I have a ubifs system image (https://www.dropbox.com/s/txgye8mu5r3og5y/system.img?dl=0) for a mediatek tablet device and am trying to add and remove some files.
I'm stuck trying to mount/extract files from the image.
Here are the steps I have tried so far on Debian Jessie with kernel 4.1.0-0.bpo.2-amd64
:
I tried: https://github.com/jrspruitt/ubi_reader
$ ubireader_display_info ./system.img
UBI File
---------------------
Min I/O: 16384
LEB Size: 4161536
PEB Size: 4194304
Total Block Count: 122
Data Block Count: 120
Layout Block Count: 2
Internal Volume Block Count: 0
Unknown Block Count: 0
First UBI PEB Number: 0
Image: 1101756791
---------------------
Image Sequence Num: 1101756791
Volume Name:system
PEB Range: 0 - 121
Volume: system
---------------------
Vol ID: 0
Name: system
Block Count: 120
Volume Record
---------------------
alignment: 1
crc: 3336263623
data_pad: 0
errors:
flags: autoresize
name: system
name_len: 6
padding:
rec_index: 0
reserved_pebs: 248
upd_marker: 0
vol_type: dynamic
But when I try and extract files using ubireader_extract_files I get the correct number of files but the resulting files are garbage.
Next I dismantled the tablet to work out what nand flash it was using to try and use nandsim following this post:
to emulate the nand and found out it was using SanDisk SDTNRGAMA 64G 3.3V 8-bit which has id bytes of 0x45,0xde,0x94,0x93,0x76,0x50
- from the following post:
http://lists.infradead.org/pipermail/linux-mtd/2014-January/051330.html
Running the following causes a segfault - on earlier kernels the id_bytes option is not recognized:
`modprobe nandsim id_bytes=0x45,0xde,0x94,0x93,0x76,0x50 cache_file=./test.img`
which gives the following segfault:
[ 142.734637] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0
[ 142.734637] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0
[ 142.734640] nand: device found, Manufacturer ID: 0x45, Chip ID: 0xde
[ 142.734641] nand: SanDisk SDTNRGAMA 64G 3.3V 8-bit
[ 142.734644] nand: 8192 MiB, MLC, erase size: 4096 KiB, page size: 16384, OOB size: 1280
[ 142.734650] nand: No oob scheme defined for oobsize 1280
[ 142.734672] ------------[ cut here ]------------
[ 142.734674] kernel BUG at /build/linux-PoJsUp/linux-4.1.6/drivers/mtd/nand/nand_base.c:3952!
[ 142.734677] invalid opcode: 0000 [#1] SMP
[ 142.734680] Modules linked in: nandsim(+) nand nand_ecc nand_bch bch nand_ids mtd cfg80211 rfkill joydev nfsd auth_rpcgss oid_registry nfs_acl nfs lockd grace fscache sunrpc iosf_mbi coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel hid_generic aes_x86_64 lrw irda gf128mul glue_helper psmouse vmw_balloon crc_ccitt ablk_helper serio_raw vmw_vmci cryptd battery pcspkr 8250_fintek acpi_cpufreq processor thermal_sys ac shpchp evdev i2c_piix4 fuse parport_pc ppdev lp parport autofs4 usbhid hid ext4 crc16 mbcache jbd2 sr_mod cdrom ata_generic sg sd_mod crc32c_intel ata_piix uhci_hcd ehci_pci ehci_hcd usbcore e1000 usb_common button libata vmwgfx ttm mptspi scsi_transport_spi mptscsih drm_kms_helper mptbase scsi_mod drm
[ 142.734731] CPU: 0 PID: 1235 Comm: modprobe Not tainted 4.1.0-0.bpo.2-amd64 #1 Debian 4.1.6-1~bpo8+1
[ 142.734733] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 09/20/2012
