FAQ on creating your own firmware



Rep: (348)
FAQ on creating your own firmware
Windows Mobile builds пїЅ | Drivers and utilities for editing firmware | Creating and editing firmware - questions, problems and their solutions пїЅ | FAQ | Kitchen Bags пїЅ | Registry tweaks | Communicating romodelssavagemessiahzine.com

This FAQ contains information for beginners who want to make their own firmware.

Attention:sections of this FAQ are related, in order to understand the whole process, it is recommended that you read all the material

If you wish to add information to the FAQ, please write tothistopic
----
All information and materials presented in this FAQ are unofficial. The authors and the site administration are not responsible for them! All actions are done only at your own risk!

Post has been editedSmartecs - 10.12.10, 19:20



Rep: (348)


Post has been editedLenseflare - 03.10.10, 15:20



Rep: (348)
Part One: Parsing the Firmware

So, we have a firmware file, a utility is usually necessary for its initial disassembly, we consider the most common ones.

Post has been editedLenseflare - 03.10.10, 12:08



Rep: (348)
.Bin format

Considered utilities: OSNbTool, NBwork.
Most often, one OSNbtool is enough to parse the firmware to imgfs and xip.
Rename the firmware to flash.bin, put it in the folder with OSnbtool and execute a series of commands (recorded in the bat-file):
osnbtool -sp flash.bin
osnbtool -sp flash.bin.BIN.NB0
osnbtool -d flash.bin.BIN.NB0.OS.NB 1 xip.bin
osnbtool -d flash.bin.BIN.NB0.OS.NB 2 imgfs.bin

The first two teams we get Nb0 and the header, here it is important to remember the address of the header. The second two teams will get Imgfs.bin (build) and xip.bin (kernel).
If xip came out more than 4 MB (or very small imgfs), then you need to parse the program nbwork.
Code for parsing (again, use the bat file)
nbwork -d flash.bin.BIN.NB0.OS.NB

execution of this command is guaranteed to break the OS into components.

Post has been editedalex - 13.09.10, 20:42



Rep: (348)
.Nbh format

Considered utilitiesHTC ROM image editor(hereinafter RIE), OSNbTool, NBwork.
File-open-open firmware (usually RUU_signed.nbh), RIE itself must determine your device (the list of supported devices in the subject line by the link above). In the program, go to the root partition with the PDA icon (for example, for the HTC Herald it will be HERA 10000), the list of partitions with the .nb format should open, we will be interested in OS.nb.
Most often, one OSNbtool is enough to parse the OS before imgfs and xip.
Put OS.nb in the folder with OSnbtool and execute a series of commands (recorded in the bat-file):
osnbtool -d OS.NB 1 xip.bin
osnbtool -d OS.NB 2 imgfs.bin

These commands will get Imgfs.bin (build) and xip.bin (kernel).
If xip came out more than 4 MB (or a very small imgfs), then you need to parse the program nbwork.
Code for parsing (again, use the bat file)
nbwork -d OS.NB

Running this command is guaranteed to break the OS into components.

Post has been editedalex - 13.09.10, 20:41



Rep: (348)
.Nb0 format

Considered utilities:
OSNbTool, NBwork
Most often, one OSNbtool is enough to parse the firmware to imgfs and xip.
Rename the firmware to a convenient short name, put it in the folder with OSnbtool and execute a series of commands (recorded in the bat-file):
osnbtool -sp [firmware name]
osnbtool -d [firmware name] OS.NB 1 xip.bin
osnbtool -d [firmware name] OS.NB 2 imgfs.bin

The first command we get is Nb and the header. The other two are Imgfs.bin (build) and xip.bin (kernel).
If xip came out more than 4 MB (or very small imgfs), then you need to parse the program nbwork.
Code for parsing (again, use the bat file)
nbwork -d [firmware name] .OS.NB

Running this command is guaranteed to break the OS into components.

Post has been editedalex - 13.09.10, 20:40



Rep: (348)
.Bin format (.dat) - ETEN / Acer devices

Considered utility: KVA kitchen / DX900tools (KVA by Ravik)
Warning: the utility requires the Visual J # redistributable, Java Runtime Environment.
KVA is suitable for ETEN devices and some Acer, DX900tools is suitable for most Acer devices.
Using it is easy to disassemble, you just need to rename the firmware file to temp.dat, copy it to the root of the kitchen and run extract.bat, the kitchen will automatically decompose the firmware into its components.
The ROM folder that will be created as a result of the kitchen operation includes the os.dat header.bin files.boot.dat ipl.dat knight.dat usbdl.datAnd the OS folder, red highlights the components of the bootloader that need to be removed when cooking custom firmware.
In the OS / Fat folder you will find the necessary firmware components in the future, namely the build (imgfs.bin) and the kernel (xip.bin) of the system. In the OS / EXTROM folder there are cab files that are put into the system at boot.
ATTENTION:xip.bin obtained during disassembly may be damaged. In this case, you need to re-create all the DSM in it, after having previously "opened" it with the srpx2xip utility. After this procedure, xip will get a launching look. See the Editing Firmware section for more information about DSM and how to create it.

