The attached utility will allow to extract .NB0 OS image from ASUS P525 "galaxy.cap" complete rom update packages, and also to update CRC on modified NB0 ROM image, to pass the flasher validity check and flash the modified ROM. Also it will allow to unpack compressed kernel partition.
The application dynamically linked to Visual C runtime libraries. They used by myriads of applications, and most likely you already have them on your system installed. If you are not (on a clean PC for example) and P525ROMTool complains about lack of needed libraries,- download and install this - http://www.microsoft.com/downloads/details.aspx?familyid=32BC1BEE-A3F9-4C13-9C99-220B62A191EE
For you technical people, the utility source is included too. You can see the basic layout, and that ASUS used Adler32 algorithm to calculate the checksum on ROMs (with slight modification that base sum was initialized to zero instead of one).
The basic procedure for cooking your own custom P525 rom is:
1) P525ROMTool -d galaxy.cap
This will extract the ROMGalaxy.NB0 OS-only image. For custom ROMs I recommend working with NB0 OS images only - no danger of corrupting bootloader & IPL this way.
2) prepare_imgfs ROMGalaxy.NB0 -nosplit
3) DelFile / AddFile
Iam not sure if you can truly fully rebuild the ROM and not to break anything (ROM tools were made for HTC platform, not for ASUS). So I recommend using DelFile/AddFile method at least for the start.
There are a lot of different ROM editing tools around, but I can not give you exact directions what is better and in which conditions - ASUS ROM cooking is less charted area then for HTCs.
I assume you know what you actually need to change on file basis for your ROM customization. If you dont know what I am talking about, this is not for you (read disclaimer at the end of the post, and think over it).
4) make_imgfs ROMGalaxy.NB0 -nosplit
5) P525ROMTool -s ROMGalaxy.NB0
it will ask about changed checksum. Enter "y" to update it. You can run P525"ROMTool -s ROMGalaxy.NB0" again to be sure that checksum was updated properly - it should'nt ask to change it second time.
6) Flash ROMGalaxy.NB0 via bootloader (copy it to SD card root, press "camera" fully, press reset).
Techincally, you can make the .cap file to flash via "autorun" loader, hovewer, I must warn you that .cap file will flash not only OS image, but also the IPL+bootloader. If something goes wrong, bootloader can be corrupted and device will be bricked.
If you flash ROMGalaxy.NB0, it will not flash over bootloader+IPL, so its a lot safer - if something goes wrong, you still must be able to flash emergency rom via bootloader.
Take note that any activity that involves the ROM updating is dangerous. Even if you understand everything, there is some risk. If you have only basic understanding of ROM mechanics, risk increases tenfold - you better consider before screwing up perfectly working and expensive device.
You have been warned.
Ingvarr, thanks a million time. I love yr WM5 Storage and I think I will love this tool also. I will start building my rom based on Sorg's build 6 since it does provide some very useful tools for us.
Ingvarr thank you for your cool tools.
But when I DIY my ROM, I can't make make_imgfs.exe work correctly. It returns some symbols I can't understand.
Even I run make_imgfs.exe just after finish running prepare_imgfs.exe, it returns the err.
Could you help me with this?
make_imgfs ROMGalaxy.NB0 -nosplit
NOT "nk.nba"
It writes the modified filesystem back in the original image, so it should remain the same. You dont want to mix the ASUS and HTC ROMs and then flash it to your device, trust me
I recommend you to read HTC ROM Tools instructions and forum threads and be sure you've got right how it works, before you screw something up
sir,
Bad news,it can't work with CHS ROM (ROMgalaxy.nb0) checksum error!~~~
Does it correctly verify the checksum on original ROM?
I will try to look over it, maybe I've missed something.
Btw, if you can, write down what does writes on screen _exactly_, down to the point of failure (including error message).
Ingvarr said:
Does it correctly verify the checksum on original ROM?
I will try to look over it, maybe I've missed something.
