LEGION MODZ
I have enabled a lock on this site to keep trollz out. This is a team of Android hackerz that believes in teamwork. So, Kinfolk if you wouldn't mind, please register and log in and help us grow. A.S.A.P...

LEGION MODZ

We Are Legion
 
HomePortalGallerySearchRegisterLog in

 

 .py file for splitting boot image and get rrport on ramdisk addresd and kernel base

Go down 
AuthorMessage
WARP3D420\Admin
BIG DOG STATUS
BIG DOG STATUS
WARP3D420\Admin

Posts : 195
Points : 3002603
Thanks : 7
Join date : 2014-01-02
Age : 42
Location : In da Swamps

.py file for splitting boot image and get rrport on ramdisk addresd and kernel base Empty
PostSubject: .py file for splitting boot image and get rrport on ramdisk addresd and kernel base   .py file for splitting boot image and get rrport on ramdisk addresd and kernel base Icon_minitimeSat Jan 18, 2014 7:15 pm

found this , it will work to get kernel / ramdisk address
thanx 2
www.linuxclues.blogspot.com


#!/usr/bin/python

# From mkbootimg source code in Android sources.
# system/core/mkbootimg/mkbootimg.c
# system/core/mkbooting/bootimg.h

# #define BOOT_MAGIC "ANDROID!"
# #define BOOT_MAGIC_SIZE 8
# #define BOOT_NAME_SIZE 16
# #define BOOT_ARGS_SIZE 512

# struct boot_img_hdr
# {
#     unsigned char magic[BOOT_MAGIC_SIZE];

#     unsigned kernel_size;  /* size in bytes */
#     unsigned kernel_addr;  /* physical load addr */

#     unsigned ramdisk_size; /* size in bytes */
#     unsigned ramdisk_addr; /* physical load addr */

#     unsigned second_size;  /* size in bytes */
#     unsigned second_addr;  /* physical load addr */

#     unsigned tags_addr;    /* physical addr for kernel tags */
#     unsigned page_size;    /* flash page size we assume */
#     unsigned unused[2];    /* future expansion: should be 0 */

#     unsigned char name[BOOT_NAME_SIZE]; /* asciiz product name */

#     unsigned char cmdline[BOOT_ARGS_SIZE];

#     unsigned id[8]; /* timestamp / checksum / sha1 / etc */
# };

import sys
import argparse
import os

INPUT_FILE = "boot.img"
KERNEL_FILE_NAME = "zImage"
RAMDISK_FILE_NAME = "ramdisk.gz"
SECOND_FILE_NAME = "second"


class BootImgHdr:
   MAGIC_SIZE = 8
   MAGIC = "ANDROID!"
   NAME_SIZE = 16
   ARGS_SIZE = 512
   BASE_KERNEL_ADDR = 0x00008000
   BASE_RAMDISK_ADDR = 0x01000000
   BASE_SECOND_ADDR = 0x00F00000
   BASE_TAGS_ADDR = 0x00000100


class IOFile:

   UNSIGNED_INT_SIZE = 4

   def __init__(self, file_name):
       try:
           self.file = open(file_name, "rb")
       except IOError as e:
           print "Error opening: {0}".format(file_name)
           print "I/O error({0}): {1}".format(e.errno, e.strerror)
           sys.exit(1)

   def read(self, number_bytes, string):
       try:
           stream = self.file.read(number_bytes)
       except IOError as e:
           print "Error reading from: {0}".format(string)
           print "I/O error({0}): {1}".format(e.errno, e.strerror)
           self.close()
           sys.exit(1)

       if len(stream) < number_bytes:
           print "Error reading ", string
           self.close()
           sys.exit(1)
       else:
           return stream

   def seek(self, nBytes, pos):
       try:
           self.file.seek(nBytes, pos)
       except IOError as e:
           print "Error seeking"
           print "I/O error({0}): {1}".format(e.errno, e.strerror)
           self.close()
           sys.exit(1)

   def close(self):
       if self.file:
           self.file.close()

