Packer.groovy b/abootimg/src/main/groovy/cfig/bootimg/Packer.groovy
deleted file mode 100644
index a5e78ac..0000000
--- a/abootimg/src/main/groovy/cfig/bootimg/Packer.groovy
+++ /dev/null
@@ -1,353 +0,0 @@
-package cfig.bootimg
-
-import java.nio.ByteBuffer;
-import joptsimple.OptionParser;
-import joptsimple.OptionSet;
-import java.nio.channels.FileChannel;
-import java.nio.ByteOrder;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-import java.security.MessageDigest;
-
-/**
- * Created by yu at 10:52 on 2016-06-18
- */
-@groovy.transform.CompileStatic
-class Packer {
-    CArgs parse_cmdline(String[] inArgs) {
-        OptionParser parser = new OptionParser();
-        parser.accepts("kernel", "path to the kernel").withRequiredArg();
-        parser.accepts("ramdisk", "path to the ramdisk").withRequiredArg();
-        parser.accepts("second", "path to the 2nd bootloader").withRequiredArg();
-        parser.accepts("cmdline", "extra arguments to be passed on the kernel command line").withRequiredArg();
-        parser.accepts("base", "base address").withRequiredArg();
-        parser.accepts("kernel_offset", "kernel offset").withRequiredArg();
-        parser.accepts("ramdisk_offset", "ramdisk offset").withRequiredArg();
-        parser.accepts("second_offset", "2nd bootloader offset").withRequiredArg();
-        parser.accepts("os_version", "operating system version").withRequiredArg();
-        parser.accepts("os_patch_level", "operating system patch level").withRequiredArg();
-        parser.accepts("tags_offset", "tags offset").withRequiredArg();
-        parser.accepts("board", "board name").withRequiredArg();
-        parser.accepts("pagesize", "page size").withRequiredArg();
-        parser.accepts("id", "print the image ID on standard output");
-        parser.accepts("output", "output file name").withRequiredArg();
-
-        OptionSet options = parser.parse(inArgs)
-        CArgs ret = new CArgs();
-
-        ret.kernel = options.valueOf("kernel")
-
-        ret.output = options.valueOf("output")
-
-        ret.ramdisk = options.valueOf("ramdisk")
-
-        ret.second = options.valueOf("second")
-
-        if (options.has("board")) {
-            ret.board = options.valueOf("board")
-        } else {
-            ret.board = ""
-        }
-
-        ret.id = options.has("id")
-
-        if (options.has("base")) {
-            ret.base = Long.decode(String.valueOf(options.valueOf("base")))
-        } else {
-            ret.base = 0x10000000;
-        }
-
-        if (options.has("kernel_offset")) {
-            ret.kernel_offset = Long.decode(String.valueOf(options.valueOf("kernel_offset")))
-        } else {
-            ret.kernel_offset = 0x00008000;
-        }
-
-        if (options.has("ramdisk_offset")) {
-            ret.ramdisk_offset = Long.decode(String.valueOf(options.valueOf("ramdisk_offset")))
-        } else {
-            ret.ramdisk_offset = 0x01000000
-        }
-
-        ret.os_version = options.valueOf("os_version")
-
-        ret.os_patch_level = options.valueOf("os_patch_level")
-
-        if (options.has("second_offset")) {
-            ret.second_offset = Long.decode(String.valueOf(options.valueOf("second_offset")))
-        } else {
-            ret.second_offset = 0x00f00000
-        }
-
-        if (options.has("tags_offset")) {
-            ret.tags_offset = Long.decode(String.valueOf(options.valueOf("tags_offset")))
-        } else {
-            ret.tags_offset = 0x00000100
-        }
-
-        if (options.has("pagesize")) {
-            ret.pagesize = Integer.decode(String.valueOf(options.valueOf("pagesize")))
-        } else {
-            ret.pagesize = 2048
-        }
-
-        if (options.has("cmdline")) {
-            ret.cmdline = String.valueOf(options.valueOf("cmdline"))
-        } else {
-            ret.cmdline = ""
-        }
-
-        if (ret.cmdline.length() > 1536) {
-            println("cmdline length must <= 1536, current is " + ret.cmdline.length());
-            printUsage(parser);
-        }
-        if (null == ret.kernel) {
-            println("kernel must not be empty");
-            printUsage(parser);
-        }
-        if (null == ret.output) {
-            println("output file must not be empty");
-            printUsage(parser);
-        }
-        if (ret.board.length() > 16) {
-            println("board name length must <= 16")
-            printUsage(parser);
-        }
-
-        return ret;
-    }
-
-    byte[] write_header(CArgs inArgs) {
-        ByteBuffer bf = ByteBuffer.allocate(1024 * 32);
-        bf.order(ByteOrder.LITTLE_ENDIAN);
-
-        //header start
-        bf.put("ANDROID!".getBytes())
-        bf.putInt((int) new File(inArgs.kernel).length());
-        bf.putInt((int)(inArgs.base + inArgs.kernel_offset));
-
-        if (null == inArgs.ramdisk) {
-            bf.putInt(0)
-        } else {
-            bf.putInt((int) new File(inArgs.ramdisk).length());
-        }
-
-        bf.putInt((int)(inArgs.base + inArgs.ramdisk_offset));
-
-        if (null == inArgs.second) {
-            bf.putInt(0)
-        } else {
-            bf.putInt((int) new File(inArgs.second).length());
-        }
-
-        bf.putInt((int)(inArgs.base + inArgs.second_offset));
-        bf.putInt((int)(inArgs.base + inArgs.tags_offset));
-        bf.putInt(inArgs.pagesize)
-        bf.putInt(0);
-        bf.putInt((parse_os_version(inArgs.os_version) << 11) | parse_os_patch_level(inArgs.os_patch_level))
-
-        if (null == inArgs.board) {
-            bf.put(new byte[16]);
-        } else {
-            bf.put(inArgs.board.getBytes())
-            bf.put(new byte[16 - inArgs.board.length()])
-        }
-
-        bf.put(inArgs.cmdline.substring(0, Math.min(512, inArgs.cmdline.length())).getBytes())
-        bf.put(new byte[512 - Math.min(512, inArgs.cmdline.length())])
-        byte[] img_id = hashFile(inArgs.kernel, inArgs.ramdisk, inArgs.second)
-        bf.put(img_id)
-        bf.put(new byte[32 - img_id.length])
-
-        if (inArgs.cmdline.length() > 512) {
-            bf.put(inArgs.cmdline.substring(512).getBytes())
-            bf.put(new byte[1024 + 512 - inArgs.cmdline.length()])
-        } else {
-            bf.put(new byte[1024])
-        }
-
-        //padding
-        pad_file(bf, inArgs.pagesize)
-
-        //write
-        FileOutputStream fos = new FileOutputStream(inArgs.output, false);
-        fos.write(bf.array(), 0, bf.position())
-        fos.close();
-
-        return img_id;
-    }
-
-    void printUsage(OptionParser p) {
-        ByteArrayOutputStream out = new ByteArrayOutputStream();
-        out.write("Usage: mkbootimg <option>\n".getBytes());
-        p.printHelpOn(out);
-        System.out.println(out.toString());
-        out.close();
-        System.exit(1);
-    }
-
-    void write_padded_file(ByteBuffer inBF, String srcFile, int padding) {
-        if (null == srcFile) {
-            return;
-        }
-        InputStream is = new FileInputStream(new File(srcFile))
-        int byteRead;
-        byte[] dataRead = new byte[128]
-        while (true) {
-            byteRead = is.read(dataRead)
-            if (-1 == byteRead) {
-                break;
-            }
-            inBF.put(dataRead, 0, byteRead);
-        }
-        is.close();
-        pad_file(inBF, padding)
-    }
-
-    void pad_file(ByteBuffer inBF, int padding) {
-        int pad = (padding - (inBF.position() & (padding - 1))) & (padding - 1);
-        inBF.put(new byte[pad]);
-    }
-
-    void write_data(CArgs inArgs) {
-        ByteBuffer bf = ByteBuffer.allocate(1024 * 1024 * 64);
-        bf.order(ByteOrder.LITTLE_ENDIAN);
-
-        write_padded_file(bf, inArgs.kernel, inArgs.pagesize)
-        write_padded_file(bf, inArgs.ramdisk, inArgs.pagesize)
-        write_padded_file(bf, inArgs.second, inArgs.pagesize)
-
-        //write
-        FileOutputStream fos = new FileOutputStream(inArgs.output, true);
-        fos.write(bf.array(), 0, bf.position())
-        fos.close();
-    }
-
-    int parse_os_patch_level(String x) {
-        if (null == x) {
-            return 0;
-        }
-        int ret = 0
-        Pattern pattern = Pattern.compile("^(\\d{4})-(\\d{2})-(\\d{2})")
-        Matcher matcher = pattern.matcher(x)
-        if (matcher.find()) {
-            int y = Integer.parseInt(matcher.group(1), 10) - 2000
-            int m = Integer.parseInt(matcher.group(2), 10)
-            // 7 bits allocated for the year, 4 bits for the month
-            assert y >= 0 && y < 128
-            assert m > 0 && m <= 12
-            ret = (y << 4) | m
-        } else {
-            throw new IllegalArgumentException("invalid os_patch_level")
-        }
-
-        return ret;
-    }
-
-    int parse_os_version(String x) {
-        int ret = 0;
-        if (null != x) {
-            Pattern pattern = Pattern.compile("^(\\d{1,3})(?:\\.(\\d{1,3})(?:\\.(\\d{1,3}))?)?");
-            Matcher m = pattern.matcher(x)
-            if (m.find()) {
-                int a = Integer.decode(m.group(1))
-                int b = 0;
-                int c = 0;
-                if (m.groupCount() >= 2) {
-                    b = Integer.decode(m.group(2))
-                }
-                if (m.groupCount() == 3) {
-                    c = Integer.decode(m.group(3))
-                }
-                assert a < 128
-                assert b < 128
-                assert c < 128
-                ret = ((a << 14) | (b << 7) | c)
-            } else {
-                throw new IllegalArgumentException("invalid os_version")
-            }
-        }
-
-        return ret;
-    }
-
-    void test() {
-        ByteBuffer b2 = ByteBuffer.allocate(1024);
-        b2.order(ByteOrder.LITTLE_ENDIAN);
-        b2.putInt(Integer.MAX_VALUE); //4 bytes
-        println("max: " + Integer.MAX_VALUE)
-        println("min: " + Integer.MIN_VALUE)
-        b2.putInt(0x11111111)
-        b2.putInt(Integer.MIN_VALUE);
-        b2.putInt(0x11111111)
-        b2.put("welcome".getBytes())
-        b2.put(new byte[5]);
-        b2.putInt(0x11111111)
-        b2.putInt(0);
-        b2.putInt(0x11111111)
-        //b2.put((byte)0);
-        b2.flip();
-        FileChannel fc2 = new FileOutputStream(new File("ftest"), false).getChannel();
-        fc2.write(b2);
-        fc2.close();
-
-//ByteBuffer bf = ByteBuffer.allocate(1024 * 1024 * 50);
-//bf.order(ByteOrder.LITTLE_ENDIAN);
-//bf.flip()
-//boolean append = false;
-//FileChannel fc = new FileOutputStream(new File("f1"), append).getChannel();
-//fc.write(bf);
-//fc.close();
-//
-//FileOutputStream stream = new FileOutputStream("f2");
-//stream.write(bf.array(), 0, bf.position())
-//stream.close();
-    }
-
-    byte[] hashFile(String... inFiles) {
-        MessageDigest md = MessageDigest.getInstance("SHA1")
-
-        for (String item : inFiles) {
-            ByteBuffer itemBF = ByteBuffer.allocate(4).order(ByteOrder.LITTLE_ENDIAN);
-            if (null == item) {
-                md.update(itemBF.putInt(0).array())
-            } else {
-                InputStream is = new FileInputStream(new File(item))
-                int byteRead;
-                byte[] dataRead = new byte[128]
-                while (true) {
-                    byteRead = is.read(dataRead)
-                    if (-1 == byteRead) {
-                        break;
-                    }
-                    md.update(dataRead, 0, byteRead)
-                }
-                is.close();
-                md.update(itemBF.putInt((int) new File(item).length()).array())
-            }
-        }
-
-        return md.digest();
-    }
-
-    void dumpBytes(byte[] inData) {
-        StringBuffer sb = new StringBuffer("");
-        for (int i = 0; i < inData.length; i++) {
-            sb.append(Integer.toString((inData[i] & 0xff) + 0x100, 16).substring(1));
-        }
-        println("0x" + sb.toString());
-    }
-
-    void mkbootimg(CArgs theArgs) {
-        byte[] img_id = write_header(theArgs)
-        write_data(theArgs)
-        if (theArgs.id) {
-            ByteBuffer bf = ByteBuffer.allocate(32);
-            bf.order(ByteOrder.LITTLE_ENDIAN);
-            bf.put(img_id);
-            bf.put(new byte[32 - img_id.length])
-            dumpBytes(bf.array());
-        }
-    }
-
-}
diff --git a/abootimg/src/main/groovy/cfig/bootimg/Parser.groovy b/abootimg/src/main/groovy/cfig/bootimg/Parser.groovy
deleted file mode 100644
index b05a72c..0000000
--- a/abootimg/src/main/groovy/cfig/bootimg/Parser.groovy
+++ /dev/null
@@ -1,140 +0,0 @@
-package cfig.bootimg
-
-import groovy.json.JsonBuilder
-import java.nio.ByteBuffer
-import java.nio.ByteOrder
-
-/**
- * Created by yu at 10:58 on 2016-06-18
- */
-@groovy.transform.CompileStatic
-class Parser {
-
-    int readInt(InputStream is) {
-        ByteBuffer bf = ByteBuffer.allocate(128);
-        bf.order(ByteOrder.LITTLE_ENDIAN);
-        byte[] data4 = new byte[4];
-        assert 4 == is.read(data4)
-        bf.clear();
-        bf.put(data4);
-        bf.flip();
-        return bf.getInt();
-    }
-
-    byte[] readBytes(InputStream is, int len) {
-        byte[] data4 = new byte[len];
-        assert len == is.read(data4)
-        return data4;
-    }
-
-    String unparse_os_version(int x) {
-        int a = x >> 14;
-        int b = (x - (a << 14)) >> 7;
-        int c = x & 0x7f;
-
-        return String.format("%d.%d.%d", a, b, c);
-    }
-
-    String unparse_os_patch_level(int x) {
-        int y = x >> 4;
-        int m = x & 0xf;
-        y += 2000;
-
-        return String.format("%d-%02d-%02d", y, m, 0);
-    }
-
-    int get_header_len(int pagesize) {
-        int pad = (pagesize - (1632 & (pagesize - 1))) & (pagesize - 1);
-        return pad + 1632;
-    }
-
-    int get_pad_len(int position, int pagesize) {
-        return (pagesize - (position & (pagesize - 1))) & (pagesize - 1);
-    }
-
-    void parse_header(String fileName, CImgInfo inImgInfo) {
-        InputStream is = new FileInputStream(new File(fileName))
-        assert Arrays.equals(readBytes(is, 8), "ANDROID!".getBytes())
-        inImgInfo.kernel_len = readInt(is);
-        inImgInfo.kernel_offset = readInt(is);
-        inImgInfo.ramdisk_len = readInt(is);
-        inImgInfo.ramdisk_offset = readInt(is);
-        inImgInfo.second_len = readInt(is);
-        inImgInfo.second_offset = readInt(is);
-        inImgInfo.tags_offset = readInt(is);
-        inImgInfo.pagesize = readInt(is);
-        assert 0 == readInt(is) //reserved
-        int os_and_patch = readInt(is)
-        if (0 != os_and_patch) { //treated as 'reserved' in this boot image
-            inImgInfo.os_version = unparse_os_version(os_and_patch >> 11)
-            inImgInfo.os_patch_level = unparse_os_patch_level(os_and_patch & 0x7ff)
-        }
-        inImgInfo.board = new String(readBytes(is, 16), "UTF-8").trim();
-        if (0 == inImgInfo.board.length()) {
-            inImgInfo.board = null;
-        }
-        inImgInfo.cmdline = new String(readBytes(is, 512), "UTF-8")
-        inImgInfo.hash = readBytes(is, 32); //hash
-        inImgInfo.cmdline += new String(readBytes(is, 1024), "UTF-8")
-        inImgInfo.cmdline = inImgInfo.cmdline.trim();
-        is.close();
-
-        //calc subimg positions
-        inImgInfo.kernel_pos = get_header_len(inImgInfo.pagesize)
-        inImgInfo.ramdisk_pos = inImgInfo.kernel_pos + inImgInfo.kernel_len + get_pad_len(inImgInfo.kernel_len, inImgInfo.pagesize)
-        inImgInfo.second_pos = inImgInfo.ramdisk_pos + inImgInfo.ramdisk_len + get_pad_len(inImgInfo.ramdisk_len, inImgInfo.pagesize)
-
-        //adjust args
-        if (inImgInfo.kernel_offset > 0x10000000) {
-            inImgInfo.base = 0x10000000;
-            inImgInfo.kernel_offset -= inImgInfo.base;
-            inImgInfo.ramdisk_offset -= inImgInfo.base;
-            inImgInfo.second_offset -= inImgInfo.base;
-            inImgInfo.tags_offset -= inImgInfo.base;
-        }
-    }
-
-    void extract_img_data(String inBootImg, String outImgName, int offset, int length) {
-        if (0 == length) {
-            return;
-        }
-        RandomAccessFile inRaf = new RandomAccessFile(inBootImg, "r");
-        RandomAccessFile outRaf = new RandomAccessFile(outImgName, "rw");
-        inRaf.seek(offset);
-        byte[] data = new byte[length];
-        assert length == inRaf.read(data)
-        outRaf.write(data);
-        outRaf.close();
-        inRaf.close();
-    }
-
-    void printUsage() {
-        println("Usage: abootimg <path_to_boot_image> [work_dir]");
-        System.exit(1);
-    }
-
-    void abootimg(String[] arg) {
-        CImgInfo imgInfo = new CImgInfo();
-        String fileName;
-        String workDir = "unzip_boot";
-        if (1 == arg.length) {
-            fileName = arg[0];
-        } else if (2 == arg.length) {
-            fileName = arg[0];
-            workDir = arg[1];
-        } else {
-            printUsage();
-        }
-        imgInfo.kernel = workDir + File.separator + imgInfo.kernel;
-        imgInfo.ramdisk = workDir + File.separator + imgInfo.ramdisk;
-        imgInfo.second = workDir + File.separator + imgInfo.second;
-        imgInfo.cfg = workDir + File.separator + imgInfo.cfg;
-
-        parse_header(fileName, imgInfo);
-        new File(workDir).mkdirs();
-        extract_img_data(fileName, imgInfo.kernel, imgInfo.kernel_pos, imgInfo.kernel_len)
-        extract_img_data(fileName, imgInfo.ramdisk, imgInfo.ramdisk_pos, imgInfo.ramdisk_len)
-        extract_img_data(fileName, imgInfo.second, imgInfo.second_pos, imgInfo.second_len)
-        imgInfo.toJson();
-    }
-}
diff --git a/abootimg/src/main/groovy/cfig/bootimg/abootimg.groovy b/abootimg/src/main/groovy/cfig/bootimg/abootimg.groovy
deleted file mode 100644
index 341ae1b..0000000
--- a/abootimg/src/main/groovy/cfig/bootimg/abootimg.groovy
+++ /dev/null
@@ -1,8 +0,0 @@
-package cfig.bootimg
-
-// http://mvnrepository.com/artifact/net.sf.jopt-simple/jopt-simple
-//@Grapes(
-//    @Grab(group='net.sf.jopt-simple', module='jopt-simple', version='5.0.1')
-//)
-
-new Parser().abootimg(args);
diff --git a/abootimg/src/main/groovy/cfig/bootimg/mkbootimg.groovy b/abootimg/src/main/groovy/cfig/bootimg/mkbootimg.groovy
deleted file mode 100644
index 2c0c616..0000000
--- a/abootimg/src/main/groovy/cfig/bootimg/mkbootimg.groovy
+++ /dev/null
@@ -1,9 +0,0 @@
-package cfig.bootimg
-
-// http://mvnrepository.com/artifact/net.sf.jopt-simple/jopt-simple
-//@Grapes(
-//    @Grab(group='net.sf.jopt-simple', module='jopt-simple', version='5.0.1')
-//)
-Packer thePacker = new Packer();
-CArgs theArgs = thePacker.parse_cmdline(args)
-thePacker.mkbootimg(theArgs);
diff --git a/abootimg/src/main/groovy/cfig/bootimg/repack.groovy b/abootimg/src/main/groovy/cfig/bootimg/repack.groovy
deleted file mode 100644
index cd8fa2d..0000000
--- a/abootimg/src/main/groovy/cfig/bootimg/repack.groovy
+++ /dev/null
@@ -1,11 +0,0 @@
-package cfig.bootimg
-
-if (2 != args.length) {
-    println("Usage:\n\trepack <out_file> <work_dir>");
-    println("It will create <out_file> from <work_dir>/kernel, <work_dir>/ramdisk.img.gz and <work_dir>/second");
-    println("Example:\n\trepack boot.img.clear build/unzip_boot");
-    System.exit(1);
-}
-
-CImgInfo aInfo = CImgInfo.fromJson(args[0], args[1]);
-new Packer().mkbootimg(aInfo);
diff --git a/abootimg/src/main/groovy/cfig/bootimg/repack_with_cmd.groovy b/abootimg/src/main/groovy/cfig/bootimg/repack_with_cmd.groovy
deleted file mode 100644
index 8beccc4..0000000
--- a/abootimg/src/main/groovy/cfig/bootimg/repack_with_cmd.groovy
+++ /dev/null
@@ -1,32 +0,0 @@
-package cfig.bootimg;
-
-void Run(List<String> inCmd, String inWorkdir = null) {
-    println("CMD:" + inCmd)
-    if (inWorkdir == null) {
-        inWorkdir = ".";
-    }
-    ProcessBuilder pb = new ProcessBuilder(inCmd)
-            .directory(new File(inWorkdir))
-            .redirectErrorStream(true);
-    Process p = pb.start();
-    p.inputStream.eachLine {println it}
-    p.waitFor();
-    assert 0 == p.exitValue()
-}
-
-if (3 != args.length) {
-    println("Usage:\n\trepack_with_cmd <out_file> <work_dir> <mkbootimg_bin>");
-    println("It will create <out_file> from <work_dir>/kernel, <work_dir>/ramdisk.img.gz and <work_dir>/second");
-    println("with the program <mkbootimg_bin>");
-    println("Example:\n\trepack boot.img.clear build/unzip_boot mkbootimg");
-    System.exit(1);
-}
-
-CImgInfo aInfo = CImgInfo.fromJson(args[0], args[1]);
-List<String> cmdArgs = aInfo.toCommandList();
-int i = 0;
-for (String item : args[2].split()) {
-    cmdArgs.add(i, item);
-    i++;
-}
-Run(cmdArgs);
diff --git a/avb/avbtool b/avb/avbtool
index b742466..2830e20 100755
--- a/avb/avbtool
+++ b/avb/avbtool
@@ -2142,7 +2142,8 @@ class Avb(object):
         expected_chain_partitions_map[partition_name] = (rollback_index_location, pk_blob)
 
