Sorry if i am asking something that is already answered for numerous times, but believe me i have tried to gather the information on my own but none of those worked.
I would like to extract files from Windows Mobile 6.1 Rom to see what are exported dll apis, not only those documented, I am basically waiting for blackstone and having blueangel right here but i actually dont really care which rom image to use, just to get the binaries out.
I am not familiar with terminology you use for describing this (and idea: put together some dictionary ) but for sure none of the described around keywords NbfUtils (activestate ppm just doesnt work), rdmsflsh.pl (After nbfutils installed "by hand" it doesnt find NbfUtils.lib)... After all the misery with bunch of not working tools and switches with curious names (and both probably perfectly understandable by someone playing with roms for years - not my case) I have done some code to dump dlls from rom images by searching for PE and looking for export directory but they are not really highly descriptive without file names.
Can someone PLEASE point me to some relevant data, how to get files and directory structures either from rom images here or .bin images for visual studio emulator?
Thank you for reading this...
http://forum.xda-developers.com/showthread.php?t=289830
Been there, done that...
http://www.xs4all.nl/~itsme/projects/perl/ppm repository does not work (activestate perl) and if i try to do it "by hand" (perl makefile.pl, nmake, nmake install), it is ok for nbfutils, but for compress utils nmake fails with LINK : fatal error LNK1181: cannot open input file 'nkcompr.lib'.
And this is fatal error not warning as someone mentioned somewhere else on the forum...
Concerning Imgfs Utils...
>ImgfsToDump.exe PPC_USA.BIN.payload
ImgfsToDump 2.0 RC 2
Unable to load compression DLL!
The first reason for this was dynamically loading cecompr_nt.dll wich have dependancy to missing c runtime for vc2003 (as i only have vc2008), i have added it but it fails with the same
message, will trace it further, those are at least things i do understand
Can anyone rip the Hexadecimal code for the HTC Dream and Magic battery?
I would greatly appreciate it.
My job with the Hexadecimal eeprom of the battery's is to create a boot code from the original keys in the eeprom. If anyone can provide an injection code for root users to grab the eeprom and turn it into a bin file I would appreciate that as well.
Edit:
Will soon need help to porting GRUB loader into an extremly compressed .bin that will load through either the phones NAND or the Memory Cards NAND.
The only partition the Dream/Magic will be able to read is a Mac EXT (Journaled) partition.
Hope to create a good unbricker soon
Bump.
So...If I am reading this correctly, essentially, this would be similar to a "Pandora Battery" as used on a PSP system? Right?
If so, this could theoretically work. How would it be substantially different from Blue Light Mode though? With an HTC Test Card, they can be debricked as well...or so it is said.
So, some of you may have seen my work from the Android TV Platform, as i have done with AMLogic based devices im in the process of doing the same for MTK based devices, im making a full functional tool to disassemble and reassemble MTK firmware, suprisingly the firmware structure is very similar.
If anyone is interested in learning more about MTK firmware i made a video on manually splitting MTK dumped firmware HERE, so check it out, like and subscribe to my channel for more content!
What i have done
- Made a program to split an MTK firmware dump
- Split the ramdisk header to allow unpacking
- Unpack the kernel/recovery
- Unpack system
- Unpack cache
What i need help with?
i need the following info
- How to make an MTK scatter file manually
- How to repack the system with the proper partition length
- How to unpack logo.bin manually
- How to dump a firmware manually over USB without SP flash tool
Ive done some research already and dug in abit myself with no success, if needed i can provide code, binaries ive built etc to help with this
Ricky Divjakovski said:
So, some of you may have seen my work from the Android TV Platform, as i have done with AMLogic based devices im in the process of doing the same for MTK based devices, im making a full functional tool to disassemble and reassemble MTK firmware, suprisingly the firmware structure is very similar.
What i have done
- Made a program to split an MTK firmware dump
- Split the ramdisk header to allow unpacking
- Unpack the kernel/recovery
- Unpack system
- Unpack cache
What i need help with?
i need the following info
- How to make an MTK scatter file manually
- How to repack the system with the proper partition length
- How to unpack logo.bin manually
- How to dump a firmware manually over USB without SP flash tool
Ive done some research already and dug in abit myself with no success, if needed i can provide code, binaries ive built etc to help with this
Click to expand...
