diff --git a/README.md b/README.md index 9abba3e..71a9edc 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,46 @@ # Nexus_boot_image_editor -edit boot.img for Nexus Devices - [![Build Status](https://travis-ci.org/cfig/Nexus_boot_image_editor.svg?branch=master)](https://travis-ci.org/cfig/Nexus_boot_image_editor) +Utilies for editing Nexus(or Nexus compatible) devices boot.img , then you don't need full Android source code to edit your boot images. + +## Prerequisite +#### Host OS requirement: + +The unpacking task only works on Linux, the packing task can work on Linux & OSX. +So the recommended OS is Linux. + +#### Target Android requirement: + +(1) Targeted boot.img MUST follows AOSP [verified boot flow](https://source.android.com/security/verifiedboot/index.html), which means it packs linux kernel and rootfs together, then sign it with OEM/USER keys. + +(2) These utilities are known to work for Nexus (or Nexus compatible) boot.img for the following Android releases: + + - Marshmallow (API Level 23) + - Lollipop (API Level 21,22) + +You can get a full [Android version list](https://source.android.com/source/build-numbers.html) here. + +## Usage +First put your boot.img at **$(CURDIR)/boot.img**, then start gradle 'unpack' task: + + cp boot.img + ./gradew unpack + +Your get the flattened kernel and /root filesystem under **$(CURDIR)/build/unzip\_boot**: + + build/unzip_boot/ + ├── bootimg.cfg + ├── kernel + └── root -## [usage] -TBD +Then you can edit the actual file contents, like rootfs or kernel. +Now, pack the boot.img again + ./gradew pack -## test -filename: src/test/resources/boot.img +You get the repacked boot.img at $(CURDIR): -extracted from Nexus 5x(code: bullhead) factory images from [Google](https://dl.google.com/dl/android/aosp/bullhead-mda89e-factory-29247942.tgz) + boot.img.signed +## example & test +An example boot.img has been placed at **src/test/resources/boot.img**, which is extracted from Nexus 5x(code: bullhead) factory images from [Google](https://dl.google.com/dl/android/aosp/bullhead-mda89e-factory-29247942.tgz), you can take it as a quick start. diff --git a/boot.mk b/boot.mk deleted file mode 100644 index 4137f8a..0000000 --- a/boot.mk +++ /dev/null @@ -1,93 +0,0 @@ -.DEFAULT_GOAL := flat - -SHELL := /bin/bash -WORK_DIR := unzip_boot - -help: - @echo "flat : boot.subimg -> unzip_boot/*" - @echo "boot.img : unsigned boot image" - @echo "boot.subimg : signed boot image" - @echo "addon : (recovery only) add additional tools" - -.PHONY: flat -flat: - rm -fr $(WORK_DIR) - mkdir -p $(WORK_DIR)/root - abootimg -x boot.subimg $(WORK_DIR)/bootimg.cfg $(this_kernel) $(this_ramdisk).gz - gzip -c -d $(this_ramdisk).gz > $(this_ramdisk) - rm $(this_ramdisk).gz - cd $(WORK_DIR)/root && \ - cpio -i -F ../ramdisk.img - @rm $(WORK_DIR)/ramdisk.img - @echo && echo "===================================" && file $(WORK_DIR)/* && echo "===================================" -kernel_cmdline := "$(shell grep -Po '(?<=cmdline = ).