NEXUS 5 工厂镜像刷机教程及刷机包目录解析

下面我们来介绍NEXUS 5 工厂镜像刷机教程.

一、下载官方最新Android SDK Platform-Tools刷机工具和工厂镜像

Android SDK Platform-Tools刷机工具官方地址：https://developer.android.com/studio/releases/platform-tools.html
传送门：
官方镜像下载地址及教程：https://developers.google.com/android/images

SDK Platform-Tools 是 Android SDK 中的一部分，如果你下载了 Android SDK 的话，就没必要再另外下载了。它包含adb, fastboot, and systrace等 工具，能够解锁设备和刷入系统镜像。
下载SDKPlatform-Tools 后解压，将解析后的目录路径添加到 环境变量PATH中，里面的flash-all脚本会用到这个路径

二、刷机过程

1. 将下载的官方工厂镜像解压。我下载的是Nexus 5 android 4.4.4.r1 镜像包，对应 hammerhead-ktu84p-factory-1f5f26b1.ZIP ,解压后看到：
   
   bootloadr:引导程序,用于加载操作系统
   raidio-hammerhead.img:基带固件
   imge.zip：操作系统。
   flash-base.sh:linux下使用，用于依次刷入bootloader、基带固件，不刷操作系统。

//flash-base.sh
fastboot flash bootloader bootloader-hammerhead-hhz11k.img
fastboot reboot-bootloader
sleep 5
fastboot flash radio radio-hammerhead-m8974a-2.0.50.1.16.img
fastboot reboot-bootloader
sleep 5

flash-all.bat:windows下 使用，依次刷入bootloader、基带固件、操作系统。

//flash-all.bat
PATH=%PATH%;"%SYSTEMROOT%\System32"
fastboot flash bootloader bootloader-hammerhead-hhz11k.img
fastboot reboot-bootloader
ping -n 5 127.0.0.1 >nul
fastboot flash radio radio-hammerhead-m8974a-2.0.50.1.16.img
fastboot reboot-bootloader
ping -n 5 127.0.0.1 >nul
fastboot -w update image-hammerhead-ktu84p.zip

echo Press any key to exit...
pause >nul
exit

flash-all.sh:linux下 使用，依次刷入bootloadr、基带固件、操作系统。

//flash-all.sh
fastboot flash bootloader bootloader-hammerhead-hhz11k.img
fastboot reboot-bootloader
sleep 5
fastboot flash radio radio-hammerhead-m8974a-2.0.50.1.16.img
fastboot reboot-bootloader
sleep 5
fastboot -w update image-hammerhead-ktu84p.zip

我的是windows操作系统，后面会用到 fast-all.bat。
2. 用USB数据线将设备与电脑相连
3. 以 fast-boot 模式启动手机。有下面两种模式，我用的第一种。

    - 使用adb tools:在设备开机情况下，输入下面的命令：

    adb reboot bootloader

    -  使用组合键：  重启设备，然后立即安下组合键。Nexus 5的组合键是： 同时按住音量调高键和音量调低键，然后按住电源键

4. 解锁bootloader .(如果bootloader 锁定，是无法刷入镜像的，解锁会清除数据，务必解锁前保存数据)

对于新款设备（2015 年及之后发布的设备）：` $ fastboot flashing unlock`
对于老款设备（2014 年及之前发布的设备）：` $ fastboot oem unlock`

5.在命令行下进入之前工厂包解压的目录，运行该目录下的fast-all.bat脚本。会依次刷入刷入bootloader、基带固件、操作系统。之间可能重启2次进入bootloader。刷机成功后，设备会进入操作系统，脚本会提示退出。整个过程5分钟不到，比各种刷机助手快多了。下面是刷机过程中bat脚本的提示

