This guide has been written originally by Ivan Alex HC
Recovery Mode is a way of starting a device from which it is possible to manage various operations on the system partition as well as from root. When test keys are active, the user has endless possibilities between flashing partitions, restoring and installing various parts of the system or, more safely, direct intervention on the user's data partition.
To access it through ADB use the command:
adb reboot recovery
In many cases this partition is patched by the device manufacturer so as to prevent the end user from being able to perform operations such as de-branding and installing third-party software, or even installing a new operating system on the device.
The partition integrity check is managed in most cases by a file on the system partition which, through a script, reinstalls the original partition at the first boot:
By disabling the aforementioned file the warranty is lost, but in
return you will be able to permanently get your customized Recovery.
However it is possible to use a personalized Recovery also temporarily, and then restore it automatically at the first start, just in time to perform the operations necessary to the user.
With a dev-key recovery we have no permissions to execute zips. Only signed updates are accepted on a stock recovery.
With a custom Recovery we can flashing every other zip we need on our devices or to be able to use ADB from Recovery Mode.
Use temporary root access on your device and perform
dd from ADB shell:
dd if=/dev/block/bootdevice/by-name/recovery of=/sdcard/recovery.img bs=2048
recovery.img file will be saved on the SD card. And you can pull it via
adb pull /sdcard/recovery.img
This part has been written by Speeduploop
This guide will allow you to add test keys to your stock Recovery. It
should also work for Android smartphones.
In addition, ADB root support can also be implemented using a ADBD rooted binary file, but this is optional, only if you want to permanently replace the Recovery:
Create a new folder and put your recovery.img there,
with the keys.v12 file;
Open a terminal into the new folder and perform the following
commands, we will do the operation in three blocks:
a. in this way you extract the recovery.img and the internal
initrd.img that contains the essential files
abootimg -x recovery.img abootimg-unpack-initrd
b. with these commands you remove the stock dev-keys in
/ramdisk/res/ and replace them with the keys from the keys.v12 file
rm ramdisk/res/keys cp keys.v12 ramdisk/res/keys
Normally only the
adb sideload command can be used,but
only packages signed by OEMs can be flashed. In case you want to use ADB
as root in recovery mode, you can proceed in this way (OPTIONAL):
b1. with these commands you remove the stock ADBD binary in /ramdisk/sbin/ and replace it with the new one
rm ramdisk/sbin/adbd cp adbd ramdisk/sbin/adbd
b2. now you have to edit the default.prop file in this main folder
cp ramdisk/default.prop ./
use a text editor and change the following values:
ro.debuggable must be 1 (in this way the device is
able to use debug);
ro.adb.secure must be 0 (needed to enable ADB, it is
often enabled by default).
now push again the default.prop file in its place:
rm ramdisk/default.prop cp default.prop ramdisk/default.prop
c. with these commands you remove initrd.img from the main folder, repack the new one end rewrite it in recovery.img
rm initrd.img abootimg-pack-initrd abootimg -u recovery.img -r initrd.img
Now your custom
recovery.img is ready to be flashed!
In this part of the guide we will follow two steps, everything depends on whether your custom recovery will be a temporary (from point 1 to 5) or a permanent (point 6) replacement.
Use your custom recovery (if you have a Nokia 8110 4G you can
check the dumps here);
Rename the file as recovery.img to simplify the
Put the file on the SDcard;
Chose a way to get a temporary root shell;
Replace the Recovery with the following commands:
adb shell dd if=/dev/block/bootdevice/by-name/recovery of=/sdcard/recovery-backup.img bs=2048 dd if=/sdcard/recovery.img of=/dev/block/bootdevice/by-name/recovery
Now your recovery is temporarily replaced. If your system is clean, an
internal script will reinstall the recovery stock on the next reboot. In
the meantime you can use, for example, the backup tools, such as
dumpall.zip, and once finished, just start the phone normally to
restore the recovery to the stock.
Repeat steps 1 to 5 every time you need to temporarily resort to a custom recovery.
If, however, you want to permanently replace your custom recovery, go
to the next step.
Now we made a backup of the stock Recovery and have replaced it with
a custom one. This passage is important if you want temporary use
the new recovery without loosing the OTA updates, because you can use
the custom one just one time, it will be replaced with the stock one at
the first boot because the file
a. Now we need to disable integrity checking from the system
partition. This will block official updates, but you can always restore it if you first backup your system partition, in this way:
dd if=/dev/block/bootdevice/by-name/system of=/sdcard/system-backup.img bs=2048
b. Now that we have the system's backup we can disable the file
that reinstalls the stock version of Recovery,
mount -o remount,rw /system echo '#!/system/bin/sh' > /system/bin/install-recovery.sh echo 'exit 0' >> /system/bin/install-recovery.sh chown root:root /system/bin/install-recovery.sh chmod 750 /system/bin/install-recovery.sh sync mount -o remount,ro /system reboot