This is a work in progress - please post info / corrections as necessary - and supporting detail!!!
Browsing through the Wiki and not finding what I needed, I hoped to pool together the common knowledge floating around and put together a process for working with the extended rom on our Hermes.
While unlocking/viewing the extended rom is well documented - opening, editing, and launching the extended rom image contents are not - or so my searching has reveiled (or not reveiled ).
So far, this is what I have got together / know:
The extended rom, extracted from a dump, is an .nb image. It contains the following files:
AutoRun.exe 'installs the applications
Config.txt 'determines what gets installed / path to file
Assorted cabs to be installed per the Config.txt
Here is an example of an extended rom Config.txt:
LOCK:Enabled
CAB: \Extended_ROM\C_Cingular_GoodEmail_081606.sa.CAB
CAB: \Extended_ROM\C_getmail.htc8525.cab
CAB: \Extended_ROM\C_HSDPA_Wirelss_Modem_Stall.cab
CAB: \Extended_ROM\C_GetTeleNav.CAB
CAB: \Extended_ROM\MT_PC_Hermes_PTT_REG_070129.CAB
CAB: \Extended_ROM\PP_PIE_Default.CAB
CAB: \Extended_ROM\ShortString_Keypad_XML.CAB
CAB: \Extended_ROM\SMS_Setting_07Jun06.CAB
CAB: \Extended_ROM\SPM_Fix_ITS#2990.cab
CAB: \Extended_ROM\PP_XpressMail_launchCamera.cab
CAB: \Extended_ROM\ppcquickstart_QVGA.PPC_Draft_11-17.CAB
CAB: \Extended_ROM\ST_Audio216Patch_20070409.CAB
CAB: \Storage Card\ExtROM\Adobe_Flash_Lite_2.1.cab
CAB: \Storage Card\ExtROM\MsPacMan.cab
LOCK: Disabled 'space added to display properly
RST: Reset
Note that I'm running installs from both the extended rom and the storage card. This prevents the installation file (cab) from staying in the windows directory after installation. In theory, you could move everything to the storage card if you wanted to use the extended rom space for main storage as in the Big Storage ROM that bepe put out.
Here is a PreConfig file for comparison:
LOCK:Enabled
EXEC:\Windows\SetHSDPA.exe /Enable
CAB: \Windows\CM_Mapping_1.29.502.2.CAB
CAB: \Windows\A2DPFix.CAB
CAB: \Windows\ATIFix.cab
CAB: \Windows\restoreHiddenProxy4CWS_0522.cab
XML: \Windows\MP_MMS3.5_CWS_Hermes_070328.xml
XML: \Windows\PP_Generic_ConnSetting_Hermes_CWS.xml
XML: \Windows\PP_Other_Conn_Hermes_CWS.xml
XML: \Windows\PP_UXC_HermesCWS.xml
XML: \Windows\PP_Generic_UI_Hermes_CWS.xml
XML: \Windows\PP_Other_reg.xml
LOCK: Disabled 'space added to display properly
RST: Reset
Note the file path reference, otherwise the format is identical. PreConfig can run any file type - xml, cab, or exe. I need to verify if Config.txt can do the same.
In the Pandora Kitchen v9.2 and beyond, the PreConfig AT&T w/Extended ROM Launch contains the format to do both. Here is a sample PreConfig.txt from it which does both:
LOCK:Enabled
EXEC:\Windows\SetHSDPA.exe /Enable
XML: \Windows\MP_MMS3.5_CWS_Hermes_070328.xml
XML: \Windows\PP_Generic_ConnSetting_Hermes_CWS.xml
XML: \Windows\PP_Other_Conn_Hermes_CWS.xml
XML: \Windows\PP_UXC_HermesCWS.xml
XML: \Windows\PP_Generic_UI_Hermes_CWS.xml
XML: \Windows\PP_Other_reg.xml
Hide:Enabled
EXEC:\Extended_ROM\autorun.exe
LOCK: Disabled 'space added to display properly
RST: Reset
Note that it runs the PreConfig items first, then calls the Extended ROM to run it's Config.txt items.
To create a new extended rom image or look at what's in yours, I attached the exe's provided by Shamanix and ChunkyMonkey which was developed by AnDim: (his thread)
Here is a sample folder of files that would be used to build a functional extended rom: RapidShare Link
Here is the compiled Extended ROM image: RapidShare Link
A few notes on building the image:
Before adding files to the extended rom, be sure to set them to READ ONLY. While I have not verifed this on the Hermes, the Wizard would not install files which were not saved as read only first.
It's been said that only cabs which have been signed can be used. Using existing cabs from the carrier's extended rom should be fine. I've also successfully installed a number of others from the extended rom, including the Windows Live 33.0600 and Sleuth's ATI and A2DP Fix.
Warning!! If you reference a file that does not exist, the installation progress will stop and you are forced to reset (and everything after the missing file will not be installed).
Warning!! Your total extended rom image size cannot exceed 10 meg (exact value to follow)!!! I do not know (yet) what the tool will do if you exceed this size, but that is the size limit of the extended rom memory allocation.
More info yet to be asymilated: http://forum.xda-developers.com/showpost.php?p=759609&postcount=131
Here's some commands from the previous link:
CAB - run a cab files
EXEC - execute a program or application
CPY1 - Source of the File to be copy
CPY2 - Destination of the File to be copy as stated in CPY1
RST - Make a soft reset
More content to follow...
------------------------------------------------------------------------
Reasons to use the AutoRun for installing rather than storage:
1. Automating customization after a hard reset/flash
2. Installing from the extended rom/SD helps reduce Windows folder "bloat" by keeping the installation CAB and installed files out of the windows directory.
3. SD Memory is cheap. I'd rather install from there and have more storage on the phone.
4. ...
5. ...
Unless the big storage rom is being used, extended rom space is a terrible thing to waste
If I am not mistaken there an EXT_Rom builder that was posted some time ago in the Hermes forum. It was able to create EXT_Roms that you could flash on your Hermes there are also several threads about instructions on how to do this it probably got buried some place since it was a few months ago. Just make sure that the files are read only and the Config.txt is correct
You could give these tools a go and see if they work properly..
http://rapidshare.com/files/60718018/HTC_EXTROM_EDITORS.rar.html
You must rename the nb file to _ExtROM.nb in order v901 to see the file...
No doubt! Ive been pouring over the wiki and this site and it all seems so scattered...
Tried the viewer from above post (file too large error; dumped extrom from att 3.62)
I would like to try and cook one up but I cant seem to find the info consolidated...
One of these days I'll get it figured out.. Maybe there's a magic answer out there that a member could give us, but I feel like its search, trial, brick (hopefully not , answer....
ExtROM editor.
Earlier version could only extract, this one's great. Don't know if there are any more recent editions but this does do the trick as it stands.
