Related
Hi guys,
a new version of ER2003Edit is available from the wiki page:
http://wiki.xda-developers.com/wiki/ER2003Edit
New features and improvements:
- provides support for the new upgrade tool version (0.9.1.0) used by the latest T-Mobile and O2 updates
- supports editing of the header information (DeviceID, Operator and Language) in order to circumvent the country code error
- some other fixes and improvements
Best regards,
softworkz
Thnx dude! At last we got a program to modify the header. I guess this makes a lot of XDA owners very happy.
Great work!
Late...
Thanks Softworkz, great work again. It really looks like an even more powerful tool, but there seems to be a little bug (or I am doing something wrong):
After upgrading ER2003Edit to the new version, I cannot open the ms_.nbf anymore. When I try to open the file, ER2003Edit always crashes, although I left the file unbmodified.
Downgraded to the old version again and there it works, although I have to decode and encode the files by myself.
Any suggestions?
No problems opening the ms_.nbf here after doing the upgrade. Running Win XP sp1.
Try uninstalling the old one completely then install the new one...
Works great!
Late...
is it a misunderstanding between header-information and encryping ???
I think Er2003edit does not do the encryption/decryption so far.
Hey Softworkz...
this would be a great improvement as I guess all coming
extended roms will be encrypted.
Alex
Tried uninstalling and re-install but that didn't help. As far as I remember, Softworkz tool is not able to edit encrypted ms_.nbf.
But on my machine (Win XP pro 2002 SP1) the program always crashes when opening an non-encrypted ms_.nbf...
I will use the old one as a workaround, I don't need to change the header so this should be fine.
some programming tips:
It should not be very difficult to implement the xor decryption, just xor each DWORD in the file with 0x25863614 after loading it in memory, and before saving it back to the file.
also, if you verify the header checksum after loading the file, you should be able to detect that the file you are loading is actually a decrypted nbf file.
and another check to see if at offset 0x70040 there is a valid bootsector, with
the 'MSWIN4.1' and 'FAT16' strings should prevent it from crashing on invalid files.
Ouch, I just found out that the wrong version of xda2tools.dll was included with the setup. I have made available a new version (1.2.20) to fix this. (see wiki page)
Some details about ER2003Edit:
You do not need to uninstall old versions before installing newer ER2003Edit versions.
The new version (1.2.x) is able to perform XOR-De-/Encryption. When opening an extended ROM file ER2003Edit first checks if it is encrypted by looking for the presence of the dashes in the header.
If those are present in the right places ER2003Edit opens the file as usual. If the dashes are absent ER2003Edit tries to decrypt with all of the three XOR-Passwords (). If none of those passwords produces a file with a correct header a prompt is shown which lets you enter your own password.
The decrypted (or a copy of the unencrypted) ROM file is saved to the temp folder. When saving with ER2003Edit the file is encrypted again (in case the original file was encrypted) and is saved to the original location overwriting the initial file.
Itsme: The "dash-check" was used because the CRC-check in your code was always true (didn't look into it further).
The new version supports auto-detection of the ROM type in order to edit the header of the other 2 ROM files (NK and Radio_), too. The "error accessing image files" message is now suppressed for these files.
Nevertheless modifying the header of those files is useless and I didn't figure out how to access the file structure in those files (doesn't look like a FAT image).
Best regards,
softworks
Okay, that explains the problems I experienced. As soon as I am back home I will give it a try. If it works it will be a nice & powerful tool...
==> seems to work perfectly. So there are no more obstacles. Next stage will be an Upgrade to 1.66.xx... :shock:
ok, now it works.
currently, a non-matching crc value only results in a printed warning, maybe I/you could add an extra parameter to the file processing functions, which get the result of the crc-check.
or maybe even better, raise an exception, for the warnings.
ER2003 crashes opening new O2 extended ROM Files
Hi softworkz,
first off all thanks for your great work!
Using the new version of er2003 i cant open the ms_.nbf file of the latest O2 upgrade (1.60.52). It crashes every time. Opening and editing my self created ext. ROM based on T-Mobile Update 1.60.07 works great.
Whats wrong with my installation? If you wish i can send u my Win XP error report.
Escargotet
Sorry for posting, was 2 stupid to read forum first!
Sorry for posting, was 2 stupid to read forum first!
Hi all
Please help to clarify as there are some inconsistances...
(or I am wrong, but will run into this problem)
Er2003edit will try to modify the header information in the NK and Radio_mbf but this will not be successfull and I still will get the Country ID error, is that right ???
