Hacking RAM disks_综合

To boot Linux, you only need two things:

The Linux kernel itself, and
A root filesystem with an init program of some sort.

As any book about embedded Linux will tell you, the init process will typically configure devices, launch other programs and generally set up what you think of as the Linux environment.

Many O/S distributions, including Android, use a small RAM disk as the initial root filesystem and theinit program will enumerate the devices and typically mount other filesystems.

In previous kernel versions, the RAM disks were typically ext2 filesystems, but the current convention is to use the initramfs file format, which is essentially a cpio archive.

To speed the boot, the cpio archive is typically gzipped and when used with the U-Boot boot loader, wrapped with a U-Boot header containing a CRC by the mkimage tool.

In the course of working with an O/S that uses a RAM disk, you will often want to extract the content at least to examine it. You may also want to modify some of the contents and re-create it, but you can’t do this directly.

In this post, I’ll walk through the process of doing just that.

I’ll use the file uramdisk.img from the SD card tree of the images provided in the Freescale Android release R13.4-Beta release.release.

If you run file on the image, you’ll see it reported as a PPC/U-Boot image file:

 
        ? 
       
             ~/$file uramdisk.img 
            
             uramdisk.img: u-boot/PPCBootimage

That’s because mkimage adds 64 bytes of header. We can use dd to strip it like so:

 
        ? 
       
             ~$dd bs=1 skip=64if=uramdisk.img of=uramdisk-no-header.img 
            
             167778+0 recordsin 
            
             167778+0 records out 
            
             167778 bytes (168 kB) copied, 0.91557 s, 183 kB/s 
            
             ~$ls -l uramdisk* 
            
             -rw-r--r-- 1 ericn ericn   167842 2012-09-07 12:21 uramdisk.img 
            
             -rw-r--r-- 1 ericn gitosis 167778 2012-09-07 12:25 uramdisk-no-header.img 
            
             ~$file uramdisk-no-header.img 
            
             uramdisk-no-header.img:gzipcompressed data, from Unix

As you can see, after stripping the 64-byte header, file identifies the image as a gzipped data.

If we unzip it, we’ll see that it’s a cpio archive and we can list its content:

~$ zcat uramdisk-no-header.img > uramdisk-uncompressed.img ~$ file uramdisk-uncompressed.img uramdisk-uncompressed.img: ASCII cpio archive (SVR4 with no CRC) ~$ cpio -t < uramdisk-uncompressed.img data default.prop dev init init.freescale.rc init.freescale.usb.rc init.goldfish.rc init.rc proc sbin sbin/adbd sbin/ueventd sys system ueventd.freescale.rc ueventd.goldfish.rc ueventd.rc 551 blocks

You can extract them like so:

~$ mkdir myramdisk bash: ../uramdisk-uncompressed.img: No such file or directory ~$ cd myramdisk/ ~/myramdisk$ sudo cpio -i --no-absolute-filenames < ../uramdisk-uncompressed.img 551 blocks ~/myramdisk$ ls data init.freescale.rc proc ueventd.freescale.rc default.prop init.freescale.usb.rc sbin ueventd.goldfish.rc dev init.goldfish.rc sys ueventd.rc init init.rc system ~/myramdisk$ tail default.prop # # ADDITIONAL_DEFAULT_PROPERTIES # ro.secure=1 ro.allow.mock.location=0 ro.debuggable=0 persist.sys.usb.config=mtp

Also note that I tailed the file default.prop, which is a file you might want to hack in an Android image. In particular, ro.secure and ro.debuggable are two properties that you might want to set differently when you're working with an Android image.

If you edit that file, you can re-create the RAM disk using these steps:

~/myramdisk$ shopt -s dotglob ~/myramdisk$ sudo find . | sudo cpio -H newc -o | gzip > ../uramdisk.cpio.gz 551 blocks ~/myramdisk$ mkimage -A arm -O linux -T ramdisk -n "Initial Ram Disk" \-d ../uramdisk.cpio.gz ../uramdisk.img.new Image Name: Initial Ram Disk Created: Fri Sep 7 12:47:00 2012 Image Type: ARM Linux RAMDisk Image (gzip compressed) Data Size: 169051 Bytes = 165.09 kB = 0.16 MB Load Address: 0x00000000 Entry Point: 0x00000000

The second command-line above is a little hairy, with a four-stage pipeline that lists all files(including those beginning with dot because of the preceding shopt) and hands them off to cpio. Note that the -H newc is needed for historical reasons. Since cpio sends its output to stdout, we pipe that to gzip and the gzipped output to a new file named uramdisk.cpio.gz.

