Related
Has anyone been able to customize the welcome screen of WM6 or WM5?
Or anyone has got some suggestions on this issue?
Regards,
Hassan
Hassan101 said:
Has anyone been able to customize the welcome screen of WM6 or WM5?
Or anyone has got some suggestions on this issue?
Regards,
Hassan
Click to expand...
Click to collapse
If you look a bit further down this section you may find what you're looking for.
Jay
responderman said:
If you look a bit further down this section you may find what you're looking for.
Jay
Click to expand...
Click to collapse
Thanks a lot but the issue u r pointing at is about the boot splash and I want to change the welcome screen (green wm6 spash).
Any clue
You need to overwrite the Welcomehead.192.png in Windows\ with yours one.
Try search more on the forum!
unapproachable2kx said:
You need to overwrite the Welcomehead.192.png in Windows\ with yours one.
Try search more on the forum!
Click to expand...
Click to collapse
Wow ! .. Its all DONE !!!
I Reallyyyyyy appreciate ur help !!!
Regards
Your solution works, but look, there are 2 splash screens, that you talks are the second one, how i change the first?
gajodafeira said:
Your solution works, but look, there are 2 splash screens, that you talks are the second one, how i change the first?
Click to expand...
Click to collapse
Ah, on most HTC devices I've used the welcome screen is not the same as the splash screen and I think that might be the problem here. The welcomhead file is your welcome screen and easily replaced in your kitchen, but the splash screens (2 of, although sometimes seems like 1 as they might be identical) are installed as part of your ROM.
When you use get to the point in a kitchen of having an OS.nb or Windows.nb or however it's phrased, and you're ready to turn this into a full ROM file, you can add in other things like the IPL, SPL, 1st and 2nd splash screens, radio and extended ROM, each of which has its own .nb file.
Welcomehead is easy to change. The splash screens aren't hard to change and you should find instructions somewhere in any kitchen manual probably. Haven't time to look for you now though, you'll have to scan about in any kitchen-related docs or web pages you have or know of.
chunkymonkey said:
Ah, on most HTC devices I've used the welcome screen is not the same as the splash screen and I think that might be the problem here. The welcomhead file is your welcome screen and easily replaced in your kitchen, but the splash screens (2 of, although sometimes seems like 1 as they might be identical) are installed as part of your ROM.
When you use get to the point in a kitchen of having an OS.nb or Windows.nb or however it's phrased, and you're ready to turn this into a full ROM file, you can add in other things like the IPL, SPL, 1st and 2nd splash screens, radio and extended ROM, each of which has its own .nb file.
Welcomehead is easy to change. The splash screens aren't hard to change and you should find instructions somewhere in any kitchen manual probably. Haven't time to look for you now though, you'll have to scan about in any kitchen-related docs or web pages you have or know of.
Click to expand...
Click to collapse
When i changed for wm6 the rom changed the 1st and the second splash. I changed again into the 6.1 and only the 2nd was changed, so i think that the 1st aren't directly connected to the ROM.
gajodafeira said:
When i changed for wm6 the rom changed the 1st and the second splash. I changed again into the 6.1 and only the 2nd was changed, so i think that the 1st aren't directly connected to the ROM.
Click to expand...
Click to collapse
It just depends on whether the ROM you install happens to come with 1 or 2 or no splashscreens. There's a splash1.nb and splash2.nb (might be slightly different names to that but will be similar) in a full, original ROM - and a radio, IPL, SPL and Ext-ROM too. Each has its own .nb file. (The names of them vary a bit between devices but they're pretty much always easily-recognised.)
Cooked ROMs usually are OS-only, and only made from an OS.nb (or Windows.nb sometimes - you could actually call it anything and still use it). Sometimes however, someone bundles a splash1 or a splash2 with it or both. You could install a ROM and find no splashscreens change afterward - which is usually the case. Whenever I download a ROM and it comes with a splashscreen, I almost always break the ROM down into it's .nb files and then put it back without the splash1 or splash 2 in it.
If you have a go with any ROM using HyperCore you'll find ROMs with 1 splashscreen have 1 .nb file relating to splashscreen and ROMs with 2 splashscreens (or a splashscreen which apears to last ages, which is just identical splashscreens) have 2 .nb files relating to splashscreens.
I don't think not having splashscreens saves any space though as I'm fairly sure that the space is essentially allocated to the relevant .nb files (for splashscreens they're 256k each, the nb files, even if the picture you used was 1 0.5k black mono pic).
Learning to use HyperCore obliquely taught me and many others a fair bit about how these things tick. Not a techie, mind - just done a lot of phone flashing. It's brilliant.
