$50 to the first person to figure this out...

Roman2025 · Jan 31, 2012

I am going insane because I really would like to be able to MODIFY EXISTING AINOL/PLOYER FIRMWARE IMAGES.... It would make my life (and the lives of my customers) SO MUCH EASIER.

So $50 (via Paypal) to the first person who can get on here and do the following with an existing OFFICIAL Ainol 2.3 firmware image. An additional $15 if you take the time to work on an ICS image as well as from what research I have done I think their are a few extra steps involved.

1. Using an existing OFFICIAL A10 firmware image, EXTRACT the image

2. Modify the extracted files

3. Repack the extracted image and successfully flash it using Livesuite

4. Write a detailed walk-through of how to do this along with download links to all the necessary tools.

5. I am able to follow the walkthrough you write-up using the tools you provide and REPEAT the above.

I already have Oracle VirtualBox running with Ubuntu 10.04 LTS installed so I don't expect you to go into how to set that up. Aside from that, I am running Windows 7 32-bit and I already have a fair bit of experience but when it comes to this I have done a ton of research and my head is still spinning.

Thanks for your help in advance. I am happy to pay whoever can fulfill all of the above. I am at my wits end trying to figure it out on my own.

Kind Regards,

Roman

ainolmodder · Feb 2, 2012

I can easily extract, reconfigure (renaming extracted stuff, etc), and repack any image, although GB only, I need some more work on the ICS front, but I think it can be done. Will write some automated tools and instructions!

ainolmodder · Feb 2, 2012

Here you go, I've dropped together a little tool what can extract and repack any A10 image (sadly repacking is very dependent on the layout - it can only work on one at a time. I'll add a proper ICS layout and automatic selection of it as soon as possible, but for now, it's ONLY GingerBread repacking!).

Features:
- Extract and repack any GB A10 firmware, even after modding (recreates hash verification files)
- Proper extraction of any firmware
- Edited image config for just this very one goal
- Proper repacking of any GingerBread firmware (what has no plus files, like userdata and cache included)

As I said, in the near future I'll make an ICS layout and automatic selection of the ICS layout when it's detected, but for now, it's only GB. ICS needs some re-working of the layout config file, and I'm not 100% sure that the new config I made works. Will post some more information later.

Usage:
- Installation:
Extract the zip file somewhere. Copy any image next to the two bat files and go on the next point.
- Extract firmware:
Using Windows Command Line, cd into the directory with the bat files and issue the following command:

Code:

extract_img.bat [img_name]

This will extract the image and set up the working folders.
- Edit the extracted firmware:
The files you might want to edit are the RFSFAT16 ones. BOOTFS is a simple FAT16 image, use MagicISO (or any other ISO managing app) to open and edit it. SYSTEMFS, ROOTFS, and RECOVERYFS are all ext4 images, you can't directly edit them on Windows (atleast by my information). But you can mount them on any Linux machine. SYSTEMFS holds the /system file structure, ROOTFS is the initram (init.rc, default.prop, initlogo, etc), and RECOVERYFS is the recovery.
- Repack the firmware
Still using WCL, use the following:

Code:

repack_img.bat [output_img_name]

This will take some time, but will create proper hash verification files for the four checked image: SYSTEMFS, BOOTFS, ROOTFS and RECOVERYFS. After that it will use my config file and eDragonEx to repack the image.

IT IS VERY IMPORTANT TO DO NOT CHANGE ANY NAMINGS IN THE DIRECTORIES, MOSTLY WORK! IF YOU DO, BUILDING WILL BREAK.
eDragonEx is the property of AllWinner Technologies Inc., and this package should not be distributed or used in any commercial way. If you do upload it somewhere other place than this, I ask you to copy this exact tutorial and licensing information with it, and also link back to this post. It would be nice to see my name there too ;D

Roman2025 · Feb 2, 2012

God I love Capitalism lol

And here is your socialism as everyone is welcome to use this! I will start testing immediately. If this works, this is a HUGE THANK YOU and please PM me as to what paypal address to send payment to!

