This tutorial is going to be a bit to the point so there is an assumption that you have a level of comfort with Linux and with basic file manipulation, ownership, etc. I recently launched a new site, www.mtkfirmware.com, that is focused on collecting firmware for Mediatek based devices. The majority of the site is dedicated to firmware download collection. However there is a subset of the site called “dev-tools” that is specifically a collection of software and tutorials on how to modify Mediatek roms. In this case, we are focusing on roms that can be flashed using the SPflash tool which means their format is a series of .img files, a scatter file, etc. Many Mediatek devices are for the Chinese/Asian market and therefore come with a lot of software that is of little interest to western users. Many just come with bloatware that is of interest to no one. Therefore it is often desirable to modify the firmware for these devices and remove all the bloat as well as do a bunch of other things.

The first step in modifying a rom for pretty much any android device is figuring out how to access the primary system files found in the /system directory. In the packages rom/firmware file, these are most often found in a system.img file. Often this container file is an EXT4 and YAFFS formatted filesystem partition image and that is exactly the case on the majority of devices using Mediatek SoC solutions. So the goal, is to “unpack” that container file so that the contents can be easily modified and then “repack” or create a new system.img file based on the modified contents so that this new package can be flashed onto the device.

What you will need:

1. A virtual machine or dedicated box running Linux. My preferred distro is Ubuntu Desktop 12.04 LTS for android development work. The GUI file browser is really handy and if you don’t have a dedicated workstation I would recommend checking out Oracle’s excellent and free VirtualBox solution for running Ubuntu in a VM.

2. Software tools for doing the unpacking/repacking and other bits and pieces. These are all linux binary executables and I have put everything I use into a nice zip package that can be downloaded from here: http://mtkfirmware.com/content/linux-commands-instructions-tools-unpacking-and-repacking-system-images-mtk-devices-ext4-and

3. Stock firmware for your device, preferably from the manufacturer or a custom rom that uses the SPflash tool for flashing. Many custom roms are in the form of update.zip files and rely on the recovery environment for installation. Those are not in scope here and won’t work. The rom you are modifying must be meant for the SPflash tool and should contain a system.img file and possibly a userdata.img file for modification. Most of the roms found at mtkfirmware.com are in this format, feel free to search for your device there in the firmware download section of the site to see if we have your firmware already on file.

Once you have all of that, you can get down to dev’ing your new rom. Here are the instructions for doing so, pulled from that link above.

—First unpack image tools zip file (linked above) to somewhere on your linux system. For ease of explanation, I am going to use my home folder as the location where I put the unpacked folder containing all the bin files. So /home/username/ will be our base. We will place our system.img file from our stock firmware into our base home folder. Furthermore there will be another directory in my home folder already created called “working” (so /home/username/working) that will be the mount point for our unpacked system.img so we can modify files—

1. Open up a terminal command line prompt and become root with the following command:

sudo su

2. change into your img-tools directory:

cd /home/username/img-tools

3. Use the simg2img program to “un-sparse” your stock image file as a raw ext4 image file:

.simg2img /home/username/system.img sys.raw

4. Now mount that raw file into your directory for modification of files:

mount -t ext4 -o loop /home/username/img-tools/sys.raw  /home/username/working/

5. Open up a new terminal window and use the following command to launch the nautilus file browser (ubuntu) as the root user:

sudo nautilus

6. Now a new file browser window appears. Browse to /home/username/working/ and you should see your firmware files… Mod away!

7. When you are all done making changes and want to build a new system.img for flashing from that directory, do the following.

cd /home/username/img-tools
./make_ext4fs -s -l 750M -a system newsystem.img /home/username/working/

8. You should now have a file called “newsystem.img” in your /home/username/img-tools directory, this is your new system.img file and it can be flashed using SPFlash tool!

I vastly prefer this method to using a prepackaged “kitchen” – not that those don’t have their place for making life easier with some things. The nice thing about working with a system.img vs. creating an update.zip though is that you don’t need a custom recovery environment to install it. This method therefore should work on a much wider range of devices assuming you can get access to stock firmware.

— For YAFF Formatted Images—

Similar to the above but you use a different tool set with the image file. The commands look like this:

cd /home/username
mv system.img working/system.img
cd /home/username/img-tools
./unyaffs /home/username/working/system.img

—–modify files in working directory and then you need to move your system.img file out of that directory before repacking. So..

mv /home/username/working/system.img /home/username/system.img

Once that is moved back out, you can go ahead and create your image.