By way of example, here's the .nb file-list from an official (OrangeUK) Hermes ROM. (The basic format is generally the same between devices, even if the names alter - it just happens to be the most recent ROM I broke up in this way and still have the files to list for you.)
RUU_Signed.nbh is the file one would flash. This is made up from:
Windows.nb
Herm_ExtendedRom.nb
IPL.nb
Radio.nb
PrimarySplash.nb
SecondarySplash.nb
SPL.nb
The format doesn't change much between most devices, even if the names change.
I used to have a tool (can't remember who made it) for creating the .nb files for splashscreens. If I find it I'll attach it.
chunkymonkey said:
I used to have a tool (can't remember who made it) for creating the .nb files for splashscreens. If I find it I'll attach it.
Click to expand...
Click to collapse
I think this is what you were looking for:
http://forum.xda-developers.com/showthread.php?t=317436
However, would you mind helping me with something? How in the world did you split the nk.nbf into Windows.nb, IPL.nb, PrimarySplash.nb, SecondarySplash.nb and SPL.nb?
Aaaany help would be muuuuch appriciated.
(and yea, I have hypercore and I'm too stupid to understand how to make use of it )
Verbato said:
I think this is what you were looking for:
http://forum.xda-developers.com/showthread.php?t=317436
However, would you mind helping me with something? How in the world did you split the nk.nbf into Windows.nb, IPL.nb, PrimarySplash.nb, SecondarySplash.nb and SPL.nb?
Aaaany help would be muuuuch appriciated.
(and yea, I have hypercore and I'm too stupid to understand how to make use of it )
Click to expand...
Click to collapse
Good news is you're okay with this already if you've got hypercore. Duttythroy's made a genius tool for it, appropriately entitled Dutty's Good NBH Tool. It splits .nbh files into the .nb files that comprise it, and that tool is in your hypercore.
It's also in just about every kitchen. Definitley on your hard drive somehere. Just use the page that disassembles (not in the programmer's sense) an .nbh file, not the page that puts one back together form the parts we've been talking about.
Good spot on Oli's tool, but it was another one. Had a very simple interface 1-click interface. Wish I could remember whose it was now 'cause I definitely don't have it any more. (Unfortunately, my external HDD went down recently and took ... well, everything with it from the last, ooh, 12 or 13 years. And yes I did have a backup: that was it; the proper HDD went down a few months earlier and, like a complete tool, I left it till the backup died before replacing it.)
EDIT: here it is, to save you searching mate.
Thanks
Uhm... Yea, I've been on the "right path" for so long, I have HypeCor, L26.v7, Helmi kitch r0... and I still haven't figured out how to make anything from the nk.nbf-file.
Reading a bit I thought typho5 would -x it into an nbh-file. No such luck. Just died on me telling me the .nbf-file has an "unknown header format".
I've even tried dumping from the phone with some "grab-it"-program.
http://forum.xda-developers.com/showthread.php?t=238945
It works, it spits out something. But what it is, what format etc I am unsure of.
Heeelp!
I am totally lost here...
Verbato said:
Thanks
Uhm... Yea, I've been on the "right path" for so long, I have HypeCor, L26.v7, Helmi kitch r0... and I still haven't figured out how to make anything from the nk.nbf-file.
Reading a bit I thought typho5 would -x it into an nbh-file. No such luck. Just died on me telling me the .nbf-file has an "unknown header format".
I've even tried dumping from the phone with some "grab-it"-program.
http://forum.xda-developers.com/showthread.php?t=238945
It works, it spits out something. But what it is, what format etc I am unsure of.
Heeelp!
I am totally lost here...
Click to expand...
Click to collapse
Ooh, I wouldn't go messing with that just now. If all you want is to take an .nbh file and break it up into the various .nb files, just run dutty's tool, browse to your nbh file and go. it'll dump all he .nb files in no time at all, maybe less.
If that's not what you're trying to do then I'm barking up the wrong tree and therefore not helping, but if that's the case just re-explain your needs and I'll have another go.
chunkymonkey said:
Ooh, I wouldn't go messing with that just now.
Click to expand...
Click to collapse
Oooohh... I love to mess around
Okay, exact mess I want to get my self in to:
swat4 was as kind as to drop a WM5-image with sdhc-drivers. I want to take out those .dll-files and add them to another image. Namely Helmi_UNI_AKU3.5_v1.3.1.
But so far all I have is this nk.nbf-image. That, and I found this grab-it-tool, which copys the roms image straight over to SD-card in raw format.
