Database Users

DISASSEMBLE ROM IMAGE

Hi all,
Has anyone managed to disassemble the ROM image files and possibly "see" actual source code? It would be interesting if someone could do this.
Cheers,
Zouga

patridaaaaa!
Geia sou!
Source code is not compiled. what you find in ROM is compiled, thus you cannot see the source code. YOu could disasseble a ROM image to see what files it has, but I do not know how that happens

What source code do you need? Microsoft provides partial source code of Windows CE in Platform Builder. Trial PB 4.20 was removed from MS site, you can only download PB 5.0.

Geia sou AdmiralAK!
Thank you guys for your replies. I have some parts of the radio ROM in which I am trying to identify interesting segments, like for example SIM lock I think I know what I am doing, I have managed to download from the PDA parts of the Radio ROM (which I suspect remains intact when flashing to a newer Radio version). Also, I have some commands which are being used with the XDA IIs bootloader, can anyone help me about their use?
r task a
rpass
x
rrbmc (that's probably to read from specific memory addresses)
rerase (to delete from specific memory addresses)
retuoR
rwdata (to write in specific memory addresses)
Also, does anyone have any information on the XDA II unlocking utility? I mean which memory addresses accesses, where it writes etc...
Thanks,
Zouga

hahahaha "I think I know what I'm doing" :lol:
then why do you need to know how and where to write information, dude?
"Also, does anyone have any information on the XDA II unlocking utility? I mean which memory addresses accesses, where it writes etc... "
Unfortunately for you, I don't believe Windows CE is written using QBASIC.

Yeh exactly, "I THINK" I know what I am doing, never said I know exactly what I'm doing. I am not a cracker or a software engineer, I am an electronic engineer and I try to use my understanding about embedded electronics to get through to some useful information. I know in which segments of the Radio rom the simlock lies, I just cannot crack the data. I can only see HEX format like
3A 46 3D 00 78 0D 20 08 3A 41 3D 00 00 00 00 00 :F=.x. .:A=.....
Anyone that can give a hand with this, I would appreciate your input.
Regards,
Zouganelis

You can decompile the radio ROM using IDA. It uses a variation of ARM cpu.
read http://www.xs4all.nl/~itsme/projects/xda/xdagsm-info.html for xda2

is the shadow 07/09 devices ROM all compatible here?

is the shadow 07/09 devices ROM all compatible here?
mine is 2007 version. is it able to flash 2009's version ROM?
are they all compatible?

with proper mods, you can use 07 in 09 version. SInce 07 and 09 arent the same model (07 = JUNO, 09 = CONVERSE)

tramuyo said:
with proper mods, you can use 07 in 09 version. SInce 07 and 09 arent the same model (07 = JUNO, 09 = CONVERSE)
Click to expand...
Click to collapse
Can you please tell me what I need to do? I have a 2009 and need to load WM 6.5, cause the standard ROM is slow and buggy

tramuyo said:
with proper mods, you can use 07 in 09 version. SInce 07 and 09 arent the same model (07 = JUNO, 09 = CONVERSE)
Click to expand...
Click to collapse
If by proper mods you mean a full dump and port to the 09, then maybe. Problem is the 07 has a different chipset than the 09, and therefore the ROMs for the 07 are made for that chipset. To my knowledge, nobody has gotten past the dump stage of building a 09 ROM, because current kitchen components won't work with the newer chipset.
mantikos said:
Can you please tell me what I need to do? I have a 2009 and need to load WM 6.5, cause the standard ROM is slow and buggy
Click to expand...
Click to collapse
There's nothing you can do, unless you want to learn to cook and try building a ROM yourself. Oh yeah, and you'll need to be able to perform miracles as well.

[SOLVED] Patching device date and time

Hi friends,
I have another weird problem and I wonder if anyone has experience with this.
On my hd2 to enable the extra mem everybody knows you need to take a nk.exe from t-mous rom.
What I've also been reading is if you like to patch date and time on the device (the date and time you set during first device setup) you need to patch s000 in nk.exe.
I've been digging with a hex editor in s000 (up and down ) but the date that popsup on the device isn't the date that I find in s000.
I've also looked in nk.exe (a dump I have on the side) that original comes with the oemdrivers and there I did find the correct date (the date that pospup on the device).
So I think that means the patch for date and time isn't in s000 of nk.exe but must be in oemdrivers or maybe in another part of XIP?
It's also not in os.nb as that has the same date as s000, so I wonder where I could look else?
Anyone has an idea or can give me a suggestion?
Grtz,
Laurentius26

I also would like to know this Thanks!

Just use the new Ervius Kitchen (supports the new NK from 3.14 ROMs) to change the date of ur ROM, i.e patch it!
Too much HEX editing is not good ;-)
WBR
Siemens Lover

Believe me I've tried, and it didn't work.
The date I'm searching for is not present in NK.EXE s000
I've changed all 2010 values with 2011 in s000 (digging up and down), and still the device bootsup with 2010.
SiemensLover said:
Just use the new Ervius Kitchen (supports the new NK from 3.14 ROMs) to change the date of ur ROM, i.e patch it!
Too much HEX editing is not good ;-)
WBR
Siemens Lover
Click to expand...
Click to collapse

I don't know how it's with HD2, but on most devices date is stored like this:
HEX code:
Code:
DB07 0300 0400 0300 0C00
DB07 - 2011 (year) - 2010 (DA07)
0300 - March (month)
0400 - Thursday (day of the week)
0300 - 3rd (day)
0C00 - 12 PM (time)
So on device with this example you will see 3rd March 2011 - 12 PM

Here's my NK.EXE.
Maybe somebody likes to look at it?
I'm searching for the date 20 october 2010 in it, as that's what it shows if my device boots.
It's not present or I am terrible mistaking.
Thank you.

@Spiaatie,
Thanks for the tip my friend but I think I need to patch date somewhere else as nk.exe.

I was able to patch nk.exe with ervius kitchen xipporterex.
but the date still didn't change after I cooked the rom with the patched nk.exe.
So it's deffinitly somewhere else.

Are you trying to change the date in device info-->software info?

If wanting to add date to ROM, unsure of time...but date can be set in OEMVersion RGU by adding to yours like this....Not sure if this helps....
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\OEM]
"ROMVersion"="2.10.502.4 (93577)"
"ROMDate"="02/09/11"
WC

Hi mate,
That's not what I'm trying.
I'm trying to change the date that popsup during device setup.
ai6908 said:
Are you trying to change the date in device info-->software info?
Click to expand...
Click to collapse
Thank you WC, yes I know about that but that's not what I'm looking for.
Wild Child said:
If wanting to add date to ROM, unsure of time...but date can be set in OEMVersion RGU by adding to yours like this....Not sure if this helps....
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\OEM]
"ROMVersion"="2.10.502.4 (93577)"
"ROMDate"="02/09/11"
WC
Click to expand...
Click to collapse

If we modify the nk.exe with xipportex it only changes the value in Device Info -> Software -> ROM date. But we want to change the default time what is on the first start (welcome screens). I havent found any solution yet
EDIT:
Ok I've found the solution: we have to hex edit the date in msm_time.dll's S000 file in XIP (it looks like this: Aug 29 2010) . Default date on welcome screen is succesfully changed

Shady313 said:
If we modify the nk.exe with xipportex it only changes the value in Device Info -> Software -> ROM date. But we want to change the default time what is on the first start (welcome screens). I havent found any solution yet
EDIT:
Ok I've found the solution: we have to hex edit the date in msm_time.dll's S000 file in XIP (it looks like this: Aug 29 2010) . Default date on welcome screen is succesfully changed
Click to expand...
Click to collapse
I'm in the same boat now and thanks for the solution. Its exactly correct.
I though, the ROM date is present in nk.exe but it isn't. Its in msm_time.dll, atleast in HD2's
Thanks again...
Best Regards

That's a great find mate, thank you very much.
Shady313 said:
If we modify the nk.exe with xipportex it only changes the value in Device Info -> Software -> ROM date. But we want to change the default time what is on the first start (welcome screens). I havent found any solution yet
EDIT:
Ok I've found the solution: we have to hex edit the date in msm_time.dll's S000 file in XIP (it looks like this: Aug 29 2010) . Default date on welcome screen is succesfully changed
Click to expand...
Click to collapse

Qpst - mprg8960.hex [found!]