./mkfs.yaffs2.x86 /home/username/working /home/username/newsystem.img

Brief explanation for moving the system.img file about:
Unyaffs is going to extract the contents of system.img to wherever the system.img file is stored. So it is a good idea to move the system.img file into whatever folder you want your rom contents to end up in. Hence we move it above. Before repacking the rom though you want to make sure the original system.img isn’t still sitting in that working directory. Hence we move it back out before repacking.

Final note:

The above methods also work on the userdata.img (tested against EXT4 and I am assuming a YAFFS formattated userdata.img file would also work) which is where manufacturers often put a lot of the bloatware applications for installation into the system during first boot. You can remove those apk files and clean the system up. You can also place other APK files in userdata.img for installation into your rom. The nice thing about applications placed in here is that the user can easily uninstall them if they don’t want them.

1 of 1

12 comments on: How to Unpack and Repack a Mediatek Based Phone or Tablet system.img File

  1. Zeko
    Reply

    It appears that the download link for your img tools is missing from your article..

    • nbeam
      Reply

      Yes, it was! Thanks for pointing this out. The Link tags were there but for some reason the text in-between was not. I have added that in and the link should now work. Thanks! I am sure this was frustrating for other visitors.

  2. Mourad
    Reply

    thank you for this informations but my new system.img is not working even i juste unpack and repack without making any change on the system, after i flash my tablet its not boot

    • nbeam
      Reply

      What device do you have and what Mediatek chipset is it running?

      Before you even unpack and repack can you confirm that flashing the stock firmware image you are working with goes okay?

      Kind regards,

  3. AdvoGadget
    Reply

    Note that for step 7, you have to change the -l parameter according to the size of your system partition (on my MLais M52, for example, the system partition is 1,375,731,712 bytes, so I had to change my -l parameter to -l 1375731712)

    Also, when I mounted my raw file into a folder, it was read-only. I had to copy everything out and modify it in a different folder.

  4. vikas joshi
    Reply

    able to mount and modify raw image but unfortunately unable to repack it. it gives 2 errors 1. no android permission support 2. no such file and directory KINDLY HELP

  5. vikas joshi
    Reply

    can’t set android permissions – built without android support

  6. Ryno
    Reply

    Hi, I need some help please…
    I am trying to unpack/repack a Blackview mediatek rom.
    Without changing anything to the ROM I am doing the following:
    ./simg2img system.img sys_bv2000.raw
    mount -t ext4 -o loop /home/rynoj/romtools/sys_bv2000.sys /home/rynoj/bv2000
    ./make_ext4fs -s -l 2516582400 -a system sysnew_img /home/rynoj/bv2000

    now that works perfectly but when I flash it with SP flash tool and get OK/Success. If I boot the device it goes into bootloop then recovery window.

    This is and Android 5.0 ROM…

    What else could I be doing wrong?

    • peterw
      Reply

      I have started flashing ROMs and have got into the boot loop situation. The solution for me was to stop it attempting to do a full reboot into the Android system. I had to select the buttons to get it into system recovery mode. I had to do a “wipe data/factory reset” followed by a “wipe cache partition”. This has to be done before it is allowed to boot normally for the first time after the flashing.

  7. Leo
    Reply

    Why when I get to download the zip file, Google flags it as dangerous to download?

    • nbeam
      Reply

      Hey Leo,

      I don’t know? I own the other site and uploaded that file myself. Just to be safe I downloaded the file and submitted it here:
      https://www.metadefender.com/#!/results/file/YTE2MTIyMVNKcGVOMGNyT0VlQnlBbE5DOUJfRWU/original/analysis

      It came back as clean from 41 different virus engines.

      I use a third-party plugin to manage file downloads (rather than Chrome directly) so I didn’t see a warning.

      If you do find a virus though please report back and I will see if I can’t clean it up or at least mark the package as suspicious on the site.

      • Leo

        Hey nbeam,

        Yes you were right, no virus/malawares. I guess Google flagged it because the site is not encrypted. I downloaded through Avast browser and everything was fine. Just to be on the safe side, I passed the zip file through Malawarebytes, and no problems whatsoever. The problem I encountered was the driver for the USB. It couldn’t find one. Is this related to the first step on the list to do, or a separate problem? Thank you.

Join the discussion

Your email address will not be published. Required fields are marked *