Hmmm... Any hints to point me in some general direction as to what to do next?
Verbato said:
Oooohh... I love to mess around
Okay, exact mess I want to get my self in to:
swat4 was as kind as to drop a WM5-image with sdhc-drivers. I want to take out those .dll-files and add them to another image. Namely Helmi_UNI_AKU3.5_v1.3.1.
But so far all I have is this nk.nbf-image. That, and I found this grab-it-tool, which copys the roms image straight over to SD-card in raw format.
Hmmm... Any hints to point me in some general direction as to what to do next?
Click to expand...
Click to collapse
Righto.
If I was trying to add SDHC drivers to a ROM that didn't have them already, I think I'd be using HyperCore to turn the nbh of that ROM into .nb files and then into the series structured files and folders that kitchens usually use, OEM, SYS, ROM, etc., and then just adding an SDHC OEM. After which HyperCore becomes very similar to most kitchens.
OR I'd be just popping a line into the preconfig file if there is one, such as "CAB: /Windows/SDHC_drivers_that_I_wish_were_already_included_in_this_ROM.CAB" for example and letting it install as a cab at the preconfig stage instead of an OEM. (I'm a big preconfig fan.)
Might be quicker to use a kitchen from scratch than HyperCore to edit a pre-existing ROM though.
Hey, wow, thanks for all your help!
I still don't understand how to make an .nbh-file out of an .nbf-file though.
However I've tried copying sdbus.dll, SDHC.dll and SDMemory.dll to /Windows on the device, like I was recommended by someone else.
All that did was make my sdhc dissapear. No luck there.
I'm so frustrated, just looks like getting a proper WM5-image to work with >4G sdhc isn't feasible. Or at least, not for now.
Which is so frustrating, since there is one that does work. Gnh!
However, thanks for your time. I appriciate it.
I use this one
Try the linked one. Easy to use, I find it somewhere here.
http://zolee-ka.uw.hu/CreateBootScreenPackage.rar
And here's an alternative one - the one I was referring to earlier. By a mad coincidence, I just came across this when I was looking for someting else entirely.
Hello.
I'm a new Telstra Diamond owner. I want to learn everything about this phone and dump ROM's to contribute to the community.
I'm kinda new to the scene but I've done a fair amount of research and how I'm stuck. I thought I'd summarise what I think I know about the Diamond for the benefit of those who read this thread - and to confirm my own understanding.
- I've managed to use regeditSTG to allow unsigned code to run. I've then used imgfstools/pdocread to dump the ROM from the OS.
I've extracted the following partitions:
Code:
210.50M (0xd280000) DSK1:
| 3.12M (0x31f000) Part00
| 4.38M (0x460000) Part01
| 109.63M (0x6da0000) Part02
| 93.38M (0x5d60000) Part03
3.75G (0xf0000000) DSK7:
| 3.75G (0xf0000000) PART00
Now, my understanding is that these are:
Code:
DSK1
Part00 - image update kernel partition (XIP), used while image updates
Part01 - regular kernel partition (XIP), used for normal OS boot
Part02 - imgfs
Part03 - user filesystem
DSK7
Part00 - extended rom
Is that right?
I then tried to dump the SPL with the following:
pmemdump.exe 0xa8000000 524288 SPLdumped.nb
This worked, but I'm not sure if it's really the SPL...
So, I entered the bootloader mode and ran mtty. I ran checkimage and got the CRC checksums:
Code:
Cmd>checkimage
SPL CRC checksum = 0x6F634BF9
Fixed new dwPSImageSize = 0x60C0000
CE CRC checksum = 0x9C5FBF7F
Fixed new dwPSImageSize = 0x60C0000
ExtROM CRC checksum = 0x0
[\CODE]
However, none of the PartXX images I dumped earlier matches any of the CRC's... So, now I'm confused. Is the CRC a regular CRC32? Am I able to verify my ROM images?
Further, I tried to dump rom using rbmc, but it doesn't look like it works. It just freezes after the following:
[CODE]
GetExtRomData+(): *pszPathName=c:\temp\Mem.nb, dwStartAddress=57600000, dwLength=8847FAC0
:F=c:\temp\Mem.nb
:A=57600000
:L=8847FAC0
:rbmc=
HTCS
[\CODE]
I'm assuming it's supposed to dump the rom to screen for me to extract later... I've also tried different start addresses and different lengths to no avail.
I did however notice that my seclevel is FF
[CODE]
Cmd>task 32
No card inserted
SD read fail!
Level = FF
[\CODE]
I'm assuming this is why I'm not able to run rbmc properly.
