Hello all, I am trying to unpack man files to add volte support to a device that has all the hardware needed, but it is not enabled in software and I would like to try and change that. From all my research the files I need are all in the baseband and in .mbn file format, but I cannot find out how to unpack them. Any help would be appreciated!
ghidra or IDA
I'm more conversant with Qualcomm ELF files, hashing, signing and certs.
These seem to have replaced the older MBN.
MBN files are signed. If you mod you'll have to work around this somehow.
See: https://github.com/openpst/libopenpst/blob/master/include/qualcomm/mbn.h
https://github.com/jnaulet/dloadtool/blob/master/mbn.h
Renate said:
I'm more conversant with Qualcomm ELF files, hashing, signing and certs.
These seem to have replaced the older MBN.
MBN files are signed. If you mod you'll have to work around this somehow.
See: https://github.com/openpst/libopenpst/blob/master/include/qualcomm/mbn.h
https://github.com/jnaulet/dloadtool/blob/master/mbn.h
Click to expand...
Click to collapse
I see. This device is quite old and well, to say the least it isn’t an android device either. I’m assuming I would need to find a workaround for this even as it’s running an os that’s nearly a decade old now?
I know that the carrier bundles on this device are signed as well, but people were able to get around that, and this chip was supposedly made with the hexagon DSP and Qualcomm has documentation on how to program for this specific chip/version
aIecxs said:
ghidra or IDA
Click to expand...
Click to collapse
Unfortunately these don't appear to work, or im using them incorrectly
well, maybe you're not an reverse engineer
aIecxs said:
well, maybe you're not an reverse engineer
Click to expand...
Click to collapse
Maybe it’s my first time even hearing of either of those programs and can’t even get one of them to launch without insta crashing, and the other spitting out an error whenever I try to unpack the files.
no problem. just 10 year studying stuff and try again
https://github.com/lololosys/awesome-baseband-research
Hi,
I've probably managed to reverse engineer the MBN. I was able to create my own MBN and load it back.
If anyone wants to get an information, send me a message
RockL79 said:
Unfortunately these don't appear to work, or im using them incorrectly
Click to expand...
Click to collapse
rename it to *.zip
Vortuks said:
Hi,
I've probably managed to reverse engineer the MBN. I was able to create my own MBN and load it back.
If anyone wants to get an information, send me a message
Click to expand...
Click to collapse
they are only ELF files packed in an image, aren't they?
yeah ELF files, with 3 segments. I'm not sure about my knowledge about ELF vs MBN, but I've managed & have a program to extract $ repackage back. I've tested it on Pixel 2 XL and it's working (added support for my country).
WoKoschekk said:
rename it to *.zip
Click to expand...
Click to collapse
unfortunately that didnt work for me either. It could be that the device im trying to work on is quite old and maybe something else has changed since then
Related
MOMO7达人RK3066-V2RO-CN-V1.0-4.1.1 CUS-JRO03H-20121109 <<< Google this and the top hit should be the download page for the ROM I'm talking about. Sorry, I can't post links just yet!
It's for a Ployer Momo7 Talent (or Darren and I've also seen it referenced as Pro)
I'm trying to extract the contents of this img file under ubuntu with afptool. (the version of afptool for rk3066 devices)
When I try to do so, I get the following error:
invalid header magic
Click to expand...
Click to collapse
I can't find an explanation as to what this error code means.
Actually, I've tried a whole bunch of methods to attempt to get to the contents of the image but nothing seems to work.
Also found a similar issue on Windows with the same afptool app:
Check file... Failed
Unpack failed
Click to expand...
Click to collapse
Sort of making me wary of using this ROM at all! (even just for a straight up flash)
Anyone able to even so much as manage it at all?
Thanks,
Mark.
cacoe said:
MOMO7达人RK3066-V2RO-CN-V1.0-4.1.1 CUS-JRO03H-20121109 <<< Google this and the top hit should be the download page for the ROM I'm talking about. Sorry, I can't post links just yet!