As far as bobopopo expierenced the new upgrade utility will not run parts of the upgrade but rather leave the machine useless.
So there is a missing link...
Alex
itsme said:
ok, now it works.
currently, a non-matching crc value only results in a printed warning, maybe I/you could add an extra parameter to the file processing functions, which get the result of the crc-check.
or maybe even better, raise an exception, for the warnings.
Click to expand...
Click to collapse
The CRC check does not work in your code. XORing with a wrong password results in the following message:
WARNING: this does not look like a nbf header, possible you provided the wrong password
But this gets printed as a result of the "dash-check". If the crc-check would fail, a different message would be printed:
WARNING: checksum is not ok, possibly you provided the wrong password
But this message never gets printed because (filecrc != crcsum) never occurs (for whatever reason).
Xant said:
Hi all
Er2003edit will try to modify the header information in the NK and Radio_mbf but this will not be successfull and I still will get the Country ID error, is that right ???
Click to expand...
Click to collapse
No. Er2003Edit can open NK and radio ROM files and edit the header. Er2003Edit automatically re-encrypts the newer ROM files (XOR-Method).
Er2003Edit decrypts older ROM files (DES-Encrpytion), lets you edit the header and save the file but it does not re-encrypt these ones (use xda2nbftool). A message is displayed in this case to remind you to encrypt the file.
Xant said:
As far as bobopopo expierenced the new upgrade utility will not run parts of the upgrade but rather leave the machine useless.
Click to expand...
Click to collapse
AFAIK the upgrade tool will only look at the extended ROM's operator field. Anyone please correct me if I'm wrong about that.
softworkz said:
Xant said:
As far as bobopopo expierenced the new upgrade utility will not run parts of the upgrade but rather leave the machine useless.
Click to expand...
Click to collapse
AFAIK the upgrade tool will only look at the extended ROM's operator field. Anyone please correct me if I'm wrong about that.
Click to expand...
Click to collapse
I confirm what bobopopo claims, i tried only flashing the ms_.nbf, and it totally messed up my machine (stuck in bootloader), i had to reflash all three to get it to work again
nargalzius said:
softworkz said:
Xant said:
As far as bobopopo expierenced the new upgrade utility will not run parts of the upgrade but rather leave the machine useless.
Click to expand...
Click to collapse
AFAIK the upgrade tool will only look at the extended ROM's operator field. Anyone please correct me if I'm wrong about that.
Click to expand...
Click to collapse
I confirm what bobopopo claims, i tried only flashing the ms_.nbf, and it totally messed up my machine (stuck in bootloader), i had to reflash all three to get it to work again
Click to expand...
Click to collapse
I knew about this. I was just stating that the header of NK and Radio is irrelevant for the upgrade tool and is not responsible for the country code error.
SPV M1000
Does it work with SPV M1000 version
loade ER2003 started it and stay on the ROM info screen :?
Is this (WM2k5_1.50g_XDA2_HIMALAYA.rar) newer then this
(WM2k5_XDA2_HIMALAYA_O2_FullRAM)
getting confuse.
I have a few question, please advise me.
1. extracted either files, and found that there is no (ms_) and (Radio_)
is this normal ?
2. i saw Radio 1.7.
Do i need to put Radio 1.7 together with NK.nbf and HimaUpgradeUt.
3. As for Protocol
Do i need to grab from the WM2003SE upgrade files?
I have read Wiki, but it did not mention about Radio 1.7 and Protocol
please guide me.
keithhiap said:
Is this (WM2k5_1.50g_XDA2_HIMALAYA.rar) newer then this
(WM2k5_XDA2_HIMALAYA_O2_FullRAM)
getting confuse.
I have a few question, please advise me.
1. extracted either files, and found that there is no (ms_) and (Radio_)
is this normal ?
2. i saw Radio 1.7.
Do i need to put Radio 1.7 together with NK.nbf and HimaUpgradeUt.
3. As for Protocol
Do i need to grab from the WM2003SE upgrade files?
I have read Wiki, but it did not mention about Radio 1.7 and Protocol
please guide me.
Click to expand...
Click to collapse
WM2k5_1.50g_XDA2_HIMALAYA.rar :shock:
to my knowledge g could be newer than f the one in the full ram version, so this potantially could be newer, as for the files ms & radio they have to be in the same folder as NK, regarding the protocol i have no idea what do you mean so please explain further
Basically, i am trying to claify by comparing WM2003SE files.
You see, when you extract WM2003SE, you will see 3 files (MS, NK and radio) right?
