Database Users

how do i want make a new ROM from my chinese ROM?

when I run "mkrom.sh my_chinese_rom" (ext name is NB1),aleret "is not a nbf file", how do i transform the NB1 file to NBF file?

Hmmm, easiest way for you right now is to write NB1 to SD-card using XDArit, and to read it back as NBF. Silly, but that's how it is.

1.write ROM to SD;
2.read ROM from SD as a NBF file by the XDArit.exe(new ver).
3.copy the NBF file to LINUX system.
4. run "./mkrom.sh the_NBF_file",output following:
./mkrom.sh ../chs318/wince.nbf
rommap: 80040000-82000000
no bootloader found
no xipchain found
no operator rom found
80040000 - 807701fc -- kernel 14 files 11 modules
807c2000 - 80a7e994 -- kernel 15 files 32 modules
80a80000 - 80c12980 -- kernel 88 files 24 modules
80c80000 - 80f123e0 -- kernel 9 files 14 modules
80f40000 - 8127bc8c -- kernel 42 files 30 modules
812c0000 - 813bfd9c -- kernel 12 files 22 modules
813c0000 - 814eb800 -- kernel 5 files 13 modules
81580000 - 816ac554 -- kernel 39 files 1 modules
81800000 - 81dab4b4 -- kernel 244 files 45 modules
81900000 - 81925800 -- bitmap : 2400000a .. 143094e5
input file is not NBF, cannot save nbfinfo
write xip block starting at 81800000, with 16 files
write xip block starting at 81940000, with 105 files
stripping BMP header
dd: opening `cfg/qtek.rom': No such file or directory
00000000 added mainrom
1+0 records in
1+0 records out
013d0000 added xipchain
dd: opening `cfg/qtek.rom': No such file or directory
013d0000 added MISC
15+1 records in
16+0 records out
018c0000 added xda1
153600+0 records in
2+1 records out
018e5800 added bitmap
5+1 records in
6+0 records out
01a80000 added xda2
0+1 records in
1+0 records out
01ac0000 added operator rom
0+0 records in
0+0 records out
01ec0000 added end
cannot parse rom image
:-(, crying......................help me!

Looks like our mkrom scripts cannot find some vital pointers in your ROM. If you could make the ROM available to us, we might be able to see what the problem is.
Please upload using ftp to xda-developers.com, username 'xdaftp', password 'xdaftp', so we can have a look. If you mention the ROM version number and the word chinese in the ROM, we know where it came from.

when i upload the ROM file to xda-developers.com,
the server toled me:533 Could not create file.
pls download from :
file1：http://www.aspier.com/xda/software/update/dopod/318-update-files/318chs.part01.rar
file2：http://www.aspier.com/xda/software/update/dopod/318-update-files/318chs.part02.rar
file3：http://www.aspier.com/xda/software/update/dopod/318-update-files/318chs.part03.rar
file4：http://www.aspier.com/xda/software/update/dopod/318-update-files/318chs.part04.rar
then make a coalition by winrar3.0.

No time now, but will download later. I see the problem with the file creation, but haven't been able to look into it yet...

File creation problem fixed. (Silly me).
I'm downloading now. (From the looks of it, this will take a little while...)

waiting..................waitining................wwwwwwwwwaiting.

Well, you'll have to wait a little longer. I got the file, but we won't be able to take a real look at it in the next week, I'm afraid. Day-jobs, and stuff. May I suggest you take a deep breath, and go do something else for a little while ?
( Ofcourse this is what you get if you set the type of insane expectations we've been setting... )

Jeff's Exe

OK, I'll start by saying sorry for my stupidness and thankyou for listening to my plea.
I downloaded Jeff's XDA special edition .exe file and unzipped it to a Dir seeing all the files needed to upload a new ROM to my XDA.
I (in all my wisdom) decided to run the osimagetool with the --register and proceeded to right click on the nbf 30mb rom image and selected burn...thinking this was the way to do it (not even trying to run the original exe)
The "programme a" program started and started updating my xda. It started off updating and after a few seconds i heard the "BLIMP" of the activesync telling me it has disconnected, then another blimp telling me it had restarted and re-connected to active sync, but the loader on the screen quickly zipped to 100% done and told me to remove and reboot the xda. The xda however was telling me "upgrading... It will take about 5 minutes". Urk
Now im left with an XDA that sit's on this upgrading screen even after reboot of it.
OK... ive done wrong.. im silly... would any one step up and help me out here (BIG PLEASE AND TY also). Ive got an XDA serial cable sitting here next to me as well as the usb cradle (which im sure wont help now the xda cant run active sync)....
Ideas? Can i run the original rom uploader (xredit?) rather than osimagetool with the serial cable to upload either the new rom i have or the rom i backed up of my old device before doing all this (yes i did back it up to my harddrive first - phew?).
Thanks for reading, and i hope someone can point me to a place in the forum where all people like me end up, or even better send me an email pointing me in the right direction.
Thank you! (email Tony at [email protected])
Note: my original version was 3.17.03 and the "programme a" upgrade program said it was upgrading to 3.16.

can you tell me what splitrom says about the nk.nbf that is now in the 'english' subdirectory of the path
pointed to by the registry key "Software\\XDA Developers\\OsImageWriter", "Programme A Path" ( in current-user )

thanks for coming back to me.
unfortionately, i dont have perl installed on my windows xp machine so the batch file you linked to do doesnt work. If you have a link for a perl install anywhere I'll be happy to install and run it.
In the key you mentioned, here is the value: D:\XDAtools-Jeff\binaries
The directory i unzipped Jeff's version of your tools to.
Im not sure if you perl script does other things, so in the meantime, i'll go and try and find perl (im sure ive installed it on a work machine i had years ago - seem to remember adding local path variables for it)... i'll check my cd archive for it.
Thanks for the help, much appriciated
Tony.

