Related
Hello
With ActiveSync STG files I know that I can use a program to look at the internals of that file and extract items that I want.
I was wondering if there is a way to do this with the ROMs that are on the FTP? I dont want to install the whole ROM, I just want to go in to look around and see if there is anything interesting to install.
Thanks
http://forum.xda-developers.com/viewtopic.php?t=17918
read xda2jojo's post
To disassemble ROM files you'll need to feed a decrypted ROM image to this utility - http://www.xs4all.nl/~itsme/projects/xda/dumprom.html
Example: dumprom.exe nk.nba -4 -d c:\dumped
this would extract all files from nk.nba to c:\dumped directory.
Then you can disassemble files by IDA. In the case of XIP DLLs you'll need to play with it because relocation info is missing.
Hi,
I write some code that can modify the ROMs, it can save your time to add and delete files by hand.
RomMaster V2.0 Beta
Usage: RomMaster [options] imagefile
-d[m] <dfile> - delete file
replace file/module together with -a option
'm' delete module, deleting module isn't suggested
-a[c] <afile> - add file into the rom
'c' means use compress(need CECompressv4.dll)
-o <ofile> - output imagefile name
-v <0~9> - print info, 0 detail, 9 only show errors, default is 5
-w <5> - 5 is 2005, default is 2003&SE
-x - only save XIP(OS) data
-s <0x...> - Fix XIP start address(Hex)
-e <0x...> - Fix XIP end address(Hex)
In replace mode, 'c'&'m' is useless
It is now 2.0 Bata Release.
You can delete file/modules you don’t like from the ROM.
RomMaster –d “filename” –o “newROMname” “ROMname”
You can add files into the ROM.
RomMaster –a “newfilename” –o “newROMname” “ROMname”
You can replace file in the ROM
RomMaster –d “filename” –a “newfilename” –o “newROMname” “ROMname”
“newfile”’s size should be the same or small than the file you want to replace, new file will occupy the same space as the old one.
I test some ROM in my SP; include SDA, Dopod 575 & 585. I only tested one 2005 ROM. Replace module may don’t work, I am still working on it.
Before you burn the image generated by the tool, make sure you finish follow step:
1. RomMaster –o “TestROM” “SrcROM”
2. Do binary compare “SrcROM” with “TestROM”
a) If they are 100% same, I think you can safely use this tool.
b) If they are 99% same, you should be careful, make sure you only burn the OS part. Because some ROM are modified by someone before, there are maybe some useless data in the ROM, only burn the OS part won’t damage your SP.
c) Else, the “SrcROM” may contain some unknown structure or data, the “TestROM” may won’t work, don’t try burning it into you SP. If you want to modify it, tell me where I can find the ROM, if I am free, I can give some help.
3. I only tested one 2005 ROM, its structure isn’t very correct, and I think that ROM is extracted form emulation ROM. So if 2005 ROM isn’t 100% same, don’t try and be careful even they are 100% same.
This is great!!!
Going to try it!
ncruz,
I'll wait for your experience, cause if this is working we can all save space by directly burning upgraded cameras etc into the rom. will save me at least 1MB ram or storage.
The tools sounds great gmap.
There already exists MKROM tool - http://www.xs4all.nl/~itsme/projects/xda/romtools.html
it is 100% working with WM2003/2003SE devices. But it is rather inconvenient.
I'll test your "-w 5" option on a real device. Real WM5 device has one XIP kernel section with only few modules and about 1Mb free space. All other data is kept in IMGFS partition, I'm currently working on a tool that would work with it.
And one question. When you add new files to ROM, do you add them to a new XIP or extend the existing XIP? And when you delete modules, do you reuse the freed space after adding new ones?
mamaich said:
There already exists MKROM tool - http://www.xs4all.nl/~itsme/projects/xda/romtools.html
it is 100% working with WM2003/2003SE devices. But it is rather inconvenient.
I'll test your "-w 5" option on a real device. Real WM5 device has one XIP kernel section with only few modules and about 1Mb free space. All other data is kept in IMGFS partition, I'm currently working on a tool that would work with it.
And one question. When you add new files to ROM, do you add them to a new XIP or extend the existing XIP? And when you delete modules, do you reuse the freed space after adding new ones?
Click to expand...
Click to collapse
That's great if we can modify IMGFS partition I am waiting for it.
I know that tool and i don't know how it works. I made this tool only for interesting.
You can find XIP chain in 2003 ROM, by XIP chain, you can know the address and length of each XIP section. I will scan the hole XIP region before inserting the new file to reduce memory fragment. When a module is deleted, its space will be freed and reused when adding files. I freed about 6M space in my own ROM by deleteing the useless files, and add about 5M files into it, it works OK.
It seems 2005 don't have XIP chain information in the ROM, i only test one 2005 ROM, and i didn't find the XIP chain info. If your 2005 ROM don't have XIP chain info too, you should modify ROMHDR.physlast to a correct value by hand. Because if i can't find the XIP chian info, I use ROMHDR.physlast to decide the end address of XIP. Or, there are almost no space for you to add new file. My 2005 ROM physlast=0x8c253278, and only about 78732 bytes free before 0x8c253278.
I update the the tool V2.2 , fixed a bug when deeling with MDA(818) ROM.
gmap said:
That's great if we can modify IMGFS partition I am waiting for it.
Click to expand...
Click to collapse
I've PMed you a test version. I'll make it available to public later.
... If your 2005 ROM don't have XIP chain info too, you should modify ROMHDR.physlast to a correct value by hand.
Click to expand...
Click to collapse
My ROM has all needed info, I had to extract everything from rom image after 1C0000 address to a separate file and gave it to your tool. It is working perfectly. I've managed to delete and add a new file to ROM. I have not tested "-dm" option. It seems that all modules/files in XIP section of WM5 are uncompressed. I'm using BlueAngel's WM5 ROM. Later I'll try to replace boot.hv file with my own version.
Can you add a switch to your program "-s bytes" so that it woud skip the given number of bytes from file start, so it would be possible to work directly on NBA files with header?
gmap, can you tell me what file i can use this with? Is it for nbk or nba files? Thanks
I'm not able to edit the xip sextion ...
i've tried your tool on 1.60c.07CHS rom for xdaII :
RomMaster.exe -w 5 -x -o test.bin nk.nba
result :
[Info] It is a common ROM.
[Error] File is damaged, end address small than start address.
[Error] File is damaged, end address small than start address.
RomMaster.exe -w 5 -x -o test.bin imgfs_raw_data.bin (created with mamaich's tool)
result :
[Info] It is a common ROM.
[Error] Load nb00 failed.
RomMaster.exe -w 5 -x -o test.bin img.bin (created by nba part 1C0000 to end)
result :
[Info] It is a common ROM.
[Error] File is damaged, end address small than start address.
[Error] File is damaged, end address small than start address.
How to save the XIP section ?
TofClock said:
RomMaster.exe -w 5 -x -o test.bin imgfs_raw_data.bin (created with mamaich's tool)
Click to expand...
Click to collapse
This would not work. My tool works with IMGFS and you need to edit XIP
and ... how to edit XIP ?
mamaich said:
My ROM has all needed info, I had to extract everything from rom image after 1C0000 address to a separate file and gave it to your tool. It is working perfectly. I've managed to delete and add a new file to ROM. I have not tested "-dm" option. It seems that all modules/files in XIP section of WM5 are uncompressed. I'm using BlueAngel's WM5 ROM. Later I'll try to replace boot.hv file with my own version.
Can you add a switch to your program "-s bytes" so that it woud skip the given number of bytes from file start, so it would be possible to work directly on NBA files with header?
Click to expand...
Click to collapse
mamaich, or anyone else, what did you use to extract after 1C0000?
splitrom?
any help would be greatly appreciated.
Russ
Wow , just an hex-editor like winhex or edithexa
i tried that w/xvi32, and it didn't seem to work. I guess I'll try again
Thx gmap for this great tool. 8)
Recently I want to replace the TureFFS.dll at the XIP area of Wizard OS ROM.
ftp://xda:[email protected]/Uploads/HTC_Wizard/Roms/Qtek/Qtek_9100_1_6_7_ENG__OS_ONLY.zip
I type the following command and it says that it cannot replace the file.
Code:
D:\>RomMaster.exe -d TrueFFS.dll -a TrueFFS.dll -w 5 -o new.nba os.nba
[Info] It is a common ROM.
[Warning] o32_rom(0x8c268ef8)'s o32_data at 0x00000000 is zero.
[Warning] Found dif-referenced region [OLD] Address=0x8c1e1290 Length=0x00000800 ObjectType=0x00200000
[Warning] Found dif-referenced region [New] Address=0x8c1e1290 Length=0x00000800 ObjectType=0x00008000
[Warning] Found dif-referenced region [OLD] Address=0x8c1fe538 Length=0x00000600 ObjectType=0x00200000
[Warning] Found dif-referenced region [New] Address=0x8c1fe538 Length=0x00000600 ObjectType=0x00008000
[Warning] Found dif-referenced region [OLD] Address=0x8c211018 Length=0x00000a00 ObjectType=0x00200000
[Warning] Found dif-referenced region [New] Address=0x8c211018 Length=0x00000a00 ObjectType=0x00008000
[Warning] Memory Block(0x8c101000,0x8c1510ac) overlap with Block(0x8c10288c,0x8c1028b8).
[Error] You want to get an object whose size is 108, but it is 112. RomOffset=0x8c268e00
[Error] Could not replace 'TrueFFS.dll' with 'TrueFFS.dll'.
However, I can successfully replace the boot.hv file. Do you know why?
ahlok_hk said:
Thx gmap for this great tool. 8)
Recently I want to replace the TureFFS.dll at the XIP area of Wizard OS ROM.
ftp://xda:[email protected]/Uploads/HTC_Wizard/Roms/Qtek/Qtek_9100_1_6_7_ENG__OS_ONLY.zip
I type the following command and it says that it cannot replace the file.
Code:
D:\>RomMaster.exe -d TrueFFS.dll -a TrueFFS.dll -w 5 -o new.nba os.nba
[Info] It is a common ROM.
[Warning] o32_rom(0x8c268ef8)'s o32_data at 0x00000000 is zero.
[Warning] Found dif-referenced region [OLD] Address=0x8c1e1290 Length=0x00000800 ObjectType=0x00200000
[Warning] Found dif-referenced region [New] Address=0x8c1e1290 Length=0x00000800 ObjectType=0x00008000
[Warning] Found dif-referenced region [OLD] Address=0x8c1fe538 Length=0x00000600 ObjectType=0x00200000
[Warning] Found dif-referenced region [New] Address=0x8c1fe538 Length=0x00000600 ObjectType=0x00008000
[Warning] Found dif-referenced region [OLD] Address=0x8c211018 Length=0x00000a00 ObjectType=0x00200000
[Warning] Found dif-referenced region [New] Address=0x8c211018 Length=0x00000a00 ObjectType=0x00008000
[Warning] Memory Block(0x8c101000,0x8c1510ac) overlap with Block(0x8c10288c,0x8c1028b8).
[Error] You want to get an object whose size is 108, but it is 112. RomOffset=0x8c268e00
[Error] Could not replace 'TrueFFS.dll' with 'TrueFFS.dll'.
However, I can successfully replace the boot.hv file. Do you know why?
Click to expand...
Click to collapse
In replace mode, new file should not biger than old file. So, you should delete old 'TrueFFS.dll' first, then add the new one(You can delete some file next to 'TrueFFS.dll' to get free space or move it to a big free space, then modify the file size and related infomation of 'TrueFFS.dll' by hand to make it bigger). Replacing module isn't stable, I confused by some of the module data. If you want to replace a module, it may not work. I haven't find a way that can be used to calculate all of the data.
gmap said:
In replace mode, new file should not biger than old file. So, you should delete old 'TrueFFS.dll' first, then add the new one(You can delete some file next to 'TrueFFS.dll' to get free space or move it to a big free space, then modify the file size and related infomation of 'TrueFFS.dll' by hand to make it bigger). Replacing module isn't stable, I confused by some of the module data. If you want to replace a module, it may not work. I haven't find a way that can be used to calculate all of the data.
Click to expand...
Click to collapse
Thx for your explanation. Actually the new file is smaller than the one being replaced. And I just found that I can only delete those non-module files while all modules could not be deleted.
Thx again. Hope to see new version if you have time to find out how to calculate the data. :wink:
How can i extract a kernel file (kbbdrv.dll)?
thanks
dherrero said:
How can i extract a kernel file (kbbdrv.dll)?
thanks
Click to expand...
Click to collapse
dumprom tool
But if you'll extract this or any other XIP DLL and then readd it to the same, or any other ROM it would not work.
Hello,
I have a Apache Rom,
I would like to delete nk.exe are replace it.
iv tryed:
rommaster -w 5 -d nk.exe nk.nba
also
rommaster -w 5 -d nk.exe -a nk.exe nk.nba
keeps telling me i can delete that file.
just to let you know: if i use dumprom i get the boot partition files (containing nk.exe) and if i use imgfs i get all the os files (not containing nk.exe)
Any help would be great thanks
you cannot delete nk.exe, and you should not even need to do that.
Hi!
I used tool and instruction at Mr Buzz's website http://buzzdev.net/index.php?option=com_content&task=view&id=65&Itemid=1 to change Nk.nbf(WM 2005 rom for Uni) to Fat 16 Nk.nba.
This tool did well, but when I used dumprom.exe:
>dumprom.exe nk.nba -5 -d .
- to extract this nba file, It extracted only about 39 files such as:
device.exe
default.hv
imgfs.dll
mspart.dll
OEMExtDLL.dll
......
Great that these files were not corrupted, but I want all the files in rom , and it extracted only 39 files, pure!!!!
Can any one help ?
Hello,
I want to cook my own ROM. After I read many many sites at this forum, I found a 'polaris kitchen 1.3' that seems to be good for me.
I want to use the original WM6.1 O2-ROM as base for my 'new' ROM.
My target is the original ROM without some progs (O2 specific) an also without tomtom, 'Erste Schritte' (First Steps) and opera.
I want to add MyMobiler, and some other cabs. Also, I want to make some registry corrections.
These steps I made:
1. Extract the Updatefile with 7Zip and got the neccassary file 'RUU_signed.nbh' as I understand correctly.
2. Extract the 'RUU_signed.nbh' with this command
Code:
NBHextract.exe RUU_signed.nbh
Now, I have these files
- '00_Unknown.nb', <== Radiofile (Thanx to ianl8888)
- '01_SPL.nb', <== ???
- '02_MainSplash.bmp', <== O2 BootSplashScreen Bitmap
- '02_MainSplash.nb' <== ???
- '03_OS.nb' <== OS file which we need to split
Question1: Do I need only the '03_OS.nb'? What do i need the other files for?
3. I used this command to split the nb-File '03_OS.nb'
Code:
NBSplit.exe -kaiser 03_OS.nb
I got this:
- '03_OS.nb.payload'
- '03_OS.nb.extra'
Question2: Is it OK to use the parameter -kaiser? Remember, I will create a orbit2/polaris ROM
Question3: What are this files for?
4. now I used this command
Code:
imgfsfromnb 03_OS.nb.payload imgfs.bin
to build the 'imgfs.bin' file
5. with the following command I've created a 'dump' folder
Code:
imgfstodump imgfs.bin
This dump folder include many subfolders and files
6. I start the package tool 'PKGTool.exe' an selected the dump-Folder
The output:
Code:
[Selected Path]
C:\Extracted ROM\dump
[Core OS]
Windows Mobile-based Pocket PCs
[Versions]
SYS: 5.2.19965.1203
OEM: 3.13.0.0
OEM: 0.0.1.0
SYS: 5.2.19958.1200
NET: 2.0.7045.0
OEM: 29.6.31301.207
OEM: 29.3.31301.207
[Language]
0407 - German (Germany)
[DPI]
96
[Certificates]
CN=Microsoft Windows Mobile PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
CN=OEM_UpdateCert
CN=O2___102
[Missing Manifests]
d92a4f0a-378a-4482-8fd3-bd127a05e4de.dsm
723fb954-d931-4348-b672-82a188e587b5.dsm
3346da5d-3675-4a67-925e-75f623184bda.dsm
98af2d70-895d-99af-0ffc-ede71fc1186d.dsm
75bcb9fa-30b9-8705-5d86-11acd2e2c1b1.dsm
Question4: Everything OK till now?
7. Now I've selected 'tool' - 'build packages'
Inside the dump folder, I've only two subfolder 'SYS' and 'OEM'
Maybe this is the next step ... (Thanx to ianl8888)
8. Now we must dump the 'xip.bin' with this command:
Code:
RomMaster.exe 03_OS.nb.payload -w 5 -b 0x00310000 -x -o xip.bin
[The syntax recorded in the how-to page had left out the suffix "payload" ]
So I have a XIP.BIN about 3.3Mb which XIPPort.exe has dumped into \Out\Files & \Out\Modules
Question5: What to do next?
Hi,
that is exactly the same I wanna do. After you have the SYS and OEM folder the next would be to re-create the ROM folder for your kitchen. We need a new XIP. That is the point where I don't know how to continue. I have already tested to replace the original SYS and OEM with those versions I build via dumping the new O2 Germany ROM. But after trying to rebuild and flashing the ROM with the kitchen the ROM won't boot.
Therefore I asked the chefs at http://forum.xda-developers.com/showthread.php?p=2657634 to help me.
Hopefully we can take a step further.
Tom
I have already managed to build a new german rom based on the
O2 GER 3.13 released some days ago and I used the XIP 20743 from
Shayders thread to build. Had no errors in cooking but I did not
flash yet because of maybe wrong location of XIP files in the ROM.
But I have another problem with HTC ROM Tool when trying to cook
the radio 1.59.42.15 (or any other) in the ROM. The tool always states:
"The size of this file is greater than default. Do you want to assign this file?"
I said yes and it builds the rom but now I don't know if it would work
because of the warning. I tried different radio.nb files and all of them
are 17MB and all of them give the error in HTC ROM Tool when assigning
them... Is this normal?
Olioaglio
Orbitter2 said:
Hello,
6. I start the package tool 'PKGTool.exe' an selected the dump-Folder
The output:
Code:
[Selected Path]
C:\Extracted ROM\dump
[Core OS]
Windows Mobile-based Pocket PCs
[Versions]
SYS: 5.2.19965.1203
OEM: 3.13.0.0
OEM: 0.0.1.0
SYS: 5.2.19958.1200
NET: 2.0.7045.0
OEM: 29.6.31301.207
OEM: 29.3.31301.207
[Language]
0407 - German (Germany)
[DPI]
96
[Certificates]
CN=Microsoft Windows Mobile PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
CN=OEM_UpdateCert
CN=O2___102
[Missing Manifests]
d92a4f0a-378a-4482-8fd3-bd127a05e4de.dsm
723fb954-d931-4348-b672-82a188e587b5.dsm
3346da5d-3675-4a67-925e-75f623184bda.dsm
98af2d70-895d-99af-0ffc-ede71fc1186d.dsm
75bcb9fa-30b9-8705-5d86-11acd2e2c1b1.dsm
Question4: Everything OK till now?
7. Now I've selected 'tool' - 'build packages'
Inside the dump folder, I've only two subfolder 'SYS' and 'OEM'
Question5: What to do next?
Question6: Should I copy these folder to the kitchen?
Click to expand...
Click to collapse
I don't know how to proceed yet with the "re-building stage", but I think you are still 3 steps short of this, anyway:
we need the XIP.BIN file to use the XIPPORT.exe tool on for XIP Files\Modules. The XIP build no. I have extracted is 19965, but we are already at 20753 for the device-independent MS files
I do NOT yet know how to extract the XIP.BIN file for this. I have successfully extracted it from an Eten temp.dat file (nbh equivalent) but not for HTC ROM files.
So I think we need to do steps 7,8,9 (xip.bin, xipport, \out) yet. How to extract xip.bin ??
Then re-build with edits (whole new ball game)
Some ROM chefs (eg. Ervius, swtos, cs) are generous enough to help, I hope, as they have in the past.
ianl8888 said:
I do NOT yet know how to extract the XIP.BIN file for this. I have successfully extracted it from an Eten temp.dat file (nbh equivalent) but not for HTC ROM files.
So I think we need to do steps 7,8,9 (xip.bin, xipport, \out) yet. How to extract xip.bin ??
Then re-build with edits (whole new ball game)
Some ROM chefs (eg. Ervius, swtos, cs) are generous enough to help, I hope, as they have in the past.
Click to expand...
Click to collapse
OK, later edit:
I've figured out how to dump xip.bin
RomMaster.exe OS.nb.payload -w 5 -b 0x00310000 -x -o xip.bin
[The syntax recorded in the how-to page had left out the suffix "payload" ]
So I have a XIP.BIN about 3.3Mb which XIPPort.exe has dumped into \Out\Files & \Out\Modules
But now, when attempting "make pkgs", XIPPort.exe falls over with "could not load file or assembly" errors these tools are so prone to. A path problem (I think) that continually drives me up the wall. We need the "packages" from XIP.BIN to know which files are the OEM drivers etc specific to the Polaris.
So I'm at steps 7, 8 and 8.5 ... it's like pulling teeth
BTW, 00_unknown.nb is the radio file.
ianl8888 said:
I have successfully extracted it from an Eten temp.dat file
Click to expand...
Click to collapse
I already thought I knew your nickname from somewhere .
ianl8888 said:
OK, later edit:
I've figured out how to dump xip.bin
RomMaster.exe OS.nb.payload -w 5 -b 0x00310000 -x -o xip.bin
[The syntax recorded in the how-to page had left out the suffix "payload" ]
So I have a XIP.BIN about 3.3Mb which XIPPort.exe has dumped into \Out\Files & \Out\Modules
Click to expand...
Click to collapse
Seems to be step 8, thank you! If we are sure that this is the right way, I will insert this step8 into the first post.
But where can I find 'RomMaster.exe'? I've only the beta without the command '-b'.
BTW, 00_unknown.nb is the radio file.
Click to expand...
Click to collapse
I already inserted this into #1
I did it the following way and created a new rom without glitches.
Though don't know if it works because I don't dare to flash it
Thanks, I see that you provided a new XIP in packages
20753 in your new thread. So I decided to use this one with your kitchen and I would breakdown the
steps now with which I built my ROM. Could you
please confirm if I have done right?
1. Download and unrar Shayder kitchen with included (3,8MB) os.nb.payload and imgfs.bin (4,0KB)
http://forum.xda-developers.com/showthread.php?t=421444
(Post #8 in the thread)
2. Download and XIP 20753 from the new thread.
http://forum.xda-developers.com/showthread.php?t=427730
3. Put the extracted SYS and OEM folder from
dumped and packaged ROM of you choice into the Build folder
of the Shayder Kitchen.
4. Put the extracted MSXIPKernel and MSXIPKernelLTK
folder from Shayders XIP 20753 into the SYS folder which
was before copied into the Build Folder.
5. Start ROM.bat in the kitchen
6. Select "1 - Build"
7. Select "1+2+3+4+5" in the next screen
8. Select "0" to let it run
9. Click the green button in the Build tool
10. Close Build tool when run ready
11. Wait to finish the nbh and enjoy!
I did so and got the ruu_signed.nbh file
ready to flash... think no need to XIPport etc.
but in fact I don't know exactly as I didn't flash my rom
Olioaglio
Olioaglio said:
I did it the following way and created a new rom without glitches.
Though don't know if it works because I don't dare to flash it
Thanks, I see that you provided a new XIP in packages
20753 in your new thread. So I decided to use this one with your kitchen and I would breakdown the
steps now with which I built my ROM. Could you
please confirm if I have done right?
1. Download and unrar Shayder kitchen with included (3,8MB) os.nb.payload and imgfs.bin (4,0KB)
http://forum.xda-developers.com/showthread.php?t=421444
(Post #8 in the thread)
2. Download and XIP 20753 from the new thread.
http://forum.xda-developers.com/showthread.php?t=427730
3. Put the extracted SYS and OEM folder from
dumped and packaged ROM of you choice into the Build folder
of the Shayder Kitchen.
4. Put the extracted MSXIPKernel and MSXIPKernelLTK
folder from Shayders XIP 20753 into the SYS folder which
was before copied into the Build Folder.
5. Start ROM.bat in the kitchen
6. Select "1 - Build"
7. Select "1+2+3+4+5" in the next screen
8. Select "0" to let it run
9. Click the green button in the Build tool
10. Close Build tool when run ready
11. Wait to finish the nbh and enjoy!
I did so and got the ruu_signed.nbh file
ready to flash... think no need to XIPport etc.
but in fact I don't know exactly as I didn't flash my rom
Olioaglio
Click to expand...
Click to collapse
I also did it this way. You're right, there is a ruu_signed.nbh after all that staff has finished. But the after flashing this ROM image to the orbit it won't boot. The splash screen is shown but nothing else happens.
I think this is caused by the XIP part.
Tom
tomduke99 said:
. But the after flashing this ROM image to the orbit it won't boot. The splash screen is shown but nothing else happens.
I think this is caused by the XIP part.
Tom
Click to expand...
Click to collapse
OK, what about the 20743 version as os.nb.payload version
as downloadable in Shayders XIP 20743 thread:
http://forum.xda-developers.com/showthread.php?t=424655
(the rapidshare link). This one does not have to be copied
into the SYS folder, but copied directly into the ROM folder.
I created a rom with this one with Polaris Kitchen 1.3.
Don't know if this would boot (didn't flash it either).
Orbitter2 said:
Seems to be step 8, thank you! If we are sure that this is the right way, I will insert this step8 into the first post.
But where can I find 'RomMaster.exe'? I've only the beta without the command '-b'.
Click to expand...
Click to collapse
1) Of course I'm not yet sure that this is the right direction. But I do know that if we want to upgrade the XIP build we have to sort the \OEM and \SYS "packages" from xip.bin. These directories contain OEM drivers specific to the device (here, Polaris)
Still cannot get XIPPort.exe to "make pkgs" although it works with an Eten X500 ROM
2) rommaster.exe is found (from my memory only) in any one of the Polaris or Kaiser kitchen files. It is a very old file, though - Nov 25, 2005. You can also find it in Shayder's kitchen on the front page of this sub-forum
Perhaps there's a later version of a "rommaster.exe" somewhere ?
Olioaglio said:
OK, what about the 20743 version as os.nb.payload version
as downloadable in Shayders XIP 20743 thread:
http://forum.xda-developers.com/showthread.php?t=424655
(the rapidshare link). This one does not have to be copied
into the SYS folder, but copied directly into the ROM folder.
I created a rom with this one with Polaris Kitchen 1.3.
Don't know if this would boot (didn't flash it either).
Click to expand...
Click to collapse
If you are too unsure to test with flashing (I thought that was what HardSPL was for !!) then try to extract your own RUU_signed.nbh in full and see what you get.
ianl8888 said:
1) Of course I'm not yet sure that this is the right direction. But I do know that if we want to upgrade the XIP build we have to sort the \OEM and \SYS "packages" from xip.bin. These directories contain OEM drivers specific to the device (here, Polaris)
Still cannot get XIPPort.exe to "make pkgs" although it works with an Eten X500 ROM
Click to expand...
Click to collapse
later edit: I have XIPPort.exe "making pkgs" now. XIPPort needs to be in its own folder ( ?? )with the support dll's etc.
So now I'm at Step 9 (the unknown) with \OEM and \SYS "packages" for editing.
The base ROM I'm trying to edit is the recent release of the official HTC WM6.1 Polaris ROM. This ROM is not protected by "all-commands-to-one" etc and so is fully extractable and editable if I can figure out how.
I think the next step (likely 10 or 12 sub-steps in there) is to understand the DSM's, RGU's, HV boot files etc. There is a tool XIPAddrTools available on this sub-forum that I have some hope for in helping here
I am trying to do two things with this ROM:
1) replace the XIP device-independent files with an upgraded set (build 1995 to build 2073)
2) remove all the crap that HTC and other ROM cooks put into it - like Cube, Home, Office etc etc
In other words, I'm trying for a WM6.1, recent XIP build, very clean ROM
Maybe ...
ianl8888 said:
I think the next step (likely 10 or 12 sub-steps in there) is to understand the DSM's, RGU's, HV boot files etc. There is a tool XIPAddrTools available on this sub-forum that I have some hope for in helping here
Click to expand...
Click to collapse
There is a very useful "sticky" thread on some of this, started by udK.
Olioaglio said:
OK, what about the 20743 version as os.nb.payload version
as downloadable in Shayders XIP 20743 thread:
http://forum.xda-developers.com/showthread.php?t=424655
(the rapidshare link). This one does not have to be copied
into the SYS folder, but copied directly into the ROM folder.
I created a rom with this one with Polaris Kitchen 1.3.
Don't know if this would boot (didn't flash it either).
Click to expand...
Click to collapse
I just tested without any modifications of XIP. I used the original XIP (os.nb.payload, imgfs.bin) delivered within the Kitchen. Only copied the SYS and OEM from the O2 ROM to the kitchen and tried to build a ROM. Result is a non booting ruu_signed.nbh.
Tom
tomduke99 said:
I just tested without any modifications of XIP. I used the original XIP (os.nb.payload, imgfs.bin) delivered within the Kitchen. Only copied the SYS and OEM from the O2 ROM to the kitchen and tried to build a ROM. Result is a non booting ruu_signed.nbh.
Tom
Click to expand...
Click to collapse
My version attached. If someone wants to try...
It's a german light version of O2 3.13.207.0 ROM
without Cube, TTN, Opera, useless stuff.
With XIP 20743 cooked in as os.nb.payload with
Polaris Kitchen V1.3
No radio included. You will most likely have to flash
1.59.42.15 manually after installation of the rom.
Olio v1 GER (Rapidshare link)
Olioaglio
If been testing around with this thread and this one and made a successful rom, some how the xip files needs to be extracted, 3,4 MB is little low, cause the one i got was 3.8 MB.
I used buildos+package_tools-2.7.exe to build my package and htcrt.exe to build the rom. (i change model from KAIS***** to POLA***** to get working and flash able rom)
I will experiment more cause i need to convert raw dump to original rom for warranty
tomduke99 said:
I just tested without any modifications of XIP. I used the original XIP (os.nb.payload, imgfs.bin) delivered within the Kitchen. Only copied the SYS and OEM from the O2 ROM to the kitchen and tried to build a ROM. Result is a non booting ruu_signed.nbh.
Tom
Click to expand...
Click to collapse
Yes, the various Registry addresses change as the XIP build changes so we need to understand RGU's, DSM's etc. The uDk sticky is helpful
Because the kitchens require a "template" to re-build a ROM, I still believe that the most thorough method is to use the just-released WWE WM6.1 HTC ROM as this template. Extract it all, replace the XIP device-independent filesystem with a newer build, remove all the stuff you don't want from \OEM "packages" and re-compile.
This is struggle street maybe, but this jigsaw is a challenge.
I've downloaded a newer version from Shayder's kitchen (found here: http://forum.xda-developers.com/showthread.php?t=427962). There is another os.nb.payload template. With this version of the kitchen I was able to produce a working ruu_signed.nbh with the SYS and OEM folder from the new German O2 ROM. Encouraged by this result I then tried to change the Kernel parts from XIP 20753 and replace NETCF2 with NETCF3.5 - Result: working ROM with NetCF3.5. Many thanks to all guys helping me especially those who have developed Kitchen's, Tools etc.
At this point I have OS version CE OS 5.2.20753 but the Build is still 19965.1.2.3. Therefore the next step should be replacing the SYS parts with its equivalents from a newer Build.
Questions about this:
1. Can I use a SYS folder from another (newer) ROM without modifications?
2. How to build a ROM with German localization? Shall I only copy the language specific folders from the original ROM to the SYS-part of the new ROM?
3. Are there some other stuff? What about Registry settings for different languages?
....
I read so many threads but I'm still not sure what to do next.
Thanks.
Tom
tomduke99 said:
I've downloaded a newer version from Shayder's kitchen (found here: http://forum.xda-developers.com/showthread.php?t=427962). There is another os.nb.payload template. With this version of the kitchen I was able to produce a working ruu_signed.nbh with the SYS and OEM folder from the new German O2 ROM. Encouraged by this result I then tried to change the Kernel parts from XIP 20753 and replace NETCF2 with NETCF3.5 - Result: working ROM with NetCF3.5. Many thanks to all guys helping me especially those who have developed Kitchen's, Tools etc.
Tom
Click to expand...
Click to collapse
Yes, that's real progress.
BUT - list step-by-step exactly how you did it, please
This is the problem - many posts about being successful, very few listing the detail.
Hello community,
I would like to thank cedesmith, thats provided me very useful information about the next steps that are needed to get WM6.5.3 on the TG01.
Ok here is the actual development status:
Progress of the Project WM6.5.3:
- With SDDL+ made by stepw we can flash any Rom on the TG01
- With cedesmith's tool TGTool v.1.2.14 we can decrypt the .tsw file that Toshiba provides us, we than get an unencrypted .bin file out of the .tsw file
- We also can dump this .bin file by also using cedesmith's TGTool v.1.2.14
TGTool.exe extracts out of the .bin the following parts:
-TG01.AMSS.nbin
-TG01.APPS.nbin
-TG01.APPSBL.nbin
-TG01.DSP1.nbin
-TG01.EFS2.nbin
-TG01.FOTA.nbin
-TG01.FSBL.nbin
-TG01.MIBI.nbin
-TG01.OSBL.nbin
-TG01.SIM_.nbin
-TG01.WMB0.nbin
-TG01.WMB1.nbin -> is boot+xip partition (information by cedesmith)
-TG01.WMB2.nbin -> is imgfs (information by cedesmith)
-TG01.WMB3.nbin -> is dos partition (information by cedesmith)
- With viewimgfs.exe it's possible to dump the imgfs partition (TG01.WMB2.nbin)
- With bepe's package Tool it's possible to analyze the Rom. Through this you get a OEM and a SYS folder, that contains some important files
- With TGTool v1.2.14 it's also possible to dump the OS that's included in the decrypted .bin file (you get a file called TG01.OS.nb)
- With TGTool v1.2.14 it's also possible to dump the payload that's included in the decrypted .bin file (you get a file called TG01WP.OS.payload)
- After Rom is cooked, it's possible to check the Rom with cedesmith's TGTool v1.2.14
Next steps of the development (To-Do-List):
- Rom needs to be cooked
- Tool needs to be made that rebuilds a .bin or .tsw file out of the modified files
We should already thank hdubli that is currently working on a Rom.
And we should thank cedesmith. Without him there would be no development for the TG01. There would be nothing...So big thanks to cedesmith who made this project possible.
Will update this post as soon as we got more information!
Best regards,
DunkDream
Wrong...See first post for right information.
DunkDream said:
Okay I gained some informations.
Well a Hard-SPL is needed when we want to flash custom roms that are not official on out TG01.
So I think this must be the first step in the development.
One question remains. If the phone got the Hard-SPL, what is needed to get a working WM6.5.3 Rom onto the phone?
And what is needed to cook this Rom?
For example, if we get a Hard-SPL for the Toshiba TG01, will the people of WMPoweruser be able to cook a Wm6.5.3 Rom for the phone or do they need some files out of the TG01 that they can't get at the moment?
People, you need to realize that more informations are needed!
Nobody will help us, if we don't know what is needed to be done!
Does nobody know the exact Rom Development Process for Windows Mobile phones here?
I count on you guys! It's our only chance to get a working WM6.5.3 for our phone.
So please answer me! I can than provide the Cracker all the information.
Best regards,
DunkDream
Click to expand...
Click to collapse
Hard spl how I say we dont need. May be I am not sure. I have a simple kitchen for other Toshiba 900 but I think is working for TG01. What we need all files from TG01 dll , cab etc....
That is from one beginner if I can help with something more tell me.
about the need
I am so glad to see that someone finally care the TG01 progress.
I come to the forum from the time TG01 to be opened,waiting the cooked rom for a long time, many IDs come and many IDs go, at last the news about TG01 become few more and more, the people that use TG01 become lack more and more,many thread not to be updated for a long time.
OK, then I talk about the need that I most wanted:
I have a japanese version TG01, it only can flash the japanese rom, and can not flash the ENGLISH or ITALY rom, and as I know ,many people like me have the same question.
Hope DunkDream can help to solve this question.
Well for me it seems that nobody in this Forum knows 100% sure what is needed to be done, to get a cooked Rom for the TG01.
If we don't have more information about the TG01, nobody will help us.
Or what should I tell the person I talked to, now?
Should I tell, that we want a hard-spl but are not sure if it's needed?
I guess, this development is not very easy.
I'll try to get more information about the TG01 and want to find a person thats knows the Rom Development process for WM-Phones very good.
We need a real expert in Rom Development.
Maybe Wen knows one, I could talk to.
I'll ask him.
Before we don't have all information, we won't get a new Rom for our phone.
Sorry bojan, but we need to be 100% sure Otherwise we may cause some people work that is at the end worthless.
Best regards,
DunkDream
I started a new thread in the General Hacking and Development section of xda-developers.
Maybe I can gain some informations there.
Can somebody explain me what we exactly can do with the tool that cotulla made and with the sddl+?
Thanks in advance!
Here is the thread I started:
http://forum.xda-developers.com/showthread.php?t=639783
Hope that sums everything in a good way up.
You are welcome to post in that thread, if you gain new information!
about sdd+
there are two threads about the sdd+ download method and short pin download method.
hope these threads have some useful:
about how short pin to download:
http://forum.xda-developers.com/showpost.php?p=5405267&postcount=325
about how SDDL+ to download:
http://www.modaco.com/content/toshi...7/tg01-sddl-plus-install-rom-in-any-language/
sorry I dont know
sorry I dont know who know the most question about TG01,but I think you can contact Wen\bojan, I hope you will get much info.
and I am very happy that you care about TG01,hope the good news,but I think it is a hard work.
So you want a know the truth?We need hard spl if we want a full ROM who work in all TG01.
And other think we need is a decompress the bin file. Cotula program is just decrypt the tsw file now is unpack this file and you can cook.
What info do you need more? We have kitchen we have files decrypted and we need just unpacker and hard spl.
Couldn't you just wait for the TG02 to come out and then flash that rom on?
All the TG01 2 is different chassis and a different screen.
Just sent a PM to Cotulla regarding what exactly is needed. Hope he'll help us.
TG01
mikiril said:
Just sent a PM to Cotulla regarding what exactly is needed. Hope he'll help us.
Click to expand...
Click to collapse
cedarsmith main tg01 forum is a programmer but needs main toshiba tg01 bin file decrypted which is totally different to htc variants.
bin files sticking point
Progress of the Project WM6.5.3:
- With SDDL+ made by stepw we can flash any Rom on the TG01
- With Cotullas Tool we can decode/encode .tsw files
What we need:
- A person that understands the format of .bin (unencrypted .tsw)
Now we need to search that person. I'll ask around if someone is able to help us and wants to help us.
Special Thanks to cedesmith due he knows we is needed to get WM6.5.3 for the TG01!
Best regards,
DunkDream
And here is reply from Cotulla:
"Seems you need decrypt TSW image to BIN and then encrypt it back to TSW.
BIN image have complex format with header and many parts.
Obviously we need exclude all stuffs except OS.
The main problem to test this - I am not sure if we put wrong image, it won't brick device...
-Cotulla"
crazy thought no.1: can we just use pdocwrite to write a new imgfs to Part02 ?
does anyone know if pdocwrite works ?
the good part would be that it would reduce the chances to brick the phone as would only write OS portion of the flash thus leaving SD Downloader intact and short pins would work to restore original rom.
could anyone use pdocread to dump a UK version rom ? i have dumped RO rom but could use UK version.
one could download rapi tools and use:
pdocread.exe -l
pdocread.exe -w -b 0x800 -d DSK1: -p Part00 0 0x17f000 Part00
pdocread.exe -w -b 0x800 -d DSK1: -p Part01 0 0x380000 Part01
pdocread.exe -w -b 0x800 -d DSK1: -p Part02 0 0x9940000 Part02
addresses and sizes may vary on UK ROM but u can see that with pdocread -l
do not post Part03 as it contains you contacts and pictures and etc
You are finish decompress or (unpack ...) bin file.When we do it we can start dump.
We don't need dump ROM we need unpacked original to see witch file it use.
I have dumped 6.1 PL rom(rare) 6.5 UK leaked 6.5 O2 leaked using these tools... then unpacked them in Touch Pro kitchen but I only get access to protected files dumped rom gives You nothing more... Trying to write something using these tools can brick TG01...
i could relay use dump of official UK 6.5 ROM for comparing with update file.
nico you could also use bepe's tools to dump Part02.
xidump.exe -I -b Part02
result is ready to be put in a kitchen.
one could make now a custom rom using WM 6.5.3 but the problem would be writing it back to phone.
this could be done by writing directly on flash with pdocwrite ( but i think it will not work ) or by replacing OS (IMGFS) on original toshiba rom with cooked one.
the problem now is that i cannot figure the algorithm Tosh uses to calculate 112bits hash.
to explain a little:
imgfs starts on .bin file at 0x565E000 and is Part02 in dump with pdocread
every 464 bytes 0xFFFF is inserted
every 512 bytes a 112 bits (14 bytes) hash is inserted.
i could not figure out the hash algorithm. when i do i could reintegrate coocked OS into update file and have a cooked room.
nico101 said:
Trying to write something using these tools can brick TG01...
Click to expand...
Click to collapse
i know, almost any mod can.
does O2 rom have SPB Mobile shell ? do hardware buttons work ?
TG01
mAIN STICKING POINT IS STILL DECRYPTION OF ROM BIN DUMP AND THE RADIO STACK THO