MTK的6575 6577 6589等芯片已经开始发力,定位中低端,特别是市场上的Galaxy SXX 的clone机器,几乎都是MTK的方案,当然,所谓的品牌山寨,MTK是不二的选择。
所以,拿到一款MTK的手机,如果能够把其ROM拿出来,一定是很好玩的事情,我们可以对ROM进行进一步的优化处理,也可以去学习别人是处理ROM的。
本人做过实验,按照如下步骤,可以顺利提取ROM(主要是利用linux的adb功能)
第一步,Rooting你的phone
需要下载arm格式的busybox和su程序
adb shell mv /data/local/tmp /data/local/tmp.bak
adb shell ln -s /data /data/local/tmp
adb reboot
等待你的手机重启
adb shell rm /data/local.prop > nul
adb shell "echo \"ro.kernel.qemu=1\" > /data/local.prop"
adb reboot
等待你的手机重启
adb remount
adb push su /system/bin/su
adb shell chown 0.0 /system/bin/su
adb shell chmod 06755 /system/bin/su
adb push busybox /system/bin/busybox
adb shell chown 0.0 /system/bin/busybox
adb shell chmod 0755 /system/bin/busybox
adb shell rm /data/local.prop
adb shell rm /data/local/tmp
adb shell mv /data/local/tmp.bak /data/local/tmp
adb reboot
如果adb remount 失败的话,需要进行手工remount
adb shell mount -o rw,remount /emmc@android /system
chmod 777 /xxxxx-->为你要写入的目录
第二步,安装工具
需要下载ARM格式的make_ext4fs和ext2simg
adb push make_ext4fs /system/bin
adb push ext2simg /system/bin
第三步,开始干活
echo "create dirs"
adb shell mkdir /sdcard2/rom_dump
adb shell mkdir /sdcard2/rom_dump/2222
adb shell mkdir /sdcard2/rom_dump/2222/BDRS-3333
adb shell mkdir /sdcard2/rom_dump/2222/over
adb shell mkdir /sdcard2/rom_dump/2222/misk
然后:
adb shell,进入手机的终端输入
cd /mnt/sdcard2/rom_dump/2222
echo MT6577_a4_v2d.info > /mnt/sdcard2/rom_dump/2222/MT6577_a4_v2d.info
然后exit退出
然后
adb shell busybox mount -o remount,rw -t emmc /emmc@android /system
adb shell busybox mount -o remount,rw -t emmc /emmc@usrdata /data
adb shell busybox mount -o remount,rw -t emmc /emmc@cache /cache
然后
adb shell,进入手机终端,
dd if=/proc/dumchar_info of=/mnt/sdcard2/rom_dump/2222/firmware.info
busybox grep "ro.build.*" /system/build.prop | busybox grep -v "# *" > /mnt/sdcard2/rom_dump/2222/misk/config.info
cat /proc/cmdline > /mnt/sdcard2/rom_dump/2222/misk/cmdline.info
cat /proc/cpuinfo > /mnt/sdcard2/rom_dump/2222/misk/cpu.info
busybox df > /mnt/sdcard2/rom_dump/2222/misk/rom.info
busybox free > /mnt/sdcard2/rom_dump/2222/misk/ram.info
dd if=/dev/preloader of=/mnt/sdcard2/rom_dump/2222/over/full_preloader_part.raw bs=512c
dd if=/dev/preloader of=/mnt/sdcard2/rom_dump/2222/preloader.img bs=512c count=256 skip=4
dd if=/dev/preloader of=/mnt/sdcard2/rom_dump/2222/over/unknown.raw bs=512c count=64 skip=324
dd if=/dev/preloader of=/mnt/sdcard2/rom_dump/2222/dsp_bl.img bs=512c count=64 skip=260 2>/dev/null
dd if=/dev/mbr of=/mnt/sdcard2/rom_dump/2222/mbr.img bs=512c count=1
dd if=/dev/ebr1 of=/mnt/sdcard2/rom_dump/2222/ebr1.img bs=512c count=1
dd if=/dev/pmt of=/mnt/sdcard2/rom_dump/2222/over/pmt.raw bs=512c count=16
dd if=/dev/nvram of=/mnt/sdcard2/rom_dump/2222/misk/nvram.img bs=5242880c count=1
dd if=/dev/seccfg of=/mnt/sdcard2/rom_dump/2222/over/seccfg.raw bs=512c count=256
dd if=/dev/uboot of=/mnt/sdcard2/rom_dump/2222/uboot.img bs=393216c count=1
dd if=/dev/bootimg of=/mnt/sdcard2/rom_dump/2222/boot.img bs=6291456c count=1
dd if=/dev/bootimg of=/mnt/sdcard2/rom_dump/2222/BDRS-3333/boot.img bs=6291456c count=1
dd if=/dev/recovery of=/mnt/sdcard2/rom_dump/2222/recovery.img bs=6291456c count=1
dd if=/dev/recovery of=/mnt/sdcard2/rom_dump/2222/BDRS-3333/recovery.img bs=6291456c count=1
dd if=/dev/sec_ro of=/mnt/sdcard2/rom_dump/2222/over/sec_ro.raw bs=6291456c count=1
dd if=/dev/misc of=/mnt/sdcard2/rom_dump/2222/over/misc.raw bs=393216c count=1
dd if=/dev/logo of=/mnt/sdcard2/rom_dump/2222/logo.img bs=3145728c count=1
dd if=/dev/expdb of=/mnt/sdcard2/rom_dump/2222/over/expdb.raw bs=655360c count=1
busybox rm -r /system/lost+found
busybox rm -r /data/core
busybox rm -r /data/misc/sensors
busybox rm -r /data/lost+found
export SYSTEM_SIZE=$(busybox df -m | busybox grep emmc@android | busybox awk '{print $2}')
make_ext4fs -s -l "$SYSTEM_SIZE"M -L system /mnt/sdcard2/rom_dump/2222/system.img /system
busybox tar -cf /mnt/sdcard2/rom_dump/2222/BDRS-3333/system.ext4.tar /system
export CACHE_SIZE=$(/cache/bktool/busybox df -m | /cache/bktool/busybox grep emmc@cache | /cache/bktool/busybox awk '{print $2}')
make_ext4fs -s -l "$CACHE_SIZE"M -L cache /mnt/sdcard2/rom_dump/2222/misk/cache.img /cache
busybox tar -cf /mnt/sdcard2/rom_dump/2222/BDRS-3333/cache.ext4.tar /cache
ext2simg -v /dev/block/mmcblk0p3 /mnt/sdcard2/rom_dump/2222/data.img
busybox tar -cf /mnt/sdcard2/rom_dump/2222/BDRS-3333/data.ext4.tar /data
cd /mnt/sdcard2/rom_dump/2222/BDRS-3333
busybox md5sum *.* > nandroid.md5
cd /mnt/sdcard2/rom_dump/2222
busybox ls -lhR >> MT6577_a4_v2d.info
exit
到了这里你有得到了所有的rom备份
adb pull /sdcard2/rom_dump把这些rom文件给拉出来
大概你能得到这样的格式:
rom_dump
2222
* BDRS
boot.img
cache.ext4.tar
data.ext4.tar
nandroid.md5
recovery.img
system.ext4.tar
* misk
cache.img
cmdline.info
config.info
cpu.info
nvram.img
nvram.tar
ram.info
rom.info
* over
expdb.raw
full_preloader_part.raw
misc.raw
pmt.raw
sec_ro.raw
seccfg.raw
unknown.raw
boot.img
dsp_bl.img
ebr1.img
firmware.info
MT6577_a4_v2c.info
logo.img
mbr.img
preloader.img
recovery.img
system.img
uboot.img
data.img
下一步要写如何在刷进去
下一步结合源码看看这个狗屁公司做了哪些动作
所以,拿到一款MTK的手机,如果能够把其ROM拿出来,一定是很好玩的事情,我们可以对ROM进行进一步的优化处理,也可以去学习别人是处理ROM的。
本人做过实验,按照如下步骤,可以顺利提取ROM(主要是利用linux的adb功能)
第一步,Rooting你的phone
需要下载arm格式的busybox和su程序
adb shell mv /data/local/tmp /data/local/tmp.bak
adb shell ln -s /data /data/local/tmp
adb reboot
等待你的手机重启
adb shell rm /data/local.prop > nul
adb shell "echo \"ro.kernel.qemu=1\" > /data/local.prop"
adb reboot
等待你的手机重启
adb remount
adb push su /system/bin/su
adb shell chown 0.0 /system/bin/su
adb shell chmod 06755 /system/bin/su
adb push busybox /system/bin/busybox
adb shell chown 0.0 /system/bin/busybox
adb shell chmod 0755 /system/bin/busybox
adb shell rm /data/local.prop
adb shell rm /data/local/tmp
adb shell mv /data/local/tmp.bak /data/local/tmp
adb reboot
如果adb remount 失败的话,需要进行手工remount
adb shell mount -o rw,remount /emmc@android /system
chmod 777 /xxxxx-->为你要写入的目录
第二步,安装工具
需要下载ARM格式的make_ext4fs和ext2simg
adb push make_ext4fs /system/bin
adb push ext2simg /system/bin
第三步,开始干活
echo "create dirs"
adb shell mkdir /sdcard2/rom_dump
adb shell mkdir /sdcard2/rom_dump/2222
adb shell mkdir /sdcard2/rom_dump/2222/BDRS-3333
adb shell mkdir /sdcard2/rom_dump/2222/over
adb shell mkdir /sdcard2/rom_dump/2222/misk
然后:
adb shell,进入手机的终端输入
cd /mnt/sdcard2/rom_dump/2222
echo MT6577_a4_v2d.info > /mnt/sdcard2/rom_dump/2222/MT6577_a4_v2d.info
然后exit退出
然后
adb shell busybox mount -o remount,rw -t emmc /emmc@android /system
adb shell busybox mount -o remount,rw -t emmc /emmc@usrdata /data
adb shell busybox mount -o remount,rw -t emmc /emmc@cache /cache
然后
adb shell,进入手机终端,
dd if=/proc/dumchar_info of=/mnt/sdcard2/rom_dump/2222/firmware.info
busybox grep "ro.build.*" /system/build.prop | busybox grep -v "# *" > /mnt/sdcard2/rom_dump/2222/misk/config.info
cat /proc/cmdline > /mnt/sdcard2/rom_dump/2222/misk/cmdline.info
cat /proc/cpuinfo > /mnt/sdcard2/rom_dump/2222/misk/cpu.info
busybox df > /mnt/sdcard2/rom_dump/2222/misk/rom.info
busybox free > /mnt/sdcard2/rom_dump/2222/misk/ram.info
dd if=/dev/preloader of=/mnt/sdcard2/rom_dump/2222/over/full_preloader_part.raw bs=512c
dd if=/dev/preloader of=/mnt/sdcard2/rom_dump/2222/preloader.img bs=512c count=256 skip=4
dd if=/dev/preloader of=/mnt/sdcard2/rom_dump/2222/over/unknown.raw bs=512c count=64 skip=324
dd if=/dev/preloader of=/mnt/sdcard2/rom_dump/2222/dsp_bl.img bs=512c count=64 skip=260 2>/dev/null
dd if=/dev/mbr of=/mnt/sdcard2/rom_dump/2222/mbr.img bs=512c count=1
dd if=/dev/ebr1 of=/mnt/sdcard2/rom_dump/2222/ebr1.img bs=512c count=1
dd if=/dev/pmt of=/mnt/sdcard2/rom_dump/2222/over/pmt.raw bs=512c count=16
dd if=/dev/nvram of=/mnt/sdcard2/rom_dump/2222/misk/nvram.img bs=5242880c count=1
dd if=/dev/seccfg of=/mnt/sdcard2/rom_dump/2222/over/seccfg.raw bs=512c count=256
dd if=/dev/uboot of=/mnt/sdcard2/rom_dump/2222/uboot.img bs=393216c count=1
dd if=/dev/bootimg of=/mnt/sdcard2/rom_dump/2222/boot.img bs=6291456c count=1
dd if=/dev/bootimg of=/mnt/sdcard2/rom_dump/2222/BDRS-3333/boot.img bs=6291456c count=1
dd if=/dev/recovery of=/mnt/sdcard2/rom_dump/2222/recovery.img bs=6291456c count=1
dd if=/dev/recovery of=/mnt/sdcard2/rom_dump/2222/BDRS-3333/recovery.img bs=6291456c count=1
dd if=/dev/sec_ro of=/mnt/sdcard2/rom_dump/2222/over/sec_ro.raw bs=6291456c count=1
dd if=/dev/misc of=/mnt/sdcard2/rom_dump/2222/over/misc.raw bs=393216c count=1
dd if=/dev/logo of=/mnt/sdcard2/rom_dump/2222/logo.img bs=3145728c count=1
dd if=/dev/expdb of=/mnt/sdcard2/rom_dump/2222/over/expdb.raw bs=655360c count=1
busybox rm -r /system/lost+found
busybox rm -r /data/core
busybox rm -r /data/misc/sensors
busybox rm -r /data/lost+found
export SYSTEM_SIZE=$(busybox df -m | busybox grep emmc@android | busybox awk '{print $2}')
make_ext4fs -s -l "$SYSTEM_SIZE"M -L system /mnt/sdcard2/rom_dump/2222/system.img /system
busybox tar -cf /mnt/sdcard2/rom_dump/2222/BDRS-3333/system.ext4.tar /system
export CACHE_SIZE=$(/cache/bktool/busybox df -m | /cache/bktool/busybox grep emmc@cache | /cache/bktool/busybox awk '{print $2}')
make_ext4fs -s -l "$CACHE_SIZE"M -L cache /mnt/sdcard2/rom_dump/2222/misk/cache.img /cache
busybox tar -cf /mnt/sdcard2/rom_dump/2222/BDRS-3333/cache.ext4.tar /cache
ext2simg -v /dev/block/mmcblk0p3 /mnt/sdcard2/rom_dump/2222/data.img
busybox tar -cf /mnt/sdcard2/rom_dump/2222/BDRS-3333/data.ext4.tar /data
cd /mnt/sdcard2/rom_dump/2222/BDRS-3333
busybox md5sum *.* > nandroid.md5
cd /mnt/sdcard2/rom_dump/2222
busybox ls -lhR >> MT6577_a4_v2d.info
exit
到了这里你有得到了所有的rom备份
adb pull /sdcard2/rom_dump把这些rom文件给拉出来
大概你能得到这样的格式:
rom_dump
2222
* BDRS
boot.img
cache.ext4.tar
data.ext4.tar
nandroid.md5
recovery.img
system.ext4.tar
* misk
cache.img
cmdline.info
config.info
cpu.info
nvram.img
nvram.tar
ram.info
rom.info
* over
expdb.raw
full_preloader_part.raw
misc.raw
pmt.raw
sec_ro.raw
seccfg.raw
unknown.raw
boot.img
dsp_bl.img
ebr1.img
firmware.info
MT6577_a4_v2c.info
logo.img
mbr.img
preloader.img
recovery.img
system.img
uboot.img
data.img
下一步要写如何在刷进去
下一步结合源码看看这个狗屁公司做了哪些动作