2 pagesV  1 2 > »  
 
REPLY
> Instructions for editing firmware for Samsung phones on WP8
-WOLF-
Message#1
09.12.15, 11:53
Guru
*********
[offline]

Group: Curators
Messages 7350
Check in: 29.12.08
Microsoft Lumia 950

Reputation:-  760  +

�� ���� ������� �������� Windows Phone ��� Samsung? download


The firmware consists of two SMD files:
  • .wp8 is the actual firmware
  • .csc - regional settings file
  • .smd - firmware file for WP7 devices. According to this instruction it is also possibleunpack. (historically the utility was created in the time of WP7)


CSC
It is worth noting that the CSC file itself is not flashed to the device. The flasher extracts the CSC.mbn file from it and copies it to a special folder on the device. Initially, the flash drivers were able to sew the MBN file itself, but since I used it to hack the system, from the new versions the possibility of flashing the "naked" MBN was removed.

Instructions:


Post has been edited-WOLF- - 18.12.15, 15:20
Reason for editing: Updated content


--------------------
Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9
Linux instead of Android
-WOLF-
Message#2
09.12.15, 13:27
Guru
*********
[offline]

Group: Curators
Messages 7350
Check in: 29.12.08
Microsoft Lumia 950

Reputation:-  760  +

Create custom CSC


Required utilities:

In principle, to create and flash a custom CSC, you can use the only utility MBN Creator. This method will be described at the end.


Unpacking CSC / MBN
Official CSCs are distributed as .csc files that can be unpacked with the smd-tool utility from the sam-tools set.
For example, file.csc in the csc_dump folder:
smd-tool / u file.csc / d csc_dump

After unpacking, a DPP.bin file appears in the folder, which needs to be mounted (this is a disk image).
Copy from there
\ Samsung \ CSC \ CSC.mbn

yourself and you can unmount the disk.
You can unpack MBN with another utility:
mbn-tool / u csc.mbn / d mbn_dump

Now in the mbn_dump folder are all CSC. One folder - one CSC code.
The contents of the folders (for example code AUT):
  • SS_AUT.ini- the file will determine which values ​​of the region and time zone will be displayed initially on the phone settings screen after XP.
  • SS_AUT.reg- registry file
  • SS_AUT_AppInstall.provxml- PROVXML file respondingonlyfor installing additional applications
  • SS_AUT_CSC.xml- PROVXML file

Attention!All these files are limited to ~ 50KB. I don’t know the exact meaning, but the phone doesn’t have large files. The MBN file itself is limited by the amount of free space on the DPP partition.


MBN packaging
Again with the mbn-tool:
mbn-tool / p mbn_dump / f my.mbn / ver I8750OXXCMK2 / subver OXX

Now I’ll draw your attention to the version: I8750OXXCMK2. The version should not be less than the one specified in the firmware of the phone itself. Those. This CMK2 will be ignored on the phone updated to DOC2. However, DOC2 will work on the old CMK2 (GDR3).
What happens when the phone ignores the old CSC from the MBN file? He takes the selected CSC code and searches for files in the folder.
\ Windows \ system32 \ CSC

It stores backup CSCs for all codes.
Attention!Modern firmware versions (DNI and DOC) are alwaysignoreMBN file and immediately use the backup files.

MBN packaging with MBN Creator
MBN Creator is a single program that combines a kitchen for creating MBN files and a flash driver for them.
The first tab contains the most popular tweaks (some have already become outdated: D)
The following 4 tabs allow you to manually add content to the corresponding files so that you have the opportunity to add your tweaks.
The last tab contains the settings for the MBN file itself, as well as the file size counters (remember the 50KB limit?).
After filling in all the fields, press the Create button! and the generated csc.mbn file appears next to MBN Creator.
The contents of the resulting file can be viewed in the folder
MBN Creator temp



MBN Firmware with MBN Creator
  1. put the phone in firmware mode
  2. connect to PC and install drivers
  3. (optionally) copy the csc.mbn file to the MBN Creator folder if you did not generate it by MBN Creator yourself
  4. you click Flash, the firmware window opens
  5. click Scan, MBN Creator should find a phone
  6. choose CSC code and press Flash
  7. everything will happen instantly. After that, restart the phone

In theory, the MBN should be applied only after XP, but the latest firmwares apply it every time the phone boots.
Attention!MBN Creator cannot flash MBN files larger than 64KB!


