Not sure if I have anything worth while, but ASUS left a "Tools" folder on my desktop...attached a screenshot of what it included.
phxtravis said:
Not sure if I have anything worth while, but ASUS left a "Tools" folder on my desktop...attached a screenshot of what it included.
Click to expand...
Click to collapse
Can you please zip that and upload them?
Yeah please zip it up and upload them so we can see what it's doing.
Yes, ZIP them please - the auditmode files are for sysprep audit mode, securebootdebug - are probably from microsoft HCK and add debug key to key storage (so you can run testsigned apps), FWVar - probably allows editing UEFI firmware variables (I've already made the same tool myself), everything is interesting of cause.
Here you go
Thank you for the tools.
SetAuditMode/ClearAuditMode - clears the sysprep audit mode (useless)
setup.cmd, SecureBootDebug* - installs "secure boot debug" policy. I.e. allows running of testsigned (or unsigned) apps. More info: http://msdn.microsoft.com/en-us/library/windows/hardware/hh998740.aspx
Securebootdebug needs the signed policy file. It is probably left on your device too, as "tools" directory is not erased. To obtain it - run CMD or powershell as administrator, then type there: "mountvol S: /s" without quotes. This would assign S: to your BCD partition. There should be SecureBootDebugPolicy.p7b file. Please share it too
To dismount disk S: after copying that file - type "mountvol s: /d"
reset.cmd - this file would delete the tools directory and all other files reverting things back.
hsc.vbs, pdq.vbs - tiny support scripts for reset.cmd
FWVar.exe - writes firmware variables. Not UEFI vars that are documented, but it plays with some other asus-specific vars like sensors calibration and platform IDs. Would be interesting to decompile it
mamaich said:
Thank you for the tools.
SetAuditMode/ClearAuditMode - clears the sysprep audit mode (useless)
setup.cmd, SecureBootDebug* - installs "secure boot debug" policy. I.e. allows running of testsigned (or unsigned) apps. More info: http://msdn.microsoft.com/en-us/library/windows/hardware/hh998740.aspx
Securebootdebug needs the signed policy file. It is probably left on your device too, as "tools" directory is not erased. To obtain it - run CMD or powershell as administrator, then type there: "mountvol S: /s" without quotes. This would assign S: to your BCD partition. There should be SecureBootDebugPolicy.p7b file. Please share it too
To dismount disk S: after copying that file - type "mountvol s: /d"
reset.cmd - this file would delete the tools directory and all other files reverting things back.
hsc.vbs, pdq.vbs - tiny support scripts for reset.cmd
FWVar.exe - writes firmware variables. Not UEFI vars that are documented, but it plays with some other asus-specific vars like sensors calibration and platform IDs. Would be interesting to decompile it
Click to expand...
Click to collapse
I was unsuccessful at finding the file, I wiped the tablet yesterday as it was running like crap(freezing, and wouldn't download updates), not sure if that wiped what you are looking for.
OK, I see what that setup.cmd file is doing. It generates an unsigned SecureBootDebug.p7b file authorizing full debug unlocking for the particular serial number of your device - the -u switch to createsecurebootpolicy.exe locks it to your device. It then sends that file to a server aptly named "\\secureboot" on ASUS's internal network and waits for a reply. Sometime later, a signed version of that file appears on that server's share, and the Vivo RT copies it to the EFI system partition to use with SecureBootDebug.efi.
After the service center does what it needs to do, they run reset.cmd, which deletes the Secure Boot policy from EFI NVRAM at next reboot and deletes SecureBootDebugPolicy.p7b from the EFI system partition.
phxtravis said:
I was unsuccessful at finding the file, I wiped the tablet yesterday as it was running like crap(freezing, and wouldn't download updates), not sure if that wiped what you are looking for.
Click to expand...
Click to collapse
If you had not done that, we could have made an image of your EFI system partition and recovered the deleted SecureBootDebugPolicy.p7b file, which would have permanently jailbroken your Vivo RT forever. Sadly, it was locked to your device. What method did you use to wipe it? Did you ask it to repartition your system?
Myriachan said:
OK, I see what that setup.cmd file is doing. It generates an unsigned SecureBootDebug.p7b file authorizing full debug unlocking for the particular serial number of your device - the -u switch to createsecurebootpolicy.exe locks it to your device. It then sends that file to a server aptly named "\\secureboot" on ASUS's internal network and waits for a reply. Sometime later, a signed version of that file appears on that server's share, and the Vivo RT copies it to the EFI system partition to use with SecureBootDebug.efi.
After the service center does what it needs to do, they run reset.cmd, which deletes the Secure Boot policy from EFI NVRAM at next reboot and deletes SecureBootDebugPolicy.p7b from the EFI system partition.
If you had not done that, we could have made an image of your EFI system partition and recovered the deleted SecureBootDebugPolicy.p7b file, which would have permanently jailbroken your Vivo RT forever. Sadly, it was locked to your device. What method did you use to wipe it? Did you ask it to repartition your system?
Click to expand...
Click to collapse
I did the "remove everything and reinstall windows" option in settings.
phxtravis said:
I did the "remove everything and reinstall windows" option in settings.
Click to expand...
Click to collapse
It *might* still be there then if we take an image of your EFI System Partition and search it manually with a hex editor. There are definitely no guarantees, though. Also, this would likely reveal your device's serial number to whoever you give the image to. It probably would *not* have any other information, though, like personal documents or your Windows RT CD key--those're on the main partition.
If this file were found, I think it would permanently jailbreak your device - Windows RT would let you run whatever unsigned code.
The SecureBootDebug.efi tool needed to use this .p7b file is also part of the publicly-available final 8.1 Windows Driver Kit. The one in your .zip file looks like the 8.0 version.
Myriachan said:
It *might* still be there then if we take an image of your EFI System Partition and search it manually with a hex editor. There are definitely no guarantees, though. Also, this would likely reveal your device's serial number to whoever you give the image to. It probably would *not* have any other information, though, like personal documents or your Windows RT CD key--those're on the main partition.
If this file were found, I think it would permanently jailbreak your device - Windows RT would let you run whatever unsigned code.
The SecureBootDebug.efi tool needed to use this .p7b file is also part of the publicly-available final 8.1 Windows Driver Kit. The one in your .zip file looks like the 8.0 version.
Click to expand...
Click to collapse
Not sure if I am sold on jailbreaking, what's the advantages other than being able to run "hacked" exe's? Aslo, what would you need me to do?
The EXEs are not "hacked" in any proper sense of the word, just recompiled. Sometimes some changes are needed, but they're usually basic. It lets you run (normal) Windows programs. .NET programs run as-is, native ones need to be ported (usually a pretty simple recompile, if they built under Visual Studio in the first place, but we need the source code), and it unlocks full Powershell scripting power. Programs written in other languages, like Python and Java, can be run using ported runtimes. In fact, it's even possible to run some x86 programs (unmodified Win32 native EXEs) via a dynamic recompilation layer written by @mamaich here on XDA; I can play some old games and run some nice old programs that I like that way.
phxtravis said:
Not sure if I am sold on jailbreaking, what's the advantages other than being able to run "hacked" exe's? Aslo, what would you need me to do?
Click to expand...
Click to collapse
Hacked EXEs?
No hacking. We legally take the source code for a program and compile it for win32 in THUMB_2 instead of win32 on x86. You can then run these desktop applications on your lovely ARM tablet as you could on a normal windows PC. That is an absolutely huge advantage which should have been a default option.
Quake alone makes it worth it.
I didn't mean to use "hacked" in a negative context, merely meant it as a general term of modifying original EXEs to run on ARM, I haven't been following the RT jailbreaking at all.
Can't modify an existing EXE. Totally incompatible (unless its a .NET application in which case no mods needed). Need to rebuild the EXE and any supporting libraries from source.
phxtravis said:
Here you go:
https://docs.google.com/file/d/0BzebTu1H3-aIbXlTV09BMjZsLVk/edit?usp=sharing
Click to expand...
Click to collapse
This requires approval. Does anyone still have a copy?
jordanmills said:
This requires approval. Does anyone still have a copy?
Click to expand...
Click to collapse
It doesn't require approval
Curiously, there is a Secure Boot debug policy creator ,signed by Microsoft for ARM but sadly not generating signed policies...
It may be used for jailbreak as the other tools are unsigned(most of them) if there is a bug allowing to load a unsigned policy somewhere(there should be one)
Will try downloading the HCK to see if there is something useful there
black_blob said:
It doesn't require approval
Click to expand...