It's this I started using when keeping a couple of my own OEMs up to date got too much bother. You make things too easy for us matt - I've got lazy!
chunkymonkey said:
ExtROM editor.
Earlier version could only extract, this one's great. Don't know if there are any more recent editions but this does do the trick as it stands.
It's this I started using when keeping a couple of my own OEMs up to date got too much bother. You make things too easy for us matt - I've got lazy!
Click to expand...
Click to collapse
nice - I had seen this one referenced, but couldn't find the download (new image creation version).
Whoohoo! Off to a good start
Thanks!
Shamanix said:
You could give these tools a go and see if they work properly..
http://rapidshare.com/files/60718018/HTC_EXTROM_EDITORS.rar.html
You must rename the nb file to _ExtROM.nb in order v901 to see the file...
Click to expand...
Click to collapse
these worked for me - and has both! Thanks!
Good thread for new members....been wondering how to edit and create my own ext ROM...THANKS!!!
This is AnDim's stuff, to credit the original author. Guess he never got around to creating the read/write v1.0.
vp3G said:
This is AnDim's stuff, to credit the original author. Guess he never got around to creating the read/write v1.0.
Click to expand...
Click to collapse
Thanks - happy to update!
XML's WORK from extended_rom and many other things, like copy PIM.VOL (backup) from storage card to restore contacts, calendar, call hystory..., call cab's from storage card.
Extended_ROM can be launched from Preconfig also with CFG:\Extended_ROM\Config.txt
here's mine:
LOCK:Enabled
EXEC:\Windows\SetHSDPA.exe /Enable
XML: \Extended_ROM\Dan.xml
XML: \Extended_ROM\Dan_regs.xml
XML: \Extended_ROM\Dan_apps.xml
XML: \Extended_ROM\comm_3g_regs.xml
CAB: \Extended_ROM\dan_files_1.cab
CAB: \Extended_ROM\dan_files_2.cab
CAB: \Extended_ROM\EffComm.CAB
CAB: \Storage Card\My Documents\Programe\HTC\Touch_6_dan.cab
CAB: \Storage Card\My Documents\Programe\HTC\clock_fonts.cab
CAB: \Storage Card\My Documents\Programe\HTC\Dialer_touch.cab
CAB: \Extended_ROM\sdkcerts.cab
CAB: \Extended_ROM\ColorBatteryClean3G.cab
CPY1:\Storage Card\PIM.VOL
CPY2:\PIM.VOL
LOCK: Disabled
RST: Reset
so using the htc extended rom builder.. adding all me cab files, does the app auto create the config.txt file based on what files you have added or do you need to manually create your own one and add it to the "package" as such. (along with autorun.exe)
thefunkygibbon said:
so using the htc extended rom builder.. adding all me cab files, does the app auto create the config.txt file based on what files you have added or do you need to manually create your own one and add it to the "package" as such. (along with autorun.exe)
Click to expand...
Click to collapse
Manually...
Dan - I loaded all of the xml files from the PreConfig into the Extended ROM and setup the Config file.
I had no settings installed from these files, and during the the loading process they didn't show up while processing - and I verified the Config.txt was correct.
I moved them back to PreConfig - and they worked fine.
That's my base for assuming the XML files don't run from the Extended ROM. Hard to establish a trend from one data point - but it was very convincing.
mattk_r said:
Manually...
Dan - I loaded all of the xml files from the PreConfig into the Extended ROM and setup the Config file.
I had no settings installed from these files, and during the the loading process they didn't show up while processing - and I verified the Config.txt was correct.
I moved them back to PreConfig - and they worked fine.
That's my base for assuming the XML files don't run from the Extended ROM. Hard to establish a trend from one data point - but it was very convincing.
Click to expand...
Click to collapse
matt,
the config I posted works flawlessly for me (progress shown+they install ok) since at least 3 months with several ROMs. maybe because I use in Preconfig this CFG:\Extended_ROM\Config.txt to make a difference?
to be tested.
ciao,
dan
dan1967 said:
matt,
the config I posted works flawlessly for me (progress shown+they install ok) since at least 3 months with several ROMs. maybe because I use in Preconfig this CFG:\Extended_ROM\Config.txt to make a difference?
to be tested.
ciao,
dan
Click to expand...
Click to collapse
Interesting. I would suspect that the system already knows about the Config.txt because of the registry setting in the OEMDrivers .rgu file:
[HKEY_LOCAL_MACHINE\Comm]
"AutoRun"="\\Extended_ROM\\autorun.exe"
"AutoRunCFG"="\\Extended_ROM\\config.txt"
"AutoRunType"=dword:00000000
"TurnRadioFlag"=dword:00000000
Plus, if it didn't know about it - the cabs should not be getting installed in any case.
I'd really like to understand this further. Moving the xml files isn't a huge savings (compared to moving things like Windows Live or Office), be every bit helps.
Matt,
I also tried with the XML's from Extended Rom and they did not load. Fortunately I had a cab file with the same settings so I just executed that.
This is amazing:
I am now installing ALL my extra apps including Office 2007 and WinLive from the ExtROM - saves me a lot of time whenever I flash and keeps my device \windows nice and clean.
Thank you for starting this thread and doing such an amazing job with Pandora!
To start with I am not using your kitchen at all, haven't really tried. I should try maybe. I am using tadzio's for the moment only.
What I do:
Normally I strip the ROM of that I want out (a couple of .bat files), put a couple of files (2) in dump and re-build and re-flash.
This mxipupdate_zzPIED_101.provxml is one of them that I always replace
<wap-provisioningdoc>
<!-- move lnk to StartUp -->
<characteristic type="FileOperation">
<characteristic type="%CE4%\CheckAutoRun.lnk" translation="install">
<characteristic type="Copy">
<parm name="Source" value="\Windows\CheckAutoRun.lnk" translation="install"/>
</characteristic>
</characteristic>
</characteristic>
<characteristic type="Registry">
<characteristic type="HKLM\Comm" >
<parm name="AutoRunCFG" value="\windows\Config.txt" datatype="string" />
<parm name="AutoRun" value="\windows\AutoRun.exe" datatype="string" />
<parm name="EnableNewMailAccount" value="0" datatype="integer" />
</characteristic>
</characteristic>
<characteristic type="Registry">
<characteristic type="HKLM\Software\Microsoft\Welcome" translation="filesystem" >
<parm name="Disable" datatype="integer" value="188" />
</characteristic>
</characteristic>
</wap-provisioningdoc>
Than I put my preconfig.txt
LOCK:Enabled
CFG: \Extended_ROM\Config.txt
LOCKisabled
RST: Reset
As almost everything else is pre-installed in extrom (I only add some shortcuts, settings or apps regs) or installed from storage card I do not need to do more. After re-flash or HR I have a ready-to-use phone with nothing else to do than test.