perl can be obtained from either http://www.cygwin.com/setup.exe or http://www.activestate.com/Products/Download/Download.plex?id=ActivePerl

cheers, i'll dl then run the script....
n1 guv

C:\Documents and Settings\tkett.ADPLATES>D:\splitrom.bat
Can't locate List/Util.pm in @INC (@INC contains: C:/Perl/lib C:/Perl/site/lib .
) at D:\splitrom.bat line 86.
BEGIN failed--compilation aborted at D:\splitrom.bat line 86.
^^
Thats the error message i get when running that perl script.
Ive searched the hdd for Util.pm and its sitting in my c:\perl\lib\sgi dir
Things just arent going right for me at the mo.

this module is standard with perl 5.8, with perl 5.6 you have to install
it manually.
as a quick fix, you may also just add a 'min' function manually
Code:
sub min {
my $min;
for (@_) {
$min= $_ if (!defined $min || $_ < $min);
}
return $min;
}
and uncomment the line
Code:
#use List::Util qw(min);

C:\Documents and Settings\tkett.ADPLATES>D:\splitrom.bat
Usage: splitrom <romimage(s)> [options]
-wx xipchain where to write xipchain
-wo osrom where to write output image
-wb bitmap where to write bitmap
-wl bootloader where to write bootloader
-rl bootloader which bootloader to use for NBF
-n nbfinfotext what NBF header to use [ex: PW10A1-EN
-ri nbfinfofile or where to read NBF header info from
-wi nbfinfofile where to save NBF header info
-rx xipchain where to get xipchain from
-rb bitmap where to get bitmap from
-rm [email protected] insert new romsection.
-ob offset where to find the bootup image
-oe offset the end of the desired os image ( def
0000 )
-t NBF | B000FF | NB? | IMG type of result image (default is NB1)
^^^^ Ive put your routine in replacement of that line and am given the options above when running splitrom now. What parameter would you like me to run ?
As always.... a big thanks for the help.
Tony

Itsme, thanks for your interest in my problem. And im very glad people like you are around to help
I have however and thankfully repaired the fault.
Here, (for other newb's like me that get stuck) is how i done it:
I had already backed up my ROM using the osimagetool program to a nb1 file on my pc called "oldrom.nb1". Now because my XDA wasnt booting into Pocket PC windows, i couldnt use active sync to sent the rom image I backed up, back to the XDA...so I had to go and buy a cheap SD reader from my local Dixons store and run osimagetool again. This time writing the rom i had backed up to the SD card in the new SD reader.
Then I rebooted the XDA into the bootloader (hold down the top power button and do a soft reset) and selected to reflash the XDA using the SD card.
If you havent already backed up your rom from your xda to file, then I presume, you have to find another person with an XDA so you can download thers to your SD card (once your in the bootloader menu, press the contacts button to get the options to dump their rom to your card). OR find an NB1 file on the internet that matches your phone version.
These may be simple instructions for most of you, but i've seen a few posts that directly relate to the problem i had, and saw people crying for help, just like i did...hopefully this will help those few.
I did also have a serial cable, and im sure there is a way to upload roms you have on your pc to the XDA via that (using the xda developers old rom tool), but im afriad i didnt read into that after finding out this method. (this way may be better for the skint people who dont want to buy an SD reader, but can get hold of a serial cable for cheap)
REMEMBER FOLKS
It was silly of me to try and flash the device in the first place without reading loads and loads of entries on these forums and really finding out what is going on instead of just flashing blindly in the hope that it would work first time.... please dont follow my lead. :shock:
Thanks again for your help Itsme...and one last question... do you think that with that registry entry as it was above, that i can try again with the .exe jeff made (possibly downloading it again in case of corruption)
(yes i am a glutten for punishment)
Tony

still I'd like to know what went wrong in your case.
can you type 'splitrom nk.nbf' ( in the 'english' subdirectory )

sure:
D:\XDAtools-Jeff\binaries\English>splitrom.bat nk.nbf
this rom seems to be 3.17.03 ENG 2003-05-15 o2euro
this bootloader seems to be V5.15 2002-06-06 20:29:17
no bitmap found
80000000 - 80040000 -- bootloader 0 files 1 modules
80040000 - 8026a804 -- kernel 13 files 11 modules
802c2000 - 8057d330 9 OS 15 files 32 modules
80580000 - 8075a69c 8 SHELL 79 files 27 modules
80780000 - 80a13b04 7 BROWSING 9 files 14 modules
80a40000 - 80d8a33c 6 COREAPPS 46 files 30 modules
80dc0000 - 80ebd150 5 SYNC 12 files 22 modules
80ec0000 - 810388e0 4 24MAPPS 13 files 13 modules
81080000 - 81348248 3 24MCONSUMER 69 files 1 modules
81400000 - 81401484 -- xip chain 8 xip entries
81440000 - 817f6f14 1 MISC 209 files 40 modules
81940000 - 81d2d2b5 -- operator rom 81 files
Tony.