The last command is the mkimage U-Boot tool, which adds the 64-byte U-Boot header back onto the output.

I hoped this quick note helps you understand the basics of a RAM disk. We'll likely make use of this in future posts, and want it around for reference.

===========划分boot。img为内核，和文件系统的脚本============================================================

#!/usr/bin/perl ###################################################################### # # File : split_bootimg.pl # Author(s) : William Enck <enck@cse.psu.edu> # Description : Split appart an Android boot image created # with mkbootimg. The format can be found in # android-src/system/core/mkbootimg/bootimg.h # # Thanks to alansj on xda-developers.com for # identifying the format in bootimg.h and # describing initial instructions for splitting # the boot.img file. # # Last Modified : Tue Dec 2 23:36:25 EST 2008 # By : William Enck <enck@cse.psu.edu> # # Copyright (c) 2008 The Pennsylvania State University # Systems and Internet Infrastructure Security Laboratory # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ######################################################################use strict; use warnings;# Turn on print flushing $|++;###################################################################### ## Global Variables and Constantsmy $SCRIPT = __FILE__; my $IMAGE_FN = undef;# Constants (from bootimg.h) use constant BOOT_MAGIC => 'ANDROID!'; use constant BOOT_MAGIC_SIZE => 8; use constant BOOT_NAME_SIZE => 16; use constant BOOT_ARGS_SIZE => 512;# Unsigned integers are 4 bytes use constant UNSIGNED_SIZE => 4;# Parsed Values my $PAGE_SIZE = undef; my $KERNEL_SIZE = undef; my $RAMDISK_SIZE = undef; my $SECOND_SIZE = undef;###################################################################### ## Main Code&parse_cmdline(); &parse_header($IMAGE_FN);=format (from bootimg.h) ** +-----------------+ ** | boot header | 1 page ** +-----------------+ ** | kernel | n pages ** +-----------------+ ** | ramdisk | m pages ** +-----------------+ ** | second stage | o pages ** +-----------------+ ** ** n = (kernel_size + page_size - 1) / page_size ** m = (ramdisk_size + page_size - 1) / page_size ** o = (second_size + page_size - 1) / page_size =cutmy $n = int(($KERNEL_SIZE + $PAGE_SIZE - 1) / $PAGE_SIZE); my $m = int(($RAMDISK_SIZE + $PAGE_SIZE - 1) / $PAGE_SIZE); my $o = int(($SECOND_SIZE + $PAGE_SIZE - 1) / $PAGE_SIZE);my $k_offset = $PAGE_SIZE; my $r_offset = $k_offset + ($n * $PAGE_SIZE); my $s_offset = $r_offset + ($m * $PAGE_SIZE);(my $base = $IMAGE_FN) =~ s/.*\/(.*)$/$1/; my $k_file = $base . "-kernel"; my $r_file = $base . "-ramdisk.gz"; my $s_file = $base . "-second.gz";# The kernel is always there print "Writing $k_file ..."; &dump_file($IMAGE_FN, $k_file, $k_offset, $KERNEL_SIZE); print " complete.\n";# The ramdisk is always there print "Writing $r_file ..."; &dump_file($IMAGE_FN, $r_file, $r_offset, $RAMDISK_SIZE); print " complete.\n";# The Second stage bootloader is optional unless ($SECOND_SIZE == 0) {print "Writing $s_file ...";&dump_file($IMAGE_FN, $s_file, $s_offset, $SECOND_SIZE);print " complete.\n"; }###################################################################### ## Supporting Subroutines=header_format (from bootimg.h) struct boot_img_hdr {unsigned char magic[BOOT_MAGIC_SIZE];unsigned kernel_size; /* size in bytes */unsigned kernel_addr; /* physical load addr */unsigned ramdisk_size; /* size in bytes */unsigned ramdisk_addr; /* physical load addr */unsigned second_size; /* size in bytes */unsigned second_addr; /* physical load addr */unsigned tags_addr; /* physical addr for kernel tags */unsigned page_size; /* flash page size we assume */unsigned unused[2]; /* future expansion: should be 0 */unsigned char name[BOOT_NAME_SIZE]; /* asciiz product name */unsigned char cmdline[BOOT_ARGS_SIZE];unsigned id[8]; /* timestamp / checksum / sha1 / etc */ }; =cut sub parse_header {my ($fn) = @_;my $buf = undef;open INF, $fn or die "Could not open $fn: $!\n";binmode INF;# Read the Magicread(INF, $buf, BOOT_MAGIC_SIZE);unless ($buf eq BOOT_MAGIC) {die "Android Magic not found in $fn. Giving up.\n";}# Read kernel size and address (assume little-endian)read(INF, $buf, UNSIGNED_SIZE * 2);my ($k_size, $k_addr) = unpack("VV", $buf);# Read ramdisk size and address (assume little-endian)read(INF, $buf, UNSIGNED_SIZE * 2);my ($r_size, $r_addr) = unpack("VV", $buf);# Read second size and address (assume little-endian)read(INF, $buf, UNSIGNED_SIZE * 2);my ($s_size, $s_addr) = unpack("VV", $buf);# Ignore tags_addrread(INF, $buf, UNSIGNED_SIZE);# get the page size (assume little-endian)read(INF, $buf, UNSIGNED_SIZE);my ($p_size) = unpack("V", $buf);# Ignore unusedread(INF, $buf, UNSIGNED_SIZE * 2);# Read the name (board name)read(INF, $buf, BOOT_NAME_SIZE);my $name = $buf;# Read the command lineread(INF, $buf, BOOT_ARGS_SIZE);my $cmdline = $buf;# Ignore the idread(INF, $buf, UNSIGNED_SIZE * 8);# Close the fileclose INF;# Print important valuesprintf "Page size: %d (0x%08x)\n", $p_size, $p_size;printf "Kernel size: %d (0x%08x)\n", $k_size, $k_size;printf "Ramdisk size: %d (0x%08x)\n", $r_size, $r_size;printf "Second size: %d (0x%08x)\n", $s_size, $s_size;printf "Board name: $name\n";printf "Command line: $cmdline\n";# Save the values$PAGE_SIZE = $p_size;$KERNEL_SIZE = $k_size;$RAMDISK_SIZE = $r_size;$SECOND_SIZE = $s_size; }sub dump_file {my ($infn, $outfn, $offset, $size) = @_;my $buf = undef;open INF, $infn or die "Could not open $infn: $!\n";open OUTF, ">$outfn" or die "Could not open $outfn: $!\n";binmode INF;binmode OUTF;seek(INF, $offset, 0) or die "Could not seek in $infn: $!\n";read(INF, $buf, $size) or die "Could not read $infn: $!\n";print OUTF $buf or die "Could not write $outfn: $!\n";close INF;close OUTF; }###################################################################### ## Configuration Subroutinessub parse_cmdline {unless ($#ARGV == 0) {die "Usage: $SCRIPT boot.img\n";}$IMAGE_FN = $ARGV[0]; }

