NOTE: I've already posted this into the Development & Hacking forum, but got no reply yet. As it is an Hermes specific topic it is probably better to place it here, sorry for reposting if you've already read this.
The available original shipped ROMs for the HTC Hermes have .nbh files with the RUU, instead of the usual .nbf files found in other HTC rom updates.
By now, there are two shipped ROMs available, containing:
HERMIMG_Dopod_1.23.707.1_SHIP.nbh
hermimg_QtekNOR_1.18.255.3_Ship.nbh
So, it seems that the usual nk.nbf file is no longer used by the Hermes RUU
I cannot extract the various rom components (ExtROM, OS, IPL/SPL, SplashScreen, GSM radio, etc...) out of these files using the usual TyphoonNbfTool, however mamaich's prepare_imgfs finds the imgfs and dumps it apparently ok, but it cannot be read using viewimgfs or itsme's rdmsflsh.pl, so I guess the dumped file is invalid.
Anybody knows about this new format?
is it possible to convert it to nk.nbf so we can cook our own roms?
Would it be possible for example to extract the radio rom from Dopod and replace it on QtekNOR rom?
I think we will have to wait for the rom guru's to advise on this. I hope this would be possible so we can get the best rom possible.
I've tried to decode.nbh files with alpinenbfdecode.pl, himalayanbfdecode.pl and typhoonnbfdecode.pl. None of them works, so this must be a completely new format.
Opening nbh files in hex heditor shows interesting strings, but I don't know how to procede to identify each part and decompress or decrypt it...
Is it possible to decrypt Extended_ROM of HTC TyTN? I'v found a great extRom, but I can't upgrade my ExtRom because I have only borrowed tytn from my friend and Iam looking for one special aplicattion which is included in this. Any solutions ? Thanks
Jerry, you can unlock & unhide the ExtRom just with a registry tweak, look here:
http://wiki.xda-developers.com/index.php?pagename=Hermes_Unhide_Extrom
Downloading a ROM now to experiment
If I crack it, you guys better donate something to my get-theblasphemer-a-hermes-too-fund (yet to set up that fund though )
Mate if you crack it I'll be donating to your fund!
Hmmm, a very weird file format indeed :S
All files start with "R000FF\r", next 16 bytes of what appears to be random data.
After that it consists of several blocks.
Each block starts with a header:
4-bytes block-length
4-bytes footer-length
1-byte always 1
After that follows the actual data (block-length bytes) + a footer, which appears to be random data but which I suspect to be some kind of checksum
I'm uploading a full USB log of a complete ROM-flash here:
ftp://xda:[email protected]/Hermes/Technical/
Watch for the file Dopod2-FullRomUpgrade.txt.gz, when it is full uploaded it will be around 102Mb.
This is from this ROM file:
HER_DopodAsia_1237074_1060010_WWE_SHIP.exe
______
EDIT: Upload finished.
I created a wiki page with all the info we have about NBH format:
http://wiki.xda-developers.com/index.php?pagename=Hermes_NBH
i added my scripts to extract nbh files to the wiki page
willem
itsme said:
i added my scripts to extract nbh files to the wiki page
Click to expand...
Click to collapse
Cool :shock:
you always come with splendid work, so pleasant to see... thanks a lot!
Hmmm... just took a peek at the USB-dump of a ROM upgrade.
It appears that the whole file is just sent to the device.
The flashing utility doesn't even look at the CID or even the device type, it was happy to start flashing my Universal (however it didn't get very far, as the bootloader doesn't understand all commands ).
This makes it incredibly difficult to make a RomUpgradeUtility that doesn't look at the CID, or to figure out how the signatures in the .nbh files are generated
willem,
I've been trying to extract the roms using your commands, everything runs fine until I have to run the gsmsplit batch file, as in this line you call "bcl" and I don't know what bcl is:
Code:
for %%i in (_bcl*) do bcl d %%i _x%%i.nb
I am runing it on WinXP SP2 + cywin 1.5.21-1, this is the error I get:
Code:
[email protected] /cygdrive/c/nbh/files
$ gsmsplit.bat GSM.nb gsm.nbx
'bcl' is not recognized as an internal or external command,
operable program or batch file.