ahhh... haNG ON.... the one i used was in the .exe's folder.. not jeffs tools folder:
D:\XDA-developers-SER-v12\English>splitrom.bat nk.nbf
this rom seems to be 3.16.52 ENG 2003-03-10 XDASER-12
this bootloader seems to be V5.22 2003-05-15 17:46:55
no bitmap found
80000000 - 80040000 -- bootloader 0 files 1 modules
80040000 - 8026a804 -- kernel 13 files 11 modules
802c2000 - 8057d330 9 OS 15 files 32 modules
80580000 - 8075a69c 8 SHELL 79 files 27 modules
80780000 - 80a13b04 7 BROWSING 9 files 14 modules
80a40000 - 80d8a33c 6 COREAPPS 46 files 30 modules
80dc0000 - 80ebd150 5 SYNC 12 files 22 modules
80ec0000 - 810388e0 4 24MAPPS 13 files 13 modules
81080000 - 81348248 3 24MCONSUMER 69 files 1 modules
81400000 - 814019a4 -- xip chain 10 xip entries
81440000 - 817f6f14 1 MISC 209 files 40 modules
81800000 - 818e0c14 10 XDA_DEVELOPERS1 13 files 0 modules
81940000 - 8198b6e5 -- operator rom 20 files
819c0000 - 81ee9a58 11 XDA_DEVELOPERS2 202 files 0 modules
hence the 3.16 now.

Hi Ajkett,
Thanks for sharing your knowledge of how to resolve your problem with us. I have however used a new 64 mb sd card to flash my old rom (3.16) to it before trying out the Jeff rom kitchen exe and thank god things are fine for me. Now I have bought a cheap 6 in 1 card reader/writer and would like to keep the old rom in a safe place in my hard disk hence freeing my sd card so that I could use it. I have read those threads in the rom tool section many times and still can't work out how to use the osimagetool. When I clicked on it, it gives me the interactive screen but always do not read my sd card. Even with the card reader, it seems to "think" that the sd card is unformatted and ask to format the card for me. Now the question is whether the rom is inside or not? How can I use the rom tools to read the sd card and copy the rom to the hard disk? What does a rom file appear as? Is it like the nk.nb1 file created in Jeff's rom kitchen?
Cheers
Vic

ahhh your trying to read the rom from the sd card after dumping it to the sd card from the xda?
the way i got it onto my harddrive was without an sd card. Just run the osimage tool and select the xda current memory as the source and then type c:\oldrom.nb1 as the destination.... it will use activesync to read the rom straight from the device.... you dont need the sd card to back it up.
Then when i ****ed my xda up, i run the osimage tool again and wrote from source - oldrom.nb1 to the sd card reader to a formatted sd card.
When it writes it, it gets rid of all the formatting so you wont be able to see whats on it on your pc....the only thing its good for then is to use on the xda to overwrite the rom, until you format it again that is.
Its not like a file on the sd card... its like a bootdisk with the rom written in a way that the xda will understand that its a bootdisk and will boot from it to overwrite itself... like the file is in raw format... not a nb1 file or anything (looks like lots of gobbledigoop) and the pc will not read it.

Thanks Ajkett,
Thanks for your kind reply anyway.
Got it done. The osimagetool could read but I did not write the path correctly; it has to be rom.nb1 apparently for it to work. I even used the card reader and managed to write the rom again the same way to my hard disk. I hope this is the correct way of doing it and it seems that the rom.nb1 file on my harddisk is about 30.5 mb which is probably about right for the old 3.16 rom I had dumped onto it by the XDA.
What puzzles me is that if it can read as source rom.nb1 file when you say you rewrite it to the sdcard, it becomes mumbo jumbo again but it should flash ok within bootloader mode via the XDA. Is this correct?
Cheers
Vic

yep your correct... even thogh it doesnt write a nice 30mb rom.nb1 file to your sdcard, the xda still reads it to boot from.... it must need it a raw info.

DIY your ROM

Hi,
I write some code that can modify the ROMs, it can save your time to add and delete files by hand.
RomMaster V2.0 Beta
Usage: RomMaster [options] imagefile
-d[m] <dfile> - delete file
replace file/module together with -a option
'm' delete module, deleting module isn't suggested
-a[c] <afile> - add file into the rom
'c' means use compress(need CECompressv4.dll)
-o <ofile> - output imagefile name
-v <0~9> - print info, 0 detail, 9 only show errors, default is 5
-w <5> - 5 is 2005, default is 2003&SE
-x - only save XIP(OS) data
-s <0x...> - Fix XIP start address(Hex)
-e <0x...> - Fix XIP end address(Hex)
In replace mode, 'c'&'m' is useless
It is now 2.0 Bata Release.
You can delete file/modules you don’t like from the ROM.
RomMaster –d “filename” –o “newROMname” “ROMname”
You can add files into the ROM.
RomMaster –a “newfilename” –o “newROMname” “ROMname”
You can replace file in the ROM
RomMaster –d “filename” –a “newfilename” –o “newROMname” “ROMname”
“newfile”’s size should be the same or small than the file you want to replace, new file will occupy the same space as the old one.
I test some ROM in my SP; include SDA, Dopod 575 & 585. I only tested one 2005 ROM. Replace module may don’t work, I am still working on it.
Before you burn the image generated by the tool, make sure you finish follow step:
1. RomMaster –o “TestROM” “SrcROM”
2. Do binary compare “SrcROM” with “TestROM”
a) If they are 100% same, I think you can safely use this tool.
b) If they are 99% same, you should be careful, make sure you only burn the OS part. Because some ROM are modified by someone before, there are maybe some useless data in the ROM, only burn the OS part won’t damage your SP.
c) Else, the “SrcROM” may contain some unknown structure or data, the “TestROM” may won’t work, don’t try burning it into you SP. If you want to modify it, tell me where I can find the ROM, if I am free, I can give some help.
3. I only tested one 2005 ROM, its structure isn’t very correct, and I think that ROM is extracted form emulation ROM. So if 2005 ROM isn’t 100% same, don’t try and be careful even they are 100% same.