And in WM2005, you only see 1 (NK).
So, by my understanding, there is no Radio, and MS(in this case, this is protocol) in WM2005
Does it means that do i need to copy Radio 1.7 FTP: xda:xda and (MS) from WM2003SE into WM2005 folder?
pardon my english.
i see the screenshot for WM2005, and it has the radio 1.7 and protocol 1337.38
this really confusing me
Also reading the upgrading procedure. is just use patch 1, patching the NK files
then use ERedit and change the operator
this leads me that this file is only for OS.
So, as for radio and protocol (here i means , MS and radio), it is copy individual from different files and place it into the folder WM2005(here i mean going to upgrade)
thanks
by the way, this file WM2k5_1.50g_XDA2_HIMALAYA.rar is only 6.08MB, which is smaller then WM2k5_XDA2_HIMALAYA_O2_FullRAM (23MB)
Huh, I downloaded it and my rar file was 23695Kb, the extracted NK.nbf was 32769Kb.
I need my device at the moment so I dare not risk the upgrade at the moment. If anyone has performed the upgrade please post a line if it was successful.
cheers
hey guys,
there is nothing wrong with it...
i just uploaded it onto ftp. so if you have downloaded something smaller than usual size, you did the download before it was completely uploaded...
And yes, it is the newest version....
buzz
buzz_lightyear said:
hey guys,
there is nothing wrong with it...
i just uploaded it onto ftp. so if you have downloaded something smaller than usual size, you did the download before it was completely uploaded...
And yes, it is the newest version....
buzz
Click to expand...
Click to collapse
Buzz,
what are the enhancements done on it ?
Btw thanks you for the hard work once again...
buzz_lightyear said:
hey guys,
there is nothing wrong with it...
i just uploaded it onto ftp. so if you have downloaded something smaller than usual size, you did the download before it was completely uploaded...
And yes, it is the newest version....
buzz
Click to expand...
Click to collapse
Thnx Buzz, I just did the upgrade, no problems.. seems more stable... at least after running it for 5 minutes :wink:
Changes.log
Buzz,
Great and awesome work as usual
Just wondering if you can post a changes log or something so we can see any updates / changes you guru's have made
Just one question, in the final steps when we have to hardreset the pocket it's says format storage, it's internal storage or storage card?
eloco said:
Just one question, in the final steps when we have to hardreset the pocket it's says format storage, it's internal storage or storage card?
Click to expand...
Click to collapse
It's the internal storage eloco... Storage Cards ramain the same.
I'm getting reports from Newsmobile.it forum that this "g" version doesn't exposes the whole 128MB RAM amount........... :?:
Perhaps are there some additional steps to do?
I'm getting reports from Newsmobile.it forum that this "g" version doesn't exposes the whole 128MB RAM amount...
Click to expand...
Click to collapse
just flashed mine & memory is showing 62.00 for Storage and 56.34 for Program. I can live with 118 if this this image stops sucking my battery dry.
Can you list the differences/improvements?
Is the NAND Disk renaming to Sotrage the only change?
Can you list the differences/improvements?
Click to expand...
Click to collapse
I'm still waiting to see an improvement. Even with the slightly newer kernel I still see my battery dropping approx 1% per hour. Maybe that's OK, but with my radio, BT, and IR off I think it should do better than a 25% / day drop. If my radio was on, for 8-12 hours then 25% (maybe 40%) makes sense. I do notice that ActiveSync seems to load itself periodically (which I never saw using WM2K3SE), and I assume my serial port is being energized whenever AS loads. This could account for the power drop, but I'm still observing it. I haven't seen anything I could point to as an improvement.
I was hoping to see an improved video camera and working SMSs... :wink:
Oh well, I'm willing to wait whatever time necessary for better and better releases of BuzzMobile5.0
WoW another version from Buzz.... Buzz can u please whats the diff between the old and the new pls..
i've upgrade my xda with 1.50g, it works just great, with more stability on my device, but still with the minor bug (camera, and record button). i can see the program memory is bigger than the 1.50f, so i can open the 3mb excel file freely. now i can use the wisbar advance 2 without a bug, i think....
gadz, or anybody else with WM5, have you tried Wisbar 2.10.0.29 ? When I tried to run it, it would lock up until I renamed lrgwesex.dll. I'm also experience small graphic hic-ups, is anyone else?
http://www.lakeridgesoftware.com/forum/viewtopic.php?t=1977&start=15
Many users have asked me for some of the Rilphone.dll's of different radios. What I am attempting to do is to make one central location for all of the rilphone.dll's to be posted. Here is a couple that I already have on my machine. I will work at getting some others later on this evening.