Click to collapse
Hey mate,
Ive gota fair bit of experience with Mediatek,
Scatters can be manually created using notepad +
All you have to do is lay them out correctly, i can upload a few in a zip if youd like ive got variations of scatters from
MT6572 nand & emmc 4 - 5 diff models
MT6737M emmc from 2 models
With taking a backup also i use NCK_MTK_Dongle theres a cracked version aswell that works takes all partitions and backs them up into singular .file format files which depending on the fs layout are as follows
Preloader
Uboot
Bootimg
Recovery
Secro
Logo
Tee1
Tee2
Simlock
Frp
Scatter_File.txt
Just for some examples,
I use mtk extractor to take the boot/recovery/system.imgs apart and repack but its only compatible with ext4 format, can also compile an ext4 system.img from scratch using it aswell, specifically though i use it for the boot and recoveries as its specifically designed to handle the MTK headers, also has a nice pull layout that consists of the kernel as a whole, ramdisk as a whole, boot.img boot_old.img, bootinfo.txt and then initrd folder containing the entire layout of the boot or recovery with init files and fstab etc but ive also noticed it will unpack and repack Qualcomm, SPD & samsung boot.imgs no problem also,
Unpacking your logo.bin also can be done with the program LogoBuilder lastest version that was released is 1.6 you can decompile the logo.bin edit the pictures etc then use the program to recompile it back into a logo.bin
Hope that helps you out a bit
Matty1993 said:
Hey mate,
Ive gota fair bit of experience with Mediatek,
Scatters can be manually created using notepad +
All you have to do is lay them out correctly, i can upload a few in a zip if youd like ive got variations of scatters from
MT6572 nand & emmc 4 - 5 diff models
MT6737M emmc from 2 models
With taking a backup also i use NCK_MTK_Dongle theres a cracked version aswell that works takes all partitions and backs them up into singular .file format files which depending on the fs layout are as follows
Preloader
Uboot
Bootimg
Recovery
Secro
Logo
Tee1
Tee2
Simlock
Frp
Scatter_File.txt
Just for some examples,
I use mtk extractor to take the boot/recovery/system.imgs apart and repack but its only compatible with ext4 format, can also compile an ext4 system.img from scratch using it aswell, specifically though i use it for the boot and recoveries as its specifically designed to handle the MTK headers, also has a nice pull layout that consists of the kernel as a whole, ramdisk as a whole, boot.img boot_old.img, bootinfo.txt and then initrd folder containing the entire layout of the boot or recovery with init files and fstab etc but ive also noticed it will unpack and repack Qualcomm, SPD & samsung boot.imgs no problem also,
Unpacking your logo.bin also can be done with the program LogoBuilder lastest version that was released is 1.6 you can decompile the logo.bin edit the pictures etc then use the program to recompile it back into a logo.bin
Hope that helps you out a bit
Click to expand...
Click to collapse
This info is somewhat useful, however im looking more towards a way of making a scatter file from a dumped firmware from a device, i see /proc/dumchar_info has some decent info, however some info i have no idea how its obtained
would you still be able to upload the scatter files for comparison?
As for the backup, what i wanna do is similar to what SP flash tool does, read from one memory address to another, i dont wanna use 3rd party tools either, i prefer to code them myself
I can unpack all that, and i can also repack the kernel, but the system im not sure how the size is defined, i may just recursively loop until a system.img larger than 2mb is created
Unfortunately that tool doesnt work with my logo.bin, ive tried but its pretty much a distorted image, and id like to code this myself aswell
Thank you for the info, if you can please upload those scatter files and ill keep you posted on the progress
Ricky Divjakovski said:
This info is somewhat useful, however im looking more towards a way of making a scatter file from a dumped firmware from a device, i see /proc/dumchar_info has some decent info, however some info i have no idea how its obtained
would you still be able to upload the scatter files for comparison?
As for the backup, what i wanna do is similar to what SP flash tool does, read from one memory address to another, i dont wanna use 3rd party tools either, i prefer to code them myself
I can unpack all that, and i can also repack the kernel, but the system im not sure how the size is defined, i may just recursively loop until a system.img larger than 2mb is created
Unfortunately that tool doesnt work with my logo.bin, ive tried but its pretty much a distorted image, and id like to code this myself aswell
Thank you for the info, if you can please upload those scatter files and ill keep you posted on the progress
Click to expand...
