Related
Hello,
I would like to extract the T9 DLLs from a WM2005 image (WM2k5_1.60a_XDA2_HIMALAYA).
I found some related links:
http://forum.xda-developers.com/viewtopic.php?t=19569
http://www.xs4all.nl/~itsme/projects/xda/dumprom.html
http://www.xs4all.nl/~itsme/projects/xda/spv-romlayout.html
None of these links has helped me though. I did get the nk.nba file. Dumprom doesn't seem to support extracting files from this type of rom, and I don't understand what additional steps I need to go through to do this. Can anyone give some additional clues how I can extract T9*.dll?
I've tried the search function to find this, but didn't find anything really useful. It surprises me, as I thought it would be a common question. Please let me know if there is some description of this that I didn't find when searching.
see http://nah6.com/~itsme/cvs-xdadevtools/dumprom/rdmsflsh.pl
it is not yet completely finished, i still have to figure out how to decompress data.
you have to fiddle a bit with the parameter of the script i think
and you have to extract the mflsh50 image to a separate file first.
the script does not automatically find the starting offset of the msflsh50 filesystem.
and see http://www.xs4all.nl/~itsme/projects/perl/ for nbfutils.
willem
thanks for your help. sadly to say, this is a new area for me. I'd appriciate some more help if possible.
itsme said:
it is not yet completely finished, i still have to figure out how to decompress data.
Click to expand...
Click to collapse
Does that mean it's not yet possible to extract the dlls I asked for?
itsme said:
you have to fiddle a bit with the parameter of the script i think
and you have to extract the mflsh50 image to a separate file first.
the script does not automatically find the starting offset of the msflsh50 filesystem.
Click to expand...
Click to collapse
I think you lost me here . Should I first extract this msflsh50 file? (how?) Then proceed working with this file? A step-by-step guide would be much appriciated
i wrote a wiki page describing how to analyze the rom:
http://wiki.xda-developers.com/index.php?pagename=TyphoonWM2005_RomStructure
will make something similar for himalaya.
In this page , you wrote :
then you can extract the contents of the xip files using DumpRom
mkdir files1 files2
dumprom -5 -d files1 xip1.nb
dumprom -5 -d files2 xip2.nb
Click to expand...
Click to collapse
the "-5" option is in a new version of dumprom ?
TofClock said:
the "-5" option is in a new version of dumprom ?
Click to expand...
Click to collapse
Thanks! However it didn't work as I thought.
Here's what I did:
1. Downloaded "WM2k5_1.60a_XDA2_HIMALAYA.rar", and extracted "nk.nbf"
2. xda2nbftool -x NK.nbf NK.nba 0x20040304
3. dumprom -d files -5 -v nk.nba
Code:
img 00000000 : hdr=900c898c base=900c0000 commandlineoffset=9007ffc0
img 00180000 : hdr=80307a2c base=80040000 commandlineoffset=7fffffc0
block 1 added buf=00440020 02000040
NOTE: removing 941651ee from e32 struct for nk.exe
NOTE: section at 00082000 iso 00009000 for nk.exe
NOTE: section at 0000c000 iso 00009000 for nk.exe
ERROR: could not find pointer for ofs 80307a2c
invalid romhdr ofs 80307a2c
9007ffc0 - 90080000 L00000040 unknown
90080000 - 900c0000 L00040000 NUL
900c0000 - 900c0000 L00000000 rom_00 start
900c0000 - 900c0004 L00000004 JUMP to kernel start
900c0004 - 900c0040 L0000003c NUL
...
So this doesn't appear to work very well. Is nk.nba the same as nk.bin? What am I doing wrong?
THATS TOTALLY AWESOME itsme THANKS FOR CREATING THIS Script .. it is really COOL .. TNX ..
logan said:
TofClock said:
the "-5" option is in a new version of dumprom ?
Click to expand...
Click to collapse
So this doesn't appear to work very well. Is nk.nba the same as nk.bin? What am I doing wrong?
Click to expand...