If you are posting a rilphone.dll, please include the name of the device it comes from and the radio number it pertains to. Also, it would be really nice if users posting rilphone.dll's if they would just attach the zip file rather than linking to rapidshare, megaupload, 4shared or whatever. The files are small enough to just attach to your actual post.
If I have missed one that you require and you can't find it, please PM me and I will see what I can do.
Thanks for helping out in advance.
More Raph Rilphone.dll zip files
Thanks to Chainfire (Author of DriverWiz see post #15) I have created cabs of the different dll's I already have posted. These should work even if the nk.exe is not patched. Understand, that if it doesn't work, a HR might be in your future. Please test at your own risk.
Blackstone & Quartz Rilphone.dll Cabs
Thanks to Chainfire (Author of DriverWiz see post #15) I have created cabs of the different dll's I already have posted. These should work even if the nk.exe is not patched. Understand, that if it doesn't work, a HR might be in your future. Please test at your own risk.
Warning:
Please be warned that the X1_Rilphone_1_14_25_55.cab will freeze your device at the first boot screen. I am leaving it attached for others to play with and see if they can get it to work, but for now, it does not work with our devices.
Raphael Rilphone.dll Cabs
Thanks to Chainfire (Author of DriverWiz see post #15) I have created cabs of the different dll's I already have posted. These should work even if the nk.exe is not patched. Understand, that if it doesn't work, a HR might be in your future. Please test at your own risk.
- Requested Rilphone.dll's -
This will be for misc. requests. Just PM me and I will post the requested files. Thanks to everyone for the great responses. This forum just blows me away continuously with the great people we have here.
The attachments are just the dll's in zip format. The cab's will be with the other cab posts.
One more for the Blackstone
ok so i am not very familiar with this kind of file. when i unzip the folders you provide it shows the new folder as being empty taking up quite a bit of size.
how do i handle this file?
FatalCharade said:
ok so i am not very familiar with this kind of file. when i unzip the folders you provide it shows the new folder as being empty taking up quite a bit of size.
how do i handle this file?
Click to expand...
Click to collapse
The DLLs in the ZIP have hidden and system attributes, make windows explorer is set to show both.
Before the standard questions get asked here's links that explain :
Rilphone.dll ?
How to Install ?
k got it thanks.
Hey these were posted around the forum and in the radio thread. Credit goes to the persons who made them...sorry dont know who..actually.
About installing, stuff like this should always be installed with a signed CAB and DLL that injects its (your) own certificate into the privileged execution store. You don't need a patched nk.exe for that, and it works like a charm. I use this trick for all my 'system hacking' needs, and I know many other do too. I would advise against copying the file and renaming the registry as installation method - it's not proper. I'd be very surprised if this doesn't work for rilphone like Da_G said - I've never had this not work and I've replaced quite a few important system files on running systems.
Perhaps I should write a guide on this, as I see a whole lot of people fail at replacing system DLL's in various topics just because they don't do it right.
Chainfire said:
About installing, stuff like this should always be installed with a signed CAB and DLL that injects its (your) own certificate into the privileged execution store. You don't need a patched nk.exe for that, and it works like a charm. I use this trick for all my 'system hacking' needs, and I know many other do too. I would advise against copying the file and renaming the registry as installation method - it's not proper. I'd be very surprised if this doesn't work for rilphone like Da_G said - I've never had this not work and I've replaced quite a few important system files on running systems.
Perhaps I should write a guide on this, as I see a whole lot of people fail at replacing system DLL's in various topics just because they don't do it right.
Click to expand...
Click to collapse
Would you be so kind as to check my work? I have it signed and certificate stored in priveledged execution. I just want to make sure I've done it correctly. If it's wrong, then I've been doing it wrong for quite a while now.
Edit:
The cabs were not the correct way of doing things so I removed them.
Yeah you come ask me in chat and ignore me when I answer
Chainfire said:
Yeah you come ask me in chat and ignore me when I answer
Click to expand...
Click to collapse
I'm sorry. I never saw you reply. I just figured you were busy.
Right, here's how to do it properly:
http://forum.xda-developers.com/showthread.php?t=495145
Not sure if it will work for rilphone, but it's pretty likely
Chainfire said:
Right, here's how to do it properly:
http://forum.xda-developers.com/showthread.php?t=495145
Not sure if it will work for rilphone, but it's pretty likely
Click to expand...