     image_dir = os.path.dirname(image_filename)
-    image_ext = os.path.splitext(image_filename)[1]
+    #image_ext = os.path.splitext(image_filename)[1]
+    image_ext = image_filename[image_filename.index('.'):]
 
     key_blob = None
     if key_path:
diff --git a/avbtool.diff b/avbtool.diff
new file mode 100644
index 0000000..d88d459
--- /dev/null
+++ b/avbtool.diff
@@ -0,0 +1,14 @@
+diff --git a/avb/avbtool b/avb/avbtool
+index b742466..2830e20 100755
+--- a/avb/avbtool
++++ b/avb/avbtool
+@@ -2142,7 +2142,8 @@ class Avb(object):
+         expected_chain_partitions_map[partition_name] = (rollback_index_location, pk_blob)
+ 
+     image_dir = os.path.dirname(image_filename)
+-    image_ext = os.path.splitext(image_filename)[1]
++    #image_ext = os.path.splitext(image_filename)[1]
++    image_ext = image_filename[image_filename.index('.'):]
+ 
+     key_blob = None
+     if key_path:
diff --git a/bbootimg/build.gradle b/bbootimg/build.gradle
new file mode 100644
index 0000000..afc9cd4
--- /dev/null
+++ b/bbootimg/build.gradle
@@ -0,0 +1,56 @@
+buildscript {
+    ext {
+        kotlinVersion = '1.2.41'
+    }
+    repositories {
+        mavenCentral()
+    }
+    dependencies {
+        classpath("org.jetbrains.kotlin:kotlin-gradle-plugin:${kotlinVersion}")
+        classpath("org.jetbrains.kotlin:kotlin-allopen:${kotlinVersion}")
+    }
+}
+
+apply plugin: 'kotlin'
+apply plugin: 'application'
+
+sourceCompatibility = 1.8
+compileKotlin {
+    kotlinOptions {
+        freeCompilerArgs = ["-Xjsr305=strict"]
+        jvmTarget = "1.8"
+    }
+}
+compileTestKotlin {
+    kotlinOptions {
+        freeCompilerArgs = ["-Xjsr305=strict"]
+        jvmTarget = "1.8"
+    }
+}
+
+repositories {
+    mavenCentral()
+    jcenter()
+}
+
+dependencies {
+    compile("org.jetbrains.kotlin:kotlin-stdlib-jdk8")
+    compile("org.jetbrains.kotlin:kotlin-reflect")
+    compile("org.slf4j:slf4j-simple:1.7.25")
+    compile("org.slf4j:slf4j-api:1.7.25")
+    compile("com.fasterxml.jackson.core:jackson-annotations:2.9.4")
+    compile("com.fasterxml.jackson.core:jackson-databind:2.9.4")
+    compile("org.apache.commons:commons-exec:1.3")
+    compile("junit:junit:4.12")
+}
+
+mainClassName = "cfig.RKt"
+
+jar {
+    from files("build/classes/kotlin/main")
+    from configurations.runtime.asFileTree.files.collect { zipTree(it) }
+
+    manifest {
+        attributes "Main-Class": "cfig.RKt"
+    }
+}
\ No newline at end of file
diff --git a/bbootimg/src/main/kotlin/Helper.kt b/bbootimg/src/main/kotlin/Helper.kt
new file mode 100644
index 0000000..2e2fd9e
--- /dev/null
+++ b/bbootimg/src/main/kotlin/Helper.kt
@@ -0,0 +1,100 @@
+package cfig
+
+import org.slf4j.LoggerFactory
+import java.io.FileInputStream
+import java.io.FileOutputStream
+import java.io.IOException
+import java.io.RandomAccessFile
+import java.nio.charset.StandardCharsets
+import java.util.zip.GZIPInputStream
+import java.util.zip.GZIPOutputStream
+import org.junit.Assert.*
+
+class Helper{
+    companion object {
+        fun toHexString(inData: ByteArray): String {
+            val sb = StringBuilder()
+            for (i in inData.indices) {
+                sb.append(Integer.toString((inData[i].toInt().and(0xff)) + 0x100, 16).substring(1))
+            }
+            return sb.toString()
+        }
+
+        fun fromHexString(s: String): ByteArray {
+            val len = s.length
+            val data = ByteArray(len / 2)
+            var i = 0
+            while (i < len) {
+                data[i / 2] = ((Character.digit(s[i], 16) shl 4) + Character.digit(s[i + 1], 16)).toByte()
+                i += 2
+            }
+            return data
+        }
+
+        //similar to this.toString(StandardCharsets.UTF_8).replace("${Character.MIN_VALUE}", "")
+        fun byteArray2CString(ba: ByteArray): String {
+            val str = ba.toString(StandardCharsets.UTF_8)
+            val nullPos = str.indexOf(Character.MIN_VALUE)
+            return if (nullPos >= 0) {
+                str.substring(0, nullPos)
+            } else {
+                str
+            }
+        }
+
+        @Throws(IOException::class)
+        fun gnuZipFile(compressedFile: String, decompressedFile: String) {
+            val buffer = ByteArray(1024)
+            FileOutputStream(compressedFile).use { fos ->
+                GZIPOutputStream(fos).use { gos ->
+                    FileInputStream(decompressedFile).use { fis->
+                        var bytesRead: Int
+                        while (true) {
+                            bytesRead = fis.read(buffer)
+                            if (bytesRead <= 0) break
+                            gos.write(buffer, 0, bytesRead);
+                        }
+                        gos.finish()
+                        log.info("gzip done: $decompressedFile -> $compressedFile")
+                    }//file-input-stream
+                }//gzip-output-stream
+            }//file-output-stream
+        }
+
+        @Throws(IOException::class)
+        fun unGnuzipFile(compressedFile: String, decompressedFile: String) {
+            val buffer = ByteArray(1024)
+            FileInputStream(compressedFile).use { fileIn ->
+                //src
+                GZIPInputStream(fileIn).use { gZIPInputStream ->
+                    //src
+                    FileOutputStream(decompressedFile).use { fileOutputStream ->
+                        var bytesRead: Int
+                        while (true) {
+                            bytesRead = gZIPInputStream.read(buffer)
+                            if (bytesRead <= 0) break
+                            fileOutputStream.write(buffer, 0, bytesRead)
+                        }
+                        log.info("un-gzip done: $compressedFile -> $decompressedFile")
+                    }
+                }
+            }
+        }
+
+        fun extractImageData(fileName: String, outImgName: String, offset: Long, length: Int) {
+            if (0 == length) {
+                return
+            }
+            RandomAccessFile(fileName, "r").use { inRaf ->
+                RandomAccessFile(outImgName, "rw").use { outRaf ->
+                    inRaf.seek(offset)
+                    val data = ByteArray(length)
+                    assertTrue(length == inRaf.read(data))
+                    outRaf.write(data)
+                }
+            }
+        }
+
+        private val log = LoggerFactory.getLogger("Helper")
+    }
+}
diff --git a/bbootimg/src/main/kotlin/ImgArgs.kt b/bbootimg/src/main/kotlin/ImgArgs.kt
new file mode 100644
index 0000000..22eaf44
--- /dev/null
+++ b/bbootimg/src/main/kotlin/ImgArgs.kt
@@ -0,0 +1,214 @@
+package cfig
+
+import org.apache.commons.exec.CommandLine
+import java.util.*
+
+data class ImgArgs(
+        //file input
+        var kernel: String = UnifiedConfig.workDir + "kernel",
+        var ramdisk: String? = UnifiedConfig.workDir + "ramdisk.img.gz",
+        var second: String? = UnifiedConfig.workDir + "second",
+        var dtbo: String? = UnifiedConfig.workDir + "dtbo",
+        //file output
+        var output: String = "boot.img",
+        var cfg: String = UnifiedConfig.workDir + "bootimg.json",
+
+        //load address
+        internal var base: Long = 0,
+        internal var kernelOffset: Long = 0,
+        var ramdiskOffset: Long = 0,
+        var secondOffset: Long = 0,
+        var tagsOffset: Long = 0,
+        var dtboOffset: Long = 0,
+
+        var board: String = "",
+        var cmdline: String = "",
+        var osVersion: String? = null,
+        var osPatchLevel: String? = null,
+        var headerVersion: Int = 0,
+        var pageSize: Int = 0,
+        var id: Boolean = true,
+        //internal
+        var mkbootimg: String = "../src/mkbootimg/mkbootimg",
+
+        //signature
+        var verifyType: VerifyType = VerifyType.VERIFY
+) {
+    enum class VerifyType {
+        VERIFY,
+        AVB
+    }
+
+    fun toCommandList(): List<String> {
+        val ret = ArrayList<String>()
+        ret.add(mkbootimg)
+        ret.add("--header_version")
+        ret.add(headerVersion.toString())
+        ret.add("--base")
+        ret.add("0x" + java.lang.Long.toHexString(base))
+        ret.add("--kernel")
+        ret.add(kernel)
+        ret.add("--kernel_offset")
+        ret.add("0x" + java.lang.Long.toHexString(kernelOffset))
+        ramdisk?.let {
+            ret.add("--ramdisk")
+            ret.add(it)
+        }
+        ret.add("--ramdisk_offset")
+        ret.add("0x" + java.lang.Long.toHexString(ramdiskOffset))
+        second?.let {
+            ret.add("--second")
+            ret.add(it)
+        }
+        ret.add("--second_offset")
+        ret.add("0x" + java.lang.Long.toHexString(secondOffset))
+        if (!board.isBlank()) {
+            ret.add("--board")
+            ret.add(board)
+        }
+        if (headerVersion > 0) {
+            dtbo?.let { dtbo ->
+                ret.add("--recovery_dtbo")
+                ret.add(dtbo)
+            }
+            ret.add("--recovery_dtbo_offset")
+            ret.add("0x" + java.lang.Long.toHexString(dtboOffset))
+        }
+        ret.add("--pagesize")
+        ret.add(Integer.toString(pageSize))
+        ret.add("--cmdline")
+        ret.add(cmdline)
+        if (!osVersion.isNullOrBlank()) {
+            ret.add("--os_version")
+            ret.add(osVersion!!)
+        }
+        if (!osPatchLevel.isNullOrBlank()) {
+            ret.add("--os_patch_level")
+            ret.add(osPatchLevel!!)
+        }
+        ret.add("--tags_offset")
+        ret.add("0x" + java.lang.Long.toHexString(tagsOffset))
+        if (id) {
+            ret.add("--id")
+        }
+        ret.add("--output")
+        ret.add(output + ".google")
+
+        return ret
+    }
+
+    fun toCommandString(): String {
+        val ret = StringBuilder()
+        ret.append(mkbootimg)
+        ret.append(" --header_version ")
+        ret.append(headerVersion.toString())
+        ret.append(" --base ")
+        ret.append("0x" + java.lang.Long.toHexString(base))
+        ret.append(" --kernel ")
+        ret.append(kernel)
+        ret.append(" --kernel_offset ")
+        ret.append("0x" + java.lang.Long.toHexString(kernelOffset))
+        ramdisk?.let {
+            ret.append(" --ramdisk ")
+            ret.append(it)
+        }
+        ret.append(" --ramdisk_offset ")
+        ret.append("0x" + java.lang.Long.toHexString(ramdiskOffset))
+        second?.let {
+            ret.append(" --second ")
+            ret.append(it)
+        }
+        ret.append(" --second_offset ")
+        ret.append("0x" + java.lang.Long.toHexString(secondOffset))
+        if (!board.isBlank()) {
+            ret.append(" --board ")
+            ret.append(board)
+        }
+        if (headerVersion > 0) {
+            dtbo?.let { dtbo ->
+                ret.append(" --recovery_dtbo ")
+                ret.append(dtbo)
+            }
+            ret.append(" --recovery_dtbo_offset ")
+            ret.append("0x" + java.lang.Long.toHexString(dtboOffset))
+        }
+        ret.append(" --pagesize ")
+        ret.append(Integer.toString(pageSize))
+        ret.append(" --cmdline ")
+        ret.append("\"" + cmdline + "\"")
+        if (!osVersion.isNullOrBlank()) {
+            ret.append(" --os_version ")
+            ret.append(osVersion)
+        }
+        if (!osPatchLevel.isNullOrBlank()) {
+            ret.append(" --os_patch_level ")
+            ret.append(osPatchLevel)
+        }
+        ret.append(" --tags_offset ")
+        ret.append("0x" + java.lang.Long.toHexString(tagsOffset))
+        if (id) {
+            ret.append(" --id ")
+        }
+        ret.append(" --output ")
+        ret.append(output + ".google")
+
+        return ret.toString()
+    }
+
+    fun toCommandLine(): CommandLine {
+        val ret = CommandLine(mkbootimg)
+        ret.addArgument(" --header_version ")
+        ret.addArgument(headerVersion.toString())
+        ret.addArgument(" --base ")
+        ret.addArgument("0x" + java.lang.Long.toHexString(base))
+        ret.addArgument(" --kernel ")
+        ret.addArgument(kernel)
+        ret.addArgument(" --kernel_offset ")
+        ret.addArgument("0x" + java.lang.Long.toHexString(kernelOffset))
+        ramdisk?.let {
+            ret.addArgument(" --ramdisk ")
+            ret.addArgument(it)
+        }
+        ret.addArgument(" --ramdisk_offset ")
+        ret.addArgument("0x" + java.lang.Long.toHexString(ramdiskOffset))
+        second?.let {
+            ret.addArgument(" --second ")
+            ret.addArgument(it)
+        }
+        ret.addArgument(" --second_offset ")
+        ret.addArgument("0x" + java.lang.Long.toHexString(secondOffset))
+        if (!board.isBlank()) {
+            ret.addArgument(" --board ")
+            ret.addArgument(board)
+        }
+        if (headerVersion > 0) {
+            dtbo?.let { dtbo ->
+                ret.addArgument(" --recovery_dtbo ")
+                ret.addArgument(dtbo)
+            }
+            ret.addArgument(" --recovery_dtbo_offset ")
+            ret.addArgument("0x" + java.lang.Long.toHexString(dtboOffset))
+        }
+        ret.addArgument(" --pagesize ")
+        ret.addArgument(Integer.toString(pageSize))
+        ret.addArgument(" --cmdline ")
+        ret.addArgument(cmdline, false)
+        if (!osVersion.isNullOrBlank()) {
+            ret.addArgument(" --os_version ")
+            ret.addArgument(osVersion)
+        }
+        if (!osPatchLevel.isNullOrBlank()) {
+            ret.addArgument(" --os_patch_level ")
+            ret.addArgument(osPatchLevel)
+        }
+        ret.addArgument(" --tags_offset ")
+        ret.addArgument("0x" + java.lang.Long.toHexString(tagsOffset))
+        if (id) {
+            ret.addArgument(" --id ")
+        }
+        ret.addArgument(" --output ")
+        ret.addArgument(output + ".google")
+
+        return ret
+    }
+}
diff --git a/bbootimg/src/main/kotlin/ImgInfo.kt b/bbootimg/src/main/kotlin/ImgInfo.kt
new file mode 100644
index 0000000..9d10a22
--- /dev/null
+++ b/bbootimg/src/main/kotlin/ImgInfo.kt
@@ -0,0 +1,35 @@
+package cfig
+
+data class ImgInfo(
+        //kernel
+        var kernelPosition: Int = 0,
+        var kernelLength: Int = 0,
+        //ramdisk
+        var ramdiskPosition: Int = 0,
+        var ramdiskLength: Int = 0,
+        //second bootloader
+        var secondBootloaderPosition: Int = 0,
+        var secondBootloaderLength: Int = 0,
+        //dtbo
+        var recoveryDtboPosition: Int = 0,
+        var recoveryDtboLength: Int = 0,
+
+        var headerSize: Int = 0,
+        var hash: ByteArray = ByteArray(0),
+
+        //signature
+        var signature: Any? = null
+) {
+    data class AvbSignature(
+            var type: String = "avb",
+            var originalImageSize: Int? = null,
+            var imageSize: Int? = null,
+            var partName: String? = null)
