[X96 Max+ - g12a or sm1 dtb files]

If you open terminal in android, what does cat /proc/device-tree/amlogic-dt-id give you?

The attached dtb files were extracted from the firmware downloaded from here.

x96maxplus_dtbs.zip

[Armbian for Amlogic S905X3]

I wrote a bash script to extract a dtb file from a boot.img or boot.PARTITION file so no need for termux/python/perl etc. It doesn't even require busybox or root. Just run from terminal emulator app. Open terminal and type:

sh /path/to/dtb_extract.sh /path/to/boot.img

Script and resulting DTBs attached.

 

Edit: I was completely unaware that the boot image can contain multiple DTB files and I was only extracting the first one found *duh*. I amended the script and extracted 5 dtb files from my box. Also attached is a static dtc command so you can convert DTB files without termux. To get the correct DTB for your device type:

cat /proc/device-tree/amlogic-dt-id

dtb_extract.sh dtc g12a_u212_1g.dtb g12a_u212_2g.dtb g12a_u212_4g.dtb sm1_ac213_2g.dtb sm1_ac213_4g.dtb

[Armbian for Amlogic S905X3]

21 hours ago, almotra said:

I do not know how to do.
Can you explain to me how to do it?
 

You ask for DTB for X96 max but this is s905x2 SoC. X96 max plus however is s905x3. Maybe this is the problem.

Carefully reading the recent posts on this thread should help provide an answer to extracting a stock recovery image, eg trying TWRP and using the backup function. 'How to get stock recovery image?' is a bit off topic IMO. You could try google, or make a new thread in another section asking this question.

[Armbian for Amlogic S905X3]

On 2/24/2020 at 4:19 PM, almotra said:

Hello,
I'm looking for .dtb for x96max s905X3
I tried all the .dtb of the image, I also tried the .dtb ethfix of this post, some starts but no ethernet.

Can you supply stock recovery image from box or firmware?

[Armbian for Amlogic S905X3]

Get DTB file from recovery.PARTITION file.

 

Here is a second take a getting DTB file as extracting via /sys/firmware/devicetree/base using dtc didn't appear to work .

This time get DTB from recovery.PARTITION file using termux. Firstly on a PC, download and unzip stock tvbox image.

Then unpack firmware.img file with amlogic unpacker. Now transfer the recovery.PARTITION file to termux home folder.

The DTB file is embedded in this file so now just extract it. I already installed git, python, perl and wget etc to termux.

Spoiler

#Install binwalk
git clone https://github.com/ReFirmLabs/binwalk.git
cd binwalk
python setup.py install
cd ..; rm -Rf binwalk
#Get split_bootimg.pl script
wget https://gist.githubusercontent.com/jberkel/1087743/raw/45046f87176dfacdc22af4290f89a0d2e0df1dbb/split_bootimg.pl
chmod +x split_bootimg.pl
#Split recovery.PARTITION
./split_bootimg.pl recovery.PARTITION
#Unpack recovery.PARTITION-second.gz
gunzip recovery.PARTITION-second.gz
#Get offset of embedded DTB in recovery.PARTITION-second
DTBOFFSET=$(binwalk -R "\xD0\x0D\xFE\xED" recovery.PARTITION-second | awk 'NR > 3 { print $1}' | head -n 1)
#Get length of DTB in recovery.PARTITION-second
DTBLEN=$((16#$(dd if=recovery.PARTITION-second bs=1 skip=$(($DTBOFFSET + 4)) count=4 status=none | od -tx1 | head -n 1 | cut -d ' ' -f 2- | sed 's/ //g' )))
#Now extract and create dtb file
dd if=recovery.PARTITION-second of=mybox.dtb bs=1 skip=$DTBOFFSET count=$DTBLEN

 

 The resulting file was 76,302 bytes in my case from a magicsee N5 plus box. I still can't test yet because I haven't got it to boot from external storage but can confirm the dtc command worked on it.

dtc -I dtb -O dts -o mybox.dts mybox.dtb

Update:

This also worked from a recovery image file created by dd if=/dev/block/recovery of=recovery.PARTITION so this can be done completely from rooted device and without access to stock firmware. Produced an identicle DTB.