It's for a Ployer Momo7 Talent (or Darren and I've also seen it referenced as Pro)
I'm trying to extract the contents of this img file under ubuntu with afptool. (the version of afptool for rk3066 devices)
When I try to do so, I get the following error:
I can't find an explanation as to what this error code means.
Actually, I've tried a whole bunch of methods to attempt to get to the contents of the image but nothing seems to work.
Also found a similar issue on Windows with the same afptool app:
Sort of making me wary of using this ROM at all! (even just for a straight up flash)
Anyone able to even so much as manage it at all?
Thanks,
Mark.
Click to expand...
Click to collapse
It needs to be unpacked with img_unpack first!
I am using a couple of really old programs called recmod and reversmod and I am having trouble getting them to work. When I use the recmod tool, I do get a .dll file out of it, but the file is always 1kb and if I open a bunch of them in hex edit, they are nearly identical and each mentions that "this file cannot be run in DOS mode". Other than that, the rest of the file is almost entirely zeroes, so the code is null. Also the reversmode crashes when I try to use it on the .dll files I created, most likely because the files are busted.
In this thread: http://forum.xda-developers.com/showthread.php?t=1251237 OndraSter mentions something about recmod/reversmode using type 5 and 7 instead of just type 3. I don't really know what to make of this and Google leads me only to things that don't pertain to recmod at all.
Does anyone know how to make recmod work nowadays? Thanks in advance for any help provided!
ckv said:
I am using a couple of really old programs called recmod and reversmod and I am having trouble getting them to work. When I use the recmod tool, I do get a .dll file out of it, but the file is always 1kb and if I open a bunch of them in hex edit, they are nearly identical and each mentions that "this file cannot be run in DOS mode". Other than that, the rest of the file is almost entirely zeroes, so the code is null. Also the reversmode crashes when I try to use it on the .dll files I created, most likely because the files are busted.
In this thread: http://forum.xda-developers.com/showthread.php?t=1251237 OndraSter mentions something about recmod/reversmode using type 5 and 7 instead of just type 3. I don't really know what to make of this and Google leads me only to things that don't pertain to recmod at all.
Does anyone know how to make recmod work nowadays? Thanks in advance for any help provided!
Click to expand...
Click to collapse
The only thing i could find on it was ... http://forum.xda-developers.com/showthread.php?t=576027 and it hasnt been updated in awhile.
Diablo67 said:
The only thing i could find on it was ... http://forum.xda-developers.com/showthread.php?t=576027 and it hasnt been updated in awhile.
Click to expand...
Click to collapse
Yeah, that's the thread that first got me into the recmod tool. Great thread, just out of date. /:
Thanks for the reply though.
This may help
This may help someone help me a little. When I use recmod through the command line, I get an error saying "Error! ProcessCase0: bit 5 is zero!"
and this is the .dll file that I get out of it:
View attachment a.zip
I renamed the file name to a so it would be shorter to type because I was trying a lot of different command prompt things. It was originally k.senscmdd.dll, not that it really matters. All of the modules I tried came out almost exactly like this.
I've been searching for months and I haven't found a way to debrand the Lumia 1020 from ATT.
The company locks features (like internet sharing, for example) , event if you unlock the phone...
Is it the lack of interest from hackers and developers, or is ATT really that strong at keeping us from debranding it?
spaceOpia1 said:
I've been searching for months and I haven't found a way to debrand the Lumia 1020 from ATT.
The company locks features (like internet sharing, for example) , event if you unlock the phone...
Is it the lack of interest from hackers and developers, or is ATT really that strong at keeping us from debranding it?
Click to expand...
Click to collapse
See from page #54 with the assembly (DLL) modified if you are unable to flash, maybe this can help you (RM-877 > RM-877 or RM-875).
anaheiim said:
See from page #54 with the assembly (DLL) modified if you are unable to flash, maybe this can help you (RM-877 > RM-877 or RM-875).
Click to expand...
