Related
Hi guys,
a new version of ER2003Edit is available from the wiki page:
http://wiki.xda-developers.com/wiki/ER2003Edit
New features and improvements:
- provides support for the new upgrade tool version (0.9.1.0) used by the latest T-Mobile and O2 updates
- supports editing of the header information (DeviceID, Operator and Language) in order to circumvent the country code error
- some other fixes and improvements
Best regards,
softworkz
Thnx dude! At last we got a program to modify the header. I guess this makes a lot of XDA owners very happy.
Great work!
Late...
Thanks Softworkz, great work again. It really looks like an even more powerful tool, but there seems to be a little bug (or I am doing something wrong):
After upgrading ER2003Edit to the new version, I cannot open the ms_.nbf anymore. When I try to open the file, ER2003Edit always crashes, although I left the file unbmodified.
Downgraded to the old version again and there it works, although I have to decode and encode the files by myself.
Any suggestions?
No problems opening the ms_.nbf here after doing the upgrade. Running Win XP sp1.
Try uninstalling the old one completely then install the new one...
Works great!
Late...
is it a misunderstanding between header-information and encryping ???
I think Er2003edit does not do the encryption/decryption so far.
Hey Softworkz...
this would be a great improvement as I guess all coming
extended roms will be encrypted.
Alex
Tried uninstalling and re-install but that didn't help. As far as I remember, Softworkz tool is not able to edit encrypted ms_.nbf.
But on my machine (Win XP pro 2002 SP1) the program always crashes when opening an non-encrypted ms_.nbf...
I will use the old one as a workaround, I don't need to change the header so this should be fine.
some programming tips:
It should not be very difficult to implement the xor decryption, just xor each DWORD in the file with 0x25863614 after loading it in memory, and before saving it back to the file.
also, if you verify the header checksum after loading the file, you should be able to detect that the file you are loading is actually a decrypted nbf file.
and another check to see if at offset 0x70040 there is a valid bootsector, with
the 'MSWIN4.1' and 'FAT16' strings should prevent it from crashing on invalid files.
Ouch, I just found out that the wrong version of xda2tools.dll was included with the setup. I have made available a new version (1.2.20) to fix this. (see wiki page)
Some details about ER2003Edit:
You do not need to uninstall old versions before installing newer ER2003Edit versions.
The new version (1.2.x) is able to perform XOR-De-/Encryption. When opening an extended ROM file ER2003Edit first checks if it is encrypted by looking for the presence of the dashes in the header.
If those are present in the right places ER2003Edit opens the file as usual. If the dashes are absent ER2003Edit tries to decrypt with all of the three XOR-Passwords (). If none of those passwords produces a file with a correct header a prompt is shown which lets you enter your own password.
The decrypted (or a copy of the unencrypted) ROM file is saved to the temp folder. When saving with ER2003Edit the file is encrypted again (in case the original file was encrypted) and is saved to the original location overwriting the initial file.
Itsme: The "dash-check" was used because the CRC-check in your code was always true (didn't look into it further).
The new version supports auto-detection of the ROM type in order to edit the header of the other 2 ROM files (NK and Radio_), too. The "error accessing image files" message is now suppressed for these files.
Nevertheless modifying the header of those files is useless and I didn't figure out how to access the file structure in those files (doesn't look like a FAT image).
Best regards,
softworks
Okay, that explains the problems I experienced. As soon as I am back home I will give it a try. If it works it will be a nice & powerful tool...
==> seems to work perfectly. So there are no more obstacles. Next stage will be an Upgrade to 1.66.xx... :shock:
ok, now it works.
currently, a non-matching crc value only results in a printed warning, maybe I/you could add an extra parameter to the file processing functions, which get the result of the crc-check.
or maybe even better, raise an exception, for the warnings.
ER2003 crashes opening new O2 extended ROM Files
Hi softworkz,
first off all thanks for your great work!
Using the new version of er2003 i cant open the ms_.nbf file of the latest O2 upgrade (1.60.52). It crashes every time. Opening and editing my self created ext. ROM based on T-Mobile Update 1.60.07 works great.
Whats wrong with my installation? If you wish i can send u my Win XP error report.
Escargotet
Sorry for posting, was 2 stupid to read forum first!
Sorry for posting, was 2 stupid to read forum first!
Hi all
Please help to clarify as there are some inconsistances...