I'm looking for a copy of the MPRG8960.HEX file.
This file is used to build the 8960_msimage.mbn which is the OEM bootimage flasher used by the MSM8960 Emergency host down-loader (EhostDL) to boot bricked devices. The tool that builds that *.mbn image is: emmcswdownload.exe which is a program that come with the QPST software...
Apparently, some ZTE firmwares may contain these...
In addition it would be useful to be able to extract these files into pure images.
The HEX file content look like this:
Code:
0 :020000042A00D0
11 :10000000D1DC4B843410D773FFFFFFFFFFFFFFFFEE
3e :10001000FFFFFFFF500000005000002A348802005C
...
Any help would be much appreciated!

bump, this would be a greatly appreciated
Sent from my HTC One X+ p_type 0.91.0

I think I might have found it. It seem to be here, but it's on a Chinese site that requires registration, and I cannot complete registration, since they're asking to complete a Chinese captcha!

E:V:A said:
I think I might have found it. It seem to , but it's on a Chinese site that requires registration, and I cannot complete registration, since they're asking to complete a Chinese captcha!
Click to expand...
Click to collapse
Pssst: weasel.net / MPRG8660.HEX
Wat are you planning to use this for?

luncht1me said:
Pssst: weasel.net / MPRG8660.HEX
Wat are you planning to use this for?
Click to expand...
Click to collapse
Pssst: There's abit of difference between 6 and 9

luncht1me said:
Pssst: weasel.net / MPRG8660.HEX
Click to expand...
Click to collapse
Thanks I already have those. I have many, but not for the 8960. Which make me speculate that the MPRG8960.HEX is not needed, if it could be built into to one of the bootloaders and possibly extracted from there as well...

I think we should have a section for Qualcomm and Tegra based devices specifically for these purposes. Lots of people on forums with Qualcomm chips and similar issues that may unite great minds

I have checked latest QPST release(Q3 2012) and it did not come with this file, despite many other HEX files :crying:
are we 100% sure the file exists? if it is not packaged inside QPST.. where would it come from?

There's definitely code in the 8960 PBL for the programmer. The reason it's probably not included with QPST is because the programmer is signed and signature-checked in the same way as SBL1, which means there's a programmer for each OEM and probably a different one for each phone model by the OEM that uses the 8960.

I've been searching the web for the .hex and .mbn files.... I have failed to find anything. I did find on a Russian site that said the two files will not be able to be obtained because of the write protection on sbl 1, 2, and 3... I'm confident in the great minds of everyone here on XDA that we will find some way to bypass that wp without corrupting the files.
Sent from my One X using xda app-developers app

E:V:A said:
I'm looking for a copy of the MPRG8960.HEX file.
This file is used to build the 8960_msimage.mbn which is the OEM bootimage flasher used by the MSM8960 Emergency host down-loader (EhostDL) to boot bricked devices. The tool that builds that *.mbn image is: emmcswdownload.exe which is a program that come with the QPST software...
Apparently, some ZTE firmwares may contain these...
In addition it would be useful to be able to extract these files into pure images.
The HEX file content look like this:
Code:
0 :020000042A00D0
11 :10000000D1DC4B843410D773FFFFFFFFFFFFFFFFEE
3e :10001000FFFFFFFF500000005000002A348802005C
...
Any help would be much appreciated!
Click to expand...
Click to collapse
thanks to 18th.abn we now have 8960_msimage.mbn and partition_boot.xml:
http://forum.xda-developers.com/showpost.php?p=34274853&postcount=2256
have been searching everywhere for mprg8960.hex and tracked down a link in a chinese forum:
http://bbs.wpcnn.com/forum.php?mod=redirect&goto=findpost&ptid=25317&pid=580675&fromuid=77335
unfortunately the link is no longer active. i joined the forum, pm'ed the poster and posted in the thread, but haven't heard back. maybe if he receives more requests he'll create a new link?
i also downloaded the full firmware file linked in the op of that thread in the slight chance that mprg8960.hex would be included in it, but the file is a single .binx; no idea how to extract its contents. also, pantech uses an online update utility that requires the phone to be plugged in for it to work, so doesn't look like that is an option to extract the contents.