Post has been editedLenseflare - 11.01.11, 15:33



Rep: (348)
Non-standard formats (DIP, KDZ, TMP and others)

Considered utilities: OSNbTool, NBwork, special utilities
Rename the firmware to flash.bin, put it in the folder with OSnbtool and execute a series of commands (recorded in the bat-file):
osnbtool -sp flash.bin
osnbtool -sp flash.bin.BIN.NB0
osnbtool -d flash.bin.BIN.NB0.OS.NB 1 xip.bin
osnbtool -d flash.bin.BIN.NB0.OS.NB 2 imgfs.bin

The first two teams we get Nb0 and the header, here it is important to remember the address of the header. The second two teams will get Imgfs.bin (build) and xip.bin (kernel).
If xip came out more than 4 MB (or a very small imgfs), then you need to parse the program nbwork.
Code for parsing (again, use the bat file)
nbwork -d flash.bin.BIN.NB0.OS.NB

Running this command is guaranteed to break the OS into components.
If this method does not help, then surely there will be a necessary utility in the thread on flashing the device.

Post has been editedCatg - 13.09.10, 20:26



Rep: (348)
Build disassembly

So we disassembled the firmware into components, the case for small - to disassemble the build.
Considered utilities: IMgfstodump by Mamaich or similar (you can often see in the bundled imgfs tools), Bepe's PKG tool (most often found in the bundle Package tools), OSBuilder.
The first thing to do is put the imgfs.bin file obtained in the previous step next to the imgfstodump utility.
Unpacking code (most often a bat with such a code is already attached next to the utility, in which case you just need to run it)
imgfstodump.exe imgfs.bin

After disassembling, we will see the Dump folder, this is our build, but in order to be able to fully edit it, we need to send it to the PKG Tool for processing, launch it, select load, in the opened menu select the place where our dump lies (the folder itself needs to be opened ), after the above procedure, the OEM and SYS folders with the OS packages inside should appear in the dump folder.
The way to disassemble a dump into OSBuilder packages is:
-Run OSBuilder
- switch to Dump Tool mode (upper right corner ->OS Builder Mode)
-file-open folder, specify the path to the dump folder (you need to open the folder itself)
-we'll see the basic information about the build: resolution, language, version of the build, Framework and packages, as well as certificates.
-click "decompose dump into packages" (the fourth button on the left with squares)
-in the dump folder we will see the OS dump, which is decomposed into OEM and SYS.

Post has been editedPixel # 1 - 06.12.11, 12:18



Rep: (348)
Part Two: OS Editing

Attention: This section is required to read completely regardless of the selected editing method.
So, here we come to the most creative stage of creating the firmware. By following certain rules, you can create a bright, individual OS with colorful icons or your own set of programs, or even super light!

