LEGION MODZ
I have enabled a lock on this site to keep trollz out. This is a team of Android hackerz that believes in teamwork. So, Kinfolk if you wouldn't mind, please register and log in and help us grow. A.S.A.P...

LEGION MODZ

We Are Legion
 
HomePortalCalendarGalleryFAQSearchMemberlistUsergroupsRegisterLog in

Share | 
 

 .py file for splitting boot image and get rrport on ramdisk addresd and kernel base

Go down 
AuthorMessage
WARP3D420\Admin
BIG DOG STATUS
BIG DOG STATUS
WARP3D420\Admin

Posts : 195
Points : 3002164
Thanks : 7
Join date : 2014-01-02
Age : 41
Location : In da Swamps

PostSubject: .py file for splitting boot image and get rrport on ramdisk addresd and kernel base   Sat Jan 18, 2014 7:15 pm

found this , it will work to get kernel / ramdisk address
thanx 2
www.linuxclues.blogspot.com


#!/usr/bin/python

# From mkbootimg source code in Android sources.
# system/core/mkbootimg/mkbootimg.c
# system/core/mkbooting/bootimg.h

# #define BOOT_MAGIC "ANDROID!"
# #define BOOT_MAGIC_SIZE 8
# #define BOOT_NAME_SIZE 16
# #define BOOT_ARGS_SIZE 512

# struct boot_img_hdr
# {
#     unsigned char magic[BOOT_MAGIC_SIZE];

#     unsigned kernel_size;  /* size in bytes */
#     unsigned kernel_addr;  /* physical load addr */

#     unsigned ramdisk_size; /* size in bytes */
#     unsigned ramdisk_addr; /* physical load addr */

#     unsigned second_size;  /* size in bytes */
#     unsigned second_addr;  /* physical load addr */

#     unsigned tags_addr;    /* physical addr for kernel tags */
#     unsigned page_size;    /* flash page size we assume */
#     unsigned unused[2];    /* future expansion: should be 0 */

#     unsigned char name[BOOT_NAME_SIZE]; /* asciiz product name */

#     unsigned char cmdline[BOOT_ARGS_SIZE];

#     unsigned id[8]; /* timestamp / checksum / sha1 / etc */
# };

import sys
import argparse
import os

INPUT_FILE = "boot.img"
KERNEL_FILE_NAME = "zImage"
RAMDISK_FILE_NAME = "ramdisk.gz"
SECOND_FILE_NAME = "second"


class BootImgHdr:
   MAGIC_SIZE = 8
   MAGIC = "ANDROID!"
   NAME_SIZE = 16
   ARGS_SIZE = 512
   BASE_KERNEL_ADDR = 0x00008000
   BASE_RAMDISK_ADDR = 0x01000000
   BASE_SECOND_ADDR = 0x00F00000
   BASE_TAGS_ADDR = 0x00000100


class IOFile:

   UNSIGNED_INT_SIZE = 4

   def __init__(self, file_name):
       try:
           self.file = open(file_name, "rb")
       except IOError as e:
           print "Error opening: {0}".format(file_name)
           print "I/O error({0}): {1}".format(e.errno, e.strerror)
           sys.exit(1)

   def read(self, number_bytes, string):
       try:
           stream = self.file.read(number_bytes)
       except IOError as e:
           print "Error reading from: {0}".format(string)
           print "I/O error({0}): {1}".format(e.errno, e.strerror)
           self.close()
           sys.exit(1)

       if len(stream) < number_bytes:
           print "Error reading ", string
           self.close()
           sys.exit(1)
       else:
           return stream

   def seek(self, nBytes, pos):
       try:
           self.file.seek(nBytes, pos)
       except IOError as e:
           print "Error seeking"
           print "I/O error({0}): {1}".format(e.errno, e.strerror)
           self.close()
           sys.exit(1)

   def close(self):
       if self.file:
           self.file.close()

   def write(self, file_name, start, file_size):
       self.file.seek(start, 0)
       with open(file_name, "wb") as out_file:
           s = self.read(file_size, file_name)
           try:
               out_file.write(s)
           except IOError as e:
               print "Error writting file: {0}".format(file_name)
               print "I/O error({0}): {1}".format(e.errno, e.strerror)
               self.close()
               sys.exit(1)

