{"id":265,"date":"2014-04-14T05:21:05","date_gmt":"2014-04-14T12:21:05","guid":{"rendered":"http:\/\/bclary.com\/blog\/?p=265"},"modified":"2014-04-14T05:21:05","modified_gmt":"2014-04-14T12:21:05","slug":"splitting-and-packing-android-boot-images","status":"publish","type":"post","link":"https:\/\/bclary.com\/blog\/2014\/04\/14\/splitting-and-packing-android-boot-images\/","title":{"rendered":"Splitting and Packing Android Boot images"},"content":{"rendered":"

After wandering twisty little passages, all alike concerning rooting Android devices I decided the best way forward for devices with unlocked bootloaders was to root via modifying the default.prop values in the boot image. There are a number of different scripts available on various sites which purport to unpack and pack Android boot images, but it seemed that the best approach was to go to the source<\/a> and see how Android dealt with boot images.<\/p>\n

I created spbootimg and pkbootimg<\/a> from the official mkbootimg in order that it would properly handle official android boot images at least.<\/p>\n

spbootimg<\/h2>\n
\r\nusage: spbootimg\r\n       -i|--input \r\n<\/pre>\n
spbootimg splits an Android boot image file into separate files:<\/p>\n
* <bootimg-filename>-kernel – kernel
\n* <bootimg-filename>-first-ramdisk – ramdisk
\n* <bootimg-filename>-second-ramdisk – only created if it existed in the input boot image file.
\n* <bootimg-filename-header> – text file containing constants discovered in the boot image<\/p>\n
You can download the source for spbootimg and pkbootimg<\/a> and build it yourself. I don’t provide binaries because I do not wish people who do not understand the consequences of their actions to brick their devices.\n<\/p>\n
pkbootimg<\/h2>\n
\r\nusage: pkbootimg\r\n       --kernel \r\n       --kernel-addr 
\r\n       --ramdisk \r\n       --ramdisk-addr 
\r\n       [ --second <2ndbootloader-filename>]\r\n       [ --cmdline  ]\r\n       [ --board  ]\r\n       [ --pagesize  ]\r\n       --second-addr 
\r\n       --tags-addr 
\r\n       -o|--output \r\n<\/pre>\n
pkbootimg takes the output of spbootimg: a kernel file, a ramdisk file, an optional ramdisk file; and using the command line, board, page size and address information discovered in the original boot image, packs them into a new boot image which can be flashed onto a device using fastboot.<\/p>\n
default.prop<\/h2>\n
Looking at the source for adb.c<\/a>, we see that at a minimum we need a build of adb where ALLOW_ADBD_ROOT was set and either of the following was set in the ramdisk’s default.prop:<\/p>\n
\r\nro.secure=0<\/code>\r\n<\/pre>\n
or<\/p>\n
\r\nro.debuggable=1\r\nservice.adb.root=1\r\n<\/pre>\n
ro.secure=0<\/code> will result in adbd running as root by default. ro.debuggable=1<\/code> and service.adb.root=1<\/code> will allow you to run adbd as root via the adb root<\/code> command.<\/p>\n
If your device’s version of adb was not built with ALLOW_ADBD_ROOT set, you will need to build your own version and place it in the ramdisk at sbin\/adbd<\/code>.<\/p>\n
Once you are able to run adb<\/code> as root via adb root<\/code>, you will be able to remount the \/system\/<\/code> directory as writable and can install anything you wish.<\/p>\n
su<\/h2>\n
Some of the automation used in mozilla requires the use of a version of the su<\/code> command which has the same command line syntax as sh<\/code>. In particular, we require that su<\/code> support calling commands via su -c \"command args...\"<\/code>. You can possibly build your own version of su<\/code> which will run commands as root without access control or you can use one of the available “Superuser” apps which manage access to su<\/code> and provide some degree of security. I’ve found Koushik Dutta’s Superuser<\/a> to work well with Android up to 4.4.<\/p>\n
If you use Koushik’s Superuser, you will need at least version 1.0.3.0 and will need to make sure that the install-recovery.sh<\/code> script is properly installed so that Koushik’s su<\/code> runs as a daemon. This is automatically handled if you install Superuser.apk via a recovery image, but if you install Superuser manually, you will need to make sure to unpack Superuser.apk and manually install:<\/p>\n