This tool can be used to either decompile or compile ROMs for various Asus devices that used the ABI firmware format (Can also be used in O2 XDA Zest ). The current version can support P835 unencrypted ABI, and even encrypted ABI from updater EXE! Current finding is this tool also supports unreleased Garmin-Asus ROMs!
Thanks (Especially )Harshal and Leon in AsusPda for testing.
Usage:
- Decompiling ROM
1. p835abisplit2 <abi/exe file>
2. os.nb0 and extrom.img released (Only for Pre-P835 devices), os.nb0 cab be processed by imgfsfromnb or osnbtool, extrom.img can be processed by WinImage.
- Compiling ROM
1. First rename the new os.nb0 to os-new.nb0, and rename extrom.img to extrom-new.img (If the new files do not exist, then the compiler will use the parts from original ROM)
2. p835abisplit2 /b <abi/exe file>
3. out.abi releases, which can be used to flash directly (Only for Pre-P835 devices or Post-P835 devices with unencrypted ROM).
4. If you input the updater EXE to p835abisplit2, it will also produce out.exe with region locked patched which can be used to flash your new ROM directly on devices with any region!
- Note when building ROM
1. If you need to modify XIP, make sure the modded XIP is the same size as the original one before merging back to nb0, otherwise booting will fail
2. For Pre-P835 devices, current version can create big-storage ROMs with variable size of imgfs. If the new OS is smaller than the original one, the freed space will be allocated to user space (The left part as shown in Memory setting) after flashing. However the user space display will only reflect the change on second flash.
3. For Post-P835 devices, all partitions must be exactly same size with the original one (i.e. you need to pad the partition before putting it back), otherwise the device won't boot.
4. For Pre-P835 devices, you can modify ExtROM as you like, but not remove or rebuild the image file, otherwise you may get a brick! (Not able to enter bootloader)
Final Warning: Customizing a ROM always has risks, I won't be responsible for any damages lead to your custom ROM!
Release Notes:
v2.40:
- Added support for M930
v2.32:
- Support extraction of encrypted ABI file resource from P835 updater exe
- Support reconstruction of P835 updater exe
- When rebuild to exe, the produced out.exe is patched to install in devices of any region.
V2.20:
- Support extration and rebuilding of P835 ABI file (Note that not for ABI inside EXE)
- When rebuild with exe, OUT.EXE will be produced for direct flashing
starkwong said:
This tool can be used to either decompile or compile ROMs for various Asus devices that used the ABI firmware format (Can also be used in O2 XDA Zest ).
Thanks Harshal and Leon in AsusPda for testing.
Usage:
- Decompiling ROM
1. p565abisplit2 <abi/exe file>
2. os.nb0 and extrom.img released, os.nb0 cab be processed by imgfsfromnb or osnbtool, extrom.img can be processed by WinImage.
- Compiling ROM
1. First rename the new os.nb0 to os-new.nb0, and rename extrom.img to extrom-new.img (If the new files do not exist, then the compiler will use the parts from original ROM)
2. p565abisplit2 /b <abi/exe file>
3. out.abi releases, which can be used to flash directly.
- Note when building ROM
1. If you need to modify XIP, make sure the modded XIP is the same size as the original one before merging back to nb0, otherwise booting will fail
2. OS part doesn't need to be the same size as the original. If the new OS is smaller than the original one, the freed space will be allocated to user space (The left part as shown in Memory setting) after flashing. However the user space display will only reflect the change on second flash.
3. You can modify ExtROM as you like, but not remove or rebuild the image file, otherwise you may get a brick! (Not able to enter bootloader)
Final Warning: Customizing a ROM always has risks, I won't be responsible for any damages lead to your custom ROM!. Moreover, don't use it in P835 abi, it won't work
Click to expand...
Click to collapse
Nice we all waiting for it
Many Congrats for successfully ripping through the ROM !!
