Assistant
REPLY |
Instructions for editing firmware for Samsung phones on WP8 |
Message#1 09.12.15, 11:53 | |
Guru [offline] Group: Curators Messages 7350 Check in: 29.12.08 Microsoft Lumia 950 Reputation: 760 | �� ���� ������� �������� Windows Phone ��� Samsung? downloadThe firmware consists of two SMD files:
CSC It is worth noting that the CSC file itself is not flashed to the device. The flasher extracts the CSC.mbn file from it and copies it to a special folder on the device. Initially, the flash drivers were able to sew the MBN file itself, but since I used it to hack the system, from the new versions the possibility of flashing the "naked" MBN was removed. Instructions: Post has been edited-WOLF- - 18.12.15, 15:20 Reason for editing: Updated content -------------------- Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9 Linux instead of Android |
Message#2 09.12.15, 13:27 | |
Guru [offline] Group: Curators Messages 7350 Check in: 29.12.08 Microsoft Lumia 950 Reputation: 760 | Create custom CSC Required utilities:
In principle, to create and flash a custom CSC, you can use the only utility MBN Creator. This method will be described at the end. Unpacking CSC / MBN Official CSCs are distributed as .csc files that can be unpacked with the smd-tool utility from the sam-tools set. For example, file.csc in the csc_dump folder: smd-tool / u file.csc / d csc_dump After unpacking, a DPP.bin file appears in the folder, which needs to be mounted (this is a disk image). Copy from there \ Samsung \ CSC \ CSC.mbn yourself and you can unmount the disk. You can unpack MBN with another utility: mbn-tool / u csc.mbn / d mbn_dump Now in the mbn_dump folder are all CSC. One folder - one CSC code. The contents of the folders (for example code AUT):
Attention!All these files are limited to ~ 50KB. I don’t know the exact meaning, but the phone doesn’t have large files. The MBN file itself is limited by the amount of free space on the DPP partition. MBN packaging Again with the mbn-tool: mbn-tool / p mbn_dump / f my.mbn / ver I8750OXXCMK2 / subver OXX Now I’ll draw your attention to the version: I8750OXXCMK2. The version should not be less than the one specified in the firmware of the phone itself. Those. This CMK2 will be ignored on the phone updated to DOC2. However, DOC2 will work on the old CMK2 (GDR3). What happens when the phone ignores the old CSC from the MBN file? He takes the selected CSC code and searches for files in the folder. \ Windows \ system32 \ CSC It stores backup CSCs for all codes. Attention!Modern firmware versions (DNI and DOC) are alwaysignoreMBN file and immediately use the backup files. MBN packaging with MBN Creator MBN Creator is a single program that combines a kitchen for creating MBN files and a flash driver for them. The first tab contains the most popular tweaks (some have already become outdated: D) The following 4 tabs allow you to manually add content to the corresponding files so that you have the opportunity to add your tweaks. The last tab contains the settings for the MBN file itself, as well as the file size counters (remember the 50KB limit?). After filling in all the fields, press the Create button! and the generated csc.mbn file appears next to MBN Creator. The contents of the resulting file can be viewed in the folder MBN Creator temp MBN Firmware with MBN Creator
In theory, the MBN should be applied only after XP, but the latest firmwares apply it every time the phone boots. Attention!MBN Creator cannot flash MBN files larger than 64KB! MBN firmware using standard tools I will not go into details, all this is described in the topic on the firmware of the device. FlashONLYMBN is possible in the following way:
It seems to be all. Good luck: D -------------------- Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9 Linux instead of Android |
Message#3 09.12.15, 13:42 | |