+
+    data class VeritySignature(
+            var type: String = "dm-verity",
+            var path: String = "/boot",
+            var verity_pk8: String = "security/verity.pk8",
+            var verity_pem: String = "security/verity.x509.pem",
+            var jarPath: String = "boot_signer/build/libs/boot_signer.jar")
+}
\ No newline at end of file
diff --git a/bbootimg/src/main/kotlin/Packer.kt b/bbootimg/src/main/kotlin/Packer.kt
new file mode 100644
index 0000000..47f319c
--- /dev/null
+++ b/bbootimg/src/main/kotlin/Packer.kt
@@ -0,0 +1,302 @@
+package cfig
+
+import com.fasterxml.jackson.databind.ObjectMapper
+import org.apache.commons.exec.CommandLine
+import org.apache.commons.exec.DefaultExecutor
+import org.slf4j.LoggerFactory
+import java.io.*
+import java.nio.ByteBuffer
+import java.nio.ByteOrder
+import java.security.MessageDigest
+import java.util.regex.Pattern
+import org.junit.Assert.*
+
+class Packer {
+    private val log = LoggerFactory.getLogger("Packer")
+    private val workDir = UnifiedConfig.workDir
+
+    @Throws(CloneNotSupportedException::class)
+    private fun hashFileAndSize(vararg inFiles: String?): ByteArray {
+        val md = MessageDigest.getInstance("SHA1")
+        for (item in inFiles) {
+            if (null == item) {
+                md.update(ByteBuffer.allocate(4).order(ByteOrder.LITTLE_ENDIAN)
+                        .putInt(0)
+                        .array())
+                log.debug("update null $item: " + Helper.toHexString((md.clone() as MessageDigest).digest()))
+            } else {
+                val currentFile = File(item)
+                FileInputStream(currentFile).use { iS ->
+                    var byteRead: Int
+                    var dataRead = ByteArray(1024)
+                    while (true) {
+                        byteRead = iS.read(dataRead)
+                        if (-1 == byteRead) {
+                            break
+                        }
+                        md.update(dataRead, 0, byteRead)
+                    }
+                    log.debug("update file $item: " + Helper.toHexString((md.clone() as MessageDigest).digest()))
+                    md.update(ByteBuffer.allocate(4).order(ByteOrder.LITTLE_ENDIAN)
+                            .putInt(currentFile.length().toInt())
+                            .array())
+                    log.debug("update size $item: " + Helper.toHexString((md.clone() as MessageDigest).digest()))
+                }
+            }
+        }
+
+        return md.digest()
+    }
+
+    private fun writePaddedFile(inBF: ByteBuffer, srcFile: String, padding: Int) {
+        FileInputStream(srcFile).use { iS ->
+            var byteRead: Int
+            val dataRead = ByteArray(128)
+            while (true) {
+                byteRead = iS.read(dataRead)
+                if (-1 == byteRead) {
+                    break
+                }
+                inBF.put(dataRead, 0, byteRead)
+            }
+            padFile(inBF, padding)
+        }
+    }
+
+    private fun padFile(inBF: ByteBuffer, padding: Int) {
+        val pad = padding - (inBF.position() and padding - 1) and padding - 1
+        inBF.put(ByteArray(pad))
+    }
+
+    private fun writeData(inArgs: ImgArgs) {
+        log.info("Writing data ...")
+        val bf = ByteBuffer.allocate(1024 * 1024 * 64)//assume total size small than 64MB
+        bf.order(ByteOrder.LITTLE_ENDIAN)
+
+        writePaddedFile(bf, inArgs.kernel, inArgs.pageSize)
+        inArgs.ramdisk?.let { ramdisk ->
+            writePaddedFile(bf, ramdisk, inArgs.pageSize)
+        }
+        inArgs.second?.let { second ->
+            writePaddedFile(bf, second, inArgs.pageSize)
+        }
+        inArgs.dtbo?.let { dtbo ->
+            writePaddedFile(bf, dtbo, inArgs.pageSize)
+        }
+        //write
+        FileOutputStream(inArgs.output + ".clear", true).use { fos ->
+            fos.write(bf.array(), 0, bf.position())
+        }
+    }
+
+    @Throws(IllegalArgumentException::class)
+    private fun packOsVersion(x: String?): Int {
+        if (x.isNullOrBlank()) return 0
+        val pattern = Pattern.compile("^(\\d{1,3})(?:\\.(\\d{1,3})(?:\\.(\\d{1,3}))?)?")
+        val m = pattern.matcher(x)
+        if (m.find()) {
+            val a = Integer.decode(m.group(1))
+            var b = 0
+            var c = 0
+            if (m.groupCount() >= 2) {
+                b = Integer.decode(m.group(2))
+            }
+            if (m.groupCount() == 3) {
+                c = Integer.decode(m.group(3))
+            }
+            assertTrue(a < 128)
+            assertTrue(b < 128)
+            assertTrue(c < 128)
+            return (a shl 14) or (b shl 7) or c
+        } else {
+            throw IllegalArgumentException("invalid os_version")
+        }
+    }
+
+    private fun parseOsPatchLevel(x: String?): Int {
+        if (x.isNullOrBlank()) return 0
+        val ret: Int
+        val pattern = Pattern.compile("^(\\d{4})-(\\d{2})-(\\d{2})")
+        val matcher = pattern.matcher(x)
+        if (matcher.find()) {
+            val y = Integer.parseInt(matcher.group(1), 10) - 2000
+            val m = Integer.parseInt(matcher.group(2), 10)
+            // 7 bits allocated for the year, 4 bits for the month
+            assertTrue(y in 0..127)
+            assertTrue(m in 1..12)
+            ret = (y shl 4) or m
+        } else {
+            throw IllegalArgumentException("invalid os_patch_level")
+        }
+
+        return ret
+    }
+
+    private fun writeHeader(inArgs: ImgArgs): ByteArray {
+        log.info("Writing header ...")
+        val bf = ByteBuffer.allocate(1024 * 32)
+        bf.order(ByteOrder.LITTLE_ENDIAN)
+
+        //header start
+        bf.put("ANDROID!".toByteArray())
+        bf.putInt(File(inArgs.kernel).length().toInt())
+        bf.putInt((inArgs.base + inArgs.kernelOffset).toInt())
+
+        if (null == inArgs.ramdisk) {
+            bf.putInt(0)
+        } else {
+            bf.putInt(File(inArgs.ramdisk).length().toInt())
+        }
+
+        bf.putInt((inArgs.base + inArgs.ramdiskOffset).toInt())
+
+        if (null == inArgs.second) {
+            bf.putInt(0)
+        } else {
+            bf.putInt(File(inArgs.second).length().toInt())
+        }
+
+        bf.putInt((inArgs.base + inArgs.secondOffset).toInt())
+        bf.putInt((inArgs.base + inArgs.tagsOffset).toInt())
+        bf.putInt(inArgs.pageSize)
+        bf.putInt(inArgs.headerVersion)
+        bf.putInt((packOsVersion(inArgs.osVersion) shl 11) or parseOsPatchLevel(inArgs.osPatchLevel))
+
+        if (inArgs.board.isBlank()) {
+            bf.put(ByteArray(16))
+        } else {
+            bf.put(inArgs.board.toByteArray())
+            bf.put(ByteArray(16 - inArgs.board.length))
+        }
+
+        bf.put(inArgs.cmdline.substring(0, minOf(512, inArgs.cmdline.length)).toByteArray())
+        bf.put(ByteArray(512 - minOf(512, inArgs.cmdline.length)))
+
+        //hash
+        val imageId = if (inArgs.headerVersion > 0) {
+            hashFileAndSize(inArgs.kernel, inArgs.ramdisk, inArgs.second, inArgs.dtbo)
+        } else {
+            hashFileAndSize(inArgs.kernel, inArgs.ramdisk, inArgs.second)
+        }
+        bf.put(imageId)
+        bf.put(ByteArray(32 - imageId.size))
+
+        if (inArgs.cmdline.length > 512) {
+            bf.put(inArgs.cmdline.substring(512).toByteArray())
+            bf.put(ByteArray(1024 + 512 - inArgs.cmdline.length))
+        } else {
+            bf.put(ByteArray(1024))
+        }
+
+        if (inArgs.headerVersion > 0) {
+            if (inArgs.dtbo == null) {
+                bf.putInt(0)
+            } else {
+                bf.putInt(File(inArgs.dtbo).length().toInt())
+            }
+            bf.putLong(inArgs.dtboOffset)
+            bf.putInt(1648)
+        }
+
+        //padding
+        padFile(bf, inArgs.pageSize)
+
+        //write
+        FileOutputStream(inArgs.output + ".clear", false).use { fos ->
+            fos.write(bf.array(), 0, bf.position())
+        }
+
+        return imageId
+    }
+
+    fun pack(mkbootimgBin: String) {
+        log.info("Loading config from ${workDir}bootimg.json")
+        val cfg = ObjectMapper().readValue(File(workDir + "bootimg.json"), UnifiedConfig::class.java)
+        val readBack = cfg.toArgs()
+        val args = readBack[0] as ImgArgs
+        val info = readBack[1] as ImgInfo
+        args.mkbootimg = mkbootimgBin
+        log.debug(args.toString())
+        log.debug(info.toString())
+
+        //clean
+        if (File(args.output + ".google").exists()) File(args.output + ".google").delete()
+        if (File(args.output + ".clear").exists()) File(args.output + ".clear").delete()
+        if (File(args.output + ".signed").exists()) File(args.output + ".signed").delete()
+
+        writeHeader(args)
+        writeData(args)
+
+        DefaultExecutor().execute(args.toCommandLine())
+        val ourHash = hashFileAndSize(args.output + ".clear")
+        val googleHash = hashFileAndSize(args.output + ".google")
+        log.info("ours hash ${Helper.toHexString(ourHash)}, google's hash ${Helper.toHexString(googleHash)}")
+        if (ourHash.contentEquals(googleHash)) {
+            log.info("Hash verification passed: ${Helper.toHexString(ourHash)}")
+        } else {
+            log.error("Hash verification failed")
+            throw UnknownError("Do not know why hash verification fails, maybe a bug")
+        }
+    }
+
+    fun sign(avbtool: String, bootSigner: String) {
+        log.info("Loading config from ${workDir}bootimg.json")
+        val cfg = ObjectMapper().readValue(File(workDir + "bootimg.json"), UnifiedConfig::class.java)
+        val readBack = cfg.toArgs()
+        val args = readBack[0] as ImgArgs
+        val info = readBack[1] as ImgInfo
+
+        when (args.verifyType) {
+            ImgArgs.VerifyType.VERIFY -> {
+                log.info("Signing with verified-boot 1.0 style")
+                val sig = ObjectMapper().readValue(
+                        mapToJson(info.signature as LinkedHashMap<*, *>), ImgInfo.VeritySignature::class.java)
+                DefaultExecutor().execute(CommandLine.parse("java -jar $bootSigner " +
+                        "${sig.path} ${args.output}.clear ${sig.verity_pk8} ${sig.verity_pem} ${args.output}.signed"))
+
+            }
+            ImgArgs.VerifyType.AVB -> {
+                log.info("Adding hash_footer with verified-boot 2.0 style")
+                val sig = ObjectMapper().readValue(
+                        mapToJson(info.signature as LinkedHashMap<*, *>), ImgInfo.AvbSignature::class.java)
+                File(args.output + ".clear").copyTo(File(args.output + ".signed"))
+                DefaultExecutor().execute(CommandLine.parse(
+                                "$avbtool add_hash_footer " +
+                                        "--image ${args.output}.signed " +
+                                        "--partition_size ${sig.imageSize} " +
+                                        "--partition_name ${sig.partName}"))
+                verifyAVBIntegrity(args, info, avbtool)
+            }
+        }
+    }
+
+    private fun mapToJson(m: LinkedHashMap<*, *>): String {
+        val sb = StringBuilder()
+        m.forEach { k, v ->
+            if (sb.isNotEmpty()) sb.append(", ")
+            sb.append("\"$k\": \"$v\"")
+        }
+        return "{ $sb }"
+    }
+
+    private fun runCmdList(inCmd: List<String>, inWorkdir: String? = null) {
+        log.info("CMD:$inCmd")
+        val pb = ProcessBuilder(inCmd)
+                .directory(File(inWorkdir ?: "."))
+                .redirectErrorStream(true)
+        val p: Process = pb.start()
+        val br = BufferedReader(InputStreamReader(p.inputStream))
+        while (br.ready()) {
+            log.info(br.readLine())
+        }
+        p.waitFor()
+        assertTrue(0 == p.exitValue())
+    }
+
+    private fun verifyAVBIntegrity(args: ImgArgs, info: ImgInfo, avbtool: String) {
+        val tgt = args.output + ".signed"
+        log.info("Verifying AVB: $tgt")
+        DefaultExecutor().execute(CommandLine.parse("$avbtool verify_image --image $tgt"))
+        log.info("Verifying image passed: $tgt")
+    }
+}
diff --git a/bbootimg/src/main/kotlin/Parser.kt b/bbootimg/src/main/kotlin/Parser.kt
new file mode 100644
index 0000000..1b1b564
--- /dev/null
+++ b/bbootimg/src/main/kotlin/Parser.kt
@@ -0,0 +1,246 @@
+package cfig
+
+import com.fasterxml.jackson.databind.ObjectMapper
+import org.apache.commons.exec.CommandLine
+import org.apache.commons.exec.DefaultExecutor
+import org.slf4j.LoggerFactory
+import java.io.File
+import java.io.FileInputStream
+import java.io.InputStream
+import java.lang.IllegalStateException
+import java.nio.ByteBuffer
+import java.nio.ByteOrder
+import org.junit.Assert.*
+import org.apache.commons.exec.PumpStreamHandler
+import java.io.ByteArrayOutputStream
+import java.util.regex.Pattern
+
+
+class Parser {
+    private val workDir = UnifiedConfig.workDir
+    private fun readInt(iS: InputStream): Int {
+        val bf = ByteBuffer.allocate(128)
+        bf.order(ByteOrder.LITTLE_ENDIAN)
+        val data4 = ByteArray(4)
+        assertTrue(4 == iS.read(data4))
+        bf.clear()
+        bf.put(data4)
+        bf.flip()
+        return bf.int
+    }
+
+    private fun readUnsignedAsLong(iS: InputStream): Long {
+        val bf = ByteBuffer.allocate(128)
+        bf.order(ByteOrder.LITTLE_ENDIAN)
+        val data4 = ByteArray(4)
+        assertTrue(4 == iS.read(data4))
+        bf.clear()
+        bf.put(data4)
+        bf.put(ByteArray(4)) //complete high bits with 0
+        bf.flip()
+        return bf.long
+    }
+
+    private fun readLong(iS: InputStream): Long {
+        val bf = ByteBuffer.allocate(128)
+        bf.order(ByteOrder.LITTLE_ENDIAN)
+        val data4 = ByteArray(8)
+        assertTrue(8 == iS.read(data4))
+        bf.clear()
+        bf.put(data4)
+        bf.flip()
+        return bf.long
+    }
+
+    private fun readBytes(iS: InputStream, len: Int): ByteArray {
+        val data4 = ByteArray(len)
+        assertTrue(len == iS.read(data4))
+        return data4
+    }
+
+    private fun parseOsVersion(x: Int): String {
+        val a = x shr 14
+        val b = x - (a shl 14) shr 7
+        val c = x and 0x7f
+
+        return String.format("%d.%d.%d", a, b, c)
+    }
+
+    private fun parseOsPatchLevel(x: Int): String {
+        var y = x shr 4
+        val m = x and 0xf
+        y += 2000
+
+        return String.format("%d-%02d-%02d", y, m, 0)
+    }
+
+    private fun getHeaderSize(pageSize: Int): Int {
+        val pad = (pageSize - (1648 and (pageSize - 1))) and (pageSize - 1)
+        return pad + 1648
+    }
+
+    private fun getPaddingSize(position: Int, pageSize: Int): Int {
+        return (pageSize - (position and pageSize - 1)) and (pageSize - 1)
+    }
+