I see as difference that I do not have anything in the registry related to the autostart of extrom. To be that?
DvTonder said:
Matt,
I also tried with the XML's from Extended Rom and they did not load. Fortunately I had a cab file with the same settings so I just executed that.
This is amazing:
I am now installing ALL my extra apps including Office 2007 and WinLive from the ExtROM - saves me a lot of time whenever I flash and keeps my device \windows nice and clean.
Thank you for starting this thread and doing such an amazing job with Pandora!
Click to expand...
Click to collapse
Glad it working well for you! Can you point me to a dowload of Office - if it has OneNotes with it?
Bottom line is that once you "open" a ROM" you may live very well with the XML's installed from Preconfig.
But you may not want to change the ROM when need to do something simple (i.e. upgrade a program) and therefore changing some things&files on extrom are much easier to do and you keep your system updated.
That's one of the reasons I prefer to use XML's as they can be edited and changed with Notepad while for cab's, well you do not have WinCE available everywhere and you are dependent on your home computer.
dan1967 said:
...
I see as difference that I do not have anything in the registry related to the autostart of extrom. To be that?
Click to expand...
Click to collapse
Hmmmm... Noting the registry points to the AutoRun.exe and Config.txt in the Windows directory rather than on the extended rom - but the preconfig.txt points to the Config.txt on the extended rom. I wonder if that has any effect...
Do you have a copy of the Config.txt from Windows as well?
Have two iritating things I cannot figure out myself, and cannot find these answers (have searched tryst me ).
1. Windows Media Player, the icon I would like to put it in a Multimedia folder (inside Programs), but when i edit initflashfiles.dat, i get a icon both in Multimedia and in Programs folder, how to controll the incon of Windows Media Palyer?
2. The weather plugin in TF3D, how to disable the auto update in the regestry, and what regestry to edit?
3. How to set date and time for the rom?
Would be nice if some one could help me with these two small issues, they are just so annoying, and cannot find the solution myself...
To disable auto download weather, i have this provxml registry tweak:
Code:
<characteristic type="HKCU\Software\HTC\Manila" translation="filesystem">
<parm name="Data.AutoDownloadOff" datatype="integer" value="1"/>
</characteristic>
For the date and time look for an OEM folder called "OEMVersion" and edit the provxml inside with this:
Code:
<characteristic type="HKLM\Software\OEM">
<parm name="ROMVersion" value="blahblah" datatype="string"/>
<parm name="ROMDate" value="12-Dec-12" datatype="string" />
</characteristic>
For the multimedia icon, i'm not sure but you can have a look in the iniflashfiles.dat file.
NitroOnTheRocks said:
To disable auto download weather, i have this provxml registry tweak:
Code:
<characteristic type="HKCU\Software\HTC\Manila" translation="filesystem">
<parm name="Data.AutoDownloadOff" datatype="integer" value="1"/>
</characteristic>
For the date and time look for an OEM folder called "OEMVersion" and edit the provxml inside with this:
Code:
<characteristic type="HKLM\Software\OEM">
<parm name="ROMVersion" value="blahblah" datatype="string"/>
<parm name="ROMDate" value="12-Dec-12" datatype="string" />
</characteristic>
For the multimedia icon, i'm not sure but you can have a look in the iniflashfiles.dat file.
Click to expand...
Click to collapse
Thanks man, you just made my day, have searched for days without result, many thanks .
Have though one small new problems, that maybe some one can help me with?
1. In TF3D Image tab, all images is showed, it should be a specific folder, how to change that?
2. In msn applicatio, the "From: and To:" is in english, but should be in Danish (everything else is), maybe just a regestry tweak?
Cant help with those.
Maybe you can find them with CE Regeditor.
Ok thanks, will look into it .
BTW am having problems getting the string below to work, how to set it to lets say 25 jan 2009 when first boot?
<parm name="ROMDate" value="12-Dec-12" datatype="string" />
Click to expand...
Click to collapse
Code:
<parm name="ROMDate" value="25-Jan-09" datatype="string" />
This works for me
NitroOnTheRocks said:
Code:
<parm name="ROMDate" value="25-Jan-09" datatype="string" />
This works for me
Click to expand...
Click to collapse
Still not show right date on first boot (the screen you come to after callibrating the screen), maybe there is a different string for that?
Aah, i think i misunderstood you.
You can't set the date and time directly for windows i think.
Time zone information you can set, i do it.
And after hard reset i use program like SKTSync to sync my time with internet via WiFi.
For Time Zone registry information look at these keys:
Code:
[HKEY_LOCAL_MACHINE\Time]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Clock]
No it is the date that you have to set after a hard reset, right after screen calibration, you have to set det/time...
whc said:
No it is the date that you have to set after a hard reset, right after screen calibration, you have to set det/time...
Click to expand...
Click to collapse
the date is set in xip in your kitchen.
qtotter said:
the date is set in xip in your kitchen.
Click to expand...
Click to collapse
Ok, but how is it done?
whc said:
Ok, but how is it done?
Click to expand...
Click to collapse
it's coded in the s000 file of the nk.exe module in xip. bepe's kitchen can change the date in s000.
Okay,
in this example we are going to use genious Bepe's PlatformRebuilder Kitchen and Mondilv's Nataly ROM. You get this in one package from Nataly Projektpage, just download the latest stable Nataly Kitchen. While no one else seems to have problems, on my Diamond 2.7 makes weird device behaviour, so i recommend 2.6
Bepe's new kitchen is not limited to Diamond devices, the more it is able to port foreign OS into your kitchen very easy and very well, more the more it is able to manage different language versions in one and only kitchen and most the more it can simultaniously manage different ROM Versions, as Lite, Premium, etc. Take a look at the kitchen tutorial, alternativly found here as file - you'll be surprised !!! With some luck he is gonna publish a grafical GUI for his kitchen in a while - so stay tuned.
Preparation: Make shure you got unsigned HardSPL installed!!!
First step: Unpack Nataly kitchen directly to your C-Drive e.g.: "C:\nataly\..."!
Second step: Remove all packages/folders from underneath EN_KITCHEN you think you won't need.
