-
Posts
8 -
Joined
-
Last visited
Content Type
Forums
Store
Crowdfunding
Applications
Events
Raffles
Community Map
Posts posted by 5p0ng3b0b
-
-
I wrote a bash script to extract a dtb file from a boot.img or boot.PARTITION file so no need for termux/python/perl etc. It doesn't even require busybox or root. Just run from terminal emulator app. Open terminal and type:
sh /path/to/dtb_extract.sh /path/to/boot.img
Script and resulting DTBs attached.
Edit: I was completely unaware that the boot image can contain multiple DTB files and I was only extracting the first one found *duh*. I amended the script and extracted 5 dtb files from my box. Also attached is a static dtc command so you can convert DTB files without termux. To get the correct DTB for your device type:
cat /proc/device-tree/amlogic-dt-id
dtb_extract.sh dtc g12a_u212_1g.dtb g12a_u212_2g.dtb g12a_u212_4g.dtb sm1_ac213_2g.dtb sm1_ac213_4g.dtb
-
21 hours ago, almotra said:
I do not know how to do.
Can you explain to me how to do it?
You ask for DTB for X96 max but this is s905x2 SoC. X96 max plus however is s905x3. Maybe this is the problem.
Carefully reading the recent posts on this thread should help provide an answer to extracting a stock recovery image, eg trying TWRP and using the backup function. 'How to get stock recovery image?' is a bit off topic IMO. You could try google, or make a new thread in another section asking this question.
-
On 2/24/2020 at 4:19 PM, almotra said:
Hello,
I'm looking for .dtb for x96max s905X3
I tried all the .dtb of the image, I also tried the .dtb ethfix of this post, some starts but no ethernet.Can you supply stock recovery image from box or firmware?
-
Get DTB file from recovery.PARTITION file.
Here is a second take a getting DTB file as extracting via /sys/firmware/devicetree/base using dtc didn't appear to work .
This time get DTB from recovery.PARTITION file using termux. Firstly on a PC, download and unzip stock tvbox image.
Then unpack firmware.img file with amlogic unpacker. Now transfer the recovery.PARTITION file to termux home folder.
The DTB file is embedded in this file so now just extract it. I already installed git, python, perl and wget etc to termux.
Spoiler#Install binwalk git clone https://github.com/ReFirmLabs/binwalk.git cd binwalk python setup.py install cd ..; rm -Rf binwalk #Get split_bootimg.pl script wget https://gist.githubusercontent.com/jberkel/1087743/raw/45046f87176dfacdc22af4290f89a0d2e0df1dbb/split_bootimg.pl chmod +x split_bootimg.pl #Split recovery.PARTITION ./split_bootimg.pl recovery.PARTITION #Unpack recovery.PARTITION-second.gz gunzip recovery.PARTITION-second.gz #Get offset of embedded DTB in recovery.PARTITION-second DTBOFFSET=$(binwalk -R "\xD0\x0D\xFE\xED" recovery.PARTITION-second | awk 'NR > 3 { print $1}' | head -n 1) #Get length of DTB in recovery.PARTITION-second DTBLEN=$((16#$(dd if=recovery.PARTITION-second bs=1 skip=$(($DTBOFFSET + 4)) count=4 status=none | od -tx1 | head -n 1 | cut -d ' ' -f 2- | sed 's/ //g' ))) #Now extract and create dtb file dd if=recovery.PARTITION-second of=mybox.dtb bs=1 skip=$DTBOFFSET count=$DTBLEN
The resulting file was 76,302 bytes in my case from a magicsee N5 plus box. I still can't test yet because I haven't got it to boot from external storage but can confirm the dtc command worked on it.
dtc -I dtb -O dts -o mybox.dts mybox.dtb
Update:
This also worked from a recovery image file created by dd if=/dev/block/recovery of=recovery.PARTITION so this can be done completely from rooted device and without access to stock firmware. Produced an identicle DTB.
-
@keynote. Shame the dtb not working . Probably need some python/perl script to parse the dts file
Not all boxes are equal, Is there a bootloader partition? This should list all emmc partitions
ls $(find /dev/block/platform/ -name "by-name")
su dd if=$(find /dev/block/platform/ -name "by-name")/bootloader of=/sdcard/bootloader.img
Or try TWRP backup function. Apply zip file using update app or from recovery mode (this will not overwrite your stock recovery).