Partition offsets and checksums reported by the tool are :
Part #0002 sz:0003e000=>0003e000 cs:625f94b2=>625f94b2 of:000003a0=>000003a0
Part #0004 sz:00100000=>00100000 cs:ffe5f731=>ffe5f731 of:0003e3a0=>0003e3a0
Part #0103 sz:00452a8c=>00452a8c cs:99f65978=>99f65978 of:0013e3a0=>0013e3a0
Part #0104 sz:000fffc0=>000fffc0 cs:5e03943f=>5e03943f of:00590e2c=>00590e2c
Part #0005 sz:07e00000=>07e00000 cs:674f4072=>674f4072 of:00690dec=>00690dec
Part #0013 sz:00a00000=>00a00000 cs:56994bf9=>56994bf9 of:08490dec=>08490dec
I am a little scared to use this tool for following reasons :
1. Actually, the IMGFS & ExtROM offsets are '00690dfc' & '08490dfc' respectively.
2. Checksums( 674f4072, 56994bf9....) can not be located in the Header.
3. The Adler32 checksum for the ExtROM is '5ff94bfa', while your tool reports '56994bf9'.
Any clues ?
rishi2504 said:
Many Congrats for successfully ripping through the ROM !!
Partition offsets and checksums reported by the tool are :
Part #0002 sz:0003e000=>0003e000 cs:625f94b2=>625f94b2 of:000003a0=>000003a0
Part #0004 sz:00100000=>00100000 cs:ffe5f731=>ffe5f731 of:0003e3a0=>0003e3a0
Part #0103 sz:00452a8c=>00452a8c cs:99f65978=>99f65978 of:0013e3a0=>0013e3a0
Part #0104 sz:000fffc0=>000fffc0 cs:5e03943f=>5e03943f of:00590e2c=>00590e2c
Part #0005 sz:07e00000=>07e00000 cs:674f4072=>674f4072 of:00690dec=>00690dec
Part #0013 sz:00a00000=>00a00000 cs:56994bf9=>56994bf9 of:08490dec=>08490dec
I am a little scared to use this tool for following reasons :
1. Actually, the IMGFS & ExtROM offsets are '00690dfc' & '08490dfc' respectively.
2. Checksums( 674f4072, 56994bf9....) can not be located in the Header.
3. The Adler32 checksum for the ExtROM is '5ff94bfa', while your tool reports '56994bf9'.
Any clues ?
Click to expand...
Click to collapse
Tool works properrly.No harm is trying
starkwong, is there any tool to decompile P835's ROM in the same way?
New version posted.
rishi2504:
The image checksum is not calculated by plain Adler32, actually is uses the same formula as older Asus ROMs, however it is not a one-time calculation.
Checksums are inside header, given you decoded it correctly.
starkwong, here's what I get when trying to decompile a ROM:
Code:
v2.40 (Jun 16 2009 19:56:06)
ExtractABI(): Trying to load G5_ALL_V4.11.0_V3.6.12.P2_Ship_WWE_app_MYS00_V2.3.6.exe...
Module loaded, searching for BIN resource...
Found matching resource at BIN #211!
GetPartitions(): Getting Partition Information...
*** Encrypted ABI detected
ABI Version 0x00030012
Project Name: G5
Partition Type: 000f [email protected]
Partition Type: 000e [email protected]
Partition Type: 000e [email protected]
Partition Type: 0004 [email protected]
Partition Type: 0004 [email protected]
Partition Type: 000f [email protected]
Partition Type: 000f [email protected]
Partition Type: 0102 damage [email protected]
Partition Type: 0005 UnKnown [email protected]
Partition Type: 0002 [email protected]
Partition Type: 0003 [email protected]
ProcessABI(): Writing OS data...
* BIN(P835) Image Detected
Warning: OS.nb0/flash.bin is not a NB image, not modifying MSFLSH50 headers
ProcessABI(): No ExtROM partition found.
OK!
So it seems that partitions are not detected correctly, there's no os.nb0 at the output, and the flash.bin apperars to be of no use. Even when I found imgfs partition inside of it, there's still something wrong with it, e.g. bad start block offset, and everything else is also broken.
Can you help me with this?
In fact it is correct, as Asus uses B000FF image on P835, not a plain NB0 image.
You need to use osnbtool to get a nb0 with extra bytes, then use nbsplit -data 2048 -extra 8 to get a nb0 with sector size 0x800.
ginkage said:
starkwong, here's what I get when trying to decompile a ROM:
Code:
v2.40 (Jun 16 2009 19:56:06)
ExtractABI(): Trying to load G5_ALL_V4.11.0_V3.6.12.P2_Ship_WWE_app_MYS00_V2.3.6.exe...