'bcl' is not recognized as an internal or external command,
operable program or batch file.
[...]
'bcl' is not recognized as an internal or external command,
operable program or batch file.
'bcl' is not recognized as an internal or external command,
operable program or batch file.
_x_bcl*.nb
The system cannot find the file specified.
0 file(s) copied.
Could Not Find c:\nbh\files\cing\_x_bcl*
[email protected] /cygdrive/c/nbh/files
$ dir
GSM.nb MainSplash.nb SPL.nb nksigned.dbh signatures.txt
IPL.nb OS.nb SubSplash.nb nksigned.nbh unknown_601.nb
Is the line correct? if yes, what is bcl and where can I get it?
Thanks!
Ok, almost everything went fine... i don't know yet about the bcl command i asked before, and i cannot extract the contents of imgfs from OS.nb using rdmsflsh:
Code:
$ rdmsflsh.pl -d files OS.nb > rd.txt
could not find imgfs header
I've also tried prepare_imgfs.exe with OS.nb, it found IMGFS there and dumped it to imgfs_raw_data.bin, but then I cannot use viewimgfs.exe with this file, it complains about "unknown header type", and the file seems corrupt as it is only 6Mb...
BTW... SubSplash.nb seems to be the ExtROM, not the SubSplash.
I get a "Check cert error!" from the bootloader when I try to flash a modified NBH file (thanks TheBlasphemer for your help).
From spv-developers:
"getting a developer CID (SuperCID) will allow you to flash your system with a ROM that is not digitally signed (i.e. a ROM that you have modified). If you do not modify it, you'll not be able to install a modified ROM on the device."
Click to expand...
Click to collapse
Is it possible that we can flash NBH files without signing in the Hermes if we get a SuperCID?
I tried using SPV-Services to change the Hermes CID, but when I execute the CID tool (Alpha) I get the error: INVALID Storage Manager Handle (SAFE)
The NBH format is also used by HTC STARTrek, more info here.
bcl is from bcl.sourceforge.net, and in the latest release called 'bfc'.
willem
pof said:
Ok, almost everything went fine... i don't know yet about the bcl command i asked before ...
Click to expand...
Click to collapse
Hey pof, you need to rename the bfc.exe to bcl.exe ...! then you dont get the error but alot other zero lenght values ...
so did anyone manage to get the extraction of the OS.nb done correctly?
Hi! Do you think is possible to manage that NBH file and change htc logo splashscreen in some ways?
I'd like to create a ROM file upgrade with different spalshcreen for my TYTN.
Hi,
How can I backup my current ROM ( which comes from my operator) the easiest way? before upgrading to WM6.
To keep my warranty works ( in case my device needs any repair in future, I can downgrade it to the original ROM )
I have JASJAM device.
Try to search in WIKI if the ROM you have installed is uploaded
Regards,
Primoz
Already searched there.. NO !
anybody???
IPL & SPL: Use NBHextract to extract them from any shipped NBH.
MainSplash & SubSplash: Use NBHextract to extract them from any shipped NBH, if no NBH is available containing your splash screens, simply never flash them to keep them intact.
Radio:Use NBHextract to extract it from any shipped NBH.
ExtROM: Unhide it and copy the contents over activesync or to storage card.
OS: dump it and reconstruct it.
When you have all the *.nb files, create a NBH file with nbhgen. To put back the extROM simply unlock & unhide it and copy the contents again.
Be sure to flash HardSPL on your phone so you'll always be able to flash the backup rom you've "created" and if you ever need to flash it be sure to use SSPL (so you can overwrite the bootloader).
Hi
I'm searching for information about ROMcooking for ATOM Life, but unfortunately there are not many informations about this device.