Click to collapse
Worked perfect. Nicely done. And I rated it 5 stars.
P1Tater said:
Worked perfect. Nicely done. And I rated it 5 stars.
Click to expand...
Click to collapse
Your cab works perfect to.
I wanted to be sure so i also commited the trick of monx.
Afterwards i have implemented your cab and the rilphone is fully working.
In the beginning i was not able to fix this before i had the trick of monx. I was trying and trying. But now this combination wheter it was your cab or monx his certificate trick. I did it, so i'm happy now
hivesnl said:
Your cab works perfect to.
I wanted to be sure so i also commited the trick of monx.
Afterwards i have implemented your cab and the rilphone is fully working.
In the beginning i was not able to fix this before i had the trick of monx. I was trying and trying. But now this combination wheter it was your cab or monx his certificate trick. I did it, so i'm happy now
Click to expand...
Click to collapse
These cab's should work without the hex edit of the nbh. They should also work with a rom that does not have the nk.exe patched. Either way, I'm glad it worked for you.
thanks P1tater! cabs worked perfect my friend
http://www.htc.com/www/SupportDownload.aspx?p_id=133&cat=0&dl_id=538
It's for the Diamond, but assuming it works on the Raph, Da_G, can you work your magic and integrate whatever's needed from here into your kitchen(s)?
OEM_Misc.dll
Extracted Diamond_audioplayback.exe contents, verified _Setup.xml, Platformxxx.reg and CM_Entries.xml:
- No registry changes
- Attached file is copied to .\Windows folder on device
Place file in .\OEM\OEMDrivers if cooking in kitchen.
Cheers,
Thanks -- trying it in my own ROM now ...
hilaireg is way ahead of me
ill check it out when i get home from the hospital! sounds good
Super-newbie question: What did you use to extract it from the EXE?
@Da_G:
Figured your queue was full enough as it is
@Wordsmith9091:
I used WinRAR 3.3 (IZArc 3.81 couldn't open the .EXE). Once it was extracted, I had a look at _setup.XML as it contains the short-to-long filename conversion details.
I renamed the pertinent files (previous post) and had a look at the content in those to ensure that there were no special requirements.
I used IZArc 3.81 to .ZIP up the file so that it could be posted here.
Thanks -- I learn a new trick every time I come to this site
Just tried building my ROM with it, all seems well so far, though I havne't played enough audio to test yet ...
... but I lost the ability to set button assignments other than Button-1-hold in the buttons panel -- it's like the stock behavior. Is that also controlled by this DLL?
Edit: Never mind, I'm a moron, this issue had nothing to do with this DLL
I don't think so ... the Stock HTC ROM only included "Button 1" which drives me crazy.
I've got a task on my list to deal with that I soon as I'm done some other kitchen related stuff.
I'll post up - unless someone beats me to it - once I figure out how to get button mapping.
Cheers,
I can't be 100 percent sure it's what interfered with button mapping, but it's the only thing I can think of that i've done different between builds.
Since this fix only requires a single DLL copied to the \Windows folder, I was able to cab it up using ChainFire's DriverWiz tool, and install it. I stream music via A2DP during every car ride, so I'll be able to test this on my ride home. I'll attach the cab if anyone else wants to try it as well.
You make me proud Captain
Following your lead, I have attached a .ZIP that can be used in a kitchen; to use:
Extract the .ZIP to the PACKAGES folder.
Verify that the <GUID>'s on the .DSM don't collide with ones you are currently using.
Remove the OEM_MISC.DLL from the .\OEM\OEMDrivers folder.
Cook away.
Note:
Tested on Da_G's (ERAS2R/Me) 21042 kitchen.
HTH,
HTC Diamond Hotfix..
Many thanks Captain_Throwback for the CAB, am testing Music Player now. The HTC version will not install on the Orange Diamond says 'Not Compatible'.
... 25mins in..clean as a whistle!!
....3 albums in, job done.
Never mind on the button-mapping question. I realize what I did (I think). HAd nothing to do with this dll.
Any info you can pass my way?
hilaireg -- PMed you.
Well, I drove around for a bit after cooking this in and reflashing, and I still got some skips listening to music in Kinoma Play. Don't know if that's Kinoma's fault or if it's a symptom of the problem this is meant to address. I wasn't getting any skipping with the TF3D player even before applying this.
improvement?