+    private fun parseHeader(args: ImgArgs, info: ImgInfo) {
+        FileInputStream(args.output).use { iS ->
+            assertTrue(readBytes(iS, 8).contentEquals("ANDROID!".toByteArray()))
+            info.kernelLength = readInt(iS)
+            args.kernelOffset = readUnsignedAsLong(iS)
+            info.ramdiskLength = readInt(iS)
+            args.ramdiskOffset = readUnsignedAsLong(iS)
+            info.secondBootloaderLength = readInt(iS)
+            args.secondOffset = readUnsignedAsLong(iS)
+            args.tagsOffset = readUnsignedAsLong(iS)
+            args.pageSize = readInt(iS)
+            args.headerVersion = readInt(iS)
+
+            val osNPatch = readInt(iS)
+            if (0 != osNPatch) { //treated as 'reserved' in this boot image
+                args.osVersion = parseOsVersion(osNPatch shr 11)
+                args.osPatchLevel = parseOsPatchLevel(osNPatch and 0x7ff)
+            }
+
+            args.board = Helper.byteArray2CString(readBytes(iS, 16))
+            if (args.board.isBlank()) {
+                args.board = ""
+            }
+
+            val cmd1 = Helper.byteArray2CString(readBytes(iS, 512))
+            info.hash = readBytes(iS, 32) //hash
+            val cmd2 = Helper.byteArray2CString(readBytes(iS, 1024))
+            args.cmdline = cmd1 + cmd2
+
+            info.recoveryDtboLength = readInt(iS)
+            args.dtboOffset = readLong(iS)
+            info.headerSize = readInt(iS)
+
+            //calc subimg positions
+            info.kernelPosition = getHeaderSize(args.pageSize)
+            info.ramdiskPosition = info.kernelPosition + info.kernelLength + getPaddingSize(info.kernelLength, args.pageSize)
+            info.secondBootloaderPosition = info.ramdiskPosition + info.ramdiskLength + getPaddingSize(info.ramdiskLength, args.pageSize)
+            info.recoveryDtboPosition = info.secondBootloaderPosition + info.secondBootloaderLength + getPaddingSize(info.secondBootloaderLength, args.pageSize)
+
+            //adjust args
+            if (args.kernelOffset > Int.MAX_VALUE) {
+                args.base = Int.MAX_VALUE + 1L
+                args.kernelOffset -= args.base
+                args.ramdiskOffset -= args.base
+                args.secondOffset -= args.base
+                args.tagsOffset -= args.base
+                args.dtboOffset -= args.base
+            }
+
+            if (info.ramdiskLength == 0) args.ramdisk = null
+            if (info.kernelLength == 0) throw IllegalStateException("boot image has no kernel")
+            if (info.secondBootloaderLength == 0) args.second = null
+            if (info.recoveryDtboLength == 0) args.dtbo = null
+        }
+    }//resource-closable
+
+    private fun verifiedWithAVB(args: ImgArgs): Boolean {
+        val expectedBf = "AVBf".toByteArray()
+        FileInputStream(args.output).use { fis ->
+            fis.skip(File(args.output).length() - 64)
+            val bf = ByteArray(4)
+            fis.read(bf)
+            return bf.contentEquals(expectedBf)
+        }
+    }
+
+    private fun verifyAVBIntegrity(args: ImgArgs, info: ImgInfo, avbtool: String) {
+        DefaultExecutor().execute(CommandLine.parse("$avbtool verify_image --image ${args.output}"))
+    }
+
+    private fun parseAVBInfo(args: ImgArgs, info: ImgInfo, avbtool: String) {
+        val outputStream = ByteArrayOutputStream()
+        val exec = DefaultExecutor()
+        exec.streamHandler = PumpStreamHandler(outputStream)
+        exec.execute(CommandLine.parse("$avbtool info_image --image ${args.output}"))
+        val lines = outputStream.toString().split("\n")
+        lines.forEach {
+            val m = Pattern.compile("^Original image size:\\s+(\\d+)\\s*bytes").matcher(it)
+            if (m.find()) {
+                (info.signature as ImgInfo.AvbSignature).originalImageSize = Integer.parseInt(m.group(1))
+            }
+
+            val m2 = Pattern.compile("^Image size:\\s+(\\d+)\\s*bytes").matcher(it)
+            if (m2.find()) {
+                (info.signature as ImgInfo.AvbSignature).imageSize = Integer.parseInt(m2.group(1))
+            }
+
+            val m3 = Pattern.compile("^\\s*Partition Name:\\s+(\\S+)$").matcher(it)
+            if (m3.find()) {
+                (info.signature as ImgInfo.AvbSignature).partName = m3.group(1)
+
+            }
+            log.debug("[" + it + "]")
+        }
+        assertNotNull((info.signature as ImgInfo.AvbSignature).imageSize)
+        assertNotNull((info.signature as ImgInfo.AvbSignature).originalImageSize)
+        assertTrue(!(info.signature as ImgInfo.AvbSignature).partName.isNullOrBlank())
+    }
+
+    private fun unpackRamdisk(imgArgs: ImgArgs) {
+        val exe = DefaultExecutor()
+        exe.workingDirectory = File(workDir + "root")
+        if (exe.workingDirectory.exists()) exe.workingDirectory.deleteRecursively()
+        exe.workingDirectory.mkdirs()
+        val ramdiskFile = File(imgArgs.ramdisk!!.removeSuffix(".gz"))
+        exe.execute(CommandLine.parse("cpio -i -m -F " + ramdiskFile.canonicalPath))
+        log.info("extract ramdisk done: $ramdiskFile -> ${exe.workingDirectory.path}")
+    }
+
+    fun parseAndExtract(fileName: String?, avbtool: String) {
+        val imgArgs = ImgArgs(output = fileName ?: "boot.img")
+        val imgInfo = ImgInfo()
+        if (File(workDir).exists()) File(workDir).deleteRecursively()
+        File(workDir).mkdirs()
+        if (!fileName.isNullOrBlank()) {
+            imgArgs.output = fileName!!
+        }
+
+        //parse header
+        parseHeader(imgArgs, imgInfo)
+
+        //parse signature
+        if (verifiedWithAVB(imgArgs)) {
+            imgArgs.verifyType = ImgArgs.VerifyType.AVB
+            imgInfo.signature = ImgInfo.AvbSignature()
+            verifyAVBIntegrity(imgArgs, imgInfo, avbtool)
+            parseAVBInfo(imgArgs, imgInfo, avbtool)
+        } else {
+            imgArgs.verifyType = ImgArgs.VerifyType.VERIFY
+            imgInfo.signature = ImgInfo.VeritySignature()
+        }
+
+        log.info(imgArgs.toString())
+        log.info(imgInfo.toString())
+
+        Helper.extractImageData(imgArgs.output, imgArgs.kernel, imgInfo.kernelPosition.toLong(), imgInfo.kernelLength)
+        log.info("kernel dumped to ${imgArgs.kernel}")
+        imgArgs.ramdisk?.let { ramdisk ->
+            log.info("ramdisk dumped to ${imgArgs.ramdisk}")
+            Helper.extractImageData(imgArgs.output, ramdisk, imgInfo.ramdiskPosition.toLong(), imgInfo.ramdiskLength)
+            Helper.unGnuzipFile(ramdisk, workDir + "ramdisk.img")
+            unpackRamdisk(imgArgs)
+        }
+        imgArgs.second?.let { second ->
+            Helper.extractImageData(imgArgs.output, second, imgInfo.secondBootloaderPosition.toLong(), imgInfo.secondBootloaderLength)
+            log.info("second bootloader dumped to ${imgArgs.second}")
+        }
+        imgArgs.dtbo?.let { dtbo ->
+            Helper.extractImageData(imgArgs.output, dtbo, imgInfo.recoveryDtboPosition.toLong(), imgInfo.recoveryDtboLength)
+            log.info("dtbo dumped to ${imgArgs.dtbo}")
+        }
+        val cfg = UnifiedConfig.fromArgs(imgArgs, imgInfo)
+        log.debug(ObjectMapper().writerWithDefaultPrettyPrinter().writeValueAsString(cfg))
+        ObjectMapper().writerWithDefaultPrettyPrinter().writeValue(File(imgArgs.cfg), cfg)
+        log.info("image info written to ${imgArgs.cfg}")
+    }
+
+    companion object {
+        private val log = LoggerFactory.getLogger("Parser")!!
+    }
+}
diff --git a/bbootimg/src/main/kotlin/R.kt b/bbootimg/src/main/kotlin/R.kt
new file mode 100644
index 0000000..34a8906
--- /dev/null
+++ b/bbootimg/src/main/kotlin/R.kt
@@ -0,0 +1,22 @@
+package cfig
+
+fun main(args: Array<String>) {
+    if ((args.size == 5) && args[0] in setOf("pack", "unpack", "sign")) {
+        when (args[0]) {
+            "unpack" -> {
+                Parser().parseAndExtract(args[1], args[3])
+            }
+            "pack" -> {
+                Packer().pack(args[2])
+            }
+            "sign" -> {
+                Packer().sign(args[3], args[4])
+            }
+        }
+    } else {
+        println("Usage: unpack <boot_image_path> <mkbootfs_bin_path> <avbtool_path> <boot_signer_path>")
+        println("Usage:  pack  <boot_image_path> <mkbootfs_bin_path> <avbtool_path> <boot_signer_path>")
+        println("Usage:  sign  <boot_image_path> <mkbootfs_bin_path> <avbtool_path> <boot_signer_path>")
+        System.exit(1)
+    }
+}
diff --git a/bbootimg/src/main/kotlin/UnifiedConfig.kt b/bbootimg/src/main/kotlin/UnifiedConfig.kt
new file mode 100644
index 0000000..87fccf8
--- /dev/null
+++ b/bbootimg/src/main/kotlin/UnifiedConfig.kt
@@ -0,0 +1,140 @@
+package cfig
+
+import com.fasterxml.jackson.annotation.JsonInclude
+import org.slf4j.LoggerFactory
+
+@JsonInclude(JsonInclude.Include.NON_NULL)
+data class UnifiedConfig(
+        var info: MiscInfo = MiscInfo(),
+        var kernel: CommArgs = CommArgs(),
+        var ramdisk: CommArgs? = null,
+        var secondBootloader: CommArgs? = null,
+        var recoveryDtbo: CommArgs? = null,
+        var signature: Any? = ImgInfo.VeritySignature()
+) {
+    data class CommArgs(
+            var file: String? = null,
+            var position: String = "0",
+            var size: String = "0",
+            var loadOffset: String = "0")
+
+    data class MiscInfo(
+            var output: String = "",
+            var headerVersion: Int = 0,
+            var headerSize: Int = 0,
+            var loadBase: String = "",
+            var tagsOffset: String = "0",
+            var board: String? = null,
+            var pageSize: Int = 0,
+            var cmdline: String = "",
+            var osVersion: String? = null,
+            var osPatchLevel: String? = null,
+            var hash: String = "",
+            var verify: ImgArgs.VerifyType = ImgArgs.VerifyType.VERIFY)
+
+    fun toArgs(): Array<Any> {
+        val args = ImgArgs()
+        val info = ImgInfo()
+
+        args.output = this.info.output
+        args.kernel = this.kernel.file ?: workDir + "kernel"
+        args.kernelOffset = this.kernel.loadOffset.removePrefix("0x").toLong(16)
+        info.kernelPosition = Integer.decode(this.kernel.position)
+        info.kernelLength = Integer.decode(this.kernel.size)
+
+        if (this.ramdisk == null) {
+            args.ramdisk = null
+        } else {
+            args.ramdisk = this.ramdisk!!.file
+            args.ramdiskOffset = this.ramdisk!!.loadOffset.removePrefix("0x").toLong(16)
+            info.ramdiskPosition = Integer.decode(this.ramdisk!!.position)
+            info.ramdiskLength = Integer.decode(this.ramdisk!!.size)
+        }
+
+        this.secondBootloader?.let {
+            args.second = it.file
+            args.secondOffset = it.loadOffset.removePrefix("0x").toLong(16)
+            info.secondBootloaderPosition = Integer.decode(it.position)
+            info.secondBootloaderLength = Integer.decode(it.size)
+        }
+        if (this.secondBootloader == null) args.second = null
+
+        this.recoveryDtbo?.let {
+            args.dtbo = it.file
+            args.dtboOffset = it.loadOffset.removePrefix("0x").toLong(16)
+            info.recoveryDtboPosition = Integer.decode(it.position)
+            info.recoveryDtboLength = Integer.decode(it.size)
+        }
+        if (this.recoveryDtbo == null) args.dtbo = null
+
+        info.headerSize = this.info.headerSize
+        args.headerVersion = this.info.headerVersion
+        args.base = this.info.loadBase.removePrefix("0x").toLong(16)
+        this.info.board?.let { args.board = it }
+        args.tagsOffset = this.info.tagsOffset.removePrefix("0x").toLong(16)
+        args.cmdline = this.info.cmdline
+        args.osVersion = this.info.osVersion
+        args.osPatchLevel = this.info.osPatchLevel
+        info.hash = Helper.fromHexString(this.info.hash)
+        args.pageSize = this.info.pageSize
+        args.verifyType = this.info.verify
+        info.signature = this.signature
+
+        return arrayOf(args, info)
+    }
+
+    companion object {
+        const val workDir = "build/unzip_boot/"
+        private val log = LoggerFactory.getLogger(UnifiedConfig::class.java)
+        fun fromArgs(args: ImgArgs, info: ImgInfo): UnifiedConfig {
+            val ret = UnifiedConfig()
+            ret.kernel.file = args.kernel
+            ret.kernel.loadOffset = "0x${java.lang.Long.toHexString(args.kernelOffset)}"
+            ret.kernel.size = "0x${Integer.toHexString(info.kernelLength)}"
+            ret.kernel.position = "0x${Integer.toHexString(info.kernelPosition)}"
+
+            ret.ramdisk = CommArgs()
+            ret.ramdisk!!.loadOffset = "0x${java.lang.Long.toHexString(args.ramdiskOffset)}"
+            ret.ramdisk!!.size = "0x${Integer.toHexString(info.ramdiskLength)}"
+            ret.ramdisk!!.position = "0x${Integer.toHexString(info.ramdiskPosition)}"
+            args.ramdisk?.let {
+                ret.ramdisk!!.file = args.ramdisk
+            }
+
+            ret.secondBootloader = CommArgs()
+            ret.secondBootloader!!.loadOffset = "0x${java.lang.Long.toHexString(args.secondOffset)}"
+            ret.secondBootloader!!.size = "0x${Integer.toHexString(info.secondBootloaderLength)}"
+            ret.secondBootloader!!.position = "0x${Integer.toHexString(info.secondBootloaderPosition)}"
+            args.second?.let {
+                ret.secondBootloader!!.file = args.second
+            }
+
+            if (args.headerVersion > 0) {
+                ret.recoveryDtbo = CommArgs()
+                args.dtbo?.let {
+                    ret.recoveryDtbo!!.file = args.dtbo
+                }
+                ret.recoveryDtbo!!.loadOffset = "0x${java.lang.Long.toHexString(args.dtboOffset)}"
+                ret.recoveryDtbo!!.size = "0x${Integer.toHexString(info.recoveryDtboLength)}"
+                ret.recoveryDtbo!!.position = "0x${Integer.toHexString(info.recoveryDtboPosition)}"
+            }
+
+            ret.info.output = args.output
+            ret.info.headerSize = info.headerSize
+            ret.info.headerVersion = args.headerVersion
+            ret.info.loadBase = "0x${java.lang.Long.toHexString(args.base)}"
+            ret.info.board = if (args.board.isBlank()) null else args.board
+            ret.info.tagsOffset = "0x${java.lang.Long.toHexString(args.tagsOffset)}"
+            ret.info.cmdline = args.cmdline
+            ret.info.osVersion = args.osVersion
+            ret.info.osPatchLevel = args.osPatchLevel
+            ret.info.hash = Helper.toHexString(info.hash)
+            ret.info.pageSize = args.pageSize
+
+            ret.info.verify = args.verifyType
+            ret.signature = info.signature
+
+            return ret
+        }
+    }
+}
diff --git a/build.gradle b/build.gradle
index 65f1733..41a153a 100644
--- a/build.gradle
+++ b/build.gradle
@@ -2,18 +2,6 @@ apply plugin: 'java'
 