-
For those that have not found a working dtb yet, you might want to give this method of extracting dtb and dts files a shot (hardware keyboard recommended or setup sshd via termux). Install termux. Open it and type:
termux-setup-storage apt update apt install dtc dtc -q -I fs -O dts /sys/firmware/devicetree/base -o /sdcard/mytvbox.dts dtc -q -I fs -O dtb /sys/firmware/devicetree/base -o /sdcard/mytvbox.dtb
I am unable to test this method presently due to other issues but I am dying to know if it works. The files generated are larger than the dtb files in the armbian images but they are similar size to the dtb files from coreelec. If the dtb file doesn't work, at least the dts file might give some clues as to why alternative dtb files have wifi or ethernet issues etc. You can also convert other dtb to dts and vice versa so you can open the dts files in a text editor and compare.
To convert dtb to dts.
dtc -O dts -o tvbox.dts tvbox.dtb
To convert dts to dtb.
dtc -O dtb -o mytvbox.dtb mybox.dts
-
Really looking forward to running armbian one day on my S905x3 device but ran into difficulty from the get go running aml_autoscript.
I was initially posting here with a cry for help but managed to sort the problem and thought I'd share my solution as this alternative method doesn't appear to be documented anywhere.
The problem:
Downloaded and burned Armbian_20.02.0-rc1.037_Aml-s9xxx_buster_current_5.5.0-rc6_20200205.img to sdcard.
Using the update app that was preinstalled on the android device, I tried loading aml_autoscript from external sd card, usb ports and internal storage but got the same error every time.
E:Block map file is too short: 3 E:Map of '@/cache/recovery/block.map' failed E:failed to map file Installation aborted
I tried all the above with different sdcards and usb sticks but still no luck. Running aml_autoscript from stock recovery gave a different error:
E:mmap(0, R, PRIVATE, 6, 0) failed: Invalid argument E:Map of 'udisk/aml_autoscript.zip' failed E:failed to map file Installation aborted
The solution:
I didn't want to go down the uart/uboot route as I don't know where the tx/rx points are on this box and my eyesight isn't that great anymore. Plus my soldering days were over many years ago. I was able to boot into a twrp.zip via stock recovery, but there was no setenv command in the twrp console to enter the info manually. Perhaps there is a command I could enter to run the aml_autoscript from here, I have no idea. I decided the way forward was to extract the env partition with twrp (you can just as easily do it with dd or fastboot) and hack it before flashing it back. I opened the file up with a hex editor and could see what looked like a uboot environment with fatload commands etc, a 4 byte header at the start of the file then each command separated by a null byte. I'm looking at yet another brick if I bork it, so I'm not doing this with a hex editor. Convert it to a text file, make the changes and convert the text file back to the original 8mb image format was the plan. All I had to do was trim the trailing zeros and replace the remaining null bytes with a newline. I copied the file to my PC to do the job but it can all be done from a rooted box with busybox installed.
cp env.emmc.win env.emmc.bak; cat env.emmc.win | sed '$ s/\x00*$//' | sed "s/\x00/\n/g" > env.txt
That one-liner seemed to do the the trick (note backup). The resulting file gave me:
