dumprom offsets...
Looking at dumprom, I've managed to extract a bunch of files. It says that the offset of boot.bmp is at 800cafec, but this definitely does NOT match up where the file is. This is much larger that the image actually is.
Any help? Is the dumprom program wrong or am I just looking at the wrong spot?
Thanks!
bump?
it does not print the file offset, but the memory offset.
dumpxip.pl will tell you the fileoffset too.
willem
Related
Hi, I am trying to extract a file (actually, cplmain.,cpl) from a rom image. It all seems to work fine, but the size of the extracted file is lesser than the right one.
File seems to be truncated.
I did:
1) get the "B000FF" file (.bin), 24,856,907 bytes
2) Since dumprom seems not to "like" this format, I converted it using splitrom:
perl splirom.pl file.bin -wo file.rom
3) I don't know which format it generates to file to, but now dumprom works:
dumprom -d result file.rom > res.txt
4) A few snapshots of the file res.txt, regarding the file cplmain.cpl:
NOTE: section at fee73000 iso 00044000 for cplmain.cpl
806f5fe4 - 806f5ff0 L0000000c modname cplmain.cpl
8072d000 - 8076fe1c L00042e1c o32 region_0 rva=00001000 vsize=00042e1c real=02e61000 psize=00043000 f=60000020 for cplmain.cpl
80770000 - 8079e600 L0002e600 o32 region_3 rva=00048000 vsize=0002f000 real=02ea8000 psize=0002e600 f=40000040 for cplmain.cpl
808c7650 - 808c76bc L0000006c e32 struct 4 objs, img=212e entrypt=0000b408 base=02e60000 v4.20 tp9 cplmain.cpl
808c76bc - 808c771c L00000060 o32 struct cplmain.cpl
80a36870 - 80a36ff6 L00000786 o32 region_1 rva=00044000 vsize=00001800 real=01cd3000 psize=00000786 f=c0002040 for cplmain.cpl
80a4d0d8 - 80a4dffd L00000f25 o32 region_2 rva=00046000 vsize=00001ca8 real=02ea6000 psize=00000f25 f=40002040 for cplmain.cpl
80be2ed8 - 80be2ef8 L00000020 modent 20 00000005 01c3f9e1932529f0 486400 8119a000 cplmain.cpl
...............
5) Last line's "486400" is actually the *right* size of the file, but the real size of the extracted file (in directory "result") is 477,184.
I have not checked other files, since this is the one I am interested in.
Any idea?
Thanks in advance
XIP files would report incorrect size. Because they are XIP
If XIP files report wrong size (I guess you mean inside the very NB1 file), how can one fix this?
Spasiva!
I guess i am not using the same alignment of blocks in the reconstructed .exe file, as was used for constructing the rom.
it is not a really important issue, that the file is not exactly the same size.
there are also sections missing in the rom, that were in the original file, like the relocation information.
the main use of dumprom extracted modules, is that you can reverse engineer them with something like IDA. .. not that they are useful as real executables.
willem
Hi Willem,
Well the thing is that I need this file to be the right size. I agree that size is not important (that's what I actually say to my girlfriend ;-) ) as long as the extracted file's is greater, not lesser (which implies truncation) than the original's. The problem is that the file I got is smaller, so there is some missing data in.
Actually, I copy cplmain.cpl to the ppc as cplmain2.cpl, I do:
ctlpnl cplmain2.cpl,2 (for instance)
and it simply does not do anything.
Excuse my ignorance, but, what is IDA?
Dank u vel
IDA: http://www.datarescue.com/idabase/
you can't use a file extracted with dumprom on another device.
most executables and dll's ( and cpl's ) are fixed to work at a specific location in memory in one specific ROM. you can't use it on another device, it will most likely have a different memory layout.
willem
If you have two versions of the same DLL that are different only in code and data base addresses, you can restore the .reloc section and get a working DLL. I've wrote a simple program that when used with any relocation rebuilder tool would produce a working DLL. And even if DLL is not working, it is much easier to decompile it with IDA because it uses relocation information internally during analysis.
The DLLs should be exactly the same, for example they can be taken from the same ROM builds that differ only in language (of cause in this case DLLs should not be localized).
Anyone know how I can extract .nbf files? I need to see what is in this nbf file. Refer to this thread if you are curious
http://forum.xda-developers.com/viewtopic.php?p=250201#250201
Use the tools made by Buzz on this page:
http://buzzdev.net/index.php?option=com_content&task=view&id=65&Itemid=1
To see the contents of the nbf (converted to nba using the above method) file, you need to use these tools:
http://wiki.xda-developers.com/index.php?pagename=WM5EditROM
Its rather simple and hardly takes about 5 minutes for the whole thing
Cheers!
Thanx for the fast response. I gave it a go and it dosent seam to work. I get the .nba from the .nbf then when trying to
"prepare_imgfs.exe nk.nba"
I get this
"Searching for IMGFS start... Not found!"
I think that the .nbf is password protected. If anyone more gifted than me can help out with this one I know we will find a way to change the splash screen on all the newer (2.17 an so forth) ROMS.
Thanx again; Lew
then how do you extract NBF file from 8125 instead of NBA file ? Is there a way to do this ?
I would like input on this as well. I think we are missing a password here or something.
universaldoc said:
Use the tools made by Buzz on this page:
http://buzzdev.net/index.php?option=com_content&task=view&id=65&Itemid=1
Click to expand...
Click to collapse
I don't believe this works with (newer?) wizard nbf's.
Is there anyone here that could crack this would be "encryption" on the .nbf in question? I tried encoding my splash backup from aWizard using the project file from the "decoded" nk.nbf from "ruu_forcedalias_splash_245_425.exe" and it was a no go. It said that my storage was the wrong size for this ROM update (or something to the effect of NO). So it looks as if this nk.nbf from "ruu_forcedalias_splash_245_425.exe" is the key to unlocking the ability to change splash screens to custom images.
Later; Lew
u can try the tools in the attachment to extract files from image file.
the typho2 can extract parts from a SD card image, and the typhoonnbftool_04 can extract parts from a NBF file. they work well while do with the 1.x ROM, but I've never experienced it in extracting a 2.x ROM.
any exciting info, pls let me know,
Ok, good news, thanx to BrightMoonHeart I have been able to extract the BMP from the NBF using "typhoonnbftool_04.exe". The bad news is so far I can't seem to add an image (bmp) to the nbf or remove the current image. So this was a great step forward, just need a little help to get r done. I tried "typho2.exe" but I couldn't get it to do anything except give me the same info "typhoonnbftool_04.exe", It says it can extract the ".NBF" to an ".SPL" and that may allow us to edit it but I was not able to get it to convert. Any ideas guys? Always appreciated
Thanx; Lew
Ok I'm even closer now. I am using "typhoonnbfdecode.pl" and I can extract the ".nb" from the ".nbf". I can create custom splash using "nb_image_converter_859_418_826.exe" and make a ".nb" but when trying to put it back to ".nbf" i get this error
Code:
read 00030000 for splash from 92000000-Splash.nb
no sm signature at 0 in Splash
If anyone can help me out with any of this I would really appreciate it. I keep getting held up with all these conversions. I think some out there must know how to do this already, and I'm close but I keep hitting road blocks.
my head hurts; Lew
i know there are a lot of mortscipt experts on this forum. so i guess i should ask it here.
OK i have looked through the threads, google and the mort script manual but i cant find a way to extract the size of a file. i know i can see it under file properties. but is there a script to extract the file size.
thanks
joe
Its in the manual:
9.13.3 Get file size (FileSize)
x = FileSize( file name )
Returns the size of the file in bytes.
Furbious said:
Its in the manual:
9.13.3 Get file size (FileSize)
x = FileSize( file name )
Returns the size of the file in bytes.
Click to expand...
Click to collapse
Thank you very much, i do remember reading that but coudnt figure out the syntax for the script.
joe
Furbious said:
Its in the manual:
9.13.3 Get file size (FileSize)
x = FileSize( file name )
Returns the size of the file in bytes.
Click to expand...
Click to collapse
spoke too soon that is "not a valid function". and
9.13.3 returns file attributes like hidden,system file,read only file etc.(check attributes under file >>properties)
i need the file size.
so does anyone have another idea.
I don't think you are using the right syntax, or theres something wrong with your code.
Code:
x=filesize("\storage card\testfile.txt")
message(x)
Pops a message dialogue with the filesize, no errors
Furbious said:
I don't think you are using the right syntax, or theres something wrong with your code.
Code:
x=filesize("\storage card\testfile.txt")
message(x)
Pops a message dialogue with the filesize, no errors
Click to expand...
Click to collapse
I tried this exact script with mortscript 4 and it says
"Unknown function filesize"
i guess there is some different funtions in your version, I am using mortscriptv4, is yours different than mine?
and can someone else please try this simple script out and provide some feedback?
thankyou
joe
Get the newest version of MortScript at http://www.sto-helit.de/index.php?module=download&action=list&category=16
Currently newest is MortScript 4.01 beta 19
Hey guys. I need your help. I think that with our combined know how, we can achieve this.
The Herald formats its storage memory using the size of the os.nb within the nbh file. It completely ignores the actual partition table within the os.nb. The problem is that the flasher for the Herald and Atlas has a size requirement of 51.2mb. If the file is smaller than this, the ruu says the image is corrupt. I can pad the image with FF's but it will still use the physical size of the file. (This is an observation, I haven't had time to "test" out my assumption.)
Can someone help me figure out a way to hack the RUU to allow flashes of smaller size?
ANY help will be GREATLY appreciated.
Bump. Anyone willing to help? I've been trying to decompile the RomUpdateUtil to no avail. I don't have the tools and the knowhow.
At the very least does anyone know what tools I can use? All my decompiling tools only work on Win32 files.
Hi, guys!
I extracted 04_os.nb from excalibur (s620/t-mobile dash) rom.
I also have my personal os.nb0 file.
Question is what the difference beetween .nb and .nb0 files?
They seems to be similiar, except header and end of file.
I attached 2 pics of both file headers in hex. Can you please take a look?
I am really confused with this. Noone can answer..
Thanks,
Alexey