*' $(WORK_DIR)/bootimg.cfg)" -this_root := $(WORK_DIR)/root -this_kernel := $(WORK_DIR)/kernel -this_ramdisk := $(WORK_DIR)/ramdisk.img -ifeq '$(TARGET_PRODUCT)' '' -$(warning NON-android) -this_verity_key := tools/security/verity -else -$(warning android) -this_verity_key := build/target/product/security/verity -endif - -.INTERMEDIATE: $(this_ramdisk).gz boot.img -$(this_ramdisk).gz: $(this_root) - mkbootfs $< | gzip > $@ -boot.img: $(this_ramdisk).gz $(this_kernel) - mkbootimg \ - --kernel $(this_kernel) \ - --ramdisk $(this_ramdisk).gz \ - --cmdline "$(shell echo $(kernel_cmdline))" \ - --base 0x01000000 \ - --output $@ -boot.subimg: boot.img - $(call signer,/boot,$<,$@) - -define signer - boot_signer $(1) $(2) $(this_verity_key).pk8 $(this_verity_key).x509.pem $(3) -endef - -mkfile_path := $(abspath $(lastword $(MAKEFILE_LIST))) -real_mkfile_path := $(shell readlink $(mkfile_path)) - -libs := libc.so libcrypto.so libcutils.so libm.so libselinux.so libstdc++.so libpcre.so liblog.so libnetutils.so libsysutils.so libutils.so libbacktrace.so libstlport.so libgccdemangle.so libunwind.so libunwind-ptrace.so -bins := toolbox sh linker netcfg logd logcat -addon: | unzip_boot/root/system/bin -addon: | unzip_boot/root/system/lib -addon: INITRC := unzip_boot/root/init.recovery.marvellberlin.rc -addon: - #initrc - echo "service console /system/bin/sh" > $(INITRC) - echo " console" >> $(INITRC) - echo " user root" >> $(INITRC) - echo " group root" >> $(INITRC) - echo >> $(INITRC) - echo "service logd /system/bin/logd" >> $(INITRC) - echo " socket logd stream 0666 logd logd" >> $(INITRC) - echo " socket logdr seqpacket 0666 logd logd" >> $(INITRC) - echo " socket logdw dgram 0222 logd logd" >> $(INITRC) - echo " seclabel u:r:logd:s0" >> $(INITRC) - #recovery - #cp out/target/product/$(TARGET_PRODUCT)/system/bin/recovery unzip_boot/root/sbin/ - #@cp -v out/target/product/$(TARGET_PRODUCT)/obj/EXECUTABLES/recovery_intermediates/recovery unzip_boot/root/sbin/ - #bin - @$(foreach item,$(bins), \ - cp -v out/target/product/$(TARGET_PRODUCT)/system/bin/$(item) unzip_boot/root/system/bin/; $(newline)) - #lib - @$(foreach item,$(libs), \ - cp -v out/target/product/$(TARGET_PRODUCT)/system/lib/$(item) unzip_boot/root/system/lib/; $(newline)) - #@cp -v out/target/product/$(TARGET_PRODUCT)/system/etc/sepolicy.recovery unzip_boot/root/sepolicy - @cp -v out/target/product/$(TARGET_PRODUCT)/obj/ETC/sepolicy.recovery_intermediates/sepolicy.recovery unzip_boot/root/sepolicy - - -unzip_boot/root/system/bin: - mkdir $@ -unzip_boot/root/system/lib: - mkdir $@ - -#service console /system/bin/sh -# console -# user root -# group root diff --git a/bouncycastle/Android.mk b/bouncycastle/Android.mk deleted file mode 100644 index 86cd8d6..0000000 --- a/bouncycastle/Android.mk +++ /dev/null @@ -1,143 +0,0 @@ -# -# Copyright (C) 2010 The Android Open Source Project -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -LOCAL_PATH := $(call my-dir) - -# used for bouncycastle-hostdex where we want everything for testing -all_bcprov_src_files := $(call all-java-files-under,bcprov/src/main/java) - -# used for bouncycastle for target where we want to be sure to use OpenSSLDigest -android_bcprov_src_files := $(filter-out \ - bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java, \ - $(all_bcprov_src_files)) - -# used for bouncycastle-host where we can't use OpenSSLDigest -ri_bcprov_src_files := $(filter-out \ - bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java \ - bcprov/src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java, \ - $(all_bcprov_src_files)) - -# These cannot build in the PDK, because the PDK requires all libraries -# compile against SDK versions. LOCAL_NO_STANDARD_LIBRARIES conflicts with -# this requirement. -ifneq ($(TARGET_BUILD_PDK),true) - - include $(CLEAR_VARS) - LOCAL_MODULE := bouncycastle - LOCAL_MODULE_TAGS := optional - LOCAL_SRC_FILES := $(android_bcprov_src_files) - LOCAL_JAVACFLAGS := -encoding UTF-8 - LOCAL_JAVA_LIBRARIES := core-libart conscrypt - LOCAL_NO_STANDARD_LIBRARIES := true - LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt - LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk - include $(BUILD_JAVA_LIBRARY) - - # non-jarjar version to build okhttp-tests - include $(CLEAR_VARS) - LOCAL_MODULE := bouncycastle-nojarjar - LOCAL_MODULE_TAGS := optional - LOCAL_SRC_FILES := $(android_bcprov_src_files) - LOCAL_JAVACFLAGS := -encoding UTF-8 - LOCAL_JAVA_LIBRARIES := core-libart conscrypt - LOCAL_NO_STANDARD_LIBRARIES := true - LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk - include $(BUILD_STATIC_JAVA_LIBRARY) - - # unbundled bouncycastle jar - include $(CLEAR_VARS) - LOCAL_MODULE := bouncycastle-unbundled - LOCAL_MODULE_TAGS := optional - LOCAL_SDK_VERSION := 9 - LOCAL_SRC_FILES := $(ri_bcprov_src_files) - LOCAL_JAVACFLAGS := -encoding UTF-8 - LOCAL_MODULE_TAGS := optional - LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk - include $(BUILD_STATIC_JAVA_LIBRARY) -endif # TARGET_BUILD_PDK != true - -# This is used to generate a list of what is unused so it can be removed when bouncycastle is updated. -# Based on "Finding dead code" example in ProGuard manual at http://proguard.sourceforge.net/ -.PHONY: bouncycastle-proguard-deadcode -bouncycastle-proguard-deadcode: $(full_classes_compiled_jar) $(full_java_libs) - $(PROGUARD) \ - -injars $(full_classes_compiled_jar) \ - -libraryjars "$(call normalize-path-list,$(addsuffix (!org/bouncycastle/**.class,!com/android/org/conscrypt/OpenSSLMessageDigest.class),$(full_java_libs)))" \ - -dontoptimize \ - -dontobfuscate \ - -dontpreverify \ - -ignorewarnings \ - -printusage \ - -keep class org.bouncycastle.jce.provider.BouncyCastleProvider "{ public protected *; }" \ - -keep class org.bouncycastle.jce.provider.symmetric.AESMappings "{ public protected *; }" \ - -keep class org.bouncycastle.asn1.ASN1TaggedObject "{ public protected *; }" \ - -keep class org.bouncycastle.asn1.x509.CertificateList "{ public protected *; }" \ - -keep class org.bouncycastle.crypto.AsymmetricBlockCipher "{ public protected *; }" \ - -keep class org.bouncycastle.x509.ExtendedPKIXBuilderParameters "{ public protected *; }" \ - `(find $(LOCAL_PATH) -name '*.java' | xargs grep '"org.bouncycastle' | egrep ' (put|add)' | sed -e 's/");//' -e 's/.*"//'; \ - find $(LOCAL_PATH) -name '*.java' | xargs grep ' addHMACAlgorithm' | sed 's/"org.bouncycastle/\norg.bouncycastle/g' | grep ^org.bouncycastle | sed 's/".*//'; \ - find . -name '*.java' | xargs grep 'import org.bouncycastle' | grep -v /bouncycastle/ | sed -e 's/.