Third step: If you want to add packages/apps from folder "_ADDS/EXT/Diamond" you just have to drag and drop them back to "EN_KITCHEN/EXT/Diamond". If you want to add packages/apps from folder "_ADDS/SYS" you may drag and drop them to "EN_KITCHEN/SYS" or you may convert them to the new package format Bebe is using and afterwards drag and drop them to "EN_KITCHEN/EXT/Diamond". Ervius did write us a tool EXT_PAckages_rebuilder.exe to do this by simply letting the folder drop onto it and all other is done automatically. After this you can cut/copy and paste the directory to path EXT/Diamond/...! It will get included by platformrebuilder automatically too. *
Fourth step: If you want to include other apps you like, you need to use Ervius (yes again) genious Ervius_Package_Creator found in the kitchen under path UTILS/.... Open the cab file and MSCEInfen will get opened automatically. Click "Extract CAB files with original names in folder" - Button (CAB and this folder MUST have the same path!) and close MSCEInfen, you get returned to package creator and may further correct things or not, at this stage of knowhow, maybe better leave all to Package Creator, it will do the rest the right way. So just click DONE and COMPLETE PACKAGE. Now you need Ervius EXT_PAckages_rebuilder again to get package converted into new format and thereafter you may add it to EXT/Diamond/...! *
Last Step: Click "build_rom.bat" under path EN_KITCHEN and wait - when finished there will be the file "OS-new.nb" which you have to select in automatically opened HTCRT.exe under item OS and further select the platform from dropdown, etc., fill in Version number etc. and thereafter you will get a file "OS-new.nbh" or whatever you named it in HTCRT. [see screenshot below]
* If your application now does not work correctly (quite a few will not do by now ) you should dump your registry with e.g. dotfreds FDCSoft Taskmanagers builtin RegistryEditor. "Export All" found in context menu, do this before and after manual installation of the app, copy both dumped reg files to PC and compare them with e.g. Advanced Registry Tracer (Elcomsoft), export the differences and clean hives (keys) that you don't need (e.g. application foreign keys) add the rest to your corresponding app.reg file!
You are ready to flash your own ROM with DiamondCustomRUU.exe now. Got it?
DONT FORGET: ALL YOU DO IS AT YOUR TOTALLY OWN RISK!
Your own SOURCE for ROM?
This has been simple, didn't it? So if you'd like to use other source ROM (maybe that of your provider or country) you should download Bepe's Basic Kitchen and the Toolset from darkforcesteam-forum and watch his video tutorial, as this shows everything you need to know step by step. After another 5 minutes you got your own source kitchened what else do you need?
Upgrading your OS? That's far as simple. Watch this video and you'll laugh because of simplicity.
Hope i did not forget something, lol!
Have fun...
P.S.: If you find this useful, you may vote the thread and the more you could post a reply, as this may keep the thread up in list and therefore findable to others, as it is not sticky!
Read on further customization of your ROM in posts beneath (2/3)!
Further customizing your ROM!
RADIO
You can find recommended Radio 1.14.25.05 for latest Nataly ROM here: http://customroms.com/diam_radio_1.14.25.05.rar - Mondilv did include the corresponding rilphone.dll already in Nataly Rom! Be shure your device is Security unlocked, which is not the same as SIM-Unlocked!!! Read this thread please: http://forum.xda-developers.com/showthread.php?t=470306! and thereafter this thread: http://forum.xda-developers.com/showthread.php?t=414835!
To not let you get confused at this point a short tip to security unlock: First flash the Radio 1.00.25.05 on your phone, after that start DiamondSecUnlocker.exe from your PC and click Step 1 button. Now the flashing gui of the DiamondCustomRUU will pop up and let you flash the Radio 1.20 Olinex (which you did not see in the zip-package before ) after that is done you will be able to complete Step 2 of the still running SecUnlocker on your PC and you will get order to complete unlock on your device. There you have to set the wanted options and close it on device. Now the SecUnlocker on PC comes to end and after this all you will be able to flash any radio onto your device you want (as long as you see text "Security Unlocked on your three colored bootup screen before flashing process). Beware of what you flash, you could even flash $¥%¢¤#in Nokia radio firmware now onto your device and brick it!!! To lock security again you will need this tool: http://forum.xda-developers.com/attachment.php?attachmentid=155646&d=1234206431!
Comment: At the same day and weather conditions inbetween one hour with Radio 1.09.25.23, GPS needed about ~40 seconds to get 4/5 satellites fixed - with Radio 1.14.25.05 i got 9/10 satellites fixed in about ~30 seconds, which is quite a difference.
-----------------------------------
Custom Folders
If you want to make custom folders and sort your programs in YOUR way do it this way:
make new unique named directory under path EXT/Diamond/ eg. "xyzYOURdir"
make new directory named "files" in that directory [EXT/Diamond/xyzYOURdir/files]
in "files" directory create new file named: "mxipupdate_xyzYOURdir_100.provxml"
in that file put code:
Code:
<wap-provisioningdoc>
<characteristic type="FileOperation">
<characteristic type="%CE11%\YOURdir" translation="install">
<characteristic type="MakeDir" />
[COLOR="Blue"] <characteristic type="icon.lnk" translation="install">
<characteristic type="Shortcut">
<parm name="Source" value="\Windows\shellres.192.dll,-8216" translation="install" />
</characteristic>
</characteristic> [/COLOR]
<characteristic type="Streaming Media.lnk" translation="install">
<characteristic type="[B]Shortcut[/B]">
<parm name="Source" value="\Windows\StreamingPlayer.exe" translation="install" />
</characteristic>
</characteristic>
<characteristic type="Windows Media.lnk" translation="install">
<characteristic type="[B]Copy[/B]">
<parm name="Source" value="\Windows\WMPlayer.lnk" translation="install" />
</characteristic>
</characteristic>
<characteristic type="Calculator.lnk" translation="install">
<characteristic type="[B]Move[/B]">
<parm name="Source" value="%CE11%\Calculator.lnk" translation="install" />
</characteristic>
</characteristic>
[COLOR="Red"] <characteristic type="%CE11%\Pictures [B]&[/B] Videos.lnk" translation="install">
<characteristic type="[B]Delete[/B]">
<parm name="ForceDelete"/>
</characteristic>
</characteristic>[/COLOR]
</characteristic>
</characteristic>
</wap-provisioningdoc>
Did you notice the blue part, this is creation of shortcut which is assigned with special icon like told here beneath -->
Okay you can move links or copy and later delete the source! Pay attension on paths and spelling, if special characters are used in name of link use html code as in sample, for paths there is no way to mask those, then make new shortcut from exe and delete old original, but that has to take place later and NOT here, put that delete (red) section in EXT/Diamond/zconfig/finish.provxml! Microsoft even recommends to put each command in own dir-tags (remember ONE mistake/mistype/etc. and the whole prv-file is ignored/rejected!) so the prov-file in Office oem package is nice commented file to learn. Here is listing of %CE%-commands!
-----------------------------------
Folder Icons
You can customize every folder in startmenu by adding an icon to it (likewise Office or Games folders) In those directories there is an "icon.lnk" file which has a string inside, eg: 33#"\Windows\shellres.192.dll,-8216"
the number before # is the stringlength behind it
By changing the number and or referenced dll you can assign different icons to the folder the file is in. There are even several cabs to install whole folder-themes in the forum to find.