Click to collapse
Hmm, it doesn't now. But there doesn't seem to be any way to download the whole thing. It only shows individual files.
jordanmills said:
Hmm, it doesn't now. But there doesn't seem to be any way to download the whole thing. It only shows individual files.
Click to expand...
Click to collapse
There is the download button at the top
Related
***THIS POST IS NOT COMPLETE, I WILL UPDATE MORE LATER***
First, an introduction:
The Image Update system allows the OEM (us! ) to issue updates to a "Live" filesystem - without disrupting user data. This allows, for example, a buggy driver to be updated after the phone has been shipped, or a software package to be updated to the latest version, with minimal knowledge on the user's part. The system validates all updates against an internal list of certificates, and refuses the update if a match is not obtained. This system can also be used to deploy entirely new software to the device (such as support for another locale, input method editor, application support for a new feature the carrier is rolling out, etc.)
Potential usage scenarios for this system
A central server could be maintained for all SYS/OEM updates - each ROM Chef would need to maintain a list of original packages, any updated package(s), and download URL's for each updated package. The user would then receive these updates through the built-in AutoUpdate facility in Windows Mobile, which can check periodically, or on-demand. Each Chef could maintain seperate download servers from the update server to minimize server load.
Alternatively, a chef could provide .cab.pkg updates in his or her ROM thread, on their own web site, etc., and the user could download these and install them at will. These packages can optionally be authenticated to be coming from the Chef, if the Chef wants to ensure updates are coming from him only. A public certificate could also be used to allow users to issue updates as well.
The more technical Summary
Image Update allows an OEM to issue updates to the OEM's, XIP, SYS, (possibly) Radio, or any combination of these. The update can be pushed to the user via a specially formatted SMS or by manual execution. There are at least 2 levels of certificate checking involved in the process, I believe against \SYS\Metadata\DefaultCerts.dat. The system reboots into the ULDR to apply the update, because the filesystem cannot be modified while actively mounted. The ULDR provides a minimal operating enviornment to facilitate this.
How does a Chef need to prepare a ROM for Image Updating?
The Chef would need to use a ROM Kitchen that leaves the .dsm and .rgu file structure intact (i.e. an "unprotected" ROM) - All .dsm's in this ROM would need to be properly formatted with Package Name, versioning info, etc. during the cooking process, in order to facilitate version checking, etc. Each .dsm would need to be signed with a certificate the Chef would use to validate the update as coming from him or her. (Alternatively a public certificate could be used like SDKCerts if the Chef chooses not to maintain direct control over updates, and allow other users to create updates as well)
The Chef also needs to ensure not to Reduce the ULDR partition or remove it; this would cripple the Update Loader and prevent the Image Update system from functioning.
The .cab.pkg format
At the root of a package, the .dsm defines the Package structure (all files, registry entries, etc.) It contains version info, certificates, and other data. A ROM consists of a number of these packages, in an area of flash memory that is not user-writable. When someone wants to issue an update using the ImageUpdate system, they create a matching .dsm, same guid, with a newer version number, same internal package name, same processor ID, os version, etc., there is also a flag that can be marked as an update package or a new package - in this .dsm they define the files that will make up the new, updated package. Here they can add or remove files. One of the files defined by the package is optionally an .rgu, and this defines the registry entries associated with the package. Also optionally included is a provxml to facilitate file operations (copy/replace/delete/rename/etc.) and further registry or metabase operations. This collection of files is rolled up into a ".cab.pkg" archive by a program like cabarc. Once in a pkg.cab format, the package is signed.
A .cab.pkg is referred to as a "Canonical Package" and multiple Canonical Packages can be rolled up into a single "Super Package" to facilitate updating multiple Packages at the same time.
Inside this .cab.pkg is where the "MNGE" file format comes in to play. Essentially, this format is Microsoft's way of storing an XIP Module in the filesystem. (Their equivalent of our imageinfo.bin + s000, s001, etc.) - The "MNGE" format is simply a 4-byte MNGE header, followed by the imageinfo.bin, followed by the s00x sections attached to the end. When the Image Update system processes a file in this MNGE format, it is added to the IMGFS as an XIP Module.
Deploying a .cab.pkg to a device
Now there are several ways to deploy this package to the device, the primary way is an OMA-DM SMS message, which triggers the Image Update system to initiate a download from a server defined in the SMS message. The server can be either a normal HTTP server or a secure HTTPS server. The Image Update system will prompt the user to plug in the usb cable to download over the users home connection if the user has not already authorized the Auto Update system to utilize their GPRS data connection.
Another way for a .cab.pkg update to be pushed to the system is simply through a file copy operation, be it ActiveSync, SD Card, Bluetooth, or otherwise. Once on the device, the .cab.pkg is executed by the user the same way a .cab would be.
The Update Agent
Initiated by either a completed download from push SMS, or user-executed, the "Update Agent" program (which is part of the \SYS\FWUPDATE Package) attempts to validate the Certificates, Package dependancies, and other info contained in the .cab.pkg and .dsm. Once validated, the "Update Agent" sets a flag that the bootloader reads, the flag is a boolean, off = boot into normal OS, on = boot into ULDR - so then the system reboots, the flag is read, and you load into...
The Update Loader
The "Update Loader" or "ULDR" which is a minimal kernel configuration, that provides just enough driver support to display info on screen, respond to user input, and read/write from the internal flash (NAND or NOR)
From here the ULDR does further validation on the .cab.pkg, and applies it to the filesystem. If there are any modules in the package it dynamically relocates the memory map to make sure there are no overlaps. This is why it's important that reloc's not be removed from your ROM - ULDR will fail in this case.
The End Result
Once the ULDR has completed updating, the device is again rebooted, back into the full system, where the now-updated packages are now a part of the IMGFS, any updated files are processed (.rgu, .provxml, etc.) - The package is now a full part of the ROM.
The new .dsm replaces the old .dsm (along with the other files in the package) and now a future update will be checked against this new package.
If the update was pushed via OMA-DM SMS, or AutoUpdate, the device Pushes a notification to the OMA-DM server notifying it of the update status.
What's missing right now to implent the ImageUpdate system?
We need a Kitchen that's properly configured to allow us to create versioning info, proper package names, and insert this along with a certificate (or multiple certificates) into the .dsm's.
We also need the Kitchen to be able to modify \SYS\Metadata\DefaultCerts.dat with the certificates used, so that it passes authentication. Alternatively the authentication checking could be patched out. (this one is easily doable at build-time)
We need a program that can convert from a standard file to an MNGE format, so we can implement modules in our .cab.pkg's. (done it seems, thanks ervius!)
We (optionally) need a properly configured web server that supports HTTP/HTTPS, can communicate the proper xml configuration data, and can be updated with new packages by Chefs. (this one's a ways off)
We (optionally) need a program to convert from MNGE format to a standard file to facilitate extracting modules from .cab.pkg's. (working hard on that)
I've attached a .cab.pkg for NetCF2. Open up mscoree.dll in a hex editor, and check out the MNGE header. This file becomes a module once processed by the ImageUpdate system. Note that all the executables (.exe/.dll/.mui) that become modules contain this MNGE header. All executables that are inserted into ROM as files keep their normal MZ file header. The first major step here will be in being able to convert between MZ<-->MNGE freely NetCF2 is a well known package that can be found in any stock ROM, so with this we have a good baseline to work with.
http://rapidshare.com/files/238295848/netcf.cab.pkg
--Reserved--
More Technical Specifications
The basic ImageUpdate Layout consists of:
[IPL] -- [MBR] -- [ULDR] -- [NK] -- [IMGFS] -- [TFAT]
[IPL] is the "Initial Program Loader" that handles basic init functions and determines if control should be handed over to ULDR, or NK through a flag set by UpdateBin.exe - the IPL is not contained within a partition. The IPL is copied entirely to RAM and executed from there. IPL loads NK into RAM, and also handles any decompression of NK if it's required - some SmartPhone's ive seen use SRPX compression for the NK partition. Once NK is copied to RAM it is then executed. The IPL is handled seperately from the other parts of the operating system, and is not flashed during a normal update.
[MBR] is the "Master Boot Record" and contains partition tables for the below components - it points to NK so when IPL loads the MBR, control is handed over to NK. The MBR contains information on where each partition is located on the flash (memory address), the size of the partition(s), and the type of each partition. The MBR is referenced from many components on the device such as IPL and ULDR in order to facilitate handoff of control between ULDR and NK. The MBR also serves as a boundry between the IPL which is not part of the regular partition structure, and the rest of the flash, which is part of the partitioning structure.