Module loaded, searching for BIN resource...
Found matching resource at BIN #211!
GetPartitions(): Getting Partition Information...
*** Encrypted ABI detected
ABI Version 0x00030012
Project Name: G5
Partition Type: 000f [email protected]
Partition Type: 000e [email protected]
Partition Type: 000e [email protected]
Partition Type: 0004 [email protected]
Partition Type: 0004 [email protected]
Partition Type: 000f [email protected]
Partition Type: 000f [email protected]
Partition Type: 0102 damage [email protected]
Partition Type: 0005 UnKnown [email protected]
Partition Type: 0002 [email protected]
Partition Type: 0003 [email protected]
ProcessABI(): Writing OS data...
* BIN(P835) Image Detected
Warning: OS.nb0/flash.bin is not a NB image, not modifying MSFLSH50 headers
ProcessABI(): No ExtROM partition found.
OK!
So it seems that partitions are not detected correctly, there's no os.nb0 at the output, and the flash.bin apperars to be of no use. Even when I found imgfs partition inside of it, there's still something wrong with it, e.g. bad start block offset, and everything else is also broken.
Can you help me with this?
Click to expand...
Click to collapse
B000FF image cannot be modified without osnbtool or viewbin or cvrtbin tool..For Ext ROM there is no partition in the abi file which can b read as .nb0 Ext ROM is inside the OS and is not as a partition.So what the output u get from the tool is correct.Whatever ROMs u saw mine are from using the same tool
I hope this clarifies.
starkwong, Thank you so much, it worked perfectly!
Can't use this tool on my Asus M530w. Getting this message:
Copyright(C) 2009 Studio KUMA(starkwong). All rights reserved
v2.40 (Jun 16 2009 19:56:06)
ExtractABI(): Trying to load nk.abi...
Failed loading as module (193). Perhaps ABI?
Trying as ABI directly...
Creating file mapping...
GetPartitions(): Getting Partition Information...
Error: AES Key not suitable for this ROM
unencrypted vers encrypted
There is little bit mess in description.
If you will use unecrypted rom + p835abisplit2 you will get os.nb0.
With encrypted rom + p835abisplit2 you will get flash.bin.
starkwong said:
4. For Pre-P835 devices, you can modify ExtROM as you like, but not remove or rebuild the image file, otherwise you may get a brick! (Not able to enter bootloader)
Click to expand...
Click to collapse
Hi,
Can i add my own cab/xml files to this Ext_ROM, after removing the files not needed ?
rishi2504 said:
Hi,
Can i add my own cab/xml files to this Ext_ROM, after removing the files not needed ?
Click to expand...
Click to collapse
Don't bother dude , figured it out ...
Is there anyway I can extract the flash.bin file from a .abi file using this tool?
My P835 is unable to upgrade from the SD card with the .abi file on it.. so I wanted to extract the flash.bin and see if I can use the QPST tool to update the image with flash.bin file..
Sorry if I'm being stupid here (not unusual!). I'm trying to use this tool to get a .abi file out of O2's "Xda_Zest Firmware Update_V7.7.0S.WWE20.00_M4.6.5.P7_V2.1.4 GBR20.exe" so I can stick it on the SD card and flash the ROM, but of course I'm only ending up with the two files you mention, os.nb0 and extrom.img, no .ABI file. I can look in the extrom.img file with winrar, but the file only contains FINDMA~1.000 (300 bytes), 000dummy.001 (0 bytes) and _setup.xml (1205 bytes).
Plainly I'm thick - where am I going wrong, and how do I get the .ABI file?
Has anyone been able to get the android kitchen to actually work on Fedora 16 and if so, how?
The reason I ask is because it does start and it does find the system.img and boot.img but its complaining during the working folder set up. See below:
Code:
Creating working folder WORKING_112911_011054 ...
Copying boot.img ...
Copying system.img ...
Adding an update-script ...
Chunk size is 2048 bytes in system.img
Spare size calculated to be 64 bytes
Compiling unyaffs ...
