Hi all,
let me start telling that reading through this frum gives me the feeling that this is a very nice place for information around htc-devices and I thank both creators and users of this site for such a good information-base.
Reading here convinces me that I am able to fulfill my wish to change the language of my VPA-IV (HTC Universal).
I am a Dutch person working in Russia. As I was living in Germany I optained the device there, hence the German language.
For me personally all computer stuff should be English, so I'd also like this device to be so. The fact that the keyboard is German does not disturb me too much.
As a Vodafone user, who has other provider cards as well, I immediately bought the unlock code, so the device is working with other GSM cards as well.
When I asked Vodafone (before I bought the device) if I could switch to English I was told that I should buy myself another Windows Software and they were not able to provide me with it. They were not able to provide any help, nor software for this purpose though.
When reading around the site here (as well as the ftp) I understood that Windows is not provided now. So my first question would be :
-Am I really set to go if I have downloaded the following files :
Jasjar_WWW_11353_137_10301.zip
MaUpgradeUt_noID.zip
Universal_Radinly_UPgrade_1.04.02.zip
Or do I need something more ?
Further I read about extracting the .exe file (f.e. Jasjar_WWW_11353_137_10301.exe) and put some files from there at certain places. I have WinRar but this program does not recognize the .exe file. Can I really extract files from this .exe ? How do I do this.
A lot of talking is here about a bootloader. If the device is in this stage, can I still access it ? (f.e. like seeing a harddrive in my PC's Windows Explorer or something the like)
As I will be stressed like hell (who does not, when he does this first time) when I see the bootloader screen, is there something I SHOULD or should NOT do to make sure all will be OK ?
Last but certainly not least I feel very eager to backup before I do this. Is there a posibility to backup my ROM in some way, save the files on some place for eventual return to the ROM and ExtRom I have now ?
I tried the Program TotalCommander. If I enter the Extended_Rom in the "directory" field of this program I see all files included in the Extended_Rom, same if I enter simply "Rom". Is a backup simply copying these files to my PC or is there more to be done ?
thanks for answering in advance,
Ruud
Hi,
I'm searching a german ROM...
if you have a little of your time to spend on it, i would be very thankful.
but first:
- about extracting the .exe files: Run WinRAR -> Menue: Open file... -> change 'All archives' to 'All files'
- about ROMs: Jasjar_WWW_11353_137_10301.zip is the only rom I would update, not the Radio.
- about bootloader: In this state you can't access your device (only updating the ROM)
- about backup: It is not easy. (How to d2s (dump) the ROM ) but I think Vodafone will shortly relase a update. So it will be possible to restor the device.
How to help me out:
- you will need a Storage Card.
- Download TestWM5.rar
1. Extract TestWM5.exe from TestWM5.rar and place it to you device.
2. At the device, use File Explorer to execute the TestWM5.exe
3. Click "button1" to start the dump process, the file will then be save to \Storage Card\Dump\
4. Copy the Dump folder out and then RAR or Zip it
This will include all files in your windows dictionary -> this is what i need
Where to place exactly ?
Hi bepe,
do not know if You are still available (or again). First your issue.
I logon to FTP from XDA-developers as to upload.
In the upload directory there is only a HTC-Wizard directory, not a wizard. Is this directory the one to place your file on ?
Is there a rule how to name the file ?
I will be dumping in a minute, can upload as soon as I have your answer.
Ruud
Hi bepe,
further to your issue.
1) I do understand that no private information is copied ? or should I do a hard reset before I dump for You ?
2) Whilst running your testwm5.exe from the root-directory of the storage-card I am being asked to agree your program access. This is normal, I allow. But why are there additional programs being opened I never heard about ? I denied them access and let the program run further !
After a lot of files running through the screen (very fast) it looks like the program stopped or finished. Now which file has been created for You ?
Explorer on the Universal does not show it, through my PC I looked as well, but do not see any big file, please explain.
Ruud
Hi Bepe,
one more reply to You :
Even if I allow the file mentioned to run (during the time your program is running), I am being asked again and again if I allow it again. The name is GAC_System.Data_v1_0_5000_0_cneutral_1.dll
Even if allow access all of the occasions I being asked, no file is being created on my storage-card, nothing to dump to You. Not even the dump directory is made.
What do I do wrong here ?
To my issue :
First I noticed that the radio update is available here only as 1.04.02
My system tells me I have 1.04.10 delivered from origin. If I do a ROM-upgrade, do I loose my "radio", or will it not be touched ?
Connected to this, can I dump my "radio"-files seperately ?
WinRAR. Issue solved !