Post has been editedalex - 13.09.10, 20:16



Rep: (348)
Fundamental rules

1. Remember the creator.
Creators have the official firmware, which we take as a basis, two: Microsoft and the OEM-manufacturer (Acer, HTC, Samsung, etc.), so the OS two components: SYS (from MS) and OEM (from the manufacturer). Whatever you do, always remember that a particular program has been incorporated in the device is not in vain (from the point of view of the manufacturer), sometimes removing such may affect the operation of the device (the bugs hovering failure of wireless interfaces, etc.), up to failure of OS boot, so you should know exactly its purpose.
2. Remember basic definitions.
Package- folder consisting of a set of files related to one destination. The package unit is conditional, the purpose of which is to make a kind of constructor from the firmware to simplify editing. OEM packages are distinguished - from the manufacturer, containing drivers and programs; sometimes this term refers to packages embedded in the firmware, and SYS packages packages with Windows Mobile files.
Package structure:
Important
-.DSM (hereinafter referred to as: dsm) a file-file that defines the location of the package in the OS space (for details see p. 3), and also stores all the information on the package (including file names);
-.RGU (hereinafter: rgu) file [analog-.reg file of desktop and mobile OS] is the package registry file, it contains important registry edits made by the package.
secondary
- main package files (yes, yes, a package can consist only of dcm or dcm + rgu);
-Initflashfiles.txt- contains changes made to the file system structure.
-option.xml-description of the package in the xml-form (can be removed).
DPI (Dot Per Inch) and ResH, ResV- set the screen resolution, which will be used in windows mobile, here it is important to know your screen resolution precisely, because if something is confused, the system may not start (this applies only to those packages in SYS and some OEMs, an error in allowing the OEM package will create difficulties in the work of the program [the application may not go to full screen or not interfere with the screen or not run at all]);
Basic DPI and their corresponding resolutions:
96: ResH 320 ResV 240 (QVGA), ResH 240 ResV 400 (Wgvga) and variations (square screens);
128: ResH 320 ResV 480 (HVGA);
192: ResH 640 ResV 480 (VGA), ResH 480 ResV 800 (WvGa).
Lang (langpack) [eng. Language-language]- language pack that comes with applications, most of the Langs are SYS Langs, which are responsible for the OS language, but there are also OEM Langs that are responsible either for the language of some windows elements (for example, the OEM_lang package) or for the language of the manufacturer’s software packages . Denoted by [package name] _Lang_ [language code].
Common Languages:
0409-WWE (WorldWide english), simply speaking English.
0419-Russian.
Module-papka in which are located the file components. For example shellres.96.dll folder will denote file shellres.96.dll. It made it to Windows, because it's easier to handle the file. The usual composition Imageinfo.bin module files, imageinfo.txt, S000, etc. can optionally be S001, etc., is what distinguishes it from the package, the package may not be such a file, well, the name itself should say that this module. If you need to edit the module (replace curve translation in the case of MUI, rewrite some function in it, etc.), you must use the program RecMod, which converts the unit to a regular desktop file windows, which can already be edited. To transfer the file back to the module, there Reversmode utility; it can be applied to any file, even those that have never been the module; It is believed that in this way you can save memory.
3. Do not be afraid to experiment.
After all, the creation of firmware is a creative lesson. Removed something, once-got a boost to the RAM (well, to the constant, respectively), if everything works without it, we remember, we gain experience. We try something else, it did not work out-we returned as it was.

Post has been editedLenseflare - 07.06.11, 11:07
Reason for editing: epic file



Rep: (348)
List of SYS packages with a description (will help when cleaning the firmware from unnecessary)

ADC - automatic network setup
Adobe Flash - Adobe Flash
Adobe FlashCodecs - Adobe Flash codecs for video playback
AlarmSounds - notification sounds
AUTOUPDATE - automatic update (not used anywhere else, you can safely delete happy.gif)
Base - a very necessary package - the main files. In particular, there are icons smile_good.gif
BaseApps - a very necessary package - the main programs. In particular, there is a calculator, explorer, mail, notes, etc.
BaseAppsFiles, BaseAppsModules - includes camera support for the system (but this does not eliminate the need to connect device camera drivers)
Bluetooth - Bluetooth support
bronze - components for CHome (there may be many unnecessary icons from Live Messenger inside)
BronzeEA - components for CHome (for East Asian languages)
BronzeNonEA - components for CHome (for other languages)
BROWSING - IE 5 Components
BROWSINGCORE - IE 6on6 Scripting Components
browsingie - interface IE 6on6 and RenderCore (in fact, the core of IE)
BTDUN - support dial-up dialing via Bluetooth
Bth_A2DP - Bluetooth A2DP support
Bth_HID - support for Bluetooth HID profiles (Human Interface Device)
Bth_Watch - Sony Erricssion Wrist Watch Support
CHome - Titanium (new interface WM 6.5)
CommonEA - settings for East Asian languages
CommonNonEA - settings for other languages
COMPLEXSCRIPT_FONTS - fonts for Arabian builds (interchangeable with SYSTEM_DEFAULT_FONTS)
ConfettiCore - hardware accelerated RenderCore engine for 6.5 Chrome
DRM - support for Digital Rights Management (DRM). Need to play MP4 and 3GP.
Enterprise - support for IPSec, l2TP and Winscard (hmm. Probably better left)
Entertainment - games
FWUPDATE - ImageUpdate support. This is such a thing that makes it easy to update the firmware. Figovina is probably good, but no one uses it.
gb18030 - support for East Asian fonts (removed for other languages)
GPSID — A GPS driver that allows multiple programs to share a single port.
INTERNETSHARING - what is called the "general Internet". Allows you to make a device from the router to access the Internet via USB or Bluetooth.
IPSECVPN - IPSec VPN Support
IRDA - support IR port (infrared)
LangDB - wince.nls for the desired language (0404, 0411, 0412, 0804, WWE)
Livesearch - search through Windows Live Search / Bing Search
Lockscreen - WM 6.5 lock screen
LockscreenEA - lock screen for East Asian assemblies
LockscreenNonEA - lock screen for all other assemblies
MediaOS - Windows Media Player. Maybe you need to play MP3 files
MediaOSFiles, MediaOSModules - DMO decoder (needed for MP3 playback)
Metadata - a very necessary package - contains information about the registry
MODEMLINK - the old implementation of the "shared Internet" (via DUN)
MSIMAR - SIP support for Arabian builds (not used in non-Arabic)
MSTag - Microsoft Tag Reader (program for reading picture codes of the original format; floppy it! Happy.gif)
MSXIPKernel - Required Package - System Core Components
MSXIPKernelLTK - an empty package for ImageUpdate (can be removed if you are not going to use ImageUpdate)
NetCF - Microsoft .NET Compact Framework
NonPhone - components for non-communicators (i.e., for devices without the possibility of making calls; they are not used in versions for communicators)
OEMXIPKerne — Mandatory Package — OEM Native Kernel Components (Kernel Adapted for a Specific Device)
Office - Microsoft Office Mobile
OneNote - Microsoft OneNote Mobile
OS - a very necessary package - system components
OSFiles, OSModules - the required package is MS WMV DMO. This seems to be a DMO decoder for Windows Media Video
Perf - performance monitor (needed for debugging)
Perfbox - performance monitor (needed for debugging)
Phone - an extremely necessary package - support for telephony features (not used in non-communicator builds)
PhoneRedist - badly needed package - support for telephony features (not used in non-communicator builds)
ppgprov - support for access via OMA protocols (not used in builds for non-communicators). It seems necessary for sending SMS.
Redist - a very necessary package - contains Bluetooth drivers, WAP and other system files. Here is welcome.exe
RemoteDesktopMobile - Remote Desktop
Riched20 - Rich HTML Editor Support for Non-Arab Builds
Riched20_CS - Rich HTML Editor support for Arab builds
RIL710MUX - CellCore component (cellular telephony), but why I need it specifically - I don’t know (someone leaves it, someone throws it out)
RingsAndalerts - sounds of calls and notifications
RMGR - roaming manager (???, they say that is optional ...)
RUNTIMES - the right package - C Runtimes components
SipAR - SIP support for Arabian builds (not used in non-Arabic)
SampleMusic - music examples
Shell - a badly needed package - contains a bunch of system components. Here there are some system sounds (for example, alarm clock sounds).
SIM_TKit - SIM card manager (not used in CDMA builds)
Skybox - Microsoft MyPhone (for synchronization with Microsoft services)
Skymarket - WM MarketPlace (does not work happy.gif)
SMIME - a very necessary package - support for cryptographic functions
SMS_Providers - the right package - SMS support
SQLCE - SQL Server
SQM - Systems Quality Metrics (user report on the use of their devices)
SqlCeMobile - a more complete SQL server (you can replace it with SQLCE, but usually it is not required)
SYSTEM_DEFAULT_FONTS - the right package - fonts for non-Arab builds (interchangeably with COMPLEXSCRIPT_FONTS)
Themes - additional topics
Transcriber - recognizing upper case letters (not available for all languages)
UNISCRIBE - something incomprehensible, like the recognition of capital letters for other languages
VoiceCommand - voice control
VoIP - VoIP
VoIPOS - VoIP (second part)
Webview - IE 6on6 RenderCore component for use by the IE system (for non-Arab builds)
Webview_CS - IE 6on6 RenderCore component for use by IE system (for Arab builds)
WelcomeCenter - Welcome Center. It seems to be needed for reference.
WindowsLive - Windows Live Mobile
WindowsLiveIM - Windows Live Messenger
WMLiveSearchWidget - MS Live Search widget
WMMoneyWidget - MS Money Widget
WMWeatherWidget - MS Weather widget
WMWidgets - support for MS Widgets widgets (requires IE 6on6)
WWAN - WWAN support (not used in non-communicator builds)

Post has been editedalex - 13.09.10, 20:07



Rep: (348)
Important OEM packages (which cannot be deleted)

OEM_lang-contains part of the device language files, including the most important initflashfiles.dat (see below)
OEM_dpi- service information on the screen
OEMMisc(there is not everywhere) service information
OEMapps(not everywhere) - OEM applications and some drivers
OEMdrivers- basic system drivers and some applications (if there are no OEMapps, all OEM applications are located here)
Note:extra files and modules can be removed from packages, some can be installed experimentally, some are already known.