Btw, if you can, write down what does writes on screen _exactly_, down to the point of failure (including error message).
Click to expand...
Click to collapse
i have tried it too.
i updated the checksum in sorgs rom, and then i found, that the checksum from ur SW is diffrent with the original Checksum in sorgs ROM
harlemyin said:
i have tried it too.
i updated the checksum in sorgs rom, and then i found, that the checksum from ur SW is diffrent with the original Checksum in sorgs ROM
Click to expand...
Click to collapse
You mean, it claims that checksum is wrong even when you have not modified NB0 yet?
I may look over this NB0, can you host it somewhere? But better not at rapidshare, Iam already topped my limit
Ingvarr said:
You mean, it claims that checksum is wrong even when you have not modified NB0 yet?
I may look over this NB0, can you host it somewhere? But better not at rapidshare, Iam already topped my limit
Click to expand...
Click to collapse
yes
and it happens by official P525_V3320_WWE2nd too
checksum in official P525_V3320_WWE2nd is 79AB7436
ur SW changed it to EF722461----not modified NB0
u can download official P525_V3320_WWE2nd with www.asus.com or
ftp://dlsvr02.asus.com/pub/ASUS/IA/P525/P525_V3320_WWE2nd.zip
Thats odd, because I've just checked it with WWE 3.32 and at least checksum calculation defenitely works ok...
This roms are in .CAP package. Have you actually extracted .NB0 from .CAP?
I have uploaded version 1.01 - it has additional sanity checks to make sure that you try to run it on NB0 with structure it expects.
Try it on WWE 3.32 and write what the original checksum and calculated checksums will be.
sorry
our mistake
i tested ur SW with a *.nb0, which extracted with xda3nbftool.exe------*.nb0 with ipl and bootloader.
and now i find, that *.nb0 should be and must be extracted with ur P525ROMTool -d galaxy.cap,------that means *.nb0 without ipl and bootloader
everything is fine, when *.nb0 is extracted with ur P525ROMTool
i think creazy2000 just made the same mistake like me.
o
thanks a lot.
Thanks. The tool works perfectly on my P525.
Ingvarr said:
Thats odd, because I've just checked it with WWE 3.32 and at least checksum calculation defenitely works ok...
This roms are in .CAP package. Have you actually extracted .NB0 from .CAP?
I have uploaded version 1.01 - it has additional sanity checks to make sure that you try to run it on NB0 with structure it expects.
Try it on WWE 3.32 and write what the original checksum and calculated checksums will be.
Click to expand...
Click to collapse
I make a mistake, thanks!
harlemyin said:
sorry
our mistake
i tested ur SW with a *.nb0, which extracted with xda3nbftool.exe------*.nb0 with ipl and bootloader.
and now i find, that *.nb0 should be and must be extracted with ur P525ROMTool -d galaxy.cap,------that means *.nb0 without ipl and bootloader
everything is fine, when *.nb0 is extracted with ur P525ROMTool
i think creazy2000 just made the same mistake like me.
Click to expand...
Click to collapse
Oh, I know !
I make a mistake !
thanks
Is it a seperate tools that the imgfs? Need I find this tool to finish the whole things? Where can I find this tool?
P525_V3320_WWE2
I have P525_V3.29.0 WWE3
Can someone tell the difference between them it looks that the first one is newer but I am confused by the WWE which is newer
Thanks all
Night Runner said:
Is it a seperate tools that the imgfs? Need I find this tool to finish the whole things? Where can I find this tool?
Click to expand...
Click to collapse
Everything about complete process is in the first post. What is you dont understand from here?
jmfa59 said:
P525_V3320_WWE2
I have P525_V3.29.0 WWE3
Can someone tell the difference between them it looks that the first one is newer but I am confused by the WWE which is newer
Thanks all
Click to expand...
Click to collapse
WWE means "world wide english".
First is 3.32, therefore, its newer.