MBN firmware using standard tools
I will not go into details, all this is described in the topic on the firmware of the device.
FlashONLYMBN is possible in the following way:
  1. upload any .wp8 firmware file for your phone and your MBN file to the flash driver
  2. choose the Select option and leave a tick only on CSC
  3. if they ask you something during the firmware,you answer NO. Otherwise, the selected firmware will be uploaded to the phone.


It seems to be all. Good luck: D


--------------------
Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9
Linux instead of Android
-WOLF-
Message#3
09.12.15, 13:42
Guru
*********
[offline]

Group: Curators
Messages 7350
Check in: 29.12.08
Microsoft Lumia 950

Reputation:-  760  +

Unpacking SMD


Required utilities:


Unpacking
The SMD file (.wp8 or .smd) contains some sections (logical disks) of the internal memory of the phone and a GPT partition table.
You can unpack the WP8 file with the following command:
smd-tool / u file.wp8 / d dump

All sections will be extracted to the dump folder. This will display similar information:
Partition name NAND off N size ROM off R size Part. ID Type Status
GPT 00000000 00000800 00200C00 0000FC00 00000000 00000000 [OK]
SECURE 00000800 00000800 00210800 00000400 00000001 00000000 [OK]
DPP 00001000 00004000 00210C00 00800000 00000002 00000000 [OK]
SBL1 00008000 00000BB7 00A10C00 0016A400 00000003 00000000 [OK]
SBL2 P 00009000 00000BB7 00B7B000 0016A400 00000004 00000000 [OK]
SBL3 0000A000 00000FFF 00CE5400 001F8000 00000005 00000000 [OK]
UEFI S 0000B000 00001387 00EDD400 00207C00 00000006 00000000 [OK]
RPM 0000D000 000003E7 010E5000 0006E400 00000007 00000000 [OK]
TZ 0000E000 000003E7 01153400 0006E400 00000008 00000000 [OK]
WINSECAPP 0000F000 000003FF 011C1800 0007E000 00000009 00000000 [OK]
PLAT 0001A000 00003FFF 0123F800 00742800 0000000A 00000000 [OK]
EFIESP 00020000 0001FFFF 01982000 0094A400 0000000B 00000000 [OK]
MMOS 00046000 0002403F 022CC400 0440B800 0000000C 00000000 [OK]
MainOS 0006C000 004B295F 066D7C00 61F20000 0000000D EACCE221 [OK]
Data 00520000 01838FFF 685F7C00 02920000 0000000E EACCE221 [OK]

Output files:
  • header- header (start) of the source SMD
  • GPT- partition table
  • PLAT, EFIESP, MMOS- partitions with the FAT file system
  • MainOS and Data- NTFS file system compressed partitions
  • the rest of the files are bootloader sections. File system they do not contain

The DPP section is not flashed to the phone. It is unique for each phone. It is empty in the WP8 file.
EACCE221 means the partition is compressed. Such sections must also be unpacked with the image-rebase utility.

For WP7, the sections are different, and the columns Part. ID and Type have a different meaning.

Post has been edited-WOLF- - 09.12.15, 14:48


--------------------
Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9
Linux instead of Android
-WOLF-
Message#4
09.12.15, 13:58
Guru
*********
[offline]

Group: Curators
Messages 7350
Check in: 29.12.08
Microsoft Lumia 950

Reputation:-  760  +

Working with compressed sections


Required utilities:


Unpacking
The compressed section is a file from which empty spaces are cut. Using the image-rebase utility, you can restore their normal look (unpack):
image-rebase / u MainOS.bin / o MainOS.img

Now MainOS.img is normally mounted.
Attention!Do not unpack Data if there is not enough disk space. Remember, its size is more than 14GB! And it's almost empty.