Spoileråby®EnableSelinux=permissive Irq_check_en=0 active_slot=normal baudrate=115200 bcb_cmd=get_avb_mode;get_valid_slot; boot_part=boot bootcmd=ddr_auto_fast_boot_check 6 0 0 50;run storeboot bootdelay=1 cmdline_keys=if keyman init 0x1234; then if keyman read usid ${loadaddr} str; then setenv bootargs ${bootargs} androidboot.serialno=${usid};setenv serial ${usid};else setenv bootargs ${bootargs} androidboot.serialno=1234567890;setenv serial 1234567890;fi;if keyman read mac ${loadaddr} str; then setenv bootargs ${bootargs} mac=${mac} androidboot.mac=${mac};fi;if keyman read deviceid ${loadaddr} str; then setenv bootargs ${bootargs} androidboot.deviceid=${deviceid};fi;fi; colorattribute=444,12bit cvbs_drv=0 cvbsmode=576cvbs display_bpp=16 display_color_bg=0 display_color_fg=0xffff display_color_index=16 display_height=1080 display_layer=osd0 display_width=1920 dtb_mem_addr=0x1000000 ethaddr=00:15:18:01:81:31 factory_reset_poweroff_protect=echo wipe_data=${wipe_data}; echo wipe_cache=${wipe_cache};if test ${wipe_data} = failed; then run init_display; run storeargs;if mmcinfo; then run recovery_from_sdcard;fi;if usb start 0; then run recovery_from_udisk;fi;run recovery_from_flash;fi; if test ${wipe_cache} = failed; then run init_display; run storeargs;if mmcinfo; then run recovery_from_sdcard;fi;if usb start 0; then run recovery_from_udisk;fi;run recovery_from_flash;fi; fb_addr=0x3d800000 fb_height=1080 fb_width=1920 fdt_high=0x20000000 firstboot=0 frac_rate_policy=1 fs_type=rootfstype=ramfs gatewayip=10.18.9.1 hdmi_read_edid=1 hdmimode=1080p60hz hostname=arm_gxbb init_display=get_rebootmode;echo reboot_mode:::: ${reboot_mode};if test ${reboot_mode} = quiescent; then setenv reboot_mode_android quiescent;run storeargs;setenv bootargs ${bootargs} androidboot.quiescent=1;osd open;osd clear;else if test ${reboot_mode} = recovery_quiescent; then setenv reboot_mode_android quiescent;run storeargs;setenv bootargs ${bootargs} androidboot.quiescent=1;osd open;osd clear;else setenv reboot_mode_android normal;run storeargs;hdmitx hpd;hdmitx get_preferred_mode;osd open;osd clear;imgread pic logo bootup $loadaddr;bmp display $bootup_offset;bmp scale;vout output ${outputmode};vpp hdrpkt;fi;fi; initargs=init=/init console=ttyS0,115200 no_console_suspend earlyprintk=aml-uart,0xff803000 ramoops.pstore_en=1 ramoops.record_size=0x8000 ramoops.console_size=0x4000 ipaddr=10.18.9.97 irremote_update=if irkey 2500000 0xe31cfb04 0xb748fb04; then echo read irkey ok!; if itest ${irkey_value} == 0xe31cfb04; then run update;else if itest ${irkey_value} == 0xb748fb04; then run update; fi;fi;fi; jtag=disable loadaddr=1080000 lock=10001000 netmask=255.255.255.0 osd_reverse=0 otg_device=1 outputmode=1080p60hz panel_type=lcd_1 preboot=run bcb_cmd; run factory_reset_poweroff_protect;run upgrade_check;run init_display;run storeargs;run upgrade_key;bcb uboot-command;run switch_bootmode; reboot_mode_android=normal recovery_from_flash=get_valid_slot;echo active_slot: ${active_slot};if test ${active_slot} = normal; then setenv bootargs ${bootargs} ${fs_type} aml_dt=${aml_dt} recovery_part={recovery_part} recovery_offset={recovery_offset};if imgread kernel ${recovery_part} ${loadaddr} ${recovery_offset}; then wipeisb; bootm ${loadaddr}; fi;else setenv bootargs ${bootargs} ${fs_type} aml_dt=${aml_dt} recovery_part=${boot_part} recovery_offset=${recovery_offset};if imgread kernel ${boot_part} ${loadaddr}; then bootm ${loadaddr}; fi;fi; recovery_from_sdcard=if fatload mmc 0 ${loadaddr} aml_autoscript; then autoscr ${loadaddr}; fi;if fatload mmc 0 ${loadaddr} recovery.img; then if fatload mmc 0 ${dtb_mem_addr} dtb.img; then echo sd dtb.img loaded; fi;wipeisb; setenv bootargs ${bootargs} ${fs_type};bootm ${loadaddr};fi; recovery_from_udisk=if fatload usb 0 ${loadaddr} aml_autoscript; then autoscr ${loadaddr}; fi;if fatload usb 0 ${loadaddr} recovery.img; then if fatload usb 0 ${dtb_mem_addr} dtb.img; then echo udisk dtb.img loaded; fi;wipeisb; setenv bootargs ${bootargs} ${fs_type};bootm ${loadaddr};fi; recovery_offset=0 recovery_part=recovery sdc_burning=sdc_burn ${sdcburncfg} sdcburncfg=aml_sdc_burn.ini sdr2hdr=2 serverip=10.18.9.113 storeargs=setenv bootargs ${initargs} otg_device=${otg_device} reboot_mode_android=${reboot_mode_android} logo=${display_layer},loaded,${fb_addr} vout=${outputmode},enable