1.The Wiki explains only the ATOM Romupdate:
ROM Update File Composition:
* diskimage_Ver.nb0 - ROM file
* EBOOT.nb0 - bootloader file
* ExtendedRom.img - hidden partition image file
* nova_pda_033105.mot - checksum partition ??????
* vl1d_pda_Ver.mot - radio file
* Device Software Update Utility.exe - ROM upgrade utility file
Click to expand...
Click to collapse
The ATOM Life Update .exe contains:
Device Software Update Utility.exe
EBOOT.nb0 - Bootloader ?
IPL.nb0 - initial Bootloader ?
cpld.img
XLDR.nb0
FLASH.DIO - OS image ?
ExtRom.img - ExtROM ?
pass.32
and some .mbn files
Click to expand...
Click to collapse
Can someone explain the different files ?
OK I read some threads and learned Howto dump the OS image with Scooterkitchen. Howto add or remove files is an easy job (I hope),
but how can I rebuild this dump to a flashable image?
Hope some of you can lightup me. and sorry for my bad english
thank you
scorpio16v
FLASH.DIO - OS
ExtRom.img - ExtROM
now,get a new rom update method:
it's get from atom life room replant from exec
filename is
AL1.DIO -os
EXROM.IMG -extrom
copy these 2 files to mini sd card,reboot+record enter bootloader mode
system updated!
and use this rom we can updta life to chinese rom version
based on this method
i guess we can copy these FLASH.DIO,ExtRom.img,2 files to mini sd card,reboot+record enter bootloader mode
loading OS
u can try to update your own room update in life.
Thank you for reply
yes, but that'll be the easier part of the job.
My problem is, if I dump the FLASH.DIO in Scooterkitchen I use the following way, posted in an other thread:
To dump files from FLASH.DIO use "Scoter Kitchen".
Just remove first 12 bytes from this file, then use
\Scoter Kitchen\Utilities\TOOLS\SRPX tools>msflshtool.exe
after this use
\Scoter Kitchen\Utilities\TOOLS\imgfs_tools\viewimgfs.exe
Click to expand...
Click to collapse
This pocedure runs fine, but If you running the FLASH.DIO throug msflshtool.exe it splits in 3 parts. (OS and 2 ?? XIP parts).
At this point, I don't know how to rebuild.
The second problem is:
The device will be released as XDA Comet in germany (my country) in about 2 weeks with german language WM6 and at this state I have no backup ROM to restore it to manufacturer settings if something went wrong.
I will try to dump my german ROM and rebuild it with the XIP part of the english XDA ATOM Life ROM but I need an experienced guide to do that.
Is this AL1.DIO SD-update on Developer FTP the actual english version? Where comes it from ?
I don't find the thread about it.
"AL1.DIO" seems the same like the name "HERM.img" for the HTC Hermes. If you update via SD the Bootloader recognized it as the OS-file.
another edit (thanks again to ferryboat):
3.Before next step, go to \windows\temp , u will find the extractable files.
4.find the file "pass.32"
5.Use ultraedit-32 to open it
6.Check first line,u will find "WWE"
7.Change "WWE" to "CHT" then save it.
8.Go to next step, u will pass the phone-check.
9.About 15 mins, u atom life will be the WM6 ENG.
Click to expand...
Click to collapse
That explains the pass.32 file, but you don't need it to SDcard update ?
"buildimgfs.exe" command to build rom and
"make_imgfs FLASH.NB0 -nosplit" update FLASH.NB0 file
rename it to "Flash.dio"
i havn't test rom made by this method.i also try to find an safe method to update rom so i can try my own rom.it's not so much info about life 's rom
i see this chinese rom from blow links,and a lots of people have updated their life to this version.
http://www.52dopod.net/thread-33648-1-1.html
modify 'pass.32' file is only used when use USB link cable to update rom simultaneity you want to change your life rom language from eng to chn or chn to eng.this method is replant from atom and exec.we do not need to modity this file when we update rom in bootloader mode.
ferryboat said:
"buildimgfs.exe" command to build rom and
"make_imgfs FLASH.NB0 -nosplit" update FLASH.NB0 file
rename it to "Flash.dio"
i havn't test rom made by this method.i also try to find an safe method to update rom so i can try my own rom.it's not so much info about life 's rom
Click to expand...
