RK3188 madness

Myy myy at miouyouyou.fr
Wed Jul 6 08:24:02 PDT 2016


I currently own a Cube GT2, which uses a RK3188 chip.
I asked on the ARM Community Forum how to compile and flash a new kernel 
on a RK3188 device and I got redirected to this mailing list. ( 
https://community.arm.com/thread/10159 ).

My goal is to install a new kernel on this device, in order to be able 
to use Streamline on it.

I currently understand that the rknand driver has not been reverse 
engineered. Since it does not look terribly complicated, I'd like to try 
to reverse engineer it, however, first I still need to be able to boot a 
kernel with, at least, an SSH access.

So my current objectives are :
- Load a modified initrd image.
- Load a modified initrd containing the graphic driver (if possible), 
the Wifi driver, wpa_supplicant and sshd, with the currently installed 
- Replace the kernel with a new stock kernel, using the same initrd.

So my current questions are :
- Where does the system loads the initrd images from ?
    I extracted the android boot image stored in the boot partition, 
using rkflashkit, replaced the initrd, repacked the image and reflahsed 
it but, STILL, when returning on Android, it clearly seems that a 
different initrd file was used. Same thing when flashing the modified 
image to the "kernel" partition too.
- How to pack kernels and initrd with rkcrc ?
    There's a ton of rk3188 3.0.36+ kernels available on Github that do 
NOT compile. The only kernel I was able to compile is the official one. 
I do not understand what rkcrc do and the kernel inside the Android boot 
Image do not have any standard Linux Kernel header.

The param file of my tablet is as follows :

MAGIC: 0x5041524B
ATAG: 0x60000800
KERNEL_IMG: 0x60408000
#RECOVER_KEY: 1,1,0,20,0
CMDLINE:console=ttyFIQ0 androidboot.console=ttyFIQ0 init=/init 
mtdparts=rk29xxnand:0x00002000 at 0x00002000(misc),0x00006000 at 0x00004000(kernel),0x00006000 at 0x0000A000(boot),0x00010000 at 0x00010000(recovery),0x00020000 at 0x00020000(backup),0x00040000 at 0x00040000(cache),0x00400000 at 0x00080000(userdata),0x00002000 at 0x00480000(kpanic),0x00100000 at 0x00482000(system),- at 0x00582000(user)

There seems to be some documentation about how to load a system from a 
sdcard, but I don't know if it's possible with this system. And quite 
frankly, half of the documentation seems to be random copy-paste of 
instructions and IRC logs, put together in some weird fashion. It's 
difficult to understand and adapt.

More information about the linux-arm mailing list