Develop Bugs

apps_compressed.bin

With PSAS (only FULLversion) it is possible to "decompress" apps_compressed.bin for investigation.
It uses Algo:
TkToolVer:1.6.3
I don't know way to make own apps_compressed.bin.
As Multiloader for instance not accept decrypted apps_compressed.bin
As example some older apps_compressed.bin from S8500.
http://www.megaupload.com/?d=2JIKS8QD
Best Regards

u reache some limit bro........... cant download from RS........but good going

can u write a tutorial
so that other members too can find something
thanx!
gr8 gng mate

PSAS can only decrypt in Full Version.
Costs 30 Euro...
BUT I can upload via Request some decrypted files for study.
I'm not an Seller of PSAS nor I force you to buy PSAS.
But this is the only Tool I know, which decrypt these apps_compressed.bin and bootloader.mbn. Tested by me with:
S5250
S5330
S5750
S7230
S8500
S8530
http://forum.revskills.de/viewtopic.php?f=14&t=700
Wait few minutes. I will upload to megaupload... from S8500 as example.
Best Regards
Edit:
Download example apps_compressed.bin taken from S8500:
http://www.megaupload.com/?d=2JIKS8QD
Same as in first post.

So what did u get inside that?? What was compressed in layman terms pls.......

Expect not too much. Depend on knowledge...
Now file is "human readable"... Ready for Reverse engineering.
Minimum Requirement HEX Editor...
Then you can find Text like this:
Please receive DB2 by TkFileExplorer.exe !!primaryRecord
Click to expand...
Click to collapse
Remember where u saw TkFileExplorer.exe else...
You could search for Textstrings... like:
widget
bondi
.
.
.
So many things to explore.
Best Regards

hi guys I'm working on some bada's modding projects...
is it possible to have an example of uncompressed files?
thank you in advance
edit : I have now seen the uploaded uncompressed file...
I hoped it was more "human" readable...

http://www.megaupload.com/?d=PFWCKTGZ
This is from XXJID... bada 1.2 S8500 stuff.
Best Regards

adfree said:
But this is the only Tool I know, which decrypt these apps_compressed.bin and bootloader.mbn.
Click to expand...
Click to collapse
Hi,
could you upload the decrypted bootloader, too? Maybe someone here will find some exploitable code in that will help "jailbrake"-ing the system, or allow booting unencrypted OS (modified Bada or Android from Galaxy S for exmaple...)
TIA!

@ anghelyi
http://forum.xda-developers.com/showpost.php?p=10304951&postcount=3
Here I have attached some more things about Bootloader... some ELF files included... maybe "easier" for Reversing.
Best Regards

adfree said:
@ anghelyi
http://forum.xda-developers.com/showpost.php?p=10304951&postcount=3
Here I have attached some more things about Bootloader... some ELF files included... maybe "easier" for Reversing.
Best Regards
Click to expand...
Click to collapse
Thanks! I'll check it!

Little overview...
Best Regards

Hi adfree,
Can you say me the name of PSAS software please?

http://psas.revskills.de/
RevSkills is the new name of PSAS.
This feature only in registered Fullversion possible.
NOT in Trial Version.
Best Regards

Thanks but seems to be not compatible with windows 7 64 bits
Will try later, Have a good night adfree

look like that apps_compressed.bin contains a big secret
i flashed amss.bin file & apps_compressed.bin file from spoofable fw as an update for non spoofable fw and the result was getting a spoofable fw with its code name in the about phone menu but i lost all the updates made in the non spoofable fw
can anyone know where is the part in the app_compessed.bin that allow spoofed games run or not?????