(or I am wrong, but will run into this problem)
Er2003edit will try to modify the header information in the NK and Radio_mbf but this will not be successfull and I still will get the Country ID error, is that right ???
As far as bobopopo expierenced the new upgrade utility will not run parts of the upgrade but rather leave the machine useless.
So there is a missing link...
Alex
itsme said:
ok, now it works.
currently, a non-matching crc value only results in a printed warning, maybe I/you could add an extra parameter to the file processing functions, which get the result of the crc-check.
or maybe even better, raise an exception, for the warnings.
Click to expand...
Click to collapse
The CRC check does not work in your code. XORing with a wrong password results in the following message:
WARNING: this does not look like a nbf header, possible you provided the wrong password
But this gets printed as a result of the "dash-check". If the crc-check would fail, a different message would be printed:
WARNING: checksum is not ok, possibly you provided the wrong password
But this message never gets printed because (filecrc != crcsum) never occurs (for whatever reason).
Xant said:
Hi all
Er2003edit will try to modify the header information in the NK and Radio_mbf but this will not be successfull and I still will get the Country ID error, is that right ???
Click to expand...
Click to collapse
No. Er2003Edit can open NK and radio ROM files and edit the header. Er2003Edit automatically re-encrypts the newer ROM files (XOR-Method).
Er2003Edit decrypts older ROM files (DES-Encrpytion), lets you edit the header and save the file but it does not re-encrypt these ones (use xda2nbftool). A message is displayed in this case to remind you to encrypt the file.
Xant said:
As far as bobopopo expierenced the new upgrade utility will not run parts of the upgrade but rather leave the machine useless.
Click to expand...
Click to collapse
AFAIK the upgrade tool will only look at the extended ROM's operator field. Anyone please correct me if I'm wrong about that.
softworkz said:
Xant said:
As far as bobopopo expierenced the new upgrade utility will not run parts of the upgrade but rather leave the machine useless.
Click to expand...
Click to collapse
AFAIK the upgrade tool will only look at the extended ROM's operator field. Anyone please correct me if I'm wrong about that.
Click to expand...
Click to collapse
I confirm what bobopopo claims, i tried only flashing the ms_.nbf, and it totally messed up my machine (stuck in bootloader), i had to reflash all three to get it to work again
nargalzius said:
softworkz said:
Xant said:
As far as bobopopo expierenced the new upgrade utility will not run parts of the upgrade but rather leave the machine useless.
Click to expand...
Click to collapse
AFAIK the upgrade tool will only look at the extended ROM's operator field. Anyone please correct me if I'm wrong about that.
Click to expand...
Click to collapse
I confirm what bobopopo claims, i tried only flashing the ms_.nbf, and it totally messed up my machine (stuck in bootloader), i had to reflash all three to get it to work again
Click to expand...
Click to collapse
I knew about this. I was just stating that the header of NK and Radio is irrelevant for the upgrade tool and is not responsible for the country code error.
SPV M1000
Does it work with SPV M1000 version
loade ER2003 started it and stay on the ROM info screen :?
Dear Fellas,
Where can I get a step by step ROM upgrade instruction to upgrade/flash my XDA II into WM2003SE? I have been through the forum, but still can not find a basic guide to do the upgrade.
I have downloaded "Customized_WM2003SE_Asian_Edition_Version2.zip" from ZeroXtreme. What can I do with this file? How can I start it?
Anyone can help me pleaseeee.......Thanks a lot.
Rgds,
Fendie
Ahoy there matey!
this is what you do:
1. decide on what version you want to use.
2. get them roms. (E.g. read through DCS's post on the ORIGINAL WMSE)
currently there are three versions of the WMSE namely 2.02,2.06, and 2.20.