Ingvarr
Thanks Buddy,
can you explain WW2 and WWE3 it seems that the latter is newer but the version V3.29 is older or is ment for different country
i wrote a new tool that you can use to read the rom image, it can be found at:
http://nah6.com/~itsme/bkondisk.zip
Code:
usage:
first copy bkondisk.exe to \windows on your device, then:
prun bkondisk [targetdir]
will save all partitions on all volumes in files on [targetdir]
prun bkondisk -v0 -p1 [targetdir]
will save a specific partition on [targetdir]
prun bkondisk -v0 -b0 -n1 \firstblock.img
will save the specified blocks to \firstblock.img
prun bkondisk -i
will only list disk info in the logfile "\bkondisk.log"
-v0 or -v1 to specify the volume
-p0, -p1, etc to specify a partition
-b0 etc to specify a starting block ( ignoring partioning )
-n32 specifies to read 32 blocks starting at the above block.
note: you DON'T need to put quotes around directories with spaces in it.
when no path is specified, files will be created in the root.
Thanks! I've got a couple of questions... it extracted the following files:
bk_00_0000.img
bk_02_0005.img
bk_03_0025.img
bk_06_0001.img
bk_08_0175.img
What do these files refer to (which one is the ROM, etc). Also, is there a way to write these backups back to the phone? It would be a great way to try out test roms and get back to my original T-Mobile ROM if necessary.
bk_00_0000.img - IPL : ONBL1 + ONBL2
bk_02_0005.img - GSM + splash + gsmdata + simlock + serialnrs
bk_03_0025.img - OS
bk_06_0001.img - SPL
bk_08_0175.img - userfilesystem
Is there a way to write them back to the phone? or is that not possible...
is it possible to get a .nbh files out of these files?
My idea would be to "glue" the 4 files together (bk_00 to bk_06) in one file, rename the file to RUU_signed.nbh and exchange the RUU_signed.nbh created by the RUU.exe in \Profiles\[user]\Local Settings\Temp\pftxx.tmp with this one and then run on the RUU.exe with the modified .nbh
for example in DOS:
copy /b bk_00_0000.img+bk_02_0005.img+bk_03_0025.img+bk_06_0001.img RUU_signed.nbh
Is it that simple?
EDIT:
Ok this easy way doesn't work.
RUU says "Error 238 - File read"
Maybe some kind of checksum is missing....
Three questions for itsme
1. Could these files be used to create a nbf file to flash from the sd card as a backup?
2. Would it be possible to modify sim/cid lock?
3. Are these files in raw (dump) format that could be edited in hex editor?
P.S. Thanks to your other posts (works) that helped me figure out the whole sd card flashing thing for the Dash.
Maybe this helps a little bit to get ideas.
I have been searching here for nights - this is what I found so far:
1. I think it's similar to the Hermes - nobody found a way till now - the first step is to modify a signed .nbh, deleting works but not adding a file:
Hermes - how to dump ROM
Hermes - new custom ROMs
Hermes - ROM cooking and Bootloader MFG 1.01
aChef ROM Utils
2. This is the way Imei-Check is CID-unlocking - investigated by pof:
Reverse Engineering the Herems imei-check unlocker
Maybe there is another way like Zone-MR is doing it for the Star100/Qtek 8500
Star100 Unlock procedure but here you have still to decryt/encrypt the block in my understanding and therefore you have to find out the key
3. I didn't find anything about this so far, but I think the information is anywhere at XDA-Developers
EDIT: here (nl)itsme wrote:
.... but i am still busy, have not had the time to look at creating a tool to convert a memdump to a updater file.
Click to expand...
Click to collapse
so I hope he will find the time to create this tool
P.S: @itsme and @pof: I also want to thank you very much - you are heroes!!!
mar11974 said:
1. Could these files be used to create a nbf file to flash from the sd card as a backup?
2. Would it be possible to modify sim/cid lock?
3. Are these files in raw (dump) format that could be edited in hex editor?
P.S. Thanks to your other posts (works) that helped me figure out the whole sd card flashing thing for the Dash.
