GTI9300PARAM » History » Revision 2
Revision 1 (Denis 'GNUtoo' Carikli, 08/30/2020 03:43 PM) → Revision 2/19 (Denis 'GNUtoo' Carikli, 08/30/2020 03:46 PM)
h1. GTI9300PARAM
You can dump the PARAM partition for the Galaxy SIII (GT-I9300) like that:
<pre>
adb pull /dev/block/platform/dw_mmc/by-name/PARAM PARAM.img
</pre>
That file at first looks like a tar archive.
<pre>
$ file PARAM.img
PARAM.img: POSIX tar archive (GNU)
</pre>
And it indeed does contain a tarball:
<pre>
$ tar tvf PARAM.img
-rw-r--r-- se.infra/se.infra 3624 2013-11-28 13:33 adv-env.img
-rw-r--r-- se.infra/se.infra 42023 2013-11-28 13:33 ani_upload_1_kernel_panic.jpg
-rw-r--r-- se.infra/se.infra 39255 2013-11-28 13:33 ani_upload_2_cp_crash.jpg
-rw-r--r-- se.infra/se.infra 47443 2013-11-28 13:33 ani_upload_3_forced_upload.jpg
-rw-r--r-- se.infra/se.infra 10810 2013-11-28 13:33 ani_upload_4_hardware_reset.jpg
-rw-r--r-- se.infra/se.infra 11586 2013-11-28 13:33 ani_upload_4_smpl.jpg
-rw-r--r-- se.infra/se.infra 54151 2013-11-28 13:33 ani_upload_4_unknown_reset.jpg
-rw-r--r-- se.infra/se.infra 11495 2013-11-28 13:33 ani_upload_4_watchdog_reset.jpg
-rw-r--r-- se.infra/se.infra 12276 2013-11-28 13:33 ani_upload_4_wtsr.jpg
-rw-r--r-- se.infra/se.infra 9703 2013-11-28 13:33 ani_upload_4_wtsr_smpl.jpg
-rw-r--r-- se.infra/se.infra 12711 2013-11-28 13:33 ani_upload_5_user_fault.jpg
-rw-r--r-- se.infra/se.infra 19098 2013-11-28 13:33 ani_upload_6_hsic_disconnected.jpg
-rw-r--r-- se.infra/se.infra 84123 2013-11-28 13:33 download_error.jpg
-rw-r--r-- se.infra/se.infra 73061 2013-11-28 13:33 download.jpg
-rw-r--r-- se.infra/se.infra 64410 2013-11-28 13:33 logo.jpg
-rw-r--r-- se.infra/se.infra 37205 2013-11-28 13:33 lpm.jpg
-rw-r--r-- se.infra/se.infra 36572 2013-11-28 13:33 lpm_wireless.jpg
-rw-r--r-- se.infra/se.infra 91511 2013-11-28 13:33 secure_error.jpg
-rwxr-xr-x se.infra/se.infra 5851 2013-11-28 13:33 sud_0.jpg
-rwxr-xr-x se.infra/se.infra 2713 2013-11-28 13:33 sud_1.jpg
-rwxr-xr-x se.infra/se.infra 5634 2013-11-28 13:33 sud_2.jpg
-rwxr-xr-x se.infra/se.infra 6292 2013-11-28 13:33 sud_3.jpg
-rwxr-xr-x se.infra/se.infra 4604 2013-11-28 13:33 sud_4.jpg
-rwxr-xr-x se.infra/se.infra 5706 2013-11-28 13:33 sud_5.jpg
-rwxr-xr-x se.infra/se.infra 6792 2013-11-28 13:33 sud_6.jpg
-rwxr-xr-x se.infra/se.infra 3885 2013-11-28 13:33 sud_7.jpg
-rwxr-xr-x se.infra/se.infra 6826 2013-11-28 13:33 sud_8.jpg
-rwxr-xr-x se.infra/se.infra 6528 2013-11-28 13:33 sud_9.jpg
-rw-r--r-- se.infra/se.infra 168616 2013-11-28 13:33 warning.jpg
</pre>
The size of the PARAM.img file is exactly 8MiB:
<pre>
$ ls -lah PARAM.img
[...] 8.0M [...] PARAM.img
$ ls -la PARAM.img
[...] 8388608 [...] PARAM.img
</pre>
And we can get the size of the tarball with --totals:
<pre>
$ man tar
[...]
--totals[=SIGNAL]
Print total bytes after processing the archive. [...]
</pre>
For example:
<pre>
$ tar --totals -tf PARAM.img
adv-env.img
[many files]
warning.jpg
Total bytes read: 911360 (890KiB, 286MiB/s)
</pre>
So here the tarball terminates way beyond the end.
911360 is 0xde800:
<pre>
$ python
[...]