3. check your device data for language and operator:
use getdevicedata.exe from the upgrade files, copy it to your device's windows directory, then tap on it.... it will produce a log file, copy the log file to your desktop pc, then use notepad.exe to view it.
look for the language setting e.g. WWE, CHT... etc.
look for operator settings e.g. O2, Qtek... etc.
now check your downloaded NK.nbf, MS.nbf and radio.nbf to see if they have the same settings as your device..... you can use ER2003edit.exe which can be downloaded from wiki.xda-developers.com.
if the files have the same settings, thats good... if not... change it so that they would be the same as your device.... better yet use DCS's batch file for easier conversion... (note, DCS's 2.02 rom is set to WWE,O2)
now... assuming you had made all the preparations... (language, operator settings, and that you have a complete set of roms e.g. NK.nbf, MS.nbf and radio.nbf)
put them all in one directory along with the other files that came with the upgrade package.
make sure you have a full battery before proceeding with the upgrade.
plug the charger to tha cradle and the cradle to the comnputer.
click on himalaya upgrade program.... then the program will run, put the device in the cradle and watch the screen for further instructions
goodluck...
be sure to read on DCS's post regarding upgrades for a more detailed info.
assuming everything goes well; during the upgrade do NOT take out the unit from the cradle; go watch tv or something...if you receive an error message; don't fret. the forum hosts a lot of topics on how to revive your unit...
and if your xda dies during the upgrade; make sure your tray tables are in their upright position, put your head between your legs and kiss your arse goodbye
what do guys suggest the ROM i use?
which one is the most stable?
mate, i noticed that you're from the philippines. i'm based in thailand i used the rom posted by zeroextreme; it's the wm2003 se asian rom. pretty stable that one; after upgrading my unit's power consumption improved noticeably. although as expected some apps may not display well when using landscape mode (those're the apps not designed for wm2003 use). but overall the rom upgrade was well worth it. stable and no hick ups; been using it for more than 2 weeks now i think.
others may have useful tips on the other roms they used for upgrading; not to mention experiences.
cheers
acid.... try 2.02.t1 they say its more stable than 2.06.
thanks mga kababayan!
Z-man said:
Ahoy there matey!
this is what you do:
1. decide on what version you want to use.
2. get them roms. (E.g. read through DCS's post on the ORIGINAL WMSE)
currently there are three versions of the WMSE namely 2.02,2.06, and 2.20.
3. check your device data for language and operator:
use getdevicedata.exe from the upgrade files, copy it to your device's windows directory, then tap on it.... it will produce a log file, copy the log file to your desktop pc, then use notepad.exe to view it.
look for the language setting e.g. WWE, CHT... etc.
look for operator settings e.g. O2, Qtek... etc.
now check your downloaded NK.nbf, MS.nbf and radio.nbf to see if they have the same settings as your device..... you can use ER2003edit.exe which can be downloaded from wiki.xda-developers.com.
if the files have the same settings, thats good... if not... change it so that they would be the same as your device.... better yet use DCS's batch file for easier conversion... (note, DCS's 2.02 rom is set to WWE,O2)
now... assuming you had made all the preparations... (language, operator settings, and that you have a complete set of roms e.g. NK.nbf, MS.nbf and radio.nbf)
put them all in one directory along with the other files that came with the upgrade package.
make sure you have a full battery before proceeding with the upgrade.
plug the charger to tha cradle and the cradle to the comnputer.
click on himalaya upgrade program.... then the program will run, put the device in the cradle and watch the screen for further instructions
goodluck...
be sure to read on DCS's post regarding upgrades for a more detailed info.
Click to expand...
Click to collapse
Hi Z-Man,
Thanks for your response. But still do not understand in some areas
I just got MS.nbf and some *.CAB files from the extended ROM of ZeroXtreme. There are no NK.nbf and Radio.nbf. Is it because it's an Extended ROM? Where can I get the "non-extended" ROM?
And I don't really understand on DCS's post.
Sorry, I am really really newbie.....
Many thanks.
Rgds,
Fendie
ms.nbf is the extended ROM, you still need to get the radio.nbf and nk.nbf
download the file here:
HIMALAYA_WM2003SE.zip and Operator update.zip:
http://forum.xda-developers.com/viewtopic.php?t=13588
extract all files to one directory... and add the ms.nbf that you have
you didnt mention the operator and languange settings of your device... check your device info....
then use DCS's batch file to convert the settings.... by default, DCS uses WWE and O2.
make sure all the nbf's are set to the same settings...
then begin upgrade
Himalya Romkitchen is still valid for SE
Hello,
I have some questions, if someone could help me with any of these I would really appreciate it, I am quite newbie, but I learn fast... now the questions:
1. is it possible to full dump the Hermes ROM to microSD using 'd2s' in bootloader? if yes, would it be possible to use 's2d' to restore it?
2. anybody can provide more information on the Hermes ROM layout, virtual and physical memory maps, offsets, sizes, etc..? If yes, how do you find this?