I saw a noticeable improvement in the length of pauses in between my songs while streaming over A2DP (though it did get stuck on me after about 20 minutes). Its better than it was . . . I think. I don't know if there's really a scientific way to test this, really. Maybe the problem this is supposed to address isn't that at all. Maybe we need to find someone who actually KNOWS they have this problem, so we can see if the fix really helps.
Hotfix for Diamond..
I have a Diamond on the Orange Network with the stock HTC 1.93 ROM. It used to skip every 5 mins but after installing your CAB it is now perfect, not a glitch. I am a very happy bunny. Thanks for your work Captain..
looby said:
I have a Diamond on the Orange Network with the stock HTC 1.93 ROM. It used to skip every 5 mins but after installing your CAB it is now perfect, not a glitch. I am a very happy bunny. Thanks for your work Captain..
Click to expand...
Click to collapse
All I did was make the cab. Wordsmith found it, and hilaireg extracted it. Its a team effort. That's what a community is all about .
Captain_Throwback said:
All I did was make the cab. Wordsmith found it, and hilaireg extracted it. Its a team effort. That's what a community is all about .
Click to expand...
Click to collapse
And if he has a diamond, he could probably just install the hotfix directly from HTC
Wordsmith9091 said:
And if he has a diamond, he could probably just install the hotfix directly from HTC
Click to expand...
Click to collapse
He already tried that . . .
looby said:
Many thanks Captain_Throwback for the CAB, am testing Music Player now. The HTC version will not install on the Orange Diamond says 'Not Compatible'.
Click to expand...
Click to collapse
Hi all; I am new (here that is) but am fully capable microsoft certified & mvp coder.
Who is or want's to be or can help working on magldr compatible wp7 Kitchen and initial live-activated dwi rom?
1st goal here to make a kitchen then for hello_world just rebuild leo70 with live activated. Maybe get together here and setup proper dedicated irc. This may not be normal way to go about but I am not interested in social netiquette distractions. Just want to work on this and get it done. I have been using dumps (both my own and this: http://forum.xda-developers.com/showthread.php?t=915978 ) along with jtag, and everything at my disposal.
I am doing this now with progress already made and have been working on this since prior to leo70 public release.
if interested or have news or info please post here or pm me- thanks.
G-ThGraf said:
Could we make a WP7 ROM with Chevronwp7 and all tweaks i cooked in?
Click to expand...
Click to collapse
I am hoping to and trying to and will make a kitchen and then this so soon: YES!
leo70 said:
Anyone made any moves on .rgu to .provxml to enable service mode on leo70?
REGEDIT4
[HKEY_LOCAL_MACHINE\System\BootLauncher]
"Default"="ServiceApp.exe"
or:
REGEDIT4
[HKEY_LOCAL_MACHINE\Drivers\USB\FunctionDrivers\TFTP]
"DeviceName"="USBFNS3:"
"USB_MaxPower"=dword:32
"bcdDevice"=dword:00000000
"Product"="Generic Serial"
"idProduct"=dword:00000629
"Manufacturer"="Generic Manufacturer"
"idVendor"=dword:0000045e
"IClass"="{CC5195AC-BA49-48a0-BE17-DF6D1B0173DD}"
"Flags"=dword:00000002
"Prefix"="FTP"
"Dll"="tftp.dll"
Anyone use trivial ftp for FUU? anyone called these DLLs or used/moded these keys?
also: per Da_G partition layout and comments for wp7 hard spl: for FFU/RUU: is it serial or usb/kitl/ethernet?
I think injecting a certificate into leo70 and rebuilding dump up will then allow an ffu to be flashed; debugging this then leads to a lot; hspl, kitchen, new roms.
Click to expand...
Click to collapse
Where is all the action/info !?
I wish you all the luck to make this a wonderful experience. Hope people with relevant knowledge and skills join you for this cause.
first there need to be some tools to be made , like Reloc , rebuild imgfs , maybe a platformbuilder like bepe did.
after that you could make a kitchen.
Da_G have posted some interesting information in WP7 Development & Hacking section
http://forum.xda-developers.com/showthread.php?t=649914
maybe this would also help to understand the structure of the (our DFT) rom.
Sounds good guys. Potentially integration of the android set up could be good bypassing the need to copy partitions across etc.
Wow ... good luck my friend
-------------------------------------
Sent via the XDA apptalk leo android
The imgfs rebuild with all modify is possible with tools here http://forum.xda-developers.com/showthread.php?t=685272
But a this time i don't find way to rebuild flash.store.bin (part04.bin = os.nb) content bin's:
LOGO
BLDR
NK
SLDR1
SLDR2
IMGFS
USER
...