Guru [offline] Group: Curators Messages 7350 Check in: 29.12.08 Microsoft Lumia 950 Reputation: 760 | Unpacking SMD Required utilities: Unpacking The SMD file (.wp8 or .smd) contains some sections (logical disks) of the internal memory of the phone and a GPT partition table. You can unpack the WP8 file with the following command: smd-tool / u file.wp8 / d dump All sections will be extracted to the dump folder. This will display similar information: Partition name NAND off N size ROM off R size Part. ID Type Status GPT 00000000 00000800 00200C00 0000FC00 00000000 00000000 [OK] SECURE 00000800 00000800 00210800 00000400 00000001 00000000 [OK] DPP 00001000 00004000 00210C00 00800000 00000002 00000000 [OK] SBL1 00008000 00000BB7 00A10C00 0016A400 00000003 00000000 [OK] SBL2 P 00009000 00000BB7 00B7B000 0016A400 00000004 00000000 [OK] SBL3 0000A000 00000FFF 00CE5400 001F8000 00000005 00000000 [OK] UEFI S 0000B000 00001387 00EDD400 00207C00 00000006 00000000 [OK] RPM 0000D000 000003E7 010E5000 0006E400 00000007 00000000 [OK] TZ 0000E000 000003E7 01153400 0006E400 00000008 00000000 [OK] WINSECAPP 0000F000 000003FF 011C1800 0007E000 00000009 00000000 [OK] PLAT 0001A000 00003FFF 0123F800 00742800 0000000A 00000000 [OK] EFIESP 00020000 0001FFFF 01982000 0094A400 0000000B 00000000 [OK] MMOS 00046000 0002403F 022CC400 0440B800 0000000C 00000000 [OK] MainOS 0006C000 004B295F 066D7C00 61F20000 0000000D EACCE221 [OK] Data 00520000 01838FFF 685F7C00 02920000 0000000E EACCE221 [OK] Output files:
The DPP section is not flashed to the phone. It is unique for each phone. It is empty in the WP8 file. EACCE221 means the partition is compressed. Such sections must also be unpacked with the image-rebase utility. For WP7, the sections are different, and the columns Part. ID and Type have a different meaning. Post has been edited-WOLF- - 09.12.15, 14:48 -------------------- Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9 Linux instead of Android |
Message#4 09.12.15, 13:58 | |
Guru [offline] Group: Curators Messages 7350 Check in: 29.12.08 Microsoft Lumia 950 Reputation: 760 | Working with compressed sections Required utilities: Unpacking The compressed section is a file from which empty spaces are cut. Using the image-rebase utility, you can restore their normal look (unpack): image-rebase / u MainOS.bin / o MainOS.img Now MainOS.img is normally mounted. Attention!Do not unpack Data if there is not enough disk space. Remember, its size is more than 14GB! And it's almost empty. Packaging Packaging takes place in 2 stages. First, cut the file into parts: image-rebase / s MainOS.img / z 2000 Here 2000 is the minimum size of the empty space (zeros)in sectorsto be cut. In this case, 2000 sectors = 1MB. Now there is a bunch of files and the MainOS.img.xml file. This is a template, it contains information on how to put all the pieces together. You can also assemble again using image-rebase: image-rebase / p MainOS.bin / t MainOS.img.xml Post has been edited-WOLF- - 18.01.16, 23:42 -------------------- Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9 Linux instead of Android |
Message#5 09.12.15, 14:06 | |
Guru [offline] Group: Curators Messages 7350 Check in: 29.12.08 Microsoft Lumia 950 Reputation: 760 | Editing firmware There will be all sorts of techniques for editing the firmware from me and other romodels. If you have something to share, write to this topic, I will add a link. general information All files in the system belong to a single package. Each package has its own CAB file when updating. Inside there are at least 2 files:
Two things follow from here:
For example, the entire registry (system32 \ config) is deleted from the phone and restored from REG files. CSCMgr The most simple and important hack. This service is responsible for processing the MBN file, and during the existence of its custom, Samsung has strengthened its protection. Therefore, it should be replaced with the old one. This is possible due to the fact that executable files (EXE, DLL, SYS) have a built-in digital signature, and the old version of the file can pass the security check. It is necessary to replace the files:
It was noticed by me that when I was replaced with files from GDR2, the phone often reboots. Files from GDR3 do not have this flaw. Versions above GDR3 do not make sense to slip. FCRouter A service that allows you to perform certain functions on behalf of the system. Used in the system software Samsung (apn, Diagnosis ...) and SamWP8 Tools. Files:
When replacing with the old ones, you can get the disabled MoveFiles () function, but the new Diagnosis stops running. The rest of the system software seems to work. Registry files (hives, hives) You can edit the registry directly. Files are in the folder system32 \ config But the result will only be to XP. OSRepack A simple utility for working with packages. Take here:OSRepack Sdelete The utility is designed to reliably delete files, but can "zero out" free disk space. sdelete -z X: Very useful for increasing the compression ratio in image-rebase. Unfortunately, increased fragmentation in the packaged file. Who knows a simple way to defragment free disk space, write. Post has been edited-WOLF- - 17.01.16, 17:59 -------------------- Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9 Linux instead of Android |