Thanks,
Roman

EDIT: Security Essentials Detected a trojan in the unimg.exe file?

EDIT: How do you actually "mount" them in linux? That is what I couldn't figure out. What command do you use to actually do the mounting?

FezzFest · Feb 2, 2012

It's a false positive. I've been using UnImg.exe (from SoChip_Modding_Tools) for a while and since the latest MSE malware definitions it gives this message.

Mount in linux with the following command:

Code:

<br />
mount -t ext4 <image-file> <mount-point><br />

ainolmodder · Feb 2, 2012

Exactly as FezzFest said. Also you can easily mount them on-device, and edit the images, and it's actually easier there (well, through ADB for sure - as the device has the target UIDs and GUIDs, plus all the commands can be directly tested out). Then when you're finished,

Code:

umount <mount-point>

and retrieve the final image.

In case of ICS it will be slightly different though. There will be no BOOTFS and ROOTFS and RECOVERYFS, instead there will be BOOTLOADER (same FAT16 partition, but instead of kernel bImage, a u-boot binary is placed there), ENVIRONMENT (u-boot's boot parameters, DO NOT MODIFY), BOOT (standard Android bootimg format), and RECOVERY (standard Android bootimg format).

With ICS, it is possible to use DSIXDA's kitchen to extract the image files, and create a proper, CWM-flashable ROM. All you need to do is to rename the SYSTEM RFSFAT16 image to system.img and the BOOT RFSFAT to boot.img, then handle them as a usual ext4/bootimg pair. If you want me I'll upload one (stock Aurora ICS, or whatever you prefer, given that I have most A10 firmware images), but you'll need CWM for that to flash.

To install CWM (well, with ICS), simply download the latest image from fun_'s thread at XDA, and replace the RECOVERY image inside the work folder, then repack. After flashing that firmware, you'll have CWM by default.

EDIT:

Finished ICS version, with proper layout, etc. It generates validation files too.
The layout is based on the Aurora ICS firmware, so any difference to that will result in a script parsing error.

This release shares the same licensing of the GB version.

Roman2025 · Feb 2, 2012

Awesome, let me try to mount this on my Linux vbox (I am not quite sure how to do it via ADB on the actual device...

...perhaps a bit more explanation? I have some linux experience (mostly using Ubuntu Server to Run Snort and Squid) but just consider me a noob

) and make the image modifications and then repack the image.

Cheers,

Roman

It I test, it works, your paid

EDIT: So when I try to mount I run this command: "sudo mount -t ext4 /home/roman/Desktop/work/RSFAT16_LSYSTEMFS_000000 /home/roman/Desktop/elf

and I get this error:

mount: /home/roman/Desktop/work/RSFAT16_LSYSTEMFS_000000 is not a block device (maybe try '-o loop'?)

GOT IT

I added -o loop to the end... duh...

ainolmodder · Feb 2, 2012

Roman2025 said:
Awesome, let me try to mount this on my Linux vbox (I am not quite sure how to do it via ADB on the actual device...

...perhaps a bit more explanation? I have some linux experience (mostly using Ubuntu Server to Run Snort and Squid) but just consider me a noob

) and make the image modifications and then repack the image.

Cheers,

Roman

It I test, it works, your paid

Oh, ADB beginner

No worries!
I hope you got the Android SDK installed, if not, follow this:
http://forum.xda-developers.com/showthread.php?t=1152148