3. anybody managed to run pmemdump or psdread on Hermes?
4. The existing ROM upgrades for Hermes do not have .nbf files, they use a "new(?)" format .nbh, the file RUU.dll has functions GetNBHInfo() and UpdateNBH(), anyone with windows debugging skills could help to decode this format? Inside this file you should find:
- Extended ROM
- OS
- IPL (part of bootloader)
- SPL (part of bootloader)
- Splash screen
- HTC Logo (normally uses the same image as the splash)
- GSM radio code
5. Can someone make something like xda2nbftool to work with this .nbh format?
6. I think the security password should be possible to extract from RUU.dll too, as it calls SecurityPass() function, but I don't know how.
7. Is there an up to date list of bootloader commands? I found those, but I think some info is wrong or missing:
http://wiki.xda-developers.com/index.php?pagename=HimalayaBootloaderCommands
http://www.xs4all.nl/~itsme/projects/xda/bl-ii-usage.html
8. anyone could provide photos of a disassembled device? chipset references, etc...?
9. anyone interested on linux port for Hermes??
BIG thanks
Now I can answer myself some questions... who can answer the rest??
pof said:
1. is it possible to full dump the Hermes ROM to microSD using 'd2s' in bootloader? if yes, would it be possible to use 's2d' to restore it?
Click to expand...
Click to collapse
Nope that I have found.
pof said:
6. I think the security password should be possible to extract from RUU.dll too, as it calls SecurityPass() function, but I don't know how.
Click to expand...
Click to collapse
The password is dinamically generated, changes everytime, here's how to access the bootloader with the right password:
http://wiki.xda-developers.com/index.php?pagename=Hermes_BootLoaderPassword
Also wrote a post in the forum about this, and made a cool pdf explaining the process:
http://forum.xda-developers.com/viewtopic.php?p=346002
BTW, the password seems to be not useful for anything
pof said:
7. Is there an up to date list of bootloader commands?
Click to expand...
Click to collapse
Yes, I've written it on the wiki, but some info is still missing:
http://wiki.xda-developers.com/index.php?pagename=Hermes_BootLoader
hi,
can anyone still running the original japanese rom on x01ht share the manner mode executable with me? i don't recall the exact name of that file but i think it was like manner_mode.exe you can find in windows directory.
i had it backed up when i made the rom switch to tytn but i somehow lost it. appreciate it if you could reply to this with that file attached.
thanks in advance...
can anybody help?
Is that the program that activates manner mode by press and holding the comm manager button?
Sorry I don't have it either, I flashed English and would love this functionality back too.
tle,
yup, that's what I'm asking for. i think it will benefit everyone if someone can upload it here.
Isn't it on x01ht ExtROM? If it's not you can probably extract it from the dumped rom.
pof said:
Isn't it on x01ht ExtROM? If it's not you can probably extract it from the dumped rom.
Click to expand...
Click to collapse
It's definitely not on the extrom... I've converted a half dozen X01HTs from Japanese to English, and not been able to restore that function. Thanks for the links to the dumped ROM; that should help me get some of the softbank special stuff back...
- awh
hi guys,
it's not on the extrom. it's in the windows directory for sure. i once copied it on my storage card but i lost it when i screwed it by reading that micro sd card with my pc.
pof,
i realized that you might be right saying that it's on the extrom. i recall that it was not a rom file and it was a file copied into the windows directory. i think that means it was installed by one of the sb cab files on the extrom. the only cab file i did not execute was PT_SIMlock_Empty.cab.
harryk1372 said:
the only cab file i did not execute was PT_SIMlock_Empty.cab.
Click to expand...
Click to collapse
I think it's not on this one, this just adds the "annoying screen" for simlock protection by software. If you install this then you need to install SB_USIM.cab to remove the annoying screen.
pof said:
I think it's not on this one, this just adds the "annoying screen" for simlock protection by software. If you install this then you need to install SB_USIM.cab to remove the annoying screen.
Click to expand...
Click to collapse
I agree - I still have the unnerving feeling that some of the content in the extrom actually points to executables somewhere in the ROM. Bad band-aid type code, but what would you expect..? I think I saw similar on the i-mate extrom where it tried to execute parts of the standrard rom after a cold reset..
pof said:
I think it's not on this one, this just adds the "annoying screen" for simlock protection by software. If you install this then you need to install SB_USIM.cab to remove the annoying screen.