[ULDR] is the "Update Loader" and provides a basic WinMo system so that file operations can be done on the IMGFS partition while it's unmounted. The Update Loader is even able to update itself - during operation it is loaded entirely to RAM. On development workstations the ULDR supports a KITL connection, that can be used to load updates directly from the "Release" folder. It seems it may be possible through this method to flash a new image to the device, possibly opening up the ability to flash to devices that have not yet been flashed with "HardSPL"
[NK] is the "Kernel Partition" - or what we know as xip.bin - This component is updatable by ImageUpdate, and has a pre-defined "free space buffer" with room to grow, which defaults to 512KB. This partition holds only the kernel and drivers necessary to bring up the rest of the filesystem, from which the rest of WinMo is loaded. The Kernel Partition uses the same "Package" format as the IMGFS and is updatable in the same manner.
[IMGFS] is the "System Partition" - running the Image Update filesystem. This component is updatable by ImageUpdate, and has a pre-defined "free space buffer" with room to grow, which defaults to 9.5MB. The IMGFS uses the "Package" format to further split its components.
[TFAT] is the "Transaction Safe FAT File System" which is where all user-writable data goes.
In most Device Designs, there's a single NOR or NAND chip used for flash. This is important as due to the typical layout above, both NK and IMGFS must have a pre-defined amount of free space - because TFAT is the last partition on the drive, and cannot be shifted once flashed to the device. It's possible for the partition layout to be setup differently (Partitions in different order) to help alleviate that problem. The ImageUpdate system would really shine on a device with 2 flash chips, a NOR chip dedicated to the ImageUpdate partition and a NAND chip dedicated to the TFAT, but no OEM has created such a design yet.
Packages
Package Types
There are 3 different types of packages, Canonical, Update, and Super.
Canonical contains the entire contents of the package. It is used for a first-time package install, and if there are any major updates to be issued that would require the complete package. The file extension is .cab.pkg
Update contains a binary delta between a package already on the device, and the updated version of that package. In this manner the limited space is conserved (i.e. if a package change was a simple registry entry - no need to replace the 5mb of .dll and .exe in that package, just alter the .rgu with the new data. These packages are also referred to as "Delta" packages. The concept is similar to the unix implementation of Diff/Patch. The file extension is .cab.pku
Super contains a collection of update and/or canonical packages. This is very useful when you are attempting to bring in a new package that has dependencies on other packages - rather than reboot into ULDR for each individual package in the proper dependency order, they can all be introduced at once. Every package contained inside a super package is validated, and if one fails, the remaining valid updates may still be applied, as dependencies allow. A super package is simply an un-compressed .cab containing other packages, renamed to .cab.pks
The package layout itself is quite basic, it consists of a .dsm which contains all versioning info, association info, and dependency info. It also contains a list of all modules and files inside the package, and a certificate store of all approved certificates that will be allowed to update that package. Alongside the .dsm is an optional .rgu, which defines the registry settings associated with that package. Also optional is a .provxml file, which can be: mxip_[packagename]_[version].provxml, mxipcold_[packagename]_[version].provxml, or mxipupdate_[packagename]_[version].provxml. mxip and mxipcold are effectively treated the same, executed only on a cold boot. mxipupdate_ provxml's will be executed any time that package is updated, in addition to a cold boot - so if you are adding new .cab.pkgs and wish the .provxml to be executed immediately, it would need to be mxipupdate. This may not be desirable in some cases, such as when the provxml might override a user preference - in that case you would only want it to run on a cold boot, in order to avoid "strange" behavior on the user's side of things.
There is a "shadow order" defined in the .dsm as well - this controls what "priority" .rgu's are compiled together into the device registry hive - a package that shadows another package will override any .rgu entries that shadowed package may contain. This is important to consider when utilizing .cab.pkgs in order to obtain your desired end registry. This shadow order also applies to provxmls inside the package - a package that shadows another package will override its provxml settings as well.
The user registry hive is always top-most in the shadow order (except in the case of an mxipupdate_ provxml) - so any changes to .rgu registry settings will not override a user-changed registry setting. (example: You had foobar set to 5 in your initial deployment. At some point after flashing to his/her device, the user modified the registry, changing the value of foobar to 6. Your new .cab.pkg contains an .rgu changing foobar to 7 - on device, foobar will remain set to 6, as the user registry is higher in the shadow order than the .rgu) - in the case of an mxipupdate_ provxml these will override user settings.
So theoretically if we get this working we can apply updates to ANY portion of a rom via the .cab.pkg system. To XIP,SYS,or OEM without flashing a new rom. Essentially with this system working we would never need to flash again unless a major corruption occured?
Ive always been confused as to why autoupdate was included in roms still. I guess this sheds some light on it. I know that several individuals have toyed with OTA updates in the past. This could make that and a whole lot more a reality.
It seems to me silly that we aren't exploiting the MS autoupdate feature already...
I have no idea how to get it to work, but I'd love to have it working!
Yes, the .cab.pkg is the key to this whole thing, I already know how to redirect the Windows Mobile Auto Update client to look at another server, and i've studied the connection, it's a simple HTTPS connection, WinMo sends the server a manifest of all the .dsm's contained within your ROM, with version info, then the server checks against it's internal list of packages, if it finds an update, it pushes a URL to the device, which then triggers a download (it requests you to plug in the activesync cable if you've not checked the box to 'use my data connection for updates') - once the .cab.pkg is downloaded, it's checked against the signatures on the system, once verified the system reboots into the ULDR, and the update is applied.
I've attached a NetCF2 package to my first post, I can't get it to deploy on my ROM (fails during validation step) but it contains the modules in MNGE format, if we can decipher that format there's a whole bunch of goodies that will become available...
Also these packages can even be used to update the radio rom, it seems. So essentially everything but the Bootloader/ULDR can be updated with .cab.pkgs. It even looks like we can resize existing packages (i.e. remove files or modules from the ROM entirely) - this is something we can't do at all right now without a flash!
Da_G said:
Yes, the .cab.pkg is the key to this whole thing, I already know how to redirect the Windows Mobile Auto Update client to look at another server, and i've studied the connection, it's a simple HTTPS connection, WinMo sends the server a manifest of all the .dsm's contained within your ROM, with version info, then the server checks against it's internal list of packages, if it finds an update, it pushes a URL to the device, which then triggers a download (it requests you to plug in the activesync cable if you've not checked the box to 'use my data connection for updates') - once the .cab.pkg is downloaded, it's checked against the signatures on the system, once verified the system reboots into the ULDR, and the update is applied.
I've attached a NetCF2 package to my first post, I can't get it to deploy on my ROM (fails during validation step) but it contains the modules in MNGE format, if we can decipher that format there's a whole bunch of goodies that will become available...
Click to expand...
Click to collapse
So in theory, there could be a central place for SYS/XIP packages, where as and when new XIP/SYS updates come out, they can be uploaded and pushed to every device?
Have you worked out how to create the cab.pkg files, or is the one you've attached one taken from platform builder?
Just a thought:
Could the MNGE headered files not be replaced by files from a converted module, thus getting around the problem of what the hell the MNGE format does? Sure, we lose the ability to have modules instead of files, but it does bring more immediate benefits to your findings...
EDIT:
The MNGE headered files are smaller than the MZ equivalents... Are they simply a compressed version?
Yep, not pushed though as that needs to be triggered via an OMA-DM SMS message, and it's not practical for someone to maintain a database of all our numbers for such a purpose.. but easily though settings - autoupdate
I am able to extract files from .cab.pkg with winrar and 7zip, not able to create them just yet.. working on that. This one came from a blue birdy.
The MNGE headered files could indeed be replaced by a converted module, but in this case, there's a different reason for needing to convert from MNGE -> MZ,
It appears to me as though the file size difference had to do with the PE executable headers that are missing..
Da_G said:
Yep, not pushed though as that needs to be triggered via an OMA-DM SMS message, and it's not practical for someone to maintain a database of all our numbers for such a purpose.. but easily though settings - autoupdate
I am able to extract files from .cab.pkg with winrar and 7zip, not able to create them just yet.. working on that. This one came from a blue birdy.
The MNGE headered files could indeed be replaced by a converted module, but in this case, there's a different reason for needing to convert from MNGE -> MZ,
It appears to me as though the file size difference had to do with the PE executable headers that are missing..
Click to expand...
Click to collapse
Oh right. It's not hard to just check for updates every so often.
I just ran Cab2OEM on the cab.pkg files, and it extracts fine. So cab.pkg files are just cab files in terms of compression.
Is that because there are more up to date MNGE file versions than the MZ equivalents?
