高通固件解包IPQ6000固件解包
2024-04-23 10:35:37
Ubuntu18
Flash芯片型号是 GD9FS1G8F2AMGI,兆芯工业级 128Mx8,2K+128B Page,128K+8K Block。
芯片ID是 C8 A1 80 15 42
加载mtd和ubi模块
modprobe mtdblock
modprobe ubi加载nandsim模拟nand设备
modprobe nandsim first_id_byte=0xc8 second_id_byte=0xa1 third_id_byte=0x80 fourth_id_byte=0x15前三字节是厂商ID和芯片ID,重点是第四字节,决定了mtd设备的 Block Size 和 Page Size
查询刚nandsim生成的mtd设备
cat /proc/mtd
dev: size erasesize name
mtd0: 08000000 00020000 "NAND simulator partition 0"ls -la /dev/mtd*
crw------- 1 root root 90, 0 9月 17 10:33 /dev/mtd0
crw------- 1 root root 90, 1 9月 17 10:33 /dev/mtd0ro
brw-rw---- 1 root disk 31, 0 9月 17 10:33 /dev/mtdblock0mtdinfo /dev/mtd0
mtd0
Name: NAND simulator partition 0
Type: nand
Eraseblock size: 131072 bytes, 128.0 KiB
Amount of eraseblocks: 1024 (134217728 bytes, 128.0 MiB)
Minimum input/output unit size: 2048 bytes
Sub-page size: 512 bytes
OOB size: 64 bytes
Character device major/minor: 90:0
Bad blocks are allowed: true
Device is writable: true将 ubi 与 /dev/mtd0 关联
modprobe ubi mtd=0将 rootfs.ubi 加载到mtd设备,需要 mtd-utils 工具箱 (ubuntu apt install mtd-utils)
解除绑定
ubidetach /dev/ubi_ctrl -m 0我手上这个固件前面会有一个flash.scr的脚本,需要把这个脚本去掉才是ubi的镜像,另外这个bin文件有2个一模一样的ubi,结尾还有个desc table
只需要提取其中一个ubi就可以了。
定位ubi镜像方法简单,搜索ubi_ec_hdr结构体签名 55424923 即可,剔除前面的脚本部分,剔除第二个备份ubi,保存为 1.ubi,
大小是0xCE0000字节,保证是块大小对齐就是正确的
将ubi分区格式化并加载 1.ubi
ubiformat /dev/mtd0 -s 2048 -f 1.ubi -O 2048
ubiformat: mtd0 (nand), size 134217728 bytes (128.0 MiB), 1024 eraseblocks of 131072 bytes (128.0 KiB), min. I/O size 2048 bytes
libscan: scanning eraseblock 1023 -- 100 % complete
ubiformat: 1024 eraseblocks are supposedly empty
ubiformat: flashing eraseblock 102 -- 100 % complete
ubiformat: formatting eraseblock 1023 -- 100 % complete将ubi模块与已载入了rootfs.ubi的mtd模块关联 (-O 是 VID header offset)
ubiattach /dev/ubi_ctrl -m 0 -O 2048
UBI device number 0, total 1024 LEBs (130023424 bytes, 124.0 MiB), available 0 LEBs (0 bytes), LEB size 126976 bytes (124.0 KiB)查询ubi0信息
ubinfo /dev/ubi0
ubi0
Volumes count: 3
Logical eraseblock size: 126976 bytes, 124.0 KiB
Total amount of logical eraseblocks: 1024 (130023424 bytes, 124.0 MiB)
Amount of available logical eraseblocks: 0 (0 bytes)
Maximum count of volumes 128
Count of bad physical eraseblocks: 0
Count of reserved physical eraseblocks: 20
Current maximum erase counter value: 1
Minimum input/output unit size: 2048 bytes
Character device major/minor: 241:0
Present volumes: 0, 1, 2有3个卷,查询每个卷
root@meng-virtual-machine:~# ubinfo /dev/ubi0_0
Volume ID: 0 (on ubi0)
Type: static