Click to collapse
I've made a short test with mamaich's imgfstools like in your example, if I dump the ROM and rebuild it without any changes (with -nosplit option) the rebuild file has the same size.
But if I compare both files shouldn't the new file be a perfect clone from the scource ?
The new file has the same structure in some parts, but most of it is different.
Please help me!
I want to upgrade only radio Atom Life (not ExtROM, OS) by bootleader mode! what file it need? how will i do? ...
Please help me!
Many thanks.
scorpio16v said:
I've made a short test with mamaich's imgfstools like in your example, if I dump the ROM and rebuild it without any changes (with -nosplit option) the rebuild file has the same size.
But if I compare both files shouldn't the new file be a perfect clone from the scource ?
The new file has the same structure in some parts, but most of it is different.
Click to expand...
Click to collapse
Nope. It wouldn't be a perfect clone. Even in the ATOM, it does not generate a perfect clone. But it still works with mamaich tools anyway. If you want just to edit the IMGFS section, I think it's okay. Just test...
Just don't touch the bootloader eboot.nb0; so, you won't brick your phone. Also, if possible, always update in bootloader mode. Because if you can't update in bootloader mode, You won't be able to restore your device if you have a none working ROM.
Here's a batch file I wrote in opening and closing part1 of atom life. The user who requested was afraid to try it anyway. The purpose of this was to modify the pagepool for the atom life. There are tools available now that can edit the pagepool on the fly, but the atom is not supported. I don't know with atom life.
Code:
<<<< breakdown >>>>
msflshtool.exe flash.dio -d -p1
SRPX2XIP flash.dio.part1
del flash.dio.part1
<<<< rebuild >>>>
XIP2SRPX flash.dio.part1.xip
msflshtool.exe flash.dio -r flash.dio.part1.xip.xiporg
Well I only use breakdown because we will just import the atom life components into our atom devices anyway.
The Atom Life sure could use some update... official AKU0.7 is coming out and atom life is still at AKU0.2.
Our Atoms have AKU0.3 already and we're moving to AKU0.4
Rom Dumper
search for buzz romgrabber / romdumper and dump it to your SDCARD or you internal memory.
This is the RAW file that should be read during bootloader update thru SDCARD. For the ATOM, (if we compare dump with update file) only the header was removed. I don't know with atom life. I don't recommend updating bootloader file with SDCard because SDCard might have a bad block and it will kill your device.
Can someone help me? I've flashed a ROM to my dead Wizard, without a backup.
But I have a friend whit other same wizard device, original.
I've already install a Wizard Love Rom, whithout any improvement. My screen is stopped in a green screen, showing just the IPL/SPL information.
My point is: I can dump a original ROM from my friend device and flash via bootloader or SD card?
How can I do it? I've used a aWizard tools to dump files, and get some .nba files, but... How can I flash it to my screwed device?
Thanks!!!
hi. i m new in building ROM. plz help me.
i need SPL, IPL, RADIO, ExtROM, Splash and OS files for creating a ROM. also tell me where can i download them from. how to extrat files from these files and again create a new ones from these.
plz help.
This is a very early beta release
I m just sharing it with u n results of the ROM created are uncertain
HERE is the link to download the file.
Instructions:
1. Unpack the zip folder.
2. Connect your device through active sync.
3. Execute dump.bat.
The device will restart once during the process.
Currently this will only create dumps of different parts like IPL, SPL etc.. It will not create the complete ROM.
DO submit your feedbacks.
TESTED ON WINXP ONLY
How can we create any ROM?
Hi vaibhav,
How can we create complete ROM, plz post full process or provide link related to this topic.....