 apply plugin: 'groovy'
 
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.nio.ByteBuffer;
-import java.nio.ByteOrder;
-import java.lang.RuntimeException;
-import java.util.zip.GZIPInputStream;
-import java.util.zip.GZIPOutputStream;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-import java.security.MessageDigest;
-
 subprojects {
     tasks.withType(JavaCompile) {
         //options.compilerArgs << "-Xlint:unchecked" << "-Xlint:deprecation"
@@ -25,9 +13,6 @@ subprojects {
 // ----------------------------------------------------------------------------
 def workdir='build/unzip_boot'
 project.ext.rootWorkDir = new File(workdir).getAbsolutePath()
-def defaultRootDir = workdir + "/root"
-def sdkVersion = 7;
-boolean gDebug=true
 String activeImg = "boot.img"
 String activePath = "/boot"
 if (new File("boot.img").exists()) {
@@ -42,144 +27,50 @@ if (new File("boot.img").exists()) {
 }
 project.ext.outClearIMg = new File(String.format("%s.clear", activeImg)).getAbsolutePath()
 project.ext.mkbootimgBin = new File("src/mkbootimg/mkbootimg").getAbsolutePath()
-println("Active image target: " + activeImg);
+project.ext.avbtool = new File("avb/avbtool").getAbsolutePath()
+project.ext.bootSigner = new File("boot_signer/build/libs/boot_signer.jar").getAbsolutePath()
+println("Active image target: " + activeImg)
 
