aiden
/
Android_boot_image_editor
mirror of https://github.com/cfig/Android_boot_image_editor
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Parsing and re-packing Android boot.img/vbmeta.img/payload.bin, supporting Android 13 preview
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
128 Commits
4 Branches
13 Tags
261 MiB
Java 60.3%
Kotlin 13.2%
C 12.6%
Python 10.7%
C++ 2.9%
Other 0.3%
 
 
 
 
 
 
rc
master
dev
bin
android-7.1.1_r6
android-10
android-11
android-8.1.0_r2
android-9
v12.0
v13
v13_r2
v13_r3
v14_r1
v14_r2
v14_r3
v15_r1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4bce4a0f39'
${ noResults }
Go to file
cfig 4bce4a0f39
fix dtbo support 
- fix dtbo support with correct file path
 - refine README
 		5 years ago
aosp fix build on mac and older ubuntu 5 years ago
avbImpl mass update 6 years ago
bbootimg fix dtbo support 5 years ago
doc fix build on mac and older ubuntu 5 years ago
gradle/wrapper update gradle 6.4.1 6 years ago
src initial GKI images support 6 years ago
tools fix dtbo support 5 years ago
.gitattributes add 'rr' task for 'reboot recovery' 6 years ago
.gitignore refine avbVerifier; fix AuthBlob bug 6 years ago
.gitmodules update integrationTest and gradle 'check' 6 years ago
.travis.yml travis CI: install 'dtc' 6 years ago
LICENSE.md Update LICENSE.md 10 years ago
README.md fix dtbo support 5 years ago
build.gradle.kts mass update 6 years ago
gradlew update gradle 6.4.1 6 years ago
gradlew.bat update gradle 6.4.1 6 years ago
integrationTest.py Squashed commit of the following: 6 years ago
settings.gradle.kts Squashed commit of the following: 6 years ago

README.md

Android_boot_image_editor

Codacy Badge Build Status License

A tool for reverse engineering Android ROM images. (working on Linux and Mac)

Getting Started

Installation

  • install required packages

    sudo apt install device-tree-compiler lz4 zlib1g-dev cpio

  • get the tool

    git clone https://github.com/cfig/Android_boot_image_editor.git --depth=1

    or clone it from mirror:

    git clone https://gitee.com/cfig/Android_boot_image_editor.git --depth=1

Parsing and packing

Put your boot.img to current directory, then start gradle 'unpack' task:

cp <original_boot_image> boot.img
./gradlew unpack

Your get the flattened kernel and /root filesystem under ./build/unzip_boot:

build/unzip_boot/
├── boot.json     (boot image info)
├── boot.avb.json (AVB only)
├── kernel
├── second        (2nd bootloader, if exists)
├── dtb           (dtb, if exists)
├── dtbo          (dtbo, if exists)
└── root          (extracted initramfs)

Then you can edit the actual file contents, like rootfs or kernel. Now, pack the boot.img again

./gradlew pack

You get the repacked boot.img at $(CURDIR):

boot.img.signed

Well done you did it! The last step is to star this repo :smile

live demo

Supported ROM image types

Image Type file names
boot images boot.img, vendor_boot.img
recovery images recovery.img, recovery-two-step.img
vbmeta images vbmeta.img, vbmeta_system.img etc.
sparse images system.img, vendor.img etc.
dtbo images dtbo.img

Please note that the boot.img MUST follows AOSP verified boot flow, either Boot image signature in VBoot 1.0 or AVB HASH footer (a.k.a. AVB) in VBoot 2.0.

compatible devices

Device Model Manufacturer Compatible Android Version Note
Pixel 3 (blueline) Google Y Q preview (qpp2.190228.023,
2019)		 more ...
Pixel XL (marlin) HTC Y 9.0.0 (PPR2.180905.006,
Sep 2018)		 more ...
K3 (CPH1955) OPPO Y for recovery.img
N for boot.img		 Pie more
Z18 (NX606J) ZTE Y 8.1.0 more...
Nexus 9 (volantis/flounder) HTC Y(with some tricks) 7.1.1 (N9F27M, Oct 2017) tricks
Nexus 5x (bullhead) LG Y 6.0.0_r12 (MDA89E)
Moto X (2013) T-Mobile Motorola N
X7 (PD1602_A_3.12.8) VIVO N ? Issue 35

more examples

  • recovery.img

If you are working with recovery.img, the steps are similar:

cp <your_recovery_image> recovery.img
./gradlew unpack
./gradlew pack
  • vbmeta.img
cp <your_vbmeta_image> vbmeta.img
./gradlew unpack
./gradlew pack
  • boot.img and vbmeta.img
cp <your_boot_image> boot.img
cp <your_vbmeta_image> vbmeta.img
./gradlew unpack
./gradlew pack

Your boot.img.signed and vbmeta.img.signd will be updated together.

  • sparse vendor.img
cp <your_vendor_image> vendor.img
./gradlew unpack
./gradlew pack

You get vendor.img.unsparse, then you can mount it.

mkdir mnt
sudo mount -o ro vendor.img mnt

boot.img layout

Read layout of Android boot.img and vendor_boot.img.

References

boot_signer https://android.googlesource.com/platform/system/extras

cpio / fs_config https://android.googlesource.com/platform/system/core https://www.kernel.org/doc/Documentation/early-userspace/buffer-format.txt

AVB https://android.googlesource.com/platform/external/avb/

mkbootimg https://android.googlesource.com/platform/system/tools/mkbootimg/+/refs/heads/master/

Android version list https://source.android.com/source/build-numbers.html

kernel info extractor https://android.googlesource.com/platform/build/+/refs/heads/master/tools/extract_kernel.py

mkdtboimg https://android.googlesource.com/platform/system/libufdt/

libsparse https://android.googlesource.com/platform/system/core/+/refs/heads/master/libsparse/

Android Nexus/Pixle factory images https://developers.google.cn/android/images