Is it just a case of replacing the file headers? *opens up hex edit*
Yep. the compression is your typical cab compression. That's why winrar and 7zip can open 'em and extract, but they don't support adding (i imagine cabarc would...
Yes, there are more up to date MNGE file versions than the MZ equivalents.
Unfortunately it doesn't look quite as simple as a simple hex copypasta, not terribly much more difficult though.
Da_G said:
Yep. the compression is your typical cab compression. That's why winrar and 7zip can open 'em and extract, but they don't support adding (i imagine cabarc would...
Yes, there are more up to date MNGE file versions than the MZ equivalents.
Unfortunately it doesn't look quite as simple as a simple hex copypasta, not terribly much more difficult though.
Click to expand...
Click to collapse
Where are you getting your MNGE files from? Or does your blue birdy wish to remain anonymous?
EDIT:
Looking at the hex, apart from the file header, the main difference seems to be that the whitespace has been removed in the MNGE version...
l3v5y said:
Where are you getting your MNGE files from? Or does your blue birdy wish to remain anonymous?
Click to expand...
Click to collapse
Do you know what a "hint" is ? I'd say quit asking... If he wanted to say who the birdy was, he would. Thank you!
Da_G said:
Yep. the compression is your typical cab compression. That's why winrar and 7zip can open 'em and extract, but they don't support adding (i imagine cabarc would...
Yes, there are more up to date MNGE file versions than the MZ equivalents.
Unfortunately it doesn't look quite as simple as a simple hex copypasta, not terribly much more difficult though.
Click to expand...
Click to collapse
put cabarc.exe intoa folder, then create a new subfolder called "package", put inside all files you need for package (dsm and rgu also!)
open in cabarc.exe root folder a dos prompt and write:
cabarc.exe N new_pack.cab.
pkg package\*.*
some seconds and you'll have the .pkg file ready, but nothing I know on how to install by the rom!
Thanks for the input ervius!
Installing into the ROM is simple, .cab.pkg is treated similar to a .cab by Windows Mobile, simply copying to device and clicking on it in file explorer allows you to install - device will authenticate signature, then do some further checking (i think checking on current packages in device by .dsm) - then once validated reboot into ULDR to apply update.
ervius said:
put cabarc.exe intoa folder, then create a new subfolder called "package", put inside all files you need for package (dsm and rgu also!)
open in cabarc.exe root folder a dos prompt and write:
cabarc.exe N new_pack.cab.
pkg package\*.*
some seconds and you'll have the .pkg file ready, but nothing I know on how to install by the rom!
Click to expand...
Click to collapse
for posted netcf example, the optimum is:
cabarc.exe - 20 N new_pack.cab.
pkg package\*.*
so, header (-s 20 reserve space for sign!), is same size, but how and with , sign it, I don't know!
Da_G said:
Thanks for the input ervius!
Installing into the ROM is simple, .cab.pkg is treated similar to a .cab by Windows Mobile, simply copying to device and clicking on it in file explorer allows you to install - device will authenticate signature, then do some further checking (i think checking on current packages in device by .dsm) - then once validated reboot into ULDR to apply update.
Click to expand...
Click to collapse
shure, but now maybe we have to fight against right sign code!?!?
bye!
Yes, I think the ROM will need be cooked with additional certs, in \SYS\Metadata\DefaultCerts.dat - these appear to be the certs that are being checked against. So we can replace with SDKCerts, sign .cab.pkgs with that, should be good!
Da_G said:
Yes, I think the ROM will need be cooked with additional certs, in \SYS\Metadata\DefaultCerts.dat - these appear to be the certs that are being checked against. So we can replace with SDKCerts, sign .cab.pkgs with that, should be good!
Click to expand...
Click to collapse
ok, go to work then, I ', yet thiniing about oldstyle buildos with this all new features of visualkitchen without platformrebuilder if someone wants use oldstyle (maybe I'm at my goal!)
ervius said:
ok, go to work then, I ', yet thiniing about oldstyle buildos with this all new features of visualkitchen without platformrebuilder if someone wants use oldstyle (maybe I'm at my goal!)
Click to expand...
Click to collapse
Can we not look at removing the signing check the same way cmonex did for the kernel? Or is that the same signing check?
Just so I am getting this right? I could cook a ROM with a custom DaveShaw https update server IP and then provide automatic updates to my ROM, bug fixes, new build release, normal CABs, etc. all using Windows Update from my website??
That would be damn useful, no more re-flashes
Dave
probably to create MNGE from module folder we just need
copy /b imageinfo.bin + S000 + S001 + ... module.dll
and add MNGE header to the beginning of the file.
but maybe i am wrong and this will not work in all cases.
at least when i converted in this way dll module from 21725 to MNGE and compared it to the same file which was originally in MNGE format, there were 0 differences.
I have written a .Net app for backing up windows phone 7 via the Zune updater tool. This backup can be used by Zune to restore the device when you use the "Update" option under settings.
This is a COMPLETE backup and COMPLETE restore IF USING ZUNE 4.7AND/OR the V1.9 Tool. Your phone will be EXACTLY the same after a restore as it was when you did the backup. Any updates, file changes, registry entries, or texts will not persist that were not on the phone at the time of the backup. Sorry for the bold but I have answered this question about a dozen times in PM's or on here.
Use this at YOUR discretion. There are scenarios in which you can't use the backup you made to restore. For instance on my Samsung Focus I had the stock ROM on it and couldn’t' restore my 7720 Mango backup. I had to upgrade the phone to at least 7712 Mango BEFORE the backup would restore. But I could go from 7720 to stock. When it failed I was getting a "Version Mismatch" error. Make sure you can at least get back to the REV level you backed up from before expecting this to work or you may be sorry. Finally, NEVER trust a backup that does not say it completed properly INCLUDING a SUCCESS message!!. I also HIGHLY recommend having a stock ROM on hand to flash back to the device if necessary.
HD2 owners: See Post 2 in this thread
**New features:
Manage backups/archives. Set Paths to zune and updatewp as well as the PKS file.
Archive capability of the older backups AND restore of active backup or archives.
Will Install Support Tools and PKS file if needed.
Version 1.8 will seem quite different if you are on Vista/7 with UAC and not running as a full admin. The reason is that you can't change registry entries in HKLM or move files in program files without those rights. If you werent running as a full admin before you may have trouble if you start now. Just answer the UAC prompts when a backup starts and ends to change the files/reg entries to 4.7 and back to 4.8 values/files. I tried to consider lots of conditions like what if it fails during the backup or crashes so if you launch the app after a crash it will detect that that the changed reg entries are in place and undo them to get you back to where you were prior to the last run. The UAC prompts are there to protect you so don't get mad at me when you see 2 each time you use this to backup. If you need ZuneWMDU.DLL from 4.7 check these posts attachments:
Click here for x86 (32 BIT) os's
or Click here for x64 (64 bit) os's
You can put it with the back tool or anywhere and the program will ask you where it is and you can tell it. You can even rename it to something else. For instance I have it in my Zune folder named Zunewmdu.dll.47. Just don't replace the original 4.8 Zunewmdu.dll file.
Firstly I have to credit this to reading and putting together pieces from several threads on XDA. I read so many to be honest I am no longer sure who all to credit. There was no specific single source I just saw several things and through trial and error put together the pieces that made this possible.
This APP is a wrapper around a tool microsoft produced to perform updates to your phone via command line. Specifically the executeable "updatewp.exe" that comes from the Windows Phone Support Tools. The missing piece that eluded me for a bit was the update package itself which I found here on XDA and will link to later.
Prerequisites that need to be Installed/downloaded:
Looks like at least Phone OS version 7008 is required for the backup to work.
Zune Software Installed (I'm sure most of us have this): http://www.zune.net/en-us/products/software/download/default.htm
Windows Phone Support Tools Installed - MS Links are dead ATM.
If you are missing these prerequisites the app will tell you and even open a web page on request to the DL links.
If an error occurs you should find the text in your clipboard for easy pasting here on the forums.
To explain the process:
updatewp.exe is meant to update your phone with PKS files theoretically obtained from the device manufacturer. It will also do other things including a command line restore of a backup.
This program launches updatewp.exe with two command line arguments. One is the PKS file name and path and the second is the enablebackup switch.
What happens is the phone performs the backup first, once it completes the process the code terminates updatewp.exe before it goes further. In theory if you are using an update not compatible for your phone it would actually just say that and quit. However terminating the updater keeps it from ever getting that far.
I have used this to make a complete backup AND restore it via the ZUNE Update options under settings for my phone so I know it works.
How to use the app:
Attached to this post is a zip file with two folders. x86 and x64. Please launch the appropriate EXE for your platform.
If you do not have zune or windows phone support tools it will tell you immediately and offer to open the download URL on your computer.
If you pass those tests you will need to input a path to the PKS file in the long textbox. There is a button just above it that will open a URL to the download for the one I used here on XDA. There is also a Browse button below the textbox for you to use to browse to and set the file path via GUI.
Once the path is set click on backup and watch it go. If you already have a backup made previously this will overwrite it or offer to archive it (v1.2 & up).
Good luck and post feedback, thoughts or issues please.
Changelog:
v1.9 - I pulled 1.8 and have added 1.9. This version corrects some more bugs in 1.8, one of which doesnt show the completed success message when performing a backup. The first time you launch it you will see a prompt stating this is the first time you have launched this version and you need to choose if you want to use the 4.7WMDU file switching method or just have the program try to use what you have installed. If you choose not to use the file switching method it will still check to make sure the zune and updatewp versions match but will only warn you they don't match, you can still try to proceed with the backup/restore. I have tested this in both modes doing backups and restores (this is why it took so long to get out).
v1.8 - I changed the way the program does things so that it will use the ZuneWMDU.DLL file from Zune 4.7 to perform FULL backups. You CAN'T use the tool without that file and I am not going to include it because I am not going to redistribute Microsofts property. If you are using Vista/7 with UAC you will be seeing some extra prompts because elevation is required to change reg entries and move files around to allow you to use this with the newest Zune 4.8 and still get a complete backup. To get the older ZuneWMDU.DLL file just get it from the install path of zune and then uprade to 4.8. The program will ask you for the path to the old DLL for future use/reference. Don't get pissed at me with all the UAC prompts either, they are required if you arent a full admin on the machine. I re-released 1.8 on 9/16 to fix a few minor bugs that kept it from working correctly under certain cirumstances.
v1.7 -PULLED because the backups Zune 4.8 Makes are utterly USELESS. 1.8 is in the works that will make use of the old updatewp and some old zune 4.7 files to perform COMPLETE backup and restores as it originally did.
v1.6 - Added the ability to set all of the paths (requested by folks using languages other than english). Added some management capabilities for the backups. To archive the active one immediately or move an archived backup to the active folder.
v1.5 - This only adds proper path support for windows XP. If you are using the 1.4 version and don't have XP then there is no need to upgrade.
v1.4 - Works with Mango Beta if you have updated Zune assuming you have also updated the 4.8 support tools. It will check the versions and inform you of any issues found. Also corrected the blank error message issue some users were seeing. 4.8 support tools, check the second D/L (non) link: http://forum.xda-developers.com/showthread.php?t=1148123
v1.3 - Changed the path used for backup location to the LOCALAPPDATA environment variable rather than USERPROFILE to be more compatible with XP. If you don't have the windows phone backup tools installed the software will offer to DL and install them silently for you. The PKS file is now packed in with the software. If you don't have a PKS file set it will offer to unpack it and use it by default. I didnt add ZUNE install to this because well, if you don't have that your not really using your phone are you?
v1.2 - Added archive capabilities. If you choose to backup your device and a backup is in place you are asked if you want to archive it. If you choose to keep it then a folder in your documents called "Windows Phone 7 Zune Backup Archive" is where it goes. Each backup will go in to a folder labeled by the date/time it was created. The format will be Month-Day-Year Hour-Minute-Second so you know exactly from WHEN the backup was from.
Added a Restore Button that will use the latest restore if that is all you have, or ask if you want to browse and choose from the archived backups to restore. Whichever you choose will become the "Active" backup to zune and then the restore will take place afterwards. The former active backup is automatically placed in the archive. When the restore is completed the SAME backup you chose is still the active one so using ZUNE to do the restore will yield the same result.
***IF you have multiple devices the archive portion will work fine, however I have yet to find a way to identify which ID is which device so when you choose to restore from an archive YOU will have to pick the correct one or it won't work.
v1.1 - Updated where the code looks for the windows phone tools to accomidate installs of zune to alternate locations.
In Development:
Determine the device ID of the connected phone so I can keep multi device backup archives straight when presenting which backups from an archive to restore. I don't have two devices so this will be a feature in beta until it is proven by your feedback.
Error Code Troubleshooting:
Firstly, if you want help in this thread PLEASE tell us what your Computer OS is including if its 32/64 bit. What OS revision your phone is at and What kind of phone along with details of the problem! Thanks!
I found this link to MS for different error codes and a solution grid of sorts that relates to ZUNE etc..:
http://support.microsoft.com/kb/2484484#80072EE7_801812DD_801811C5
This is a COMPLETE backup and COMPLETE restore IF USING ZUNE 4.7!!. Your phone will be EXACTLY the same after a restore as it was when you did the backup. Any updates, file changes, registry entries, or texts will not persist that were not on the phone at the time of the backup. Sorry for the bold but I have answered this question about a dozen times in PM's or on here.
ZUNE 4.8 seems to only backup whatever Zune does not synch and things like game states! I HIGHLY recommend reverting to 4.7 zune and phone tools if you want a COMPLETE backup. Zune 4.7 cant talk to Mango but it doesnt need to for a backup. A Complete backup made by 4.7 tools WILL restore with 4.8 tools.
Known Issues:
HD2 owners. There seems to be a problem using this method to backup the phone. The current theory is that the HD2 does not use the same boot loader as other WP7 devices and is not recognized correctly in that mode so it doesnt work. I would be interested in knowing how your updates are applied as the log I got from one user indicates the phone talked to the update program once it rebooted?!
Additional tips and observances:
*You CAN'T change the memory size and perform a restore, I already know this doesnt work so forget about adding memory and just restoring
*To my knowledge you can't backup from one device and restore to another as the backup files are signed/ID'd to the device that made the backup.
How to restore a backup via ZUNE if you don't want to use the restore feature:
Make sure your phone is hooked up to the computer first then from within the ZUNE software you should see a menu near the top right-hand side labeled "Settings". Click on that. On the settings screen look near the top left and you should see "Software" "Device" and "Account". Instead of device it may say "Phone".
Click on Device or Phone, whichever you see. The left edge has several options. Near the middle you should see "Update". Click that. You should see a progress bar for a few seconds and then most likely it will tell you that the phone is up to date. At the BOTTOM of all the text it spits out should be a button labeled "Restore" with the date of the backup.
BACKUP CREATION LOCATION:
Copy & paste the following in to the run dialog box:
Vista/Win7: %LOCALAPPDATA%\Microsoft\Windows Phone Update
Win XP: %USERPROFILE%\Local Settings\Application Data\Microsoft\Windows Phone Update
If you are running the backups with elevated privileges then you need to open a command prompt with those same privileges and paste in the above paths to find them as they may likely be in a different user account.
You will have to manuall drill down from their because the sub folder structure is named from the Phones ID.
Manual Command Line Method to Perform Backup:
All the same prerequisites apply. Zune and the windows phone support tools need to be installed.
It is easiest to have unzipped the PKS file in to folder the support tools are in. You can do this by opening the run dialog and typing: %PROGRAMFILES%\zune and hit enter or click ok. This will open explorer to that folder and you can move/copy the UNZIPPED PKS file there.
Open a command window with admin privileges. To do this in windows Vista/Win 7 with UAC enabled click on the "Start" Windows logo usually found in the bottom left corner.
In the search programs and files dialog type CMD and wait for the search to produce CMD.EXE at or near the top of the list. RIGHT click on cmd.exe and choose "Run as administrator". (hopefully you don't have to input admin credentials to do this)
At the command prompt type: cd %PROGRAMFILES%\zune (and hit enter). Your prompt should change to include the program files path and ZUNE for example "c:\progam files\zune"
Now assuming the support tools are installed correctly you can test by typing: updatewp (and hit enter) this should spam the screen with the command line options for updatewp and lets us know the rest will work.
The command to type is: updatewp.exe /iu A0CE706D-12B7-45AC-A5FC-AD04DFCA6E86.100.pks /enablebackup (and hit enter) You should be able to copy the command line as it is and right click on the DOS window at this point and choose "Paste" to save the trouble of typing that awefull string.
This is all the program I wrote does to start a backup other than kill the update process at the end since it can't happen.
I hope this works for you if the code does not!
Great!! thanks , will try .
The system cannot find the file specified
What precedes this section of the file path? and is it the same path on Windows 7?
/Library/Application Support/Windows Phone 7 Connector/Cache/Device Update/
Looks like your trying it on a Mac? Not gonna work
You can do it manually. Double check the updatewp.exe command line for a mac and if its the same as a PC then run it updatewp.exe PKSFILEPATH /enablebackup
hx4700 Killer said:
Looks like your trying it on a Mac? Not gonna work
Click to expand...
Click to collapse
I'm not. i'm on PC.
Where do i place the file from this page?
http://forum.xda-developers.com/showpost.php?p=11542700&postcount=6
I put it in the Zune folder and then my command line was:
updatewp.exe /iu "C:\Program Files\Zune\A0CE706D-12B7-45AC-A5FC-AD04DFCA6E86.100.pks" /enablebackup
open cmd.exe to the dos prompt and change to the ZUNE folder and then type or copy & paste in the above.
Perhaps I didnt specify this but you will need to unzip that file from the other post.
hx4700 Killer said:
I put it in the Zune folder and then my command line was:
updatewp.exe "C:\Program Files\Zune\A0CE706D-12B7-45AC-A5FC-AD04DFCA6E86.100.pks" /enablebackup
open cmd.exe to the dos prompt and change to the ZUNE folder and then type or copy & paste in the above.
Perhaps I didnt specify this but you will need to unzip that file from the other post.
Click to expand...
Click to collapse
Sorry, but I'm not quite sure what you mean :-/
I unzipped the "A0CE706D-12B7-45AC-A5FC-AD04DFCA6E86.100.pks" file
Then, I placed it in the zune folder: C:\Program Files\Zune\
Now I have cmd open, but I don't know what you mean by "change to the ZUNE folder and then type or copy & paste in the above."
What do I change about the Zune folder? and what am I typing into the cmd promt?
when I say change to the zune folder I mean change the current folder the command prompt is at by typing this:
cd c:\program files\zune and press enter
copy the following text in to the clipboard:
updatewp.exe /iu "C:\Program Files\Zune\A0CE706D-12B7-45AC-A5FC-AD04DFCA6E86.100.pks" /enablebackup
Then right click on the command box and choose paste and hit enter.
OR just type the above text in to the command box and hit enter.
Well, I got a little further, but I get this message in the cmd:
c:\Program Files\Zune>updatewp.exe "C:\Program Files\Zune\A0CE706D-12B7-45AC-A5FC-AD04DFCA6E86.100.pks" /enablebackup
'updatewp.exe' is not recognized as an internal or external command, operable program or batch file.
There was a prerequisite you needed that I listed. It is the windows phone support tools:
Windows Phone Support Tools:
x64 Windows: http://download.microsoft.com/downlo...Tool-amd64.msi
x86 Windows: http://download.microsoft.com/downlo...rtTool-x86.msi
updatewp.exe comes from that and is installed in to the zune folder when you install those tools.
Nice. Got the backup to work! Thanks for all the help. I'm going to hard reset and see if the backup works
quick question: does the backup process backup everything, including word documents?
The backup seems to backup anything on the phone.
For instance I used the reg hacks so I could see the phone in explorer. I put a couple of files in the video folder directory as a test and the phone could play them.
Further Zune ignored them and did not consider them as part of the sync process.
When I performed by backup and restore even those files were restored.
I can not speak to folders created that are not part of the normal hierarchy but I suspect that anything on the phone is backed up.
Adding:
I should stress again that this is the same backup that zune performs when you update your device with the update tool. This is just using one of the support tools that offers command line to trigger the backup when you have a legitimate update file. In this case however the program I wrote is terminating the update before it can begin once the backup is performed. So in other words I am just "tricking" the update program in to running and performig the backup.
Mallux,
I just figured out why you were getting that error.
The code checks for the existance of zune and then the support tools specifically by checking for the existance of the files.
The checks do the same thing so I cut & paste the zune check code in for the support tools and didnt change the path to check for updatewp.exe. So basically the code checked for zune twice and then went on.
I fixed the code and updated the DL link in the first post.
Im sure now that you have the support tools installed the code would work as written, or with the new DL link.
Hi and congrats for your work (if it works ? hehe, just kidding).
Maybe you would have better feedback in posting this to the dev and hacking section or the software one ?
Just a thought, since here are mostly apps for the phone itself.
Best regards
Andy
[APP] Working App to Backup Windows Phone 7 via ZUNE ANY TIME
I posted this in windows phone 7 apps and it was suggested that I post it here so don't hammer me for cross posting please.
I have written a .Net app for backing up windows phone 7 via the Zune updater tool. This backup can be used by Zune to restore the device when you use the "Update" option under settings.
Firstly I have to credit this to reading and putting together pieces from several threads on XDA. I read so many to be honest I am no longer sure who all to credit. There was no specific single source I just saw several things and through trial and error put together the pieces that made this possible.
This APP is a wrapper around a tool microsoft produced to perform updates to your phone via command line. Specifically the executeable "updatewp.exe" that comes from the Windows Phone Support Tools. The missing piece that eluded me for a bit was the update package itself which I found here on XDA and will link to later.
Prerequisites that need to installed/downloaded:
Zune Software Installed: http://www.zune.net/en-us/products/software/download/default.htm
Windows Phone Support Tools Installed:
x64 Windows: http://download.microsoft.com/downl...E4A-8179-9A3C5483E366/WPSupportTool-amd64.msi
x86: http://download.microsoft.com/downl...-4E4A-8179-9A3C5483E366/WPSupportTool-x86.msi
An update package from ANY phone, this one is for an HD2 that I used while working on a samsung focus. Download and Unzip:
http://forum.xda-developers.com/showpost.php?p=11542700&postcount=6
If you are missing these prerequisites the app will tell you and even open a web page on request to the DL links.
Please understand this is release 1.0 and as such may have issues depending on your platform and your computer etc.... I coded it for x86 and x64 Windows with the Microsoft .net Framework 2.0 minimum. I tried to consider several error scenarios but one never knows how an end user might use your program that wasnt anticipated and coded for.
If an error occurs you should find the text in your clipboard for easy pasting here on the forums.
To explain the process:
updatewp.exe is meant to update your phone with PKS files theoretically obtained from the device manufacturer. It will also do other things including a command line restore of a backup.
This program launches updatewp.exe with two command line arguments. One is the PKS file name and path and the second is the enablebackup switch.
What happens is the phone performs the backup first, once it completes the process the code terminates updatewp.exe before it goes further. In theory if you are using an update not compatible for your phone it would actually just say that and quit. However terminating the updater keeps it from ever getting that far.
I have used this to make a complete backup AND restore it via the ZUNE Update options under settings for my phone so I know it works.
One could most likely also archive backups by copying/moving from their storage point before creating a new one so as to have a backup that could be reverted to from a point in time further than the last one on record. If there is enough interest in such a feature and incentive I would consider adding it here.
Attached to this post is a zip file with two folders. x86 and x64. Please launch the appropriate EXE for your platform.
If you do not have zune or windows phone support tools it will tell you immediately and offer to open the download URL on your computer.
If you pass those tests you will need to input a path to the PKS file in the long textbox. There is a button just above it that will open a URL to the download for the one I used here on XDA. There is also a Browse button below the textbox for you to use to browse to and set the file path via GUI.
Once the path is set click on backup and watch it go. If you already have a backup made previously this will overwrite it.
I can not say if this will work with a debranded phone but I don't see why not. My focus is an out of the box stock AT&T phone with chevron unlock on it (which you shouldnt need) and a couple of non-marketplace apps.
Good luck and post feedback, thoughts or issues please.
***Adding Instructions on how to restore as its come up a few times:
Make sure your phone is hooked up to the computer first then from within the ZUNE software you should see a menu near the top right-hand side labeled "Settings". Click on that. On the settings screen look near the top left and you should see "Software" "Device" and "Account". Instead of device it may say "Phone".
Click on Device or Phone, whichever you see. The left edge has several options. Near the middle you should see "Update". Click that. You should see a progress bar for a few seconds and then most likely it will tell you that the phone is up to date. At the BOTTOM of all the text it spits out should be a button labeled "Restore" with the date of the backup.
You CAN'T change the memory size and perform a restore, I already know this doesnt work.
Ok first off all, I have to thanks for you for your hard work! The tool just worked like a charm. I just used the back-up tool and it succeeded made a backup of my Omnia 7. I'm just wondering a few things:
Is my phone identical the same if I use the backup tool? That means the register changes and installed apps??
I have used the zune update - Restore function and everything was the same. I have several xbox live games and after the restore I was still at the same place in my games. Further my phone is chevron unlocked and remained so after the restore.
Further, I did the reg hacks to see the phone in explorer when zune is closed and put a couple of small vid files in the video folder. Those files did not show up in Zune on my PC or in my collections but the phone could play them just fine. After the restore they were still there too. So from what I can tell the une backup tool backs up the phones memory as it is no matter what is there. I have not tested non-standard folders that are user created though but would assume they would work all the same.