SO - is there any way I can change my seclevel to 0 without flashing over the rom that I want to extract? I really want to extract the IPL, SPL, and ROM properly before I do anything permanent on my Diamond.
Thanks for any replies.
/dev/null0
Code:
GetExtRomData+(): *pszPathName=c:\temp\Mem.nb, dwStartAddress=57600000, dwLength=8847FAC0
:F=c:\temp\Mem.nb
:A=57600000
:L=8847FAC0
:rbmc=
HTCS
[\CODE]
I'm assuming it's supposed to dump the rom to screen for me to extract later... I've also tried different start addresses and different lengths to no avail.
I did however notice that my seclevel is FF
[/QUOTE]
For sure not. Either your seclevel is 00 or 01. It is stored in HTC partition,
in regioninfo section.
Also rbmc does only read memory, but not nand. So you will not be able to dump radio for example due to MPU.
[QUOTE]
SO - is there any way I can change my seclevel to 0 without flashing over the rom that I want to extract?
[/QUOTE]
In order to obtain a sec unlocked device, you need to patch the radio. No need to change the rom at all.
Once you're sec unlocked, you can dump whole nand (including os) by using pdump command.
[QUOTE]
I really want to extract the IPL, SPL, and ROM properly before I do anything permanent on my Diamond.
[/QUOTE]
First try to dump spl using rbmc. The crc32 isn't standard crc32, but xilinx crc32. After that, flash mfg spl and patch radio to get sec unlock. Then you can restore old spl and radio to the device.
The only way to dump radio and os without patching anything is using jtag.
Cya,
Viper BJK
Click to expand...
Click to collapse
Hi Viper, Thanks for replying.
JTAG? Awesome I've got some hardware experience, and I opened my Diamond but I wasn't able to identify the JTAG port. I've done a quick search and found that you've been able to identify the JTAG port - but it wasn't working for some reason. Are you able to reply with the location and information (or PM me if you want to restrict who gets the info) I'd appreciate it.
Back to my original questions:
First try to dump spl using rbmc
Click to expand...
Click to collapse
Cool - but, I haven't been able to get rbmc working at all for me. Am I giving it an invalid address (I've tried several) or is there something else at play here?
The crc32 isn't standard crc32, but xilinx crc32.
Click to expand...
Click to collapse
Sweet! Now all I need is the algorithm or an executable to perform the xilinx crc. I'm going to search now, but do you know of any? I looked at QMAT but I didn't notice it mentioning anything about this. BTW. Nice tool - I've just donated €15 for your efforts.
Looking forward to your reply!
/dev/null0
devnull0 said:
Hi Viper, Thanks for replying.
JTAG? Awesome I've got some hardware experience, and I opened my Diamond but I wasn't able to identify the JTAG port. I've done a quick search and found that you've been able to identify the JTAG port - but it wasn't working for some reason. Are you able to reply with the location and information (or PM me if you want to restrict who gets the info) I'd appreciate it.
Back to my original questions:
Cool - but, I haven't been able to get rbmc working at all for me. Am I giving it an invalid address (I've tried several) or is there something else at play here?
Sweet! Now all I need is the algorithm or an executable to perform the xilinx crc. I'm going to search now, but do you know of any? I looked at QMAT but I didn't notice it mentioning anything about this. BTW. Nice tool - I've just donated €15 for your efforts.
Looking forward to your reply!
/dev/null0
Click to expand...
Click to collapse
Well QMAT supports calculation of xilinx crc32. See "Generate Hashes".
Thanks for your donation, I really appreciate that.
About the Jtag : I never said it wouldn't work. I just haven't had a chance to get a bricked device to test. Jtag pinouts should not be made public, as otherwise we will no longer have a chance to use it on newer devices. Just contact me via [email protected], if you think you can handle that. I'll be glad to help.
Rbmc is a bit tricky. Your parameters I think are correct,except the length. That one is way too much. Use QMAT AT Command Tool (HTC) and have a look at the file called "bytelog" in the program directory.
You can clearly see the results there.
Cya,
Viper BJK
Hey guys, I have flashed a couple roms throughout the past 2 months, and i usually use Task 29 to wipe anything remaining but for some reason I get the Splash Screen from the Core Cell Evo roms, although im using the Energy GTX July 4 rom. Anyone know how to make this go away? or somehow I could change that? thanks
Not sure if this will help, but still trying to post something that may help you...