Message#6 09.12.15, 14:16 | |
Guru [offline] Group: Curators Messages 7350 Check in: 29.12.08 Microsoft Lumia 950 Reputation: 760 | We pack SMD Required utilities: MainOS packaging After editing MainOS.img it needs to be compressed. This is done by two teams: image-rebase / s MainOS.img / z 2048 image-rebase / p MainOS.bin / t MainOS.img.xml Look in detail in the appropriate post. SMD packaging We cut off the first 0x50 bytes from the original firmware (just up to md5) and save it as header.bin. Large sections can optionally be packaged similarly to MainOS. Create an XML file with the following content: <smd-tool> <template> <header file = "header.bin" /> <section name = "GPT" file = "GPT.bin" offset = "0" /> <section name = "SECURE" file = "SECURE.bin" offset = "0x800" /> <section name = "DPP" file = "DPP.bin" offset = "0x1000" /> <section name = "SBL1" file = "SBL1.bin" offset = "0x8000" /> <section name = "SBL2" file = "SBL2.bin" offset = "0x9000" /> <section name = "SBL3" file = "SBL3.bin" offset = "0xA000" /> <section name = "UEFI" file = "UEFI.bin" offset = "0xB000" /> <section name = "RPM" file = "RPM.bin" offset = "0xD000" /> <section name = "TZ" file = "TZ.bin" offset = "0xE000" /> <section name = "WINSECAPP" file = "WINSECAPP.bin" offset = "0xF000" /> <section name = "PLAT" file = "PLAT.bin" offset = "0x1A000" /> <section name = "EFIESP" file = "EFIESP.bin" offset = "0x20000" /> <section name = "MMOS" file = "MMOS.bin" offset = "0x46000" /> <section name = "MainOS" file = "MainOS.bin" offset = "0x6C000" /> <section name = "Data" file = "Data.bin" offset = "0x520000" /> </ template> </ smd-tool> The offset values ​​are taken from the NAND off command column. smd-tool / info orig.wp8 The given example corresponds to DOC2. Next we pack the .wp8 command smd-tool / p custom.wp8 / t smd_template.xml The firmware is ready. Old instruction SMD header preparation This is not really a headline, but not the point. Look in smd-tool / info file.wp8 ROM offset from MainOS. With the help of the Hex-editor, we copy the beginning of the file up to this point into a separate file. With the help of the same Hex-editor, we glue the resulting file with Data.bin. At the beginning of the file there are such headers: 4D 61 69 6E 4F 53 00 00 00 00 00 00 00 00 00 00 00 C0 06 00 5F 29 4B 0000 7C FF 08 00 0E AD 61 1F 1F 1F 1F 00 00 00 00 21 E2 CC EA 00 00 00 00 2B C2 5E C9 6A 2F 0B E1 6F 1C 95 FC 49 FF E9 FD Here you are interestedStartandlengthsection. Attention!The numbers here go in reverse byte order, i.e. 12345678 = 78 56 34 12. Replace the beginning of Data with the beginning of MainOS. You can use Ctrl + C & Ctrl + B (copy and paste with replacement). Now you do Ctrl + A and watch the file size. It must be written in place of the "beginning of MainOS" Save the file. Now it's a stub. The final. Adding MainOS We glue the file-backing with MainOS.bin. We register in the "MainOS length" the size of the file MainOS.bin At the beginning of the file, fill in 16 bytes at the address 0x50 with zeros. We consider MD5 file sum (Analysis ->Checksums). And paste in place of these zeros (Ctrl + C & Ctrl + B). Everything, it remains only to save the finished firmware! Attention!Such firmware will be flashed only by version 3.54 of flasher. You can check the correctness of the entered numbers with the same command smd-tool / info custom.wp8 Post has been edited-WOLF- - 19.10.16, 22:05 -------------------- Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9 Linux instead of Android |
Message#7 09.12.15, 18:11 | |
Local [offline] Group: Friendssavagemessiahzine.com Messages 135 Check in: 17.05.13 Nokia 5 Reputation: 6 | [email protected], 14:16 We pack SMD Bye secret: P So this is the most interesting !!! I hope (I am sure that I am not alone) on to_be_continued ... :-) |
Message#8 09.12.15, 19:39 | |