Maybe the DFT wait to give the tool for community ??
;p
Good luck seems an excellent idea
netdrg said:
The imgfs rebuild with all modify is possible with tools here http://forum.xda-developers.com/showthread.php?t=685272
But a this time i don't find way to rebuild flash.store.bin (part04.bin = os.nb) content bin's:
LOGO
BLDR
NK
SLDR1
SLDR2
IMGFS
USER
...
Maybe the DFT wait to give the tool for community ??
;p
Click to expand...
Click to collapse
HazzBazz said:
Sounds good guys. Potentially integration of the android set up could be good bypassing the need to copy partitions across etc.
Click to expand...
Click to collapse
sandman01 said:
Da_G have posted some interesting information in WP7 Development & Hacking section
http://forum.xda-developers.com/showthread.php?t=649914
maybe this would also help to understand the structure of the (our DFT) rom.
Click to expand...
Click to collapse
ceesheim said:
first there need to be some tools to be made , like Reloc , rebuild imgfs , maybe a platformbuilder like bepe did.
after that you could make a kitchen.
Click to expand...
Click to collapse
Cool.
we can at least discuss it all here maybe: put all relevant info together.
I agree with u ceesheim, with tools required etc.
What about 7/CE platform builder though, modify, plus existing tools for imgfs etc? I was thinking also: for now anyway: just disassembling dwi.exe and figuring out all of the other partxx of this build which gets around non-wp7-spl. its a great hack and bears with it some interesting methods which may lead to other things.
I am really just exploring all options for now; any ideas, thoughts, discoveries? To be honest I am only reverse enginerring it all and have not yet tried to rebuild flash.store.bin (part04.bin = os.nb). Was going to try a few os.nb in there and just see response of magldr etc. Been lazy last few days lol.
But point is seems FUU/RUU and then Cotulla,DFT,Bepe' DWI give us two different paths to explore here!
What are exact known problems & current states on that: trying to do dump to (re)-build+flash?
I think that is where I will work - figure out other partxx.bin and magldr and disassemble dwi.exe to make flasher.
Thoughts?
ceesheim said:
this is used to dump it :
http://forum.xda-developers.com/showthread.php?t=884239
I think it was part 4 you had to rename to .nb and then open in this rom tool.
Click to expand...
Click to collapse
netdrg said:
i use the tools here http://forum.xda-developers.com/showthread.php?t=685272
For make this dump
Click to expand...
Click to collapse
ceesheim said:
only different is that the tools from da_g are command line .
the link I posted is more noob prove
I just tested it , rename part4.bin to part4.nb
then open romtools and click open ,go to the location where you stored part4.nb and click it and hit the button open
Click to expand...
Click to collapse
Yep, thanks guys.
I use them all depending on what I am doing. Da_G great: use all these tools 4 imgfs, xip, uldr, xph, etc and yeah - can get same for part04.nb to rie. What been discovered/worked out for other partxx.bin of 'myname' ? emul' wp7 spl etc opened, explored? Anyone know overall kitchen progress thus far? Hope wp7 kitchen ppl can get together more so and get this done!
leo70 said:
Ok.........
Anyone looked at rgu for serviceapp.exe or got anything on this? calls to DLL for Trivial FTP for FUU? Also: questions if any wouldnt mind:
anyway to tweak dwi.exe just like daf.exe and use switches like |ro| and other switches and set part layout size etc? originally thought could force magldr to convert-extract by putting other partxx.bins on part(0) user then do userdata dump to .img but layout! and prob it just dump in original .bin anyway? not quite sure how dwi places converts- containers, fs, etc?
What IS known about magldr, partxx.bin(s), dwi.exe?
Yeah, im being lazy, maybe too hopeful here on these ones, but worth asking. I will fully disassemble dwi.exe later on .
If problem with rebuild .nb/.nbh perhaps use another kitchen like zero or visual osbuilder with wm6 and just rename .nb to part04.bin to even see if it will load at all; debug this and watch this strap up; I might try this with stock os.nb made to fit to size. CRC?
it may fail totally but I want to see why and where/when/by what. ie: interaction with wp7 hd2 spl emulacrum and other parts+magldr. Will cotl' spl etc get wm6; should 'understand' wm6 os.nb?
Might lead to exploration of other partxx.bin from within wm6 or mtty. another thing is mtty. Mtty brings other ideas into play; if we know Cotulla and DFT layouts etc and truly understand magldr, partxx.bin, dwi.exe, and emulacrum spl, then we can go another way: that is all I am really saying here.