 // ----------------------------------------------------------------------------
 //                       tasks
 // ----------------------------------------------------------------------------
-task unpack_bootimg(type: JavaExec, dependsOn: ['abootimg:abootimg']) {
-    doFirst {
-        def rootdir = new File(workdir)
-        if (rootdir.exists()) {
-            rootdir.deleteDir()
-        }
-        rootdir.mkdirs()
-    }
-    main = 'cfig.bootimg.abootimg'
-    classpath = files("abootimg/build/libs/abootimg.jar")
+task unpack(type: JavaExec, dependsOn: ["bbootimg:jar"]) {
+    classpath = sourceSets.main.runtimeClasspath
+    main = "cfig.RKt"
+    classpath = files("bbootimg/build/libs/bbootimg.jar")
     maxHeapSize '512m'
-    args String.format("%s", activeImg), workdir
-}
-
-task unpack_ramdisk_gz {
-    doLast {
-        unGnuzipFile(workdir+"/ramdisk.img.gz", workdir + "/ramdisk.img")
-    }
-}
-unpack_ramdisk_gz.dependsOn(unpack_bootimg)
-
-task unpack_cpio(type: Exec, dependsOn: unpack_ramdisk_gz) {
-    doFirst {
-        def rootdir = new File(workdir+ "/root")
-        if (rootdir.exists()) {
-            rootdir.deleteDir()
-        }
-        rootdir.mkdirs()
-    }
-    workingDir workdir + "/root"
-    executable 'cpio'
-    args = ['-i', '-m', '-F', '../ramdisk.img']
-}
-
-task unpack(type: Delete, dependsOn: unpack_cpio) {
-    description "extract boot.img or recovery.img"
-    delete workdir + "/ramdisk.img.gz"
-    delete workdir + "/ramdisk.img"
-}
-
-task pack_ramdisk_and_gz { Task task ->
-    def rootDir = defaultRootDir
-    if (null != System.getProperty("ANDROID_PRODUCT_OUT")) {
-        rootDir = System.getProperty("ANDROID_PRODUCT_OUT") + "/root"
-    }
-    doLast {
-        if (!rootDir.equals(defaultRootDir)) {
-            println("Warning:")
-            println("Warning:")
-            println("Warning:\tUsing [" + rootDir + "] for target root")
-            println("Warning:")
-            println("Warning:")
-        }
-        ByteArrayOutputStream mkbootfs_out = new ByteArrayOutputStream()
-        task.project.exec {
-            commandLine = [ 'mkbootfs/build/exe/mkbootfs/mkbootfs', rootDir ]
-            standardOutput = mkbootfs_out
-        }
-        def ByteArrayInputStream gzip_in = new ByteArrayInputStream(mkbootfs_out.buf)
-        gnuZipFile(workdir + "/ramdisk.img.gz", gzip_in)
-    }
-}
-pack_ramdisk_and_gz.dependsOn('mkbootfs:mkbootfsExecutable')
-
-void unGnuzipFile(String compressedFile, String decompressedFile) throws IOException {
-    byte[] buffer = new byte[1024];
-    try {
-        FileInputStream fileIn = new FileInputStream(compressedFile);
-        GZIPInputStream gZIPInputStream = new GZIPInputStream(fileIn);
-        FileOutputStream fileOutputStream = new FileOutputStream(decompressedFile);
-        int bytes_read;
-        while ((bytes_read = gZIPInputStream.read(buffer)) > 0) {
-            fileOutputStream.write(buffer, 0, bytes_read);
-        }
-        gZIPInputStream.close();
-        fileOutputStream.close();
-        System.out.println("The file was decompressed successfully!");
-    } catch (IOException ex) {
-        throw ex;
-    }
+    args "unpack", activeImg, rootProject.mkbootimgBin, rootProject.avbtool, rootProject.bootSigner
 }
 