           print "File {0} written (length={1}).".format(file_name, file_size)

   def get_unsigned_int(self, number_s):
       "Convert some bytes to an unsigned int"
       number_s = number_s[::-1]
       number_s = number_s.encode('hex')
       return int(number_s, 16)

   def read_uint(self, string=None):
       s = self.read(self.UNSIGNED_INT_SIZE, string)
       result = self.get_unsigned_int(s)
       if string:
           print "{0}: {1}".format(string, result)
       return result


def main():

   parser = argparse.ArgumentParser()

   parser.add_argument("-v", "--verbosity", action="store_true",
                       help="increase output verbosity")
   parser.add_argument("-i", "--input_file", default=INPUT_FILE,
                       help="boot image input file")
   help_o = "write kernel, ramdisk, etc in this output directory"
   parser.add_argument("-o", "--output_dir", default=".",
                       help=help_o)
   args = parser.parse_args()

   in_file_name = args.input_file
   output_dir = args.output_dir
   kernel_file_name = os.path.join(output_dir, KERNEL_FILE_NAME)
   ramdisk_file_name = os.path.join(output_dir, RAMDISK_FILE_NAME)
   second_file_name = os.path.join(output_dir, SECOND_FILE_NAME)
   verb = args.verbosity

   if verb:
       print
       print "input file: {0}".format(in_file_name)
       print "output directory: {0}".format(output_dir)
       print

   in_file = IOFile(in_file_name)

   # Create output directory if it does not exist
   if not os.path.exists(output_dir):
       print "Creating directory: {}".format(output_dir)
       os.makedirs(output_dir)
   elif not os.path.isdir(output_dir):
       print "ERROR: {0} exists but it is not a directory.".format(output_dir)
       sys.exit(1)

   hdr = BootImgHdr()

   hdr.boot_magic = in_file.read(hdr.MAGIC_SIZE, "boot magic")
   if hdr.boot_magic == hdr.MAGIC:
       if verb:
           print "boot_magic correct: ", hdr.boot_magic
   else:
       print "boot_magic not correct: ", hdr.boot_magic
       in_file.close()
       sys.exit(1)

   # Read kernel size
   hdr.kernel_size = in_file.read_uint("kernel size")

   # Read kernel address
   if verb:
       hdr.kernel_addr = in_file.read_uint("kernel address")
   else:
       hdr.kernel_addr = in_file.read_uint()
   hdr.base = hdr.kernel_addr - hdr.BASE_KERNEL_ADDR
   if verb:
       print "Base: {0}  (hex): {1}".format(hdr.base, hex(hdr.base))
   else:
       print "Base (hex): {0}".format(hex(hdr.base))

   # Read ramdisk size
   hdr.ramdisk_size = in_file.read_uint("ramdisk size")

   # Read ramdisk address
   if verb:
       hdr.ramdisk_addr = in_file.read_uint("ramdisk address")
   else:
       hdr.ramdisk_addr = in_file.read_uint()
   base = hdr.ramdisk_addr - hdr.BASE_RAMDISK_ADDR
   if base != hdr.base:
       print ("ERROR: Base from ramdisk address does not match"
              " the one from kernel address. {0}".format(base))

   # Read second size
   hdr.second_size = in_file.read_uint("second size")

   # Read second address
   if verb:
       hdr.second_addr = in_file.read_uint("second address")
   else:
       hdr.second_addr = in_file.read_uint()
   base = hdr.second_addr - hdr.BASE_SECOND_ADDR
   if base != hdr.base:
       print ("ERROR: Base from second address does not match"
              " the one from kernel address. {0}".format(base))

   # Read tags address
   if verb:
       hdr.tags_addr = in_file.read_uint("tags address")
   else:
       hdr.tags_addr = in_file.read_uint()
   base = hdr.tags_addr - hdr.BASE_TAGS_ADDR
   if base != hdr.base:
       print ("ERROR: Base from tags address does not match"
              " the one from kernel address. {0}".format(base))