Backup : I was at the buzzdev.net link before. But I actually do not even understand where I can get or see the task32 language he dumped on his screen. And I understand that I will not be able to restore it without help anyway. So this is not really the kind of backup I want.
The information about Vodafone, where does it come from ? when is something expected ?
Ruud
For security sake only.
I am getting nearer to make that final step ;-)
My Winrar was too old, I could unzip the .zip file to a .exex, but I could not unzip the .exe file further. Just downloaded the latest Winrar, now I can see all files included in the provided .exe file.
1) I understood that I should delete the original upgrade-file called ROMUpgradeUt.exe.
2) When I start the MaUpgradeUt_noID.exe in a seperate directory with the rest of the files from the .exe I get to see a different HTC device. When I continue, it will not recognize any of the versions from my Universal. I felt unconfortable to continue.
Can it be done without a problem ??
2a) I renamed the ms_.nbf AND radio_.nbf and restart the Utility, it still shows a photo of the wrong device, but it now does recognize the versions of Device CD image version : 1.13.56 Device Extended image version : 1.13.163 and Device Radio image version : 1.04.10
It confirms to change to CD image version 1.13.53 and leaves the extended image version : "empty" as well as the Radio image version : "empty"
Does this mean that by taking away the ms_.nbf and radio_.nbf files I can stop the device from upgrading the extended rom and the radio ?
Why I ask ? Because if I renamed ms_.nbf back and ONLY radio_.nbf is unavailable now, it shows to change the Extended Rom too, but the Radio image is still empty.
Finally if I rename ALL back, it shows to change all, but all version numbers are older once ;-(
Main question here is, can I leave radio_.nbf away, upgrade and hope for radio to be my version 1.04.10 ?
Ruud
Hi,
I'm back.
I'll PM you Upload information...
private information are not copied.
Only if you have saved private information in your /windows/ folder!
i have never being asked to agree for program access :?
...but I started it of the root-directory of my device.
what is the name of your 'Storage Card' folder?
I not realy have the info from Vodafone, but for all devices before there have been more than one update. But I can't tell when the first update is expected.
If you are trying to make a backup: you will need a terminal program
About dumping
So I have a complete "new" device now.
Did a hard-reset, after which I did not give any new information to the device.
I placed the .exe file You gave me in the \windows\startmenue before, after which it is asking tonloads of access requests.
Now I replaced it in the root-directorym Yes, no additional questions asked anymore, perfect, well NO. As there is no directory made on the storage card. I tried it once with the async active and once with the device seperate. No result.
Any ideas ?
what is the name of your 'Storage Card' folder in your root?
As the device is German, it is called "Speicherkarte"
and renaming is not possible (allowed)
OK this is the problem, I'm trying to get the Source code to change that.
found something: this tool will change the folder name from different languages to "Storage card" which is often needed for different tools
Understood.
About my question, as I am still nervously waiting (cannot start the upgrade before You got your data, can I ;-)
Did I understand correctly, that the file MaUpgradeUt_noID.exe is made for different devices from HTC and therefore I do not get a photo of the universal when I start the software ?
If I start the JASJAR_WWE_11353_137_10301.exe I DO get to see the Universal, but of course get the country error.
Did I also correctly understood I can take away the radio_.nbf from the directory and the update will handle both ROM and ExtROM but leave the Radio untouched ?
Will I be entering this "bootloader" status at all, as I do not need any further updates then ? Are there any resets after the upgrade which I SHOULD or SHOULD NOT make to get the device working again ?
Ruud
Hi bebe,
storage.cab works (be it only after a soft-reset)
The program testwm5.exe is much slower now, so the result is taking minutes now (if not tens of).
Looks like the perfect speed of the program while the storage card (at least for his eyes) was absent, was due to "saving into space"
Will upload asap.
Ruud
I'm loading JASJAR_WWE_11353_137_10301.exe its at 60%
MaUpgradeUt_noID.exe is a hacked version, of another device.
So the photo should not be important. (Please wait until i have downladed the file, I'm not realy sure jet...)
OK, I have to wait anyway, because TestWM5 is very slow now, I can see file after file and calmly read it. Before it was running before my eyes. I am afraid this is going to take ages.
We are on the same frequency that the dump I am making is from a device WITH Extended Rom installed. I was NOT soft-resetting during installation, so all Vodafone add-ons, are to be there now.
If You need the one without ExtRom as well, please tell me.
The upload works OK, I prepared a directory there, but uploading is to be done after longer waiting time.
Are You afraid the JASJAR file is not good ? I downloaded it because this one was proposed on this forum.
Ruud
Its not about the ROM its about the MaUpgradeUt_noID.exe I'm not sure if ths is the exe file to update a Universal.