In file included from /usr/include/features.h:387:0,
from /usr/include/sys/types.h:26,
from unyaffs.c:10:
/usr/include/gnu/stubs.h:9:27: fatal error: gnu/stubs-64.h: No such file or directory
compilation terminated.
Error: unyaffs not successfully compiled!
Never mind. I fixed it already.
So I'll share. If you run into that error just open up a new terminal and type:
Code:
su -
yum install glibc-devel.x86_64 --disablerepo=adobe\*
Simple enough, lol
sir
wildstang83 said:
Never mind. I fixed it already.
So I'll share. If you run into that error just open up a new terminal and type:
Code:
su -
yum install glibc-devel.x86_64 --disablerepo=adobe\*
Simple enough, lol
Click to expand...
Click to collapse
do you know how to add device in android kitchen?
Hello everyone I recently got a Lumia 950 XL from B&H not knowing that I ended up with one from Mexico no big deal but id like to have the Reset Protection on the phone since that's a US only feature. So I look up my phone on the back of it an such and so on. And I try this one code that suppose to change my product code which didn't work I try even my original code of my device and nothing happen just errors. this what ive done. Mine a RM-1116 and product number 059X5P5 I wanted to put on my device a US code of 059X505 since there both RM-116 then I put this code down as followed try both as a test.
"C:\Program Files (x86)\Microsoft Care Suite\Windows Device Recovery Tool\thor2.exe" -mode uefiflash -ffufile C:\ProgramData\Microsoft\Packages\Products\RM1116_1078.0038.10586.13080.15285.033372_retail_prod_signed.ffu -skip_flash -productcodeupdate 059X5P5
"C:\Program Files (x86)\Microsoft Care Suite\Windows Device Recovery Tool\thor2.exe" -mode uefiflash -ffufile C:\ProgramData\Microsoft\Packages\Products\RM1116_1078.0038.10586.13080.15285.033372_retail_prod_signed.ffu -skip_flash -productcodeupdate 059X505
But both didn't work. I ended up with a huge error. If I could get some help on this or more clarification of what im doing wrong please help im not a coder just ran into this code from a different forum I belong too. here the log off my error below.
Process started Mon Apr 25 08:58:17 2016
Logging to file C:\Users\Daniel\AppData\Local\Temp\thor2_win_20160425085817_ThreadId-232.log
Debugging enabled for uefiflash
Initiating FFU flash operation
WinUSB in use.
isDeviceInNcsdMode
Normal mode detected
Rebooting to the normal mode...
Resp from NCSd {"id":7,"jsonrpc":"2.0","result":null}
[THOR2_flash_state] Switching to flash mode
Detecting UEFI responder
HELLO success
Lumia Boot Manager detected
Check status of battery
State of charge 69, charging current 71
Protocol version 2.6 Implementation version 2.48
Booting to FlashApp
Reboot to FlashApp command sent successfully.
Verifying that device is online
Device is online
Detecting UEFI responder
HELLO success
Lumia Flash detected
Protocol version 2.41 Implementation version 2.75
[THOR2_flash_state] Pre-programming operations
Disable timeouts
Get flashing parameters
Lumia Flash detected
Protocol version 2.41 Implementation version 2.75
Size of one transfer is 2363392
MMOS RAM support: 1
Size of buffer is 2359296
Number of eMMC sectors: 61071360
Platform ID of device: Microsoft.MSM8994.P6211.2.1
Async protocol version: 01
Security info:
Platform secure boot enabled
Secure FFU enabled
JTAG eFuse blown
RDC not found
Authentication not done
UEFI secure boot enabled
SHK enabled
Device supports FFU protocols: 0015
Subblock ID 32
[THOR2_flash_state] Device programming started
Using secure flash method
CoreProgrammer version 2015.06.10.001.
Start programming signed ffu file C:\ProgramData\Microsoft\Packages\Products\RM1116_1078.0038.10586.13080.15285.033372_retail_prod_signed.ffu
FfuReader version is 2015061501
Send FlashApp write parameter: 0x4d544f00
Perform handshake with UEFI...
Flash app: Protocol Version 2.41 Implementation Version 2.75
Unknown sub block detected. Skip...
DevicePlatformInfo: Microsoft.MSM8994.P6211.2.1
Unknown sub block detected. Skip...