This is great!!!
Going to try it!

ncruz,
I'll wait for your experience, cause if this is working we can all save space by directly burning upgraded cameras etc into the rom. will save me at least 1MB ram or storage.
The tools sounds great gmap.

There already exists MKROM tool - http://www.xs4all.nl/~itsme/projects/xda/romtools.html
it is 100% working with WM2003/2003SE devices. But it is rather inconvenient.
I'll test your "-w 5" option on a real device. Real WM5 device has one XIP kernel section with only few modules and about 1Mb free space. All other data is kept in IMGFS partition, I'm currently working on a tool that would work with it.
And one question. When you add new files to ROM, do you add them to a new XIP or extend the existing XIP? And when you delete modules, do you reuse the freed space after adding new ones?

mamaich said:
There already exists MKROM tool - http://www.xs4all.nl/~itsme/projects/xda/romtools.html
it is 100% working with WM2003/2003SE devices. But it is rather inconvenient.
I'll test your "-w 5" option on a real device. Real WM5 device has one XIP kernel section with only few modules and about 1Mb free space. All other data is kept in IMGFS partition, I'm currently working on a tool that would work with it.
And one question. When you add new files to ROM, do you add them to a new XIP or extend the existing XIP? And when you delete modules, do you reuse the freed space after adding new ones?
Click to expand...
Click to collapse
That's great if we can modify IMGFS partition I am waiting for it.
I know that tool and i don't know how it works. I made this tool only for interesting.
You can find XIP chain in 2003 ROM, by XIP chain, you can know the address and length of each XIP section. I will scan the hole XIP region before inserting the new file to reduce memory fragment. When a module is deleted, its space will be freed and reused when adding files. I freed about 6M space in my own ROM by deleteing the useless files, and add about 5M files into it, it works OK.
It seems 2005 don't have XIP chain information in the ROM, i only test one 2005 ROM, and i didn't find the XIP chain info. If your 2005 ROM don't have XIP chain info too, you should modify ROMHDR.physlast to a correct value by hand. Because if i can't find the XIP chian info, I use ROMHDR.physlast to decide the end address of XIP. Or, there are almost no space for you to add new file. My 2005 ROM physlast=0x8c253278, and only about 78732 bytes free before 0x8c253278.
I update the the tool V2.2 , fixed a bug when deeling with MDA(818) ROM.

gmap said:
That's great if we can modify IMGFS partition I am waiting for it.
Click to expand...
Click to collapse
I've PMed you a test version. I'll make it available to public later.
... If your 2005 ROM don't have XIP chain info too, you should modify ROMHDR.physlast to a correct value by hand.
Click to expand...
Click to collapse
My ROM has all needed info, I had to extract everything from rom image after 1C0000 address to a separate file and gave it to your tool. It is working perfectly. I've managed to delete and add a new file to ROM. I have not tested "-dm" option. It seems that all modules/files in XIP section of WM5 are uncompressed. I'm using BlueAngel's WM5 ROM. Later I'll try to replace boot.hv file with my own version.
Can you add a switch to your program "-s bytes" so that it woud skip the given number of bytes from file start, so it would be possible to work directly on NBA files with header?

gmap, can you tell me what file i can use this with? Is it for nbk or nba files? Thanks

I'm not able to edit the xip sextion ...
i've tried your tool on 1.60c.07CHS rom for xdaII :
RomMaster.exe -w 5 -x -o test.bin nk.nba
result :
[Info] It is a common ROM.
[Error] File is damaged, end address small than start address.
[Error] File is damaged, end address small than start address.
RomMaster.exe -w 5 -x -o test.bin imgfs_raw_data.bin (created with mamaich's tool)
result :
[Info] It is a common ROM.
[Error] Load nb00 failed.
RomMaster.exe -w 5 -x -o test.bin img.bin (created by nba part 1C0000 to end)
result :
[Info] It is a common ROM.
[Error] File is damaged, end address small than start address.
[Error] File is damaged, end address small than start address.
How to save the XIP section ?

TofClock said:
RomMaster.exe -w 5 -x -o test.bin imgfs_raw_data.bin (created with mamaich's tool)
Click to expand...
Click to collapse
This would not work. My tool works with IMGFS and you need to edit XIP

and ... how to edit XIP ?

mamaich said:
My ROM has all needed info, I had to extract everything from rom image after 1C0000 address to a separate file and gave it to your tool. It is working perfectly. I've managed to delete and add a new file to ROM. I have not tested "-dm" option. It seems that all modules/files in XIP section of WM5 are uncompressed. I'm using BlueAngel's WM5 ROM. Later I'll try to replace boot.hv file with my own version.
Can you add a switch to your program "-s bytes" so that it woud skip the given number of bytes from file start, so it would be possible to work directly on NBA files with header?
Click to expand...
Click to collapse
mamaich, or anyone else, what did you use to extract after 1C0000?
splitrom?
any help would be greatly appreciated.
Russ