Click to collapse
Hey mate sorry for late reply im on aus time
Ahh i see what you mean now, im not to sure on how the system is defined to be honest mediatek is some what uniqe to say the least to me compared to everything else ive worked on before, ive noticed that aswell with fuzzy images in logobuilder inparticular on MT6979 the scatter though also had a very strange layout,
Speaking of which ive zipped up a few diff ones for you to use as reference, youll see some of the ways they are layed out is very different to one another as you will see defined within them,
https://drive.google.com/file/d/189H5EXS0ZqNuqn75A7ZNEOLo-Efq0T_h/view?usp=drivesdk
Ill be keen to try your tool once done aswell, are you going GUI based or Terminal command line based with it
Matty1993 said:
Hey mate sorry for late reply im on aus time
Ahh i see what you mean now, im not to sure on how the system is defined to be honest mediatek is some what uniqe to say the least to me compared to everything else ive worked on before, ive noticed that aswell with fuzzy images in logobuilder inparticular on MT6979 the scatter though also had a very strange layout,
Speaking of which ive zipped up a few diff ones for you to use as reference, youll see some of the ways they are layed out is very different to one another as you will see defined within them,
https://drive.google.com/file/d/189H5EXS0ZqNuqn75A7ZNEOLo-Efq0T_h/view?usp=drivesdk
Ill be keen to try your tool once done aswell, are you going GUI based or Terminal command line based with it
Click to expand...
Click to collapse
ah, im in aus time aswell
ill get this together one way or another, might just take a little time
it will be GUI based
Thanks for the upload!
Ricky Divjakovski said:
ah, im in aus time aswell
ill get this together one way or another, might just take a little time
it will be GUI based
Thanks for the upload!
Click to expand...
Click to collapse
All mate good to see another aussie on here
All sweet for things to work it takes time to figure out how they work first before anything is even built then debugged, completely understand im just happy to see some more MTK support happening as most of my tools are 4-5 years old for mtk so i think its great
Ill be waiting patiently cheers
Matty1993 said:
All mate good to see another aussie on here
All sweet for things to work it takes time to figure out how they work first before anything is even built then debugged, completely understand im just happy to see some more MTK support happening as most of my tools are 4-5 years old for mtk so i think its great
Ill be waiting patiently cheers
Click to expand...
Click to collapse
as i was saying most of the unpacking is done, the firmware structure is very similar to AMLogics(split the file from the start address to the file size in bytes), its pretty much just those few things i need, then repacking and i can dig into the GUI, id like to know more about how MTK droid tools creates a scatter file via ADB, it seems it uses some info from /proc/dumchar_info but that doesnt specify much, maybe the parameters are guessed???
ive attached a picture of my basic attempt to programatically create a scatter file, the highlighted lines are lines i dont know where this information comes from, nor do i know if those lines are the same for every MTK device
Ricky Divjakovski said:
as i was saying most of the unpacking is done, the firmware structure is very similar to AMLogics(split the file from the start address to the file size in bytes), its pretty much just those few things i need, then repacking and i can dig into the GUI, id like to know more about how MTK droid tools creates a scatter file via ADB, it seems it uses some info from /proc/dumchar_info but that doesnt specify much, maybe the parameters are guessed???
ive attached a picture of my basic attempt to programatically create a scatter file, the highlighted lines are lines i dont know where this information comes from, nor do i know if those lines are the same for every MTK device
Click to expand...
Click to collapse
I think mtk droid tools also pulls info from
cat proc/mounts & cat proc/partitions
Aswell as cat proc/dumchar_info as ive noticed some mtk devices even MT6737M dont have dumchar_info available if that helps a bit, some mtk structures slightly can differ also in certain areas, will your tool support UBIFS also ? Forgot to ask been trying to find a tool to dissasemble ubifs
Matty1993 said:
I think mtk droid tools also pulls info from
cat proc/mounts & cat proc/partitions
Aswell as cat proc/dumchar_info as ive noticed some mtk devices even MT6737M dont have dumchar_info available if that helps a bit, some mtk structures slightly can differ also in certain areas, will your tool support UBIFS also ? Forgot to ask been trying to find a tool to dissasemble ubifs
Click to expand...
