Skip to content

Instantly share code, notes, and snippets.

@azureru
Last active August 9, 2024 19:12
Show Gist options
  • Save azureru/478fe60ee5b9ec545fa5eb286fb2c4be to your computer and use it in GitHub Desktop.
Save azureru/478fe60ee5b9ec545fa5eb286fb2c4be to your computer and use it in GitHub Desktop.
How to Extract Android Kernel And Modify The Boot Ramdisk (Android 4.4) on Allwinner based Processor

Extracting Existing Kernel + Ramfs

Enter the machine using adb shell

Run cat /proc/partitions

  #  Path                     Purpose        Size
  0 /dev/block/mmcblk0                       7761920
  1 /dev/block/mmcblk0p1      data           6085631
  2 /dev/block/mmcblk0p2      bootloader     16384
  3 /dev/block/mmcblk0p3                     1
  5 /dev/block/mmcblk0p5      uboot          16384
  6 /dev/block/mmcblk0p6      kernel         16384
  7 /dev/block/mmcblk0p7      system         786432
  8 /dev/block/mmcblk0p8      misc           16384
  9 /dev/block/mmcblk0p9      recovery       32768
 10 /dev/block/mmcblk0p10     sysrecovery    16384
 11 /dev/block/mmcblk0p11     private        16384
 12 /dev/block/mmcblk0p12     Reserve0       16384
 13 /dev/block/mmcblk0p13     klog           32768
 14 /dev/block/mmcblk0p14     Reserve1       16384
 15 /dev/block/mmcblk0p15     Reserve2       655360

Dump the partition to a file using dd

dd if=/dev/block/mmcblk0p6 of=/data/kernel_ramfs.img

Extract it to your linux system adb pull /data/kernel_ramfs.img

Install abootimg

Run sudo apt-get install abootimg

Check the Kernel Dump

Run abootimg -i kernel_ramfs.img. It need to show

Android Boot Image Info:

* file name = kernel_ramfs.img

* image size = 16777216 bytes (16.00 MB)
  page size  = 2048 bytes

* Boot Name = ""

* kernel size       = 9797076 bytes (9.34 MB)
  ramdisk size      = 2017625 bytes (1.92 MB)

* load addresses:
  kernel:       0x40008000
  ramdisk:      0x41000000
  tags:         0x40000100

* empty cmdline
* id = 0x7c37c0d4 0xcefde745 0xe81b85ba 0xf05275ba 0xbe7de0ad 0x00000000 0x00000000 0x00000000

That means you dump the correct kernel+ramfs

Extract Kernel Dump

abootimg -x kernel_ramfs.img

It will extract zImage and also initrd.img

Extract Ramdisk, Modify And Repack

mkdir initrd
cd initrd
cat ../initrd.img | gunzip | cpio -vid

Modify the ramdisk accordingly (e.g. you modify init.rc or add another additonal files) Then repack accordingly

cd initrd
find . | cpio --create --format='newc' | gzip > ../myinitrd.img

Repacking Boot.Img

abootimg --create myboot.img -f bootimg.cfg -k zImage -r myinitrd.img

Adb Put and Redumping

adb push myboot.img /data/myboot.img
adb shell dd if=mybootimg of=/dev/block/mmcblk0p6

Reboot - And pray for the best

@misiektw
Copy link

misiektw commented Jul 25, 2022

I am trying to read a GKI boot image and getting below error message.

abootimg -i boot.img boot.img: ramdisk size is null boot.img: not a valid Android Boot Image.

Maybe You are taking image of kernel partition instead boot. Check if file has all zeros. If yes then its just kernel partition that is unused and left in for compatibility reasons.
Check your patririon layout because it will vary between devices, for me it is:

root@android:/system/lib # ls -l /dev/block/mtd/by-name                        
lrwxrwxrwx root     root              2022-07-24 17:11 backup -> /dev/block/mtdblock4
lrwxrwxrwx root     root              2022-07-24 17:11 boot -> /dev/block/mtdblock2
lrwxrwxrwx root     root              2022-07-24 17:11 cache -> /dev/block/mtdblock5
lrwxrwxrwx root     root              2022-07-24 17:11 factory -> /dev/block/mtdblock8
lrwxrwxrwx root     root              2022-07-24 17:11 kernel -> /dev/block/mtdblock1
lrwxrwxrwx root     root              2022-07-24 17:11 kpanic -> /dev/block/mtdblock6
lrwxrwxrwx root     root              2022-07-24 17:11 misc -> /dev/block/mtdblock0
lrwxrwxrwx root     root              2022-07-24 17:11 recovery -> /dev/block/mtdblock3
lrwxrwxrwx root     root              2022-07-24 17:11 system -> /dev/block/mtdblock7
lrwxrwxrwx root     root              2022-07-24 17:11 userdata -> /dev/block/mtdblock9

So I had to dump /dev/block/mtdblock2.

EDIT: Oh, and I'm connecting trough ssh using SimpleSSHD instead of adb.

EDIT2: Also you may be using original source from 2012. Check this patch for new devices:
johnstultz-work/abootimg@db11799

@dxcvvxd
Copy link

dxcvvxd commented Sep 8, 2022

this is what it looks like for me
image

pretty empty, is that normal?

@dxcvvxd
Copy link

dxcvvxd commented Apr 3, 2023

or is this because of magisk

@AblertARock
Copy link

DO NOT DO THIS WITHOUT BACKUP YOUR DEVICE'S ORIGINAL boot.img

otherwise, you will end up damage your kernal and can't recover your kernal by repacking boot.img

If worst comes to worst, most phone have their entire system uploaded to Lolinet Mirrors.

@AblertARock
Copy link

BTW, anyone here have a guide on how to mod a kernel with OrangeFox Recovery or Pitch Black Recovery? It would be amazing if someone did.

@ABC00012345
Copy link

Device doesn't boot after flashing the repacked image. I didn't change anything in the config file, 🤔 why?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment