Related
With PSAS (only FULLversion) it is possible to "decompress" apps_compressed.bin for investigation.
It uses Algo:
TkToolVer:1.6.3
I don't know way to make own apps_compressed.bin.
As Multiloader for instance not accept decrypted apps_compressed.bin
As example some older apps_compressed.bin from S8500.
http://www.megaupload.com/?d=2JIKS8QD
Best Regards
u reache some limit bro........... cant download from RS........but good going
can u write a tutorial
so that other members too can find something
thanx!
gr8 gng mate
PSAS can only decrypt in Full Version.
Costs 30 Euro...
BUT I can upload via Request some decrypted files for study.
I'm not an Seller of PSAS nor I force you to buy PSAS.
But this is the only Tool I know, which decrypt these apps_compressed.bin and bootloader.mbn. Tested by me with:
S5250
S5330
S5750
S7230
S8500
S8530
http://forum.revskills.de/viewtopic.php?f=14&t=700
Wait few minutes. I will upload to megaupload... from S8500 as example.
Best Regards
Edit:
Download example apps_compressed.bin taken from S8500:
http://www.megaupload.com/?d=2JIKS8QD
Same as in first post.
So what did u get inside that?? What was compressed in layman terms pls.......
Expect not too much. Depend on knowledge...
Now file is "human readable"... Ready for Reverse engineering.
Minimum Requirement HEX Editor...
Then you can find Text like this:
Please receive DB2 by TkFileExplorer.exe !!primaryRecord
Click to expand...
Click to collapse
Remember where u saw TkFileExplorer.exe else...
You could search for Textstrings... like:
widget
bondi
.
.
.
So many things to explore.
Best Regards
hi guys I'm working on some bada's modding projects...
is it possible to have an example of uncompressed files?
thank you in advance
edit : I have now seen the uploaded uncompressed file...
I hoped it was more "human" readable...
http://www.megaupload.com/?d=PFWCKTGZ
This is from XXJID... bada 1.2 S8500 stuff.
Best Regards
adfree said:
But this is the only Tool I know, which decrypt these apps_compressed.bin and bootloader.mbn.
Click to expand...
Click to collapse
Hi,
could you upload the decrypted bootloader, too? Maybe someone here will find some exploitable code in that will help "jailbrake"-ing the system, or allow booting unencrypted OS (modified Bada or Android from Galaxy S for exmaple...)
TIA!
@ anghelyi
http://forum.xda-developers.com/showpost.php?p=10304951&postcount=3
Here I have attached some more things about Bootloader... some ELF files included... maybe "easier" for Reversing.
Best Regards
adfree said:
@ anghelyi
http://forum.xda-developers.com/showpost.php?p=10304951&postcount=3
Here I have attached some more things about Bootloader... some ELF files included... maybe "easier" for Reversing.
Best Regards
Click to expand...
Click to collapse
Thanks! I'll check it!
Little overview...
Best Regards
Hi adfree,
Can you say me the name of PSAS software please?
http://psas.revskills.de/
RevSkills is the new name of PSAS.
This feature only in registered Fullversion possible.
NOT in Trial Version.
Best Regards
Thanks but seems to be not compatible with windows 7 64 bits
Will try later, Have a good night adfree
look like that apps_compressed.bin contains a big secret
i flashed amss.bin file & apps_compressed.bin file from spoofable fw as an update for non spoofable fw and the result was getting a spoofable fw with its code name in the about phone menu but i lost all the updates made in the non spoofable fw
can anyone know where is the part in the app_compessed.bin that allow spoofed games run or not?????
To clarify:
I'm NOT support spoofing.
Prior files were not decompressed, "only" decrypted.
But now.
http://rapidshare.com/files/453882158/XXJL2decrypted_apps_decompressed.rar
File is from XXJL2.
Maybe we can find other usefull infos.
Best Regards
Now we can encrypt.
Thanx to ho1od
Any suggestions?
Mabye few things can be enabled or disabled...
TRUE can be found 600 x
FALSE over 700 x
Best Regards
I'm working on decompression QMD, thanks to mijoma
I was looking for the decompressed files of apps_compressed.bin (S8500XXJL2 and S8500XEKC1 only), but the link does not work.
If anyone (or you, adree) can decompress (not only decrypt) those files and upload them somewhere, that would be very kind/nice. Maybe I can work something out and if we are ever able to encrypt the files back, we may have a new better cleaned up version by that time.