E:V:A said:
I think I might have found it. It seem to be here, but it's on a Chinese site that requires registration, and I cannot complete registration, since they're asking to complete a Chinese captcha!
Click to expand...
Click to collapse
I was able to register on that site (got English captcha), but it doesn't have the file, it's just a request.

We can Close this thread now, the real hex file and msimage.mbn has been posted in the R&D section
check
http://forum.xda-developers.com/showpost.php?p=35762370&postcount=46

I'm very HAPPY to announce that they have been found!
Here are your HEX files. MERRY CHRISTMAS!
Code:
8064_msimage.mbn
8930_msimage.mbn
8960_msimage.mbn
MPRG8064.hex
MPRG8930.hex
MPRG8960.hex
GPP8064.hex
GPP8960.hex
THESE ARE NOT TESTED! AFAIK. You could hard brick your device if you try to use/flash these, in case they have the wrong signature key, as expected by your HTC device. I TAKE NO RESPONSIBILITY with anything that happens if you use these.
Thread Closed!

I need a MT6260MA firmware

I recently got a smartwatch from my mother and I don't have his backup, I need help here has his info:
Internal RAM:
Size = 0x0000D000 (52KB)
External RAM:
Type = SRAM
Size = 0x00400000 (4MB/32Mb)
NOR Flash:
Device ID = "[WINBOND] W25Q32BV" (226)
Size = 0x00400000 (4MB/32Mb)
NAND Flash:
ERROR: NAND Flash was not detected!

Me too!
I have a GT08-Clone with MT6260MA and only 3072 KiloByte ROM. I made a mistake by Read Back, the Length has to be set to 0x00300000, i failed to make a Backup Next Problem is, that the Readback Extraktor is not able to read a ROM with just 3072 KiloByte. Anyway, someone managed, because there is an extracted MT6260MA-ROM with that Size on needrom (ROM DZ09 – mt6260ma). With that ROM I get the Switch-On-Melody, but the Screen is only white..
My original Firmware was x9mb_1.1_cst716a_mjw_gt08_xrm7789_lx9307_xf3029_61 53_6133_j_a_v1.0.4 build somewhen End of 2019. But it had no Browser, so i tried to change it..

erzieher said:
I have a GT08-Clone with MT6260MA and only 3072 KiloByte ROM. I made a mistake by Read Back, the Length has to be set to 0x00300000, i failed to make a Backup Next Problem is, that the Readback Extraktor is not able to read a ROM with just 3072 KiloByte. Anyway, someone managed, because there is an extracted MT6260MA-ROM with that Size on needrom (ROM DZ09 – mt6260ma). With that ROM I get the Switch-On-Melody, but the Screen is only white..
My original Firmware was x9mb_1.1_cst716a_mjw_gt08_xrm7789_lx9307_xf3029_61 53_6133_j_a_v1.0.4 build somewhen End of 2019. But it had no Browser, so i tried to change it..
Click to expand...
Click to collapse
did you find the rom file, i found one on 4PDA but the colours of LCD are inverted.
DZ09 MT6260MA 32/24: X9MB_1.1_CST716B_RQ_WB_DZ09_41_7789_9307BOE_6153_6123_J_LANA_V1.0.8
V15D_CSN_PCB01_gprs_MT6260_S00.MAUI_11B_W13_08_MP_V3_F9.bin 2019/11/18
maybe it works for you.
https: //drive.google.com/drive/folders/1XjN9ShkjOM9_ybwbOO8NKdn3fxqiOni_?usp=sharing"]https://drive.google.com/drive/folders/1XjN9ShkjOM9_ybwbOO8NKdn3fxqiOni_?usp=sharing
Mine it's X9MB_1.1_CST716A_MJW_GT08_41_X7789_9340C_6153_6133_J_A_V1.1.1 but i can't find the right firmware, hope somebody help!