-----------------------------------
Add email account to ROM
Add this eg. in your custom folders "mxipupdate_xyzYOURdir_100.provxml"
Code:
<characteristic type="EMAIL2">
<characteristic type="{[COLOR="red"]XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX[/COLOR]}">
<parm name="SERVICENAME" value="Bobs Mail Account" />
<parm name="SERVICETYPE" value="POP3" />
<parm name="INSERVER" value="mail.northwindtraders.com" />
<parm name="OUTSERVER" value="smtp.northwindtraders.com" />
<parm name="NAME" value="Bob Kelly" />
<parm name="REPLYADDR" value="[email protected]" />
<parm name="AUTHNAME" value="bobk" />
<parm name="AUTHSECRET" value="bobs_password" />
<parm name="DOMAIN" value="" />
<characteristic type="NAMEDPROPS">
<parm name="MyNamedProp#0003" value="1" />
<parm name="AnotherNamedProp#0003" value="200" />
</characteristic>
<characteristic type="TAGPROPS">
<parm name="8128000B" value="1"/>
<parm name="812C000B" value="1"/>
</characteristic>
</characteristic>
</characteristic>
<GUID>
Defines one specific e-mail account. This is a globally unique identifier (GUID --> example: {1b57531a-54a0-4f2e-ab75-3b015628da62}) that you must generate for each new account, use your imagination or maybe OEMizer - section popEmail - just copy the content of prov-file .
-----------------------------------
MANILA
To edit Manila grafical files you may search for this cool tool, coded by Chainfire, at this thread CFC GUI - THE Manila/TF3D Image Editor. With this tool you are able to get files directly from device, decompress them for beeing able to edit (and save to local disk), afterwards recompress them and send them back to device again (to check)- what more could we need?
To edit the manila language files you may use most text editors - i use simply notepad , for configuration files u may use mode9 editor
Or if you do not plan to integrate them in ROM you may use TF3D Config!
I've done some files for Manila icons and clock to customize Nataly Design you find attached below.
Add weather city to Manila
Simply edit app.reg file in "EXT/Diamond/Manila ...." (Notepad) and add this way: ""Weather.CityList"="EUR|DE|GM001|BERLIN""
In same reg file you may define your program links manila displays:
Code:
[HKEY_LOCAL_MACHINE\Software\HTC\Manila\ProgramLauncher\0]
"DispName"="Album"
"IconPath"=""
"IsReadOnly"=dword:0
"Path"="\Windows\Start Menu\Programs\Album.lnk"
Further customizing your ROM
Add owner info to ROM
This is better to write down in device/settings/owner info and the export reg key with PHM because Adress are hex values
looksalike this:
Code:
[HKEY_CURRENT_USER\ControlPanel\Owner]
"Owner"=hex:59,00,6F,00,75,00,72,00,20,00,4E,00,61,00,6D,00,65,00,00,00,00,00,00,\
...
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,39,00,39,00,39,00,39
"Notes"="If you find this device and return it to me, you'll shurly get rewarded! Tnx!"
"E-mail"="[email protected]"
"Telephone"="9999-9999-9999"
"Name"="Your Name"
Add this to an "app.reg" file (create one if needed) for example in path "EXT/Diamond/xyzYOURdir/" !
Now adding registry infos should be clear, use your imagination to expand !
Want to localize your ROM
Now we are getting deeper,lol. In Nataly ROM you find it in "zconfig\app.reg" under TZ & RU LOCALE looks alike (for germany eg.):
Code:
;TZ0 Berlin
[HKEY_LOCAL_MACHINE\Time]
"TimeZoneInformation"=hex:c4,ff,ff,ff,57,00,2e,00,20,00,45,00,75,00,72,00,6f,00,\
70,00,65,00,20,00,53,00,74,00,61,00,6e,00,64,00,61,00,72,00,64,00,20,00,54,\
00,69,00,6d,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,0a,00,00,00,05,00,03,00,00,00,00,00,00,00,00,00,00,00,57,00,2e,00,20,\
00,45,00,75,00,72,00,6f,00,70,00,65,00,20,00,44,00,61,00,79,00,6c,00,69,00,\
67,00,68,00,74,00,20,00,54,00,69,00,6d,00,65,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,05,00,02,00,00,00,00,00,00,00,\
c4,ff,ff,ff
;RU LOCALE
[HKEY_LOCAL_MACHINE\nls]
"DefaultACP"=dword:000004e4
"DefaultLCID"=dword:00000407
"DefaultOCP"=dword:00000352
[HKEY_LOCAL_MACHINE\nls\overrides]
"S1159"="AM"
"S2359"="PM"
"LCID"=dword:00000407
[HKEY_LOCAL_MACHINE\Security\ColdInit]
"Locale"=dword:00000407
Too you may change clock appearance and maybe add your personal alarms (<-- although they don't work reliable) already (very useful for hardcore-flashers):
Code:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Clock]
"AppState"=hex:12
"GMT_OFFSET"=dword:ffffffc4
"TZIndex"=dword:00000055
"AppInfo"=hex:01,00,00,00,e8,00,00,00,6e,00,00,00,00,00,00,00,01,00,00,00,3a,01,\
00,00,69,00,00,00,00,00,00,00,01,00,00,00
"HomeDST"=dword:00000001
"Home"=dword:000000e8
"AutoDST"=dword:00000001
"SoundAlarmAlways"=dword:00000001
"NetworkTimeNotifyUser"=dword:00000001
"NetworkTimeSync"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Clock\0]
"AlarmText"="Wecker"
"Len_AlarmText"=dword:00000006
"AlarmHandle"=hex:24,00,00,3e,15,00,00,3a,23,00,00,33,17,00,00,39,25,00,00,32,00,00,00,00,00,00,00,00
"AlarmSnd"="[COLOR="Red"]iiih[/COLOR]"
"Len_AlarmSnd"=dword:00000006
"AlarmDays"=hex:1f
"AlarmTime"=hex:0e,01
"AlarmFlags"=hex:01
"AlarmNotFlags"=hex:1f,00,00,00
Don't use this settings otherwise you'll get up very early in future , just configure your alarms and export the registry settings with PHM!
You have to put corresponding file in path EN_KITCHEN\OEM\OEMDrivers!
-------------------------------------------------------------
Boys, this all is not my work, it is the work of several developers, coding for our pleasure and please don't think this would be done in some minutes, not even some hours, at least days and often months of work and investigation is behind those tools and apps, so be that fair and donate to show your appreciation and honor for them and their work and spent lifetime, otherwise go buy $¥%¢¤#in stuff at $¥%¢¤#in developers sites with $¥%¢¤#in apps full of $¥%¢¤#in nag or splash screens and full of $¥%¢¤#in not workin code. The guys here spent a lot of their lifetime (i mean this exactly: LIFETIME) developing tools to satisfy our all needs. So please be that fair and donate some money to keep developers able to develop furthermore...you should really not hesitate about donating some bucks. This all here is not possible being payed by us, because the real price would be hundreds and thousands of dollars..believe me.
