Related
The WM5.0 emulator is working on my PC.
Japanese Emu, S-Chinese emu, and T-CHinese, emulator. also english.
i want dll, mui, exe files from them, to make Japenese or chinese WM5.0
on my Himalaya with english WM5.
Hope someone can help to dump it or make dump tool.
i have a dump tool my friend made for WM2003 emulator, so not worked for WM5.0.
if need emulator image from WM5.0 SDK, i will upload i them.
Please help!
ms would be pretty stupid if they made it possible for one to unload a real rom image from an enulator
as far as i know then all roms have to be 100% made / "compiled" for each pda to work
so unless that emulator was using an 100% image of the rom for the device you want to upload it to later
i doubt it would work
Rudegar said:
ms would be pretty stupid if they made it possible for one to unload a real rom image from an enulator
as far as i know then all roms have to be 100% made / "compiled" for each pda to work
so unless that emulator was using an 100% image of the rom for the device you want to upload it to later
i doubt it would work
Click to expand...
Click to collapse
thanks for your comment,
but plese dont worry i want just take the resourcese from dll or exe, to make mui files to pretend interface of OS.
i used this way to make japanese OS on my Blue Angel with PPC2003se.
Mr, Mamaichi teached this way to me in the past.
for your refference
http://asukal.seesaa.net/article/6114096.html
http://asukal.seesaa.net/article/5052836.html
Japanese site, but you can see the JPGs
ooh got a bit confused then i guess
Asukal
You can dump the ROM image from WM5 emulator with a normal dumprom tool, but first you need to convert image from B000F to the NB format with the command:
perl splitrom.pl PPC_USA_GSM_VR.BIN -wo ROM.BIN -oe 0x82000000
and then dump it as a normal rom:
dumprom.exe ROM.BIN -5 -d C:\ROM_DUMP
I've tested that on english version of emulator.
you'll need splitrom.pl script and a new build of dumprom tool from itsme.
Mamaichi>>>
thanks for your information!
i will try it!!
Thanks Mamaich!
after i got your private message and done it!
i got dumped roms files form mnu!
@Japanese OS image
@Simple chinese OS image
@Smart phone (WM5) japanese image
after succesfull them, the splitrom have error on following emu image.
@English OS image
@Traditional OS image.
i dont know why???
may try to restart windows system and try again
any way, i got it!
thanks!
hi Asukal,
can you please give me the links to your emu images?
i'm too lazy to search.. ;o)))
thanx
buzz
Yes, why not!
Here it it!
http://www.asukal.jp/ROMs/PPC_USA_GSM_VR.rar
20MB <not dumped yet>
i could dumed english image also.
here it it!
http://www.asukal.jp/ROMs/SDK_ENG.rar (17.32MB) dumped files
i dont know why i couldnt up load this as attachment???? :shock:
so i must use my own server :?
Asukal said:
after succesfull them, the splitrom have error on following emu image.
@English OS image
@Traditional OS image.
Click to expand...
Click to collapse
what is the error text? I've dumped english ROM without errors
to mr,mamaich
i got successfult to dump english SDK emu rom after that.
But i took Bin from SDK in another computer.
I guess Bin file which i tryied dump at beggining was broken or have some problem??
or i have already opened and drove this emu image on the Emulator many times so it was not default already.
i have never tried again about T-CHinese Bin.
i think it can be possible if i took out another T-Chinese bin from another SDK.
the error text was...... cant remember exactry because i left that computer coz i am trip in europe now.
maybe.....
This image files has incorrect(or invalid) boot image.....or some like that.
sorry my late rplay.
I am in Germany now and have to visit Milan and paris after here.
thanks
MUI's in wm2005
Hi, everybody!
I followed this thread and successfully created some MUI's for 2005 (I think) but I can't get the device to load them. I tried changing the registry settings (worked for 2003se) but it didn't help.
No changes I made are visible and the files can be deleted, so I guess they are just ignored for some reason.
Can anyone help please :?:
Thank a lot!
that is true, also cant do that.
keep on studying now.
Something different from WM2003!
MUI security signature?
Hallow again!
I think the problem might be with the digital signature Microsoft now requires. :idea:
Also I made the following experiment:
I put the resources in 2003SE MUI officeres and btres and it did load, but when I tried it with shellres or coresres it didn't work.
I think it won't load unsigned system files…
Any ideas?
Any leads will be greatly appreciated!
:lol:
Re: MUI's in wm2005
levenum said:
Hi, everybody!