I dont have a Universal only a Himalaya and my up UpgradeUt starts with HimUpgradeUt... .
Was this file mentioned in the readme of the JASJAR exe?
my download is very slow... 70%
I only downloaded MaUpgradeUt_noID.exe because it was proposed here (for the Universal).
I have no Readme.txt inside the exe
EnterBL.exe
GetDeviceData.exe
ms_.nbf
nk.nbf
radio_.nbf
RUU.conf
RUU.dll
UI.dll
Well and of course the original upgrade file ROMUpgadeUt.exe, but I was suppose to delete it.
Only file which I can read is RUU.conf :
[PLATFORM]=857873
[RADIO_TYPE]=2
[SECURITY_FLAG]=1
[DECODER_KEY]=1
[RADIO_FLAG]=2
[GETADDR_TYPE]=1
[JUMPCODE_TYPE]=1
[FORMAT_TYPE]=2
[SCREEN_TYPE]=2
OK, TestWM5 is finally ready, will do compressing and uploading soon.
Ruud
[ 3:55:32.78] MachinaGod lokiwiz start
Copying C:\aWizard\lib\itsutils.dll to WCE:\windows\itsutils.dll
ERROR: Error !!! Writing WinCE file - There is not enough space on the disk.
opening: lock_backup.bin: No such file or directory
This exe file was created with the evaluation version of Perl2Exe.
For more information visit http://www.indigostar.com
(The full version does not display this message with a 2 second delay.)
...
Copying C:\aWizard\lib\itsutils.dll to WCE:\windows\itsutils.dll
ERROR: Error !!! Writing WinCE file - There is not enough space on the disk.
Copying C:\aWizard\lib\itsutils.dll to WCE:\windows\itsutils.dll
ERROR: Error !!! Writing WinCE file - There is not enough space on the disk.
[ 3:55:36.50] Your phone is now CID unlocked....
Store the generated 'lock_backup.bin' file in a safe place. It can help to resto
re your device if anything goes wrong.
* Press [Enter] to continue
I forgot to clean some crap up first... how can I check if it's really unlocked before i try to do it again ?
From the error message, your phone doesn't seems to have been unlocked. There isn't any software/method that I know of that can check if your phone has been unlocked. The only way to do it is to get another SIM (of other operator) and try it on your phone, see if it works.
Anywya, i bet yours aren't unlocked yet. Check if you have the "lock_backup.bin" file in your aWizard directory. If yes, copy this file to somewhere or rename it (e.g. back up the file) and performa another unlock process. It doesn't damage your phone running unlock twice (or multiple times). The only problem is that you may loose your lock file (e.g. lock_backup.bin) that you may need to have your phone back into the lock state (e.g. for warranty claiming purposes)
i wrote a new tool that you can use to read the rom image, it can be found at:
http://nah6.com/~itsme/bkondisk.zip
Code:
usage:
first copy bkondisk.exe to \windows on your device, then:
prun bkondisk [targetdir]
will save all partitions on all volumes in files on [targetdir]
prun bkondisk -v0 -p1 [targetdir]
will save a specific partition on [targetdir]
prun bkondisk -v0 -b0 -n1 \firstblock.img
will save the specified blocks to \firstblock.img
prun bkondisk -i
will only list disk info in the logfile "\bkondisk.log"
-v0 or -v1 to specify the volume
-p0, -p1, etc to specify a partition
-b0 etc to specify a starting block ( ignoring partioning )
-n32 specifies to read 32 blocks starting at the above block.
note: you DON'T need to put quotes around directories with spaces in it.
when no path is specified, files will be created in the root.
Thanks! I've got a couple of questions... it extracted the following files:
bk_00_0000.img
bk_02_0005.img
bk_03_0025.img
bk_06_0001.img
bk_08_0175.img
What do these files refer to (which one is the ROM, etc). Also, is there a way to write these backups back to the phone? It would be a great way to try out test roms and get back to my original T-Mobile ROM if necessary.
bk_00_0000.img - IPL : ONBL1 + ONBL2
bk_02_0005.img - GSM + splash + gsmdata + simlock + serialnrs
bk_03_0025.img - OS
bk_06_0001.img - SPL
bk_08_0175.img - userfilesystem
Is there a way to write them back to the phone? or is that not possible...
is it possible to get a .nbh files out of these files?
My idea would be to "glue" the 4 files together (bk_00 to bk_06) in one file, rename the file to RUU_signed.nbh and exchange the RUU_signed.nbh created by the RUU.exe in \Profiles\[user]\Local Settings\Temp\pftxx.tmp with this one and then run on the RUU.exe with the modified .nbh
for example in DOS:
copy /b bk_00_0000.img+bk_02_0005.img+bk_03_0025.img+bk_06_0001.img RUU_signed.nbh
Is it that simple?