My phone was using the original HTC rom that came with T-mobile settings. Today I flashed its ROM with the following version :
ROM Name : WWE RHODIUM Cookie Energy style
ROM Version : 03.Jul.2010 WWE
ROM date: 03/15/10
RADIO Version : 3.45.25.14
and it removed the original T-mobile splash screen and also allows me to control the splash screen as follows :
Start -> Tools -> Advanced Config -> Splash
Hopefully it helps..
khoyifish said:
Hey guys, I have flashed a couple roms throughout the past 2 months, and i usually use Task 29 to wipe anything remaining but for some reason I get the Splash Screen from the Core Cell Evo roms, although im using the Energy GTX July 4 rom. Anyone know how to make this go away? or somehow I could change that? thanks
Click to expand...
Click to collapse
Yes, many of the custom ROMs will overwrite the initial splash screen. You generally have to manually install the screen you want - but depending on the ROM (some chefs don't change it), you may have to manually change the settings. There are several threads on the APPS forums dealing with changing the startup screens.
Note that there are two startup screens. The first one comes up right after power on / reset. This one has to be flashed. Then there is an (optionally) animated one that can be easily changed.
[How-To] Custom Boot Screen
stevedebi said:
Note that there are two startup screens. The first one comes up right after power on / reset. This one has to be flashed. Then there is an (optionally) animated one that can be easily changed.
Click to expand...
Click to collapse
There are actually three boot/splash/startup screens. The first one comes on after the little vibration when it turns on. The second one is the screen that contains the "R.G.D." info (in red) at the bottom left of the screen. The third is the one that can be changed easily. The first two are changed by flashing an .nbh file, and the third can be changed via reg tweak or cab.
.....
You can change the first two boot screens by flashing a stock ROM.
OR, to really customize the first two boot screens, you can do this:
**This will not affect your ROM, radio, and SPL (so don't worry). It will simply flash the first and second level boot screens. But you do need HardSPL.**
***This has only been tested (by me) on a T-Mobile USA Touch Pro2 (Rhodium 210 model; hence the RHOD210 in the code). I am not responsible for bricks!***
EDIT: I think it works for all GSM Rhodium variants; if it doesn't flash, it'll just say "Invalid Model ID" so it shouldn't brick (as long as you have Hard SPL). HOWEVER, I don't know about CDMA (Sprint/Verizon/Telus) models.
1. Download the nbimg tool.
2. Get a 24-bit, .bmp photo that is 480x800. You can resize and save the photo (as a .bmp) by using Microsoft Paint.
3. Unzip the nbimg tool. Put your photo in the same unzipped folder.
4. When you're in the unzipped folder, run a command (SHIFT + Right Click. Open Command)
5. In the command write this:
Code:
nbimg -p 18400 -w 480 -h 800 -F [U]insertnameofphotohere[/U].bmp -T 0x600 -S 64 -D RHOD210
6. Get the Rhodium RUU here (download the "Flashing Tools").
7. Put the .nbh you created in the same folder as the RUU.
8. FLASH -- it should have flashed the first boot screen.
9. To change the second boot screen, go back to step 5 and enter this (you can also change the picture, if you want! Just make sure it's in the same folder as the nbimg tool.):
Code:
nbimg -p 18400 -w 480 -h 800 -F [U]insertnameofphotohere[/U].bmp -T 0x60[B]1[/B] -S 64 -D RHOD210
10. Repeat steps 7-8. You should now have your custom first- and second-level boot screens.
I attached 2 of my boot screen pictures -- one from my TP2 and one from my HD2. I actually don't like the one from my TP2 because the scale of the phone in the picture is bad -- it was a resizing issue.
sumflipnol said:
There are actually three boot/splash/startup screens. The first one comes on after the little vibration when it turns on. The second one is the screen that contains the "R.G.D." info (in red) at the bottom left of the screen. The third is the one that can be changed easily. The first two are changed by flashing an .nbh file, and the third can be changed via reg tweak or cab.
.....
You can change the first two boot screens by flashing a stock ROM.
OR, to really customize the first two boot screens, you can do this:
**This will not affect your ROM, radio, and SPL (so don't worry). It will simply flash the first and second level boot screens.**
***This has only been tested (by me) on a T-Mobile USA Touch Pro2 (Rhodium 210 model; hence the RHOD210 in the code). I am not responsible for bricks!***
