Related
Any brave soul try using mkrom in conjucntion with the 2003 ROM? I think I might give it a shot here in a bit but wanted to know if anybody had tried it yet...
I've managed to build a 2003 ROM. It's extremely tricky though. I'm working on customizing a ROM similar to the XDA Developers SER - as soon as I get some free time
I'd like to acknowledge all the help given to me by Developer Itsme in this endeavor.
Let me know any suggestions you may have for the new ROM.
sheran_g,
i didn't know u could use mkrom with 2003 rom image. can u please post how u did it? i created a special version based on SE 1.1 rom but would like to put the same programs into the new rom. any help is appreciated.
thanks
alex
sheran_g said:
I've managed to build a 2003 ROM. It's extremely tricky though. I'm working on customizing a ROM similar to the XDA Developers SER - as soon as I get some free time
I'd like to acknowledge all the help given to me by Developer Itsme in this endeavor.
Let me know any suggestions you may have for the new ROM.
Click to expand...
Click to collapse
What's tricky about it...?
The modified registry file you make does not get picked up at the device startup. You need to manually inject the memory address of the modified registry file into the ROM in order for it to get picked up.
my latest romtools can be found at romtools
now it calls dumprom to find and fix the filedata offsets.
I think they should now build 2003 roms.
sheran_g,
can u post the steps that u take to buid it? i'm trying right now and its not working. i'm having little problems. can u post ur default.reg and initobj.txt? any other help is apreciated.
thanks
alex
Ok. Here they are in a nutshell:
Get the latest romtools.
Make the following dirs: romfiles, cfg, tmp, out, files, files1, files2
Split the ROM into Bootloader, bootimage, OS image, xipchain into the 'cfg' dir.
Dump the files in the OS image into a 'romfiles' dir.
Get the default registry file, initobj & initdb files into your 'cfg' dir.
Make changes to your default.reg and initobj.txt
Place any files you want loaded in the ROM into the 'files' dir.
Run 'mkrom.sh'
You should then have your new ROM. I'm sorry if it's extremely brief; you'll have to make do with this and the README file in the romtools archive file for now. You'll find my default.reg and initobj.txt files on my site: www.zensay.com/qtek/mkrom
sheran_g,
Have you created a decent working custom WM2003 ROM?
If so what Apps have you added?
How much ROM space does it use?
I've not added any apps to my ROM. I have only added a carrier logo file and made some changes to the registry. So I cannot comment on ROM space yet. The ROM works fine.
sheran_g,
what command did u use to extract rom files? did u do it under windows or unix?
I'm having problems trying to dump the rom image. I don't know if its too much to ask, but can u zip ur directory and post it somewhere so i can download it? or if u can post commands that u ran to dump the 2003 rom?
thanks
alex
Hi,
could you include "O2 home zune" to the 2003 image, like in the 2002 3.19 GER. Its for Germany interested only!
AR :?:
home zone depends on specific 3.19 rilgsm features. which are not in 4.*
okay, used dumprom -4 -d files -q nk.nbf and extracted all files. Got could not find pointer for ofs 00000000 ERROR but all the files seem to be there. Trying to figure this out. Saw the above abreviated directions but am fumbling around. Anyone have concise directions?
Val
Anyone? Just give me a good hint then please.
Hi all!
When i overwrite the rilgsm.dll file in the t-mobile 4.0.10 image with the rilgsm.dll from the O2 GER 3.19 image, i could use the "O2 home zone" option with the hz.exe in Starup directory? rilgsm.dll from german image hes 'at+creg=2' string in it. probably the RIL_GetCellTowerInfo call is now implemented. When it can work, how could i write the german rilgsm.dll to the image? I haven't linux, could somebody cook the image for me?
here is the germen rilgsm.dll and the hz.exe for the "home zone" funktion! http://www.nokiaprog.de/XDA/home_zone.zip
THX
PS: Sorry, my english! ;-)
AR
the homezone enabled rilgsm.dll depends on other dll's and exe's.
probably ril.dll, stk.exe, cell*.dll and maybe more, I have not tried
replacing all.
you don't need to build a new rom in order to experiment with this, you
can just copy the desired files to \windows, to override the rom versions.
And I don't think it works with the RIL_GetCellTowerInfo call,
but adds some notification events.
to change the CREG setting you need to call RIL_DevSpecific with parameter 25 ( to turn it on ) or 26 ( to turn it off )
even though that does not seem to be how hz.exe does it.
Hi,
I opened the image file in the Hex editor and renamed the file there rilgsm.dll. Then I flashed the image, which was phone probably deactivated, because rilgsm.dll was missing. Then I copied over ActiveSync the German rilgsm.dll into the Windows directory, XDA reset and he not accept the file. I assume because the file was not in the EPROM memory! Therefore I wanted to have rilgsm.dll first times in the image!
AR
XDA developer Itsme said:
my latest romtools can be found at romtools
now it calls dumprom to find and fix the filedata offsets.
I think they should now build 2003 roms.
Click to expand...
Click to collapse
Is there any other way i can access this site or I can download this files, the sites are block here in my country, Please Help
Ronnie
Hi there,
I'm new here, infact, this is my first post !
I'm a mobility engineer and have been given the task of creating an SOE for our company's PDA units. we use the i-mate (as is stated in my profile).
I have no troubles adding what i need to for my extended ROM(ms_.nbf). what I need to do is gain access to the main ROM (NK.nbf) I have "WM2003 ROM Image Editor", and a password list supplied, but none of them work, I have scoured google looking for ways to access my ROM, but all hits refer to is older versions.
as stated above, my ROM version is 1.72.00. I need access to this so I can tailor the complete operating system to my requirements.
If anyone can help me with this, I'll be eternally gratefull.
Also, is there an easy way to gain access to the ROM on other devices?
As, I'm sure that once I have cracked the ROM, created my SOE, that the device itself will become obsolete, and I will have to start again on other hardware.
I did use the search function in the forum, unfortunately, I couldn't find what I needed. So appologise if something along this topic has been posted before.
Thanks in advance!!!
you may use xda2nbftool.exe to calculate password of your ROM, as far as I remember it is "-t" switch. Then you can dump the ROM contents with dumprom.exe. You cannot modify the rom by rom kitchen because it is for XDA1, but you can modify its source code. And in general you should not modify ROM. Everything you need can be done by modifying the extended rom.
Also, is there an easy way to gain access to the ROM on other devices?
Click to expand...
Click to collapse
On most devices ROM is located in the first 32 MB of physical memory. You should use VirtualCopy function to access them and dump to storage card or anywhere you like.
thanks for your reply mamaich.
when i use xda2nbftool.exe, it seems to only reveal passwords for ms_.nbf and radio_.nbf.
when i use NK.nbf as the input file, it doesn't even check it.
would you know what syntax i would use to reveal the password of NK.nbf?
I tried -t as you suggested, but it didn't seem to help. I ran the xda2nbftool.exe to bring up a list of switches, but alas, i am new to this, it didn't seem to work for me no matter what i tried.
reason i would like to get into the ROM, is so I can have a look at how the OS works, starts etc etc.
The SOE i need to make is for several of our clients, some of who are government and financial institutions and they have many requirements. I have been able to add alot to my SOE viia the extended ROm, as you just suggested, but I want to have more control over what goes onto the unit.
The password for ROM is 0x20040304:
C:\PocketPC\Tools\xda2nbftool.exe -x NK.nbf NK.nba 0x20040304
You may calculate it yourself. Just look into NK.NBF with any hex editor. Starting from offset 0x50 you'll see bytes:
0000000050: 04 03 04 20 04 03 04 20 ...
in "normal" ROM these bytes are zeroes. So the XOR password would be: 0x20040304 (just reverse the byte order).
mamaich, thank you.
I now have a NK.nba file.
get prepared for a stupid question.
