ubifs - Android editing ubi/ubfs system image -


i have ubifs system image (https://www.dropbox.com/s/txgye8mu5r3og5y/system.img?dl=0) mediatek tablet device , trying add , remove files.

i'm stuck trying mount/extract files image.

here steps have tried far on debian jessie kernel 4.1.0-0.bpo.2-amd64:

i tried: https://github.com/jrspruitt/ubi_reader

$ ubireader_display_info ./system.img  ubi file ---------------------     min i/o: 16384     leb size: 4161536     peb size: 4194304     total block count: 122     data block count: 120     layout block count: 2     internal volume block count: 0     unknown block count: 0     first ubi peb number: 0      image: 1101756791     ---------------------         image sequence num: 1101756791         volume name:system         peb range: 0 - 121          volume: system         ---------------------             vol id: 0             name: system             block count: 120              volume record             ---------------------                 alignment: 1                 crc: 3336263623                 data_pad: 0                 errors:                  flags: autoresize                 name: system                 name_len: 6                 padding:                  rec_index: 0                 reserved_pebs: 248                 upd_marker: 0                 vol_type: dynamic

but when try , extract files using ubireader_extract_files correct number of files resulting files garbage.

next dismantled tablet work out nand flash using try , use nandsim following post:

https://web.archive.org/web/20150109021228/http://www.linux-mtd.infradead.org/faq/ubifs.html#l_ubifs_extract

to emulate nand , found out using sandisk sdtnrgama 64g 3.3v 8-bit has id bytes of 0x45,0xde,0x94,0x93,0x76,0x50 - following post:

http://lists.infradead.org/pipermail/linux-mtd/2014-january/051330.html

running following causes segfault - on earlier kernels id_bytes option not recognized:

`modprobe nandsim id_bytes=0x45,0xde,0x94,0x93,0x76,0x50 cache_file=./test.img`

which gives following segfault:

[  142.734637] [nandsim] warning: read_byte: unexpected data output cycle, state state_ready return 0x0 [  142.734637] [nandsim] warning: read_byte: unexpected data output cycle, state state_ready return 0x0 [  142.734640] nand: device found, manufacturer id: 0x45, chip id: 0xde [  142.734641] nand: sandisk sdtnrgama 64g 3.3v 8-bit [  142.734644] nand: 8192 mib, mlc, erase size: 4096 kib, page size: 16384, oob size: 1280 [  142.734650] nand: no oob scheme defined oobsize 1280 [  142.734672] ------------[ cut here ]------------ [  142.734674] kernel bug @ /build/linux-pojsup/linux-4.1.6/drivers/mtd/nand/nand_base.c:3952! [  142.734677] invalid opcode: 0000 [#1] smp  [  142.734680] modules linked in: nandsim(+) nand nand_ecc nand_bch bch nand_ids mtd cfg80211 rfkill joydev nfsd auth_rpcgss oid_registry nfs_acl nfs lockd grace fscache sunrpc iosf_mbi coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel hid_generic aes_x86_64 lrw irda gf128mul glue_helper psmouse vmw_balloon crc_ccitt ablk_helper serio_raw vmw_vmci cryptd battery pcspkr 8250_fintek acpi_cpufreq processor thermal_sys ac shpchp evdev i2c_piix4 fuse parport_pc ppdev lp parport autofs4 usbhid hid ext4 crc16 mbcache jbd2 sr_mod cdrom ata_generic sg sd_mod crc32c_intel ata_piix uhci_hcd ehci_pci ehci_hcd usbcore e1000 usb_common button libata vmwgfx ttm mptspi scsi_transport_spi mptscsih drm_kms_helper mptbase scsi_mod drm [  142.734731] cpu: 0 pid: 1235 comm: modprobe not tainted 4.1.0-0.bpo.2-amd64 #1 debian 4.1.6-1~bpo8+1 [  142.734733] hardware name: vmware, inc. vmware virtual platform/440bx desktop reference platform, bios 6.00 09/20/2012 [  142.734735] task: ffff88007aaf54f0 ti: ffff880079134000 task.ti: ffff880079134000 [  142.734737] rip: 0010:[<ffffffffa05d5ff0>]  [<ffffffffa05d5ff0>] nand_scan_tail+0xa40/0xac0 [nand] [  142.734743] rsp: 0018:ffff880079137c58  eflags: 00010296 [  142.734745] rax: 000000000000002c rbx: ffff880077093450 rcx: 0000000000000006 [  142.734746] rdx: 000000000000002c rsi: 0000000000000246 rdi: ffff88007f60ea10 [  142.734748] rbp: ffff880077093000 r08: 00000000000094d8 r09: 00000000000044aa [  142.734750] r10: 0000000000000086 r11: 20726f662064656e r12: ffff880077093860 [  142.734751] r13: 0000000000000000 r14: ffffffffa05ec200 r15: ffff88007b67ad40 [  142.734754] fs:  00007fe945772700(0000) gs:ffff88007f600000(0000) knlgs:0000000000000000 [  142.734756] cs:  0010 ds: 0000 es: 0000 cr0: 0000000080050033 [  142.734757] cr2: 00007f57a6920040 cr3: 00000000790fa000 cr4: 00000000000406f0 [  142.734870] stack: [  142.734873]  0000000000000000 0000000000000000 ffff880077093000 ffffffffa05ef54a [  142.734877]  0000000000000000 0000000000000018 ffff880079137cd8 ffff880079137c98 [  142.734879]  0000000000000000 ffffffff81814080 ffff880077211760 ffffffffa05ef000 [  142.734882] call trace: [  142.734889]  [<ffffffffa05ef54a>] ? ns_init_module+0x54a/0x1000 [nandsim] [  142.734896]  [<ffffffffa05ef000>] ? 0xffffffffa05ef000 [  142.734902]  [<ffffffff81002148>] ? do_one_initcall+0xd8/0x210 [  142.734907]  [<ffffffff815723c1>] ? do_init_module+0x5a/0x1c2 [  142.734912]  [<ffffffff810f2316>] ? load_module+0x2026/0x24e0 [  142.734915]  [<ffffffff810ede60>] ? store_uevent+0x40/0x40 [  142.734919]  [<ffffffff810ee9d5>] ? copy_module_from_fd.isra.45+0xb5/0x140 [  142.734923]  [<ffffffff810f299d>] ? sys_finit_module+0x7d/0xa0 [  142.734928]  [<ffffffff815792b2>] ? system_call_fast_compare_end+0xc/0x6b [  142.734930] code: 00 00 30 10 5d a0 e9 f8 f6 ff ff 48 c7 83 88 03 00 00 30 19 5d a0 e9 3c f7 ff ff 89 c6 48 c7 c7 b8 9c 5d a0 31 c0 e8 33 c2 f9 e0 <0f> 0b 48 c7 83 40 03 00 00 40 bb 5d a0 e9 14 f6 ff ff 48 c7 83  [  142.734959] rip  [<ffffffffa05d5ff0>] nand_scan_tail+0xa40/0xac0 [nand] [  142.734964]  rsp <ffff880079137c58> [  142.734975] ---[ end trace 0270ba33a10a2b05 ]---

so, in short - need help. i'm not massively familiar ubi/ubifs method , cannot find sane written guides show have mount/extract files existing image.

update: su installed on tablet, , set selinux permissive mode:

adb shell su -c setenforce 0

from: https://source.android.com/devices/tech/security/selinux/validate.html

update 03oct15:

ran mdtinfo -a on tablet , got following result:

mtd16 name:                           system type:                           nand eraseblock size:                4194304 bytes, 4.0 mib amount of eraseblocks:          256 (1073741824 bytes, 1024.0 mib) minimum input/output unit size: 16384 bytes sub-page size:                  16384 bytes oob size:                       1280 bytes character device major/minor:   90:32 bad blocks allowed:         true device writable:             true

using information above tried create blank ubifs image on pc, error leb large! looks have limit of 2mib on leb size!

$ mkfs.ubifs -m 16384 -e 4mib -c 256 -o ./image.img error: large leb size 4194304

it looks ubi image using different compression type data. if run ubireader_extract_files -v system.img -v verbose, ubifs data nodes have compression type of 3 (compr_type: 3) far know 1 , 2 valid options, lzo , zlib respectively. perhaps used custom compression, or somehow got wrong number associated it. explains why files , directories extract okay, data scrambled.


Comments

Post a Comment

Popular posts from this blog

html - Outlook 2010 Anchor (url/address/link) -

i'm trying link specific pdf page msoutlook'10 or msword'10, #page=... anchor particularly useful , works fine elsewhere. unfortunately when click [ctr-k] in outlook or winword, links re-formatted assuming unc path. pdf file located on shared drive. using "file:" prefix links open pdf in adobe reader (outside of browser), , "http:" open inside browser. issue seem need open in browser "file:" prefix in order anchor work. know anchors work inside browser. outlook uses windows/explorer default program (based on file extension) seems open in adobe reader neglecting anchor. is aware of solution, link specific page or bookmark of shared-pdf ms outlook and/or winword link? common references: mailermailer.com/...anchor-tags-html-emails campaignmonitor.com/...anchor-links-in-email-newsletters/ stackoverflow.com/...anchor-in-pdf-document
Read more

javascript - Why does running this loop 9 times take 100x longer than running it 8 times? -

consider code: test = function() { } t = new test(); (var = 0; < 8; i++) { result = t instanceof test; } if change number of iterations 8 9 , loop take 100 times longer complete in latest version of firefox (41.0.1). tested on 2 different pcs , magic limit 8. here jsperf test used: http://jsperf.com/instanceof-8-times-vs-9-times does have idea why might happen? seems specific instanceof . not happen if else object, example check property. note: filed bugzilla bug this. jan de mooij mozilla team has posted details in bugzilla thread . here's simplistic interpretation of highly technical answers: in i < 8 case, firefox smart enough hoist result = t instanceof test; statement out of loop (according tests, doesn't seem omit altogether). in i < 9 case, apparently doesn't optimization . why? reason not clear, related fact 9 iterations threshold above function considered "hot" enough run through jit compiler. i < 8 cas...
Read more

Getting gateway time-out Rails app with Nginx + Puma running on Digital Ocean -

following this guide setup app on digital ocean droplet, not working. site not loading , it's throwing: "gateway time-out". the puma server works, since ps aux | grep puma prints: root 15878 0.0 0.4 376832 2168 ? sl 12:50 0:00 puma 2.13.4 (unix:///var/www/myapp/shared/tmp/sockets/myapp-puma.sock) [20150930164940] root 15881 0.0 0.7 903676 3692 ? sl 12:50 0:06 puma: cluster worker 0: 15878 [20150930164940] root 24654 0.0 0.1 11748 916 pts/2 s+ 18:00 0:00 grep --color=auto puma my nginx config: user root; worker_processes 1; events { worker_connections 1024; } http { upstream puma { server unix:///var/www/myapp/shared/tmp/sockets/myapp-puma.sock; } server { listen 80; server_name myapp.com; root /var/www/myapp/current/public; access_log /var/www/myapp/current/log/access.log; error_log /...
Read more