EDIT:
Ok this easy way doesn't work.
RUU says "Error 238 - File read"
Maybe some kind of checksum is missing....
Three questions for itsme
1. Could these files be used to create a nbf file to flash from the sd card as a backup?
2. Would it be possible to modify sim/cid lock?
3. Are these files in raw (dump) format that could be edited in hex editor?
P.S. Thanks to your other posts (works) that helped me figure out the whole sd card flashing thing for the Dash.
Maybe this helps a little bit to get ideas.
I have been searching here for nights - this is what I found so far:
1. I think it's similar to the Hermes - nobody found a way till now - the first step is to modify a signed .nbh, deleting works but not adding a file:
Hermes - how to dump ROM
Hermes - new custom ROMs
Hermes - ROM cooking and Bootloader MFG 1.01
aChef ROM Utils
2. This is the way Imei-Check is CID-unlocking - investigated by pof:
Reverse Engineering the Herems imei-check unlocker
Maybe there is another way like Zone-MR is doing it for the Star100/Qtek 8500
Star100 Unlock procedure but here you have still to decryt/encrypt the block in my understanding and therefore you have to find out the key
3. I didn't find anything about this so far, but I think the information is anywhere at XDA-Developers
EDIT: here (nl)itsme wrote:
.... but i am still busy, have not had the time to look at creating a tool to convert a memdump to a updater file.
Click to expand...
Click to collapse
so I hope he will find the time to create this tool
P.S: @itsme and @pof: I also want to thank you very much - you are heroes!!!
mar11974 said:
1. Could these files be used to create a nbf file to flash from the sd card as a backup?
2. Would it be possible to modify sim/cid lock?
3. Are these files in raw (dump) format that could be edited in hex editor?
P.S. Thanks to your other posts (works) that helped me figure out the whole sd card flashing thing for the Dash.
Click to expand...
Click to collapse
I got different files ...
After running the tool I got :
bk_0__0000.img (IPL? Is it same as bk_00_0000.img?)
bk_02_0005.img (GSM + splash + gsmdata + simlock + serialnrs)
bk_03_0025.img (OS)
bk_06_0001.img (SPL)
bk_08_0185.img (?????)
I did not get bk_08_0175.img, though.
Hints?
On the other hand, is it possible to extract files out of IMG files?
Thanks.
I'm going crazy, I've almost tried everything possible and I'm not afraid to brick this device as I only use it for experimenting.
My goal: To modify the rom (change files, registry).
Problems: There is no official rom for this device, so the only way to backup and flash rom is through the bootloader (r2sd all/os, sd2r)
Progress: I've managed to backup the rom through the bootloader, extracted the raw image to hd. I have also managed to dump ALL FILES using dumprom.exe .
This is where i'm stuck. How to inject files into the image.
As I understand, the rom has no imgfs partition, so maimach's tools are inappropriate for this task.
RomMaster gives the following error:
[Info] It is a common ROM.
[Error] File struct error, xip end offset is 0x7c90ee19, but file length
is 0x00fffffe.
Please tell me what else I can try, even if you are not sure. As I mentioned earlier, I'm only doing this to experiment and to learn, and I don't worry if I brick the device(it's pretty useless anyway)
Thanks in advance
Hello, I've tried extracting imgfs.bin from LG WM 6.5 firmware, and it results in some weird way.
The points I'm curious at are:
1. Unpacking .KDZ results in *.wdb, not .DZ.
2. Unpacking *.wdb results in weird binary file, not in .tot
3. Resulted binary file seems to be in Qualcomm .MBN format, but there seems to be almost no details within it. Are there any docs about this format?
4. I've tried using osnbtool (with -sp option), then it failed with this message: Can not find OS image! So I've searched it for a bit, then found that I have to rip off all the LG-specific regions to work. So I ripped those off (with custom unyaffsmbn), tried osnbtool again then it worked.
LU210927_00.bin.new.PRE written.
LU210927_00.bin.new.OS.NB written.
Now I get these two, so I tried nbImageTool on OS.NB generated. It extracted imgfs.bin, but seems like it is corrupted... Did I miss something?
Here is the link to the extracted OS.NB: https://drive.google.com/file/d/1vPHWbiHproO_bs09WASc8YreWNaJVrZr/view?usp=sharing
And here is the link to the original firmware (kdz): https://drive.google.com/file/d/1YknA0mg27YfaGEHr10XJ1k8ztgw_V3fA/view?usp=sharing
Thanks a lot!