[ 142.734735] task: ffff88007aaf54f0 ti: ffff880079134000 task.ti: ffff880079134000
[ 142.734737] RIP: 0010:[<ffffffffa05d5ff0>] [<ffffffffa05d5ff0>] nand_scan_tail+0xa40/0xac0 [nand]
[ 142.734743] RSP: 0018:ffff880079137c58 EFLAGS: 00010296
[ 142.734745] RAX: 000000000000002c RBX: ffff880077093450 RCX: 0000000000000006
[ 142.734746] RDX: 000000000000002c RSI: 0000000000000246 RDI: ffff88007f60ea10
[ 142.734748] RBP: ffff880077093000 R08: 00000000000094d8 R09: 00000000000044aa
[ 142.734750] R10: 0000000000000086 R11: 20726f662064656e R12: ffff880077093860
[ 142.734751] R13: 0000000000000000 R14: ffffffffa05ec200 R15: ffff88007b67ad40
[ 142.734754] FS: 00007fe945772700(0000) GS:ffff88007f600000(0000) knlGS:0000000000000000
[ 142.734756] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 142.734757] CR2: 00007f57a6920040 CR3: 00000000790fa000 CR4: 00000000000406f0
[ 142.734870] Stack:
[ 142.734873] 0000000000000000 0000000000000000 ffff880077093000 ffffffffa05ef54a
[ 142.734877] 0000000000000000 0000000000000018 ffff880079137cd8 ffff880079137c98
[ 142.734879] 0000000000000000 ffffffff81814080 ffff880077211760 ffffffffa05ef000
[ 142.734882] Call Trace:
[ 142.734889] [<ffffffffa05ef54a>] ? ns_init_module+0x54a/0x1000 [nandsim]
[ 142.734896] [<ffffffffa05ef000>] ? 0xffffffffa05ef000
[ 142.734902] [<ffffffff81002148>] ? do_one_initcall+0xd8/0x210
[ 142.734907] [<ffffffff815723c1>] ? do_init_module+0x5a/0x1c2
[ 142.734912] [<ffffffff810f2316>] ? load_module+0x2026/0x24e0
[ 142.734915] [<ffffffff810ede60>] ? store_uevent+0x40/0x40
[ 142.734919] [<ffffffff810ee9d5>] ? copy_module_from_fd.isra.45+0xb5/0x140
[ 142.734923] [<ffffffff810f299d>] ? SyS_finit_module+0x7d/0xa0
[ 142.734928] [<ffffffff815792b2>] ? system_call_fast_compare_end+0xc/0x6b
[ 142.734930] Code: 00 00 30 10 5d a0 e9 f8 f6 ff ff 48 c7 83 88 03 00 00 30 19 5d a0 e9 3c f7 ff ff 89 c6 48 c7 c7 b8 9c 5d a0 31 c0 e8 33 c2 f9 e0 <0f> 0b 48 c7 83 40 03 00 00 40 bb 5d a0 e9 14 f6 ff ff 48 c7 83
[ 142.734959] RIP [<ffffffffa05d5ff0>] nand_scan_tail+0xa40/0xac0 [nand]
[ 142.734964] RSP <ffff880079137c58>
[ 142.734975] ---[ end trace 0270ba33a10a2b05 ]---
So, in short - I need help. I'm not massively familiar with ubi/ubifs
method and cannot find any sane well written guides which show you have to mount/extract files from an existing image.
Update: su is installed on the tablet, and I set selinux to permissive mode:
adb shell su -c setenforce 0
from: https://source.android.com/devices/tech/security/selinux/validate.html
Update 03Oct15:
Ran the mdtinfo -a
on the tablet and got the following result:
mtd16
Name: system
Type: nand
Eraseblock size: 4194304 bytes, 4.0 MiB
Amount of eraseblocks: 256 (1073741824 bytes, 1024.0 MiB)
Minimum input/output unit size: 16384 bytes
Sub-page size: 16384 bytes
OOB size: 1280 bytes
Character device major/minor: 90:32
Bad blocks are allowed: true
Device is writable: true
Using the information above I tried to create a blank ubifs image on my pc, I get the error that the LEB is too large! Looks like I have a limit of 2MiB on the LEB size!
$ mkfs.ubifs -m 16384 -e 4MiB -c 256 -o ./image.img
Error: too large LEB size 4194304