LiveSuit image - unpacking and repacking

This is where things get a bit hairy.

To unpack the LiveSuit image, there is a Windows tool floating around called unimg.exe. This appears to have been written by "esxgx", who seems associated with Allwinner themselves. There appear to be two versions of the program around (see, for example, the posts at http://forum.xda-developers.com/showthread.php?t=1490886&page=2. There are various places to get the program, which I'll come to in a minute.

In order to repack the extracted files into a usable LiveSuit image again, there seem to be two techniques. One is to use yet another mysterious program called "dragon" (appears to be another Allwinner program). This is done in the "flash kitchen" available through the link at https://www.miniand.com/wiki/Allwinner/Unpacking+and+building+LiveSuit+images. However, dragon requires a separate configuration file which contains details of which files to use, checksums etc. While this is theoretically possible, I simply couldn't get it to work. The dragon method is used by what I initially though would be a good solution: http://www.slatedroid.com/topic/28942-50-to-the-first-person-to-figure-this-out/page__view__findpost__p__308691.

The second option for repacking the files is to actually use unimg.exe again, but with a different switch (-e). Somebody discovered this (http://www.slatedroid.com/topic/28942-50-to-the-first-person-to-figure-this-out/page__view__findpost__p__310449). The beauty of this method is that it does not require any additional files, just the ones which were extracted from the image in the first place. This is the method which worked for me and the one I'll describe here. The only slight downside is that the guy who made the ZIP file, SlateDroid user "ainolmodder", appears to have been banned from the forums and is no longer around! However, the file is still available.

So, here we go. We start with the stock LiveSuit image which in my case is called Q88.img. I'm not going to describe any modifications to the LiveSuit files, just how to unpack and repack them into a usable image.

Get ImageSuite.zip

Go to http://www.slatedroid.com/topic/28942-50-to-the-first-person-to-figure-this-out/page__st__20__p__310449#entry310449 and download the attached "ImageSuite.zip" file. Extract this to a folder on your computer. This contains the relevant programs for unpacking and repacking the image. Place the stock image file in this folder as well. The folder contents should be:

unimg.exe is the actual program which does the unpacking/repacking of the files.

FileAddSum.exe is used to create checksums for the individual files - this would be required if any of the files were modified.

The two repack_*.bat batch files are for repacking the image depending on whether it's a gingerbread or ice cream sandwich version of Android (I have ICS).

extract_img.bat is a batch file to extract the image.

Unpacking

Let's have a look at the contents of extract_img.bat:

@echo off

set IMG=%1

if exist image.img.dump rd /q /s image.img.dump

unimg -d %IMG%
rename %IMG%.dump image.img.dump

This is simple enough. We would run extract_img.bat Q88.img. If the output folder image.img.dump already exists it's deleted. Then the image is unpacked using unimg -d &IMG&. This will produce an output folder called (in my case) q88.img.dump. Finally, this is renamed to image.img.dump. Let's go ahead - fire up a command promp, navigate to the folder, and run extract_img.bat Q88.img. Important note: AVG antivirus may flag the program as malicious. This is a false positive so you will have to disable antivirus.

As the program runs, you will see a list of the filenames as they're extracted. Once it's finished, have a look in the output folder image.img.dump. There will be a whole pile of files there, corresponding to things like partitions, boot tools, checksums etc. These are explained briefly later.

While we're on a roll, let's immediately repack the files into an output LiveSuit image.

Repacking

If we haven't changed any of the files, we can simply run

unimg -e image.img

and this will recombine all the files. The size of my output image was slightly different (few kB) from what I started with, but it worked fine. You can now use LiveSuit to burn this image and hopefully it should work.

If any of the files had been changed, this would not work. Remember FileAddSum? This is used to create checksums for the modified files so unimg works properly. Here's the contents of repack_ics.bat:

@echo off

set IMG=%1

FileAddSum "image.img.dump\RFSFAT16_BOOT_00000000000" "image.img.dump\RFSFAT16_VBOOT_0000000000"
FileAddSum "image.img.dump\RFSFAT16_BOOTLOADER_00000" "image.img.dump\RFSFAT16_VBOOTLOADER_0000"
FileAddSum "image.img.dump\RFSFAT16_ENVIROMENT_00000" "image.img.dump\RFSFAT16_VENVIROMENT_0000"
FileAddSum "image.img.dump\RFSFAT16_RECOVERY_0000000" "image.img.dump\RFSFAT16_VRECOVERYFS_0000"
FileAddSum "image.img.dump\RFSFAT16_SYSTEM_000000000" "image.img.dump\RFSFAT16_VSYSTEMFS_000000"

unimg -e image.img
ren image.img %IMG%

if exist image.img.dump rd /q /s image.img.dump

The various FileAddSum lines create new checksums for each of the modified files. Don't worry about this for now.

Brief look at the unpacked files

First, there is a text file Filelist.txt which lists all the files extracted. There are lots of .hdr files - ignore these. They are required, but I don't know what they're for. There appears to be a 1:1 correspondence with the other files.

Here's a list of the remaining files of interest:

12345678_1234567890boot_0
12345678_1234567890boot_1
12345678_1234567890cardtl
12345678_1234567890dlinfo
12345678_1234567890script
12345678_1234567890___mbr
BOOT    _BOOT0_0000000000
BOOT    _BOOT1_0000000000
COMMON  _SPLIT_0000000000
COMMON  _SYS_CONFIG000000
COMMON  _SYS_CONFIG100000
FED     _CARD_FED_0000000
FED     _FED_NAND_0000000
FES     _FES_000000000000
FES     _FES_1-1000000000
FES     _FES_1-2000000000
FES     _FES_200000000000
FET     _CARD_HW_SCAN_000
FET     _CARD_UPDATE_BOT0
FET     _CARD_UPDATE_BOT1
FET     _FET_RESTORE_0000
FET     _HW_SCAN_00000000
FET     _MAGIC_CRC_EN_000
FET     _MAGIC_CRC_START_
FET     _MAGIC_DE_END_000
FET     _MAGIC_DE_START_0
FET     _UPDATE_BOOT0_000
FET     _UPDATE_BOOT1_000
PXTOOLS _xxxxxxxxxxxxxxxx
RFSFAT16_BOOTLOADER_00000
RFSFAT16_BOOT_00000000000
RFSFAT16_DATA_00000000000
RFSFAT16_DISKFS_000000000
RFSFAT16_ENVIROMENT_00000
RFSFAT16_RECOVERY_0000000
RFSFAT16_SYSTEM_000000000
RFSFAT16_VBOOTLOADER_0000
RFSFAT16_VBOOT_0000000000
RFSFAT16_VDATA_0000000000
RFSFAT16_VENVIROMENT_0000
RFSFAT16_VRECOVERYFS_0000
RFSFAT16_VSYSTEMFS_000000

Here's an attempt at a description of each of the files, with help from http://linux-sunxi.org/LiveSuit_images. Description comes after the list of files.

12345678_1234567890boot_0
12345678_1234567890boot_1
12345678_1234567890cardtl
12345678_1234567890dlinfo
12345678_1234567890script
12345678_1234567890___mbr

"These are bootloaders, config files, and tools for SDMMC flashing. If there's a device with SDMMC internal instead of NAND, these are used."

BOOT    _BOOT0_0000000000
BOOT    _BOOT1_0000000000

These are the two bootloaders which are to be stored in the internal memory.

COMMON  _SPLIT_0000000000

No idea! Contains a big alphanumeric string:a1sp9maKde37ee6c-6dc4-4d74-86f0-db32116efb53e0e40ccf-7a66-406b-88c3-415b4a62a8f7777622ab-6bd0-464f-9da5-4cc203e855ea8ce5671f-e8b5-442e-9300-2ee6836c538aabf5f481-c961-4895-8245-631f74851d0c2bbb4229-55a8-4929-a165-3f406f0ee441ab5d09a9-c4dc-44bb-a175-cfb7c978a062329ea51e-1ddc-44ff-ac09-9ef7b64e0c52a712e47d-13f7-4490-9fea-bdcd587b8a4a5ed4d4e6-0ba3-45c5-a778-3232a42d4d960a9b7466-d7b3-4087-b8ff-c51763b852a50cd78bb6-a6d5-43a8-8661-fb91abd346433e8a86ee-711e-49c1-ad54-b59dd01fe513e22b0d8b-647f-4417-a115-9806c5d64eec.

COMMON  _SYS_CONFIG000000
COMMON  _SYS_CONFIG100000

These are very important. COMMON_SYS_CONFIG000000 tells LiveSuit what partitions and sizes to create and which files to burn to these partitions. COMMON_SYS_CONFIG100000 is a complete configuration file for the A13 processor itself, and contains interesting stuff like pin definitions. This can be converted to/from the script.bin file in the bootloader partition using fex2bin/bin2fex.

FED     _CARD_FED_0000000
FED     _FED_NAND_0000000
FES     _FES_000000000000
FES     _FES_1-1000000000
FES     _FES_1-2000000000
FES     _FES_200000000000
FET     _CARD_HW_SCAN_000
FET     _CARD_UPDATE_BOT0
FET     _CARD_UPDATE_BOT1
FET     _FET_RESTORE_0000
FET     _HW_SCAN_00000000
FET     _MAGIC_CRC_EN_000
FET     _MAGIC_CRC_START_
FET     _MAGIC_DE_END_000
FET     _MAGIC_DE_START_0
FET     _UPDATE_BOOT0_000
FET     _UPDATE_BOOT1_000

"These tools are NAND flashing utilities, checksums, hardware scanner, and other tools used during flashing."

PXTOOLS _xxxxxxxxxxxxxxxx

"This is a win32 DLL!!! - seems maybe a plugin for Livesuit"

RFSFAT16_BOOTLOADER_00000
RFSFAT16_BOOT_00000000000
RFSFAT16_DATA_00000000000
RFSFAT16_ENVIROMENT_00000
RFSFAT16_RECOVERY_0000000
RFSFAT16_SYSTEM_000000000

These are the actual partition images. BOOTLOADER is a vfat image and corresponds exactly with nanda. BOOT is the boot image, corresponding to nandc. DATA is a sparse ext4 containing the data filesystem, corresponding to nande. ENVIRONMENT is identical to nandb and contains the u-boot parameters. RECOVERY is a sparse ext4 corresponding to nandg. SYSTEM is a sparse ext4 image containing the system files, corresponds to nandd.

RFSFAT16_VBOOTLOADER_0000
RFSFAT16_VBOOT_0000000000
RFSFAT16_VDATA_0000000000
RFSFAT16_VENVIROMENT_0000
RFSFAT16_VRECOVERYFS_0000
RFSFAT16_VSYSTEMFS_000000

These are checksum files corresponding to each partition file and are generated using FileAddSum. If any of the partition files are modified, then these checksum files must be recreated for the packing to work.

RFSFAT16_DISKFS_000000000

This is a weird one. It is a vfat partition (mount using sudo mount -o loop,uid=1000,gid=1000 -t vfat RFSFAT16_DISKFS_000000000 mount) and contains three files: a 2.73MB MP3 of a mind-numbing song called "butterfly" by Swedish bubblegum dance group Smile.dk (yep!), a 16MB MOV trailer for the film "Kung Fu Panda" (released in 2008), and a mysterious file called magic.bin which contains the same text string as in the COMMON _SPLIT_0000000000 file. Despite hunting around, these files (the MP3 and MOV) do not appear on the device anywhere once flashed, so possibly this file is ignored.

According to the link above, this is an "ext4 image containing the the initram (init.rc, default.prop, initlogo, etc), it is empty in this example."

Back to index