target reported max download size of 1073741824 bytes
sending 'bootloader' (2508 KB)...
OKAY [  0.281s]
writing 'bootloader'...
OKAY [  0.479s]
finished. total time: 0.767s
rebooting into bootloader...
OKAY [  0.004s]
finished. total time: 0.005s
sending 'radio' (45409 KB)...
OKAY [  1.610s]
writing 'radio'...
OKAY [  3.112s]
finished. total time: 4.724s
rebooting into bootloader...
OKAY [  0.002s]
finished. total time: 0.003s
archive does not contain 'boot.sig'
archive does not contain 'recovery.sig'
archive does not contain 'system.sig'
archive does not contain 'vendor.img'
Creating filesystem with parameters:
    Size: 29236371456
    Block size: 4096
    Blocks per group: 32768
    Inodes per group: 8192
    Inode size: 256
    Journal blocks: 32768
    Label:
    Blocks: 7137786
    Block groups: 218
    Reserved block group size: 1024
Created filesystem with 11/1785856 inodes and 156120/7137786 blocks
Creating filesystem with parameters:
    Size: 734003200
    Block size: 4096
    Blocks per group: 32768
    Inodes per group: 7472
    Inode size: 256
    Journal blocks: 2800
    Label:
    Blocks: 179200
    Block groups: 6
    Reserved block group size: 47
Created filesystem with 11/44832 inodes and 5813/179200 blocks
--------------------------------------------
Bootloader Version...: HHZ11k
Baseband Version.....: M8974A-2.0.50.1.16
Serial Number........: 03a784052519107e
--------------------------------------------
checking product...
OKAY [  0.100s]
checking version-bootloader...
OKAY [  0.099s]
checking version-baseband...
OKAY [  0.099s]
sending 'boot' (8700 KB)...
OKAY [  0.490s]
writing 'boot'...
OKAY [  0.741s]
sending 'recovery' (9284 KB)...
OKAY [  0.547s]
writing 'recovery'...
OKAY [  0.775s]
erasing 'system'...
OKAY [  1.031s]
sending 'system' (721400 KB)...
OKAY [ 22.799s]
writing 'system'...
OKAY [ 49.069s]
erasing 'userdata'...
OKAY [ 20.379s]
sending 'userdata' (139109 KB)...
OKAY [  4.565s]
writing 'userdata'...
OKAY [  9.342s]
erasing 'cache'...
OKAY [  0.596s]
sending 'cache' (13348 KB)...
OKAY [  0.627s]
writing 'cache'...
OKAY [  1.068s]
rebooting...

finished. total time: 112.843s
Press any key to exit...

6.。这时如果你想重新锁定设备的话，可以再次进入fastboot 模式，执行fastboot flashing lock命令,老设备执行：fastboot oem lock命令

三、官方工厂镜像刷机包目录解析

下面是刷机包的目录：

内核镜像在哪里呢？，内核镜像在boot.img中，关于boot.img文件的文件格式，大家可以参看Android内核源码 system/core/mkbootimg/目中 bootimg.h文件中的定义

#ifndef _BOOT_IMAGE_H_
#define _BOOT_IMAGE_H_

typedef struct boot_img_hdr boot_img_hdr;

#define BOOT_MAGIC "ANDROID!"
#define BOOT_MAGIC_SIZE 8
#define BOOT_NAME_SIZE 16
#define BOOT_ARGS_SIZE 512

struct boot_img_hdr
{
    unsigned char magic[BOOT_MAGIC_SIZE];

    unsigned kernel_size;  /* size in bytes */
    unsigned kernel_addr;  /* physical load addr */

    unsigned ramdisk_size; /* size in bytes */
    unsigned ramdisk_addr; /* physical load addr */

    unsigned second_size;  /* size in bytes */
    unsigned second_addr;  /* physical load addr */

    unsigned tags_addr;    /* physical addr for kernel tags */
    unsigned page_size;    /* flash page size we assume */
    unsigned unused[2];    /* future expansion: should be 0 */

    unsigned char name[BOOT_NAME_SIZE]; /* asciiz product name */

    unsigned char cmdline[BOOT_ARGS_SIZE];

    unsigned id[8]; /* timestamp / checksum / sha1 / etc */
};

/*
** +-----------------+ 
** | boot header     | 1 page
** +-----------------+
** | kernel          | n pages  
** +-----------------+
** | ramdisk         | m pages  
** +-----------------+
** | second stage    | o pages
** +-----------------+
**
** n = (kernel_size + page_size - 1) / page_size
** m = (ramdisk_size + page_size - 1) / page_size
** o = (second_size + page_size - 1) / page_size
**
** 0. all entities are page_size aligned in flash
** 1. kernel and ramdisk are required (size != 0)
** 2. second is optional (second_size == 0 -> no second)
** 3. load each element (kernel, ramdisk, second) at
**    the specified physical address (kernel_addr, etc)
** 4. prepare tags at tag_addr.  kernel_args[] is
**    appended to the kernel commandline in the tags.
** 5. r0 = 0, r1 = MACHINE_TYPE, r2 = tags_addr
** 6. if second_size != 0: jump to second_addr
**    else: jump to kernel_addr
*/

#if 0
typedef struct ptentry ptentry;

struct ptentry {
    char name[16];      /* asciiz partition name    */
    unsigned start;     /* starting block number    */
    unsigned length;    /* length in blocks         */
    unsigned flags;     /* set to zero              */
};

/* MSM Partition Table ATAG
**
** length: 2 + 7 * n
** atag:   0x4d534d70
**          x n
*/
#endif

#endif