Wow , just an hex-editor like winhex or edithexa

i tried that w/xvi32, and it didn't seem to work. I guess I'll try again

Thx gmap for this great tool. 8)
Recently I want to replace the TureFFS.dll at the XIP area of Wizard OS ROM.
ftp://xda:[email protected]/Uploads/HTC_Wizard/Roms/Qtek/Qtek_9100_1_6_7_ENG__OS_ONLY.zip
I type the following command and it says that it cannot replace the file.
Code:
D:\>RomMaster.exe -d TrueFFS.dll -a TrueFFS.dll -w 5 -o new.nba os.nba
[Info] It is a common ROM.
[Warning] o32_rom(0x8c268ef8)'s o32_data at 0x00000000 is zero.
[Warning] Found dif-referenced region [OLD] Address=0x8c1e1290 Length=0x00000800 ObjectType=0x00200000
[Warning] Found dif-referenced region [New] Address=0x8c1e1290 Length=0x00000800 ObjectType=0x00008000
[Warning] Found dif-referenced region [OLD] Address=0x8c1fe538 Length=0x00000600 ObjectType=0x00200000
[Warning] Found dif-referenced region [New] Address=0x8c1fe538 Length=0x00000600 ObjectType=0x00008000
[Warning] Found dif-referenced region [OLD] Address=0x8c211018 Length=0x00000a00 ObjectType=0x00200000
[Warning] Found dif-referenced region [New] Address=0x8c211018 Length=0x00000a00 ObjectType=0x00008000
[Warning] Memory Block(0x8c101000,0x8c1510ac) overlap with Block(0x8c10288c,0x8c1028b8).
[Error] You want to get an object whose size is 108, but it is 112. RomOffset=0x8c268e00
[Error] Could not replace 'TrueFFS.dll' with 'TrueFFS.dll'.
However, I can successfully replace the boot.hv file. Do you know why?

ahlok_hk said:
Thx gmap for this great tool. 8)
Recently I want to replace the TureFFS.dll at the XIP area of Wizard OS ROM.
ftp://xda:[email protected]/Uploads/HTC_Wizard/Roms/Qtek/Qtek_9100_1_6_7_ENG__OS_ONLY.zip
I type the following command and it says that it cannot replace the file.
Code:
D:\>RomMaster.exe -d TrueFFS.dll -a TrueFFS.dll -w 5 -o new.nba os.nba
[Info] It is a common ROM.
[Warning] o32_rom(0x8c268ef8)'s o32_data at 0x00000000 is zero.
[Warning] Found dif-referenced region [OLD] Address=0x8c1e1290 Length=0x00000800 ObjectType=0x00200000
[Warning] Found dif-referenced region [New] Address=0x8c1e1290 Length=0x00000800 ObjectType=0x00008000
[Warning] Found dif-referenced region [OLD] Address=0x8c1fe538 Length=0x00000600 ObjectType=0x00200000
[Warning] Found dif-referenced region [New] Address=0x8c1fe538 Length=0x00000600 ObjectType=0x00008000
[Warning] Found dif-referenced region [OLD] Address=0x8c211018 Length=0x00000a00 ObjectType=0x00200000
[Warning] Found dif-referenced region [New] Address=0x8c211018 Length=0x00000a00 ObjectType=0x00008000
[Warning] Memory Block(0x8c101000,0x8c1510ac) overlap with Block(0x8c10288c,0x8c1028b8).
[Error] You want to get an object whose size is 108, but it is 112. RomOffset=0x8c268e00
[Error] Could not replace 'TrueFFS.dll' with 'TrueFFS.dll'.
However, I can successfully replace the boot.hv file. Do you know why?
Click to expand...
Click to collapse
In replace mode, new file should not biger than old file. So, you should delete old 'TrueFFS.dll' first, then add the new one(You can delete some file next to 'TrueFFS.dll' to get free space or move it to a big free space, then modify the file size and related infomation of 'TrueFFS.dll' by hand to make it bigger). Replacing module isn't stable, I confused by some of the module data. If you want to replace a module, it may not work. I haven't find a way that can be used to calculate all of the data.

gmap said:
In replace mode, new file should not biger than old file. So, you should delete old 'TrueFFS.dll' first, then add the new one(You can delete some file next to 'TrueFFS.dll' to get free space or move it to a big free space, then modify the file size and related infomation of 'TrueFFS.dll' by hand to make it bigger). Replacing module isn't stable, I confused by some of the module data. If you want to replace a module, it may not work. I haven't find a way that can be used to calculate all of the data.
Click to expand...
Click to collapse
Thx for your explanation. Actually the new file is smaller than the one being replaced. And I just found that I can only delete those non-module files while all modules could not be deleted.
Thx again. Hope to see new version if you have time to find out how to calculate the data. :wink:

How can i extract a kernel file (kbbdrv.dll)?
thanks

dherrero said:
How can i extract a kernel file (kbbdrv.dll)?
thanks
Click to expand...
Click to collapse
dumprom tool
But if you'll extract this or any other XIP DLL and then readd it to the same, or any other ROM it would not work.

Hello,
I have a Apache Rom,
I would like to delete nk.exe are replace it.
iv tryed:
rommaster -w 5 -d nk.exe nk.nba
also
rommaster -w 5 -d nk.exe -a nk.exe nk.nba
keeps telling me i can delete that file.
just to let you know: if i use dumprom i get the boot partition files (containing nk.exe) and if i use imgfs i get all the os files (not containing nk.exe)
Any help would be great thanks

you cannot delete nk.exe, and you should not even need to do that.