1. Download the nbimg tool.
2. Get a 24-bit, .bmp photo that is 480x800. You can resize and save the photo (as a .bmp) by using Microsoft Paint.
3. Unzip the nbimg tool. Put your photo in the same unzipped folder.
4. When you're in the unzipped folder, run a command (SHIFT + Right Click. Open Command)
5. In the command write this:
Code:
nbimg -p 18400 -w 480 -h 800 -F [U]insertnameofphotohere[/U].bmp -T 0x600 -S 64 -D RHOD210
6. Get the Rhodium RUU here (download the "Flashing Tools").
7. Put the .nbh you created in the same folder as the RUU.
8. FLASH -- it should have flashed the first boot screen.
9. To change the second boot screen, go back to step 5 and enter this (you can also change the picture, if you want! Just make sure it's in the same folder as the nbimg tool.):
Code:
nbimg -p 18400 -w 480 -h 800 -F [U]insertnameofphotohere[/U].bmp -T 0x60[B]1[/B] -S 64 -D RHOD210
10. Repeat steps 7-8. You should now have your custom first- and second-level boot screens.
I attached 2 of my boot screen pictures -- one from my TP2 and one from my HD2. I actually don't like the one from my TP2 because the scale of the phone in the picture is bad -- it was a resizing issue.
Click to expand...
Click to collapse
I used that on my old Magician, I didn't realize the same technique worked on the TP2.
OK, that was easy
I have attached the image I used, and the nbh files that I used.
hd_480_1.bmp - source picture
hd_480_1.bmp_1.nbh - Initial boot screen
hd_480_1.bmp_2.nbh - 2nd boot screen
I didn't put the "TP2" logo on the screen, because I figure I know what device I'm using!
EDIT: I don't mind anyone using them freely, but the picture may NOT be used for commercial purposes.
Question:
I made my bmp file, converted it to .nbh, but now I am not sure which "Rhodium RUU" to get and that link ( post 4 under 6. ) gives many files but nothing clear to what I am looking for.
Line 6 is this one:
6. Get the Rhodium RUU here (download the "Flashing Tools").
I thought I might be able to use "Rhodium_CustomRUU_v1.1" found at this thread:
http://forum.xda-developers.com/showthread.php?t=492930
but I need a confirmation from someone who knows this as I sure dont know will this do damage or help me make my new splash screen.
I will be using as my 1st splash this picture I found using google:
It's not really a big problem, but it has grown to be annoying, I flashed the Core Cell Series a few months ago, but ever since then no matter what rom i flash, the Core Cell Series logo pops up, anybody kno why and how can i get this off?
Use Task 29, den flash a New Rom, I'm sure ur not gonna face any prob hence.
The Prog (Flash 29) is attached...
Just flash a stock rom. The problem will be gone.
thanx yall, i'ma try it in a few
i flashed a stock rom, it still showed up, i'm about to try task29
G1-8701 said:
It's not really a big problem, but it has grown to be annoying, I flashed the Core Cell Series a few months ago, but ever since then no matter what rom i flash, the Core Cell Series logo pops up, anybody kno why and how can i get this off?
Click to expand...
Click to collapse
You'll need to flash a boot screen. You should have been able to do it with a stock ROM (T-Mobile's stock ROM or a WWE stock ROM).
Task 29 won't do anything. It only clears the ROM; it doesn't touch the first two boot screens nor the radio-rom.
Anyway, I made a mini-tutorial on how to create and flash custom boot screens here. (Ah, heck. I'll quote it here!):
sumflipnol said:
There are actually three boot/splash/startup screens. The first one comes on after the little vibration when it turns on. The second one is the screen that contains the "R.G.D." info (in red) at the bottom left of the screen. The third is the one that can be changed easily. The first two are changed by flashing an .nbh file, and the third can be changed via reg tweak or cab.
.....
You can change the first two boot screens by flashing a stock ROM.
OR, to really customize the first two boot screens, you can do this:
**This will not affect your ROM, radio, and SPL (so don't worry). It will simply flash the first and second level boot screens.**
***This has only been tested (by me) on a T-Mobile USA Touch Pro2 (Rhodium 210 model; hence the RHOD210 in the code). I am not responsible for bricks!***
1. Download the nbimg tool.
2. Get a 24-bit, .bmp photo that is 480x800. You can resize and save the photo (as a .bmp) by using Microsoft Paint.
3. Unzip the nbimg tool. Put your photo in the same unzipped folder.
4. When you're in the unzipped folder, run a command (SHIFT + Right Click. Open Command)
5. In the command write this:
Code:
nbimg -p 18400 -w 480 -h 800 -F [U]insertnameofphotohere[/U].bmp -T 0x600 -S 64 -D RHOD210
6. Get the Rhodium RUU here (download the "Flashing Tools").
7. Put the .nbh you created in the same folder as the RUU.
8. FLASH -- it should have flashed the first boot screen.
9. To change the second boot screen, go back to step 5 and enter this (you can also change the picture, if you want! Just make sure it's in the same folder as the nbimg tool.):
Code:
nbimg -p 18400 -w 480 -h 800 -F [U]insertnameofphotohere[/U].bmp -T 0x60[B]1[/B] -S 64 -D RHOD210
10. Repeat steps 7-8. You should now have your custom first- and second-level boot screens.
I attached 2 of my boot screen pictures -- one from my TP2 and one from my HD2. I actually don't like the one from my TP2 because the scale of the phone in the picture is bad -- it was a resizing issue.
