How to Extract Android Kernel And Modify The Boot Ramdisk (Android 4.4) on Allwinner based Processor

extract android kernel.md

Extracting Existing Kernel + Ramfs

Enter the machine using adb shell

Run cat /proc/partitions

  #  Path                     Purpose        Size
  0 /dev/block/mmcblk0                       7761920
  1 /dev/block/mmcblk0p1      data           6085631
  2 /dev/block/mmcblk0p2      bootloader     16384
  3 /dev/block/mmcblk0p3                     1
  5 /dev/block/mmcblk0p5      uboot          16384
  6 /dev/block/mmcblk0p6      kernel         16384
  7 /dev/block/mmcblk0p7      system         786432
  8 /dev/block/mmcblk0p8      misc           16384
  9 /dev/block/mmcblk0p9      recovery       32768
 10 /dev/block/mmcblk0p10     sysrecovery    16384
 11 /dev/block/mmcblk0p11     private        16384
 12 /dev/block/mmcblk0p12     Reserve0       16384
 13 /dev/block/mmcblk0p13     klog           32768
 14 /dev/block/mmcblk0p14     Reserve1       16384
 15 /dev/block/mmcblk0p15     Reserve2       655360

Dump the partition to a file using dd

dd if=/dev/block/mmcblk0p6 of=/data/kernel_ramfs.img

Extract it to your linux system adb pull /data/kernel_ramfs.img

Install abootimg

Run sudo apt-get install abootimg

Check the Kernel Dump

Run abootimg -i kernel_ramfs.img. It need to show

Android Boot Image Info:

* file name = kernel_ramfs.img

* image size = 16777216 bytes (16.00 MB)
  page size  = 2048 bytes

* Boot Name = ""

* kernel size       = 9797076 bytes (9.34 MB)
  ramdisk size      = 2017625 bytes (1.92 MB)

* load addresses:
  kernel:       0x40008000
  ramdisk:      0x41000000
  tags:         0x40000100

* empty cmdline
* id = 0x7c37c0d4 0xcefde745 0xe81b85ba 0xf05275ba 0xbe7de0ad 0x00000000 0x00000000 0x00000000

That means you dump the correct kernel+ramfs

Extract Kernel Dump

abootimg -x kernel_ramfs.img

It will extract zImage and also initrd.img

Extract Ramdisk, Modify And Repack

mkdir initrd
cd initrd
cat ../initrd.img | gunzip | cpio -vid

Modify the ramdisk accordingly (e.g. you modify init.rc or add another additonal files) Then repack accordingly

cd initrd
find . | cpio --create --format='newc' | gzip > ../myinitrd.img

Repacking Boot.Img

abootimg --create myboot.img -f bootimg.cfg -k zImage -r myinitrd.img

Adb Put and Redumping

adb push myboot.img /data/myboot.img
adb shell dd if=mybootimg of=/dev/block/mmcblk0p6

Reboot - And pray for the best

@petrosmp. In my case, simply unpacking and repacking without changing anything through

abootimg -x boot.img
rm -f boot.img
abootimg --create boot.img -f bootimg.cfg -k zImage -r initrd.img

results in a different boot.img (but of the same size) which doesn’t work on my Samsung Galaxy tab s3.

I did the same, and yeah, resulting images differ in two places.
In my case old Tolino Tab 7 at address 0x240:

and second at 0x400:

Generated boot image has 0x00 in those places.
Seems like abootimg is not aware about this extra info. Not sure if this is static or some generated content, like checksum etc.
Seems like second is some sort signing key maybe...

I am trying to read a GKI boot image and getting below error message.

abootimg -i boot.img boot.img: ramdisk size is null boot.img: not a valid Android Boot Image.

I am trying to read a GKI boot image and getting below error message.

abootimg -i boot.img boot.img: ramdisk size is null boot.img: not a valid Android Boot Image.

Maybe You are taking image of kernel partition instead boot. Check if file has all zeros. If yes then its just kernel partition that is unused and left in for compatibility reasons.
Check your patririon layout because it will vary between devices, for me it is:

root@android:/system/lib # ls -l /dev/block/mtd/by-name                        
lrwxrwxrwx root     root              2022-07-24 17:11 backup -> /dev/block/mtdblock4
lrwxrwxrwx root     root              2022-07-24 17:11 boot -> /dev/block/mtdblock2
lrwxrwxrwx root     root              2022-07-24 17:11 cache -> /dev/block/mtdblock5
lrwxrwxrwx root     root              2022-07-24 17:11 factory -> /dev/block/mtdblock8
lrwxrwxrwx root     root              2022-07-24 17:11 kernel -> /dev/block/mtdblock1
lrwxrwxrwx root     root              2022-07-24 17:11 kpanic -> /dev/block/mtdblock6
lrwxrwxrwx root     root              2022-07-24 17:11 misc -> /dev/block/mtdblock0
lrwxrwxrwx root     root              2022-07-24 17:11 recovery -> /dev/block/mtdblock3
lrwxrwxrwx root     root              2022-07-24 17:11 system -> /dev/block/mtdblock7
lrwxrwxrwx root     root              2022-07-24 17:11 userdata -> /dev/block/mtdblock9

So I had to dump /dev/block/mtdblock2.

EDIT: Oh, and I'm connecting trough ssh using SimpleSSHD instead of adb.

EDIT2: Also you may be using original source from 2012. Check this patch for new devices:
johnstultz-work/abootimg@db11799

this is what it looks like for me

pretty empty, is that normal?

or is this because of magisk

DO NOT DO THIS WITHOUT BACKUP YOUR DEVICE'S ORIGINAL boot.img

otherwise, you will end up damage your kernal and can't recover your kernal by repacking boot.img

If worst comes to worst, most phone have their entire system uploaded to Lolinet Mirrors.

BTW, anyone here have a guide on how to mod a kernel with OrangeFox Recovery or Pitch Black Recovery? It would be amazing if someone did.

Device doesn't boot after flashing the repacked image. I didn't change anything in the config file, 🤔 why?