Further a couple of observations:
During development I found I could unplug the phone at any time during the backup process and it would be just fine. No harm.
In Zune when the phone is hooked up I could see the "memory graph" and it had slices in it and hovering over them with the mouse would yield what each slice was... e.g. Videos, Music, pictures etc... I had a large area that said it was reserved for data "from another computer" or some such verbiage. After the restore that was gone and I had a little more memory back for my own use. The slices seemed to be gone too but had no effect on what zune synched etc... Perhaps a full resynch might change it but I havent done that.
**Adding:
Having re-read your post I am now wondering if you are asking if your phone is the same as after the backup as it was prior to the backup? It should be unchanged. The backup process is the same that would occur if you were performing a legitimate carrier update. The process says it transfers the update to the phone but does not execute it until after the backup. My code terminates the updatewp.exe program before that happens so ultimately you might have the 310k file still on your phone in some "updates" folder somewhere.
Setting up a development environment is really not that hard. I am using Windows 7 with a 64-bit processor, although the procedure is not terribly different across sytems, just make sure you choose the right download for your architecture.
The entire process can be broken down into four major steps. Let's get started.
1) Get Java
You can get the Java Standard Edition Software Development Kit through this link: http://www.oracle.com/technetwork/java/javase/downloads/
At the time of writing this post, the latest version available is 7u3. Click the download button under where it says 'JDK' and you will be taken to a list of installers. Make sure you get an installer from the group who's header is "Java SE Development Kit 7u3"; the other one is just sample code.
Make doubly sure that you choose the right architecture (x86 vs x64) as the wrong one will give you an error message and you will have to go uninstall everything and start over.
After the download has finished, run the installer.
Note: It may give the option to install JavaFX and the Ask Toolbar. While they won't hinder your development in any way, there won't be any need for them within the scope of this guide so you might find it worthwhile to not install them.
2) Get Eclipse
Once you've installed the Java DK, go get a copy of the Eclipse IDE here:
http://www.eclipse.org/downloads/ You can see that the IDE comes in many different flavors. Eclipse Classic will work fine.
Extract the folder and place the 'eclipse' subdirectory in a safe place. Try running eclipse by traversing this directory and running eclipse.exe. If you see the Eclipse splashscreen, everything is OK. If you see an error message then something may have gone wrong when you installed Java. If it complains about missing or corrupted DLLs, you probably have installed the wrong version of Java for your system. If it complains about not being able to find Java (for example, stuff about javaw.exe) you may need to manually add Java's location to your Path environmental variable. There is lots of documentation on how to do throughout the internet and most can probably explain it better than me. (^; Another method to fix the problem is to go find out where all the Java binaries are (Normally something like "C:\Program Files\Java\jdk~~~~~~~\bin"), copy the directory path, and add
Code:
-vm
<FOLDERPATH>\javaw.exe
to the end of the 'eclipse.ini' file that resides alongside 'eclipse.exe'
Note: You may notice that the version of Eclipse you downloaded isn't installed, but instead just runs out of a folder. You may want to consider creating a binaries folder in your home directory to keep all of software of this style in one place.
3) Get Android Plugins for Eclipse
Now that you have Eclipse up an running, you need to set it up for Android development. Start Eclipse up and click the 'Help' menu. Click 'Install New Software...'
In the window that comes up, you should see a combo box labelled 'Work with:' . Paste in:
Code:
https://dl-ssl.google.com/android/eclipse/
then hit enter.
Check 'Developer Tools' and click next. Let Eclipse do it's thing then click 'Finish'.
4) Get the API
Now that you have Eclipse's Android integration plugins, you need to grab an Android API. In Eclipse, under the 'Window' menu, click 'Android SDK Manager.'
The window that opens will automatically go to the internet and grab all the API packages available to download. The Nook Touch currently runs Android 2.1, so find that package set and check it. Click the 'Install <x> Packages' button and let it run.
You are finished! Now to create an Android program. In Eclipse's main menu, navigate File > New > Other... and select 'Android Project' from the 'Android' folder in the window. If you want to modify the source of an existing program, choose the appropriate radio button and browse to the parent directory of the 'src' folder. After you have created your project, you are going to want to make sure it has the right dependencies. On the lefthand pane ('Package Explorer') right click your project folder (The top one) and hit 'Properties.' Under the 'Android' screen, make sure 'Android 2.1' is checked and not another version. Click OK and you should be set.
To generate an APK, under 'File' click 'Export.' In 'Android' click 'Export Android Application.' Choose the right project, click next. If this is the first time you've exported an Android application, you will need to create a keystore. Select the appropriate radio button, navigate to a safe location, and give it your keystore a password. Click 'next' and add all the information you see fit. You will be able to reuse this keystore in future programs. After you've created a keystore, proceed through the export wizard, give your APK a filename, click finish and the file will be generated.
The rest is up to you. (^:
Thanks klausef!
For a non-dev (OK, I used to program short apps in BASIC on my commodore 64 when I was 8 years old), how much can I hope to achieve by setting this up? Do I need to understand a programming language? If so, which? Do you have any suggestions for a noob like me?
Haha I am no Java expert myself but I've been hacking around with the NoRefresh thing and other apps people have coded. You can do more than you think just by rummaging around online documentation.
I've edited my imageres.dll file and have it all nice nice, but when I try to paste it into system 32 (tried safe mode) It will not let me overwrite that file.
I've tried Safe mode, Taking Control, Granting full control permissions of file, system32 folder, windows folder, and C folder (both taking control, and granting full permissions to: User (me) and Administrator (also me) Yes, i'm on windows 7 64bit but there is no Win 7 Forum here, however the imageres.dll is mentioned here, and I'm assuming the file is more-or-less the same. Besides taking ownership in C for Win 8 being bad? I did this to both System32 file and Syswow64 file- its now apparent to me that both are in USE and thats why I can't overwrite/modify them =/ So how do I use my modded one? (startup sound etc.)
Following this:
Code:
How to Take Ownership in Windows 7
1. Locate the file or folder on which you want to take ownership in windows explorer
2. Right click on file or folder and select “Properties” from Context Menu
3. Click on Security tab
4. Click on “Advance”
5. Now click on Owner tab in Advance Security Settings for User windows
6. Click on Edit Button and select user from given Change Owner to list if user or group is not in given list then click on other users or groups. Enter name of user/group and click ok.
7. Now select User/group and click apply and ok. (Check “Replace owner on sub containers and objects” if you have files and folder within selected folder)
8. Click ok when Windows Security Prompt is displayed
9. Now Owner name must have changed.
10. Now click Ok to exist from Properties windows
Once you have taken the ownership of file or folder next part comes is Granting Permissions to that file/folder or object.
How to Grant Permissions in Windows 7
1. Locate the file or folder on which you want to take ownership in windows explorer
2. Right click on file or folder and select “Properties” from Context Menu
3. Click on Edit button in Properties windows Click ok to confirm UAC elevation request.
4. Select user/group from permission windows or click add to add other user or group.
5. Now under Permission section check the rights which you want to grant i.e check “Full Control” under the “Allow” column to assign full access rights control permissions to Administrators group.
6. Click Ok for changes to take effect and click ok final ok to exit from Properties window.
Now you can access files of folder in windows 7 with full permissions and take full control.
also tried cmd prompt
Code:
takeown /F "C:\Windows\System32\imageres.dll"
with Sucess message (probably the same as my right click takeown reg file context thing)
I'm the only person/login/user on my PC. Ugh this is a pain in the butt. No matter what I've googled/tried hasn't worked. I don't have a linux CD/USB boot *(dunno if I do? but don't think I do) to repair/replace file, I may have Win 7 repair on my CD, maybe not.
EDIT: replacing the startup sound in imageres.dll in System32 and SysWOW64 folders still leaves me with default windows startup sound =( Only other file was imageres.dll in winsxs folder- copied, edited the copy, deleted the original with Fileassassin (it was locked, wouldn't edit, blah blah) STILL uses old windows start up sound, WHyyyyyy? theres MUI files with info for imageres.dll but IDK what's left where this sound exists =/ or where its coming from.
there used to be this program made for replacing system files
i don't remember its name, though
http://www.askvg.com/right-click-re...utility-to-replace-system-files-in-windows-7/
No manual methods worked for me, but just came across this and it worked, WOOT!
http://winaero.com/download.php?view.10
Starting with Windows 8, the administrator is no longer the same as root. Microsoft has very, VERY severely limited the administrator's abilities with many aspects of the system. This was done in an ill-conceived notion that they could curb piracy of Windows Store apps (like there's anything worth stealing in there, including games). People have already found a way to pirate Windows Store apps, so it was all just a way to irritate admins and hobbyists in the end.