Click to expand...
Click to collapse
I hope that worked for you.
Sorry if this is stupid or something but I have the smartwatch 2 firmware dump file (dumped using dfu-util's upload utility (-u)) from messing around trying to get into the dfu. I succeeded. I don't know if I am allowed to upload the file so I won't yet.
So is there any linux/ubuntu based software I can use to decompile or to edit resources such as icons, images ect.?
If you would like to obtain the file I am talking about use the open smartwatch (1) project. similar way applies:
1. Have dfu-util installed
2. remove smartwatch 2 from power (miniusb plug)
3. plug in usb end that goes into computer but NOT miniusb.
4. my way to enter the dfu is to plug in the miniusb end and then hold power a split-second after you should see a blank screen but sony does not come up. let go of power.
5. you are now in dfu mode. Note: there will probably be no green bar at bottom of screen.
The command I used to dump the firmware was (I am on ubuntu-linux) dfu-util -a 0 -U -s 0x08000000
UPDATE: Find dump files at post #10
UPDATES
Update 15Jun14: files dumped are not in dfu format. No file extension is included.
Does this matter?
Also can someone find out if some dfu sample files are compatible (such as the arduino hack)?
Update: on ubuntu try using strings <FIRMWARE FILE PATH> it shows lots of jumbled text and near bottom there are random things such as things that look like version numbers etc.????
may be mod at file sw2.apk
i think it better way
Well maybe using this data we can find a way to create custom code modules for the apk file. This would mean android code could be ported to smartwatch 2 code through a heavily modded version of the app.
Like people said before me in the decompiled app there is support for firmware upgrades over Bluetooth maybe. So if the firmware is reverse engineered maybe we could program native apps or settings mods etc.
Sent from my C1505
I need help on this so if anyone can help such as convert it to source code that would be greatly appreciated
Sent from my C1505
Hi
Xtreme_FIRMWARE said:
I need help on this so if anyone can help such as convert it to source code that would be greatly appreciated
Sent from my C1505
Click to expand...
Click to collapse
Hi extreme I'm interested to help you to reverse the smartwatch 2 firmware, if you are interested I have the source of the smartwatch 2 host app
if you phone root already
you can backup apk by titanium backup
or if non root
use this link for download apk from play store
http://apps.evozi.com/apk-downloader
and insert com.sonymobile.smartconnect.smartwatch2 in web
you're got apk file and then use Android Multitool for extract and compile apk
which i extract it already but i don't know what is file i must mod
my problem is sw2 show Thai language 100%
if we found file in apk about show language in your country
i think it fix other language too.
I will attach the version I have straight from Google play soon
Edit: manu0466 is going the source shortly. so we will not need do download this.
Sent from my C1505
Hi there
manu0466 said:
Hi extreme I'm interested to help you to reverse the smartwatch 2 firmware, if you are interested I have the source of the smartwatch 2 host app
Click to expand...
Click to collapse
Any source code at all would be greatly appreciated. as I am having trouble decompiling the smartwatch 2 apk anyways.
Hope to see more. Thanks!
The Dump
This is the internal memory(soldered sdcard) and firmware dumps I made just in case anybody couldn't get them to examine.
They are attached to this post
If you use these in any other thread please credit me.
the password (just in case) is: xtreme_firmware
Hope this is useful! :good: :good:
Research
For those interested in the reverse engineering [URL="http://www.devttys0.com/2011/05/reverse-engineering-firmware-linksys-wag120n/"This[/URL] seems promising. Checking out a few and trying hard to crack into this firmware. Sony did a good job. I also learnt that my dump might not be full firmware but once we have a method I can always dump the full firmware somehow. The dumps I have now are good enough to test for ways and maybe start with some small mods. Of course it might actually be the full firmware anyway.
Good news and keep going. Thanks for the idea and your support.
One problem. the file does not seem to be the firmware. I will try to dump the full firmware soon.
This isn't a setback! we still have the process ready!
Hmm
Hi all.