panel_type=${panel_type} hdmitx=${cecconfig},${colorattribute} hdmimode=${hdmimode} frac_rate_policy=${frac_rate_policy} hdmi_read_edid=${hdmi_read_edid} cvbsmode=${cvbsmode} osd_reverse=${osd_reverse} video_reverse=${video_reverse} irq_check_en=${Irq_check_en} androidboot.selinux=${EnableSelinux} androidboot.firstboot=${firstboot} jtag=${jtag}; setenv bootargs ${bootargs} androidboot.hardware=amlogic;run cmdline_keys; storeboot=boot_cooling;get_system_as_root_mode;echo system_mode: ${system_mode};if test ${system_mode} = 1; then setenv bootargs ${bootargs} ro rootwait skip_initramfs;else setenv bootargs ${bootargs} ${fs_type};fi;get_valid_slot;get_avb_mode;echo active_slot: ${active_slot};if test ${active_slot} != normal; then setenv bootargs ${bootargs} androidboot.slot_suffix=${active_slot};fi;if test ${avb2} = 0; then if test ${active_slot} = _a; then setenv bootargs ${bootargs} root=/dev/mmcblk0p23;else if test ${active_slot} = _b; then setenv bootargs ${bootargs} root=/dev/mmcblk0p24;fi;fi;fi;if imgread kernel ${boot_part} ${loadaddr}; then bootm ${loadaddr}; fi;run storeargs; run update; switch_bootmode=get_rebootmode;if test ${reboot_mode} = factory_reset; then setenv reboot_mode_android normal;run storeargs;run recovery_from_flash;else if test ${reboot_mode} = update; then setenv reboot_mode_android normal;run storeargs;run update;else if test ${reboot_mode} = quiescent; then setenv reboot_mode_android quiescent;run storeargs;setenv bootargs ${bootargs} androidboot.quiescent=1;else if test ${reboot_mode} = recovery_quiescent; then setenv reboot_mode_android quiescent;run storeargs;setenv bootargs ${bootargs} androidboot.quiescent=1;run recovery_from_flash;else if test ${reboot_mode} = cold_boot; then setenv reboot_mode_android normal;run storeargs;else if test ${reboot_mode} = fastboot; then setenv reboot_mode_android normal;run storeargs;fastboot;fi;fi;fi;fi;fi;fi; try_auto_burn=update 700 750; update=run usb_burning; run sdc_burning; if mmcinfo; then run recovery_from_sdcard;fi;if usb start 0; then run recovery_from_udisk;fi;run recovery_from_flash; upgrade_check=echo upgrade_step=${upgrade_step}; if itest ${upgrade_step} == 3; then run init_display; run storeargs; run update;else fi; upgrade_key=if gpio input GPIOAO_3; then echo detect upgrade key; run update;fi; upgrade_step=1 usb_burning=update 1000 video_reverse=0 wipe_cache=successful wipe_data=successful 1080p60hz_deepcolor=444,12bit
So, I delete the 1st 4 characters as it turns out this is a checksum and if it isn't right then everything goes back to default values and it's back to square one. Then amended the exsisting variables (bootcmd and upgrade_step) and added the start_* variables. Note each variable has an '=' before the definition and there are no quotes, so not exactly copy and paste from the aml_autoscript file. I also observed that the environment variables were sort of in alphabetical order and thought it cautious to keep it that way and inserted the new variables between the 'serverip' and 'storeargs' variables. Now it was just a case of saving env.txt and converting the file back. As the 4 byte checksum needs to be there, I had to install uboot-tools as only the mkenvimage command can do this and build the env image.
mkenvimage -s 8388608 -p 0x00 -o env.emmc.win env.txt
Check the file with;
cat env.emmc.win | od -tx1
Burn the file back to the /dev/block/env or $(find /dev/block/platform | grep by-name/env) partition. Remember the file is now modded so the original twrp backup checksum won't work. Recreate it with;
md5sum env.emmc.win > env.emmc.win.md5
X96 Max+ - g12a or sm1 dtb files
in General Chat
Posted
If you open terminal in android, what does cat /proc/device-tree/amlogic-dt-id give you?
The attached dtb files were extracted from the firmware downloaded from here.
x96maxplus_dtbs.zip