Click to collapse
Thanks for the info Anaheim.
I downloaded your dll files, but from the edits on your post, you mention that the first modified dll (Nokia.CareSuite.PlugIns.MurzimRecovery.dll) caused problems, but did you revert back the first modified dll before replaceing the second (Nokia.Packages.VariantPackage.DataPackage20.dll) ?
also, your thread (on page 54) mentions modifying the vpl file. What is required to modify exactly?
I read around the thread and other forums as well and there are many ways poeple do it. Some even change two other files (the dcp and the bin file), while some only people change file names, and some people chage the content of the files
any help will be greatly appreciated
thanks
spaceOpia1 said:
Thanks for the info Anaheim.
I downloaded your dll files, but from the edits on your post, you mention that the first modified dll (Nokia.CareSuite.PlugIns.MurzimRecovery.dll) caused problems, but did you revert back the first modified dll before replaceing the second (Nokia.Packages.VariantPackage.DataPackage20.dll) ?
also, your thread (on page 54) mentions modifying the vpl file. What is required to modify exactly?
I read around the thread and other forums as well and there are many ways poeple do it. Some even change two other files (the dcp and the bin file), while some only people change file names, and some people chage the content of the files
any help will be greatly appreciated
thanks
Click to expand...
Click to collapse
I tried with both DLLs at the same time, it did not work.
The flash procedure is performed from the VPL file (VPL file contains all the file names, for then flashed this files). It is a sort of "guide". VPL file is "signed by" the signature.bin file that contains his signature. It is useful to modified the VPL if you change / replace / etc some files.
I have not tried changing some file, because I have not had time.
anaheiim said:
I tried with both DLLs at the same time, it did not work.
The flash procedure is performed from the VPL file (VPL file contains all the file names, for then flashed this files). It is a sort of "guide". VPL file is "signed by" the signature.bin file that contains his signature. It is useful to modified the VPL if you change / replace / etc some files.
I have not tried changing some file, because I have not had time.
Click to expand...
Click to collapse
Ok thx,
so I keep the original Nokia.CareSuite.PlugIns.MurzimRecovery.dll and only change Nokia.Packages.VariantPackage.DataPackage20.dll with the one you supplied.
I tried flashing the ROM with a country variant RM-875 from GB (with only Nokia.Packages.VariantPackage.DataPackage20.dll modified) but I still got the ffu error.
I will continue to work on it and keep you updated
thanks again
spaceOpia1 said:
Ok thx,
so I keep the original Nokia.CareSuite.PlugIns.MurzimRecovery.dll and only change Nokia.Packages.VariantPackage.DataPackage20.dll with the one you supplied.
I tried flashing the ROM with a country variant RM-875 from GB (with only Nokia.Packages.VariantPackage.DataPackage20.dll modified) but I still got the ffu error.
I will continue to work on it and keep you updated
thanks again
Click to expand...
Click to collapse
Any updates on this? Where you able to successfully flash the Lumia 1020 att model?
blackbo said:
Any updates on this? Where you able to successfully flash the Lumia 1020 att model?
Click to expand...
Click to collapse
No, no news.
Hello,
I found a mbn file for the Pixel 4a over here: https://forum.xda-developers.com/t/flashed-pixel-4a-with-pixel-5-image-by-mistake.4267097/.
My Pixel is hard bricked so I'm trying to revive it. I'm using QFIL. However, I apparently need an additional xml file and a patch file for it to work. I can't seem to find that. Can someone help?
moonlightpenguin said:
Hello,
I found a mbn file for the Pixel 4a over here: https://forum.xda-developers.com/t/flashed-pixel-4a-with-pixel-5-image-by-mistake.4267097/.
My Pixel is hard bricked so I'm trying to revive it. I'm using QFIL. However, I apparently need an additional xml file and a patch file for it to work. I can't seem to find that. Can someone help?
Click to expand...