To clarify:
I'm NOT support spoofing.
Prior files were not decompressed, "only" decrypted.
But now.
http://rapidshare.com/files/453882158/XXJL2decrypted_apps_decompressed.rar
File is from XXJL2.
Maybe we can find other usefull infos.
Best Regards

Now we can encrypt.
Thanx to ho1od
Any suggestions?
Mabye few things can be enabled or disabled...
TRUE can be found 600 x
FALSE over 700 x
Best Regards

I'm working on decompression QMD, thanks to mijoma

I was looking for the decompressed files of apps_compressed.bin (S8500XXJL2 and S8500XEKC1 only), but the link does not work.
If anyone (or you, adree) can decompress (not only decrypt) those files and upload them somewhere, that would be very kind/nice. Maybe I can work something out and if we are ever able to encrypt the files back, we may have a new better cleaned up version by that time.
Btw, thanks for the efforts, adree and ho1od.

QuB an mighty Tool for Samsung handsets

This Tool is amazing. Many features.
Source is here:
http://rk-team.net/showthread.php?11-%CD%EE%E2%FB%E5-%E2%E5%F0%F1%E8%E8-QuB
"Lesson 1"
Make hidden folders visible for research and Backup.
For instance folder System is the RC1 file, mounted into RAM...
Many Thanx RusEm and Team.
Best Regards

Hi thank you for this tool but it is only for "qualcomm" platforms i think (not sure). In s8500 qualcomm is only processor for calls.

QuB is designed for Samsung handsets.
This command is 100 % working on S8500 and U700, tested by me.
You have to select same COM Port like you would choose for File Manager...
No magic.
Then you have access to nvm folder, system folder and few more...
System folder is read only as it is the mounted RC1 file...
Best Regards

But... with this... what kind of researches could be done?

"Lesson 2"
Decrypt Firmware files, like:
apps_compressed.bin
and
boot_loader.mbn
Best Regards

adfree said:
"Lesson 2"
Decrypt Firmware files, like:
apps_compressed.bin
and
boot_loader.mbn
Best Regards
Click to expand...
Click to collapse
If you can decrypt bootloader... that's mean you're closer to install other os?
Ok, maybe the information given in "lessons" can cause more expectation
Waiting for lesson three!

does all these features run on trial mode???
or should i buy the app
there is no profile for s8500 why???
i know you are not the developer of the app adfree but i just wanted to put those questions

does all these features run on trial mode???
Click to expand...
Click to collapse
Yes.
Public solution.
Tested with QuB_public_v.0.3_001_beta.rar
Best Regards

@adfree: take a look at the screen, i got only question mark on the application. do you know what is the problem?? may be due to lang files ??

Main Language is Russian.
See Screenshot. Blue marked... then you see right Russian-> change into English.
Not all Text is translated.
Best Regards

wonderful new tool
-i am able now to view the files in the ram but don't know what to do with them
-after decryption of apps_compressed.bin i found out that i have a very little brain to modify in that file
i can't wait for lesson 3
thanks adfree and good luck

"Lesson 3"
apps_compressed.bin
Decompressed example from XXJL2 is here:
http://forum.xda-developers.com/showpost.php?p=12300153&postcount=17
Code:
Type : Unofficial Version
Number : 362
Builder : Administrator
Host : S1-AGENT05
Date : 2010/12/23
Time : 14:24:54
[B][COLOR="Red"]Size[/COLOR][/B] : 82576764 bytes
CheckSum : 0x32cdbee8
I was not able to decompress with QuB, maybe my fault...
Helpfull would be, to know which part is with CheckSum.
82576764 bytes
Best Regards

Really nice tool.
Setting FmSecureMode to off gives us the chance to see where everything is located and we can investigate and chang the files on the pc. now we need to find a way to get them back to the wave
Maybe with PfsDeleteList.txt / *.pfs ?
Also after reboot FmSecureMode is set to on again.
But we can already see where the fonts are located, that the sms viewer is html/css based like the one for email and any other messages (so we can easiely change layout, colors, font-size,...) and a lot of other things like replacing images etc.
When we get this working, nothing keeps us anymore from a fully customized bada

In combination of TkFileExplorer 2.4 you can see this.
Caution!
Renaming or other Directory Manipulation can lead to Bootcycle.
At your own risk.
http://forum.xda-developers.com/showpost.php?p=12515691&postcount=20
Thank you very much for posting Xenon.
Best Regards

yes indeed the tool works fine

adfree said:
Main Language is Russian.
See Screenshot. Blue marked... then you see right Russian-> change into English.
Not all Text is translated.
Best Regards
Click to expand...
Click to collapse
How did you get the s8500 otion in handset? I dont have it. Do you have a plugin for it?

How did you get the s8500 otion in handset?
Click to expand...
Click to collapse
I've made my own... but not all Settings... So it makes no sense to upload.
Best Regards

adfree said:
I've made my own... but not all Settings... So it makes no sense to upload.
Best Regards
Click to expand...
Click to collapse
Still can u please upload it? Its a kind request.

There is nothing special...
Make folder + S8500XXJL2.ini...
Folder is nearly empty... I've made an Logo.jpg with text.
But again. You NOT need it. As mandatory parameter are wrong or missing...
[Loader]
[PreConf]
[Patch]
...
1.
You can use S8500 or other not listed Samsung handsets like U700 with QuB. BUT not with all features...
2.
Many features NOT need attached handset...
Best Regards

Need help in decompressing Rc1 and Rc2 files. I see some tabs in Qub saying Rc1 and Rc2. Dont know how to use them to dump rc1 and rc2 files. And if I do, is there any way to upload them back like in trix. Or can you use trix to decompress rc1 and rc2 files? If yes, how? Help would be very much appreciated.

Aio bada studio

All in One program Gui for Bada
Upload later for change...

Please, what is this?
I'll download, but I need more infos before install...
Thanx.
Best Regards

This is a collection of tools for bada
a screenshot form this program

please remove TriX from you package

Its not mine i dont know how remove it...
What's wrong whit you ?

we can edit rsrc1 file with this pack?

litebass2 said:
we can edit rsrc1 file with this pack?
Click to expand...
Click to collapse
yes RC1Extractor Current version: 0.3.0.0a (ALPHA) is integrated

martinklaus said:
yes RC1Extractor Current version: 0.3.0.0a (ALPHA) is integrated
Click to expand...
Click to collapse
but its not correct decompress and decrypt on S8500 and S8530 firmware, this one works fine on S5830.S5230...
Also in bundle you can use Extractor but not way to recompress...
Last WaveReMaker by Ho1od do it !

TriX is under developement - latest build you can always find at NokiX site - check my homepage link. This really pisses me off that someone says TriX doesn't work etc only because it uses program from unknown source. The second reason mentioned at the beginning is I'm still working on so the badastudio is permanently outdated (this also applies to Wave Remaker - 0.0.71 against 0.06 in badastudio)

Tigrouzen said:
but its not correct decompress and decrypt on S8500 and S8530 firmware, this one works fine on S5830.S5230...
Also in bundle you can use Extractor but not way to recompress...
Last WaveReMaker by Ho1od do it !
Click to expand...
Click to collapse
Yes but with waveremakr we can only decompress Rsrc1 and we cannot compress the files back and build rsrc1 file..
if I mistake tell me how to do it..

litebass2 said:
Yes but with waveremakr we can only decompress Rsrc1 and we cannot compress the files back and build rsrc1 file..
if I mistake tell me how to do it..
Click to expand...
Click to collapse
No way to recompress RC1 for the moment sorry, but this is the way easy to uncompress...

b.kubica said:
TriX is under developement - latest build you can always find at NokiX site - check my homepage link. This really pisses me off that someone says TriX doesn't work etc only because it uses program from unknown source. The second reason mentioned at the beginning is I'm still working on so the badastudio is permanently outdated (this also applies to Wave Remaker - 0.0.71 against 0.06 in badastudio)
Click to expand...
Click to collapse
Oh sorry i dont know about that, i understand. Then what about NokiX ?

NokiX is tool for modify N*kia ARM7TDMI based firmwares. TriX also was designed for N*kia phones but it's very flexible so we can use it with different file types (ELF, PE, mobile firmwares)
If the author really want to include TriX in badastudio he should add small web check feature and download latest build when needed

I 'm the badaStudio author...do you want to say me anything?
badaStudio has been released 1 mounth ago...
the last version of wave remaker was the 0.0.6,
i'm not a mentalist....
the next badaStudio release is for bada2.0 tool...
I have written that the program inside the AIO is property of his author...
TriX is yours... Good..

