ROM flashing using redbend_ua

[EDIT: Fixed a major problem in the script which prevented rebooting]

a few days have passed, and its time for a little update. a major advance has been made regarding ROM flashing in linux, more particularly with redbend_ua usage.

so we learned that Samsung uses a proprietary tool named redbend_ua to flash the nand partitions (bml1..bml12). here is the partitions list taken from here:

bml1     256 KB     contain boot.bin (262144 bytes), Primary Boot Loader (low-level hardware initialization)
bml2     256 KB     contains PIT file first 512 bytes
bml3     10240 KB     /dev/block/stl3 /efs
bml4     1280 KB     contain Sbl.bin (1310720 bytes) Secondary Boot Loader (loads the Linux kernel and passes the necessary arguments)
bml5     1280 KB     contains Secondary Boot Loader (for recovery, ect)
bml6     5120 KB     param.lfs /mnt/.lfs j4fs
bml7     7680 KB     contain zImage and initramfs
bml8     7680 KB     empty
bml9     293376 KB     factoryfs.rfs ( /system RFS Partition) /dev/block/stl9
bml10     137216 KB     dbdata.rfs ( /dbdata RFS Partition) /dev/block/stl10
bml11     35840 KB     cache.rfs ( /cache RFS Partition) /dev/block/stl11
bml12     12800 KB     modem.bin

a few remarks:

  • we can ignore the pit file which does NOT contain a new partition-table layout. it contains only the partition list (without sizes) – parition id, partition name, partition dump filename
  • i got confirmation that dbdata.rfs & cache.rfs can be ignored on ROM update as they only contain 3rd party applications and data.
  • we can dump the partitions using dd, and flash back using redbend_ua

so now we can see we have 6 partitions to flash: bml1, bml4, bml6, bml7, bml9, bml12. you can look at the above table to see their corresponding data file and functionality.

so, i thought about adopting update.zip file, and here is what i think could be a viable ROM updater-script:

WARNING: USING THIS CODE AS-IS WILL BRICK YOUR PHONE!

# updater-script for ROM flash
# work-in-progress, (c) z4ziggy aka Elia Yehuda
# License : BSD

ui_print("--[ ROM Flasher");

# mount the sdcard
ui_print("--[ Mounting sdcard");
mount("vfat", "/dev/block/mmcblk1", "/sdcard/sd");

# extract needed files in ramdisk
ui_print("--[ Extracting files");
package_extract_file("redbend_ua", "redbend_ua");
set_perm(0, 0, 0755, "redbend_ua");

# formatting dbdata & cache
# is that needed? (to prevent old cache/dbdata problems)
ui_print("--[ Formatting");
format("MTD", "dbdata");
format("MTD", "cache");

# disable reboot since redbend_ua reboots after each run
# the following actually changes permissions to toolbox...
#set_perm(0, 0, 0644, "/sbin/reboot");
delete("/sbin/reboot");

# running the flash operation
ui_print("--[ Flashing partitions");
run_program("redbend_ua", "restore", "/sdcard/sd/boot.bin", "/dev/block/bml1");
run_program("redbend_ua", "restore", "/sdcard/sd/Sbl.bin", "/dev/block/bml4");
run_program("redbend_ua", "restore", "/sdcard/sd/param.lfs", "/dev/block/bml6");
run_program("redbend_ua", "restore", "/sdcard/sd/zImage", "/dev/block/bml7");
run_program("redbend_ua", "restore", "/sdcard/sd/factoryfs.rfs", "/dev/block/bml9");
run_program("redbend_ua", "restore", "/sdcard/sd/modem.bin", "/dev/block/bml12");

# reboot
unmount("/sdcard/sd");
#set_perm(0, 0, 0755, "/sbin/reboot");
symlink("/sbin/toolbox", "/sbin/reboot");
run_program("reboot", "now");

Advertisements

5 Comments

  1. This script will brick your phone. Completely.

    I suspect that the issue is one of either the Primary or Secondary bootloader flash that killed my phone. “Tested” on a Samsung Epic.

    1. The big-red-letters didn’t convince you?

      Those scripts I’ve posted in the past are mostly untested methods, just to provide the basic details. And as stated in all of them – they are not to be used as-is.

      Sorry for your phone though. I hope you’ll recover asap…

      1. I’ll recover fine and will be smarter now. But “NOT TESTED” means something different to me than “WILL BRICK YOUR PHONE”.

        Not complaining in any way, just wanted to share experience so others don’t try this same dark alley.

      2. You are 100% correct and I am terribly sorry for the inconvenience. I changed to “WILL BRICK YOUR PHONE” on the post to ‘save’ others 😉

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s