Especially considering how it is built and lack of tools/info on this ***particular*** wp7 build.
Click to expand...
Click to collapse
Ok.........
Anyone looked at rgu for serviceapp.exe or got anything on this? calls to DLL for Trivial FTP for FUU? Also: questions if any wouldnt mind:
anyway to tweak dwi.exe just like daf.exe and use switches like |ro| and other switches and set part layout size etc? originally thought could force magldr to convert-extract by putting other partxx.bins on part(0) user then do userdata dump to .img but layout! and prob it just dump in original .bin anyway? not quite sure how dwi places converts- containers, fs, etc?
Yeah, im being lazy, maybe too hopeful here on these (ffu/ruu) ones etc, but worth asking. These are what I will figure out/we need to. Also noted "wph" string in daf.exe for droid. interesting. so yes, bypass option seems real.
edit: going back to what I said above, replacing part04.bin COMPLETELY with equivalent size os.nb (rename back to part04.bin) and flashing with dwi.exe? there is a plethora of things that could be attempted this way. crc? size? errors? not sure, but there is that hd3/hd7 experimental leaked "hd2 wp7" rom that wouldn't flash to hd2 under normal spl. and a lot of other things here to do; I am just interested in this as it bypasses all normal known spl mechanisms completely! You can flash anything you want without checks etc. And then explore interaction with Cotulla' spl (wp7hd2LEO1000) and other partxx.bin etc. Thoughts?
As far as orthodox methodology goes, so, bepe_cotulla_dft made a complete new platform builder and bsp? thoughts on where to start without this?
Please note I am a windows (nt) kernel coder and getting my head around phone7, ie bsp/oal=hal (!) so please bear with me! Who is working on Transaction Safe exFAT? any progress towards cracking? what is Encryption used in TexFAT? Along with kernel/drivers (nt x86/x64) also have cryptography experience. Sorry for all the questions! umm, in summary:
I am also assuming other partxx.bin(s) of DFT release are SPL, OEM, OEM RO, etc.
***Anyone got up KITL and/or can debug this leo70 release? (please answer with instructions etc!).***
edit: with above factors being case, I will fully disassemble and reverse magldr, partxx.bin, cotulla wp7 hd2 spl, os.nb, dwi.exe later on . edit: am doing now. whilst reading architecture for windows 7 phone! Kitchen will be done, but ability to just flash and part layout initially required imho! I am going to take control of magldr, cotulla wp7 spl, dwi.exe first: doing this now .
Sorry to spread over few posts!
Ultimately thus, concluding, I think key here is to reverse engineer all (cotulla' wp7-hd2-spl emulacrum, magldr, os.nb, all other partxx.bins, dwi.exe) then create new open set of each these and new flasher: anyone explored this, disagree, agree?
This is what I am doing now .
Got IP address & can see what is being done.
i like your work
keep up what u doing and i hope to get it done so we can finally use wp7 unlocked and activated
thank you...
@Leo70
I'm a coocker (for windows mobile 6.X) so if you need some help i think i could help you. Just PM me if you need
Why don't you ask Cotulla? Reverse Engineering will be much more longer?
I think they are working on a new MGLDR so why do your own thing on your side?
Can you put a file in the installation process where we can put our Live ID Code?
If every one have the same market ID that will possibly be a problem in the future?
I'm not trying to teach you anything don't really now about dev stuff just wanted to share my thought and opinion.
looking forward to this kitchen....
ok, after 3 days of attempting to download RUU_Schubert_HTC_Europe_1.60.401.01_Radio_5.52.09.16_22.33a.50.10_Signed rom i had finally been successful so i thought i should try out swapping stuff to determine what each part**.bin represents.. started off with the basic os.nb swapping and tried flashing magldr to see the changes..
i hate to be the bearer of bad news but it seems partition size & info are hardcoded into DWI.exe so the file size change doesnt allow for a successful flashing..
so lets hope it will be more flexible when magldr 1.13 is released (which is going to be released "soon" as in no specific eta) otherwise this kitchen might just serve the purpose for building nb's/nbh's for other devices..
But im sure this issue is only present in magldr 1.12 dwi.exe as the wp7 rom wasnt released officially in xda, however only time will tell
Only time will tell, fingers crossed
this project sounds great. a already tweaked rom would be awesome and an pre activated rom even better.
keep up the work. maybe you should contact cotulla and ask him rather than reverse engineer everything. maybe he will help you and save you a lot of work.