You don't need to do Step 3 or any further.
BUT, instead, go to System Settings (right click Computer in Start Menu and select Properties), go to Advanced System Settings on the left, then Environment Variables. Add your sdk\tools and sdk\platform-tools paths to the PATH variable (bottom box, edit the Path line, and add the whole path, like, C:\android-sdk-windows\tools;C:\android-sdk-windows\platform-tools; to the end, remember, separate the entries, separation character is ";"). After that, enable USB debugging on your tab, and in a command line, type "adb shell". You'll get into a familiar unix shell, where you can do anything. That shell is your device's shell, you can remotely do anything with it. Pushing files is easy too: "adb push [local path to file] [where you want that file to be on device]". Pulling a file from the device is the same: "adb pull [remote file on device]" -> this will pull to your local directory of the Command Line. "adb remount" basically remounts /system rw, so you can do changes there too. That's all for now

ainolmodder · Feb 2, 2012

Yup.
This way you can edit your scripts a bit (to write into something like /system2, and mount the image there), and use them, then you have a whole image edited.
Beware though, thanks to Ainol going more AOSP, it is not possible to edit initramfs (files in /, like init.rc), as it's a gzipped cpio container, and not mounted directly on boot.

Roman2025 · Feb 2, 2012

I was wanting to modify the /data/app and /data/data folders... Where would I do that?

ainolmodder · Feb 2, 2012

Those aren't included in any stock ROM and would be kinda hard to add on a generic level. You can't edit /data from the extracted images as such.

Roman2025 · Feb 2, 2012

Okay, so I tried to repack it into an image file and here is how it went down:

E:\Users\Roman\Desktop\ImageSuite>repack_img.bat Novo7Elf_Android_2.3_FirmwareT
NT.img
Deleted file - E:\Users\Roman\Desktop\ImageSuite\work\RFSFAT16_VBOOTFS_00000000

Deleted file - E:\Users\Roman\Desktop\ImageSuite\work\RFSFAT16_VRECOVERYFS_0000

Deleted file - E:\Users\Roman\Desktop\ImageSuite\work\RFSFAT16_VROOTFS_00000000

Deleted file - E:\Users\Roman\Desktop\ImageSuite\work\RFSFAT16_VSYSTEMFS_000000

E:\Users\Roman\Desktop\ImageSuite\dragon\AWPluginvector.dllE:\Users\Roman\Desk
top\ImageSuiteBuildImg 0

E:\Users\Roman\Desktop\ImageSuite>

It did output an image file but Livesuite would not flash it

ainolmodder · Feb 2, 2012

Damn thing... was it with the ICS or the GB one? Also can you tell me the error code?

ainolmodder · Feb 2, 2012

I'm basing all my work on the tools provided by Ainol (they can create valid, flashable images, murphy666 used that to make his images). But for some weird reason, with the almost exact same setup, mine generates a non-working image, what LiveSuite drops back, as "Invalid Image" (Momo released the latest LiveSuitPack, 1.0.9, what has proper english interface, plus a lot more debugging, it tells me exactly what's the problem, "invalid image"). I'm thinking there might be some signature stuff involved. This is more than possible, as the PhoenixUSBPro tool takes a key file too. Stock images can be flashed with that key, non-stock ones can not be.

kmobile28 · Jul 18, 2013

Thank You.

FezzFest · Feb 2, 2012

The SHA1 checksum of rebuilded image does not match the checksum of the original image.
Flashing the newly created *.img gives the error 'Image file invalid' in the LiveSuite.

Murphy666 used the Ainol provided crane_pack executable to make an image from the compiled AOSP files. Maybe we can analyse this tool?

ainolmodder · Feb 2, 2012

As far as I know, that tool launches pack.bat, just next to the exe, with matching parameters (path to files, board name, etc). I got the same (tried flashing my semi-dead Aura, it worked with stock images). I'll look into crane_pack.exe, to see how it does what it does.

Roman2025 · Feb 2, 2012

Thanks for continuing to dig on this

.

ainolmodder · Feb 2, 2012

Of course I keep digging, I need file format info about the image files, if I want to finish my ultimate A10 modding tool

ainolmodder · Feb 5, 2012

Thanks to FezzFest's discoveries, I finished up a working ICS and GB combined ImageSuite, what can make flashable ICS and GB firmwares.
Big thanks goes to FezzFest (as mentioned) as he made the discovery that unimg.exe can actually reverse the process, thus create a proper image.