Packaging
Packaging takes place in 2 stages.
First, cut the file into parts:
image-rebase / s MainOS.img / z 2000

Here 2000 is the minimum size of the empty space (zeros)in sectorsto be cut. In this case, 2000 sectors = 1MB.
Now there is a bunch of files and the MainOS.img.xml file. This is a template, it contains information on how to put all the pieces together.
You can also assemble again using image-rebase:
image-rebase / p MainOS.bin / t MainOS.img.xml


Post has been edited-WOLF- - 18.01.16, 23:42


--------------------
Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9
Linux instead of Android
-WOLF-
Message#5
09.12.15, 14:06
Guru
*********
[offline]

Group: Curators
Messages 7350
Check in: 29.12.08
Microsoft Lumia 950

Reputation:-  760  +

Editing firmware
There will be all sorts of techniques for editing the firmware from me and other romodels. If you have something to share, write to this topic, I will add a link.

general information
All files in the system belong to a single package. Each package has its own CAB file when updating. Inside there are at least 2 files:
  • DSM - package content. File List, Version ...
  • CAT - file with signatures of all files included in the package.

Two things follow from here:
  • during XP, the signatures of all processed files (registry, etc.) are checked
  • XP removes all files that are not included in any package.

For example, the entire registry (system32 \ config) is deleted from the phone and restored from REG files.


CSCMgr
The most simple and important hack. This service is responsible for processing the MBN file, and during the existence of its custom, Samsung has strengthened its protection. Therefore, it should be replaced with the old one. This is possible due to the fact that executable files (EXE, DLL, SYS) have a built-in digital signature, and the old version of the file can pass the security check.
It is necessary to replace the files:
  • system32 \ CSCMgr.dll
  • system32 \ CSCMgrSvc.dll
  • system32 \ drivers \ CSCMgrSvc.dll (yes, this is a copy)

It was noticed by me that when I was replaced with files from GDR2, the phone often reboots. Files from GDR3 do not have this flaw. Versions above GDR3 do not make sense to slip.


FCRouter
A service that allows you to perform certain functions on behalf of the system. Used in the system software Samsung (apn, Diagnosis ...) and SamWP8 Tools.
Files:
  • system32 \ FCRouter.dll
  • system32 \ FCRouterProxy.dll
  • system32 \ drivers \ FCRouter.dll
  • system32 \ drivers \ FCDriver.dll

When replacing with the old ones, you can get the disabled MoveFiles () function, but the new Diagnosis stops running. The rest of the system software seems to work.


Registry files (hives, hives)
You can edit the registry directly. Files are in the folder
system32 \ config

But the result will only be to XP.


OSRepack
A simple utility for working with packages. Take here:OSRepack


Sdelete
The utility is designed to reliably delete files, but can "zero out" free disk space.
sdelete -z X:

Very useful for increasing the compression ratio in image-rebase.
Unfortunately, increased fragmentation in the packaged file. Who knows a simple way to defragment free disk space, write.

Post has been edited-WOLF- - 17.01.16, 17:59


--------------------
Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9
Linux instead of Android
-WOLF-
Message#6
09.12.15, 14:16
Guru
*********
[offline]

Group: Curators
Messages 7350
Check in: 29.12.08
Microsoft Lumia 950

Reputation:-  760  +

We pack SMD


Required utilities:



MainOS packaging
After editing MainOS.img it needs to be compressed.
This is done by two teams:
image-rebase / s MainOS.img / z 2048
image-rebase / p MainOS.bin / t MainOS.img.xml

Look in detail in the appropriate post.


SMD packaging
We cut off the first 0x50 bytes from the original firmware (just up to md5) and save it as header.bin.
Large sections can optionally be packaged similarly to MainOS.
Create an XML file with the following content:
<smd-tool>
<template>
<header file = "header.bin" />
<section name = "GPT" file = "GPT.bin" offset = "0" />
<section name = "SECURE" file = "SECURE.bin" offset = "0x800" />
<section name = "DPP" file = "DPP.bin" offset = "0x1000" />
<section name = "SBL1" file = "SBL1.bin" offset = "0x8000" />
<section name = "SBL2" file = "SBL2.bin" offset = "0x9000" />
<section name = "SBL3" file = "SBL3.bin" offset = "0xA000" />
<section name = "UEFI" file = "UEFI.bin" offset = "0xB000" />
<section name = "RPM" file = "RPM.bin" offset = "0xD000" />
<section name = "TZ" file = "TZ.bin" offset = "0xE000" />
<section name = "WINSECAPP" file = "WINSECAPP.bin" offset = "0xF000" />
<section name = "PLAT" file = "PLAT.bin" offset = "0x1A000" />
<section name = "EFIESP" file = "EFIESP.bin" offset = "0x20000" />
<section name = "MMOS" file = "MMOS.bin" offset = "0x46000" />
<section name = "MainOS" file = "MainOS.bin" offset = "0x6C000" />
<section name = "Data" file = "Data.bin" offset = "0x520000" />
</ template>
</ smd-tool>

The offset values ​​are taken from the NAND off command column.
smd-tool / info orig.wp8

The given example corresponds to DOC2.
Next we pack the .wp8 command
smd-tool / p custom.wp8 / t smd_template.xml

The firmware is ready.