How do I get to the contents on the .nba file. to the level where i can modify the operating system ?
twinair said:
How do I get to the contents on the .nba file. to the level where i can modify the operating system ?
Click to expand...
Click to collapse
There is no tool that can modify XDA2 ROM. It is possible to modify rom kitchen to support XDA2, but noone has done that.
Currently you can dump nk.nba with command:
dumprom.exe -4 -d c:\1 nk.nba
(this would dump all files to c:\1 directory)
and later you can modify nk.nba with any hex editor if you need to patch the existing program. I've successfully patched it when I was playing with BT drivers.
mamaich, you've been a great help.
I have managed to extract all the files. now I can see what I can modify.
thanks again.
Hopefully I can provide some input to these forums.
I have been doing some things to our PDA's that no one else is doing. we are totally customising our devices.
While I am at it, we could do with someone who is a serious developer who know's his ****!
I have only been a member for a couple of days, but I can already see you know what you are on about. Are you interested in some work at all?
If you are, let me know, I can tell you what we need. I think you would fit the description
twinair said:
Are you interested in some work at all?
If you are, let me know, I can tell you what we need. I think you would fit the description
Click to expand...
Click to collapse
Sounds interesting. Can you contact me by ICQ 70241285 or send more information by PM?
mamaich said:
The password for ROM is 0x20040304:
C:\PocketPC\Tools\xda2nbftool.exe -x NK.nbf NK.nba 0x20040304
You may calculate it yourself. Just look into NK.NBF with any hex editor. Starting from offset 0x50 you'll see bytes:
0000000050: 04 03 04 20 04 03 04 20 ...
in "normal" ROM these bytes are zeroes. So the XOR password would be: 0x20040304 (just reverse the byte order).
Click to expand...
Click to collapse
Sir,
I got a Question, I follow what U say to to for this Radio _.nbf , But in offset 0x50 ..seem to be something different, can U help me to try ?
THe Radio had attached ...thx
Please see posts below for solution.
Paul
silly me, just looked at the code, it was set for the smartphone screen size, changed it to the proper size and it works ok. Going to do some testing then I should be able to create a utility to change the splash screen
Paul
it is a nb file which is the same format as used in all HTC devices,I renamed the file logo.bin to logo.nb and used nb_image_converter_859_418.exe which i got from the FTP site to open,it is for T-Mobile.
Great,now we can change the Splash logo using the old method and change the file ext to bin.
Regards
Done, managed to change the boot logo on my HTC Charmer - Wizard should be exactly the same. Will post a how-to soon...
The file format seems to have slightly changed from the .nb format. It has a different header now, but it is almost the same.
Re: Can nearly change the splash screen, help required.
psneddon said:
I have a charmer which has the same rom layout etc as the wizard so this should apply to both devices.
I can extract the splash screen (and it should be ok flashing it back using pdocwrite) but the problem is converting it back and forth between the htc format and bmp. I am using a utility from spv developers. The utility nearly converts it ok but its a bit corrupted. Please see the attached file and maybe someone could fix the code??
Paul
Click to expand...
Click to collapse
Can you post the utility to extract the file from the Rom and patch it back again
Regards
I've only tested on the charmer but it should work on the wizard, but obviously I cant be 100%.
Download the aWizard tool from
http://forum.xda-developers.com/viewtopic.php?t=37386&postdays=0&postorder=asc&start=0
You need to enable RAPI using this tool plus the other tools you need are in the lib dir.
To extract the splash screen...
pdocread.exe -n 1 0x002d0000 153630 splash.bin
The header sig should be "This is smartphone signature".
Use the logoconverter attached e.g.
logoConvert bin2bmp splash.bin splash.bmp
to covnvert back
logoConvert bmp2bin splash.bmp splash.bin
To flash back use
pdocwrite.exe -n 1 splash.bin 0x002d0000
Thank you very much,it works fine .
Regards
If you want to extract the splash image from a wizard/charmer rom (or any other part of the rom) then you can use the typhoon tools on the nk.nbf file.
logoconvert not working
Hi,
I managed to get the .bin file, but when trying to use the logoconvert i get this message:
"The system cannot execute the specified program"
I tried to run it in a cmd DOS shell.