@dragon_76: Care to explain what you mean by that? For one thing, Administrator on NT has never been "the same" as root (on POSIX); there's always been the local SYSTEM SID (which does some of the things which root would handle, such as being the process that drivers and initial user-space processes run as) and while I'm not entirely sure when the TrustedInstaller SID was added (may have been there since NT3.1 for all I know), it's been a part of Windows since well before Win8. For another thing, unlike root on a POSIX system, Administrator does not (and never has) automatically have access to everything; it's a SID like any other, and ACLs can be put in place to control its access.
Now, two powers that Administrator (and members of the Administrators group) do have are as follows:
1) Take ownership of any securable object (this allows completely overwriting the ACLs).
2) Impersonate any other SID (although some, like TrustedInstaller, are possibly trickier to impersonate in Win8 than they used to be; I need to investigate that).
If what you're complaining about is the fact that \Program Files\WindowsApps\ is now owned by TrustedInstaller and harder to mess with than you'd like, um... sorry? It's not *that* hard to take ownership (or set it back) from TrustedInstaller; you can do it as Admin, in fact.
*Ahem*
Back to *actually* being on-topic, older versions of Windows* had a background service that would undo any modifications to system files by replacing them with un-tampered copies from a backup location. Starting with Vista, such a service supposedly no longer exists, but it would be easy to implement something like it using VSS. So, you should verify that the file isn't being reverted. The simplest check is the modify timestamp and (if it's different on your file than on the stock one) the size. Somewhat more advanced is to use a hash function, such as MD5 or something from the SHA family, on the on-disc file and see whether it matches the version you put there.
Beyond that, you can easily replace system files if you do it while the OS isn't booted. Linux can do it, although that has risks. Better is to use WinPE (the Pre-installation Environment that bootable Windows disks and recovery tools load) and replace it from there.
Incidentally, you can use the command line tool icacls (which may even be present in WinPE by default) to both change ownership and set permissions on files and folders.
* Pre-Vista, which was the first version to switch to using TrustedInstaller to protect system files rather than letting Admin write to them by default. That's the last major change I'm aware of in the powers of the Administrator account on Windows, incidentally...
See LG Gallery Decryptor: https://github.com/kamicater/LG-Gallery-Decryptor
Since I received the second request for help, I'm opening this thread to help if you have trouble with the LG Gallery Decryptor I published last month. Feel free to ask any basic questions about running the python script. It's very rudimentary. It doesn't even accept multiple files, so you have to invoke python once for every single file. Feel free to improve it if you think the effort is worth it.
I'm not sure if "Issues" is the right place to assist on github. But if this thread gets deleted, then I'll have to help there.
Kamicater said:
See LG Gallery Decryptor: https://github.com/kamicater/LG-Gallery-Decryptor
Since I received the second request for help, I'm opening this thread to help if you have trouble with the LG Gallery Decryptor I published last month. Feel free to ask any basic questions about running the python script. It's very rudimentary. It doesn't even accept multiple files, so you have to invoke python once for every single file. Feel free to improve it if you think the effort is worth it.
I'm not sure if "Issues" is the right place to assist on github. But if this thread gets deleted, then I'll have to help there.
Click to expand...
Click to collapse
I have a few questions too. I have limited knowledge in coding. Don't we have to create a link to the directories in the code? Also can this ne be compiled on any python platform such as android? It would help if you could clarify or even do a walk through. Thanks
I never developed something for Android. You'll have to use Android SDK and know Java, as far as I know. Just create two folders "encrypted" and "decrypted" in the same directory as you download the script. If you have trouble, please ask specific questions where you're stuck.
Kamicater said:
I never developed something for Android. You'll have to use Android SDK and know Java, as far as I know. Just create two folders "encrypted" and "decrypted" in the same directory as you download the script. If you have trouble, please ask specific questions where you're stuck.
Click to expand...
Click to collapse
Ok. Have you tested or used the code to decrypt? Which platform did you use? Did you have to replace any codes such as name of file and directory of the encrypted file? Thanks
I ran the code on Windows in Debian WSL successfully to decrypt about 200 files. You should install Python first. I'm copying the guide here for you:
How to use:
Create two folders encrypted and decrypted in the same directory.
Create a file to run the decryption with multiple files:
#!/bin/bash
python decryptlg.py encrypted/20161230_133055.jpg.dm
python decryptlg.py encrypted/20161230_134050.mp4.dm
...
Click to expand...
Click to collapse
I ask you to start using the code (first read how to install Python) and tell me where you're stuck.
Kamicater said:
I ran the code on Windows in Debian WSL successfully to decrypt about 200 files. You should install Python first. I'm copying the guide here for you:
I ask you to start using the code (first read how to install Python) and tell me where you're stuck.
Click to expand...
Click to collapse
Hi,
What do you mean by create file to run the decryption? Which file, how? Do i put the decrypted images in the decrypted folder?
Thanks!
i3arty said:
Hi,
What do you mean by create file to run the decryption? Which file, how? Do i put the decrypted images in the decrypted folder?
Thanks!
Click to expand...
Click to collapse
Apparently it worked somehow, i run the file through git bash, i run the code python decryptlg.py randomname.gif.dm but the decrypted file says it cannot be opened " it appears we do not support this file format"
"it appears we do not support this file format" is not coming from my script. Where is it from?
It shows when i try to open decrypted image as JPG without the DM
Well, it's a gif, not a jpg. Try IrfanView.
Kamicater said:
Well, it's a gif, not a jpg. Try IrfanView.
Click to expand...
Click to collapse
Same thing, it just says unknown file format, empty/damaged file or file not found!
If the decrypted image file is unreadable, the decryption didn't work. Try another gmail address. To verify if the decryption works, open the files with a text editor like notepad. Compare the header of the decrypted image file with another readable image file. A .gif should start with GIF89a. A .jpg should contain JFIF in the very beginning.
Opening jpg in notepad gives me strange text basically like this
Hœárz=Æ`2õÆ;5zÑì–)1žQ
PîÃά4Õ·I#)¾wMÁ”•<¯™Ý£’ìœú¥÷¡”FqA5é|†7µøæ‡gbq´q¥[y™Qät¾ÁC[“Ú„õ ^L3«íÐR:"MÍ?û(¯.6Ö¯4/2^åøÙºµì“ØßÇø.†q]®–íZvXûÌþtªŒ^vŒ¸ˆ¯Vpêî
˜_kÁ~ú55¡³y›HGY¾þ™Aï ëo“x7¿3—íGͤrœM…ÌO'n²qj¢EÈx4¼¼²žUW"Ïeº†
·Eœ_O¢„•í.a:±qÓ²½™‡}øËÙ\r:±Ãn*YDÐb0Rl
;LLßÁT¦•‡Rnf–=¶¸i‹Á
¤áõŠ¢
I fixed it, it was the email i tried different and it worked!
Any idea how to decrypt like 50 images at once ?
Create a .bat file and fill it with all your files like this:
Code:
python decryptlg.py encrypted/20161230_133055.jpg.dm
python decryptlg.py encrypted/20161230_133040.jpg.dm
python decryptlg.py encrypted/20161230_143010.jpg.dm
Then run the .bat file.
Is there way to somehow copy the names of files from the folder into the bat file, as in make it more automatic as copying names one by one of 350+ files will be a bit time-consuming
Code:
dir/b > filelist.txt
Kamicater said:
Code:
dir/b > filelist.txt
Click to expand...
Click to collapse
Hi, sorry im new to programming where do i paste this ?
i3arty said:
Hi, sorry im new to programming where do i paste this ?
Click to expand...
Click to collapse
Ok i did it a bit ghetto way, copies all names of files into word > replaces the unnecessary words with empty and copies all that into bat file
Kamicater said:
See LG Gallery Decryptor: https://github.com/kamicater/LG-Gallery-Decryptor
You you mentioned in the github that it's possible to recover your media even if you don't know your Gmail address. I'm curious how this is possible? I don't see it described anywhere.
Since I received the second request for help, I'm opening this thread to help if you have trouble with the LG Gallery Decryptor I published last month. Feel free to ask any basic questions about running the python script. It's very rudimentary. It doesn't even accept multiple files, so you have to invoke python once for every single file. Feel free to improve it if you think the effort is worth it.
I'm not sure if "Issues" is the right place to assist on github. But if this thread gets deleted, then I'll have to help there.
Click to expand...
Click to collapse