Extracting mpx200's ROM?

hi.
How can extract files from a mpx200 rom? I tried to use tools from the forum but with no success. Mpx200's rom is a file with .img extension. As i see so far in forum, rom's file extension for pda is .nbf. Is there any way to convert .img file into .nbf so i can use er2003edit program? Any other idea-guide that could help to extract the rom from my mpx200(wm 2003) would be very welcome. I couldn't find any resources on the web about extracting mpx200 rom and that's why i posted in this forum. I hope that i'm not totally off topic.
Thank you.
Nikos

I had a play with this a while back, to try to get MPX300 compatibility with VJCandela.
I believe the rom files have have a "B000FF header" (open it with a hex editor). Apparently splitrom can reassemble them into a rom we can play with, but it became more urgent to finish VJCandela then continue with this, so I put it aside. If you get anywhere on this, please PM or post so that I can see if I can make VJCandela cross compatible.
Many thanks!
V

I can upload a dumped mpx200 WM5 ROM to xda-developers FTP if needed.
These IMG files are somehow non-standard B000FF, I was unable to use splitrom to convert them to normal file.
You should dump ROM from a device, then remove a hole in the middle (probably MPx200 has 2 ROM chips at different addresses), then edit it manually because some idiot incorrectly edited that ROM to remove DevAuth.exe and broken its internal structure. After that you'll get a complete dump with broken ril.dll and gx.dll.
I wonder how that incorrectly patched ROM can even boot.

That would be interesting Mamaich. I'd appreciate it if you can.
Can we dump a live rom normally then? I'll try to speak to a guy with an MPX300 to get it dumped if possible, and try to upload it if he's successful.
V

hi.
I found so far that it's possible to convert the .img file, which is
used to update mpx200, into a .bin file. I opened the .bin file with a
hex editor and it starts with B000FF as you said. I don't know where i
can use this information or what it means. As you said it's the
header. When i try to dump rom with dumprom.exe i get an error message saying "unable to determine loading offset for out.bin". Looks like i have to find this offset myself and give it to dumprom. Could you help
me somehow on this?
Also where i can read a few things about the rom structure, xip and
stuff to understand what's going on.
Thanks!
EDIT1
Also tried with splitrom.pl.
With command splitrom.pl out.bin it gives me the following
B000FF entrypoint: 00000000
!!! your rom is not known to me: md5:
68847f4d859a242753798d9d0e205144
!!! your bootloader is not known to me: md5:
ea25e7468c09bf09a384a94cb4dcc67c
no operator rom found
no bitmap found
xip regions not found: 82d80000=LANG, 82040000=SMARTFON,
82d00000=OPERATOR, 82f2
0000=OE
And a lazy question. If i finally do it, i will get a folder in my
disk with all windows components unlocked and ready for modification?
EDIT2
Reading a few things about splitrom it says that it can handle bin
files with B000FF header. In our case(mpx200) we have a bin with
B000FF header. Right? So we can use splitrom to make the nk.nbf file.
An example on how to use splitrom.pl is the following.
perl splitrom.pl cfg/rom.nb1 \
-rm tmp/xda1.bin:0x81740000 \
-rm tmp/xda2.bin:0x81b00000 \
-rx tmp/xipchain \
-rb cfg/bootimage.bmp -ob 0x81ec0000 \
-rl cfg/bootloader.nb0 \
-wo nk.nbf -t nbf -n PW10A1-ENG-4.01-007
On the above, he opens rom.nb1 which is his rom file. Probably the
plain rom image format, i don't know the type. Then he refers to
another 2 files xda1.bin and xda2.bin. In my case i have only one
file, out.bin . He also uses bootloader.nb0, i don't have it or
something similar. Finally he writes nk.nbf file and gives it a
header. In my case i will give a B000FF header.
End.

nicktgr15, for extract files from 2002 and 2003 firmware you can use tools from http://onk.nm.ru/mpx200

Great site my friend onk. Great site. I hope i'll find something. Thank you.

Hi nicktgr15!
Any luck with the ROM extraction for MPx200?
Anyone here on this board can comment too.
I went to the link http://onk.nm.ru/mpx200 but can't really get thinks going with the WM2003 for MPx200.
I've the ROM but using dumprom.exe, I got something like 'can't determine the memory offset'.
So...where so I start?
I really need the SIMManager & Resource Manager for my WM5 MPx200.
Also, would like to have the SIM Tool Kit working on my phone since there's no way to interact with the SIM features.
Thanks anyone!

Please Upload the Dumped WM5 MPx200 Rom you are saying about!It will be a huge step!!!We can edit it,fix some bug,even make it work without the need of the SD Card...!!!

I've uploaded ROM dump to uploads/mpx200_dump directory on xda-developers FTP.
Buildimgfs tool is useless on this ROM, because 2 files in it are broken. Maybe addfile/delfile would work (but they would break data in imgfs_removed_data.bin). And of cause you have to manually remove hole inside ROM before working, and inject the removed data back before flashing. And figure out the format of imgfs_removed_data.bin and recreate it yourself.

For dump WM5 files you can use tool http://buzzdev.net/index.php?option=com_remository&Itemid=100&func=fileinfo&id=83
You must create directory "\Storage Card\" on SD and run this program on smartphone
I think this program work on many other devices with wm5
PS. you can read http://www.wce.by/forum/viewtopic.php?t=1517 (Russian language) about tools for firmware

Onk nice site but i can understand a thing!!!
Have you made a fixed version of wm5 for Mpx200?If yes where i can download it?
My goal is to make a cut down wm5 version that can fit on the 32MB ROM of MPx200...can that be possible?

I'm downloadl WM 2005 for MPX200 smartphone Build 14343 from sendmefile , but link id dead ;(
after extract files from archive, I convert part2.bin and part3.bin to CMCS IMGAGE (use BINtoIMG) and flash images to mpx200 (use Motorola Upgrade Wizard 1.8.x)
wm5 for mpx200 used SD card like /Storage on wm2003 and wm2002 (for save config, datafiloes, program etc)
Internal flash used only for firmware
for replace some files from firmware you can place it to /Windows on SD card
BUT! This build of WM5 work on 80-90% of mpx200 devices ;(
some devices can't run wm5.
And the speed of operation WM5 strongly depends of speed used SDcard (x80..x132 recomended)
Your file mpx200_wm5_bin_B00FF.7z (17460816 Bytes) is now online.
Your Download-Link: http://rapidshare.de/files/14495499/mpx200_wm5_bin_B00FF.7z.html
for extract files you must use 7zip archiver www.7zip.org

what?is this a fixed wm5 version?

does it works without the need of the SD?

NO
this version NEED SD

is there ANY chance to remove some files (Images,Sounds,maybe some prorams) from the WM5 ROM and make it work without the need of the SD?
I believe then,the OS would be STABLE and work Faster.
Let's make a Try!!!
What do you think?

part1.bin сontains magneto with use built-in flash memories (WM5 build 14122)
It is necessary to correct a little. Find in an firmware
Code:
0BFC440: 65 6D 72 65 67 69 73 74 │ 72 79 2E 64 6C 6C 00 44 emregistry.dll D
0BFC450: 65 76 41 75 74 68 2E 65 │ 78 65 00 62 74 68 61 74 evAuth.exe bthat
and change DevAuth.exe to AuthDev.exe for disable Device ID check
But this firmware contains one more "protection" - works before some date.
If before flashing set date 2004 - works normally. If the current date - show a modal system window with the message that is the version for developers.
How to disable this "protection" - it is not known yet
And it is not known about locking the register in this firmware
PS: In Firmaware structure ROM similar 2002/2003 is used. Use dumprom for extract files
PPS: my page is updated. Added simple manual about firmware and tools

mamaich said:
I've uploaded ROM dump to uploads/mpx200_dump directory on xda-developers FTP.
Click to expand...
Click to collapse
Can you please upload this dump somewhere once again? as it seems /mpx200_dump is already deleted from FTP.

The ExtRom Research thread (Trinity/Hermes, maybe others)

While cooking my german GPS rom I noticed that there is very little information about the ExtROM nb format. Right now we can't extract it, we can't rebuild it, we can't resize the partition.
So I figured it was time to put some research into the matter. I made a package that contains the following:
- 04_ExtROM.nb (from RUU_Trinity_HTC_GER_1.23.407.2_103_6275_1.38.00.11_108)
- extrom_dump.raw (a dump of the extrom area after flashing it)
- Content (content of the extrom, copied from device after unhiding)
The idea is to analyse how files are written from NB to flash and how they are stored inside the NB. The format should be identical with Hermes and maybe other devices.
The goals of this research are:
1) understanding the Extrom NB format
2) making an extraction tool for getting files out of extrom.nb files
3) making a rebuild tool that allows us to make custom extrom.nb files
4) Resizing the Extrom partition
Please post your findings in this thread, you can also contact me on IRC (#xda-devs on irc.freenode.net
Here's the file:
http://rapidshare.com/files/24740192/ExtromResearch.rar.html

Here's what I found out so far (only worked on it for a few minutes):
R1:
The Extrom nb seems to hold 7 versions of each file, probably for 7 different languages. Search for PP_AKv33-DefaultPage_ and you'll find:
PP_AKv33-DefaultPage_FIN-040b.CAB
PP_AKv33-DefaultPage_WWE-0409.CAB
PP_AKv33-DefaultPage_WWE-0409.CAB
PP_AKv33-DefaultPage_RUS-0419.CAB
PP_AKv33-DefaultPage_FRA-040c.CAB
PP_AKv33-DefaultPage_GER-0407.CAB
PP_AKv33-DefaultPage_FIN-040b.CAB
Those occur in the 7 different config.txt files. Maybe those cabs are not all really in the NB, at the very least they must be very similar. Otherwise it wouldn't be so easy to compress. I found 7 occurences of several cab files in the NB by searching for the first few bytes of them.
R2:
The raw dump does not contain the config.txt files (at least I couldn't find them). Maybe config.txt gets stored elsewhere. I also didn't find the cabs in the dump so far, maybe a different format or a bad dump.
I had used
pdocread.exe -w -d EXT_FLA -p Part00 0 0xa00000 extrom.raw
R3: Only one of the 7 files in NB actually is actually in the ExtROM content.
My conclusion from R1 and R3:
The extrom.nb holds information for different languages or OS versions. Depending on some information only one of those actually gets flashed.

I'm finding it strange that the extracted ext_rom and the dumped ext_rom haven't the same structure.
I own a wizard (Qtek9100) and using Typho5 to extract it from the RUU and using podcread to dump it from the phone i always get a FAT16 image file. I can then use a program like Winimage to browse and edit it as i like.
Are you sure the extracted ext_rom is correct?

I believe I did everything correctly, yes.
Trinity and Hermes are different from Wizard but my dump also seems to be FAT16. If you have experience with it could you please see if the Wizard tools work on my dump?
R4: The filesystem used for ExtROM seems to be TFAT16 (Transaction-Safe FAT).
The NB files contains 90 TFAT16 occurences. I'll see if there are tools for viewing/editing TFAT16.