Post has been editedalex - 13.09.10, 20:55



Rep: (348)
Creating your own OEM package

From scratch:
Utilities to consider: notepad (or similar text editors), OSBuilder (or more narrowly targeted utility DSMbuilder), Initffbuilder.
We already know about dsm and rgu files, it's time to put our knowledge into practice.
Create a folder, and call it somehow (it is customary to denote file packages PACKAGE_ [name], and registry edits REG_ [name])
We create 2 empty text files [it is assumed that the hiding of permissions of registered types is disabled], their name should be the same, except for the extension: one will have .dsm, the other .rgu; The name should be selected based on the following facts:
1) the name is a 32-bit HEX code
2) a general view of the name XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXX, where the X-hexadecimal number (0-f);
3) the larger the code (and this code is nothing but a number), the higher the processing order;
3) ffffffff-ffff-ffff-ffff-ffffffffff99 is considered to be the last processed by the build program.
The file .rgu can make registry changes obtained by exporting registry keys to the PDA or on the basis of known tweaks. IMPORTANT: Because RSU edited notebook, do not forget that the text encoding while maintaining must be Unicode. The more the order of processing discussed above, the greater the chances that are Register editing will apply (the fact that the assembly tools collect the registry in ascending order of RSU code and if found similar are Register correction occurs unconditional to be replaced).
Then put the files in the package, if necessary.
If changes are made to the file system structure (creating shortcuts, folders, etc.), a file initflashfiles.txt is created. File system coding
Directory ("[name1]"): - Directory ("[name2]") -creation of the folder name2 in the folder (or path) name1
Directory ("[file copy path]"): - File ("[file name]", "[real path to file + real file name]") - copy the file from windows to a folder with the ability to change the file name

Example:
Directory ("\ Program Files"): - Directory ("MMS")
Directory ("\ Program Files \ MMS"): - Directory ("Smileys")
Directory ("\ Program Files \ MMS \ Smileys"): - File ("jMMS_01.bmp", "\ Windows \ jMMS_01.bmp")

There are many similar examples in the main Initflashfiles.dat file (it is edited according to the same principles, only with the help of Initffbuilder). Important point: as in the case of rgu, the text encoding must be Unicode. Mechanism of processing initflashfiles system:
  • interpreted code
  • check whether the file can be copied (create a directory)
  • if an error occurs (invalid file name, non-existing path, etc.), the line is ignored.
  • from the Windows folder (where all the contents of the OEM and SYS end up), the file is copied to the location specified in the code in the file system.

Now that all the files are in place, we move our package to an OEM or EXT (depending on the kitchen, but more often to an OEM) we need any dsm-creator (DSMbuilder, OSBuilder), with it we need to open our empty dsm and fill it with content . Consider the example of OSBuilder:
-must display non-aggregated packets
-select an OEM or EXT, find a package by name, right-click-DSM package
-OSBuilder will offer to create a dsm-create and save.
- in the future, the build program (at least OSbuilder exactly) will re-form itself in accordance with the file list and other important points.

If there is a Cab file with the program:
Considered utility: package creator by ervius and similar
Everything is simple here: open the utility, specify the Cab-File (open cab) with it and get the package next to it, but it is better to remove the tick about remodule.
Of course, not without nuances:
-initflashfiles is created in any case with the end package tag (even if there are no instructions for editing the file system)
-It is necessary to check the package for all the necessary files, it also happened that the files were lost during the conversion
- it is necessary to rewrite dsm, because the build programs will consider it to be incompatible
-As cab frequently when you install a program writes to some location other than the windows, with the incorporation of the program you will get a copy in the windows folder (In connection with the above described features initflashfiles algorithm), so the test program on the correct start of the windows folder, if the launch takes place correctly or does not start, think, "and if you really need this program so that you are willing to devote to her double the amount of internal memory?".

If there is a ready-made package, simply transfer it to the OEM or EXT kitchen.

Post has been editedLenseflare - 11.01.11, 15:35



Rep: (348)
Practical use of packages

Change icons in the start menu:
Package with icons is better to create from scratch. Let's say we have extorted pack of icons. You're lucky if modified icons have the same names as the originals in the windows, otherwise the icon names can be taken from Base_dpi_ folder [your dpi], in the same place and they need to verify. As soon as all the icons substitutes are given in order to create a package with them on the above-mentioned rules and sew it to the firmware. If you need to replace the third-party application icon (or OEM application), or use the icon available in a wm not intended for her application package used with the type of register revisions
[HKEY_LOCAL_MACHINE \ Security \ Shell \ StartInfo \ Start \ [exact label name from initflashfiles]]
"Icon" = "\\ Windows \\ [the exact name of the icon]"

Replacement iconsfolders in the same start menu:
[HKEY_LOCAL_MACHINE \ Security \ Shell \ StartInfo \ Start \ [exact folder name from initflashfiles]]
"Icon" = "\\ Windows \\ [the exact name of the icon]"


Embed registry tweaks / edit the registry:
We know that the rgu file in the package is responsible for the registry. To make a registry edit, simply add the necessary tweaks to the rgu and give the file the name corresponding to the build order. The list of registry tweaks can be found in the corresponding topic from the header.

Post has been editedLenseflare - 13.07.11, 14:58



Rep: (348)
Modules and what can be done with them
Transparent bars in WM 6.1 / 6.5 / 6.5.X:
Considered utility: HEX-editor (WinHex, TinyHexer and the like)
We take any HEX editor, open the file S001 from the shell32.exe module (from the Shell package to SYS).
We use a search on hex data (usually the search function is represented by the Find HEX command) signaturesFF 000000FFFFFFFF
Bold is nothing but a degree of transparency.
It is located at 0x9A0, changing the FF to 80, we get a translucent bar. Changing it to 00, we get a completely transparent bar.
To adjust the transparency of the lower bar, edit the file S001 from the aygshell.dll module (from the Shell package to SYS). We perform actions similar to the previous one, only now the line with the value will be located at the address 0x750.
Translation / replacement of system resources:
Considered utility: Restorator
Attention!There were several cases when, after installing Restorator, other programs stopped running. In this case, add to the registry BB:
REGEDIT4

[HKEY_CLASSES_ROOT \ .exe]
@ = "exefile"
"Content Type" = "application / x-msdownload"

[HKEY_CLASSES_ROOT \ .exe \ PersistentHandler]
@ = "{098f2470-bae0-11cd-b579-08002b30bfeb}"

Typically, system resources are represented as modules; these are files .mui (language resources), .dll (graphics) and .dll.mui (specific to this language of graphics), translated into a modular form.
To get the file, we produce the reversemod module.
Now with the helpUnSigner.exeremove the certificate of conformity, just in case.
You can open the file by restaurateur. File->open. in the window we see the structure of resources that can be edited.
To replace anygraphic objectYou must do the following:
- find the necessary icon in the file (as mentioned above, it can be dll and dll.mui files)
-remove the object, if you need to remove the sizes, indicators and other things (restaurateur-pr.kn.mysh on object-extract as)
- after editing the desired / finding of the finished modified object in the restaurateur, you just need to assign a new graphic object instead of the previous one (restaurator-pr.n.mysh on the object-assign).
To replace anytext in the systemYou must do the following:
- open the required file by the restaurateur (usually .mui)
- we find the necessary line and we edit at own discretion

Remember we deleted the signature at the beginning of the edit? Now it is necessary to return it.
The procedure for signing the file:
- signcode
- SdkCertsrun on the device
- move to the past:
------- put the date of the company in 2009
------- set .net framework version 1.0
- we run on BB signcode. A digital signature wizard will appear.
- Click next and in the window that appears, select the file you want to sign
- type of signature- "special"
- "choose from file"
select "SDKSamplePrivDeveloper"
- "overview"
select "SDKSamplePrivDeveloper.pvk"
- All other default settings

Now the edited file must be brought to its original form (ie, converted into a module), for this we will conduct it RecMod.

Examples of editing modules:
Do you want your nickname to stand proudly in the system information?
open the shellres.dll.0419.mui and edit the dialog 14368 in the file, similarly:
14368 DIALOG 0, 15, 196, 145
STYLE DS_SETFONT | DS_CONTROL | WS_CHILD | WS_VISIBLE | WS_CLIPSIBLINGS
FONT 8, "Tahoma"
{
LTEXT, 563, 4, 3, 150, 18
LTEXT OS, 564, 4, 20, 150, 9
LTEXT "В© 2009 Microsoft Corporation.", 565, 6, 28, 150, 9
LTEXT "All Rights Reserved.", 579, 4, 36, 124, 9
LTEXT "The program is protected by copyright laws in the United States and other countries.", 566, 4, 46, 150, 26
RTEXT "Processor:", 568, 1, 73, 63, 9
LTEXT, 569, 66, 72, 120, 10
RTEXT "Memory:", 570, 1, 82, 63, 9
LTEXT "," 571, 66, 81, 120, 9
RTEXT "Jack Expansion .:", 572, 1, 91, 63, 9
LTEXT unused, 573, 66, 91, 120, 9
RTEXT "Build Author:", 574, 1, 102, 63, 9
LTEXT "[your nickname]", 575, 66, 102, 120, 9
}


Post has been editedLenseflare - 16.03.11, 13:31



Rep: (348)
XIP and how to work with it

XIP disassembly
Considered utility: XIPPort
In the previous sections, we have already extracted xip.bin from the firmware.
To edit it, dump it using XipPort:
-We run the utility
-dump xip.bin button
-button make pkgs (an error may occur, in this case make sure that the version of pkgcommon.dll is correct: if it was 5.2, replace it with 5.1, if 5.1, replace it with 5.2)
We got a batch dump of the kernel, consider its structure:
-OEMXIPKernel- the so-called device-dependent part, where the main files and modules necessary for the initial loading of the device
-MSXipKernel- part from microsoft, contains various filters to maintain system operation
-MSXipKernelLTK- the presence of this part means the possibility of upgrading the system
-LangDB- language basis
-wincenls_wwe- a rare package but still meets - code page of Russian and English; when building it is better to transfer it to SYS.
The main files and modules that we need:
-nk.exe- the so-called module of the native kernel
-boot.rgu- a file that will be useful to us when porting xip / firmware assembly

Some specific (not all devices running) XIP enhancements
Change the MainMemoryEndAddress to nk.exe
AllegedlyRAM increases by 16 MB.
You must have official WM6.0 firmware for the device. From the firmware you will need to take 2 files from the OEM drivers:
-ddi.dll
-wce_pmem.dll
and replace them with files in the current firmware.
in the nk.exe module we find the S000 file, open it with a HEX editor, look for the signature
38459FE530559FE5A13EA0E38224A0E3
and replace 82 with 83. You should get something like this:
38459FE530559FE5A13EA0E38324A0E3.

Post has been editedLenseflare - 05.10.10, 04:40



Rep: (348)
Manually porting / rebuilding XIP
Considered utilities: XIPPort, OSBuilder, m'reloc, m'reloc nk.exe
So, in the previous step we disassembled our core.
Porting is a step necessary to replace the system kernel with a newer one (the so-called kernel build change)
or a newer system. We will call the core of the official firmware native, and the core that we want to port, donor.
To manually port, you must perform the following steps:
-Create folder structure: create a folder ROM in the folders NK and DONOR, copy the kernels into the folders (in NK native, in DONOR respectively donor) and xipport + pkgcommon.
-to dump both nuclei, donor and native using XIPPort (see XIP disassembly)
-copy the native core to a new folder (for example, Port)
-Remove MSXipKerneL and MSXipKerneLLTK from the kernel dump in the Port folder
- transfer MSXipKerneL and MSXipKerneLLTK from the donor dump to the core dump from the Port folder
- use M'reloc for semi-automatic placement of modules in the address space (in both xipa [native and ported], run it and compare each address, if there is a mismatch, correct the port number and click do it and so on each module, to compare nk.exe and some others use m'reloc nk.exe).
-copy XipPort to the Port folder, start and click next. combination: undo->Realloc P->Write maps->make xip_new.bin.
The resulting xip_new.bin and there is a kernel that can be embedded into the system.
Note: this algorithm is universal for all devices, however, when porting Wm 6.x to the native wm 5, you need to modify the OEMXiPKernel part with the help of patches nk.exe from BePe, when you open it you just need to select the nk.exe module or the xip.bin kernel itself .
Sometimes an OEM manufacturer of a device produces a so-called lok region, protecting the system from modification. To remove it, there is a special patcher - RegionLockPatcher, it is used like other patches nk.
Rebuilding xip:
The release of additional RAM and maximum performance can be achieved by properly reassembling the firmware core.
reassembly options (can be combined)
-removing extra modules
In systems based on 6.x, it is possible to increase RAM by removing unnecessary modules, such as:
-zbmui.nb0
-bmui.nb0
-hd.dll
-kd.dll
-mencfilt.dll
-OsaXst0.dll
-OsaXst1.dll
-encfilt.dll
-relfsd.dll
these are mainly filters that, during the entire activity of the device, are practically inactive, occupying precious RAM.
-disabling certificates at the kernel level
This action allows you to install applications that were previously marked by the system as not intended for it. Implemented by Certpatcher.
-replacement of modules with more productive
For example, the cecompr.dll module can be replaced with the same one with LZX support, which allows to reduce the size of the firmware, but at the same time slow down the system boot speed.
-adding new modules
EXtendir
filter system, with which you can accelerate it according to some data in 10-12 times. This is achieved through more correct system management.
The module itself is possible in xip and does not integrate (then you have to use it as an OEM package), but you still need to modify the kernel.
Modify boot.rgu from xip (by appending lines)
[HKEY_LOCAL_MACHINE \ System \ StorageManager \ filters \ Extendir]
"Order" = dword: 0
[HKEY_LOCAL_MACHINE \ System \ StorageManager \ FATFS \ filters \ Extendir]
"Dll" = "Extendir.dll"
"Order" = dword: 0

don't forget to compile boot.hv (although some kitchens do it automatically)
-change PagePOol (shortly PP or PP)
PagePool-section of RAM, in which data from ROM is initially loaded.
Accordingly, he takes this memory. To limit it or remove it altogether there are several methods:
Manual Limit / Disable
any HEX-editor will do; you just need to know the signature (section of the HEX-code indicating the PP position), after its location (usually you need to repeat the search),
there should be a section of code on the left similar to this.
00 00 00 00 FF 00 00 00 00

common sizes of software: 20-2mb 40-4mb 80-8mb FF-15 mb
To disable PP you need to fill all bytes with F:
FF FF FF FF FF FF FF FF FF