So go donate and begin feelin better on all what you get deserved here at xda-devs! And furthermore why not donate every month some bucks, as i am shure you throw away a lot more money for $¥%¢¤#in things like cigarettes, tv, music, cars, women or whatever...
Did ya $¥%¢¤#in get me?!
After reading this and using those tools you saved a vast array of hours, days or even months of lifetime, so go $¥%¢¤#in donate to those who spent theirs for you!
Hey , i can´t download BEPE´S , because i don´t have permission !
Can you upload it at rapidshare for example ?
GahhTheBig said:
Hey , i can´t download BEPE´S , because i don´t have permission !
Can you upload it at rapidshare for example ?
Click to expand...
Click to collapse
Just register (it's free) at the board and you will have permission!
Hi thanks for the info. I have tried for myself but when flashing I get INVALID MODEL ID after 1%, any ideas ?
col laughton said:
Hi thanks for the info. I have tried for myself but when flashing I get INVALID MODEL ID after 1%, any ideas ?
Click to expand...
Click to collapse
Did you really follow the instructions, did you install unsigned HardSPL?
Check this out: http://forum.xda-developers.com/showthread.php?t=409425 or search for your problem and read answers as i don't know what you did exactly!
question
When i've reached the last step (htc rom tool appears), i'm writing the version image etc and by the time i press build it gives me an erro "You need to assign at least one firmware block". i press B and i try to find one,but i don;t know where.
What i'm i doing wrong?
I found the solution.
nsourm said:
When i've reached the last step (htc rom tool appears), i'm writing the version image etc and by the time i press build it gives me an erro "You need to assign at least one firmware block". i press B and i try to find one,but i don;t know where.
What i'm i doing wrong?
I found the solution.
Click to expand...
Click to collapse
I added screenshot for other to see easier what do do where.
Updated manual folder customization ... nice feature!
Updated new features!
figured out folder customization nice feature
question by pm:
ok now....i want to add cabs in kitchen/rom..i have read your tut but havent understand it...so i need to put cab in EXT/Diamond and than open MSCEInf drag cab in and press "Extract CAB files with original names in folder", than cab is in kitchen and it will be cooked in rom??
Click to expand...
Click to collapse
no place cab anywhere on c-drive, then open ervius package creator and select cab, through this msceinf gets opened, click the folder-icon to save all original named files (and stay on the suggested path - a folder directly under drive c) close msceinf by the rightest button on button bar and you get back to package creator, there adjust/review shortcut and click done, click complete package. this package is old style like to use under oem/sys folders, for adding it to EXT/Diamond convert it by ervius package converter and then copy to ext/diamond.
i should make a video from this one day
regards
peet
Steps taken to change the dialer to NON-slider: (Waiting for confirmation and then I'll flash)
1. Extracted Nataly's Kitchen to C:\NATALY
2. I go to _ADDS - EXT - Diamond
Copy PhoneCanvas 3_50_32466_0_noLand to EN_KITCHEN - EXT - Diamond
Remove PhoneCanvas_Slider 3_50_33348_0
3. That's all I wanted to change to the kitchen so I go to Nataly EN_KITCHEN and I click build_rom.bat (creating it)
After that it opens HTCRT.exe as in the screenshot under the tab ROM builder I change device to Diamond *, it automatically changes Model ID, Country ID, Version, Language, which are all unchanged
Firmware contents I select the OS-new.nb
4. Click build! And I named it OS-NATALY-NEW.nbh
Can you confirm to me that I did everything perfect as it should and that I can flash this thing!
Thanks in advance!
One little question after this as well,
The things I install after flashing are:
HTC_Keyboard_PanEU.cab
and a 14 languages update cab (T9 Input 14 Languages Update.cab) which allows to see dutch t9 language.
How to insert that in a rom?
And how to include an installer of TomTom for example (also cab)?
If it's really not possible, I can install those afterwards but it would be great to already have the dutch t9 in the rom, TomTom I could install when it's flashed Thanks in advance!
you did everything right by now, u can flash this and should nake no problems.
if you want to include further cabs follow the instructions one post above, that the procedure to include cabs in rom, if you read second post of thread "further customizing your rom" there is some more told about it. as some apps don't work if only made oem package from cab. so first make backup of registry, install cab, make backup again, copy to pc and compare. differences should reflect installation, put that in app. reg in addition to the contents from cab and then insert in rom...i'll make a video as soon as possible
benko try this
peetx said:
you did everything right by now, u can flash this and should nake no problems.
if you want to include further cabs follow the instructions one post above, that the procedure to include cabs in rom, if you read second post of thread "further customizing your rom" there is some more told about it. as some apps don't work if only made oem package from cab. so first make backup of registry, install cab, make backup again, copy to pc and compare. differences should reflect installation, put that in app. reg in addition to the contents from cab and then insert in rom...i'll make a video as soon as possible
Click to expand...
Click to collapse
Hmmm I'll try to read some more tomorrow and a video would be great indeed! I'll try to flash my rom tomorrow and test thé thing!
WH33LSONFiRE said:
Hmmm I'll try to read some more tomorrow and a video would be great indeed! I'll try to flash my rom tomorrow and test thé thing!
Click to expand...
Click to collapse
i try to make one soon
peetx said:
question by pm:
no place cab anywhere on c-drive, then open ervius package creator and select cab, through this msceinf gets opened, click the folder-icon to save all original named files (and stay on the suggested path - a folder directly under drive c) close msceinf by the rightest button on button bar and you get back to package creator, there adjust/review shortcut and click done, click complete package. this package is old style like to use under oem/sys folders, for adding it to EXT/Diamond convert it by ervius package converter and then copy to ext/diamond.
i should make a video from this one day
regards
peet
Click to expand...
Click to collapse
ervius package converter ?
Look, I have a cab lets say its "HTC_Album_V_2.5.1820.4127.cab"
So I:
1. use packages creator and open cab, then I press the button to extract it with msceinf and then I get a file and windows folder.
Then I select this package by"open package" and press done & complete package.
Then I take the folder I used to store this files I just extracted and so, and rename it to "HTC_Album_V.....4127", and place it in the EXT/Diamond folder?
Just like that? I see a different pattern in this folder than the others in the ext/ folder, mine is loaded with tons of files, the others has first reg file, 0409 and files folder.
Does it mater?
the way I just described...is good? is there anything else supposed to be done in order to add a cab file to the rom?
eranyanay said:
ervius package converter ?
Look, I have a cab lets say its "HTC_Album_V_2.5.1820.4127.cab"
So I:
1. use packages creator and open cab, then I press the button to extract it with msceinf and then I get a file and windows folder.
Then I select this package by"open package" and press done & complete package.
Then I take the folder I used to store this files I just extracted and so, and rename it to "HTC_Album_V.....4127", and place it in the EXT/Diamond folder?
