Develop Bugs

Question on "hand modified XIP chain"

Could you explain please (very short description) how you modified the xip chain for rom kitchen?
All I can see is the following:
- no length (0)
- no RSA1 signature
- only file entries
What I want to know:
- how to find phys. (ROM) position (do you use unused holes in rom?)
- is 0 length for ROM = autolength
- how to choose the RAM position
- why can length of RAM be 0
Please help. (I need this info for a smartphone project)

I did not bother setting the length, only the 'pvAddr' field is used.
I only make fileentries, because I have yet to implement the generation of modules. ( if I ever do ).
yes, I use unused holes in the rom.
actually, if you don't care about xip updates of other sections, you
may use addresses anywhere in the rom, where your data fits.
It does not nescesarily have to be contigous.
I just copied the ram setting from the other xip entries.

Thank you for the information.
Why don't you take romimage.exe from platformbuilder to generate a XIP block. You only have to write a little .bib file for it. This tool can handle modules and compression as well.
John
P.S. Source code for romimage.exe is available in PB 4.2 private build tree.

I hadn't found that tool yet when I wrote makexip, and then we couldn't have made the romkitchen with it, since romimage.exe runs only under windows.

Don't waste your time with this crap tool (romimage.exe). Some needed files are missing (e.g. bin2xip.exe).
How can I be sure to choose a good phys. addr.? There might be some memory mapped devices...
I have one additional difficult question:
Modules are relocated when embedded into XIP's. Even there seems to be a modification to the import table of the module (e.g. references to coredll.dll will be checked/updated?)
If I extract a module (e.g. a *.dll) from a XIP of an other phone do I have to re-relocate it / modify it's import section even if I place it in a FILES section?
Thanks
John

converting bin to xip is not that difficult. see http://www.xs4all.nl/~itsme/projects/xda/wince-flashfile-formats.html
do you mean the 'physfirst' field in the romheader? that is just the startaddress in the rom.
since the relocation information is not stored in rom, the only way to really
recover it, is to disassemble the file, and find the offsets to stuff that
needs to be reallocated.
so that is a lot of work. and dumprom only extracts nonrelocatable .exe and .dll modules.
if your extracted dll is fixed to a memory location that overlaps with an already existing dll, you will have a problem I think.
I am not even sure, if an extracted dll works at all, I only use them for reverse engineering.

Yes, I mean phys first field. But how can I be sure to choose a valid address for the new XIP block?. My idea is to use address space between existing XIP blocks. Or can I simply choose a very high address (e.g. 8F000000) and hope not to use a region where memory mapped devices are located?
Since I used (your?) dumprom to extract the *.dll files do you think they are "nonrelocated"?
John
I ask so much because I crashed my lovely smartphone a week ago. :-(
My new XIP seems to be invalid... so it doesn't boot anymore. Unfortunately I've killed the bootloader too...
When I try next time (I've ordered a new one) this must not happen!

I am sure they are nonrelocated, fixed to run from a specific memory location.
( just wrote another post about this )
maybe even the module loader does not allow non-xip modules to be loaded in xip reserved memory.

THANK YOU VERY MUCH
I've got it. My Smartphone now have a new XIP block with some files in it...
Only thing left is to rewrite some *.dll files (only resource dlls with no function exports) to extend the language of the MIO 8380.
Are you familiar with languages on smartphone? There are multiple .mui files (resource dlls containing all the dialogs and strings). I've exported all resources and (re)created the dll's as resource only. Unfortunately they don't work ... yet ...
Are there some other files for language extension? What about "wince.nls" or "mxip_lang.vol" ?
Thanks again for your great tools. I will setup a site containing detailed information about this hack soon.
John Smith

cool, I am always interested to see how things work out that I haven't actually tried myself yet.
is this how you create resource only dll's:
http://www.xs4all.nl/~itsme/projects/programming/icondll.html

Currently I'am a little bit confused. PB 4.2 docu says MUIs are resource only .dlls and sample in smartphone sdk adds a dllmain...
I will have to investigate this things a little bit more...
John

O.K.
I've tried anything. The only thing left is that the new resource dlls are not XIPed as modules...
The sample mui app works fine (regardless of resource only / normal dll).
John
P.S. I've successfully changed all other settings some things already appear in the new language. Only poutlook, homescreen and control panel will not change!

Now after some more testing (included a dllmain into the mui file which logs the loading/unloading to file) it seems that my mui.dll is never loaded by system (if I load it manually with LoadLibrary the log is written).
Here is my question:
I've looked a little bit deeper into the dumped mui.dll and found a pointer in security section (pe header) which points to nowhere (just after the [virtual] end [rva] of all of the e32/o32 sections).
Could it be, that I've missed something? Does dumprom fill in this values correctly?
One other interesting idea could be to exchange only the data section of the module (since I want to patch resource only .dlls). But since english is a very short term language all other files will be bigger...
John

>>> I've got it <<<
the new (mui-language) modules have to be REAL xip modules...
So I've build a custom.bib file and used RomImage from CE3.0 Platformbuilder. Even compression is possible now.
Note: romimage.exe does the same thing as makexip.pl
To share my results here is the content of the .bib file I've used:
Code:
MEMORY
; Name Address Size Type
MYXIP 81f00000 0013f000 RAMIMAGE
RAM 8c020000 00fe0000 RAM
CONFIG
COMPRESSION = ON
PROFILE = OFF
ROMFLAGS = 2
ROMSTART=81f00000
ROMSIZE=13f000
ROMWIDTH=32
DLLHIGHADDR=00b00000
MODULES
; Name Path Memory Type
; ------------------------- ------------------------------- ------ ----
outres.dll.0407.mui input\outres.dll.0407.mui MYXIP SHU
syncres.dll.0407.mui input\syncres.dll.0407.mui MYXIP SHU
tapres.dll.0407.mui input\tapres.dll.0407.mui MYXIP SHU
tshres.dll.0407.mui input\tshres.dll.0407.mui MYXIP SHU
wmplayer.exe.0407.mui input\wmplayer.exe.0407.mui MYXIP SHU
FILES
; Name Path Memory Type
; ------------------------- ------------------------------- ------ ----
Busy.0407.mid input\Busy.0407.mid MYXIP
mxip_lang_799.rgu input\mxip_lang_799.rgu MYXIP
ms_splash.gif input\ms_splash.gif MYXIP
carrier_splash.gif input\carrier_splash.gif MYXIP
- The MYXIP region in MEMORY section is a hole in the ROM I've found with calcgaps.pl.
- The RAM region is copied from the other sections (they all use the same)
- ROMSTART and ROMSIZE have to be the same values as defined in MYXIP
- DLLHIGHADDR has to be the !!!lowest!!! loading address found with dumprom (header: dlls=...-... ).
Example: If the lowest address found is "header: dlls=00b00000-00c90000 ..." then DLLHIGHADDR has to be 00b00000
Don't care about the warning the warning "Unable to do imports from ... to COREDLL.dll - will late bind". Thats because coredll is in another XIP.
John
P.S. Thanks a lot for all of your support.
DETAILED INFORMATION ABOUT THIS HACK CAN BE FOUND HERE:
http://smartphonerom.tripod.com (only download the "detailed information")

bad_pool_header crash with WM5 upgrade

I upgraded my XDA Exec with the new ROM 1.30.162 WWE and Activesync 4.1 but each time I sync, I get a "bad_pool_header" error on a blue background which crashes my machine.
I installed Activesync 4.1 on another laptop to check if this problem was due to drivers etc on my main laptop, and discovered that the device syncs with no problems. There is, therefore, a conflict between the new Activesync 4.1 or the new ROM, and something on my main laptop.
Has anyone come across this problem?
Thanks

The problem is definitely on your PC. Reinstall motherboard drivers, reflash bios, remove antivirus, reinstall windows, etc.

Thanks - pretty drastic...!
Is there a short cut? ie reinstalling drivers one by one? If so, which are likely to be the main culprits? Motherboard? Broadband modem? etc
The error code after reboot of the laptop is:
BC code 19 BCP1:00000020 BCP2: 89A76000 BCP3: 89A766C0 BCP4: 0AD8000
OS Ver 5_1_2600 SP: 2_0 Product 256_1
\WER22c7.dir00\Mini052506-06.dmp
\WER22c7.dir00\sysdata.xml
Does this reveal anything that could explain which driver?
Thanks

10860 said:
Does this reveal anything that could explain which driver?
Click to expand...
Click to collapse
no.
You should create a complete crash dump, and use microsoft debugging tools to find faulting driver. Or better reinstall windows.

I looked at the minidump file and used MS debugger, the readout is below. I am not sure if I did the debugging ok, or how to interpret it. Anything useful in the readout?
Thanks
Loading Dump File [C:\Mini052406-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Wed May 24 20:25:34.038 2006 (GMT+1)
System Uptime: 0 days 0:52:32.633
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.......................................................................................................................................................................................................
Loading User Symbols
Loading unloaded module list
.................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {20, 88187000, 881876c0, ad80000}
Probably caused by : Unknown_Image ( nt!KeBugCheck2+4d4 )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: 88187000, The pool entry we were looking for within the page.
Arg3: 881876c0, The next pool entry.
Arg4: 0ad80000, (reserved)
Debugging Details:
------------------
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: 88187000
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
LAST_CONTROL_TRANSFER: from 00000000 to 8053331e
STACK_TEXT:
f78cab74 00000000 00000000 00000000 00000000 nt!KeBugCheck2+0x4d4
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KeBugCheck2+4d4
8053331e ?? ???
FAULTING_SOURCE_CODE:
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: nt!KeBugCheck2+4d4
IMAGE_NAME: Unknown_Image
DEBUG_FLR_IMAGE_TIMESTAMP: 0
BUCKET_ID: ZEROED_STACK
MODULE_NAME: Unknown_Module
Followup: MachineOwner
---------

Nothing useful, minidump does not have enough information
It is very difficult to debug pool corruptions.

[APP][27-Dec-09] LuaTool 1.2 - Lua Decompiler, Compiler and Compare

Intro:
This is an all-in-one tool for decompiling, compiling and comparing lua scripts found in Manila (TouchFLO 3D / Sense).
All this is a continuation of sztupy's original work: Lua 5.1 tools.
General:
LuaTool consists of 4 parts: Lua decompiler, Lua compiler, Lua compare utility and a Manila file type detection utility.
LuaDec 3.2 - Lua decompiler
Notes on latest version:
Major overhaul of the local finding algorithm. Most lua scripts can now be fully decompiled without a problem.
Manila 2.5.1921 has a total of 703 scripts (including embedded scripts). LuaDec can fully decompile 663 files. That's a success rate of 94.31%.
General notes:
LuaDec automatically checks if the output file was decompiled successfully.
If it wasn't, LuaDec will also output the disassembly and compare file.
In case the decompile was 100% good, LuaDec will only output the standard .lua file as before.
LuaC 1.2 - Lua compiler
Binary function replacement:
LuaC can directly replace functions in compiled luac files. This can be useful if the luac file can't be fully decompiled, but only a small part of the file needs to be edited. Some more info on function replacement.
Continue statement:
The "continue" statement has been added to the Lua Compiler.
Lua doesn't officially support continue statements, but it looks like HTC added it for their needs, so I'm following their lead.
Usage and versions:
Code:
LuaTool 1.2 by Co0kieMonster
Usage: LuaTool <task_select> [task_options] <task_input>
Tasks:
/decompile (or /d) -- Lua Decompiler
/compile (or /c) -- Lua Compiler
/compare (or /cr) -- Lua Compare utility
/detect (or /dt) -- Manila file type detect utility
LuaDec 3.2
Usage: LuaTool /decompile [options] <inputfile>
Available Options:
-o <filename> specify output file name
-dis don't decompile, just disassemble
-f <number> decompile/disassemble only function number (0 = global block)
LuaC 1.2
Usage: LuaTool /compile [options] <inputfile>
Available Options:
-o <filename> specify output file name
-s strip debug information
-r <n> <luac_file> replace function <n> in <luac_file> with <inputfile>
LuaCompare 1.2.1
Usage: LuaTool /compare [options] <original.luac> <newfile.lua(c)>
Available Options:
-o <filename> specify output file name
-s side by side file comparison
-du disable underline
ManilaDetect
Usage: LuaTool /detect <inputfile>
LuaTool changelog:
# LuaTool v1.2
-updated LuaDec to v3.2, LuaC to v1.2 and LuaCompare to v1.2.1
# LuaTool v1.1
-updated LuaDec to v3.1, LuaC to v1.1 and LuaCompare to v1.2
LuaDec changelog:
# LuaDec v3.2
-Local guesser improvements
---major overhaul - gives much better results
-Conditionals handling improvements
---fixed elseif not being recognised in some cases
---added partial support for complex inline boolean assingment
-General improvements
---fixed single function decompile
---fixed table assignments where there are more then 16 values
---better error handling
# LuaDec v3.1
-Conditionals handling improvements
---wrote a brand new algorithm for handling complex logic expressions
---fixed falsely detected generic for loops
---fixed misplaced if end, because of end-to-break optimization
-Local guesser improvements
---declarations at CALL before RETURN
-General improvements
---fixed indents not behaving properly in some cases
---fixed LOADNIL assignments where the destinations are local variables
---decompiler now displays success rate after decompile
---added SETLIST handling
# LuaDec v3.0.4
-General improvements:
---added back error messages
---fixed variable arguments handling
---fixed multiple inline assignments
---fixed a rare if ending misplacement
-Local guesser improvements at:
---inline bool assignments
---table in table situations
---TAILCALLs
---CALLs which return multiple results
---locals declared just before TEST ops
---SETTABLE where b isn't a constant
# LuaDec v3.0
-core rewrite and cleanup
-more accurate especially with conditionals and loops
-some miscellaneous accuracy improvements
-added extra info to script header (date, time, file name and manila name)
-LuaCompare updated to v1.0.1 (compatibility)
# LuaDec v2.1
- Less crashing:
--- added a failsafe for crashing on bad registers
--- fixed crash on SETUPVAL
--- fixed crash on SETLIST
- Better conditional handling:
--- fixed handling of deeper nested else and elseif
--- fixed handling of empty if-end and else-end blocks
--- added break handling
- Better table handling:
--- fixed inline table assignments
--- fixed handling of numerically indexed tables
- Adjustments to local guesser:
--- fixed guessing for inline table assignments
--- fixed guessing for SETGLOBAL and SETUPVAL at PC 1
LuaC changelog:
# LuaC v1.2
-added binary function replacement
# LuaC v1.1
-added "continue" statement
LuaCompare changelog:
# LuaCompare v1.2.1
-small change to support single function decompile
# LuaCompare v1.2
-pre-compare disassembly is now done internally instead of writing to disk and reading
-added a console message with match percentage
# LuaCompare v1.1
-initial version integrated in LuaTool

Go co0kiemonster! You da man!

boy oh boy ... cant believe that, thanks
time to get back to the keyboard and do some hack0r's stuff
see you guys

I like the new compare output a lot! Saves some lines in the manilatool.cmd as well. Do you plan on updating all the ruby tools or just the compare?
Muchos gracias

12aon said:
Do you plan on updating all the ruby tools or just the compare?
Click to expand...
Click to collapse
Probably all (except luadecguess, which is redundant because luadec has an internal guesser since version 2.0). But I hadn't planned on doing it any time soon - right now, luadec is keeping me pretty busy. I'm doing a semi-rewrite of it in order to inject some OOP love (port to C++) and then hopefully make a proper conditionals and loops engine.

I don't mind OOP love . Hey I somebody came with this idea about luadec but as it turned out I misunderstood him. He was actually talking about the m9editor. Nevertheless the idea is good. You tell me if it's doable.
Wouldn't it be a good idea to include the full manila name in the lines of code as well (If known). Going a bit further might it not be an even better idea to include some more diagnostic info there.
Thing I can think of are manila version (although I can't imagine a foolproof method), date, full manila path name maybe some diagnostics.
You know I'm going to keep you occupied right?

12aon said:
Wouldn't it be a good idea to include the full manila name in the lines of code as well (If known). Going a bit further might it not be an even better idea to include some more diagnostic info there.
Thing I can think of are manila version (although I can't imagine a foolproof method), date, full manila path name maybe some diagnostics.
Click to expand...
Click to collapse
Full manila name and date aren't a problem. I'll add them in the next release.
Manila version would have to be set by the user so that's a bit problematic. But it would be great to have. I'll try to think of good way to add it.
As for diagnostics: Did you mean adding something other than the "-- DECOMPILER ERROR: ... " lines, or just making those lines a bit more useful?
12aon said:
You know I'm going to keep you occupied right?
Click to expand...
Click to collapse
I'm counting on it

Co0kieMonster said:
Full manila name and date aren't a problem. I'll add them in the next release.
Manila version would have to be set by the user so that's a bit problematic. But it would be great to have. I'll try to think of good way to add it.
As for diagnostics: Did you mean adding something other than the "-- DECOMPILER ERROR: ... " lines, or just making those lines a bit more useful?
I'm counting on it
Click to expand...
Click to collapse
The version number can be found in a package here:
Code:
[HKEY_LOCAL_MACHINE\Software\HTC\Manila]
"Version"="2.1.19193517.0"
That's either the .reg or .rgu file
It can also sometimes be found in the package name. But these things are very unpredictable. In that sense it could only be used as an extra. I don't know if any of the exe's in the package hold the info.
By diagnostics I was referring to my lack to come up with anything else. I hoped your developer instincts would lead you to add in the rest for me. But now that I think of it maybe something amount of errors in the script or amount of opcodes, maybe the number of functions. I don't know why, or how it would be useful so probably just leave out that part. Unless you disagree of course,
12

12aon said:
You know I'm going to keep you occupied right?
Click to expand...
Click to collapse
LOL 12 has a new toy!
I guess it would be dumb to ask if you intend to use this in your Manila kitchen! LOL

Asphyx said:
LOL 12 has a new toy!
I guess it would be dumb to ask if you intend to use this in your Manila kitchen! LOL
Click to expand...
Click to collapse
It is already part of the kitchen , co0kie has been helping us for a while now. He is the one who added the lua scheme to notepad2

Ive been trying to use this on the lua files in the sprint hero but no matter what i try i get the error "Bad header in precompiled chunk"
Any thoughts/ideas?

You sure hero's got lua files? Would you mind sharing them?
12

pentace said:
Ive been trying to use this on the lua files in the sprint hero but no matter what i try i get the error "Bad header in precompiled chunk"
Any thoughts/ideas?
Click to expand...
Click to collapse
Might be a different encoding.
Can you upload a few of the files so I can check it out?

Version 3.0 is up
Some info:
Version 3.0 is a complete rewrite of LuaDec. It's more accurate then 2.1, especially when large loops are involved. It might just need a little bit more tweaking but conditional and loop handling is almost perfect. The next big thing to tackle is local guessing, and that will come in a later version.
LuaDec has also generally been cleaned up, so no more obsolete command line switches or memory leaks.
It can also retrieve the full manila name and add it to the file header. E.g.: if you decompile 0bd9db81_manila, LuaDec will add \windows\htc\people\scripts\people\peoplegroupdeta il.luac to the decompiled script header for better reference. For this to work you need to have the m9editor.names.txt file in the same folder as LuaDec.
Now that I've done this rewrite I should be able to accelerate development. And there are some cool new feature coming in future versions.

Decompile Luaplugins for lightroom
Hi,
I just wondering if it is possible to use this to decompile any lua files, the one i'm looking for is decompiling lightroom plugins

skrollster said:
Hi,
I just wondering if it is possible to use this to decompile any lua files, the one i'm looking for is decompiling lightroom plugins
Click to expand...
Click to collapse
LuaDec has been tuned specifically to HTC's Lua variant. Theoretically it should decompile any Lua 5.1 scripts, but it might be incompatible with the character and number encodings of non-HTC scripts. I'm not sure about the specifics, since those adaptation were done before my development efforts - see here for some of the details: http://forum.xda-developers.com/showpost.php?p=3466886&postcount=249
You can always give it a try and see what happens. It can't hurt

Co0kieMonster said:
LuaDec has been tuned specifically to HTC's Lua variant. Theoretically it should decompile any Lua 5.1 scripts, but it might be incompatible with the character and number encodings of non-HTC scripts. I'm not sure about the specifics, since those adaptation were done before my development efforts - see here for some of the details: http://forum.xda-developers.com/showpost.php?p=3466886&postcount=249
You can always give it a try and see what happens. It can't hurt
Click to expand...
Click to collapse
It just gave me an almost blank file, the only thing in it was some stuff i guess you add to all files

skrollster said:
It just gave me an almost blank file, the only thing in it was some stuff i guess you add to all files
Click to expand...
Click to collapse
Yeah, that's definitely because of the different encodings. Sorry, but I guess it's not going to work.

Too bad really, is it possible to create a decompiler for the encoding used for adobes applications? if so, is it much work to change it?

I'm not sure. Upload one or two lua files so I can take a look.

Android port for Samsung WAVE3 (GT-S8600)

Hi all.
This thread only for developers! Only! No questions - when?!!!!!!!
This is my attempt to porting android on S8600.
I wrote custom bootloader - emmcboot, based on codeaurora LK-bootloader.
Bootloader is successfully start, work and trying to load android kernel from internal
microsd card.
Now is unsuccessfully,after type message "Uncompressing Linux... done, booting the kernel." device rebooted or stopped.
[370] Panel is power on
[370] Display initialized
[370] Display logo
[370] Waiting for modem+++
[370] Waiting for modem: Done
[370] smem ram ptable found: ver: 0 len: 6
[370] scratch: 0x8000000
[370] Starting in SD mode!
[370] SD_DETECT pin : 0x0
[380] Initializing MMC host data structure and clock!
[380] Error No. 2: Failure Initializing MMC Card!
[400] Decoded CID fields:
[400] Manufacturer ID: 27
[400] OEM ID: 0x5048
[400] Product Name: SD16G
[400] Product revision: 3.0
[400] Product serial number: 7C88FF04
[400] Manufacturing date: 2 2012
[410] Serial number -[410] serial number:
[410] partition misc doesn't exist
[410] error in emmc_recovery_init
[580]
kernel @ 208000 (4132528 bytes)
[580] ramdisk @ 1200000 (175204 bytes)
[580] cmdline = 'console=null androidboot.hardware=qcom user_debug=31'
[580]
Booting Linux
[580] smem ram ptable found: ver: 0 len: 6
[580] booting linux @ 0x208000, ramdisk @ 0x1200000 (175204)
[590] cmdline: console=null androidboot.hardware=qcom user_debug=31
Uncompressing Linux... done, booting the kernel.
source code for lk-bootloader for S8600:
https://github.com/Oleg-k/LK_BOOT_S8600
To build for S8600, type: "make -j4 s8600 EMMC_BOOT=1"
Also, i got memory dump, stage - after load oemsbl and before loading my bootloader.
as we see, oemsbl decompress and load apps_compressed.bin into memory,
starting at 0x200000.
https://www.dropbox.com/s/5wf6dp5gfgudkdc/MEM_DUMP_128MB.rar
And for for understanding boot process on MSM7x30, read this:
http://tjworld.net/wiki/Android/HTC/Vision/BootProcess#BootProcess

Welcome back my friend ))
If you able to port,I 100% will buy S8600
Good Luck

I was actually going to ask you what happened to the wave 3 port. Anyway Welcome back . But a question why don't you help rebellos and volk in the wave and wave II porting ? So the porting can be a bit more better. Just my question. :good:

Sounds interesting.
1.
You found ELF files for S8600 Boot ?
2.
You found way without JTAG, or JTAG is needed to write your Boot?
Thanx in advance.
Best Regards

CONFIG_DEBUG_LL
and
CONFIG_EARLY_PRINTK
plx <3

it's my current config for my kernel:

adfree said:
Sounds interesting.
1.
You found ELF files for S8600 Boot ?
2.
You found way without JTAG, or JTAG is needed to write your Boot?
Thanx in advance.
Best Regards
Click to expand...
Click to collapse
No, don't ELF files for S8600, i wrote new bootloader for boot linux kernel.
Now i use JTAG, but if we find a way to cript my bootloader,like appsboot.mbn,we will use regular multiloader

So cool!

http://forum.xda-developers.com/showthread.php?t=1443575
Blowfish encryption
Click to expand...
Click to collapse
Maybe PlatformDownloader_S8600_KI5.exe maybe have unsecured Boot...
But I can't flash nor I have connected my S8600 with RIFF...
TPs seems to small for my big Fingers...
Best Regards

oleg_k said:
it's my current config for my kernel:
Click to expand...
Click to collapse
Thanks. I'd check debug macros and debug uart configuration. There's few UART ports in it, and maybe kernel is printing to the wrong one... though this wouldn't explain why kernel unpacker is printing something (Uncompressing and booting comes already from zImage) - this would indicate that debug port number is correct. Are you sure that kernel and ATAGs location is correct, and RAM is set up properly by LK? Maybe something bad happens when kernel proceeds to enabling MMU and caches... I'm pretty clueless. :<
I collected some links I found useful in this article: http://xda-university.com/as-a-developer/porting-android-to-non-android-devices
Especially interesting for you might be last link in "Custom bootloader" section.