Unknown sub block detected. Skip...
Supported protocol versions bitmap is 15
Secure FFU sync version 1 supported.
Secure FFU async version 1 supported.
Secure FFU sync version 2 supported.
Secure FFU async version 2 supported.
CRC header v. 1
CRC align bytes. 4
Get CID of the device...
Get EMMC size of the device...
Emmc size in sectors: 61071360
CID: Hynix, Size 29820 MB
Start charging...
Requested write param 0x43485247 is not supported by this flash app version.
Start charging... DONE. Status = 0
ConnSpeedEcho: Elapsed= 0.221000, EchoSpeed= 30.54, Transferred= 7077918 bytes
Get security Status...
Security Status:
Platform secure boot is enabled.
Secure eFUSE is enabled.
JTAG is disabled.
RDC is missing from the device.
Authentication is not done.
UEFI secure boot is enabled.
Secondary HW key exists.
Get RKH of the device...
RKH of the device is 427D8FD5A7F227820D5B11BF8C6F7670C0A0622CC61BA95AAEE18F7517FC0B77
Get ISSW Version...
ISSW Version: 291
Thu Nov 19 16:02:20 EET 2015 ;ISSW v0291; rg0; OS; DNE; KCI 1318; ASIC 899x;
Get system memory size...
Size of system mem: 3145728 KB
Read antitheft status...
Reset Protection status: Disabled
Reset Protection version: 1.1
Send backup to RAM req...
Unable to parse FFU file. File open failed
programming operation failed!
Unable to parse FFU file. File open failed, Error code: 2
Operation took about 34.00 seconds.
FFU_PARSING_ERROR
THOR2 1.8.2.18 exited with error code 2228224 (0x220000)
same
maliksantika said:
same
Click to expand...
Click to collapse
you can ask for help in telegram group.its called "LumiaWOA" join it and ask there
Hello ,
I have a Nokia Lumia 822 with me here , and since 2 days i am trying to fix it .
ERROR ( Unable to find a bootable device : press any key to shutdown )
I have already tried WDRT , WP Internals , doesn't work ( WDRT -Unkown Error , WP Internals gives security Header error ).
With Thor2 , can't flash FFU file . ( I got the FFU from WDRT downloaded RM-845 package in C:/ProgramData)
It's give me an Error RDC file not found. I tried flashing partitions separately but Nothing works until i have this RDC file.
Now where do i get it ? I have dumped FFU via Thor2 , and i do have PLAT , GPT , MAIN OS , MMOS , UEFI , TZ . I dont see any RDC named file here.
Kindly help me any one here.
P.S , I have Following list of files.
WINSECAPP
UEFI
SBL1
SBL2
SBL3
RPM
PLAT
MAIN OS
MMOS
GPT
GPT0
GPT1
EFIESP
DATA
just missing the RDC file and HEX i guess.
I don't know anything about this, but this seems relevant. https://forum.xda-developers.com/chef-central/windows-phone-7/replace-rdc-t3277506/page1
Sent from my Moto G (5S) Plus using Tapatalk
RoshanX said:
Hello ,
Kindly help me any one here.
Click to expand...
Click to collapse
Try to install EFIESP.bin partition from another phone, using WPinternals.
I unbricked lumia 530 flashing the EFIESP.bin from custom ROM of lumia 830.
Unfortunately, after, the phone cant upgrade to windows mobile 10 or hard reset. Sad face appear. Is stuck on wp 8.1.
augustinionut said:
Try to install EFIESP.bin partition from another phone, using WPinternals.
I unbricked lumia 530 flashing the EFIESP.bin from custom ROM of lumia 830.
Unfortunately, after, the phone cant upgrade to windows mobile 10 or hard reset. Sad face appear. Is stuck on wp 8.1.
Click to expand...
Click to collapse
Thank you for your participation , I tried it it , and also tried flashing UEFI paritition , but it gives me an error(see below)
[21:44:40.362] D_MSG : Initiating flash of partition image operations
[21:44:40.362] D_MSG : WinUSB in use.