Recommended sizes depending on the bundle number of frames-screen resolution
64-QVGA 4mb
64-VGA 2mb
128 and above- [no matter what] 0mb
Limit / disable by software
There are a lot of programs written by the skilled craftsmen that automatically change the size of the pagepool, you only need to specify the size of them, no matter on the command line or using the graphical interface.
A striking example is the kitchen and utilities from ERvius (EVK), where using simple graphical interfaces it is easy and simple to change the PP in the firmware.
An equally prominent representative is the OSBuilder program, which is not the simplest in terms of performing simple actions, but the most functional. On its example, consider changing the pagepool:
Attention: the choice of this method binds you to the use of the OSBuilder program, because only it can continue to work with the issued template.
- Button with gear->create template
-select the Nb-file (or nb0), if the firmware has a different format, it is easy to achieve by disassembling with the utilities of the class osnbtool (see part 1)
-in the window that appears, select the size of PP in acc. graph in the lower left corner (or set to zero)
-save the template.

Post has been editedLenseflare - 08.06.11, 05:14



Rep: (348)
Automatic XIP Porting
Considered utilities: XipKitchen, EXTreloc, OSBuilder
There are many utilities with the automatic or semi-automatic method of porting XIP,
all of them are in one way or another tied to an algorithm that was disassembled in the previous subpart.
Xipkitchen
utility that has the experience of porting the kernels of old devices. Its graphical interface is quite simple and contains only buttons.
clicking on them with the knowledge of the algorithm (which is described in the previous part) gives an excellent result.
Build_xip (based on EXTReloc)
More advanced utility that can work with virtually any kernel.
Place the corresponding kernels in the XIP_DONOR and XIP_DEVICE folders and run Build_xip.bat.
It is desirable to have SYS with .VM and .ROM inside, because they are corrected according to XIP.
Osbuilder
Our old friend and not so able: D
In order to port xip with it, you need to create a folder structure OEM SYS and ROM.
SYS should have the correct package metadata, in ROM - xip.bin from the device, the XIP folder with boot.rgu inside (remember, in the previous section it was said that you still need it?) and the DONOR folder with the donor core.
Preparing for porting:
-settings->build xip
- choose "xip.bin file in the Donor folder" or "files and modules in the Donor folder" depending on whether the build provides a bin file or only MSXip files and modules
-prescribing the path to the donor as follows: ". \ ROM \ DONOR"
-Expose the checkboxes "port MSXiPKernel" and "port MSXiPKernelLTK"
-in the case of editing boot.rgu, it is necessary to note "compile boot.hv"
-the slot in slot 0, the reloc section is deleted only in specific cases — it needs to be disabled, but the ramstart sections should not be allowed to move.
in principle, you can proceed to porting (close settings->button with gear>port xip), but the builder has the option of automatically rebuilding xip, with the removal of modules and replacement.
Let me remind you, we have previously considered this modification of the kernel, now it is easy to do this with the help of OSBuilder.

Post has been editedLenseflare - 02.10.10, 15:28



Rep: (348)
User Customize or install software after Hard Reset
Especially for ETEN / Acer
These are probably the only devices in which EXTrom (a special ROM section that stores program installers and some service information) can be edited explicitly with the help of special tools. utilities.
When we disassembled the firmware with the KVA kitchen, the folder EXTrom was created in the ROM folder. You can add different cab files to it according to the following rules:
-The name of each such cab must begin with the prefix PREI_
- the name must be written at least in the files filesinfo.txt
In order for the file to be recognized by the system under the short name, you need to enter the code in the OEM.XML file after

the code is:



For example:



In order to be able to control, pre-install the cab, or give the user a choice during installation, you must enter the code in the OPTIONALAP.XML file after

the code is:



For example:




Post has been editedLenseflare - 01.10.10, 18:54



Rep: (348)
Customization by changing the native EXTRom
If it is possible for your device to convert an extrom partition into files, then such a section is said to be customized. The process of disassembling an extra-partition is individual and comes down to the use of various ROM extractors.
For example, HTC ROM Image editor allows you to extract the EXTROM files and the config.txt into which they are written (remember KVA) and add new ones accordingly.
The simplest extrom case is presented explicitly or semi-explicitly and can be downloaded separately, for example, as with old gigabyte gsmart devices.
Editing EXTrom - adding / deleting files in the section and its subsequent assembly, most often all files are written automatically and executed by the installer in alphabetical order.

Post has been editedLenseflare - 03.10.10, 08:35


Full version    

Help     rules

Time is now: 12/02/20, 21:08