Click to collapse
over time i can only hope the MTK community is like the amlogic community and have people send me devices for testing purposed, with AMLogic it was easy to obtain the info i needed because it resided in the firmware itself, i do however think this may be able to be done because mtk droid tools includes a feature where its able to split the firmware and create a scatter
As for ubifs, link me to the firmware and ill see what i can do, i should be able to do this
I just updated the thread with more information on how to manually split MTK dumped firmware, i will add more when i get around to it
Just an update, tools are coming along good, ive made substantial progress and upacking is done, generating the scatter file is coming together, repacking is almost done aswell, should have a release in about a week
Unpack/Repack Logo.bin https://forum.xda-developers.com/showthread.php?t=1953726
Any advancement with this?
good morning my friends I dedicate myself mainly to hardware I have some phones with dead emmc I want to change it the question the question have you worked with the preloader? For example I have the mt6592 and I want to mount the emmc (emcp) KMRX1000BM-B614 with 3gb of ram and 32gb of rom EMMC NAME: RX1BMB and it is CSD rev: 1.8 (MMC 5.1) it cannot be changed in name, who could edit the preloader.bin
Hi all,
I would like to gain a bit deeper understanding of how LOS is working in terms of actual phone function. I'm pretty sure that the following is only the tip of the iceberg, but with the stock ROM, for example on a Sony Z5C, there is a folder
/system/etc/customization/modem
that contains .mbn files for various providers and a folder
/system/priv-app/CarrierConfig
that contains a corresponding .apk file.
Now for example in LOS17.1, the first folder (or similar files) do not exist and the second one is called CarrierSetup with a corresponding .apk file. I assume the latter .apk is responsible for some sort of generic carrier configuration, but how does that work? Is it hard coded in the .apk, or is there some generic configuration file somewhere? And: How can I find out, what configuration is currently used and what bands are available?
Any helpful answers or references to further info are welcome!
Cheers,
r.
Many webpages offer information about these 3 files, but there are many contradictions so I got confused.
I'm searching for a gentle guide to understand these 3 files well.
Thx
Ahmad Alghadban said:
Many webpages offer information about these 3 files, but there are many contradictions so I got confused.
I'm searching for a gentle guide to understand these 3 files well.
Thx
Click to expand...
Click to collapse
They aren't 3 files.
EFS refers to a partition on your device that contains radio/modem/nvdata/baseband/IMEI related software.
CERT refers to certificate files required by the EFS partition(signature for IMEI).
QCN is just the file extension that Qualcomm uses for specific EFS, IMEI, baseband related files. I couldn't find an explanation of exactly what the QCN file extension stands for but it certainly stands for "Qualcomm something something", it probably has something to do with Qualcomm network certification (Q= Qualcomm, C= Certificate?Certified? N= Network).
Everything you asked about resides in the EFS partition to make your radio/modem work correctly.
The only time you should ever need to know, understand or use these files is if you want to backup or restore your EFS/IMEI. Other than that, you should never have any need to know anything about or do anything with this part of your device's software. Messing with this part of your software can brick the device if you aren't careful or if you don't use the right files.
Droidriven said:
...
QCN is just the file extension that Qualcomm uses for specific EFS, IMEI, baseband related files. I couldnt find an explanation of exactly what the QCN file extension stands for but it certainly stands for "Qualcomm something something", it probably has something to do with Qualcomm network certification (Q= Qualcomm, C= Certificate?Certified? N= Network).....
Click to expand...
Click to collapse
Found an answer: QCN = Qualcomm Calibration Network
Droidriven said:
They aren't 3 files.
EFS refers to a partition on your device that contains radio/modem/nvdata/baseband/IMEI related software.
CERT refers to certificate files required by the EFS partition(signature for IMEI).
QCN is just the file extension that Qualcomm uses for specific EFS, IMEI, baseband related files. I couldn't find an explanation of exactly what the QCN file extension stands for but it certainly stands for "Qualcomm something something", it probably has something to do with Qualcomm network certification (Q= Qualcomm, C= Certificate?Certified? N= Network).
Everything you asked about resides in the EFS partition to make your radio/modem work correctly.
The only time you should ever need to know, understand or use these files is if you want to backup or restore your EFS/IMEI. Other than that, you should never have any need to know anything about or do anything with this part of your device's software. Messing with this part of your software can brick the device if you aren't careful or if you don't use the right files.
Click to expand...
Click to collapse
Perfect, Thank you