No, don't ELF files for S8600, i wrote new bootloader for boot linux kernel.
Now i use JTAG, but if we find a way to cript my bootloader,like appsboot.mbn,we will use regular multiloader
Click to expand...
Click to collapse
For S8500 I found way to write direct into OneNAND at:
Code:
0x0010 0001
No need to encrypt something...
With Multiloader... choose ETC.
http://forum.xda-developers.com/showpost.php?p=37229969&postcount=37
S8600 not tested...
This is far far away from perfect... but maybe helpfull.
Need someone who is able to remove restriction from ML to use lower adresses then 0x10000...
I was only able to change text strings... in ML...
Best Regards

On first page i posted bootloader source and memory dump, stage - after load oemsbl and before loading my bootloader.
To Adfree,
S8600 don't use OneNAND, used EMMC flash memory (like sd-card).

Today I've found S8600XXKI9.zip
I have forgotten this Firmware... but I have now short compared with Bootfiles from XXKJC... BIG differences... So I think this should be nearly identical with PlatformDownloader_S8600_KI5.exe
Still unsolved to decrypt or extract content of:
PlatformDownloader_S8600_KI5.exe
and
PlatformDownloader_S8600_KJ7.exe
Best Regards

Not my S8600... but user tried PlatformDownloader_S8600_KJ7.exe
It seems it was wrong Partition Table aka partition.bin...
Code:
Boot Binary Download Start Ch[0]
Appsboot 338.7KB OK[1.1s]
OemSbl 1757.7KB OK[1.8s]
ERR : NAK_FLASH_ERROR 0
Error : [B]partition Write[/B] [0.2s]
ERR : NAK_FLASH_ERROR 0
Download Start Ch[0]
Amss 16654.3KB OK[15.6s]
Apps 29622.3KB OK[54.1s]
_Open_Europe_Common 40370.2KB OK[73.5s]
(Low) 2980.3KB OK[1.9s]
ERR : NAK_INVALID_CONTENT 0
ERR : _Open_Europe_Common Erase
Now S8600 ask for QHSUSB_DLOAD
My first idea is Qualcomm QPST now...
Or maybe if Driver used, then Multiloader will work again... for second attempt..
Found only 64 Bit Driver yet... not tested nor Thread... only attachment...
http://forum.xda-developers.com/attachment.php?attachmentid=631288&d=1308601930
Will check also QPST to check what is needed...
Best Regards
Edit 1.
More Driver...
http://forum.xda-developers.com/showpost.php?p=21911621&postcount=2

Okay...
It seems for QPST fsbl.mbn is missing...
I can remember from old MSM6250 handsets it is mandatory to have all files for QPST... because otherwise you need JTAG...
Important...
Qualcomm not use Encryption for QPST files...
This is Samsung thingie + "end.bin" last 1024 Byte...
So decrypt all Bootfiles and cut last 1024 Byte...
For fsbl.mbn I will check JTAG dump from S8600...
Best Regards
Edit 1.
http://forum.xda-developers.com/showthread.php?t=1367055
downgrade_WM6_boot.zip contain fsbl.mbn ... maybe as example...

http://forum.gsmhosting.com/vbb/f634/htc-desire-s-qhsusb_dload-driver-1436354/
Found this...
Here is also fsbl.mbn maybe not available... or...
But maybe if we can attach such S8600 we can see few infos...
Best Regards
Edit 1.
About QPST Version contain this eMMC...
Code:
4. RELEASE NOTES
...
10/27/11 QPST [B]2.7.378[/B]
1) Add support for QSC11x5 CDMA only (4073) and CDMA+GSM (4074).
2) Fix problem with eMMC Software Download not correctly patching addresses > 8 GB.
10/13/11 QPST 2.7.377
1) Fix crash when QPSTServer.config are NULs (bad format).
2) Add model ID 4072 = "APQ8064". Apps processor only, no service programming.
3) Change flash programmer name from nprg9615.hex to nprg9x15.hex.
4) Add emergency download support for user partitions.
5) Fix case where user partition download fails if the flash programmer is on a file share.
6) Fix error case when add port is used but no port is specified.
7) Fix case where restoring an EFS file doesn't work if the file was modified by QXDM.
8) In Service Programming BC SMS fix case where if user enters 32 as the service type it get written to NV as 4096.
9) Fix case where a phone will stay in "no phone" state if the phone takes > 20 seconds to reboot.
10) Take care of cases in eMMC Software Download where we try to lock the disk volume but the drive letter isn't available.
11) Fix "server busy" issue when a device connects but it's modem isn't running.
12) Insert more status message in Memory Debug app so that we can see why fast unframed dump failed.
8/17/11 QPST 2.7.375
1) Add support for MDM9615 (model 4070). Rename model 4068 to 7627A-ANDROID from SURF7627A.
Add model 4071 (7627A-WinMob). Add 1x/UMTS service programming to 4068 and 4071.
2) eMMC Software Download: Don't try to lock volume if drive letter not present.
Devices that use GPT will not mount and get a drive letter assigned.
7/22/11 QPST 2.7.374
1) Added missing file to installer to fix Service Programming problem in 2.7.373.
2) For eMMC Software Download, abort the download if a sparse="true" directive is present.
Sparse files cannot be downloaded with QPST, only with fastboot.
3) Began the process of moving QPST application and server settings from registry to
configuration files.
4) Added more error checking to EFS Explorer file drop code.
7/5/11 QPST 2.7.373
1) Add support for SURF8960 model ID 4069.
2) Fix issue with Port Enable/Disable for IP Ports.
3) NAND Software Download: Correct flash programmer descriptions for 7225A, 7625A, 7227A, and 7627A.
4) Roaming List Editor: Added two new bands LTE 24 and LTE 25.
5) eMMC Software Download:
- Fix problem where some file names print as "(null)".
- Add support for Meta Build contents.xml file ("Build Contents"). The contents file will provide the path for the
rawprogram and patch files, extra search paths, and names of flash programmer and boot image files.
- Ignore unexpected elements in schema.
- Support zeroout directive to zero parts of partitions.
- Allow usage by app of "orderly" as well as surprise removal storage devices.
- Add support for computations in the <patch> (CRC32 for GPT support), <program>, and <zeroout> directives.
6) EfsExplorer:
- Enable reset button in Efs Explorer even if target not in offline mode.
- More text description in Mode column for Efs Explorer
- Modify the list context menu of Efs-Explorer.
- If the proposed item file size copy is > 2048 bytes, warn the user and bail out.
...

Adfree,
link pls for founded S8600XXKI9.zip

link pls for founded S8600XXKI9.zip
Click to expand...
Click to collapse
http://hotfile.com/dl/145796951/79ecec6/S8600XXKI9.zip.html?lang=de
Try this. If not then I search again...
About fsbl.mbn...
I have searched for fsbl_hw.c string in 4 GB JTAG dump SAMSUNG_GTS8600_FullFlash.bin...
Can not find so I think fsbl is not or in other area...
About your Memory Dump FROM_MEM_0_128MB.bin
I am not 100 % sure but maybe read problems...
Short tried to extract Cert, but string Qualcomm is not written correct...
Q5alcomm1
qualcoem.com
Click to expand...
Click to collapse
Best Regards

I try to read again memory dump )
thanks for links...
Also,
i find,what samsung used OKL4 Microkernel 3.0 (maybe 4.0)
http://wiki.ok-labs.com/Release/3.0
About ver 4.0 --
The OKL4 Microvisor is designed from the ground up as a high-performance mobile virtualization platform. It is a microkernel-based embedded hypervisor - called a Microvisor, with a small footprint and the right combination of performance and hardware support to target mobile telephony use. The OKL4 Microvisor 4.0 is distinguished by supporting mobile virtualization, componentization, and security, enabling a new generation of applications and capabilities with impact across the mobile ecosystem.
OKL4(with Qualcomm RTOS) also used in modem AMSS
http://forum.xda-developers.com/showthread.php?t=1829915

Need overview/list with Firmware packages with Bootfiles included...
Here this is what I have...
Later I will compare if difference...
Code:
XXKI9
XXKJC
S8600BOKJ1_TPLKJ1.rar
S8600BOKK6_S8500TPLKK7_T-Mobile.rar
S8600JPKK2_S8500OJPKK2_OJP.rar
S8600ZCLA1.7z
S8600NAKL1_S8600EPLKL1
Best Regards

[TOOL] Huawei Update Extractor [UPDATED: v0.9.9.5] | OPEN-SOURCE LIBRARY

Huawei Update Extractor
After messing around a bit with the perl tools available for extracting Huawei update.app files,
i got the idea to create an own (windows) tool.
Requirements
(All versions <= v0.9.9.3 need .Net Framework 3.5)
Latest version uses .Net Framework 4.6.1
Install
Extract the content of the zip to a folder somewhere on your system.
Execute HuaweiUpdateExtractor.exe
I'm planning to create an installer sometime.
Usage
Press the browse (...) button and select an update.app file. Select a device or unknown and press on the open button.
You'll see the content of the update.app file in the listview.
Select one or more files and right click. Choose Extract selected from the context menu.
Choose the ouput folder and press ok.
Or just right click on the list and select Extract all, choose the output folder again and press ok.
Press close on the extract window.
You can sort the list on sequence, filename and size. Just press on the desired column header.
Command line:
HuaweiUpdateExtractor extract input output [profile]
HuaweiUpdateExtractor repack input output profile
Profile
The profiles.xml file is used to identify the files in the update.app file. Every file in the update.app has a sequence or type, which is also
shown in the list. Those sequences or types are used to identify the file/device partition.
Example:
Code:
<?xml version="1.0"?>
<Profiles>
<Profile name="Unknown" author="worstenbrood">
<Files/>
</Profile>
<Profile name="Huawei G510-0100" author="worstenbrood">
<Files>
<File sequence="00000000" partition="/dev/block/mmcblk0p17">system.img</File>
<File sequence="40000000" partition="/dev/block/mmcblk0p13">recovery.img</File>
<File sequence="80000000" partition="/dev/block/mmcblk0p03">baseband.img</File>
<File sequence="EC000000">version.txt</File>
<File sequence="E4000000">splash.raw565</File>
<File sequence="FC000000" partition="/dev/block/mmcblk0p12">boot.img</File>
<File sequence="70000000" partition="/dev/block/mmcblk0p16">cust.img</File>
<File sequence="30000000" partition="/dev/block/mmcblk0p18">userdata.img</File>
<File sequence="FE000000" filetype="signature">signature</File>
<File sequence="FF000000" filetype="checksum">crc</File>
</Files>
</Profile>
<Profile name="Huawei P6" author="worstenbrood">
<Files>
<File type="system" partition="/dev/block/mmcblk0p16">system.img</File>
<File type="cache" partition="/dev/block/mmcblk0p17">cache.img</File>
<File type="cust" partition="/dev/block/mmcblk0p18">cust.img</File>
<File type="userdata" partition="/dev/block/mmcblk0p19">userdata.img</File>
<File type="modemimage" partition="/dev/block/mmcblk0p13">modemimage.img</File>
<File type="boot" partition="/dev/block/mmcblk0p12">boot.img</File>
<File type="recovery" partition="/dev/block/mmcblk0p11">recovery.img</File>
<File type="md5rsa" filetype="signature">signature</File>
<File type="crc" filetype="checksum">crc</File>
</Files>
</Profile>
</Profiles>
<Profiles>
- Root tag of the xml file.
<Profile>
- Identifies a device
- attribute name: name of the device
- attribute author: author of the device
<Files>
- File root tag
<File>
- Identifies a file
- attribute sequence: sequence of the file in update.app
- attribute type: type of the file in the update.app
- attribute partition: destination partition on the device
- attribute filetype: can be one of the following values:
* signature: used to identify the signature file
* checksum: used to identify the checksum file
- value: file name
You can add or edit devices. If you want them to integrate in newer version, pm 'em to me.
I'm gonna make some auto update for the device file somewhere in the future
To add your devices profile you'll have to identify your device partitions and map them against the files inside the update.app.
Thread about identifying partitions: http://forum.xda-developers.com/showthread.php?t=1959445
Roadmap
- You tell me ...
Credits
ZeBadger ([email protected]) for figuring out the file headers
S34Qu4K3 for the P6 partition layout
ngamyarthar for adding ALOT of devices!
Changelog
v0.9.1.0
- Create update zip works now, this requires to have a PERFECT device entry in the devices file. The sequence is used to identify the file AND partition. Only files that have these two will be included in the zip. USE WITH CAUTION, MAKE SURE THE PARTITION IS CORRECT OR YOU'LL END UP FLASHING THE WRONG IMAGES TO THE WRONG PARTITION !! I'M NOT RESPONSABLE FOR BRICKING YOUR DEVICE! IF YOU DON'T KNOW WHAT YOU'RE DOING, THEN DON'T USE IT!
v0.9.1.1
- Added Type to the filelist (shows INPUT for g510 roms, but shows some useful info on P6 roms)
v0.9.2.0
- Files now can also be identified by the type attribute in devices.xml
- Added P6 device
v0.9.3.0
- Crc check during extract
- Crc check during creating flashable zip
- Added row to see file is flashable
v0.9.5.0
- Added repack
- Added icons and tooltip
- Added settings
- Experimental, no signing on repack, crc file gets generated
- Alot of stuff i forgot
v0.9.6.0
- Added command line options
v0.9.7.0
- Added G300 profile (thx ZeBadger)
- Added detailed info about the file (libmagic) in the tooltip on the extract list. This way it is easier to identify files inside the update.
(see screenshot). It will detect ext/fat/... partitions.
v0.9.7.1
- Alot of devices added in profiles (Credits to ngamyarthar, thanks alot dude!)
- Added android boot/recovery image recognition in magic.mgc
v0.9.7.2
- Made setup
-v0.9.7.4
- App will now remember last used profile.
- Fixed bug in repack code (remainder writing)
- Added signing options (During repack, once set, it will use the selected keyfile (PEM format) and algorithm to create the signature file. If there is no file selected or the file doesn't exist, it will use the existing signature file.)
Example of keyfile content:
Code:
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDU9GF9tdk59edEXWX4MEJNjMqGce/CqqGZSDBwnAzHITZYBm+y
ZEVkaOGGdPY7rmmWO6w3P/+nPVHO0kxA1/J+FY+sbUF7uz0kzVDxuW6t5KDc9Qr4
NRAE1ZzX0eB0aYpLImlqI7yigih6ds+Yp83mTbF+BiaFTLLtMVdWS7wQiwIDAQAB
AoGBAMok2E4+Sl9sfwU0K1E2bhmzJaQNj2wYEKGyFtkuKCr16eIQ6gJKkFxJ+ppp
eDsaynujVUx04bbczEUo9t0un603s5HAGq6USO5flERco0TlNw7xnTornPPrNxfU
sXOtIGzb0FlRuC129JqZJ9QsfvOyt3KIWwmJqc0R/k0xB8uRAkEA9+v1ohNXB8CL
plhQOtq0ueWrf9CCCeiqhf6ijg7UEegMLGKZ2gFMvMNwuojz/pbQmHdWTU9eC0k1
3yiAwHtcLQJBANvkvjXdzCYHO6nWOH1vf8DRLwCnwEteyxJ2qnrqKLS3fxCjWN4h
4vSNqgC9uoLEb/6T/72XTdG9gS8GsuoAupcCQBZ4eIb8IcM+HGozTvJGqGLBAk5P
Y7nqMKp8bddaWLZWxeOv/CnaPE5PmIQPra3BlZ58EoJnUyrKs+tKDIFlrPECQQC9
Ie0cxc4e81+0/+WMtkdq4EGOTbsO2NTP57NQj3E9pwqqk+UPApSEBgkwJAB1E2LE
1CVGvAoaGeYwPZHLxZ63AkEAugR+cC+5/BtTeMeXEcijnU0qkgkwLCMgTB1DIoMm
X0/wRGPPmZpGmMStHd+87ZxQSOiq5nAyZ4riFXLziUNOlA==
-----END RSA PRIVATE KEY-----
-v0.9.7.5
- Default sorting on filename
- Small changes in structure of profiles.xml
-v0.9.7.6
- Added progress for signing and checksum generation
- Extract/CreateZip order by offset
- Repack order by Signature, Checksum, Files
-v0.9.7.7
- Doubleclick on item in extract files listview copies tooltip text to clipboard
- Added detailed android boot/recovery image detection to magic.mgc
- Added SecVRL header (the 2048 byte header in front of fastboot/boot/recovery image) detection
-v0.9.7.8
- Added timestamp options in settings
- Added tooltips in settings
- Some ui changes (which hopefully fix the missing "..." button issue)
-v0.9.7.9
- Some small ui fixes
- When saved location of the app is on a monitor that isn't attached anymore, app location is restored to center of primary screen.
-v0.9.8.0
- Some small ui changes
- Sort profiles by name
- Remember last used directory
- Added profile for Huawei G526 (Credits Roman Dmitriev)
-v0.9.9.0
- Added compatibility for wine/mono
- Fixed bug in settings (Verify header checksum)
- Made the app localizable (Download the Resources_EN example, if you make a translation, make sure that your assembly start with "Resources_" and ends with the TwoLetterISOLanguageName (eg. EN for english) of your culture and put the assembly in the same directory as the application)
- Added profile for Huawei Ascend Mate 7 (Thanks to sketchykingy)
-v0.9.9.1
- Added missing translatable resources (updated Resources_EN)
- Added profile for Huawei MediaPad X1 7.0 (7D-503L) (Credits ElectroMyStyle)
-v0.9.9.2
- Fixed int overflow (extracting big files)
-v0.9.9.3
- Added drag/drop for files and folders.
-v0.9.9.5 - 12/12/2016
- Upgraded to .Net Framework 4.6.1
- Fixed libmagic calling convention
- Huawei Mediapad M2 8.0 (M2-802L) profile by @beast.in.black
- Huawei Ascend P8 (GRA-L09) profile by @nexolight
- Huawei Mate S profile by @philipp900
- Huawei P8 lite profile by @linus2014
- Huawei Honor 5x (Kiwi-L2X) profile by @deadman96385
26122015
Created an opensource c# library to work with update.app files:
https://github.com/worstenbrood/HuaweiUpdateLibrary
Enjoy
Download
- v0.9.9.3: Setup - Zip
- v0.9.9.5: Zip
Mirror
Donate if you like my work.