Click to expand...
Click to collapse
I got different files ...
After running the tool I got :
bk_0__0000.img (IPL? Is it same as bk_00_0000.img?)
bk_02_0005.img (GSM + splash + gsmdata + simlock + serialnrs)
bk_03_0025.img (OS)
bk_06_0001.img (SPL)
bk_08_0185.img (?????)
I did not get bk_08_0175.img, though.
Hints?
On the other hand, is it possible to extract files out of IMG files?
Thanks.
My device rom seems to be aku1.
is it possible that i use other roms,which is aku3,replace dlls and other things from them and create my aku3 rom?
For example i saw contacts in newer roms is lot improved,is it possible that i use contact.exe(if it is the file name)from newer roms,replace it into my current rom file?or other .exe or .dll files?
Thats what ROM cooking is.
You take components that are generic and not device dependent from a more advanced ROM and place it in a ROM for your device that contains all the device specific stuff like drivers.
BUT: it is not as simple as it sounds.
First, you need a ROM image for your device (and if you are going to ask more serious questions on this matter you must specify exact model of your device) which you can get through a dump or from an official update.
Second you need tools, also specific for your device, that can take apart that image and put it back together.
And finally you need the new files which also have to be obtained from a ROM image for the more advanced device.
Thank you.
Well i guess i have the tools,becouse i could create the dump folder.and repack it again.
although the generated files were not same.(someone in chineese forum told me it is enough that value in bootloader be same,in my case values before 0x060000,i dont know if it is enough or not).
I havent yet tried to upgrade that rom,until i have enough knowledge.
But if we assume i have all tools,is there a guide or something that what files i can replace?
for example if i want to have new contact program,what files should i upgrade?
or is there a list of all dlls,exe files which are device independent?
so?anyone?
Some other questions:
using addfile/removefile,can i replace .dll files?
becouse i used the dump folder,shellres.96.dll,and deleting/adding,i get no icons in windows.
also using s000 file renaming it to shellres.96.dll i still get the same problem?
is there anyway to change this dll?
My diamond has original ISR Orange rom.
I managed to backup the four parts raw files and the spl.
I want to make sure a few things.
Does it mean the radio has been backed up as well? Or the change of radio version is seperated from rom upgrading and spl?
I noticed that in here its claimed that spl file is .nbh, while the guide I followed in one of the posts here, of how to make full rom dump and spl, the code line using itsutils was
Code:
pmemdump.exe 0xa8000000 524288 SPLdumped.nb
My file is .nb, does it matter?
After I'll cook this raw files into a flashable rom, does it mean that in the future, when I'll restore to that rom
And return to this SPL, which i also made a backup of it,
I'll still have my warrenty?
Does the details appearing in the Settings > Device information will be completely the same?
Sorry for the newbie questions, Its new to me and Not every single question has a full answer somewhere
Thanks
Ok, I'm using the androidhtc git to stay up to date with the htcvogue-2.6.32 branch, and created a zImage from the resulting files by MAKEing the kernel. That all went perfectly fine.
The thing I need to know is how do you flash this zImage to the Kaiser? I know how to flash with .nbh files, and don't have a problem doing it. NBHCreator fials and gives a 4KB nbh, so that doesn't work...is there a way to hex edit it or anything...literally ANYTHING at all to make it into an nbh? There must be a way that devs done this before NBHCreator was released...
Also I tried flashing in Ubuntu with HTCFlasher with the zImage directly to the Kaiser, and it seemed to complete, just complaining of a CERT ERROR or something, but the progress bar got to 100%.
Any help please guys??
checkout the tinboot from git
copy (or link) the zImage in the directory
./compilekaiser.sh
(search button in the forum always help you)
I'll look into it, thanks l1qu1d. I did do a forum search, maybe I used th wrong search keywords :S