Old instruction
SMD header preparation
This is not really a headline, but not the point. Look in
smd-tool / info file.wp8

ROM offset from MainOS. With the help of the Hex-editor, we copy the beginning of the file up to this point into a separate file.
With the help of the same Hex-editor, we glue the resulting file with Data.bin.
At the beginning of the file there are such headers:

4D 61 69 6E 4F 53 00 00 00 00 00 00 00 00 00 00
00 C0 06 00 5F 29 4B 0000 7C FF 08 00 0E AD 61
1F 1F 1F 1F 00 00 00 00 21 E2 CC EA 00 00 00 00
2B C2 5E C9 6A 2F 0B E1 6F 1C 95 FC 49 FF E9 FD

Here you are interestedStartandlengthsection.
Attention!The numbers here go in reverse byte order, i.e. 12345678 = 78 56 34 12.
Replace the beginning of Data with the beginning of MainOS.
You can use Ctrl + C & Ctrl + B (copy and paste with replacement).
Now you do Ctrl + A and watch the file size. It must be written in place of the "beginning of MainOS"
Save the file. Now it's a stub.


The final. Adding MainOS
We glue the file-backing with MainOS.bin.
We register in the "MainOS length" the size of the file MainOS.bin

At the beginning of the file, fill in 16 bytes at the address 0x50 with zeros.
We consider MD5 file sum (Analysis ->Checksums). And paste in place of these zeros (Ctrl + C & Ctrl + B).
Everything, it remains only to save the finished firmware!


Attention!Such firmware will be flashed only by version 3.54 of flasher.

You can check the correctness of the entered numbers with the same command
smd-tool / info custom.wp8


Post has been edited-WOLF- - 19.10.16, 22:05


--------------------
Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9
Linux instead of Android
bender bending rodriguez
Message#7
09.12.15, 18:11
Local
*****
[offline]

Group: Friendssavagemessiahzine.com
Messages 135
Check in: 17.05.13
Nokia 5

Reputation:-  6  +

We pack SMD

Bye secret: P


So this is the most interesting !!! I hope (I am sure that I am not alone) on to_be_continued ... :-)
-WOLF-
Message#8
09.12.15, 19:39
Guru
*********
[offline]

Group: Curators
Messages 7350
Check in: 29.12.08
Microsoft Lumia 950

Reputation:-  760  +

bender bending rodriguez @ 12/09/2015, 18:11*
So this is the most interesting !!! I hope (I am sure not one) on to_be_continued ...

I need to check everything again. I think no one wants to kill the phone by flashing it with a flashing firmware.
SMD packing instruction will be released simultaneously with the custom DOC2.


--------------------
Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9
Linux instead of Android
cold.angel
Message#9
09.12.15, 19:45
Experienced
******
[offline]

Group: Friendssavagemessiahzine.com
Messages 563
Check in: 28.01.15
Samsung Galaxy Note8 SM-N950F / DS

Reputation:-  39  +

* -Wolf-,we love you! waiting for custom!

Still need detailed instructions for unpacking and packing * .csc! or convert * .mbn to * .csc.

Posted 12/09/2015 7:45 PM:

of the new versions, the possibility of flashing the naked MBN has been removed.

therefore, you need packing instructions in * .csc.


--------------------
PC:ROG Formula IX, i5 7600k, ROG RX4808GB, RAM16GB [W10] "✓"
Tablet:UnBranded UB-15MS10 [W10] "✓"
Phone:Galaxy Note8 [N950U] [8.0] "✓"
-WOLF-
Message#10
09.12.15, 19:56
Guru
*********
[offline]

Group: Curators
Messages 7350
Check in: 29.12.08
Microsoft Lumia 950

Reputation:-  760  +

Still need detailed instructions for unpacking and packing * .csc!

Instructions for unpacking there. Pack will not work.

therefore, you need packing instructions in * .csc.

so sew through MBN Creator


--------------------
Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9
Linux instead of Android
cold.angel
Message#11
09.12.15, 20:02
Experienced
******
[offline]

Group: Friendssavagemessiahzine.com
Messages 563
Check in: 28.01.15
Samsung Galaxy Note8 SM-N950F / DS

Reputation:-  39  +

* -Wolf-,
mbn for SE get flash through MBN Creator?


--------------------
PC:ROG Formula IX, i5 7600k, ROG RX4808GB, RAM16GB [W10] "✓"
Tablet:UnBranded UB-15MS10 [W10] "✓"
Phone:Galaxy Note8 [N950U] [8.0] "✓"
-WOLF-
Message#12
09.12.15, 20:09
Guru
*********
[offline]

Group: Curators
Messages 7350
Check in: 29.12.08
Microsoft Lumia 950

Reputation:-  760  +

* cold.angel
Original - maybe. Custom - no.
But it doesn't matter at all. I think on Ativ SE will also be a real cast (.wp8).


--------------------
Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9
Linux instead of Android
-WOLF-
Message#13
15.12.15, 20:45
Guru
*********
[offline]

Group: Curators
Messages 7350
Check in: 29.12.08
Microsoft Lumia 950

Reputation:-  760  +

In short, the programmers Sousung, as usual, the whole defense was broken: rofl:
Packing instructions are MUCHLY simplified :)


--------------------
Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9
Linux instead of Android
-WOLF-
Message#14
18.12.15, 00:33
Guru
*********
[offline]

Group: Curators
Messages 7350
Check in: 29.12.08
Microsoft Lumia 950

Reputation:-  760  +

Comrades pioneers, we offer our techniques for editing the firmware.


--------------------
Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9
Linux instead of Android
spavlin
Message#15
28.12.15, 16:05
Experienced
******
[offline]

Group: Friendssavagemessiahzine.com
Messages 583
Check in: 24.01.09
Samsung Ativ S GT-I8750

Reputation:-  138  +

There is an error when uploading a reassembled firmware from a previously created one.
Attached Image


--------------------
Samsung || Ativ S || 10.0.15254 Production
-WOLF-
Message#16
28.12.15, 17:09
Guru
*********
[offline]

Group: Curators
Messages 7350
Check in: 29.12.08
Microsoft Lumia 950

Reputation:-  760  +

* spavlin,
: rofl: saw. It is stitched normally, so do not care.


--------------------
Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9
Linux instead of Android
spavlin
Message#17
06.01.16, 16:58
Experienced
******
[offline]

Group: Friendssavagemessiahzine.com
Messages 583
Check in: 24.01.09
Samsung Ativ S GT-I8750

Reputation:-  138  +

I played with the replacement of the files FCRouter + WP8Diag (from SM-W750V, SPH-I800, SGH-I187, SGH-T899M), in the end everything works.
Smart Download mode works, but QPST does not want to work with it.
Attached Image


Post has been editedspavlin - 06.01.16, 16:59


--------------------
Samsung || Ativ S || 10.0.15254 Production
-WOLF-
Message#18
17.01.16, 15:14
Guru
*********
[offline]

Group: Curators
Messages 7350
Check in: 29.12.08
Microsoft Lumia 950

Reputation:-  760  +

I made a simple utility for editing firmware dumps:OSRepack


--------------------
Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9
Linux instead of Android
-WOLF-
Message#19
19.10.16, 22:07
Guru
*********
[offline]

Group: Curators
Messages 7350
Check in: 29.12.08
Microsoft Lumia 950

Reputation:-  760  +

SMD packaging has been greatly simplified. Added a new way to the instruction.


--------------------
Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9
Linux instead of Android
spavlin
Message#20
19.10.16, 22:13
Experienced
******
[offline]

Group: Friendssavagemessiahzine.com
Messages 583
Check in: 24.01.09
Samsung Ativ S GT-I8750

Reputation:-  138  +

In MassStorage mode
Attached Image


Post has been editedspavlin - 19.12.17, 00:07


--------------------
Samsung || Ativ S || 10.0.15254 Production

2 pagesV  1 2 > » 


 mobile version    Now: 03/27/19/04: 46