 

n5plus.dtb n5plus.dts

[Armbian for Amlogic S905X3]

@keynote. Shame the dtb not working . Probably need some python/perl script to parse the dts file

 Not all boxes are equal, Is there a bootloader partition? This should list all emmc partitions

ls $(find /dev/block/platform/ -name "by-name")

 

su
dd if=$(find /dev/block/platform/ -name "by-name")/bootloader of=/sdcard/bootloader.img

 

Or try TWRP backup function. Apply zip file using update app or from recovery mode (this will not overwrite your stock recovery).

TWRP_3.2.2_Android_9.0.zip

 

[Armbian for Amlogic S905X3]

For those that have not found a working dtb yet, you might want to give this method of extracting dtb and dts files a shot (hardware keyboard recommended or setup sshd via termux). Install termux. Open it and type:

termux-setup-storage
apt update
apt install dtc
dtc -q -I fs -O dts /sys/firmware/devicetree/base -o /sdcard/mytvbox.dts
dtc -q -I fs -O dtb /sys/firmware/devicetree/base -o /sdcard/mytvbox.dtb

I am unable to test this method presently due to other issues but I am dying to know if it works. The files generated are larger than the dtb files in the armbian images but they are similar size to the dtb files from coreelec. If the dtb file doesn't work, at least the dts file might give some clues as to why alternative dtb files have wifi or ethernet issues etc. You can also convert other dtb to dts and vice versa so you can open the dts files in a text editor and compare.

To convert dtb to dts.

dtc -O dts -o tvbox.dts tvbox.dtb

To convert dts to dtb.

dtc -O dtb -o mytvbox.dtb mybox.dts

 

[Armbian for Amlogic S905X3]

Really looking forward to running armbian one day on my S905x3 device but ran into difficulty from the get go running aml_autoscript.

I was initially posting here with a cry for help but managed to sort the problem and thought I'd share my solution as this alternative method doesn't appear to be documented anywhere.

 

The problem:

 

Downloaded and burned Armbian_20.02.0-rc1.037_Aml-s9xxx_buster_current_5.5.0-rc6_20200205.img to sdcard.

Using the update app that was preinstalled on the android device, I tried loading aml_autoscript from external sd card, usb ports and internal storage but got the same error every time.

E:Block map file is too short: 3
E:Map of '@/cache/recovery/block.map' failed
E:failed to map file
Installation aborted

I tried all the above with different sdcards and usb sticks but still no luck. Running aml_autoscript from stock recovery gave a different error:

E:mmap(0, R, PRIVATE, 6, 0) failed: Invalid argument
E:Map of 'udisk/aml_autoscript.zip' failed
E:failed to map file
Installation aborted

The solution:

 

I didn't want to go down the uart/uboot route as I don't know where the tx/rx points are on this box and my eyesight isn't that great anymore. Plus my soldering days were over many years ago. I was able to boot into a twrp.zip via stock recovery, but there was no setenv command in the twrp console to enter the info manually. Perhaps there is a command I could enter to run the aml_autoscript from here, I have no idea. I decided the way forward was to extract the env partition with twrp (you can just as easily do it with dd or fastboot) and hack it before flashing it back. I opened the file up with a hex editor and could see what looked like a uboot environment with fatload commands etc, a 4 byte header at the start of the file then each command separated by a null byte. I'm looking at yet another brick if I bork it, so I'm not doing this with a hex editor. Convert it to a text file, make the changes and convert the text file back to the original 8mb image format was the plan. All I had to do was trim the trailing zeros and replace the remaining null bytes with a newline. I copied the file to my PC to do the job but it can all be done from a rooted box with busybox installed.

cp env.emmc.win env.emmc.bak; cat env.emmc.win | sed '$ s/\x00*$//' | sed "s/\x00/\n/g" > env.txt

That one-liner seemed to do the the trick (note backup). The resulting file gave me:

 

Spoiler

 

åby®EnableSelinux=permissive
Irq_check_en=0
active_slot=normal
baudrate=115200
bcb_cmd=get_avb_mode;get_valid_slot;
boot_part=boot
bootcmd=ddr_auto_fast_boot_check 6 0 0 50;run storeboot
bootdelay=1
cmdline_keys=if keyman init 0x1234; then if keyman read usid ${loadaddr} str; then setenv bootargs ${bootargs} androidboot.serialno=${usid};setenv serial ${usid};else setenv bootargs ${bootargs} androidboot.serialno=1234567890;setenv serial 1234567890;fi;if keyman read mac ${loadaddr} str; then setenv bootargs ${bootargs} mac=${mac} androidboot.mac=${mac};fi;if keyman read deviceid ${loadaddr} str; then setenv bootargs ${bootargs} androidboot.deviceid=${deviceid};fi;fi;
colorattribute=444,12bit
cvbs_drv=0
cvbsmode=576cvbs
display_bpp=16
display_color_bg=0
display_color_fg=0xffff
display_color_index=16
display_height=1080
display_layer=osd0
display_width=1920
dtb_mem_addr=0x1000000
ethaddr=00:15:18:01:81:31
factory_reset_poweroff_protect=echo wipe_data=${wipe_data}; echo wipe_cache=${wipe_cache};if test ${wipe_data} = failed; then run init_display; run storeargs;if mmcinfo; then run recovery_from_sdcard;fi;if usb start 0; then run recovery_from_udisk;fi;run recovery_from_flash;fi; if test ${wipe_cache} = failed; then run init_display; run storeargs;if mmcinfo; then run recovery_from_sdcard;fi;if usb start 0; then run recovery_from_udisk;fi;run recovery_from_flash;fi; 
fb_addr=0x3d800000
fb_height=1080
fb_width=1920
fdt_high=0x20000000
firstboot=0
frac_rate_policy=1
fs_type=rootfstype=ramfs
gatewayip=10.18.9.1
hdmi_read_edid=1
hdmimode=1080p60hz
hostname=arm_gxbb
init_display=get_rebootmode;echo reboot_mode:::: ${reboot_mode};if test ${reboot_mode} = quiescent; then setenv reboot_mode_android quiescent;run storeargs;setenv bootargs ${bootargs} androidboot.quiescent=1;osd open;osd clear;else if test ${reboot_mode} = recovery_quiescent; then setenv reboot_mode_android quiescent;run storeargs;setenv bootargs ${bootargs} androidboot.quiescent=1;osd open;osd clear;else setenv reboot_mode_android normal;run storeargs;hdmitx hpd;hdmitx get_preferred_mode;osd open;osd clear;imgread pic logo bootup $loadaddr;bmp display $bootup_offset;bmp scale;vout output ${outputmode};vpp hdrpkt;fi;fi;
initargs=init=/init console=ttyS0,115200 no_console_suspend earlyprintk=aml-uart,0xff803000 ramoops.pstore_en=1 ramoops.record_size=0x8000 ramoops.console_size=0x4000 
ipaddr=10.18.9.97
irremote_update=if irkey 2500000 0xe31cfb04 0xb748fb04; then echo read irkey ok!; if itest ${irkey_value} == 0xe31cfb04; then run update;else if itest ${irkey_value} == 0xb748fb04; then run update;
fi;fi;fi;
jtag=disable
loadaddr=1080000
lock=10001000
netmask=255.255.255.0
osd_reverse=0
otg_device=1
outputmode=1080p60hz
panel_type=lcd_1
preboot=run bcb_cmd; run factory_reset_poweroff_protect;run upgrade_check;run init_display;run storeargs;run upgrade_key;bcb uboot-command;run switch_bootmode;
reboot_mode_android=normal
recovery_from_flash=get_valid_slot;echo active_slot: ${active_slot};if test ${active_slot} = normal; then setenv bootargs ${bootargs} ${fs_type} aml_dt=${aml_dt} recovery_part={recovery_part} recovery_offset={recovery_offset};if imgread kernel ${recovery_part} ${loadaddr} ${recovery_offset}; then wipeisb; bootm ${loadaddr}; fi;else setenv bootargs ${bootargs} ${fs_type} aml_dt=${aml_dt} recovery_part=${boot_part} recovery_offset=${recovery_offset};if imgread kernel ${boot_part} ${loadaddr}; then bootm ${loadaddr}; fi;fi;
recovery_from_sdcard=if fatload mmc 0 ${loadaddr} aml_autoscript; then autoscr ${loadaddr}; fi;if fatload mmc 0 ${loadaddr} recovery.img; then if fatload mmc 0 ${dtb_mem_addr} dtb.img; then echo sd dtb.img loaded; fi;wipeisb; setenv bootargs ${bootargs} ${fs_type};bootm ${loadaddr};fi;
recovery_from_udisk=if fatload usb 0 ${loadaddr} aml_autoscript; then autoscr ${loadaddr}; fi;if fatload usb 0 ${loadaddr} recovery.img; then if fatload usb 0 ${dtb_mem_addr} dtb.img; then echo udisk dtb.img loaded; fi;wipeisb; setenv bootargs ${bootargs} ${fs_type};bootm ${loadaddr};fi;