Just like that? I see a different pattern in this folder than the others in the ext/ folder, mine is loaded with tons of files, the others has first reg file, 0409 and files folder.
Does it mater?
the way I just described...is good? is there anything else supposed to be done in order to add a cab file to the rom?
Click to expand...
Click to collapse
No - when files are extracted by msceinf you close this app and get back to ervius package creator, there click done and afterards complete package. this will get you folder in path of cab, this folder convert by ervius package converter and this will reflect same folder structure as ohter packages in ext/diamond, so place new package there and youre done
Hi
For now provision xml are the only way to write in all the registry entries on HTC Device,
But this kind of files have the ability to do a lot more.
-The following list shows some of the various capabilities of provxml files.
To Deploy Provxml you have 2 choices for now:
HTC-ProvXml-Deployer
Advanced config 1.1.0.1(sometime doesn't work!!)
-Write Registry key & value
This example Write a key (Registry\HKLM\System\Accessibility), including the associated values and subkeys.
Code:
[COLOR="blue"]<wap-provisioningdoc>
<characteristic type="Registry">
<characteristic type="HKLM\System\Accessibility">
<parm name="CompactMode" value="1" datatype="integer" />
<parm name="TTY" value="0" datatype="integer" />
<parm name="telecoil_UI" value="0" datatype="integer" />
<parm name="telecoil" value="0" datatype="integer" />
</characteristic>
</characteristic>
</wap-provisioningdoc>[/COLOR]
-Delete Registry key
This example delete the key (Registry\HKLM\Software\Microsoft\Test), including the associated values and subkeys.
Code:
[COLOR="blue"]<wap-provisioningdoc>
<characteristic type="Registry">
<nocharacteristic
type="HKLM\Software\Microsoft\Test"/>
</characteristic>
</wap-provisioningdoc>[/COLOR]
-Delete Registry Value
This example delete a value (TestValue) from a registry key (Registry\HKLM\Software\Microsoft\Test)
Code:
[COLOR="blue"]<wap-provisioningdoc>
<characteristic type="Registry">
<characteristic type="HKLM\Software\Microsoft\Test">
<noparm name="TestValue" />
</characteristic>
</characteristic>
</wap-provisioningdoc>[/COLOR]
-Create Folder
This example create a folder (test) into windows folder (\windows\Test\)
Code:
[COLOR="blue"]<wap-provisioningdoc>
<characteristic type="FileOperation">
<characteristic type="\Windows\test" translation="install">
<characteristic type="MakeDir" />
</characteristic>
</characteristic>
</wap-provisioningdoc>[/COLOR]
-Copy File & Change file Attributes
This example copy a file (test.png) from my ringtones folder to windows folder (\windows\Test.png) & ChangeAttributes
R Read-only
A Archive
S System
H Hidden
Code:
[COLOR="blue"]<wap-provisioningdoc>
<characteristic type="FileOperation">
<characteristic type="\Windows\" translation="install">
<characteristic type="MakeDir" />
<characteristic type="test.png" translation="install">
<characteristic type="Copy">
<parm name="Source" value="\My Documents\My Ringtones\test.png" translation="install" />
<parm name="RemoveAttributes" value="RH" />
</characteristic>
</characteristic>
</characteristic>
</characteristic>
</wap-provisioningdoc>[/COLOR]
-Set Wifi settings
This example show how to preconfigure your wifi network
Code:
[COLOR="Blue"]<wap-provisioningdoc>
<characteristic type="CM_WiFiEntries">
<characteristic type="My_SSID"> (do not change this value and delete this comment)
<parm name="DestID" value="{A1182988-0D73-439e-87AD-2A5B369F808B}"/>
</characteristic>
</characteristic>
<characteristic type="Wi-Fi">
<characteristic type="access-point">
<characteristic type="YourSSID to insert">
<parm name="DestId" value="{A1182988-0D73-439e-87AD-2A5B369F808B}"/>
<parm name="Encryption" value="0"/>
<parm name="Authentication" value="0"/>
<parm name="hidden" value="1"/>
<parm name="KeyProvided" value="0"/>
<parm name="NetworkKey" value="yourPWD to insert"/>
<parm name="KeyIndex" value="1"/>
<parm name="Use8021x" value="0"/>
</characteristic>
</characteristic>
</characteristic>[/COLOR]
-Add Favorite
This example add 2 favorites in IE
Code:
[COLOR="Blue"]<wap-provisioningdoc>
<characteristic type="BrowserFavorite">
<characteristic type="Favorite1">
<parm name="URL" value="http://www.Favorite1.com/" />
</characteristic>
<characteristic type="Favorite2">
<parm name="URL" value="http://www.Favorite2.com" />
</characteristic>
</characteristic>
</wap-provisioningdoc>[/COLOR]
-set timezone
Code:
[COLOR="Blue"]<wap-provisioningdoc>
<characteristic type="Clock">
<parm name="TimeZone" value="1200"/>
</characteristic>
</wap-provisioningdoc>[/COLOR]
Please submit provxml method you have and I will update this post.
thanks
Good job!
Thxx a lot to u!!:d
Well, Xml Provisioning has A LOT more possibilities. You can also query registry keys and values, install xap's, filesystem-access, etc. The problem is that the OEM apps do not let us process the return-data. It is processed internally.
The Xml Provisioning functions call this api internally: DMProcessConfigXml. Examples are here and here. If you google, you will find a lot more.
If we have full access to Xml Provisioning and also to the return-data, we have root-access to the device!
DMProcessConfigXml is documented on MSDN. But it is not documented as part of the Windows Phone 7 SDK. However, the api is present on Windows Phone 7. The Windows Mobile 6 SDK has a header file for that function, which can be used.
I wrote a native COM-wrapper for that function and a managed wrapper to call COM. But unfortunately the calls return errorcode 0x800704ec: "Blocked by policy"
I attach a test-app to show what I got now. Keep in mind that this uses native api's. It does not use OEM-drivers or anything.
I'm now trying to get my code called by code that is already elevated. I got some ideas, but it is tricky. So bear with me.
Nice workk Heathcliff74
i've also try to query key without success for now.
have you try to change registry policies maybe this can help!
some test are needed.
i like the way your app work very good job.
there is apppreinstaller.exe in windows folder with ability to install xap from provxml
when you launch it ,this run masd.provxml and deploy oem xap.
i'm looking how this work.
If Oem like connection setup have full access maybe we can patch the dll to allow query!
tell me what you think
xboxmod said:
Nice workk Heathcliff74
i've also try to query key without success for now.
have you try to change registry policies maybe this can help!
some test are needed.
i like the way your app work very good job.
there is apppreinstaller.exe in windows folder with ability to install xap from provxml
when you launch it ,this run masd.provxml and deploy oem xap.
i'm looking how this work.