Click to collapse
for the meantime you can successfully extract the kernel Files of Wm2005 using dumprom -5 .. and you can analyze and extract some files of MSFLASH section of Wm2005 using the rdmsflsh.pl and -t HIMA parameter
-toe
problem is that dumprom does not handle multiple XIP sections in one rom very well.
that is why you should first extract them using
Code:
dump wm2005.img -o 0x400 -e 0x200400 xip1.nb
dump wm2005.img -o 0x210000 -e 0x3e3278 xip2.nb
other than that, dumprom says 'ERROR' maybe a bit too often, when it is not really an error.
toenailed said:
logan said:
TofClock said:
the "-5" option is in a new version of dumprom ?
Click to expand...
Click to collapse
So this doesn't appear to work very well. Is nk.nba the same as nk.bin? What am I doing wrong?
Click to expand...
Click to collapse
for the meantime you can successfully extract the kernel Files of Wm2005 using dumprom -5 .. and you can analyze and extract some files of MSFLASH section of Wm2005 using the rdmsflsh.pl and -t HIMA parameter
-toe
Click to expand...
Click to collapse
My dumprom.exe does'nt support the "-5" option ....
A new version ?
tnx so much for the info .. itsme ..
anyway .. how about in himalaya .. this is wat i done .. using the nk.nba
Code:
dump nk.nba -o 0x40040 -e 0x80040 ipl.nb
dump nk.nba -o 0x80040 -e 0x1c0040 MSFLSH50_1.nb
dump nk.nba -o 0x1c0040 -e 0x500040 kernel.nb
dump nk.nba -o 0x500040 -e 0x2000040 MSFLSH50_2.nb
mkdir files1 files2
dumprom -5 -d files1 kernel.nb
rdmsflsh.pl -t HIMA -d files2 MSFLSH50_2.nb >MSFLSH50_2.log
... did i do it right?? ..
tnx
-toe
toenailed said:
anyway .. how about in himalaya .. this is wat i done .. using the nk.nba
Code:
dump nk.nba -o 0x40040 -e 0x80040 ipl.nb
dump nk.nba -o 0x80040 -e 0x1c0040 MSFLSH50_1.nb
dump nk.nba -o 0x1c0040 -e 0x500040 kernel.nb
dump nk.nba -o 0x500040 -e 0x2000040 MSFLSH50_2.nb
mkdir files1 files2
dumprom -5 -d files1 kernel.nb
rdmsflsh.pl -t HIMA -d files2 MSFLSH50_2.nb >MSFLSH50_2.log
...
-toe
Click to expand...
Click to collapse
Ok , i use this but ...
dump nk.nba -o 0x40040 -e 0x80040 ipl.nb --> OK , it makes a 256 Kb file
dump nk.nba -o 0x80040 -e 0x1c0040 MSFLSH50_1.nb --> OK , it makes a 1280 KB file
dump nk.nba -o 0x1c0040 -e 0x500040 kernel.nb --> OK , it makes a 3328 Kb file
dump nk.nba -o 0x500040 -e 0x2000040 MSFLSH50_2.nb --> OK , it makes a 27648 Kb file
mkdir files1 files2 --> OK for this
dumprom -5 -d files1 kernel.nb --> NOT OK , my version of dumprom.exe does not suppor the -5 option ... when i try to use it ,, i've got a screen 'help' that show me all available options :/
Where can i find the dumprom that use the '-5' option ?
Thanks
TofClock said:
Where can i find the dumprom that use the '-5' option ?
Click to expand...
Click to collapse
info: http://www.xs4all.nl/~itsme/projects/xda/dumprom.html
exe: http://www.xs4all.nl/~itsme/projects/xda/dumprom/dumprom.exe
logan said:
TofClock said:
Where can i find the dumprom that use the '-5' option ?
Click to expand...
Click to collapse
info: http://www.xs4all.nl/~itsme/projects/xda/dumprom.html
exe: http://www.xs4all.nl/~itsme/projects/xda/dumprom/dumprom.exe
Click to expand...
Click to collapse
Great thranks man
It works fine .... i'll try to cook the 1.60a rom of WM2005
TofClock said:
It works fine .... i'll try to cook the 1.60a rom of WM2005
Click to expand...
Click to collapse
Are you saying you managed to extract all files from "WM2k5_1.60a_XDA2_HIMALAYA.rar"? It didn't work for me
xda2nbftool -x NK.nbf NK.nba 0x20040304
dump nk.nba -o 0x40040 -e 0x80040 ipl.nb
dump nk.nba -o 0x80040 -e 0x1c0040 MSFLSH50_1.nb
dump nk.nba -o 0x1c0040 -e 0x500040 kernel.nb
dump nk.nba -o 0x500040 -e 0x2000040 MSFLSH50_2.nb
mkdir files_ipl files_MSFLSH50_1 files_kernel files_MSFLSH50_2
Click to expand...
Click to collapse
This works fine, at least no error indications.
dumprom -5 -d files_ipl ipl.nb
Click to expand...
Click to collapse
This extracts nk.exe (not sure if it's valid or not).
dumprom -5 -d files_kernel kernel.nb
Click to expand...
Click to collapse
This extract a bunch of files, they seem valid (I can see some exports from the dlls etc)
dumprom -5 -d files_MSFLSH50_1 MSFLSH50_1.nb
Click to expand...
Click to collapse
This gives an error message: unable to determine loading offset for MSFLSH50_1.nb
dumprom -5 -d files_MSFLSH50_2 MSFLSH50_2.nb
Click to expand...
Click to collapse
This just hangs forever eating all my CPU
Any ideas? Can anyone share the T9 dlls?
files_MSFLSH50_2 MSFLSH50_2.nb
is not a XIP type rom section.
you can extract it partially using rdmsflsh.pl, but rdmsflsh.pl is not entirely finished. it cannot extract compressed files.
toenailed said:
dump nk.nba -o 0x40040 -e 0x80040 ipl.nb
dump nk.nba -o 0x80040 -e 0x1c0040 MSFLSH50_1.nb
dump nk.nba -o 0x1c0040 -e 0x500040 kernel.nb
dump nk.nba -o 0x500040 -e 0x2000040 MSFLSH50_2.nb
Click to expand...
Click to collapse
Why i can't use dump? dump=dumprom?
I have try
dump nk.nba -o 0x40040 -e 0x80040 ipl.nb
and
dumprom nk.nba -o 0x40040 -e 0x80040 ipl.nb
but it is error
itsme , can yu help me on how to instal the XdaDev::NbfUtils module ...
it's necessary to use the rdmsflsh.pl ...
i've been look your site but i don't understand :/
khengvantha said:
toenailed said:
dump nk.nba -o 0x40040 -e 0x80040 ipl.nb
dump nk.nba -o 0x80040 -e 0x1c0040 MSFLSH50_1.nb
dump nk.nba -o 0x1c0040 -e 0x500040 kernel.nb
dump nk.nba -o 0x500040 -e 0x2000040 MSFLSH50_2.nb
Click to expand...
Click to collapse
Why i can't use dump? dump=dumprom?
I have try
dump nk.nba -o 0x40040 -e 0x80040 ipl.nb
and
dumprom nk.nba -o 0x40040 -e 0x80040 ipl.nb
but it is error
Click to expand...
Click to collapse
dump is not same as dumprom ....
you can download dump.exe HERE
and dumprom.exe with the "-5" option usable HERE
Ok , i've succefully installed the XdaDev::NbfUtils package
But i'm unable to extract files from MSFLSH50_2.nb
The script says to me
00000200: magic =00000000 != 2f5314ce
at M:\Qtek\MAGNETO\WM2k5_1.50i.96_XDA2_HIMALAYA\rdmsflsh.pl line 123
Click to expand...
Click to collapse
but no file in files2 :/
@TofClock
im so sorry if i mislead you ..
it should be "-t hima" not "-t HIMA" not capital letter as
Code:
perl rdmsflsh.pl -t hima -d files2 MSFLSH50_2.nb >MSFLSH50_2.log
make sure also to run the vcvars32.bat .. ..
-toe
Hi,
I am experiencing some problems using dumprom. I downloaded it and extracted the content of an exe updater to get the "nk.nbf" os rom (w2k3).
After that, I tried ... :
Code:
dumprom nk.nbf -v -d toto
... to extract the content of this os rom but nothing happens ... dumprom seems to launch because the dos promt doesn't reappear and i need to quit using ctrl+c.
How can I extract files from 1.4x "nk.nbf" os rom (w2k3) ?
Thanks in advance,
Tristan
dumprom is working only with nk.nba files ...
you have to decompress nk.nbf in nk.nba with xda2nbftool or xda3 nbftool
First, thanks for your reply.
I tried to use xda3nbftool with the nk.nbf file I want to use but I got an error saying the password seems to be incorrect :
Code:
D:\HTC\ROMs\2003\BA_TMNL_14200_115_11300_Ship>xda3nbftool -x -t NK.nbf
xda3nbftool -x NK.nbf NK.nba 0xef29def0
WARNING: this does not look like a nbf header, possible you provided the wrong p
assword
xda3nbftool -x ms_.nbf ms_.nba 0x8e86c6cc
WARNING: this does not look like a nbf header, possible you provided the wrong p
assword
If I use the outputed nk.nba file, I got the same error ... dumprom hanging ...
I also tried to use the "Blue Angel Extended ROM Tool.exe" tool and got a nk.fat file but when I tried the dumprom tool on it, I got an error message :
Code:
D:\HTC\ROMs\2003\RUU_2.2_OrangeFR_v5.31.2.138_ship>dumprom nk.fat -v -d dump
unable to determine loading offset for nk.fat
I saw on Wiki that this tool only works with type I rom and the rom I am playing with is type II. They are talking about some tricks but I don't find them in the Wiki. If someone, know how to trick type II rom ...
No idea ?
Hi All,
I am trying to extract the xip.bin portion from the NK.NBA file (mpx200).
When I use rommaster I get an xip.bin file which I can use with XIPPORT but I don't like the size of this file. I do get usable files as output from XIPPORT
I use:
ROMMASTER -w 5 -b 0x001000 nk.nba -x -o xip.bin
it produces:
C:\romtool\XIPtool>rommaster -w 5 -b 0x01000 nk.nba -x -o xip.bin
[Info] It is a common ROM.
[Warning] o32_rom(0x820c5ea0)'s o32_data at 0x00000000 is zero.
[Warning] Found dif-referenced region [OLD] Address=0x821732a0 Length=0x00
014e00 ObjectType=0x00200000
[Warning] Found dif-referenced region [New] Address=0x821732a0 Length=0x00
014e00 ObjectType=0x00008000
[Warning] Memory Block(0x80141000,0x8019ad0c) overlap with Block(0x80142d3
c,0x80142d68).
[Info] New rom filename is 'xip.bin'.
xip.bin is now 33.936.532 bytes ?? it should not be so big ??
Using the file with XIPPORT produces about 1,78 Mb of usable data. I can unpack and pack the modules and files just fine.. creating an xip_out.bin however is not the same size
xip_out.bin is 33.927.840 bytes ??
Any ideas what I'm doing wrong???
Thanks
Thanks to all the ROM Guru's for not keeping this secret
I thought that you guys would be happy when someone is still interested in supporting this old device ??
Anyway to answer my own question:
dump -o 0x140000 nk.nba xip.bin
use this xip.bin in xipport
dump / add / delete / modify as required
write address in xipport 140000
write back in nk.nba
For what you do it?
For istall WM 6.1 ?
EDIT: progress in post #10
I'm trying to reconstruct my own Polaris ROM for warranty purposes. It's been a quest, since the information is very fragmented. So in this post I'm trying to get all the information together and also ask a question. So far I have managed to do this:
I have extracted the RAW files from my device with pdocread from this thread, executing from the command prompt:
Code:
pdocread -w -d FLASHDR -b 0x800 -p Part00 0 0x31f000 Part00.raw
pdocread -w -d FLASHDR -b 0x800 -p Part01 0 0x380000 Part01.raw
pdocread -w -d FLASHDR -b 0x800 -p Part02 0 0x4560000 Part02.raw
pdocread -w -d FLASHDR -b 0x800 -p Part03 0 0x8660000 Part03.raw
That gave me Part00.raw, Part01.raw, Part02.raw and Part03.raw.
Then I put Part01.raw and Part02.raw in the BaseRom folder of the Kaiserkitchen_01-20-08, according to this thread. I also put the RUU_signed.nbh file there from a ROM I downloaded. That happens to be a 1.28.404.2 Dutch ROM I downloaded from here, my current ROM is Dutch 1.27.404.1, so not the same.
Then I choose option e; b and finally d in the Kaiser Kitchen (running KAISERKITCHEN.CMD) and it creates an OS.NB file and a XIP folder in the ROM folder.
I would like to proceed with extracting the OS.NB file (that's what I need right?) using ImgfsTools 2.1rc2 using the commands according to udk's post:
Code:
nbsplit -kaiser OS.nb
imgfsfromnb OS.nb.payload imgfs.bin
imgfstodump imgfs.bin
and then use package tool to create the OEM and SYS folders that can be used in the Polaris kitchen.
However, when I do a binary compare of the OS.NB file created by the Kaiser Kitchen and the OS.NB file I can extract from the 1.28.404.2 RUU_signed.nbh (using NBH extract) they are exactly the same! So somehow, the Kaiser Kitchen is not taking anything from my dumped ROM's RAW files, but everything from the downloaded 1.28.404.2 RUU_signed.nbh. What am I doing wrong?
Thanks!
deechte said:
I also put the RUU_signed.nbh file there from a ROM I downloaded. That happens to be a 1.28.404.2 Dutch ROM I downloaded from here
Click to expand...
Click to collapse
I think you have to use an original WWE baseROM, but i might be wrong.
As a ROM cooking newbie, I don't actually understand why the RUU_signed.nbh is needed anyway. Isn't everything present in the dump I made? So how can my reconstructed ROM be identical to the original if it contains parts from another ROM?
Sorry, still learning...
If you are sending your phone back for warranty reasons you will need to put it back to all it's origional settings...
You will need to flash the origional Splash Screen, and flash the origional rom (assuming the Netherlands is the country you purchased the phone from, you will need the dutch one). The origional Dutch rom can be found here - http://forum.xda-developers.com/showthread.php?t=416165
You will then need to flash your origional SPL. How to flash origional SPL can be found here - http://forum.xda-developers.com/showthread.php?t=381600
Good Luck
tvrtim said:
You will need to flash the origional Splash Screen, and flash the origional rom (assuming the Netherlands is the country you purchased the phone from, you will need the dutch one). The origional Dutch rom can be found here - http://forum.xda-developers.com/showthread.php?t=416165
You will then need to flash your origional SPL. How to flash origional SPL can be found here - http://forum.xda-developers.com/showthread.php?t=381600
Click to expand...
Click to collapse
Thanks for your reaction. The problem is that the dutch ROM in that thread is not the same as mine, neither is the radio ROM. So it won't take my device back to it's original settings. That's why I wanted to use that one in combination with the raw files from my own device.
SPL is the next problem. I know I have to go back to the original one too. However, the thread only offers SPL 1.25.0000 and 1.28.0000, mine is supposed to be 1.27.0000.
have you made any progres from your last post ?
i would be interested in this procedure aswell.
Ravest.
Unfortunately not. I'm still hoping some experienced cook will take a look at it. I think it would be nice if there would be a complete procedure for how to do this in this post. Right now it's a big puzzle.
Why do you really want to get to the original ROM? Is there a chance that HTC knew wich Radio version they did put on your Polaris?
No offence btw... I really don't know
EbOoZ said:
Is there a chance that HTC knew wich Radio version they did put on your Polaris?
Click to expand...
Click to collapse
I'm guessing they can know that. Futhermore, when I understand how to do this I can proceed modifying ROM's. I'd just like to learn.
Okay, it appeared I was doing some thing wrong. First of all, the pdocread commands were wrong cause I copied them from the Kaiser thread. You have to execute
Code:
pdocread.exe -l
first, with your Polaris connected via USB (no USB-hubs!). Then read the numbers that appear there, that appear coloured in this thread.
So then I had to do:
I have extracted the RAW files from my device with pdocread from this thread, executing from the command prompt:
Code:
pdocread -w -d FLASHDR -b 0x800 -p Part00 0 0x[COLOR="Red"][B]31f000[/B][/COLOR] Part00.raw
pdocread -w -d FLASHDR -b 0x800 -p Part01 0 0x[COLOR="Red"][B]3c0000[/B][/COLOR] Part01.raw
pdocread -w -d FLASHDR -b 0x800 -p Part02 0 0x[COLOR="Red"][B]5d40000[/B][/COLOR] Part02.raw
pdocread -w -d FLASHDR -b 0x800 -p Part03 0 0x[COLOR="Red"][B]6f40000[/B][/COLOR] Part03.raw
That gave me the correct Part00.raw, Part01.raw, Part02.raw and Part03.raw.
Then I put Part01.raw and Part02.raw in the BaseRom folder of the Kaiserkitchen_01-20-08, according to this thread. I also put the RUU_signed.nbh file there from the official WM6.0 RUU_Polaris_HTC_WWE_1.25.405.1_radio_sign_25.65.30.04_1.58.21.23_Ship ROM I downloaded. My current ROM is Dutch 1.27.404.1, so definitely not the same.
Then I executed KAISERKITCHEN.CMD and chose all the options subsequently, as described by jcespi2005 in this thread (so successively: e, b (for dumped ROM), c, b, choose BuildOS tab, Load ROM option, Choose the KaiserKitchen folder, Go > Option, Close BuildOS, in the HRT choose ROM Builder, Choose Kaiser in device list (then for Polaris enter POLA**** instead of KAIS**** under model ID, in the System button (looks like this: ...) choose the os-new.NB file from the Kaiser Kitchen folder, press the BuildROM button and save as RUU_signed.NBH). When I started this thread I only chose e and b and then ended the Kitchen, cause I thought that would be enough to reconstruct, but clearly it isn't.
I ended up with a RUU_signed.NBH that appears to contain MY dutch 1.27.404.1 ROM. How do I know that without having flashed it to my device yet? I extracted the nbh file again with NBHextract (you get 00_OS.nb, rename that to OS.nb) and dumped OS.nb with ImgfsTools 2.1rc2 using the commands according to udk's post:
Code:
nbsplit -kaiser OS.nb
imgfsfromnb OS.nb.payload imgfs.bin
imgfstodump imgfs.bin
Opened the /ImgfsTools/dump/ folder with package tools and it says it's a dutch ROM!
Now, I'll flash it to see if it works.
I hope this detailed howto makes it possible for others to reconstruct their ROM too. Let me know! Mind you, I only used the Kaiserkitchen to do this, no Polariskitchen. I think I will be needing that one though to make changes to ROM's in the future. But at least I have my original ROM now. Next step is to see if I can reconstruct the radio part too.
***** I'm no experienced chef, so the information above may not be right or complete. I'm just trying to get a grip on this stuff and to learn and I'm sharing my experiences. ROM cooking and flashing are your own risk. I take no responsability in any damage to your device.*****
Okay, I flashed my device to udk's Diamond R8, and then back to my own original ROM. Then hard reset and yeehaa, it works, almost. My device boots up normally and everything is back the way it was, in dutch. Except for some small things:
The HTC Home Plugin is absent on the today screen after the hard reset. I can select it to appear in the settings. Then it does appear, but it's totally empty. Just a grey empty space where all the tabs used to be. All other applications are in the start menu and appear to be working fine.
I wanted to see an overview of the listed ROM-version, radio-version etc, so went to settings > system. However the "device info" (I think that would be the english translation) option wasn't there anymore.
So somehow, my ROM is almost fine, but just not completely. What am I doing wrong?
I'm learning rom building.
I used Rommaster.exe to extract XIP.BIN from nk.nba.But nothing (had not xip.bin-no thing).I made Bat file with code:
Code:
RomMaster.exe -w 5 -b 0x001C0080 nk.nba -x -o xip.bin >nul
mkdir XIP
dumprom xip.bin -5 -d XIP >nul
But only XIP Folder was made.In XIP folder- no thing.
=>>>Please help me how to extract XIP.BIN From nk.nba???
Thanks a lot.
Please help me how to extract XIP.BIN From nk.nba???
I made XIP.BIN successfully.