recovery_offset=0
recovery_part=recovery
sdc_burning=sdc_burn ${sdcburncfg}
sdcburncfg=aml_sdc_burn.ini
sdr2hdr=2
serverip=10.18.9.113
storeargs=setenv bootargs ${initargs} otg_device=${otg_device} reboot_mode_android=${reboot_mode_android} logo=${display_layer},loaded,${fb_addr} vout=${outputmode},enable panel_type=${panel_type} hdmitx=${cecconfig},${colorattribute} hdmimode=${hdmimode} frac_rate_policy=${frac_rate_policy} hdmi_read_edid=${hdmi_read_edid} cvbsmode=${cvbsmode} osd_reverse=${osd_reverse} video_reverse=${video_reverse} irq_check_en=${Irq_check_en}  androidboot.selinux=${EnableSelinux} androidboot.firstboot=${firstboot} jtag=${jtag}; setenv bootargs ${bootargs} androidboot.hardware=amlogic;run cmdline_keys;
storeboot=boot_cooling;get_system_as_root_mode;echo system_mode: ${system_mode};if test ${system_mode} = 1; then setenv bootargs ${bootargs} ro rootwait skip_initramfs;else setenv bootargs ${bootargs} ${fs_type};fi;get_valid_slot;get_avb_mode;echo active_slot: ${active_slot};if test ${active_slot} != normal; then setenv bootargs ${bootargs} androidboot.slot_suffix=${active_slot};fi;if test ${avb2} = 0; then if test ${active_slot} = _a; then setenv bootargs ${bootargs} root=/dev/mmcblk0p23;else if test ${active_slot} = _b; then setenv bootargs ${bootargs} root=/dev/mmcblk0p24;fi;fi;fi;if imgread kernel ${boot_part} ${loadaddr}; then bootm ${loadaddr}; fi;run storeargs; run update;
switch_bootmode=get_rebootmode;if test ${reboot_mode} = factory_reset; then setenv reboot_mode_android normal;run storeargs;run recovery_from_flash;else if test ${reboot_mode} = update; then setenv reboot_mode_android normal;run storeargs;run update;else if test ${reboot_mode} = quiescent; then setenv reboot_mode_android quiescent;run storeargs;setenv bootargs ${bootargs} androidboot.quiescent=1;else if test ${reboot_mode} = recovery_quiescent; then setenv reboot_mode_android quiescent;run storeargs;setenv bootargs ${bootargs} androidboot.quiescent=1;run recovery_from_flash;else if test ${reboot_mode} = cold_boot; then setenv reboot_mode_android normal;run storeargs;else if test ${reboot_mode} = fastboot; then setenv reboot_mode_android normal;run storeargs;fastboot;fi;fi;fi;fi;fi;fi;
try_auto_burn=update 700 750;
update=run usb_burning; run sdc_burning; if mmcinfo; then run recovery_from_sdcard;fi;if usb start 0; then run recovery_from_udisk;fi;run recovery_from_flash;
upgrade_check=echo upgrade_step=${upgrade_step}; if itest ${upgrade_step} == 3; then run init_display; run storeargs; run update;else fi;
upgrade_key=if gpio input GPIOAO_3; then echo detect upgrade key; run update;fi;
upgrade_step=1
usb_burning=update 1000
video_reverse=0
wipe_cache=successful
wipe_data=successful
1080p60hz_deepcolor=444,12bit

 

 

 

 

So, I delete the 1st 4 characters as it turns out this is a checksum and if it isn't right then everything goes back to default values and it's back to square one. Then amended the exsisting variables (bootcmd and upgrade_step) and added the start_* variables. Note each variable has an '=' before the definition and there are no quotes, so not exactly copy and paste from the aml_autoscript file. I also observed that the environment variables were sort of in alphabetical order and thought it cautious to keep it that way and inserted the new variables between the 'serverip' and 'storeargs' variables. Now it was just a case of saving env.txt and converting the file back. As the 4 byte checksum needs to be there, I had to install uboot-tools as only the mkenvimage command can do this and build the env image.

mkenvimage -s 8388608 -p 0x00 -o env.emmc.win env.txt

Check the file with;

cat env.emmc.win | od -tx1

Burn the file back to the /dev/block/env or $(find /dev/block/platform | grep by-name/env) partition. Remember the file is now modded so the original twrp backup checksum won't work. Recreate it with;

md5sum env.emmc.win > env.emmc.win.md5