[21:44:40.380] D_MSG : Using programming of partition image method
[21:44:40.380] D_MSG : isDeviceInNcsdMode
[21:44:40.381] D_MSG : isDeviceInNcsdMode is false
[21:44:40.381] D_MSG : Detecting UEFI responder
[21:44:40.382] D_MSG : HELLO success
[21:44:40.474] D_MSG : Lumia Flash detected
[21:44:40.474] D_MSG : Protocol version 1.18 Implementation version 2.2
[21:44:40.475] D_MSG : Disable timeouts
[21:44:40.476] D_MSG : Get flashing parameters
[21:44:40.567] D_MSG : Lumia Flash detected
[21:44:40.568] D_MSG : Protocol version 1.18 Implementation version 2.2
[21:44:40.568] D_MSG : Size of one transfer is 2363392
[21:44:40.568] D_MSG : Size of buffer is 2359296
[21:44:40.568] D_MSG : Number of eMMC sectors: 30535680
[21:44:40.568] D_MSG : Platform ID of device: Nokia.MSM8960.P5219.3.2.1
[21:44:40.568] D_MSG : Async protocol version: 01
[21:44:40.569] D_MSG : Security info:
[21:44:40.569] D_MSG : Platform secure boot enabled
[21:44:40.569] D_MSG : Secure FFU enabled
[21:44:40.569] D_MSG : JTAG eFuse blown
[21:44:40.569] D_MSG : RDC not found
[21:44:40.569] D_MSG : Authentication not done
[21:44:40.569] D_MSG : UEFI secure boot enabled
[21:44:40.570] D_MSG : SHK enabled
[21:44:40.570] D_MSG : Device supports FFU protocols: 0031
[21:44:40.571] D_ERR : getGpt failed. Error code 12 h
[21:44:40.572] D_ERR : Cannot flash partition image. Write the RDC into the device or use open/RnD HW & SW
[21:44:40.584] D_MSG : Operation took about 0.00 seconds.
[21:44:40.585] D_ERR : THOR2 1.8.2.18 exited with error code 84214 (0x148F6)
I said WPinternals. Capisci?
Anyway, be carefull to not accidentaly click OK when windows will ask to format partition, if you put your phone in mass storage mode. I bricked lumia 640xl that way.
augustinionut said:
I said WPinternals. Capisci?
Anyway, be carefull to not accidentaly click OK when windows will ask to format partition, if you put your phone in mass storage mode. I bricked lumia 640xl that way.
Click to expand...
Click to collapse
Didn't work either. i double checked.
What i need over here i guess is either the RDC , or either the HEX file.
I have seen people generating msimage.mbn via GPT dump
But how do i get the hex file ?! or the RDC ?
WPinternals. Is this? https://forum.xda-developers.com/windows-10-mobile/windows-phone-internals-2-2-t3713157
Hello everyone,
I tried to root my Mi Mix 2 with XiaoMiTool V2 but I have got a problem during the step of pushing file magisk_20.4.zip.
In the log, I can see :
[10:07:04][PSTA ][70c729f4] Start process (781): "C:\Xiaomi\XiaomiTool2\res\tools\adb.exe" "-s" "ebf1f094" "push" "C:\Xiaomi\XiaomiTool2\res\tmp\magisk_20.4.zip" "/sdcard/magisk_20.4.zip"
[10:07:05][PROC ][55e63029] Process (781) output: adb: error: failed to copy 'C:\Xiaomi\XiaomiTool2\res\tmp\magisk_20.4.zip' to '/sdcard/magisk_20.4.zip': remote couldn't create file: No such file or directory
[10:07:05][PROC ][55e63029] Process (781) output: C:\Xiaomi\XiaomiTool2\res\tmp\magisk_20.4.zip: 1 file pushed, 0 skipped. 48.9 MB/s (5942417 bytes in 0.116s)
[10:07:05][INFO ][70c729f4] Process (781) ended with exit code: 1, output len: 268
[10:07:05][ERROR ][70c729f4] Task error: exception: Failed to push file to the device: adb: error: failed to copy 'C:\Xiaomi\XiaomiTool2\res\tmp\magisk_20.4.zip' to '/sdcard/magisk_20.4.zip': remote couldn't create file: No such file or directory : AdbPushTask -> status: RUNNING
Can you help me ??
Thanks by advance !
Do you know an other way to root it easily ?
Thanks by advance.