------------------------------------- extract_initramfs -------------------------------------------------------使用方法：../extract_initramfs ur uramdisk.img temp ----------

#!/bin/sh
if [ $# -ne 2 ]; thenecho "Usage: $0 inFile outDir"exit -1 ;
fi
echo "input file: $1"
echo "output dir: $2"
if ! [ -f $1 ]; thenecho "$1 not found"exit -1 ;
fi
if [ -e $2 ]; thenecho "$2 exists" ;exit -1 ;
fiinfile="$1"
tmpfile=tmp_tempfile
dd bs=1 skip=64 if=$infile of=uramdisk-no-header.img
zcat uramdisk-no-header.img > uramdisk-uncompressed.img
file uramdisk-uncompressed.img
cpio -t < uramdisk-uncompressed.img
mkdir -p $2cd $2
sudo cpio -i --no-absolute-filenames < ../uramdisk-uncompressed.imgecho "contents of $infile copied to $2"
#rm -rf $tmpfile*

----------------------------------make_initramfs ------使用方法：./make_initramfs --------------- sudo ./make_initramfs temp/ ur.dd-----------------------------------------------

#!/bin/sh
if [ $# -ne 2 ]; thenecho "Usage: $0 inDir outFile"exit -1 ;
fi
echo "input dir: $1"
echo "output file: $2"
if ! [ -d $1 ]; thenecho "missing or invalid directory $1"exit -1 ;
fi
if [ -e $2 ]; thenecho "$2 exists" ;exit -1 ;
fi
touch $2 ;
outfile=$2
echo "output to $outfile"
origdir=`pwd`
cd $1sudo find . | sudo cpio -H newc -o | gzip > ../$outfile.gz
cd $origdir
mkimage -A arm -O linux -T ramdisk -n "Initial Ram Disk" -d $outfile.gz $outfile
rm -f $outfile.gz
echo "$outfile created"