Alignment: 1
Size: 50 LEBs (6348800 bytes, 6.1 MiB)
Data bytes: 3543536 bytes (3.4 MiB)
State: OK
Name: kernel
Character device major/minor: 241:1
root@meng-virtual-machine:~# ubinfo /dev/ubi0_1
Volume ID: 1 (on ubi0)
Type: dynamic
Alignment: 1
Size: 73 LEBs (9269248 bytes, 8.8 MiB)
State: OK
Name: ubi_rootfs
Character device major/minor: 241:2
root@meng-virtual-machine:~# ubinfo /dev/ubi0_2
Volume ID: 2 (on ubi0)
Type: dynamic
Alignment: 1
Size: 875 LEBs (111104000 bytes, 106.0 MiB)
State: OK
Name: rootfs_data
Character device major/minor: 241:3从名字上看
ubi0_0 是 kernel
ubi0_1 是 ubi_rootfs
ubi0_2 是 rootfs_data
hd 分别查询 ubi0_0 ubi0_1 ubi0_2
root@meng-virtual-machine:~# hd /dev/ubi0_0|more
00000000 d0 0d fe ed 00 36 11 f0 00 00 00 38 00 36 0a c4 |.....6.....8.6..|
00000010 00 00 00 28 00 00 00 11 00 00 00 10 00 00 00 00 |...(............|
00000020 00 00 00 6c 00 36 0a 8c 00 00 00 00 00 00 00 00 |...l.6..........|
00000030 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 |................|
00000040 00 00 00 03 00 00 00 04 00 00 00 5c 5f 5d de a1 |...........\_]..|
00000050 00 00 00 03 00 00 00 24 00 00 00 00 41 52 4d 20 |.......$....ARM |
00000060 51 53 44 4b 20 46 49 54 20 28 46 6c 61 74 74 65 |QSDK FIT (Flatte|
00000070 6e 65 64 20 49 6d 61 67 65 20 54 72 65 65 29 00 |ned Image Tree).|
00000080 00 00 00 03 00 00 00 04 00 00 00 0c 00 00 00 01 |................|
00000090 00 00 00 01 69 6d 61 67 65 73 00 00 00 00 00 01 |....images......|
000000a0 6b 65 72 6e 65 6c 40 31 00 00 00 00 00 00 00 03 |kernel@1........|
000000b0 00 00 00 16 00 00 00 00 41 52 4d 20 51 53 44 4b |........ARM QSDK|
000000c0 20 4c 69 6e 75 78 2d 34 2e 34 2e 36 30 00 00 00 | Linux-4.4.60...|
000000d0 00 00 00 03 00 33 36 18 00 00 00 1b 1f 8b 08 08 |.....36.........|
000000e0 97 de 5d 5f 02 03 49 6d 61 67 65 00 ec dd 0b 98 |..]_..Image.....|
000000f0 1c 55 9d f0 ff 53 dd 3d 33 9d c9 90 e9 b9 44 86 |.U...S.=3.....D.|
00000100 10 98 ce 05 0c 10 a0 72 01 42 08 49 0f 64 37 11 |.......r.B.I.d7.|
00000110 83 74 20 40 64 d9 75 54 74 d1 65 65 50 d6 cd ee |.t @d.uTt.eeP...|
00000120 fa 6e ba 92 09 c4 90 98 c9 85 8b 6c d8 74 10 fd |.n.........l.t..|
00000130 a3 8b 0f 03 e2 8a 2c 68 07 c1 55 cc ae 83 b2 ea |......,h..U.....|
00000140 df 6b 57 77 ca 4c 32 38 0e 57 b9 c9 fc 7f bf aa |.kWw.L28.W......|
00000150 d3 99 ce 90 84 80 eb fb ee ff 7d be 9f e7 a9 e7 |..........}.....|
00000160 54 55 d7 e5 9c 53 e7 9c 3a 75 e9 ee c1 7d f1 01 |TU...S..:u...}..|ubi0_0 确实是内核
root@meng-virtual-machine:~# hd /dev/ubi0_1|more
