wiki:Android/HTC/ExploreRomImagesOnPc

Explore ROM Images on PC

For the complete list of my articles on Android devices and software, including analysis of devices and system firmware, lists of external resources and tools, and How-To instructions, check the front page of this wiki under the Android heading

For those without access to a device or wanting to explore a ROM Update Utility (RUU) image without deploying it to a device it is helpful to mount its contents (the .img files) locally on a GNU/Linux PC. Only a few of the image files are file-systems that Linux can mount in this way. Because things change it is best to use the file command to determine what file system is contained in each image:

file *.img

boot.img:             data
radio.img:            data
rcdata.img:           ASCII text
recovery.img:         data
system.img:           Linux rev 1.0 ext3 filesystem data, UUID=00000000-0000-0000-0000-000000000000 (large files)
tp_atmel224_20aa.img: ASCII text, with very long lines
tp_atmelc12_20aa.img: ASCII text, with very long lines
userdata.img:         Linux rev 1.0 ext3 filesystem data, UUID=39608a1e-155a-4129-8c71-be6d7e00019c (large files)

More interestingly, dumps of the raw partitions of the device's flash ROM can be explored more easily.

EXT File-Systems

Mounting

Create a directory to mount the file-system at then mount it via a loop device:

mkdir -p mnt/system
sudo mount -o loop,ro,norelatime system.img mnt/system

The same can be done for the userdata.img but as it is usually completely empty there isn't much to be gained.

Working with the Image

The file-system can now be explored. Here is a search for any binaries with the setuid or setgid permissions bit set:

find mnt/system -type f \( -perm -4000 -o -perm 2000  \) -exec ls -l {} \;

-rwsr-s--- 1 root 2000 76144 2010-09-15 09:42 mnt/system/bin/run-as

Unmounting

Ensure there are no shell processes or other processes with files open or with their current directory inside the mounted file-system, then:

sudo umount mnt/system

Yet Another Flash File System (YAFFS)

 YAFFS is a NAND-specific flash-device file system.

It is possible to mount YAF file-systems on a development PC provided the Linux kernel has been built with support for the yaffs2 device, or a loadable module has been built. As at late 2010 the yaffs2 is not part of the Linux main-line so in most cases developers and users need to build it themselves.

TODO: add instructions on building and using a yaffs module.