-void gnuZipFile(String compressedFile, InputStream fis) throws IOException {
-    byte[] buffer = new byte[1024];
-    try {
-        FileOutputStream fos = new FileOutputStream(compressedFile);
-        GZIPOutputStream gos = new GZIPOutputStream(fos);
-
-        int bytes_read;
-        while ((bytes_read = fis.read(buffer)) > 0) {
-            gos .write(buffer, 0, bytes_read);
-        }
-        gos.finish();
-        gos.close();
-        System.out.println("The file compressed successfully!");
-    } catch (IOException ex) {
-        throw ex;
-    }
-}
-
-void gnuZipFile(String compressedFile, String decompressedFile) throws IOException {
-    byte[] buffer = new byte[1024];
-    try {
-        FileOutputStream fos = new FileOutputStream(compressedFile);
-        GZIPOutputStream gos = new GZIPOutputStream(fos);
-
-        FileInputStream fis = new FileInputStream(decompressedFile);
-        int bytes_read;
-        while ((bytes_read = fis.read(buffer)) > 0) {
-            gos .write(buffer, 0, bytes_read);
-        }
-        fis.close();
-        gos.finish();
-        gos.close();
-        System.out.println("The file compressed successfully!");
-    } catch (IOException ex) {
-        throw ex;
-    }
+task packClear(type: JavaExec, dependsOn: ["bbootimg:jar"]) {
+    classpath = sourceSets.main.runtimeClasspath
+    main = "cfig.RKt"
+    classpath = files("bbootimg/build/libs/bbootimg.jar")
+    maxHeapSize '512m'
+    args "pack", activeImg, rootProject.mkbootimgBin, rootProject.avbtool, rootProject.bootSigner
 }
 
-task verify_clear(dependsOn: ['abootimg:pack_clear', 'abootimg:pack_clear2', 'abootimg:pack_clear3']) {
-    doLast {
-        verifyClearImages(activeImg + ".clear", activeImg + ".clear2", activeImg + ".clear3");
-    }
+task sign(type: JavaExec, dependsOn: ["bbootimg:jar", packClear, "boot_signer:jar"]) {
+    classpath = sourceSets.main.runtimeClasspath
+    main = "cfig.RKt"
+    classpath = files("bbootimg/build/libs/bbootimg.jar")
+    maxHeapSize '512m'
+    args "sign", activeImg, rootProject.mkbootimgBin, rootProject.avbtool, rootProject.bootSigner
 }
 
-task pack(type: JavaExec, dependsOn: [verify_clear, 'boot_signer:jar']) {
+task signTest(type: JavaExec, dependsOn: ["boot_signer:jar"]) {
     main = 'com.android.verity.BootSignature'
     classpath = files("boot_signer/build/libs/boot_signer.jar")
     maxHeapSize '512m'
     args activePath, activeImg + '.clear', 'security/verity.pk8', 'security/verity.x509.pem', activeImg + '.signed'
 }
 
+task pack(dependsOn: sign) {
+    doLast {
+        println("Pack task finished: " + activeImg + ".signed")
+    }
+}
+
 task _setup(type: Copy) {
     from 'src/test/resources/boot.img'
     into '.'
@@ -203,24 +94,6 @@ void Run(String inCmd, String inWorkdir = null) {
     Run(Arrays.asList(inCmd.split()), inWorkdir);
 }
 
-boolean RunFunc(List<String> inCmd, String inWorkdir = null) {
-    println("CMD:" + inCmd)
-    if (inWorkdir == null) {
-        inWorkdir = ".";
-    }
-    ProcessBuilder pb = new ProcessBuilder(inCmd)
-            .directory(new File(inWorkdir))
-            .redirectErrorStream(true);
-    Process p = pb.start()
-    p.inputStream.eachLine {println it}
-    p.waitFor();
-    return 0 == p.exitValue();
-}
-
-void RunFunc(String inCmd, String inWorkdir = null) {
-    RunFunc(Arrays.asList(inCmd.split()), inWorkdir);
-}
-
 void updateBootImage(String activeImg) {
     String flashTarget = null;
     switch (activeImg) {
@@ -256,83 +129,6 @@ task rr {
     }
 }
 