I found the logoconvert tool on the net, tried to use this one too:
http://www.spv-developers.com/forum/showthread.php?t=17
but it seems that this one is for the 176x220 resolution
Could you please help ???
THANK YOU :roll:
could you please post the step by step?
your instructions are a bit hard to follow.
i got a bmp I want to use so i convert it to a .bin then what?
where do I run pdocwrite.exe -n 1 splash.bin 0x002d0000?
thanks in advance for any help
I'm just off to bed as I have a long day at work tomorrow, but I promise I'll either write a script of write a how-to over the weekend.
Paul
psneddon said:
I'm just off to bed as I have a long day at work tomorrow
Paul
Click to expand...
Click to collapse
Could U change your mind If I prepare a big cup of hot cofee??? I'll wait your "how to", cause i really don't like my green splashscreen after some experiments!!
Thanks
Hmmm.. look promising..
will check this one later this weekend...
I managed to changed it, too, for my Wizard. I followed the steps ad described above with small modifications. I hope there's no problem in repeating them:
1) Get the aWizard tool from
http://forum.xda-developers.com/viewtopic.php?t=37386&postdays=0&postorder=asc&start=0
2) Enable RAPI (otherwise next command will exit with a message saying itsutils.dll cannot be replaced, or smth like that)
You do that searching the "EnableRAPI.cab" on the forum and follow the instructions (you copy it to the phone and then install it on the phone)
For example here:
http://forum.xda-developers.com/viewtopic.php?p=202299
3) MAKE SURE the phone is connected via Activesync
Get a DOS shell : start -> run -> "cmd"
move to the directory that contains the tools ("\lib")
(the next 3 steps are just to test the pdocread.exe and logoconvert.exe - i think)
otherwise skip to step 7
4) pdocread.exe -n 1 0x002d0000 153630 splash.bin
5) Use the logoconverter.exe -> see attachement
I got the cpp file, changed the resolution to 240x320 and recompiled it
logoconvert bin2bmp splash.bin splash.bmp
6) Get a image editor (I use "gimp") and see the splash.bmp -> it should be the image that it's displayed at boot time.
You can modify it as you like.
7) Get a image 240x320 with 24 bits depth bmp (I think) (it should be around 250K)
it can be the one obtained at steps 4,5 and 6
8) "logoconvert bmp2bin splash.bmp splash.bin"
9) "pdocwrite.exe -n 1 splash.bin 0x002d0000"
That's about it.
NOTE: I'm just an user of the above programs, I don't know exactly what they are supposed to do and what they really do. Anyway, I managed to changed the boot image and I want to thank all of the people that by their tools made it possible.
Windows logo
Does anybody know how to change the Windows logo image?
Cause I got rid of the boot splash image, I put a nicely customized one, but right after that here it comes the windows logo image. It's not too consistent.
PS The emoticon in the above reply should be seen as "8 )". Also ignore the quotes surrounding some commands.
Did not work for me.
I have converting error using logoconverter...
Can you help please,
Thanks
What kind of error?
The program will work only for images of 240x320 pixels. Can you check the resolution of the image with an image editor?
thanks Kelu, worked great...
would like to change windows 2005 logo too... but will keep looking; post here if i find anything.
thanks again for the detailed walkthrough!
There was another thread here which pointed to...
http://buzzdev.net/index.php?option=com_remository&Itemid=100&func=select&id=21
...for replacing the Windows Mobile splash
Anyone know how I can extract .nbf files? I need to see what is in this nbf file. Refer to this thread if you are curious
http://forum.xda-developers.com/viewtopic.php?p=250201#250201
Use the tools made by Buzz on this page:
http://buzzdev.net/index.php?option=com_content&task=view&id=65&Itemid=1
To see the contents of the nbf (converted to nba using the above method) file, you need to use these tools:
http://wiki.xda-developers.com/index.php?pagename=WM5EditROM
Its rather simple and hardly takes about 5 minutes for the whole thing
Cheers!
Thanx for the fast response. I gave it a go and it dosent seam to work. I get the .nba from the .nbf then when trying to
"prepare_imgfs.exe nk.nba"
I get this
"Searching for IMGFS start... Not found!"
I think that the .nbf is password protected. If anyone more gifted than me can help out with this one I know we will find a way to change the splash screen on all the newer (2.17 an so forth) ROMS.
Thanx again; Lew
then how do you extract NBF file from 8125 instead of NBA file ? Is there a way to do this ?
I would like input on this as well. I think we are missing a password here or something.
universaldoc said:
Use the tools made by Buzz on this page:
http://buzzdev.net/index.php?option=com_content&task=view&id=65&Itemid=1
Click to expand...
Click to collapse
I don't believe this works with (newer?) wizard nbf's.
Is there anyone here that could crack this would be "encryption" on the .nbf in question? I tried encoding my splash backup from aWizard using the project file from the "decoded" nk.nbf from "ruu_forcedalias_splash_245_425.exe" and it was a no go. It said that my storage was the wrong size for this ROM update (or something to the effect of NO). So it looks as if this nk.nbf from "ruu_forcedalias_splash_245_425.exe" is the key to unlocking the ability to change splash screens to custom images.
Later; Lew
u can try the tools in the attachment to extract files from image file.
the typho2 can extract parts from a SD card image, and the typhoonnbftool_04 can extract parts from a NBF file. they work well while do with the 1.x ROM, but I've never experienced it in extracting a 2.x ROM.
any exciting info, pls let me know,
Ok, good news, thanx to BrightMoonHeart I have been able to extract the BMP from the NBF using "typhoonnbftool_04.exe". The bad news is so far I can't seem to add an image (bmp) to the nbf or remove the current image. So this was a great step forward, just need a little help to get r done. I tried "typho2.exe" but I couldn't get it to do anything except give me the same info "typhoonnbftool_04.exe", It says it can extract the ".NBF" to an ".SPL" and that may allow us to edit it but I was not able to get it to convert. Any ideas guys? Always appreciated
Thanx; Lew
Ok I'm even closer now. I am using "typhoonnbfdecode.pl" and I can extract the ".nb" from the ".nbf". I can create custom splash using "nb_image_converter_859_418_826.exe" and make a ".nb" but when trying to put it back to ".nbf" i get this error
Code:
read 00030000 for splash from 92000000-Splash.nb
no sm signature at 0 in Splash
If anyone can help me out with any of this I would really appreciate it. I keep getting held up with all these conversions. I think some out there must know how to do this already, and I'm close but I keep hitting road blocks.
my head hurts; Lew
The standard programs -- wizSplash and splash_bmp_to_wizard -- produce an error message (ITWRITEDISK). Does anyone know how to change the first splash screen? (I'm using Xelencin's wonder T-Mobile customized version.)
I can change the second splash screen simply by dropping the appropriately sized 320 X 240 24bit png file named welcomehead.96.png in the /Windows directory. But I would like to change the T-Mobile first screen, too.
i am super new in these
but i tried like you described, nothing changed after a reset.
Works for me.
just convert your image in PNG format 24bit.
write the file name: welcomehead.96.png
do not forget the . between 96.
rotate the image and resize it to 320*240 EXACT size. you may need to change aspect ratio.
Then place the file on your storage card and from the storage card copy it or move it to the root windows directory.
Soft reset and enjoy.
damnation
i did it, as i read it, but there is still the beermug my adminfriend put when he changed the device from russian to english. blyadstvo.
nu shalomochka
i will try further
cizake said:
Works for me.
just convert your image in PNG format 24bit.
write the file name: welcomehead.96.png
do not forget the . between 96.
rotate the image and resize it to 320*240 EXACT size. you may need to change aspect ratio.
Then place the file on your storage card and from the storage card copy it or move it to the root windows directory.
Soft reset and enjoy.
Click to expand...
Click to collapse
Hi mate
are you saying i can change my tmobile splash screen to anything else..using your method?
do i need any special software or can i just change the image size etc then place it in the windows directory?
Thanks
Second splash screen
This procedure -- welcomehead.96.png -- replaces the second splash screen, which on my MDA says "Windows Mobile." You can replace that by pasting the right kind of file -- a png, 24 bit, 240 X 360 -- over the existing file. I used explorer on activesync, and then just "Cntl V" to past the file. I couldn't delete the original (it is protected) but just replaced it this way. A hard reset would recover the original, but this procedure survives a soft reset.
Replacing the first splash screen is more complicated. There are threads (search for splash_bmp_to_wizard) that tell you how to do it, but they only seem to work on the older ROMs, at least they don't work for me.
To change the 1st Splash Screen download this file:
ftp://xda:[email protected]/Wizard/Splash_images/SplashScreenStuff.zip
There's a ReadMe in the zip file, with these tools I replaced my 1st SplashScreen.
Regards,
Molski
molski said:
To change the 1st Splash Screen download this file:
ftp://xda:[email protected]/Wizard/Splash_images/SplashScreenStuff.zip
There's a ReadMe in the zip file, with these tools I replaced my 1st SplashScreen.
Click to expand...
Click to collapse
That really tests one's dedication to changing the splash screen.
Thanks!
molski said:
To change the 1st Splash Screen download this file:
ftp://xda:[email protected]/Wizard/Splash_images/SplashScreenStuff.zip
There's a ReadMe in the zip file, with these tools I replaced my 1st SplashScreen.
Regards,
Molski
Click to expand...
Click to collapse
Isn't there an easier, less complicated way?
Just read the ReadMe good. It's not hard to do
ITWRITEDISK problem
Hello, I was waiting for a long time for a post like this. I still have a question. Does this package handle the write protection (the ITWRITEDISK error message) of the new ROMs ? If someone would be so kind to confirm, then I will try it right away. Thank you all.
That is the allegation
My understanding is that molski's strategy does get around the writedisk error, since that was the problem I encountered.
Please post how it goes, I haven't had time to do this and the value seems low, since the screen is only on for 18 seconds on my unit. Changing the second screen was much easier and lasts a lot longer.
SplashScreenStuff and Checksum Error
I followed the steps from the tutorial. I ended up with the boot screen that showed my custom splash screen image, BUT ... on top of it there was the message "Formatting BinFS" and then at the bottom "CHECKSUM ERROR" and it wouldn't boot further on. PLEASE, could someone who has done it provide some support? I'm trying to change the splashscreen ( I could update the splashscreen before, with some ROMs that didn't have that write protection) for months now. PLEASE could someone help ?
Has anbody got this to work on 2.26.10.2 wwe?
Thanks
CHECKSUM error
It seems I cannot get rid of this "Checksum Error" message. I extracted the splash screen from the newly created ".nbf" with "TyphoonNbfTool_04.exe" and checked it - it's the one that I want to load. The device gets stuck at boot time with the new splash screen. PLEASE, can someone help with this error message?
This works
http://forum.xda-developers.com/viewtopic.php?t=52768&highlight=
How does it work?
Thank you for your reply. How does the splashes from this link work? I mean - can I change the splash screen with one I made or I have to use only the ones prepared by M. Faria?
His programs only install the splash screens illustrated there, I chose the bluish one. But there are also instructions on how to do your own.
Still cannot change splashscreen
I tried those ones, too, still I get the CHECKSUM ERROR message. I can reflash OK the device and it works OK, but any time I want to change the splashscreen with either LewCamino's or Faria's tool I get this message.
PLEASE HELP as I really don't know want to do any more. Thank you all!
I may have read the various tutorials wrong, because I have not been able to change the first (Tmo) screen in the 2.26 rom I am running.
Has anyone done this bootscreen change yet in the 2.26???
Any assistance would be appreciated.
Thanks.