00000000 68 73 71 73 a7 03 00 00 ad de 5d 5f 00 00 04 00 |hsqs......]_....|
00000010 21 00 00 00 04 00 12 00 c0 06 01 00 04 00 00 00 |!...............|
00000020 c3 1b 3e 18 00 00 00 00 4e 7a 8a 00 00 00 00 00 |..>.....Nz......|
00000030 46 7a 8a 00 00 00 00 00 ff ff ff ff ff ff ff ff |Fz..............|
00000040 66 2d 8a 00 00 00 00 00 fa 4c 8a 00 00 00 00 00 |f-.......L......|
00000050 52 73 8a 00 00 00 00 00 38 7a 8a 00 00 00 00 00 |Rs......8z......|
00000060 0c 80 1c 00 09 00 90 00 40 00 00 00 04 00 fd 37 |........@......7|
00000070 7a 58 5a 00 00 01 69 22 de 36 04 c1 d6 b4 06 80 |zXZ...i".6......|
00000080 80 10 07 00 21 01 0c 00 00 00 16 08 87 5d e2 6e |....!........].n|
00000090 6f ef fe 6c 00 3f 91 45 84 60 0e fc 4a 56 ff 04 |o..l.?.E.`..JV..|
000000a0 b4 8a 1d f8 70 30 c3 c3 2d 7b d2 1f 89 2b 2d 7f |....p0..-{...+-.|
000000b0 4e 76 a1 1d 0d 41 65 7b 42 6e 86 af 44 e6 07 ca |Nv...Ae{Bn..D...|
000000c0 14 ad 64 7d e6 85 21 df 9c 1b 40 6d 32 3e 61 ff |..d}..!...@m2>a.|
000000d0 4e 5c 3c aa 66 db fd 4f 50 c8 09 b9 f6 8f c0 70 |N\<.f..OP......p|
000000e0 20 cb 3f 0c 16 4e 61 8e 8c 88 78 ae 2d 51 83 2c | .?..Na...x.-Q.,|
000000f0 bd 9a 2f f8 ad 05 6b c5 10 80 30 68 b5 9c ec 84 |../...k...0h....|
00000100 3a 46 e9 45 9d f3 81 04 3f 22 b3 e7 d9 9b 4e 38 |:F.E....?"....N8|
00000110 74 43 0b 52 cf d8 7e 1f 41 12 05 be a2 bf 49 49 |tC.R..~.A.....II|
00000120 d9 93 62 2d 9a c2 b3 c7 09 25 5f c7 d5 33 16 ed |..b-.....%_..3..|
00000130 00 75 e8 c1 79 6b 4c 93 75 1a d5 fd 80 49 e3 32 |.u..ykL.u....I.2|
00000140 e6 3d 69 d4 33 28 b6 d1 1e ee c6 d2 d2 e1 b5 38 |.=i.3(.........8|
00000150 78 fc e9 b9 78 71 ca b9 4a 45 26 71 40 16 f6 5d |x...xq..JE&q@..]|
00000160 2a 3b 17 ff 16 4d d0 68 f1 fa 2f 2b b1 e9 83 13 |*;...M.h../+....|ubi0_1 是 squashfs 格式的rootfs
root@meng-virtual-machine:~# hd /dev/ubi0_2|more
00000000 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................|
*ubi0_2 就是flash上的空闲空间了,全是ff
挂载rootfs(挂不上,应该怎么挂?)
mkdir /mnt/rootfs
ubiblock -c /dev/ubi0_0
mount -t squashfs /dev/ubiblock0_1 /mnt/rootfs/解包rootfs
cp /dev/ubi0_1 rootfs.squashfs
unsquashfs rootfs.squashfs高通固件解包IPQ6000固件解包相关推荐
- 高通驱动树中的GPIO详解
高通驱动树中的GPIO详解 reference:https://blog.csdn.net/baidu_37503452/article/details/80257441 Drive Strength ...
- 高通开发系列 - 总目录
By: fulinux E-mail: fulinux@sina.com Blog: https://blog.csdn.net/fulinus 喜欢的盆友欢迎点赞和订阅! 你的喜欢就是我写作的动力! ...
- 高通平台 mipi转接屏调试 (以转lvds icn6202例)
mipi to lvds显示调试 调试前准备: 获取屏的规格书 获悉的关键信息 VDD 需要 3.3v RST 3.3v 拉低进 rst LVDS 4 组数据 差分信号,clk 一组差分信号 SELB ...
