在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
开源软件名称:Android_boot_image_editor开源软件地址:https://gitee.com/cfig/Android_boot_image_editor开源软件介绍:Android_boot_image_editorA tool for reverse engineering Android ROM images. Getting Startedinstall required packagesLinux: Mac: Mac: Make sure you have Windows Subsystem for Linux(WSL): Windows: Make sure you have Parsing and packingPut your boot.img to current directory, then start gradle 'unpack' task: cp <original_boot_image> boot.img./gradlew unpack Your get the flattened kernel and /root filesystem under ./build/unzip_boot: build/unzip_boot/├── boot.json (boot image info)├── boot.avb.json (AVB only)├── kernel├── second (2nd bootloader, if exists)├── dtb (dtb, if exists)├── dtbo (dtbo, if exists)└── root (extracted initramfs) Then you can edit the actual file contents, like rootfs or kernel.Now, pack the boot.img again ./gradlew pack You get the repacked boot.img at $(CURDIR): boot.img.signed Well done you did it! The last step is to star this repo :smile live demo
Supported ROM image types
Please note that the boot.img MUST follows AOSP verified boot flow, either Boot image signature in VBoot 1.0 or AVB HASH footer (a.k.a. AVB) in VBoot 2.0. hacking mode*: Open build.gradle.kts, Line #8, change val bHackingMode = false to val bHackingMode = true This will enable c++ modules, which is necessary for working with sparse images. compatible devices
more examplesworking with recovery.imgPlease remember to clean the work directory first. rm *.imgcp <your_recovery_image> recovery.img./gradlew unpack./gradlew pack working with vbmeta.imgrm *.imgcp <your_vbmeta_image> vbmeta.img./gradlew unpack./gradlew pack working with boot.img and vbmeta.imgIf your vbmeta.img contains hash of boot.img, you MUST update vbmeta image together. rm *.imgcp <your_boot_image> boot.imgcp <your_vbmeta_image> vbmeta.img./gradlew unpack./gradlew pack Your boot.img.signed and vbmeta.img.signd will be updated together, then you can flash them to your device. working with vendor_boot.img + vbmeta.img (Pixel 5 etc.)Most devices include hash descriptor of vendor_boot.img in vbmeta.img, so if you need to modify vendor_boot.img, you need to update vbmeta.img together.rm *.imgcp <your_vendor_boot_image> vendor_boot.imgcp <your_vbmeta_image> vbmeta.img./gradlew unpack./gradlew pack./gradlew flash Please note that to use 'gradle flash', your host machine must be connectted to your DUT with adb, and you already 'adb root'. working with system.imgFirst enable hacking mode by setting cp <your_system_image> system.img./gradlew unpack You get How to disable AVB verificationThe idea is to set flag=2 in main vbmeta. rm *.imgcp <your_vbmeta_image> vbmeta.img./gradlew unpackvim -u NONE -N build/unzip_boot/vbmeta.avb.json -c ":19s/0/2/g" -c ":wq"./gradlew pack Then flash vbmeta.img.signed to your device. boot.img layoutRead layout of Android boot.img and vendor_boot.img. References and Acknowledgementmore ...Android version list https://source.android.com/source/build-numbers.html cpio & fs_config This project is developed with products by Jetbrains. |
请发表评论