Click to expand...
Click to collapse
I know pof... that's why i didn't run it.
Is it this??
Dear all members
I saw some bbs mentioned as follow
'there is a file that was conianted in X01HT WINDOWS folder
TrayIcon_MannerMode.exe'
But I'm not sure is it correct?
Manner mode is called in oversea 'silent-mode' or 'flight-mode'
I've flashed my X01HT to Dopod rom so that I can not try it.
anyway let's you try it.
BR,
krnnidtt,
i don't exactly remember the file name but i think the one you saw is the one i am looking for. it's not the "flight-mode" that turns the radio off but it is the same as the "silent-mode" and turns the vibrator on.
you can turn on the vibrator by opening the comm manager and tap on the vibrator icon, but this small exe file i am looking for does the same by just press and holding the comm manager button. when that is on, an icon sits in the tray. not a big deal but it's convenient.
i'll check the dumped rom pof advised.
Now that I understand what "manner mode" is, this might be useful for you too:
http://forum.xda-developers.com/showpost.php?p=1019893&postcount=1
hi pof,
thanks a lot for that. it works great and this is what i wanted. i should have searched more to find this thread myself in the first place. now i will find a way to assign this to press and hold state of the comm manager button (button 3).
I seem to have successfully dumped my Cingular 8525 ROM, and placed it on the FTP area ftp://xdaupload:[email protected]/Hermes/Dumped_ROMs/ (directly as ftp://xdaupload:[email protected]/HTC_TyTn_Cingular8525_CWS_1_34_502_1_WWE.zip) but when I try to extract the imgfs I get lots of decomp errors and it seems that compressed files do NOT get uncompressed....
Is there something different in these newer ROMs or am I just being stupid or ????
TIA,
Richard
Moved the dump to safe heaven.
I haven't download your files to see if I can extract them, but if you not succeed with itsme rdmsflsh.pl you can also use mamaich rom editing tools, viewimgfs.exe with "part_02.raw". See if it makes any difference
pof said:
Moved the dump to safe heaven.
I haven't download your files to see if I can extract them, but if you not succeed with itsme rdmsflsh.pl you can also use mamaich rom editing tools, viewimgfs.exe with "part_02.raw". See if it makes any difference
Click to expand...
Click to collapse
It worked a little better, or at least differently.... I forgot to mention I tried that as well. Much harder to deal with the files being each in subdirectories The filesizes extracted still didn't match those reported on the device itself though, so I'm not convinced I'm getting a good extraction.
Results are on my work machine, I'll have to login there and see if I can post some specifics....
Richard
User error
rsolomon said:
Results are on my work machine, I'll have to login there and see if I can post some specifics....
Click to expand...
Click to collapse
DOH! User error.... Remote Desktop to my work machine slowed things down enough that I could see errors about not being able to load dlls.... seems the ActiveState Perl 5.8 install insists on installing to "site" vs "perl" but doesn't add "site" to the path, so Windoze couldn't load the necessary dlls.
I just copied them into my working directory for now and am re-running the extraction....looks much better already!
Richard
ok, can you add a warning to the wiki with this info ? thanks
pof said:
Moved the dump to safe heaven.
Click to expand...
Click to collapse
Should I add it to the wiki or will you do that?
Richard
pof said:
ok, can you add a warning to the wiki with this info ? thanks
Click to expand...
Click to collapse
Yep, I already noted one needs v5.8, I should really clean this up and find the right fix, but I'll note the path problem at least and maybe someone else will do it "right" later
Richard
do it yourself please, i have no time now... leaving to France in a few hours.
pof said:
do it yourself please, i have no time now... leaving to France in a few hours.
Click to expand...
Click to collapse
Both wikis updated, thanks for the help!
Richard
rsolomon said:
The filesizes extracted still didn't match those reported on the device itself though, so I'm not convinced I'm getting a good extraction.
Click to expand...
Click to collapse
Ok, pretty confused here. One example:
bthasplugin.dll
Exploring the device via ActiveSync shows a filesize of 17560 but the size shown on my PC of the extracted version is 18944. Spot checking a few other files show similar size disparities.... is this normal? Why?
Richard
Not sure, but probably the difference is because file size (byte count) is different than size on disk (amount of clusters the file takes).