-void updateLinks(String inWorkdir) {
-    updateLinks(inWorkdir, 6);
-}
-
-void updateLinks(String inWorkdir, int sdkVersion) {
-    String sysBinDir = inWorkdir + "/root/system/bin";
-    String[] toolboxLinks = [ "df", "getevent", "iftop", "ioctl", "ionice", "log", "ls", "lsof", "mount", "nandread", "newfs_msdos", "ps", "prlimit", "renice", "sendevent", "start", "stop", "top", "uptime", "watchprops", "dd", "du" ];
-    String[] toyboxLinks = [ "acpi", "basename", "blockdev", "bzcat", "cal", "cat", "chcon", "chgrp", "chmod", "chown", "chroot", "cksum", "clear", "comm", "cmp", "cp", "cpio", "cut", "date", "dirname", "dmesg", "dos2unix", "echo", "env", "expand", "expr", "fallocate", "false", "find", "free", "getenforce", "getprop", "groups", "head", "hostname", "hwclock", "id", "ifconfig", "inotifyd", "insmod", "kill", "load_policy", "ln", "logname", "losetup", "lsmod", "lsusb", "md5sum", "mkdir", "mknod", "mkswap", "mktemp", "modinfo", "more", "mountpoint", "mv", "netstat", "nice", "nl", "nohup", "od", "paste", "patch", "grep", "pidof", "pkill", "pmap", "printenv", "printf", "pwd", "readlink", "realpath", "restorecon", "rm", "rmdir", "rmmod", "route", "runcon", "sed", "seq", "setenforce", "setprop", "setsid", "sha1sum", "sleep", "sort", "split", "stat", "strings", "swapoff", "swapon", "sync", "sysctl", "tac", "tail", "tar", "taskset", "tee", "time", "timeout", "touch", "tr", "true", "truncate", "umount", "uname", "uniq", "unix2dos", "usleep", "vmstat", "wc", "which", "whoami", "xargs", "yes" ];
-    String[] toolboxLinks_7 = [ "df", "getevent", "iftop", "ioctl", "ionice", "log", "lsof", "nandread", "newfs_msdos", "ps", "prlimit", "renice", "sendevent", "start", "stop", "top", "uptime", "watchprops", "dd", "du" ];
-    String[] toyboxLinks_7 = [ "ls", "acpi", "basename", "blockdev", "bzcat", "cal", "cat", "chcon", "chgrp", "chmod", "chown", "chroot", "cksum", "clear", "comm", "cmp", "cp", "cpio", "cut", "date", "dirname", "dmesg", "dos2unix", "echo", "env", "expand", "expr", "fallocate", "false", "find", "free", "getenforce", "getprop", "groups", "head", "hostname", "hwclock", "id", "ifconfig", "inotifyd", "insmod", "kill", "load_policy", "ln", "logname", "losetup", "lsmod", "lsusb", "md5sum", "mkdir", "mknod", "mkswap", "mktemp", "modinfo", "more", "mount", "mountpoint", "mv", "netstat", "nice", "nl", "nohup", "od", "paste", "patch", "grep", "pidof", "pkill", "pmap", "printenv", "printf", "pwd", "readlink", "realpath", "restorecon", "rm", "rmdir", "rmmod", "route", "runcon", "sed", "seq", "setenforce", "setprop", "setsid", "sha1sum", "sleep", "sort", "split", "stat", "strings", "swapoff", "swapon", "sync", "sysctl", "tac", "tail", "tar", "taskset", "tee", "time", "timeout", "touch", "tr", "true", "truncate", "umount", "uname", "uniq", "unix2dos", "usleep", "vmstat", "wc", "which", "whoami", "xargs", "yes" ];
-
-    if (sdkVersion <= 6) {
-        //Android Marshmallow (6)
-        for (String item : toolboxLinks) {
-            RunFunc("unlink " + item, sysBinDir);
-            Run("/bin/ln -s toolbox " + item, sysBinDir);
-        }
-        //Android Marshmallow (6)
-        for (String item : toyboxLinks) {
-            RunFunc("unlink " + item, sysBinDir);
-            Run("/bin/ln -s toybox " + item, sysBinDir);
-        }
-    } else {
-        //Android Nougat (7)
-        for (String item : toolboxLinks_7) {
-            RunFunc("unlink " + item, sysBinDir);
-            Run("/bin/ln -s toolbox " + item, sysBinDir);
-        }
-        //Android Nougat (7)
-        for (String item : toyboxLinks_7) {
-            RunFunc("unlink " + item, sysBinDir);
-            Run("/bin/ln -s toybox " + item, sysBinDir);
-        }
-    }
-}
-
-task debug(dependsOn: ['addSystemBin', 'addSystemLib']) {
-    description "add debug tools into recovery rootfs from ANDROID_PRODUCT_OUT"
-    doLast {
-        updateLinks(workdir, sdkVersion);
-    }
-}
-
-task addSystemBin(type: Copy) {
-    from System.getProperty("ANDROID_PRODUCT_OUT") + '/system/bin'
-    into workdir + "/root/system/bin"
-    include { details ->
-        inTargetList(details.file.name, "bin", sdkVersion)
-    }
-}
-
-task addSystemLib(type: Copy) {
-    from System.getProperty("ANDROID_PRODUCT_OUT") + '/system/lib'
-    into workdir + "/root/system/lib"
-    include { details ->
-        inTargetList(details.file.name, "lib", sdkVersion)
-    }
-}
-
-boolean inTargetList(String file, String inType, int sdkVersion) {
-    String[] bins = [ "sh", "logcat", "logd", "linker", "toolbox", "toybox", "applypatch", "debuggerd",  "reboot" ]
-    String[] libs_6 = [ "libdl.so", "libutils.so", "libc++.so", "libc.so", "libm.so", "libz.so", "libstdc++.so", "libcutils.so", "libselinux.so", "liblog.so", "libpcre.so", "libsysutils.so", "libnl.so", "libbase.so", "libbacktrace.so", "libunwind.so" ]
-    String[] libs = [ "libdl.so", "libutils.so", "libc++.so", "libc.so", "libm.so", "libz.so", "libstdc++.so", "libcutils.so", "libselinux.so", "liblog.so", "libpcre.so", "libsysutils.so", "libnl.so", "libbase.so", "libbacktrace.so", "libunwind.so", "libcrypto.so", "libpackagelistparser.so", "libpcrecpp.so", "liblzma.so" ]
-    switch (inType) {
-        case "bin":
-            return inArray(file, bins);
-        case "lib":
-            if (sdkVersion <= 6) {
-                return inArray(file, libs_6);
-            } else {
-                return inArray(file, libs);
-            }
-        default:
-            throw new RuntimeException("illegal type");
-    }
-}
-
 boolean inArray(String file, String[] inArray) {
     for (String item : inArray) {
         if (item.equals(file)) {
@@ -341,58 +137,3 @@ boolean inArray(String file, String[] inArray) {
     }
     return false;
 }
-
-// ----------------------------------------------------------------------------
-//                      post configs
-// ----------------------------------------------------------------------------
-if (null == activeImg) {
-    pack.enabled = false
-    unpack.enabled = false
-    unpack_cpio.enabled = false
-    unpack_bootimg.enabled = false
-    unpack_ramdisk_gz.enabled = false
-}
-
-if (!new File(workdir + File.separator + "root").exists()) {
-    pack_ramdisk_and_gz.enabled = false
-}
-
-byte[] hashFile(String inFile) {
-    MessageDigest md = MessageDigest.getInstance("SHA1")
-    ByteBuffer itemBF = ByteBuffer.allocate(4).order(ByteOrder.LITTLE_ENDIAN);
-    InputStream is = new FileInputStream(new File(inFile))
-    int byteRead;
-    byte[] dataRead = new byte[128]
-    while (true) {
-        byteRead = is.read(dataRead)
-        if (-1 == byteRead) {
-            break;
-        }
-        md.update(dataRead, 0, byteRead)
-    }
-    is.close();
-    md.update(itemBF.putInt((int) new File(inFile).length()).array())
-
-    return md.digest();
-}
-
-void verifyClearImages(String... inFiles) {
-    assert (inFiles.length > 1)
-    byte[] ref;
-    for (String item : inFiles) {
-        if (null == ref) {
-            print(" Hashing  " + item + "...");
-            ref = hashFile(item);
-            println("DONE");
-        } else {
-            print("Verifying " + item + "...");
-            byte[] tgt = hashFile(item);
-            assert Arrays.equals(ref, tgt);
-            println("PASSED");
-        }
-    }
-}
-
-task wrapper(type: Wrapper) {
-    gradleVersion = '4.4'
-}
diff --git a/port.mk b/port.mk
index f1ef72a..e08bfdd 100644
--- a/port.mk
+++ b/port.mk
@@ -63,7 +63,9 @@ t:
 	cp -v system/core/libcutils/include/private/android_filesystem_capability.h $(ROOTDIR)/src/mkbootfs/headers/private/
 	cp -v system/core/libcutils/include/private/fs_config.h $(ROOTDIR)/src/mkbootfs/headers/private/
 	cp -v system/core/libutils/include/utils/Compat.h $(ROOTDIR)/src/mkbootfs/headers/utils/
-	echo "$$log_h_content" | base64 -d > $(LOG_H)
-	echo "$$build_gradle_content" | base64 -d  > $(ROOTDIR)/build.gradle
-	echo "$$mkbootfs_patch_content" | base64 -d > $(ROOTDIR)/1.diff
+	echo "$$log_h_content" | base64 --decode > $(LOG_H)
+	echo "$$build_gradle_content" | base64 --decode  > $(ROOTDIR)/build.gradle
+	echo "$$mkbootfs_patch_content" | base64 --decode > $(ROOTDIR)/1.diff
 
+tt:
+	echo "$$mkbootfs_patch_content" | base64 --decode > 1.diff
diff --git a/settings.gradle b/settings.gradle
index 5f43896..de809ae 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -3,3 +3,4 @@ include 'bouncycastle:bcprov'
 include 'boot_signer'
 include 'abootimg'
 include 'mkbootfs'
+include 'bbootimg'
diff --git a/src/mkbootimg/mkbootimg b/src/mkbootimg/mkbootimg
index 5a13da2..ac20d05 100755
--- a/src/mkbootimg/mkbootimg
+++ b/src/mkbootimg/mkbootimg
@@ -57,7 +57,7 @@ def write_header(args):
         args.base + args.second_offset,                 # physical load addr
         args.base + args.tags_offset,                   # physical addr for kernel tags
         args.pagesize,                                  # flash page size we assume
-        0,                                              # future expansion: MUST be 0
+        args.header_version,                            # version of bootimage header
         (args.os_version << 11) | args.os_patch_level)) # os version and patch level
     args.output.write(pack('16s', args.board.encode())) # asciiz product name
     args.output.write(pack('512s', args.cmdline[:512].encode()))
@@ -66,10 +66,20 @@ def write_header(args):
     update_sha(sha, args.kernel)
     update_sha(sha, args.ramdisk)
     update_sha(sha, args.second)
+
+    if args.header_version > 0:
+        update_sha(sha, args.recovery_dtbo)
+
     img_id = pack('32s', sha.digest())
 
     args.output.write(img_id)
     args.output.write(pack('1024s', args.cmdline[512:].encode()))
+
+    if args.header_version > 0:
+        args.output.write(pack('I', filesize(args.recovery_dtbo)))           # size in bytes
+        args.output.write(pack('Q', args.base + args.recovery_dtbo_offset))  # physical load addr
+        args.output.write(pack('I', args.output.tell() + 4))                 # size of boot header
+
     pad_file(args.output, args.pagesize)
     return img_id
 
@@ -132,6 +142,7 @@ def parse_cmdline():
                         required=True)
     parser.add_argument('--ramdisk', help='path to the ramdisk', type=FileType('rb'))
     parser.add_argument('--second', help='path to the 2nd bootloader', type=FileType('rb'))
+    parser.add_argument('--recovery_dtbo', help='path to the recovery DTBO', type=FileType('rb'))
     parser.add_argument('--cmdline', help='extra arguments to be passed on the '
                         'kernel command line', default='', action=ValidateStrLenAction, maxlen=1536)
     parser.add_argument('--base', help='base address', type=parse_int, default=0x10000000)
@@ -139,6 +150,8 @@ def parse_cmdline():
     parser.add_argument('--ramdisk_offset', help='ramdisk offset', type=parse_int, default=0x01000000)
     parser.add_argument('--second_offset', help='2nd bootloader offset', type=parse_int,
                         default=0x00f00000)
+    parser.add_argument('--recovery_dtbo_offset', help='recovery dtbo offset', type=parse_int,
+                        default=0x0f000000)
     parser.add_argument('--os_version', help='operating system version', type=parse_os_version,
                         default=0)
     parser.add_argument('--os_patch_level', help='operating system patch level',
@@ -150,6 +163,7 @@ def parse_cmdline():
                         choices=[2**i for i in range(11,15)], default=2048)
     parser.add_argument('--id', help='print the image ID on standard output',
                         action='store_true')
+    parser.add_argument('--header_version', help='boot image header version', type=parse_int, default=0)
     parser.add_argument('-o', '--output', help='output file name', type=FileType('wb'),
                         required=True)
     return parser.parse_args()
@@ -160,6 +174,8 @@ def write_data(args):
     write_padded_file(args.output, args.ramdisk, args.pagesize)
     write_padded_file(args.output, args.second, args.pagesize)
 
+    if args.header_version > 0:
+        write_padded_file(args.output, args.recovery_dtbo, args.pagesize)
 
 def main():
     args = parse_cmdline()