I followed this thread and successfully created some MUI's for 2005 (I think) but I can't get the device to load them. I tried changing the registry settings (worked for 2003se) but it didn't help.
No changes I made are visible and the files can be deleted, so I guess they are just ignored for some reason.
Can anyone help please :?:
Thank a lot!
Click to expand...
Click to collapse
because on 2003, files are copied to RAM. on 2005 are used directly from ROM.
buzz
Re: MUI's in wm2005
buzz_lightyear. 2005 can also load dlls to RAM, for example when they are started from storage card or built-in storage.
There maybe one more reason. The DLL may be not loaded if your resource DLL does not have some resources that the original DLL has. Or if your DLL is somehow incorrect. You should make a program that calls LoadLibrary() for your MUI DLL and check the error code if it does not load.
For MS Smartphones there was a registry key that allowed to run unsigned applications. Maybe the similar method exists for WM5.
Asukal. I've attached the program that would try to dump shellres.dll of your device to \storage card\shellres.dll. I've tested the program only under emulator, on the real device it may crash.
If it would not crash - you should look into the produced DLL to examine its resources. This dumper would produce DLLs that are unable to load (they have no relocations information), and their size is larger than it should be, but resources should be extracted correctly.
PM me if the program crashes. And it probably would crash. I'll try to do something.
Mr,Buzz and Mr,Mamaichi!
thanks your comments, and i have just back from Paris and too tired to try mamaichi`s testwm5.exe
aftre sleep while, i will try it! (i dont afraid crash! glad to be sarifice!
I'd recommend you to try this tool - http://forum.xda-developers.com/viewtopic.php?t=23520&start=25#152044
To mr,mamaich
The first attached testWM5.exe dumped only dump.dll(?)
the second TESTWM5.exe of the link can extraxt installed files also, and RAM files can be dumped.too.
but not crashed.
i will remake MUI file and test it!
Thanks!
Is there a way to override a rom file?
I found welcomehead.192.png the windows boot screen, not the initial imate one, the blue windows one, ive edited the png, but cant replace the file as it is in rom, any suggestions as how to do this? or is it wait until someone works out how to open the nbf file and then change that way?
Theres nothing in the registry that i can find that points to this file
anyone?
just overwrite the file with the same name. ignore errors
1. As sama says, just use a proper file explorer (Resco/Total) to overwrite the ROM file. If you delete the new file the old one will still be there in ROM.
2. The ROMs can be decoded, you can change the ROM then flash it. This is not a safe thing to do, and is complicated. However, this is a total waste of time (hours) for a 100KB image file unless you really can't afford 100KB in your Programs Memory.
3. If you want, you can also change the "initial imate one" too. Buzz has the tools and instructions on his site (http://buzzdev.net). This will be a flash job, but takes up no space and a hard reset won't wipe it.
Hope this helps.
Anyone know how I can extract .nbf files? I need to see what is in this nbf file. Refer to this thread if you are curious
http://forum.xda-developers.com/viewtopic.php?p=250201#250201
Use the tools made by Buzz on this page:
http://buzzdev.net/index.php?option=com_content&task=view&id=65&Itemid=1
To see the contents of the nbf (converted to nba using the above method) file, you need to use these tools:
http://wiki.xda-developers.com/index.php?pagename=WM5EditROM
Its rather simple and hardly takes about 5 minutes for the whole thing
Cheers!
Thanx for the fast response. I gave it a go and it dosent seam to work. I get the .nba from the .nbf then when trying to
"prepare_imgfs.exe nk.nba"
I get this
"Searching for IMGFS start... Not found!"
I think that the .nbf is password protected. If anyone more gifted than me can help out with this one I know we will find a way to change the splash screen on all the newer (2.17 an so forth) ROMS.
Thanx again; Lew
then how do you extract NBF file from 8125 instead of NBA file ? Is there a way to do this ?
I would like input on this as well. I think we are missing a password here or something.
universaldoc said:
Use the tools made by Buzz on this page:
http://buzzdev.net/index.php?option=com_content&task=view&id=65&Itemid=1
Click to expand...
Click to collapse
I don't believe this works with (newer?) wizard nbf's.
Is there anyone here that could crack this would be "encryption" on the .nbf in question? I tried encoding my splash backup from aWizard using the project file from the "decoded" nk.nbf from "ruu_forcedalias_splash_245_425.exe" and it was a no go. It said that my storage was the wrong size for this ROM update (or something to the effect of NO). So it looks as if this nk.nbf from "ruu_forcedalias_splash_245_425.exe" is the key to unlocking the ability to change splash screens to custom images.
Later; Lew
u can try the tools in the attachment to extract files from image file.
the typho2 can extract parts from a SD card image, and the typhoonnbftool_04 can extract parts from a NBF file. they work well while do with the 1.x ROM, but I've never experienced it in extracting a 2.x ROM.
any exciting info, pls let me know,
Ok, good news, thanx to BrightMoonHeart I have been able to extract the BMP from the NBF using "typhoonnbftool_04.exe". The bad news is so far I can't seem to add an image (bmp) to the nbf or remove the current image. So this was a great step forward, just need a little help to get r done. I tried "typho2.exe" but I couldn't get it to do anything except give me the same info "typhoonnbftool_04.exe", It says it can extract the ".NBF" to an ".SPL" and that may allow us to edit it but I was not able to get it to convert. Any ideas guys? Always appreciated
Thanx; Lew
Ok I'm even closer now. I am using "typhoonnbfdecode.pl" and I can extract the ".nb" from the ".nbf". I can create custom splash using "nb_image_converter_859_418_826.exe" and make a ".nb" but when trying to put it back to ".nbf" i get this error
Code:
read 00030000 for splash from 92000000-Splash.nb
no sm signature at 0 in Splash
If anyone can help me out with any of this I would really appreciate it. I keep getting held up with all these conversions. I think some out there must know how to do this already, and I'm close but I keep hitting road blocks.
my head hurts; Lew
Hello!
Thanks to ppl from this forum I've managed to assemble from various sources files required to dump, build and flash back to device WM6 English ROM. It is not a "plug & play" style kitchen yet, so I call it "ROM Kitchen essentials"
Most of files are made by other people. Mine part was converter and flasher hacking. As for now, you have to edit dumped ROM absolutely manually. There are no support for initflashes.dat automatisation. You may want to use rgucomp to make changes to default.hv and user.hv.
Thanks goes to (not in any order )
trinca
mamaich
bepe
itsme
faria
double_ofour
yhauwang
and many others...
Actual version is 0.1 and RAR archive is about 50Mb.
All required files (including WM6 Eng ROM distribution and flasher) can be downloaded from:
h**p://www.r*pidshare.com/files/47189318/Juggler_Samsung_WM6_Eng_ROM_Kitchen_0.1.rar.html
You also may want to download original WM6 English ROM from here:
h**p://r*pidshare.com/files/45439904/Juggler_WM6_i718ZMGF4_PDA_Eng.rar.html
And radio firmware (required for some i71x to work with WM6):
h**p://r*pidshare.com/files/45950071/Juggler_WM6_i718ZMGF4_Phone_Eng.rar.html
In case somebody don't know how to flash Samsungs i71x:
Make backup!
Have your your firmware at hand so in case of troubles you can flash your original firmware back!
Turn off device.
Disable all ActiveSync connectivity (usb, comm, etc).
Run flasher and click start.
Hold "down" button on device and turn it on while holding "down".
Flasher recongnize it and start to flash.
After flashing make a hard reset.
If GPRS/EDGE do not work your radio firmware is not compatible with new WM6. You have to go back to your original firmware or flash new radio!
To flash new radio firmware you should have SPECIAL FLASHING CABLE for samsung phones! It is not the one that comes with device!
Now you have options to buy such cable, build one yourself, flash your original fimware back or continue using WM6 without GPRS/EDGE - it is your choice.
So - to flash WM6 you need usual usb cable. New WM6 probably work with your radio. If not - you should flash radio!
Special flashing cable is the cable with USB-Serial adapter or plain serial cable:
h**p://www.fonefunshop.co.uk/datacables/samsung.htm
Search for UNLOCK / FLASH CABLES and you'll see
"Samsung D800 - T809 - E900 - D900 USB Cable
This cable is needed to unlock / flash the Samsung D800 - T809 - E900 - D900 etc."
Notice the difference with the usual USB cable supplied with device!
Have you read my thread on the Samsung i60x?
Hello, there,
Please refer to this thread:
http://forum.xda-developers.com/showthread.php?t=316647
It seems very familiar to the i600. I will download your image just for the sake of taking a look... The ROM with header B000FF is prepared with the Romimage tool from the MS WCE IDE and is named the Run-time image, the nb0 ROM (that works with the WM5 kitchen) is prepared by Romimage by splitting the nb0 ROM in 128 KB records, a header is added containing start address, record length and Checksum 32. Then all this chunks are added together and compressed with another tool named compbin, the "encryption" you are seeing is no other than the aftermath of this compbin tool.
If you read myu thread you will find I was able to extract the flat image using cvrtbin (also another MS tool that comes with visual studio) you may grab a copy from here:
http://www.toradex.com/colibri_downloads/Linux/linux_to_wince/?D=D
Then you will be able to use the common tools from xda-developers such as prepare_imgfs (with the switch -acer) and so on.
Making the ROM back to the B000FF format is going to be the trouble. Again, read the thread.
There is also an excellent article on Mobilepro BIN roms made by cmonex, you can get a copy of that tutorial inside his Romtool packege, get it from here:
http://hpcmonex.net/nec900/files/releases/romtoolpack.zip
Be informed the Mobilepro ROM is very different in the way the Runtime file is organized, however is the best resource I have seen so far.
Besides, there are some really good tools inside that package
Best regards and start cooking!
trinca
Thanks trinca, at least I have something to read to start with. But the first thing a can't figure out how correctly RIP rom image from EXE file and then after modifing it PUT it back to flasher. There s.b. some proprietary tools for samsung phones or pdas.
Extracting the i718 ROM image: a suggestion
JugglerLKR said:
Thanks trinca, at least I have something to read ...
Click to expand...
Click to collapse
My friend, we are all navigating uncharted waters..., this requires some research, and the courage to flash the phone with the outcome of your research.
Please read my post:
http://forum.xda-developers.com/showthread.php?p=1371344#post1371344
It will give you a hint on how I found out how to extract the O/S payloads for the i60x, pretty sure it may work for your model as well. A quick look to your executable shows the arrangement may be similar, I would say for the i718, the O/S ROM is located last as it is on the i60x, starting at address 0x01620000 now, just by looking for the end indicator (following the string B000F, 0x0A, 0x00000000 which is the ROM start address, 0x00CA5F03 which should be the offset -little endian-, actually would be 035FCA00), however be noticed the runtime image is compressed using compbin during preparation, therefore I would guess is a little more beyond. You may have to do some research here.
Start by cutting the area surrounding such an offset and use viewbin to determine the offset length and cvrtbin to find if your cut was successful.
BTW it would be nice to find a tool to just decompress B000FF Runtime ROMS. (differently of what it does cvrtbin converting and decompressing Runtime images)
One other thing you may do is to use xdautils, you may find those here:
http://wiki.xda-developers.com/index.php?pagename=XdaUtils.
This collection of utilities has pdocread allowing you to extract the contents of raw partitions in the pda. Make sure to use the handle to extract each raw partition.
Regards,
Trinca
I had no success with cvrtbin. How to decompress image after compbin? I've found pdocread and put it to phone, but it won't work :-( Are there any tools to dump ROM to flash card or something like that?
JugglerLKR said:
I had no success with cvrtbin. How to decompress image after compbin? I've found pdocread and put it to phone, but it won't work :-( Are there any tools to dump ROM to flash card or something like that?
Click to expand...
Click to collapse
To decompress the image:
Get a tool named viewbin, also part of the MS PE, run it on your file and will tell you the start address and the offset of the img files. THen use this information with cvrtbin. If viewbin reports the start address is 0, then use 1 in cvrtbin, otherwise the extraction will fail.
To use PDOCREAD, you run it from your computer, it will install itsutils.dll in your phone and you must accept this in the smartphone. Your phone must be unlocked to do that and the policies set to allow unsigned applications to be installed in your phone. TO accomplish the above you need to modify the registry on the phone. See how it is done here:
http://www.modaco.com/index.php?showtopic=244205
TO dump the ROM with PDOCREAD, see a detailed procedure here:
http://wiki.xda-developers.com/index.php?pagename=Hermes_HowtoDumpRom
Be informed some phones like the i607 require the disk kernel handle, reported with pdocread -l, if you follow the procedure in the above link with no results, then add the disk handle.
Wish you good luck....
CAn Anybody help PLEASE????
I have a i718 but was bought in China and the OS is in Chinese. The blur me can only read English. Is the ROM in English? If I were to download it (still struggling now with the russian words), how can I change it? All I need is the phone to be in English. I do not need to improve anything as WM5 is good enough. I know I am a newbie and I might not be in the right thread. Can anybody please help? Any links to show "how-to-change the ROM" would be most appreciated. Thank you in advance
Your phone is also known as i710
Your phone Samsung i718 is the chinese version of the Samsung i710, all you have to do is to install the phone serial/modem drivers from the companion CD and place the phone in bootloader mode. If you get the ROM package cited above in the first post of this thread by JugglerLKR you will find complete instructions on how to download the ROM into your phone.
Good Luck!
Thank you
Thank you very much for the quick response sir! Really appreciate it. I finally managed to download the ROM and will give it a go this weekend. Wish me luck. I will be reading more to make sure I am doing the right thing as I am definitely a nOObie. First time flashing a phone .
I looked at the CD that came with my phone and the only thing I see is the ActiveSync 4.2. Worse of all, everthing seems to be in Chinese. Guess I have to do more research to see where I can get the drivers you mentioned. There are also alot of things I do not understand like bootloader, how to do a hard reset, etc. I will continue searching and reading and will post the development of my virgin "flash" as I move along.
Thank you once again.
Trinca - so I dumped my ROM from device to .raw files. What can I do with them now? viewbin shows only zeros on b000f .bin image extracted using winhex from .exe
Use Mamaich's ROM Kitchen
You can find instructions to do some cooking and tools here:
http://forum.xda-developers.com/showthread.php?t=249836
This is self-explanatory, tell me if this is enough or you need some extra info. Once finished, the trouble would be to put that back in B000FF format for flashing, as there is no tool to do that yet, and you can't just download a raw image back into the phone. The Runtime image is formed as follows:
Byte---->--1--2--3--4---5--6--7--8---9--10--11--12--<----------- 128KB------------>
Record 0> 42-30-30-30-46-46-06 <Start add> <lenght of ROM> -----------------(42-30-30-30-46-46 = B000FF in ASCII ; 06 = end of header B000FF)
Record 1>--<Address> < length > < CHKSUM32 > <----Chunk of Raw image-->
Record 2>--<Address> < length > < CHKSUM32 > <----Chunk of Raw image-->
" "
" "
V V
Last Rec>-00-00-00-00--00-00-00-00--00-00-00-00
I am doing some crazy splitting and Hex scripts to achieve that, but it is a pain in the neck. So I have decided to make a proggie to help me out with that. Please see the thread
http://forum.xda-developers.com/showthread.php?t=316647
on the 2nd post you will see what I am talking about.
Regards,
trinca
Tried viewbin on my extracted from .exe bin file - Image Start = 0x00000000, length = 0x02C1D3E0
Start address = 0x00000000
Done.
Looks like something is missing. Also cvrtbin is not working also, as it cannot accept 0x00000 as start adress
JugglerLKR said:
Tried viewbin on my extracted from .exe bin file - Image Start = 0x00000000, length = 0x02C1D3E0
Start address = 0x00000000
Done.
Looks like something is missing. Also cvrtbin is not working also, as it cannot accept 0x00000 as start adress
Click to expand...
Click to collapse
Start address = 0001ffe0
So, How to convert dumped LZX packed rom to B000F format for flashing to device?
How to convert dumped LZX packed rom to B000F format
Please refer to my thread:
http://forum.xda-developers.com/showthread.php?p=1392761#post1392761
I am unable to download your file (can you post it on rapidshare ou megaupload?). I am in the same situation as well but I appiled the english patch from asukal and Buzzlightyear and it worked .. I now have a device in english ... I am waiting for the firmware in english.. I have wm6 roms in chinese that I have not tested it ...
I also have a i710 rom but it's also a .bin file dumped from a i710 device ...
Hope this helps,
-Hau
I have uploaded several files... Can you tell me which one you have trouble with?
trinca
Oops ... My message was intended for Juggler uploading his ROM ...
Thanks,
-Hau
Thanks to trinca and bepe, mamich and many others i've managed rom kitchen essentials - look at first page.
i downloaded your flasher but why when i run i718ZMGF4_PDA_Eng, i click detect but nothing detected....
phone is on and connected via active sync
I have a diagnostic .nbh image for Hermes devices. When copied to the storage card and started in bootloader mode, the device will boot the image and enter a diagnostics sort of mode. The utility ends after a bit when some "security checks" fail. I'd like to analyse the file but I'm having some trouble. I am somewhat experienced in disassembling ARM code, but I'd like to start at a higher level than that. I can convert the file to a .nb using the tools available on the forums, but I can't seem to break it down any further from there. Is anyone here familiar with the .nb file format? When I attempt to use the tools that convert a .nb to a ROM dump it fails saying "Not an img file" or something like that. It reads as a straight binary file in IDA so I'd have to manually identify an entry point in order to analyse it further.
The interface of the diagnostic mode looks similar to what is displayed when a ROM is being updated - a gray screen with a blue system font.
I can tell from looking at the .nb that there is significant functionality that I would like to check out further.
Any help?
fluxist