>>> hex(911360)
'0xde800'
</pre>
But we still have things after the tarball:
<pre>
$ hexdump -C PARAM.img
000dd4a0 05 00 14 00 50 07 ff d9 00 00 00 00 00 00 00 00 |....P...........|
000dd4b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00700000 03 00 fe ca 00 01 00 00 00 00 00 00 00 00 00 00 |................|
00700010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00700200 00 00 00 00 03 00 00 00 4c 4f 00 00 00 00 00 00 |........LO......|
00700210 00 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00 |................|
00700220 00 00 00 00 00 00 00 00 63 6f 6e 73 6f 6c 65 3d |........console=|
00700230 72 61 6d 20 6c 6f 67 6c 65 76 65 6c 3d 34 00 00 |ram loglevel=4..|
00700240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00700e20 00 00 00 00 00 00 00 00 ff ff ff ff ff ef 7f ff |................|
00700e30 ff ff f7 ff ff ff f7 ff ff fe ff ff ff ff 7f ff |................|
00700e40 fb ef ff ff ff fb ff df ff ff ff ff ff ff ff ff |................|
00700e50 df bf ff ff 7f ef f7 ff f7 ff ff ff ff fe ff ff |................|
00700e60 ff ff ff ff ef fb ff ef ff fb ff ff fd ff f7 ef |................|
00700e70 ff ff ff ff f5 ff ff ff ff ff ff ff ff ff ff ff |................|
00700e80 ff ff ff fe ff ef ff ff ff bf fd ff ff ff ff ff |................|
00700e90 ff ff ff ff ff ff f7 fb ff ff ff eb ff ff ff eb |................|
00700ea0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fb |................|
00700eb0 ff ff ff ff ff ff ff ff ff ff ff df ff ff ff ff |................|
00700ec0 ff ff ff ff ff ff f7 ff ff ff ff ff ff ff ff ff |................|
00700ed0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fb |................|
00700ee0 df ff ff ff ff ff ff ff ff ff ff ff ff ff d7 ff |................|
00700ef0 ff ff ff af ff ff ff fe ff ff ff ff ff ff ff ff |................|
00700f00 ff ef ff ff ff 7f ff ff ff df ff ff f7 ff ff ff |................|
00700f10 ff ff ff ff ff ff ff ff ff ff ff ef ff ff f7 ff |................|
00700f20 ff ff ff ff ff ff ff ff ff fe ef ff ff ef fb df |................|
00700f30 ff ff ff ff ff fb ff ff ff ff ff ff ff ff ff ff |................|
00700f40 ff ff f5 ff ff ff ff fb ff ff ff ff ff ff ff ff |................|
00700f50 fb ff ff fb fd ff ff ff ff ff ff ff ff ff ff ff |................|
00700f60 f7 ff ff ef f7 ff ff ef ff ff ff ff ff 9e ff fd |................|
00700f70 ff ff ff ff fb ff ff de f3 fb ff ff ff ef df ff |................|
00700f80 ff ff ff ff ff fb ff bf ff ff ff ff ff ff ff fd |................|
00700f90 ff fe f7 fe ff eb ff ff ff fb ff ff df ff ff ff |................|
00700fa0 df ff ff ff ff ff ff ff ff ff fb ff ff ff ff fb |................|
00700fb0 ff ff ff df ff ff ff ff fe fe fe ff ff f7 ff ff |................|
00700fc0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fb |................|
00700fd0 fd ff ff ff ff fd ff ff ff ff ff ff fe ff ff ff |................|
00700fe0 ff ff df ff ff ff ff fb ff ff ff ff ff ff ff ff |................|
00700ff0 ff f7 df ff ff ff ff ff ff ff ff ff ff ff ff ff |................|
00701000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
007ffc00 d4 ad 55 ff 52 e9 ed 4c f8 d1 9c 08 79 b6 e9 6c |..U.R..L....y..l|
007ffc10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00800000
</pre>
Questions:
* Can we ignore what is after the tarball and grow it to 8MiB?
* Does what's after contains encrypted data for the bootloader?
h2. adv_env.img
Here's the content of the adv-env.img file:
<pre>
$ hexdump -C adv-env.img
00000000 03 00 fe ca 00 01 00 00 00 00 00 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000200 04 00 00 00 01 00 00 00 4c 4f 00 00 00 00 00 00 |........LO......|
00000210 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000220 00 00 00 00 00 00 00 00 63 6f 6e 73 6f 6c 65 3d |........console=|
00000230 72 61 6d 20 6c 6f 67 6c 65 76 65 6c 3d 34 00 00 |ram loglevel=4..|
00000240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000e20 00 00 00 00 00 00 00 00 |........|
00000e28
</pre>
Questions:
* Why are the kernel parameters repeated again after the end of the tarball?
* Where are the updated kernel parameters stored?
* Are the default and in-use kernel parameters stored at different location?