Usage:
- Use extract_img.bat [imagefile] to extract the image
- Modify what you want (RFSFAT16 images mostly)
- Use the repacker bats: repack_[version].bat [outimage]

Roman2025 · Feb 5, 2012

Awesome, round 2

, I am going to make a go of it and see what happens!

-Roman

naydimme · Feb 6, 2012

Hi, could you please tell me what could I change to an stock ICS ROM for the Novo 7 Avdanced, to make touchscreen work in an OEM novo 7 Advanced? What are the changeable parameters to configure the touchscreen drivers? Every ROM I try works but the touch system is inverted. I'm receiving a GB original ROM for my device, could I look for the driver info in this ROM and then apply it to the Ainol Official ICS ROM???

Thank you for your big effort.

Roman2025 · Feb 6, 2012

My guess is you would have to have both Image files. You would pull the appropriate drivers from the one and put them in the other. You would have to unpack both and repack both using this tool. The nice thing is that at least you wouldn't have to compile everything from scratch and can now (thanks to all the hard work that has been done on here by Ainolmodder and others) instead modify existing known-good firmware.

Cheers,

Roman

Roman2025 · Feb 6, 2012

OKAY - PAID! I did the full $65 even though I haven't tested with an ICS image. I hope you will be around though in case I need more help with it lol.

Also, this whole "bounty" system worked delightfully well and as I encounter more issues and problems I foresee paying out more money to forum users like yourself who are willing to help. All for money motivation lol

Cheers and thanks a ton!

Roman

ainolmodder · Feb 6, 2012

Of course I'm here, I'm now trying to reverse engineer the unimg.exe, and create an image making C# code what would accompany my code so far (made some stuff, replaced most of the Ainol tools, etc).

Roman2025 · Feb 8, 2012

Ran into an issue with a Ployer Momo 9 image. I am working on the /system file after having extracted the image. I mounted the file in Linux. So far so good. Then I run into this problem. If I delete out apps... it doesn't free up space. I can delete 70 MB worth of apps and the free space does not change. This is a problem when there is only 53 MB available to begin with

. Any thoughts?

Mount -t ext4 /somefolder/file someotherfolder/folder/ -o loop

that is the command i am using to mount...

Thanks,

Roman

alican · Feb 7, 2012

Good job guys,now we are waiting clean and more stable than stock's roms from you!

ainolmodder · Feb 8, 2012

This has NO virus in it I can assure everyone. It's the script in unimg.exe - it is heuristically identified as a malware, as it uses a malware-like code to scramble through the image file.

fatesausage · Feb 10, 2012

This is outstanding! Can't wait to see some mashups on here of different ROMS. Guess this means someone could release a better version of ICS for the Momo9 before Ployer releases one toward the end of the month... Now it's just a matter of touchscreen drivers on most devices. Haven't tried it yet, but I will eventually.

Heryzi · Feb 12, 2012

when i try to mount system i get this error:

[ 334.138253] EXT4-fs (loop0): VFS: Can't find ext4 filesystem
can anyone help?

FezzFest · Feb 12, 2012

What OS are you running? What command do you use? What file are trying to mount? If you want to mount RFSFAT16_SYSTEM on ICS ROMs, you should use SIMG2IMG to unpack the image, then mount it. Make sure the OS you are running has ext4fs support.

Roman2025 · Feb 14, 2012

I am not able to mount an ICS image for some reason?

Roman2025 · Feb 14, 2012

figured it out on my own

. Finally found some description and a download of the simg2img tool!

ss383849 · Feb 24, 2012

where can i download the simg2img tool?Thnak you!

ampped101 · Feb 15, 2012

Im trying to unpack the image system files from bmorn. They are sha1 encoded in the header. Anyone have experience on breaking, and or modifying closed source image files?

pakron2801 · Feb 16, 2012

thank you, I want to remove chinese out off my way 555

NewModder · Feb 17, 2012

Noob question here, but where do you find these A10 firmware images?

xdx66 · Feb 19, 2012

download of the simg2img tool???

$50 to the first person to figure this out...

Attachments

Attachments

Attachments

Top Contributors this Month

Recommended Communities