- OpenWRT 学习笔记-17 OpenWRT固件的结构分析,逆向解包
固件是由三部分组成:固件头.kernel.rootfs.我们可以通过mkimage工具分析固件头,用binwalk来解包固件分析kernel和rootfs,通常rootfs一般是squashfs格式的 ...
- 红米note4X_高通版(2016101)_官方线刷包_救砖包_解账户锁
红米Note4x高通版2016101解账户锁直刷包下载地址: https://pan.baidu.com/s/1D8wl7uBsZ3pevXdPkpxbig 刷机包+平台+驱动+教程,全部打包在一起 ...
- EC6108V9/EC6108V9U/EC6108V92/EC6108V97_Hi3798MV100_当贝桌面_通刷_卡刷固件包
EC6108V9/EC6108V9U/EC6108V92/EC6108V97_Hi3798MV100_当贝桌面_通刷_卡刷固件包-内有教程 特点: 1.适用于对应型号的电视盒子刷机: 2.开放原厂固件 ...
- 创维E900-S-普通版-MV100纯净通刷_卡刷固件包
创维E900-S-普通版-MV100纯净通刷_卡刷固件包 固件特点: 1.修改dns,三网通用: 2.开放原厂固件屏蔽的市场安装和u盘安装apk: 3.无开机广告,无系统更新,不在被强制升级: 4.大 ...
- 华为EC6108V9E/EC6108V9I_rk3228_安卓4.4.4_通刷_卡刷固件包
华为EC6108V9E/EC6108V9I_rk3228_安卓4.4.4_通刷_卡刷固件包-内有教程 特点: 1.适用于对应型号的电视盒子刷机: 2.开放原厂固件屏蔽的市场安装和u盘安装apk: 3. ...
- marlin固件烧录教程_Marlin固件配置教程详解
首先从Marlin固件GitHub下载固件源代码,也可从Makeboard网盘下载. Marlin固件主要分为两个版本,一个是1.0.2-2版本,是稳定版,已经一年没怎么更新了,功能比较少,网上的教程 ...
最新文章
- Centos7 修改运行级别
- SpringBoot: xxxx for method parameter type String is not present]
- Qt学习笔记之事件处理
- linux内核分成如下五个子系统,linux内核主要由5个子系统 Linux内核由哪几个子系统组成?...
- 外设驱动库开发笔记1:AD56xx系列DAC驱动
- Unix环境高级编程 centos中配置apue编译环境
- 【笔记】jquery判断两个日期之间相差多少天
- tomcat部署安装
- G - 罐子和硬币 (思维题)
- Git之reset、revert和cherry-pick
- 四毛子算法与+-1RMQ
- mysql cpu使用率_MySQL CPU使用率高情况的原因和解决
- 题解:艾米利亚的魔法
- 我被一只老鼠的吱吱声吵醒了
- 【AI】VGG网络简介
- batch批处理文件(一)——batch概念以及echo off
- 蓝牙芯片NRF51822入门学习:时间管理
- php+时间戳+星座,php 根据日期显示星座的简单示例
- 《扫黑风暴》全网爆火!用Python具体分析一下它怎么火起来的?
- 英语四级完形填空解题方法
热门文章
- apt-get install php 指定版本号,如何使用apt-get升级单个软件包?
- 大学计算机测试试题,大学计算机基础 excel测试题 求答案~~喵~~
- python装饰器有几种_python几种装饰器的用法
- python讲解from ctypes import *调用C语言动态链接库
- 初中职校计算机学什么,职高有哪些专业 初中生毕业上职高学什么好
- gazebo卡了_ardupilot gazebo打开卡死解决办法
- 【opencv4】opencv视频教程 C++(opencv教程)2、加载imread()(以灰度加载),修改,保存图像
- 【黑马程序员 C++教程从0到1入门编程】【笔记1】数据类型、运算符、程序流程结构、数组、函数、指针、结构体
- 【放置奇兵】踩坑记录( 白字、红字、黄字)tips 小技巧
- thymeleaf基本语法