*:import //' -e 's/;//') \ - | sed -e 's/^/-keep class /' -e 's/$$/ { public protected \*; } /' | sort | uniq` \ - -keepclassmembers "class * { \ - static final % *; \ - static final java.lang.String *; \ - }" \ - -keepclassmembers "class * implements java.io.Serializable { \ - private static final java.io.ObjectStreamField[] serialPersistentFields; \ - private void writeObject(java.io.ObjectOutputStream); \ - private void readObject(java.io.ObjectInputStream); \ - java.lang.Object writeReplace(); \ - java.lang.Object readResolve(); \ - }" \ - -keepclassmembers "interface org.bouncycastle.crypto.paddings.BlockCipherPadding { \ - abstract public java.lang.String getPaddingName(); \ - }" \ - -keepclassmembers "class * implements org.bouncycastle.crypto.paddings.BlockCipherPadding { \ - public java.lang.String getPaddingName(); \ - }" - -# Conscrypt isn't built in the PDK, so this cannot be built because it has a -# dependency on conscrypt-hostdex. -ifneq ($(TARGET_BUILD_PDK),true) - include $(CLEAR_VARS) - LOCAL_MODULE := bouncycastle-hostdex - LOCAL_MODULE_TAGS := optional - LOCAL_SRC_FILES := $(all_bcprov_src_files) - LOCAL_JAVACFLAGS := -encoding UTF-8 - LOCAL_MODULE_TAGS := optional - LOCAL_JAVA_LIBRARIES := conscrypt-hostdex - LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt - LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk - include $(BUILD_HOST_DALVIK_JAVA_LIBRARY) -endif - -include $(CLEAR_VARS) -LOCAL_MODULE := bouncycastle-host -LOCAL_MODULE_TAGS := optional -LOCAL_SRC_FILES := $(ri_bcprov_src_files) -LOCAL_JAVACFLAGS := -encoding UTF-8 -LOCAL_MODULE_TAGS := optional -LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk -include $(BUILD_HOST_JAVA_LIBRARY) - -include $(CLEAR_VARS) -LOCAL_MODULE := bouncycastle-bcpkix-host -LOCAL_MODULE_TAGS := optional -LOCAL_SRC_FILES := $(call all-java-files-under,bcpkix/src/main/java) -LOCAL_JAVACFLAGS := -encoding UTF-8 -LOCAL_MODULE_TAGS := optional -LOCAL_JAVA_LIBRARIES := bouncycastle-host -LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk -include $(BUILD_HOST_JAVA_LIBRARY) diff --git a/security/Android.mk b/security/Android.mk deleted file mode 100644 index 5a40397..0000000 --- a/security/Android.mk +++ /dev/null @@ -1,12 +0,0 @@ -LOCAL_PATH:= $(call my-dir) - -####################################### -# verity_key -include $(CLEAR_VARS) - -LOCAL_MODULE := verity_key -LOCAL_SRC_FILES := $(LOCAL_MODULE) -LOCAL_MODULE_CLASS := ETC -LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) - -include $(BUILD_PREBUILT) diff --git a/src/libmincrypt/tools/Android.mk b/src/libmincrypt/tools/Android.mk deleted file mode 100644 index 3154914..0000000 --- a/src/libmincrypt/tools/Android.mk +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright (C) 2008 The Android Open Source Project -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -LOCAL_PATH := $(call my-dir) - -include $(CLEAR_VARS) -LOCAL_MODULE := dumpkey -LOCAL_SRC_FILES := DumpPublicKey.java -LOCAL_JAR_MANIFEST := DumpPublicKey.mf -LOCAL_STATIC_JAVA_LIBRARIES := bouncycastle-host -include $(BUILD_HOST_JAVA_LIBRARY) diff --git a/src/main/resources/mkbootfs b/src/main/resources/mkbootfs deleted file mode 100755 index 6129919..0000000 Binary files a/src/main/resources/mkbootfs and /dev/null differ diff --git a/src/main/resources/mkbootimg b/src/main/resources/mkbootimg deleted file mode 100755 index d9e4f2c..0000000 Binary files a/src/main/resources/mkbootimg and /dev/null differ