   def write(self, file_name, start, file_size):
       self.file.seek(start, 0)
       with open(file_name, "wb") as out_file:
           s = self.read(file_size, file_name)
           try:
               out_file.write(s)
           except IOError as e:
               print "Error writting file: {0}".format(file_name)
               print "I/O error({0}): {1}".format(e.errno, e.strerror)
               self.close()
               sys.exit(1)

           print "File {0} written (length={1}).".format(file_name, file_size)

   def get_unsigned_int(self, number_s):
       "Convert some bytes to an unsigned int"
       number_s = number_s[::-1]
       number_s = number_s.encode('hex')
       return int(number_s, 16)

   def read_uint(self, string=None):
       s = self.read(self.UNSIGNED_INT_SIZE, string)
       result = self.get_unsigned_int(s)
       if string:
           print "{0}: {1}".format(string, result)
       return result


def main():

   parser = argparse.ArgumentParser()

   parser.add_argument("-v", "--verbosity", action="store_true",
                       help="increase output verbosity")
   parser.add_argument("-i", "--input_file", default=INPUT_FILE,
                       help="boot image input file")
   help_o = "write kernel, ramdisk, etc in this output directory"
   parser.add_argument("-o", "--output_dir", default=".",
                       help=help_o)
   args = parser.parse_args()

   in_file_name = args.input_file
   output_dir = args.output_dir
   kernel_file_name = os.path.join(output_dir, KERNEL_FILE_NAME)
   ramdisk_file_name = os.path.join(output_dir, RAMDISK_FILE_NAME)
   second_file_name = os.path.join(output_dir, SECOND_FILE_NAME)
   verb = args.verbosity

   if verb:
       print
       print "input file: {0}".format(in_file_name)
       print "output directory: {0}".format(output_dir)
       print

   in_file = IOFile(in_file_name)

   # Create output directory if it does not exist
   if not os.path.exists(output_dir):
       print "Creating directory: {}".format(output_dir)
       os.makedirs(output_dir)
   elif not os.path.isdir(output_dir):
       print "ERROR: {0} exists but it is not a directory.".format(output_dir)
       sys.exit(1)

   hdr = BootImgHdr()

   hdr.boot_magic = in_file.read(hdr.MAGIC_SIZE, "boot magic")
   if hdr.boot_magic == hdr.MAGIC:
       if verb:
           print "boot_magic correct: ", hdr.boot_magic
   else:
       print "boot_magic not correct: ", hdr.boot_magic
       in_file.close()
       sys.exit(1)

   # Read kernel size
   hdr.kernel_size = in_file.read_uint("kernel size")

   # Read kernel address
   if verb:
       hdr.kernel_addr = in_file.read_uint("kernel address")
   else:
       hdr.kernel_addr = in_file.read_uint()
   hdr.base = hdr.kernel_addr - hdr.BASE_KERNEL_ADDR
   if verb:
       print "Base: {0}  (hex): {1}".format(hdr.base, hex(hdr.base))
   else:
       print "Base (hex): {0}".format(hex(hdr.base))

   # Read ramdisk size
   hdr.ramdisk_size = in_file.read_uint("ramdisk size")

   # Read ramdisk address
   if verb:
       hdr.ramdisk_addr = in_file.read_uint("ramdisk address")
   else:
       hdr.ramdisk_addr = in_file.read_uint()
   base = hdr.ramdisk_addr - hdr.BASE_RAMDISK_ADDR
   if base != hdr.base:
       print ("ERROR: Base from ramdisk address does not match"
              " the one from kernel address. {0}".format(base))

   # Read second size
   hdr.second_size = in_file.read_uint("second size")

   # Read second address
   if verb:
       hdr.second_addr = in_file.read_uint("second address")
   else:
       hdr.second_addr = in_file.read_uint()
   base = hdr.second_addr - hdr.BASE_SECOND_ADDR
   if base != hdr.base:
       print ("ERROR: Base from second address does not match"
              " the one from kernel address. {0}".format(base))

   # Read tags address
   if verb:
       hdr.tags_addr = in_file.read_uint("tags address")
   else:
       hdr.tags_addr = in_file.read_uint()
   base = hdr.tags_addr - hdr.BASE_TAGS_ADDR
   if base != hdr.base:
       print ("ERROR: Base from tags address does not match"
              " the one from kernel address. {0}".format(base))

   # Read page size
   hdr.page_size = in_file.read_uint("page size")

   # Discard unused parts
   in_file.seek(in_file.UNSIGNED_INT_SIZE * 2, 1)

   # Read asciiz product name.
   #unsigned char name[BOOT_NAME_SIZE]; /* asciiz product name */
   hdr.product_name = in_file.read(hdr.NAME_SIZE, "product name")
   print "product name: ", hdr.product_name.rstrip("\0")

   # Read cmdline.
   hdr.cmdline = in_file.read(hdr.ARGS_SIZE, "cmdline")
   print "cmdline: ", hdr.cmdline.rstrip("\0")

   # /*
   # ** +-----------------+
   # ** | boot header     | 1 page
   # ** +-----------------+
   # ** | kernel          | n pages
   # ** +-----------------+
   # ** | ramdisk         | m pages
   # ** +-----------------+
   # ** | second stage    | o pages
   # ** +-----------------+
   # **
   # ** n = (kernel_size + page_size - 1) / page_size
   # ** m = (ramdisk_size + page_size - 1) / page_size
   # ** o = (second_size + page_size - 1) / page_size
   # **
   # ** 0. all entities are page_size aligned in flash
   # ** 1. kernel and ramdisk are required (size != 0)
   # ** 2. second is optional (second_size == 0 -> no second)
   # ** 3. load each element (kernel, ramdisk, second) at
   # **    the specified physical address (kernel_addr, etc)
   # ** 4. prepare tags at tag_addr.  kernel_args[] is
   # **    appended to the kernel commandline in the tags.
   # ** 5. r0 = 0, r1 = MACHINE_TYPE, r2 = tags_addr
   # ** 6. if second_size != 0: jump to second_addr
   # **    else: jump to kernel_addr
   # */

   # Download kernel
   kernel_page = 1
   in_file.write(kernel_file_name, kernel_page * hdr.page_size,
                 hdr.kernel_size)

   # Download ramdisk
   ramdisk_page = ((hdr.kernel_size + hdr.page_size - 1) / hdr.page_size +
                   kernel_page)
   in_file.write(ramdisk_file_name, ramdisk_page * hdr.page_size,
                 hdr.ramdisk_size)

   # Download second file if available
   if hdr.second_size != 0:
       second_page = ((hdr.second_size + hdr.page_size - 1) / hdr.page_size +
                      ramdisk_page)
       in_file.write(second_file_name, second_page * hdr.page_size,
                     hdr.second_size)

if __name__ == "__main__":
   main()





then name it "split_boot_img.py"
put it in a folder
put a boot.img in folder
put folder on desktop
enter folder
right click
choose "open in terminal"
type
$ python split_boot_img.py -i boot.img -o foo -v
then you not only have the kernel and ramdisk split but you get this


input file: boot.img
output directory: foo

boot_magic correct:  ANDROID!
kernel size: 6159944
kernel address: 2149613568
Base: 2149580800  (hex): 0x80200000
ramdisk size: 694218
ramdisk address: 2183135232
ERROR: Base from ramdisk address does not match the one from kernel address. 2166358016
second size: 0
second address: 2165309440
tags address: 2149581056
page size: 2048
product name:  
cmdline:  androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x3F ehci-hcd.park=3
File foo/zImage written (length=6159944).
File foo/ramdisk.gz written (length=694218).

enjoy

in hex that is 0x82200000
error hex is 0x81200000
second address is 0x81100000

___________________________________________
.py file for splitting boot image and get rrport on ramdisk addresd and kernel base MVPmTnH
Back to top Go down
https://legionmodz.forumotion.com/u1
 
.py file for splitting boot image and get rrport on ramdisk addresd and kernel base
Back to top 
Page 1 of 1
 Similar topics
-
» ChessPad: A PGN file generator
» Komodo Variety Opening Book & Komodo Polyglot book
» polar express graphic
» Secret Mission: The Forgotten Island
» Broken Sword 2.5 to Release in English

Permissions in this forum:You cannot reply to topics in this forum
LEGION MODZ :: EXTRA$ :: ANDROID HACKING 101-
Jump to: