NOTE: I've already posted this into the Development & Hacking forum, but got no reply yet. As it is an Hermes specific topic it is probably better to place it here, sorry for reposting if you've already read this.
The available original shipped ROMs for the HTC Hermes have .nbh files with the RUU, instead of the usual .nbf files found in other HTC rom updates.
By now, there are two shipped ROMs available, containing:
HERMIMG_Dopod_1.23.707.1_SHIP.nbh
hermimg_QtekNOR_1.18.255.3_Ship.nbh
So, it seems that the usual nk.nbf file is no longer used by the Hermes RUU
I cannot extract the various rom components (ExtROM, OS, IPL/SPL, SplashScreen, GSM radio, etc...) out of these files using the usual TyphoonNbfTool, however mamaich's prepare_imgfs finds the imgfs and dumps it apparently ok, but it cannot be read using viewimgfs or itsme's rdmsflsh.pl, so I guess the dumped file is invalid.
Anybody knows about this new format?
is it possible to convert it to nk.nbf so we can cook our own roms?
Would it be possible for example to extract the radio rom from Dopod and replace it on QtekNOR rom?
I think we will have to wait for the rom guru's to advise on this. I hope this would be possible so we can get the best rom possible.
I've tried to decode.nbh files with alpinenbfdecode.pl, himalayanbfdecode.pl and typhoonnbfdecode.pl. None of them works, so this must be a completely new format.
Opening nbh files in hex heditor shows interesting strings, but I don't know how to procede to identify each part and decompress or decrypt it...
Is it possible to decrypt Extended_ROM of HTC TyTN? I'v found a great extRom, but I can't upgrade my ExtRom because I have only borrowed tytn from my friend and Iam looking for one special aplicattion which is included in this. Any solutions ? Thanks
Jerry, you can unlock & unhide the ExtRom just with a registry tweak, look here:
http://wiki.xda-developers.com/index.php?pagename=Hermes_Unhide_Extrom
Downloading a ROM now to experiment
If I crack it, you guys better donate something to my get-theblasphemer-a-hermes-too-fund (yet to set up that fund though )
Mate if you crack it I'll be donating to your fund!
Hmmm, a very weird file format indeed :S
All files start with "R000FF\r", next 16 bytes of what appears to be random data.
After that it consists of several blocks.
Each block starts with a header:
4-bytes block-length
4-bytes footer-length
1-byte always 1
After that follows the actual data (block-length bytes) + a footer, which appears to be random data but which I suspect to be some kind of checksum
I'm uploading a full USB log of a complete ROM-flash here:
ftp://xda:[email protected]/Hermes/Technical/
Watch for the file Dopod2-FullRomUpgrade.txt.gz, when it is full uploaded it will be around 102Mb.
This is from this ROM file:
HER_DopodAsia_1237074_1060010_WWE_SHIP.exe
______
EDIT: Upload finished.
I created a wiki page with all the info we have about NBH format:
http://wiki.xda-developers.com/index.php?pagename=Hermes_NBH
i added my scripts to extract nbh files to the wiki page
willem
itsme said:
i added my scripts to extract nbh files to the wiki page
Click to expand...
Click to collapse
Cool :shock:
you always come with splendid work, so pleasant to see... thanks a lot!
Hmmm... just took a peek at the USB-dump of a ROM upgrade.
It appears that the whole file is just sent to the device.
The flashing utility doesn't even look at the CID or even the device type, it was happy to start flashing my Universal (however it didn't get very far, as the bootloader doesn't understand all commands ).
This makes it incredibly difficult to make a RomUpgradeUtility that doesn't look at the CID, or to figure out how the signatures in the .nbh files are generated
willem,
I've been trying to extract the roms using your commands, everything runs fine until I have to run the gsmsplit batch file, as in this line you call "bcl" and I don't know what bcl is:
Code:
for %%i in (_bcl*) do bcl d %%i _x%%i.nb
I am runing it on WinXP SP2 + cywin 1.5.21-1, this is the error I get:
Code:
[email protected] /cygdrive/c/nbh/files
$ gsmsplit.bat GSM.nb gsm.nbx
'bcl' is not recognized as an internal or external command,
operable program or batch file.
'bcl' is not recognized as an internal or external command,
operable program or batch file.
[...]
'bcl' is not recognized as an internal or external command,
operable program or batch file.
'bcl' is not recognized as an internal or external command,
operable program or batch file.
_x_bcl*.nb
The system cannot find the file specified.
0 file(s) copied.
Could Not Find c:\nbh\files\cing\_x_bcl*
[email protected] /cygdrive/c/nbh/files
$ dir
GSM.nb MainSplash.nb SPL.nb nksigned.dbh signatures.txt
IPL.nb OS.nb SubSplash.nb nksigned.nbh unknown_601.nb
Is the line correct? if yes, what is bcl and where can I get it?
Thanks!
Ok, almost everything went fine... i don't know yet about the bcl command i asked before, and i cannot extract the contents of imgfs from OS.nb using rdmsflsh:
Code:
$ rdmsflsh.pl -d files OS.nb > rd.txt
could not find imgfs header
I've also tried prepare_imgfs.exe with OS.nb, it found IMGFS there and dumped it to imgfs_raw_data.bin, but then I cannot use viewimgfs.exe with this file, it complains about "unknown header type", and the file seems corrupt as it is only 6Mb...
BTW... SubSplash.nb seems to be the ExtROM, not the SubSplash.
I get a "Check cert error!" from the bootloader when I try to flash a modified NBH file (thanks TheBlasphemer for your help).
From spv-developers:
"getting a developer CID (SuperCID) will allow you to flash your system with a ROM that is not digitally signed (i.e. a ROM that you have modified). If you do not modify it, you'll not be able to install a modified ROM on the device."
Click to expand...
Click to collapse
Is it possible that we can flash NBH files without signing in the Hermes if we get a SuperCID?
I tried using SPV-Services to change the Hermes CID, but when I execute the CID tool (Alpha) I get the error: INVALID Storage Manager Handle (SAFE)
The NBH format is also used by HTC STARTrek, more info here.
bcl is from bcl.sourceforge.net, and in the latest release called 'bfc'.
willem
pof said:
Ok, almost everything went fine... i don't know yet about the bcl command i asked before ...
Click to expand...
Click to collapse
Hey pof, you need to rename the bfc.exe to bcl.exe ...! then you dont get the error but alot other zero lenght values ...
so did anyone manage to get the extraction of the OS.nb done correctly?
Hi! Do you think is possible to manage that NBH file and change htc logo splashscreen in some ways?
I'd like to create a ROM file upgrade with different spalshcreen for my TYTN.
Hi,
How can I backup my current ROM ( which comes from my operator) the easiest way? before upgrading to WM6.
To keep my warranty works ( in case my device needs any repair in future, I can downgrade it to the original ROM )
I have JASJAM device.
Try to search in WIKI if the ROM you have installed is uploaded
Regards,
Primoz
Already searched there.. NO !
anybody???
IPL & SPL: Use NBHextract to extract them from any shipped NBH.
MainSplash & SubSplash: Use NBHextract to extract them from any shipped NBH, if no NBH is available containing your splash screens, simply never flash them to keep them intact.
Radio:Use NBHextract to extract it from any shipped NBH.
ExtROM: Unhide it and copy the contents over activesync or to storage card.
OS: dump it and reconstruct it.
When you have all the *.nb files, create a NBH file with nbhgen. To put back the extROM simply unlock & unhide it and copy the contents again.
Be sure to flash HardSPL on your phone so you'll always be able to flash the backup rom you've "created" and if you ever need to flash it be sure to use SSPL (so you can overwrite the bootloader).
i am following all steps thru SAFE WM5 upgrade guide. I make it thru the Flashing HardSPL and Upgrading to Radio version 1.41.00.10 with no problems. But on Rebuilding the ROM file I cannot get passed this step....
____________________________________________
When you have downloaded the ROM file you must extract the contents of it using winrar into a folder, to make the process simple i suggest extracting to "original". Now delete ALL the files EXCEPT THE .NBH FILE. We are only interested in this file as it contains the nbh data which is flashed to the device.
The next step is to extract the contents of the file and split it into the seperate components.
Download duttys nbh tool and run it,
_____________________________________________
When I run that tool and try to Decompile NBH File the only thing it show me is radio.nb
It does not show me files like Windows.nb or Herm_ExtendedRom.nb and so on. Just radio.nb
So i am stuck I would really like your help on this.
Here is the link to the step i get stuck on.
http://www.mrvanx.org/cms/index.php...ask=view&id=27&Itemid=26&limit=1&limitstart=4
I can download all the files and programs but as you read above i am having problems. Thanks for any help
Next time wait for me to read this thread rather than PM-ing me the same EXACT thing!
Like I said in the PM it sounds like you are decompiling a radio upgrade rather than a ROM upgrade. Verify you are extracting the nbh from the correct file.
My extended ROM is screwed up.
My hermes is SuperCID, I can unlock and view the content. I can write files to it but I cannot install program to it.
I try a brave and foolish act to format the extended ROM under resco explorer. The rom can be formatted, but now I cannot write files and not to mention install programs to it.
To retore the extended ROM, should I:
Flash to a shipped ROM first before flashing a OS only cooked ROM?
Any help is appreciated.
first install hard spl v7 if you haven't already then just flash another extended rom over it, you can get another extended rrom from the hermes wiki under the upgrading bit., once you have done that it should be ok without having to flash a complete os, then use smething like schaps advanced configuration tool (this cab file can also be found somewhere here on the site), to unlock and unhide your extended rom, hope that helps a little
My X01HT is already Hard-SPL (2.10.Olipro), and ready for upgrading to WM 6.5 (considering TAI edition, thanks!) But suddenly I feel that I may have to backup my original ROM (6.0 CHT) which already came with the phone when I purchased. After search this forum with "backup rom", I've got the following:
http://wiki.xda-developers.com/index.php?auto_redirect=1&pagename=TitleSearch&s=backup+rom
(1) The links listed in the wiki, I think, are not for Hermes. Am I correct?
(2) Is there any other utility to backup original ROM? For Hermes, is it only possible to do so by "dumping" the ROM first as written in:
http://wiki.xda-developers.com/index.php?pagename=Hermes_HowtoDumpRom
I guess if only "dumping" is the only solution, there should be a long way to build the dumped files to a NBH file to flash.
(3) Or is it possible to reflash the official ROM such as:
http://www.asia.htc.com/download/838Pro_HK_CHT_WM6_Upgrade_20070712.zip
extract the NBH file inside and reflash?
Many thanks!