I am confused. I am not sure how to know if it is the firmware or not. at the end of this post is the latest dump (sd and firm) that I have done. Can someone find a way to make sure this is the firmware. Thanks!
again: this isn't a setback!
Xtreme_FIRMWARE said:
Sorry if this is stupid or something but I have the smartwatch 2 firmware dump file (dumped using dfu-util's upload utility (-u)) from messing around trying to get into the dfu. I succeeded. I don't know if I am allowed to upload the file so I won't yet.
So is there any linux/ubuntu based software I can use to decompile or to edit resources such as icons, images ect.?
If you would like to obtain the file I am talking about use the open smartwatch (1) project. similar way applies:
1. Have dfu-util installed
2. remove smartwatch 2 from power (miniusb plug)
3. plug in usb end that goes into computer but NOT miniusb.
4. my way to enter the dfu is to plug in the miniusb end and then hold power a split-second after you should see a blank screen but sony does not come up. let go of power.
5. you are now in dfu mode. Note: there will probably be no green bar at bottom of screen.
The command I used to dump the firmware was (I am on ubuntu-linux) dfu-util -a 0 -U -s 0x08000000
UPDATE: Find dump files at post #10
Click to expand...
Click to collapse
This is a dump from the 1st partition called "@Internal Flash". I think you also need to specify the length which should be 2MB. So that would make the command line:
./dfu-util -c 1 -i 0 a 0 -U memdump.raw -s 0x08000000:0x200000
NOTE: this is not a dfu image as it's just a HEX dump and doesn't include the ID tags to make it a valid dfu image. However if you want you can write this RAW image back to the device with:
./dfu-util -c 1 -i 0 a 0 -D memdump.raw -s 0x08000000
If memory serves me well.
The query I have is
1) what's in 0x00000000 - 0x08000000 in partition - a 0?
It seems to show values which I don't know if they are meaningful.
2) what about the eMMC partition -a 1 which is 512MB in size?
I have dumps for these too but can't flash these back as a RAW image as dfuse-address of 0x00000000 passed into the -s option are not valid.
I think that the FileSystem to the SW2 is in either of these locations above but I don't know which or how to restore from a good device to a bad device.
: )
From the scarce amount of information about their firmware and dfu the emmc is a soldered sd card and also to NEVER try to flash older versions of it. No idea why.
We may need to somehow mod the dfu to establish a connection to the areas we cannot access. But first try inputting the -s as one of the id's between. Maybe?
Sent from my C1505 using XDA Free mobile app
I get invalid dfuse address for the first command you gave. can you please tell me what I am doing wrong:
sudo dfu-util -c 1 -i 0 a 0 -U memdump.raw -s 0x08000000:0x200000
[sudo] password for ??????:
invalid dfuse address: 0x08000000:0x200000
I am working on reverse engineering the dump while also reverse engineering the protocol used for fota updates to try and get the full dfu file!!!!!!
Sent from my C1505 using XDA Free mobile app
Just for everyone's information dfu-util sees on the SW2:
Found DFU: [0fce:f0fa] devnum=0, cfg=1, intf=0, alt=0, name="@Internal Flash /0x08000000/03*016Kg,01*016Kg,01*064Kg,07*128Kg,03*016Kg,01*016Kg,01*064Kg,07*128Kg"
Found DFU: [0fce:f0fa] devnum=0, cfg=1, intf=0, alt=1, name="@eMMC /0x00000000/01*512Mg"
:good:
---------- Post added at 09:26 AM ---------- Previous post was at 09:17 AM ----------
Xtreme_FIRMWARE said:
I get invalid dfuse address for the first command you gave. can you please tell me what I am doing wrong:
sudo dfu-util -c 1 -i 0 a 0 -U memdump.raw -s 0x08000000:0x200000
[sudo] password for ??????:
invalid dfuse address: 0x08000000:0x200000
Click to expand...
Click to collapse
Looking at my exact command line I executed a couple of months back, I have to upgrade to dfu-utils release 0.7 (dfu-util.gnumonks.org/releases) and then I could execute:
sudo ./dfu-util -v -c 1 -i 0 -a 0 -s 0x08000000:0x200000 -U InternalFlash.hex -R
Hope this helps.
:good::good:
Hey all,
Anyone look at the com.sonymobile.smartconnect.smartwatch2.apk, these files in the apk look sort of interesting:
res/raw/asw.bin 607KB -- Firmware?
res/raw/bl.bin 31KB -- BootLoader?
res/raw/fat.bin 545KB -- FlashFS?
Not really sure if these can be useful in the quest to get a working firmware together. I wish we had a memory map of this thing.
AL