Guru [offline] Group: Curators Messages 7350 Check in: 29.12.08 Microsoft Lumia 950 Reputation: 760 | So this is the most interesting !!! I hope (I am sure not one) on to_be_continued ... I need to check everything again. I think no one wants to kill the phone by flashing it with a flashing firmware. SMD packing instruction will be released simultaneously with the custom DOC2. -------------------- Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9 Linux instead of Android |
Message#9 09.12.15, 19:45 | |
Experienced [offline] Group: Friendssavagemessiahzine.com Messages 563 Check in: 28.01.15 Samsung Galaxy Note8 SM-N950F / DS Reputation: 39 | -Wolf-,we love you! waiting for custom! Still need detailed instructions for unpacking and packing * .csc! or convert * .mbn to * .csc. Posted 12/09/2015 7:45 PM: [email protected], 11:53 of the new versions, the possibility of flashing the naked MBN has been removed. therefore, you need packing instructions in * .csc. -------------------- PC:ROG Formula IX, i5 7600k, ROG RX4808GB, RAM16GB [W10] "✓" Tablet:UnBranded UB-15MS10 [W10] "✓" Phone:Galaxy Note8 [N950U] [8.0] "✓" |
Message#10 09.12.15, 19:56 | |
Guru [offline] Group: Curators Messages 7350 Check in: 29.12.08 Microsoft Lumia 950 Reputation: 760 | [email protected], 19:45 Still need detailed instructions for unpacking and packing * .csc! Instructions for unpacking there. Pack will not work. [email protected], 19:45 therefore, you need packing instructions in * .csc. so sew through MBN Creator -------------------- Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9 Linux instead of Android |
Message#11 09.12.15, 20:02 | |
Experienced [offline] Group: Friendssavagemessiahzine.com Messages 563 Check in: 28.01.15 Samsung Galaxy Note8 SM-N950F / DS Reputation: 39 | |
Message#12 09.12.15, 20:09 | |
Guru [offline] Group: Curators Messages 7350 Check in: 29.12.08 Microsoft Lumia 950 Reputation: 760 | cold.angel Original - maybe. Custom - no. But it doesn't matter at all. I think on Ativ SE will also be a real cast (.wp8). -------------------- Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9 Linux instead of Android |
Message#13 15.12.15, 20:45 | |
Guru [offline] Group: Curators Messages 7350 Check in: 29.12.08 Microsoft Lumia 950 Reputation: 760 | In short, the programmers Sousung, as usual, the whole defense was broken: rofl: Packing instructions are MUCHLY simplified :) -------------------- Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9 Linux instead of Android |
Message#14 18.12.15, 00:33 | |
Guru [offline] Group: Curators Messages 7350 Check in: 29.12.08 Microsoft Lumia 950 Reputation: 760 | Comrades pioneers, we offer our techniques for editing the firmware. -------------------- Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9 Linux instead of Android |
Message#15 28.12.15, 16:05 | |
Experienced [offline] Group: Friendssavagemessiahzine.com Messages 583 Check in: 24.01.09 Samsung Ativ S GT-I8750 Reputation: 138 | |
Message#16 28.12.15, 17:09 | |
Guru [offline] Group: Curators Messages 7350 Check in: 29.12.08 Microsoft Lumia 950 Reputation: 760 | -------------------- Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9 Linux instead of Android |
Message#17 06.01.16, 16:58 | ||
Experienced [offline] Group: Friendssavagemessiahzine.com Messages 583 Check in: 24.01.09 Samsung Ativ S GT-I8750 Reputation: 138 | I played with the replacement of the files FCRouter + WP8Diag (from SM-W750V, SPH-I800, SGH-I187, SGH-T899M), in the end everything works. Smart Download mode works, but QPST does not want to work with it. Post has been editedspavlin - 06.01.16, 16:59 -------------------- Samsung || Ativ S || 10.0.15254 Production | |
Message#18 17.01.16, 15:14 | |
Guru [offline] Group: Curators Messages 7350 Check in: 29.12.08 Microsoft Lumia 950 Reputation: 760 | I made a simple utility for editing firmware dumps:OSRepack -------------------- Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9 Linux instead of Android |
Message#19 19.10.16, 22:07 | |
Guru [offline] Group: Curators Messages 7350 Check in: 29.12.08 Microsoft Lumia 950 Reputation: 760 | SMD packaging has been greatly simplified. Added a new way to the instruction. -------------------- Loox C550 / Galaxy Spica / Omnia W / ATIV S / Galaxy J120F / Lumia 950 / Galaxy Note9 Linux instead of Android |
Message#20 19.10.16, 22:13 | |
Experienced [offline] Group: Friendssavagemessiahzine.com Messages 583 Check in: 24.01.09 Samsung Ativ S GT-I8750 Reputation: 138 | -------------------- Samsung || Ativ S || 10.0.15254 Production |
mobile version | Now: 03/27/19/04: 46 |