How to make custom ROM for Cybook e-readers
Monday, 06 July 2015
|
Écrit par
Grégory Soutadé

Bookeen doesn't provides any way to hack their e-ink e-readers. Nevertheless, after they introduce a secured update file format for the first Cybook serie, they come back to a "tar-like" format for their e-readers based on Allwiner platform (new Odyssey, Muse, Nolimbook...). With this format, they try to be closest to Android platform.

Be careful : handling all bookeen's readers is difficult because there is a lot of derived/customized readers available ! For this, Bookeen has its own server that checks for serial number to determine which update to serve. A special attention must be done with manipulating boot and bootloader images, it can bricks your e-reader !

This tutorial will only works with UNIX/Linux tools, I do not plan to do it for Windows.

So, let's start. An archive is commonly named CybUpdate.bin. In facts it's a .tar.bz2 file.

First, decompresse it :

mkdir decompressed
cd decompressed
tar -jxvf ../CybUpdate.bin

The following content should be created :

contents
bootloader.fex
boot.fex
rootfs.fex

I think that boot.fex and bootloader.fex are optional, but not sure. Two types of files are present :

  • contents that contains meta information
  • fex files

Contents has the following format :

<ident>|<filename>|<length>|<sha256sum>|<version>

idents are :

  • LOAD for bootloader
  • BOOT for boot partition
  • ROOT for rootfs

Fex extension is a generic one that actually is flash images in different format (vfat, ext...).

In bootloader.fex and rootfs.fex we have a file "/version" specifying the current version (allowing to do checks). Mounting bootloader and rootfs is quite easy :

mkdir root
sudo mount -t ext2 rootfs.fex root -o loop

mkdir bootloader
sudo mount -t vfat bootloader.fex bootloader -o loop

After doing modifications, just unmount the directory and the image is automatically generated ! (Don't forget to update contents metadata).

boot.fex is more complex, it has Android bootloader format. You have to use split_bootimg.pl to decompress it.

mkdir boot
cd boot
../split_bootimg.pl ../boot.fex
> Page size: 2048 (0x00000800)
> Kernel size: 10863524 (0x00a5c3a4)
> Ramdisk size: 2253456 (0x00226290)
> Second size: 0 (0x00000000)
> Board name: sun5i
> Command line: 
> Writing boot.fex-kernel ... complete.
> Writing boot.fex-ramdisk.gz ... complete.

Then we decompress ramdisk :

mkdir ramdisk_decompressed
cd ramdisk_decompressed
gzip -dc ../boot.fex-ramdisk.gz | cpio -i

You can re compress it with :

find | cpio -o | gzip -c > ../boot.fex-ramdisk.gz

Rebuilding boot is done with mkbootimg. Be careful to use the same parameters split_bootimg.pl displayed !

./mkbootimg.py --kernel boot.fex-kernel --ramdisk boot.fex-ramdisk.gz --pagesize 2048 --board sun5i -o ../boot.fex

As you see, there is nothing complicated here, but mistakes with boot/bootloader or init scripts can bricks your e-reader.

Have fun !

#
1
De
Pirloui
, le
21 July 2015 08:07
You can't ever brick an Allwinner plateform, if you boot into FEL mode, you can flash a new image.
Répondre
Auteur :


e-mail* :


Le commentaire :


#
2
De
Greg
, le
21 July 2015 09:07
Nice to know ! I keep the warning to prevent peoples for doing anything bad.
Répondre
Auteur :


e-mail* :


Le commentaire :


#
3
De
Niceguy
, le
12 August 2015 06:08
Hi,

can you provide more information about the update image format for the old Odyssey as well?

Its CybUpdate.bin file is no tar.bz. It has the "GAME_OVER" entry at the end, and I see a byte sequence "Boo" at the top which looks like a magic sequence to me. I stripped that off to see if it's something useful, as well a few bytes more or less, but to known archive format was the result.

Any information would be great! :)

Thanks!
Répondre
Auteur :


e-mail* :


Le commentaire :


#
4
De
Greg
, le
12 August 2015 06:08
Unfortunately not for now...
Répondre
Auteur :


e-mail* :


Le commentaire :


#
5
De
Lupin
, le
07 August 2017 13:08
Great information. I just noticed this blog post. Have to try this. I think good place to start is to get one of the firmware packages, split it in parts and try to reassemble them back to an update package.
Répondre
Auteur :


e-mail* :


Le commentaire :


Auteur :


e-mail* :


Le commentaire :




* Seulement pour être notifié d'une réponse à cet article