If Oem like connection setup have full access maybe we can patch the dll to allow query!
tell me what you think
Click to expand...
Click to collapse
Hi XBOXMOD,
I'm pretty sure this has not anything to do with registry permissions. In my example I query a registry key that can be queried using the standard native registry functions without any elevated privileges. So I guess these keys are not protected. I assume that the call to DMProcessConfigXml fails because it checks the signature of the code that invokes that function. Therefore I also don't think that patching the OEM apps is going to work. When the code is patched, the signatures are not valid anymore.
I'm trying to figure out which exact signatures are verified and which signatures are responsible for the elevated privileges to call DMProcessConfigXml. When I know that I could maybe figure out a way to get my native custom code being called by elevated code.
xboxmod said:
Hi
For now provision xml are the only way to write in all the registry entries on HTC Device,
But this kind of files have the ability to do a lot more.
Click to expand...
Click to collapse
So why the "Samsung" in the title?
Is there a way to make this work on Samsung devices other than having the file to exist on the Windows folder (which is not possible yet?) ?
martani said:
So why the "Samsung" in the title?
Is there a way to make this work on Samsung devices other than having the file to exist on the Windows folder (which is not possible yet?) ?
Click to expand...
Click to collapse
I hoped my code (see xap in previous post) would be able to run provxml on all devices. I have a Samsung myself. The code I use there does not use any oem code, so that would not be the problem. I did not expect the calls would be blocked by policies. But it seems there are signatures being verified. I'm working on that (also see previous post).
Heathcliff74 said:
I hoped my code (see xap in previous post) would be able to run provxml on all devices. I have a Samsung myself. The code I use there does not use any oem code, so that would not be the problem. I did not expect the calls would be blocked by policies. But it seems there are signatures being verified. I'm working on that (also see previous post).
Click to expand...
Click to collapse
Well, I hope you get this to work soon, since the code is obfuscated!
martani said:
Well, I hope you get this to work soon, since the code is obfuscated!
Click to expand...
Click to collapse
LOL! That is my code. I obfuscated it.
Heathcliff74
where is stored provxml run by your tool?
is there a way to run my provxml with it?
xboxmod said:
Heathcliff74
where is stored provxml run by your tool?
is there a way to run my provxml with it?
Click to expand...
Click to collapse
Well he has some *obfuscated* provxml strings that get run on the app startup, I am not sure if they are safe or not
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
xboxmod said:
Heathcliff74
where is stored provxml run by your tool?
is there a way to run my provxml with it?
Click to expand...
Click to collapse
At this moment I have the xml's hard-coded in the app. If you post your xml, I will make a version with your xml. But I'm 99% sure it will return the same errorcode, because that error tells me that I'm simply not allowed to execute any xml with the privileges I got now.
I obfuscated my code, because I got a lot of work in that. It's not that I don't want to share at all, but I share only on a need-to-know-base. If anyone wants it, the PM me.
In the xap, there is a "native.dll", which contains the native code that calls DMProcessConfigXml and provides a COM interface. The other dll is the managed silverlight code (obfuscated), that calls on that COM interface.
martani said:
Well he has some *obfuscated* provxml strings that get run on the app startup, I am not sure if they are safe or not
Click to expand...
Click to collapse
Those are simply the xml's you see when you run the app. They are safe. I run 3 xml's. One for reading a regkey, one for writing a regvalue (harmless) and one that tries to install the preinstalled xap of the diagnose app. They all fail with a security error.
Heathcliff74 said:
Those are simply the xml's you see when you run the app. They are safe. I run 3 xml's. One for reading a regkey, one for writing a regvalue (harmless) and one that tries to install the preinstalled xap of the diagnose app. They all fail with a security error.
Click to expand...
Click to collapse
so if i understand for now you app can't deploy provxml even if it's an allowed part of registry?
When i said patch dll of oem apps to allow query.
i talk about htc connection setup because this oem have full registry & file system access using provxml, all command below have been test and work.
xboxmod said:
so if i understand for now you app can't deploy provxml even if it's an allowed part of registry?
Click to expand...
Click to collapse
That is correct. I wanted to make a tool that could use Xml Provisioning for all devices. And I also wanted to use the return-data (for querying registry and other services). So I didn't want to use OEM apps or drivers. I use native code to call the api directly. But apparently you need to be elevated (signed code) to do that. Trying to work around that right now.
xboxmod said:
When i said patch dll of oem apps to allow query.
i talk about htc connection setup because this oem have full registry & file system access using provxml, all command below have been test and work.
Click to expand...
Click to collapse
I guess that is not going to work, because then the signatures will not be valid anymore and you won't get the necessary elevated permissions, as you have now (with unpatched code). Try it. Change a few dummy bytes and see if it still works.
Heathcliff74 said:
I guess that is not going to work, because then the signatures will not be valid anymore and you won't get the necessary elevated permissions, as you have now (with unpatched code). Try it. Change a few dummy bytes and see if it still works.
Click to expand...
Click to collapse
i have already patch htc connection setup dll and it always run with elevated permissions.
My provxml deployer is just an edited version of htc connection.
And it keep his permissions.
the system always believe this is an allowed app.
Oups sorry double post!!
xboxmod said:
i have already patch htc connection setup dll and it always run with elevated permissions.
My provxml deployer is just an edited version of htc connection.
And it keep his permissions.
the system always believe this is an allowed app.
Click to expand...
Click to collapse
Frankly, I haven't seen any of your provxml apps, because they are all htc-specific. I know provxml is extremely useful, bus since I have a Samsung, your app is useless for me. And that's why I was looking for a way to get full access to Xml Provisioning, but I did not expect to get limited privileges.
If you're able to patch the app, then you must probably be using an app that uses oem-specific driver-communication. Because there is a security-hole in there. I already discovered that a while ago (see here, here and here).
If that is correct, then the driver is calling the actual Xml Provisioning and the driver is properly signed for that. The driver is exposing an unsecured interface. The driver itself can't be patched (or you will loose the necessary privileges, since the driver is doing the Xml Provisioning). But the code that is calling the driver can be patched without any problems.
Whether you can use the driver for querying system-information (registry, filesystem, etc) depends whether you are able to get the return-data from the Xml Provisioning. Is the return-data processed by the driver or by the app? If it is processed by the driver, then you can't access it. If it is processed by the app, you can access it when you patch the app.
didnt think anyone was still working on a proper jailbreak, but I would be really interested in hearing what people are trying to get elevated permissions.
indiekiduk said:
didnt think anyone was still working on a proper jailbreak, but I would be really interested in hearing what people are trying to get elevated permissions.
Click to expand...
Click to collapse
I made some real good progress last night. I found some real interresting api's and I got some goodies working already. I need to do a lot more testing to see what is possible. I got good confidence I can get root-access (TCB) with this. Can't say for sure quite yet. Will keep you posted!