Click to collapse
I can give you an example of what the xml file looks like, but don't have the specific one for a 4a. Additionally, you don't need a patch file, if qfil insists there has to be one, just create valid xml and put nothing else in it, and call it patch xml.
I'm curious though, when u put the device in edl mode and connect with qfil and use the mbn file to access it, can you get to partition manager and do something like 'read data' to backup a partition?
If u can't do that, then no xml can help you.
cheers
Currently I'm trying to unbrick my 8T, I got the device's full images along with it's prog but lack of rawprogram0.xml * patch0.xml
I'll need those two in order to use QFIL and restore my device. So if anyone by any chances have those files or know where to download it please kindly help to guide me out. Or may be some solutions on how to create those files.
Thanks in advance guys!
@LinhBT
[OP8T][OOS KB05AA/BA/DA] Unbrick tool to restore your device to OxygenOS
Disclaimer: By attempting any of the processes listed in this thread you accept full responsibility for your actions. I will not be held responsible if your device stops working, catches fire, or turns into a hipster and claims to have been...
forum.xda-developers.com
SkandaH said:
@LinhBT
[OP8T][OOS KB05AA/BA/DA] Unbrick tool to restore your device to OxygenOS
Disclaimer: By attempting any of the processes listed in this thread you accept full responsibility for your actions. I will not be held responsible if your device stops working, catches fire, or turns into a hipster and claims to have been...
forum.xda-developers.com
Click to expand...
Click to collapse
Thanks mate, but my situation seem worse, can't use MSM to restore since somehow, all partitions on device was deleted, that's why I need the rawprogram and patch xml to rebuild it.
Using MSM ( I tried many versions ) always leads to Device image not match ( I think it's because all the partitions are erased therefore it can't me matched with any kind of images ).
LinhBT said:
Currently I'm trying to unbrick my 8T, I got the device's full images along with it's prog but lack of rawprogram0.xml * patch0.xml
I'll need those two in order to use QFIL and restore my device. So if anyone by any chances have those files or know where to download it please kindly help to guide me out. Or may be some solutions on how to create those files.
Thanks in advance guys!
Click to expand...
Click to collapse
Where would you expect to be able to find those files?
BillGoss said:
Where would you expect to be able to find those files?
Click to expand...
Click to collapse
Thats what I'm asking my friend @@
LinhBT said:
Thats what I'm asking my friend @@
Click to expand...
Click to collapse
So you have a copy of those files for another phone? If so, can I have a look at them?
BillGoss said:
So you have a copy of those files for another phone? If so, can I have a look at them?
Click to expand...
Click to collapse
As u wish, I also attached 2 files of other device ( Venus ) for your ref
LinhBT said:
As u wish, I also attached 2 files of other device ( Venus ) for your ref
Click to expand...
Click to collapse
I'll look at them in the morning.
BillGoss said:
I'll look at them in the morning.
Click to expand...
Click to collapse
Nice, I also found a python script which claim can generate raw & patch xml files from gpt_main*.bin file, I'm already on it for few hours now but still no result.
LinhBT said:
Nice, I also found a python script which claim can generate raw & patch xml files from gpt_main*.bin file, I'm already on it for few hours now but still no result.
Click to expand...
Click to collapse
I had a look and there's nothing that I recognise. So, unfortunately I can't help you with this.
LinhBT said:
Thanks mate, but my situation seem worse, can't use MSM to restore since somehow, all partitions on device was deleted, that's why I need the rawprogram and patch xml to rebuild it.
Using MSM ( I tried many versions ) always leads to Device image not match ( I think it's because all the partitions are erased therefore it can't me matched with any kind of images ).
Click to expand...
Click to collapse
BTW, how did you manage to delete all partitions?
BillGoss said:
I had a look and there's nothing that I recognise. So, unfortunately I can't help you with this.
Click to expand...
Click to collapse
Thanks anyway mate!
Rootk1t said:
BTW, how did you manage to delete all partitions?
Click to expand...
Click to collapse
Ah, I miss-clicked the Format all button