ZakMcRofl said:
I believe I did everything correctly, yes.
Click to expand...
Click to collapse
If you remove the first 0x1040 bytes from the nb file you get something looking like a FAT16 image, but still not working correctly. I wonder if the nbh decoder by itsme as a bug that produces a corrupted extension_rom?
ZakMcRofl said:
Trinity and Hermes are different from Wizard but my dump also seems to be FAT16. If you have experience with it could you please see if the Wizard tools work on my dump?
Click to expand...
Click to collapse
I did I downloaded your dump and used Winimage to check the raw file and it showed an empty confused FAT16 image
ZakMcRofl said:
R4: The filesystem used for ExtROM seems to be TFAT16 (Transaction-Safe FAT).
The NB files contains 90 TFAT16 occurences. I'll see if there are tools for viewing/editing TFAT16.
Click to expand...
Click to collapse
Winimage allows it. There's a tutorial by Faria on how to cook ext_roms and flash it back to wizards and winimage is advised
cheers

This post says otherwise (regarding TFAT16, not FAT16)
The simpliest method.
1. Take MS_.NBA (a decrypted version of MS_.NBF). Open it in any hex editor, and search for bytes "EB FE 90 4D 53 57 49 4E 34 2E 31 00" ("ыРMSWIN4.1", there would be "FAT16" string a bit lower). The string should be found near offset 0x70000. Extract everything starting from the place you've found and up to the end of file to a file named "extrom.img"
2. Open "extrom.img" in WinImage, edit it as you like, save the file
3. Open the hex aditor and place modified "extrom.img" to the same place in MS.NBA file where it was before extraction.
that's all. Convert NBF to NBA and flash your ROM.
The same method cannot be used on Universal. It has TFAT16 instead of FAT16, WinImage knows nothing about TFAT and destroys FAT table. But there is a simple workaround.
Click to expand...
Click to collapse
Source: http://forum.xda-developers.com/showpost.php?p=847312&postcount=10

Well, winimage works perfectly with wizard nb files (decrypted nbf files)

Yes, apparently Wizard uses FAT16 whereas Universal (and Trinity Extrom) use TFAT16. The former can be opened, the latter not.
I'm currently compiling a file list for further analysis.

ZakMcRofl said:
Yes, apparently Wizard uses FAT16 whereas Universal (and Trinity Extrom) use TFAT16. The former can be opened, the latter not.
I'm currently compiling a file list for further analysis.
Click to expand...
Click to collapse
Maybe that's why Wizard's extended roms get corrupted when users try to delete files in it. Perhaps WM5 or WM6 use TFAT16 upon rebooting and it
screws up the reading

Filelist
I took the content files and searched for their occurrences in extrom.nb.
Here is the filelist with hex positions:
Code:
0x0000A280 BT_Table.CAB
0x0001F3B0 Config.txt (FIN)
0x00020A08 HTC_WM5DST_signed.cab
0x000485D0 MP_CVSDcpl_20060920.cab
0x000685B0 PP_AKv30-DefaultPage_ALL.CAB
0x0007DCF8 PP_AKv33-DefaultPage_???.CAB
0x00093850 PP_ExtVersion.xml
0x000956C8 PP_FixITS2654_SMD.CAB
0x000A2800 BT_Table.CAB
0x000B7930 Config.txt (WWE)
0x000B8F88 HTC_WM5DST_signed.cab
0x000E0B50 MP_CVSDcpl_20060920.cab
0x00100B30 PP_AKv30-DefaultPage_ALL.CAB
0x0012B7B8 PP_ExtVersion.xml
0x0012D630 PP_FixITS2654_SMD.CAB
0x0013A768 BT_Table.CAB
0x0014F898 Config.txt (WWE)
0x00150EF0 HTC_WM5DST_signed.cab
0x00178AB8 MP_CVSDcpl_20060920.cab
0x00198A98 PP_AKv30-DefaultPage_ALL.CAB
0x001C3720 PP_ExtVersion.xml
0x001C5598 PP_FixITS2654_SMD.CAB
0x001D26D0 BT_Table.CAB
0x001E7800 Config.txt (RUS)
0x001E8E58 HTC_WM5DST_signed.cab
0x00210A20 MP_CVSDcpl_20060920.cab
0x00230A00 PP_AKv30-DefaultPage_ALL.CAB
0x00246148 PP_AKv33-DefaultPage_???.CAB
0x0025BCA0 PP_ExtVersion.xml
0x0025DB18 PP_FixITS2654_SMD.CAB
0x0026AC50 BT_Table.CAB
0x0027FD80 Config.txt (FRA)
0x002813D8 HTC_WM5DST_signed.cab
0x002A8FA0 MP_CVSDcpl_20060920.cab
0x002C8F80 PP_AKv30-DefaultPage_ALL.CAB
0x002DE6C8 PP_AKv33-DefaultPage_???.CAB
0x002F4220 PP_ExtVersion.xml
0x002F6098 PP_FixITS2654_SMD.CAB
0x003031D0 BT_Table.CAB
0x00318300 Config.txt (GER)
0x00319958 HTC_WM5DST_signed.cab
0x00341520 MP_CVSDcpl_20060920.cab
0x00361500 PP_AKv30-DefaultPage_ALL.CAB
0x00376C48 PP_AKv33-DefaultPage_GER-0407.CAB
0x0038C7A0 PP_ExtVersion.xml
0x0038E618 PP_FixITS2654_SMD.CAB
0x0050DE80 MP_CVSDcpl_20060920.cab
0x00527EE8 Config.txt (FIN)
0x005282F8 HTC_WM5DST_signed.cab
0x005C9298 PP_AKv30-DefaultPage_ALL.CAB
0x005DE9E0 PP_AKv33-DefaultPage_???CAB
0x005F4538 PP_ExtVersion.xml
0x005F63B0 PP_FixITS2654_SMD.CAB
R5: Files are stored sequentially for each language.
I haven't found where the offsets and how the offsets are stored, maybe relative to the beginning of a language section. I haven't found the absolute offsets anywhere yet.