aiden
/
Android_boot_image_editor
mirror of https://github.com/cfig/Android_boot_image_editor
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Parsing and re-packing Android boot.img/vbmeta.img/payload.bin, supporting Android 13 preview
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
153 Commits
4 Branches
13 Tags
261 MiB
Java 61.2%
C 12.7%
Kotlin 12%
Python 10.9%
C++ 3%
Other 0.2%
 
 
 
 
 
 
master
rc
dev
bin
android-7.1.1_r6
android-10
android-11
android-8.1.0_r2
android-9
v12.0
v13
v13_r2
v13_r3
v14_r1
v14_r2
v14_r3
v15_r1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2d5a7b7019'
${ noResults }
Go to file
cfig 2d5a7b7019
migrate travis to actions 		4 years ago
.github/workflows migrate travis to actions 4 years ago
aosp vbmeta.img: verify during unpacking 4 years ago
avbImpl lots of stuff 4 years ago
bbootimg migrate travis to actions 4 years ago
doc first version compatible with Windows 10 4 years ago
gradle/wrapper lots of stuff 4 years ago
helper vbmeta.img: verify during unpacking 4 years ago
src lzma checking may crash, move to last 4 years ago
tools migrate travis to actions 4 years ago
.gitattributes add 'rr' task for 'reboot recovery' 6 years ago
.gitignore refine avbVerifier; fix AuthBlob bug 5 years ago
.gitmodules update integrationTest and gradle 'check' 6 years ago
LICENSE.md Update LICENSE.md 9 years ago
README.md migrate travis to actions 4 years ago
build.gradle.kts migrate travis to actions 4 years ago
gradlew lots of stuff 4 years ago
gradlew.bat migrate travis to actions 4 years ago
integrationTest.py lzma checking may crash, move to last 4 years ago
settings.gradle.kts lots of stuff 4 years ago

README.md

Android_boot_image_editor

CI License

A tool for reverse engineering Android ROM images.

Getting Started

install required packages

Mac: brew install lz4 xz dtc

Linux: sudo apt install git device-tree-compiler lz4 xz-utils zlib1g-dev openjdk-11-jdk gcc g++ python3

Windows: Make sure you have python3, JDK9+ and openssl properly installed. An easy way is to install Anaconda and Oracle JDK 11, then run the program under anaconda PowerShell.

Parsing and packing

Put your boot.img to current directory, then start gradle 'unpack' task:

cp <original_boot_image> boot.img
./gradlew unpack

Your get the flattened kernel and /root filesystem under ./build/unzip_boot:

build/unzip_boot/
├── boot.json     (boot image info)
├── boot.avb.json (AVB only)
├── kernel
├── second        (2nd bootloader, if exists)
├── dtb           (dtb, if exists)
├── dtbo          (dtbo, if exists)
└── root          (extracted initramfs)

Then you can edit the actual file contents, like rootfs or kernel. Now, pack the boot.img again

./gradlew pack

You get the repacked boot.img at $(CURDIR):

boot.img.signed

Well done you did it! The last step is to star this repo :smile

live demo

Supported ROM image types

Image Type file names
boot images boot.img, vendor_boot.img
recovery images recovery.img, recovery-two-step.img
vbmeta images vbmeta.img, vbmeta_system.img etc.
dtbo images dtbo.img

Please note that the boot.img MUST follows AOSP verified boot flow, either Boot image signature in VBoot 1.0 or AVB HASH footer (a.k.a. AVB) in VBoot 2.0.

compatible devices

Device Model Manufacturer Compatible Android Version Note
Pixel 3 (blueline) Google Y 11 (RP1A.200720.009,
2020)		 more ...
Pixel 3 (blueline) Google Y Q preview (qpp2.190228.023,
2019)		 more ...
Pixel XL (marlin) HTC Y 9.0.0 (PPR2.180905.006,
Sep 2018)		 more ...
K3 (CPH1955) OPPO Y for recovery.img
N for boot.img		 Pie more
Z18 (NX606J) ZTE Y 8.1.0 more...
Nexus 9 (volantis/flounder) HTC Y(with some tricks) 7.1.1 (N9F27M, Oct 2017) tricks
Nexus 5x (bullhead) LG Y 6.0.0_r12 (MDA89E)
Moto X (2013) T-Mobile Motorola N
X7 (PD1602_A_3.12.8) VIVO N ? Issue 35

more examples

  • recovery.img

If you are working with recovery.img, the steps are similar:

cp <your_recovery_image> recovery.img
./gradlew unpack
./gradlew pack
  • vbmeta.img
cp <your_vbmeta_image> vbmeta.img
./gradlew unpack
./gradlew pack
  • boot.img and vbmeta.img
cp <your_boot_image> boot.img
cp <your_vbmeta_image> vbmeta.img
./gradlew unpack
./gradlew pack

Your boot.img.signed and vbmeta.img.signd will be updated together.

boot.img layout

Read layout of Android boot.img and vendor_boot.img.

References

more ...

Android version list https://source.android.com/source/build-numbers.html
Android build-numbers https://source.android.com/setup/start/build-numbers

cpio & fs_config
https://android.googlesource.com/platform/system/core
https://www.kernel.org/doc/Documentation/early-userspace/buffer-format.txt
AVB
https://android.googlesource.com/platform/external/avb/
boot_signer
https://android.googlesource.com/platform/system/extras
mkbootimg
https://android.googlesource.com/platform/system/tools/mkbootimg/+/refs/heads/master/
kernel info extractor
https://android.googlesource.com/platform/build/+/refs/heads/master/tools/extract_kernel.py
mkdtboimg
https://android.googlesource.com/platform/system/libufdt/
libsparse
https://android.googlesource.com/platform/system/core/+/refs/heads/master/libsparse/
Android Nexus/Pixle factory images
https://developers.google.cn/android/images