   # Read page size
   hdr.page_size = in_file.read_uint("page size")

   # Discard unused parts
   in_file.seek(in_file.UNSIGNED_INT_SIZE * 2, 1)

   # Read asciiz product name.
   #unsigned char name[BOOT_NAME_SIZE]; /* asciiz product name */
   hdr.product_name = in_file.read(hdr.NAME_SIZE, "product name")
   print "product name: ", hdr.product_name.rstrip("\0")

   # Read cmdline.
   hdr.cmdline = in_file.read(hdr.ARGS_SIZE, "cmdline")
   print "cmdline: ", hdr.cmdline.rstrip("\0")

   # /*
   # ** +-----------------+
   # ** | boot header     | 1 page
   # ** +-----------------+
   # ** | kernel          | n pages
   # ** +-----------------+
   # ** | ramdisk         | m pages
   # ** +-----------------+
   # ** | second stage    | o pages
   # ** +-----------------+
   # **
   # ** n = (kernel_size + page_size - 1) / page_size
   # ** m = (ramdisk_size + page_size - 1) / page_size
   # ** o = (second_size + page_size - 1) / page_size
   # **
   # ** 0. all entities are page_size aligned in flash
   # ** 1. kernel and ramdisk are required (size != 0)
   # ** 2. second is optional (second_size == 0 -> no second)
   # ** 3. load each element (kernel, ramdisk, second) at
   # **    the specified physical address (kernel_addr, etc)
   # ** 4. prepare tags at tag_addr.  kernel_args[] is
   # **    appended to the kernel commandline in the tags.
   # ** 5. r0 = 0, r1 = MACHINE_TYPE, r2 = tags_addr
   # ** 6. if second_size != 0: jump to second_addr
   # **    else: jump to kernel_addr
   # */

   # Download kernel
   kernel_page = 1
   in_file.write(kernel_file_name, kernel_page * hdr.page_size,
                 hdr.kernel_size)

   # Download ramdisk
   ramdisk_page = ((hdr.kernel_size + hdr.page_size - 1) / hdr.page_size +
                   kernel_page)
   in_file.write(ramdisk_file_name, ramdisk_page * hdr.page_size,
                 hdr.ramdisk_size)

   # Download second file if available
   if hdr.second_size != 0:
       second_page = ((hdr.second_size + hdr.page_size - 1) / hdr.page_size +
                      ramdisk_page)
       in_file.write(second_file_name, second_page * hdr.page_size,
                     hdr.second_size)

if __name__ == "__main__":
   main()





then name it "split_boot_img.py"
put it in a folder
put a boot.img in folder
put folder on desktop
enter folder
right click
choose "open in terminal"
type
$ python split_boot_img.py -i boot.img -o foo -v
then you not only have the kernel and ramdisk split but you get this


input file: boot.img
output directory: foo

boot_magic correct:  ANDROID!
kernel size: 6159944
kernel address: 2149613568
Base: 2149580800  (hex): 0x80200000
ramdisk size: 694218
ramdisk address: 2183135232
ERROR: Base from ramdisk address does not match the one from kernel address. 2166358016
second size: 0
second address: 2165309440
tags address: 2149581056
page size: 2048
product name:  
cmdline:  androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x3F ehci-hcd.park=3
File foo/zImage written (length=6159944).
File foo/ramdisk.gz written (length=694218).

enjoy

in hex that is 0x82200000
error hex is 0x81200000
second address is 0x81100000

___________________________________________
Back to top Go down
View user profile http://legionmodz.forumotion.com/u1
 
.py file for splitting boot image and get rrport on ramdisk addresd and kernel base
Back to top 
Page 1 of 1
 Similar topics
-
» ChessPad: A PGN file generator
» Komodo Variety Opening Book & Komodo Polyglot book
» polar express graphic
» Secret Mission: The Forgotten Island
» Broken Sword 2.5 to Release in English

Permissions in this forum:You cannot reply to topics in this forum
LEGION MODZ :: EXTRA$ :: ANDROID HACKING 101-
Jump to: