Saturday, January 7, 2017

root access - Stuck in boot-loop when unpack and pack `system.img`?


Background: I have a treble and system-as-root but it is not an A/B Samsung device. I am trying to modify the system.img. Before that, I have rooted it with the steps given here. After following these steps, I get a valid AP file that I can flash with BL, CP and HOME_CSC file using Odin. The result of the flashing is a rooted device with a recovery key combination.


I don't want to always press the key combination to get root so, I have asked following questions on this site:



Problem: To achieve the system root, I have to modify the system file of the magisk_patched.tar file. So, I have extracted it and tried the following things:


A) Success in Try



  1. Unpack and pack the magisk_patched.tar file. This confirms that the tar commands to pack and unpack is working fine.

  2. Unpack, remove the meta-data(which contains a suspicious password-protected fota.zip file) and pack the magisk_patched.tar file. From this, I have assumed that the fota.zip is not creating any problem(listed below in B)) when modifying system.img.

  3. Unpack, compress *.img(patched files by Magisk) with lz4 and pack the magisk_patched.tar file. This confirms that the lz4 compression is working fine with Odin.



B) Failure in Try




  1. Making tar file with unpacked system partition with no modification:



    • Unpack the magisk_patched.tar

    • Uncompress the system.img.ext4.lz4

    • Convert the system.img.ext4(Android Sparse Image) to system.img(Raw Image)

    • Mount system.img to the system folder


    • Created system.img.ext4(Android Sparse Image) from mounted folder using make_ext4 utils

    • Replace new system.img.ext4 with system.img.ext4.lz4 in the extracted magisk_patched.tar folder

    • Created a new AP.tar from the extracted magisk_patched.tar folder

    • Flashed this AP with BL, CP and HOME_CSC(in CSC section) using Odin.

    • Flashing completed.

    • Reboot the device in recovery mode and wiped data partition.

    • Reboot the device with recovery key combinations and released the keys on the splash screen.

    • The device stuck in a boot loop.





  2. Used lz4 in place of system.img.ext4 as follows:



    • Followed the same step as in 1. till the system.img.ext4 is created.

    • After that, I compressed it with lz4 utility and make a system.img.ext4.lz4.

    • Replace new system.img.ext4.lz4 with system.img.ext4.lz4 in the extracted magisk_patched.tar folder

    • Then the same step as in 1. and have the same result.





  3. Removed meta-data folder from the extracted magisk_patched.tar and flash with trying the steps listed in both 1. and 2. but the result is same: The device stuck in a boot loop.




Commands that I am using: Please check the accepted answer of How to unpack/repack system.img of android ROM?


So, I will not able to modify and flash it successfully until I will get success in flashing it without modification.


Any solution to this problem or any suggestion to find it out?


Update 1: I get the kernel logs via the recovery after a boot loop. In recovery, when a boot loop happens, I can see the file generated as


/cache/recovery/last_kmsg
/cache/recovery/last_history
/cache/recovery/last_avc_msg_recovery

/cache/recovery/last_log.1
/cache/recovery/last_kmsg.1
/cache/recovery/last_log.2
/cache/recovery/last_kmsg.2
/cache/recovery/last_log.3
/cache/recovery/last_kmsg.3
and so on where log.* and kmsg.* keeps generating for every boot loop.

I have tried to find any kernel panic related string in these files but not seen any such error. Please let me know if I have to look for other words that can be related to a cause of the boot loop? I can not use adb here as the device is unauthorized so, the only option to check is reading these logs from the phone where I can scroll using up-down volume keys and the touch is not working :(


The only way, I can share these logs is through Google Drive.



In this video, I have done the following:



  1. Displayed recovery logs before: The last recovery logs are ends with 8.

  2. Rebooted the device with a recovery key combination. I have already wipe data partition before making this video.

  3. The boot loop happens and in the next reboot, I have pressed the recovery key combination to open the recovery mode where logs that end with 9 displayed.

  4. Then I have recorded last_history, last_avc_message_recovery, last_log.9 and last_kmsg.9

  5. last_history and last_avc_message_recovery looks unchanged(same as before boot loop).

  6. Then, I just have tried to mount the system but that didn't work.

  7. At last, I have just rebooted the system normally without any recovery key combination.



Is anyone can help me in debugging the problem by looking at the logs. I have tried to find but I don't have enough knowledge to understand some of the things mentioned in the logs.


Some Error and Warning logs of last_log.9


exec -f /system/bin/e2fsck -v -y /dev/block/bootdevice/by-name/cache
error: _do_exec: can't run '/system/bin/e2fsck'
  (errno 13 : Permission denied)
/system/bin/e2fsck terminated by exit(255)
...
E:Can't read /cache/recovery/last_locale: No such file or directory
...
W:Failed to unmount /efs: Device or resource busy

can't unmount /efs - Device or resource busy
...
W:Failed to set brightness: Invalid argument
I:Screensaver disabled
Atomic Commit failed in DisableNonMainCrtcs
Atomic Commit failed, rc = 0
...
Reboot Recovery Cause is [[BootChecker]RebootRecoveryWithKey]
...
print_recovery_cause() : reboot_reason=[[BootChecker]RebootRecoveryWithKey]

...
[property list]
persist.audio.fluence.speaker=true
...
ro.vendor.build.security_patch=2018-08-05

Supported API: 3
I:/efs is already mounted
W:Failed to unmount /efs: Device or resource busy
check_selective_file:Can't unmount /efs - Device or resource busy


just_reboot_after_update = 1
should_wipe_cahcewipe_cache

-- Wiping cache...
erase_volume(/cache)
...
MDF_I: Completed reset MDF flag!
MDF_I: Completed initialized MDF for Recovery!
mke2fs 1.43.3 (04-Sep-2016)

Discarding device blocksL 4096/153600??????????????????????????????done
Discard takes 0.00051s
Creating filesystem with 153600 4k blocks and 38400 inodes
...
Creating journal (2048 blocks): done
...
copy_logs
...
Cache wipe complete
[Checking pre-multi-csc2]

[start failed section]
sales_code=VZW
Carrier ID=[XAA]

[system partition space check]
The device has /product partition.

[out-recovery]
I:system root image is true, so need to change the unmount point from /system to /system_root
running out-recovery time : 0.000s

running recovery time: 1.738s
copy_avc_msg_to_data(1, )
I:fs_type "ext4" for /cache
copy_file 'proc/avc_msg' 'cache/recovery/last_avc_msg_recovery'
!__RECOVERY_FOR_ASSAMBLY
b_del_recovery_command = true
Rebooting...
## finish_recovery_terminate(del=1, reboot_cmd=reboot, clear_BCB=1)
## finish_recovery(delcmd=1,...
I:Saving locale "en-US"

I:fs_type "ext4" for /cache
I:[libfs_mgr]dt_fstab: Skip disabled entry for partition vm-linux
I:## unlink /cache/recovery/command
copy_logs
I:fs_type "ext4" for /cache
copy_log_file :: create recovery log file '/cache/recovery/log'
copy_log_file :: create recovery log file '/cache/recovery/last_log'


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

samsung galaxy s 2 - Cannot restore Kies backup after firmware upgrade

I backed up my Samsung Galaxy S2 on Kies before updating to Ice Cream Sandwich. After the upgrade I tried to restore, but the restore fails ...