TriX is not mine - was written by g3gg0 and krisha
I mentioned before TriX is still under development so the statement 'the program inside the AIO is property of his author' is very convenient for you because you aren't responsible for nothing.
Some solution could be integrated 'wget' module to download fresh package from the web. I'm open for suggestions

I have written 'the program inside the AIO is property of his author'
for WinImage (commercial program), for HxD (commercial program) and for WinHex (other commercial program)...
the responsibility is always of those who use the software,
if they download software from unknown source...
TriX was updated when I compiled the first version of badaStudio and
for what I needed it always worked (others have tested badaStudio)...
if you want to develop badaStudio send me a PM ...
it is programmed in Visual Basic.Net

[Q] Why I can't compress CSC of Wave 3?

Hello Everyone!
I have this CSC S8600OJPKK3 of Wave 3 (downloaded from samfirmware)
I dumped it to the Waveremaker 2.0.7, and I added Hebrew language, and then I saved it as non-compressed csc, but the message "File is signed" didn't appear. In addition, when I tried to put it in the multiloader I got the message "Can't load CSC Binary" I guess the problem is with some .bin file...
Can someone help me??

Somebody??

shaiws said:
Somebody??
Click to expand...
Click to collapse
Ho1od already answered this question
ho1od said:
CSC files are not yet edited.
Click to expand...
Click to collapse

hero355 said:
Ho1od already answered this question
Click to expand...
Click to collapse
Why this problem is only with Wave 3 csc??

yeah.He is working on it

hero355 said:
yeah.He is working on it
Click to expand...
Click to collapse
so we will see a new version of waveremaker soon?
Thank you for answers

shaiws said:
so we will see a new version of waveremaker soon?
Thank you for answers
Click to expand...
Click to collapse
yeah Maybe We can see New Version Soon

Difference between S8500/S8530 files and S8600 and so on...
Seems Value packs for S7230E S5330 also...
1.
S8600 FW files are encrypted once more...
If you are able to decrypt and to use HEX Editor... then chance to make it manually...
2.
CSC have 2 parts...
After decrypt...
Sorry. I have NOT much time yet...
But if you open CSC from S8500 and compare with S8600 CSC...
But for now you need HEX Editor knowledge too...
Best Regards
Edit 1...
Example from S7230E Value Pack... same """problem"""
Marked stuff is "Header"... remove this, then decrypt...

Please check this feature...
In theory then files like S8500...
After you have finished your work... ENCRYPT for S8600 compatibility.
Try out and report.
I have no S8600 for deeper tests...
Best Regards

[Q] Retrieve FOTA-Updates directly from Servers to PC?

Simple question...
But no Answer...
Is there a way to get FOTA firmware files?
I know, download links could be found on the device in *.cfg file...
But is it possible to get these links without cfg file?

@adfree Where are you

If you have an device, where it works...
Then rename it...
You need only 3 incredients...
1.
Product Code
2.
Name of apps_compressed.bin or yesterday found way over CSC...
3.
Name of CSC...
Example.
I have:
S8500XXLG1/S8500DBTLA1 (DBT)
change into, as example
S723EXXLG1/S723EOXALG1 (DBT)
Start FOTA on your device... download file...
NOT update, no danger if you do...
Then check this file for Link
SyncML/2400257.cfg
Without FOTA working device it is posssible to download from Server... very easy.
Only you need to count... add + 1 ...
Problem... you can't search...
And you don't know what is inside the file... only which Product file and model name + date...
Best Regards

Uupsi...
S7230E is not good example...
No idea why. I am not able to find something...
But I can confirm that it work for:
S8530
S8600
S7250 ( I think I have tried... )
If you have only S8500.
Small bada I never tried before and I can't remember I have seen anything...
Maybe other URL ...
Best Regards