Is it possible to repack update.app?
If so, could you implemet such feature?

xan said:
Is it possible to repack update.app?
If so, could you implemet such feature?
Click to expand...
Click to collapse
Since i almost finished update zip creation (new version tomorrow), i have put it on the roadmap (already thought about it anyway )

The problem is sign the app, not repack it
Sent from my HUAWEI P6-U06 using xda app-developers app

S34Qu4K3 said:
The problem is sign the app, not repack it
Sent from my HUAWEI P6-U06 using xda app-developers app
Click to expand...
Click to collapse
I dont think its signed, but it has a per file per block checksum which should be correct...

worstenbrood said:
I dont think its signed, but it has a per file per block checksum which should be correct...
Click to expand...
Click to collapse
So, repack is useless, i tried it, you need to resign the app to make the new checksums match or it will give you an error when you flash it via default recovery.
Don't missunderstand me, is a great tool, and simplifies the unpack/repack for more unexperienced users, but without the sign, you can't flash it, that's what i say that is a bit useless (like the other scripts to unpack and repack)

S34Qu4K3 said:
So, repack is useless, i tried it, you need to resign the app to make the new checksums match or it will give you an error when you flash it via default recovery.
Don't missunderstand me, is a great tool, and simplifies the unpack/repack for more unexperienced users, but without the sign, you can't flash it, that's what i say that is a bit useless (like the other scripts to unpack and repack)
Click to expand...
Click to collapse
I'll investigate some more when i have the time. Also the signing part is why i actually made a function to create a flashable zip from it, this way you CAN flash it with a custom recovery (ok you need an unlocked bootloader, but why would'nt you do that anyway )

worstenbrood said:
I'll investigate some more when i have the time. Also the signing part is why i actually made a function to create a flashable zip from it, this way you CAN flash it with a custom recovery (ok you need an unlocked bootloader, but why would'nt you do that anyway )
Click to expand...
Click to collapse
That's great

Huawei Update Extractor
v0.9.2.0
- Files now can also be identified by the type attribute in devices.xml
- Added P6 device
Click to expand...
Click to collapse
Please add Ascend P2
Thanks

Carlos Varella said:
Please add Ascend P2
Thanks
Click to expand...
Click to collapse
S34Qu4K3 made a nice post on how to identify the partitions on your phone, after identifying them you have to map them to the files inside the update.app. Since i don't have access to an P2 i'm counting on you guys to complete the devices.xml file.
http://forum.xda-developers.com/showthread.php?t=2398404

Excellent work Worstenbrood! :good:
The tool is very good. I've tried with several Update.app and all OK.
It would be very interesting to get to repack the file Update.app because still do not have a custom recovery bootable. With the current cwm recovery can not extract files. Img a partition.
May you work on the file repack Update.app
The author Genokolar the custom recovery of Honor 2 miui port and a large majority of Huawei moblies have to pack and repack the file Update.app (over 4 months ago):
https://github.com/genokolar/unpacker_huawei/blob/master/unpack.php
That really says there that forked from tewilove / unpacker_huawei
Best Regards

Next version will have a repack function included, i'm adjusting the UI but most of the repacking code is already written.

worstenbrood said:
Next version will have a repack function included, i'm adjusting the UI but most of the repacking code is already written.
Click to expand...
Click to collapse
Excellent news!

Update to v0.9.5.0, added repack function, it only repacks the file + recalculates all checksums and the checksum file. No signing is done yet ! Since i have no access to a huawei device atm it would be nice to see some results (i'm wondering if the order of the files inside the update.app is important)

Thank you for the update. BTW, the Huawei Ascend Mate has the same partition information as the P6 so should be easy to add to the tool. I've been using it to unpack Mate updates with success.

flibblesan said:
Thank you for the update. BTW, the Huawei Ascend Mate has the same partition information as the P6 so should be easy to add to the tool. I've been using it to unpack Mate updates with success.
Click to expand...
Click to collapse
Then it is just a matter of cloning the P6 profile inside the profiles.xml and changing the Name attribute or changing the name so that it suits both...
Any updates may be sent to me

worstenbrood said:
Then it is just a matter of cloning the P6 profile inside the profiles.xml and changing the Name attribute or changing the name so that it suits both...
Any updates may be sent to me
Click to expand...
Click to collapse
Confirm, it work too with D1QXL
Amazing, I found anywhere and none of them work. Great Tool
My I ask one feature? pack/unpack *.img
In my device, Ascend D1 Quad XL, every image has additional 2048 header before ANDROID magic word.
To extract boot.img/recovery.img, dsixda's Android Kitchen remove the 2048 header, save as new boot.img then extract it. Repack it.
But then, the repack image have no 2048 header. So I can't flash it manually to device.
Would yo learn/track this 2048 header
Thank's

twins.7 said:
Confirm, it work too with D1QXL
Amazing, I found anywhere and none of them work. Great Tool
My I ask one feature? pack/unpack *.img
In my device, Ascend D1 Quad XL, every image has additional 2048 header before ANDROID magic word.
To extract boot.img/recovery.img, dsixda's Android Kitchen remove the 2048 header, save as new boot.img then extract it. Repack it.
But then, the repack image have no 2048 header. So I can't flash it manually to device.
Would yo learn/track this 2048 header
Thank's
Click to expand...
Click to collapse
Thanks.
I want to keep the app as generic as possible, you can easily write a bat file that does that

worstenbrood said:
Thanks.
I want to keep the app as generic as possible, you can easily write a bat file that does that
Click to expand...
Click to collapse
No, I mean this 2048 header are unique. That's why I need your help to determine contain of header.
without that header I can't flash img to device. Each change in img, the header must change too.

twins.7 said:
Confirm, it work too with D1QXL
Amazing, I found anywhere and none of them work. Great Tool
My I ask one feature? pack/unpack *.img
In my device, Ascend D1 Quad XL, every image has additional 2048 header before ANDROID magic word.
To extract boot.img/recovery.img, dsixda's Android Kitchen remove the 2048 header, save as new boot.img then extract it. Repack it.
But then, the repack image have no 2048 header. So I can't flash it manually to device.
Would yo learn/track this 2048 header
Thank's
Click to expand...
Click to collapse
twins.7 said:
No, I mean this 2048 header are unique. That's why I need your help to determine contain of header.
without that header I can't flash img to device. Each change in img, the header must change too.
Click to expand...
Click to collapse
Share an image with me (with the header included) and i'll take a look when i have some time.