WiZoOo said:
did you find the rom file, i found one on 4PDA but the colours of LCD are inverted.
DZ09 MT6260MA 32/24: X9MB_1.1_CST716B_RQ_WB_DZ09_41_7789_9307BOE_6153_6123_J_LANA_V1.0.8
V15D_CSN_PCB01_gprs_MT6260_S00.MAUI_11B_W13_08_MP_V3_F9.bin 2019/11/18
maybe it works for you.
https: //drive.google.com/drive/folders/1XjN9ShkjOM9_ybwbOO8NKdn3fxqiOni_?usp=sharing"]https://drive.google.com/drive/folders/1XjN9ShkjOM9_ybwbOO8NKdn3fxqiOni_?usp=sharing
Mine it's X9MB_1.1_CST716A_MJW_GT08_41_X7789_9340C_6153_6133_J_A_V1.1.1 but i can't find the right firmware, hope somebody help!
Click to expand...
Click to collapse
Thanks WiZoOo,
i have tried that rom, but the same as the rom from needrom. only difference: black screen with backlight, instead of white screen with backlight
i saw that thread on 4pda, but don't know russian language and >400 pages, so i didn't check it. maybe i should try, to see, if there are more roms, i can move to my watch.
anyway i am not shure, if i can find a rom with browser, because of the limited memory. without, the watch is quite useless for me..

help..
i think, i found the right rom on 4pda!
2 days ago someone posted on 4pda.ru/forum/index.php?showtopic=658007&st=6680 these two roms for gt08:
Прикрепленный файлпрошивка.rar ( 2,56 МБ )
Прикрепленный файлbackup_MT6260MA_32_24.rar ( 2,61 МБ )
but when i click it, i get 404-error. i think, only because i am not locked in.. but i can not register, because i don't know russian language and can't pass the anti-robot-check
please, anyone can help me, by getting these roms, or maybe send me login-data for 4pda?

erzieher said:
i think, i found the right rom on 4pda!
2 days ago someone posted on 4pda.ru/forum/index.php?showtopic=658007&st=6680 these two roms for gt08:
Прикрепленный файлпрошивка.rar ( 2,56 МБ )
Прикрепленный файлbackup_MT6260MA_32_24.rar ( 2,61 МБ )
but when i click it, i get 404-error. i think, only because i am not locked in.. but i can not register, because i don't know russian language and can't pass the anti-robot-check
please, anyone can help me, by getting these roms, or maybe send me login-data for 4pda?
Click to expand...
Click to collapse
well, the first one work on my GT08, i give you the link and hope works on your smartwatch, thank you for the files.
http s:// drive.google.com/file/d/1RE0716sejuj0X2vmXfg0btI7WvVwv3Km/view?usp=sharing
http s:// drive.google.com/file/d/1E_dWJrFn-rCMXPrG6APlQ3YOZUnxQrE5/view?usp=sharing

WiZoOo said:
well, the first one work on my GT08, i give you the link and hope works on your smartwatch, thank you for the files.
http s:// drive.google.com/file/d/1RE0716sejuj0X2vmXfg0btI7WvVwv3Km/view?usp=sharing
http s:// drive.google.com/file/d/1E_dWJrFn-rCMXPrG6APlQ3YOZUnxQrE5/view?usp=sharing
Click to expand...
Click to collapse
thanks WiZoOo,
i tryed both. seem to work on my watch (start-melody), but screen stay black. one question to you: do you have a browser now? if so, i will try to find the screendriver in the rom and try to change it, to get my watch propper working

erzieher said:
thanks WiZoOo,
i tryed both. seem to work on my watch (start-melody), but screen stay black. one question to you: do you have a browser now? if so, i will try to find the screendriver in the rom and try to change it, to get my watch propper working
Click to expand...
Click to collapse
yes, sorry for answer too late, it's hard to edit the rom file, i don't find anything about to change clock and even the icons and i'm not sure if you could find the right software to edit and mod the ROM file...

well, it was a cheap watch (< 10 €). I just let it lay arround and wait for the right rom to turn up. i did the same with amazon fire hd8 2018, after i lost temp root by auto-update to 6.3.1.2 last autumn (i'm shure i deaktivated upate-process before). and a little while ago, a clever guy managed to flash bootloader and shared instruction. so its working now with lineage os 15 very well. time sometimes solve all problems