提取OnePlus官方系统镜像文件修复受损分区
一个小失误导致手里的OnePlus7Pro设备Boot分区A意外清空,开机后反复进入FastBoot模式;尝试切换到分区B后,惊喜的发现可以正常开机引导系统,但是卡在第二屏系统加载界面,考虑到数据没有备份,不能刷机重置。下面记录无损修复因为Boot分区损坏无法引导进入系统的解决办法。
解包
下载官方全量系统升级包,将从其中提取Boot分区的官方镜像文件来进行修复引导。和从前的刷机包直接解压就可以获得boot.img
镜像文件不同,一加团队将镜像文件全部封装入payload.bin
文件,并加入了安全文件进行验证,以确保系统的安全性。
正所谓前人栽树,后人乘凉,大神已经写好了dumper工具,免去一番折腾!(请使用Python3.x版本)
https://gist.github.com/ius/42bd02a5df2226633a342ab7a9c60f15
将payload.bin
文件与payloadDumper
工具放在同一个目录内,执行即可解包。
pip install protobuf
python payload_dumper.py payload.bin
刷入
进入FastBoot模式,确保FastBoot驱动安装正常并连接上电脑。
将提取到的boot.img
镜像文件拷贝到FastBoot工具目录内,执行命令即可。
tool > fastboot flash boot boot.img
Sending "boot_b" (98304 KB) OKAY [ 2.164s]
Writing "boot_b" OKAY [ 0.394s]
Finished. Total time: 2.590s
切换
之前手动切换到了分区B进行尝试,此时分区A没有正常刷入时无法切回,而FastBoot工具默认刷写激活分区。也就是说刚刚刷入的还是分区B,需要指定分区进行刷写。
tool > fastboot flash boot_a boot.img
Sending "boot_a" (98304 KB) OKAY [ 2.128s]
Writing "boot_a" OKAY [ 0.542s]
Finished. Total time: 2.697s
刷写后别着急重启设备,还需要切回分区A进行正常引导。
tool > fastboot set_active a
Setting current slot to "a" OKAY [ 0.062s]
Finished. Total time: 0.072s
payload_dumper.py
#!/usr/bin/env python
import struct
import hashlib
import bz2
import sys
try:
import lzma
except ImportError:
from backports import lzma
import update_metadata_pb2 as um
flatten = lambda l: [item for sublist in l for item in sublist]
def u32(x):
return struct.unpack('>I', x)[0]
def u64(x):
return struct.unpack('>Q', x)[0]
def verify_contiguous(exts):
blocks = 0
for ext in exts:
if ext.start_block != blocks:
return False
blocks += ext.num_blocks
return True
def data_for_op(op):
p.seek(data_offset + op.data_offset)
data = p.read(op.data_length)
assert hashlib.sha256(data).digest() == op.data_sha256_hash, 'operation data hash mismatch'
if op.type == op.REPLACE_XZ:
dec = lzma.LZMADecompressor()
data = dec.decompress(data)
elif op.type == op.REPLACE_BZ:
dec = bz2.BZ2Decompressor()
data = dec.decompress(data)
return data
def dump_part(part):
print(part.partition_name)
out_file = open('%s.img' % part.partition_name, 'wb')
h = hashlib.sha256()
for op in part.operations:
data = data_for_op(op)
h.update(data)
out_file.write(data)
assert h.digest() == part.new_partition_info.hash, 'partition hash mismatch'
p = open(sys.argv[1], 'rb')
magic = p.read(4)
assert magic == b'CrAU'
file_format_version = u64(p.read(8))
assert file_format_version == 2
manifest_size = u64(p.read(8))
metadata_signature_size = 0
if file_format_version > 1:
metadata_signature_size = u32(p.read(4))
manifest = p.read(manifest_size)
metadata_signature = p.read(metadata_signature_size)
data_offset = p.tell()
dam = um.DeltaArchiveManifest()
dam.ParseFromString(manifest)
for part in dam.partitions:
for op in part.operations:
assert op.type in (op.REPLACE, op.REPLACE_BZ, op.REPLACE_XZ), \
'unsupported op'
extents = flatten([op.dst_extents for op in part.operations])
assert verify_contiguous(extents), 'operations do not span full image'
dump_part(part)