Btw, thanks for the efforts, adree and ho1od.
Lets start again with these Pictures *.img
Header
compress LZ
Okidoki... seems compressed.
Now I found in bada SDK files.
Original BMP files from little bada...
Check out:
PowerOnOff.ini
AnimationType=bmp
Then also PowerOnFlash=power_on.swf
Maybe we find working solution.
Theory:
1.
Find way to decompress or compress to make valid *.img.
2.
Change *.img into something else accepted from handset...
*.bmp
*.swf
Maybe QMG is possible, like in Themes?
*** who knows...
3.
Do nothing... wait...
Best Regards
I think it's more power_on.swf than img files.
If possible if I find someone who works on flash, will try second possibility.
Sorry,能用中文解释下吗?thanks
What we know about *.img
Resolution is 480 x 800 Pixel (S8500/S8530).
"Level 1"
Find *.img with 1 Color...
I found black.
Then I replaced all files by same black Image...
"Level 2"
I need second Color... I think I know where to find... I think it will be white...
Best Regards
So I have now 2 Colors. Black and white, both are 480 x 800 Pixel.
If you compare both files you see around 391 Differences... hmm most Value:
F8/F0
Please. I wish to find more 1 Color *.img files.
Maybe then users with more brain can find algo, or Tool exists to create these Pictures...
Best Regards
I think I know what it could be... maybe.
TIFF compressed Bitmap *.tif ... LZW Compression.
Maybe some Header changes...
Edit...
Several Compressions for TIFF exists... depend on Grafik Tool...
PowerOnOff.ini is 3 times in Wave... if different depend on Branding:
\Registry\
\Settings\Default\Registry
\SystemFS\Settings\PreConfiguration\Default\Registry
All 3 files are not writeprotected. You could:
(A) Delete PowerOnOff.ini
Silence + no Animation
(B) Edit PowerOnOff.ini with other path to folder... maybe:
PowerOnAniImage0=/Mount/Mmc/PowerOnOff/Image/poweron_00.img
instead writeprotected folder
PowerOnAniImage0=/SystemFS/PowerOnOff/Image/poweron_00.img
Best Regards
Edited again.
Tested, yes it works.
I've changed path to Memory Card. Now I can play faster...
Very simple.
1.
Copy PowerOnOff folder to card.
Attention, if you choose subfolder, my path is only for Root... check exact folder or edit PowerOnOff.ini again.
2.
Copy my example to folder:
\Registry\
Nice how do you extract the bmp files?
Edit: look this video you will love
http://www.youtube.com/watch?v=Er9fhJWNL70
http://www.megaupload.com/?d=Y65D7LR1
Here are 3 different Animations:
DREI
T-Mobile
PRT Poland
In combination with my modified PowerOnOff.ini you can easily switch between them.
@ lasentenza
Nice how do you extract the bmp files?
Click to expand...
Click to collapse
BMP files taken from Language packs from bada SDK...
*.img but in this time Images and ready for open with WinImage...
Best Regards
... ... Friends IMG to edit the files and use them in the device I found this program that uses the QT ... thank by psycoy
http://www.4shared.com/file/weq4iPSk/Alcis_IMg_editor.html
@ psycoy
Please, can you upload 1 selfmade *.img as example?
I'm not smart enough to use your Tool.
*.img not open
And if I import an *.bmp and save... the result is not the same like valid *.img.
Please enlight my little brain.
Thanx in advance.
Best Regards
I've reduced PowerOnOff.ini to only poweron_00.img and poweroff_00.img.
So I can faster Brute force...
And I see better result...
Attention!
Once I made an mistake in PowerOnOff.ini and result was Bootcycle.
So please only try at your own risk.
Best Regards
Thanks a lot adfree, you find 3 animation boot
Just try it changes from bada animation
You are making great job
http://www.megaupload.com/?d=T5YF5620
I've "fixed" T-Mobile Animation, as they "forgot" 4 Pics from bada Animation...
Maybe this was the reason, why second folder only used.
I've added Orange Poland Animation...
So I have 5 Animations (second T-Mobile not included).
Maybe someone know more Animations?
Eplus?
O2?
There are many Operator... i hope.
S8530 also possible, as same Resolution.
Best Regards
Edit 1.
Found more Animation(s)
Found third Color... Now I have black, white and red.
But red is complete different and double in size... strange...
New attempt.
Created 480x800 black and white Pic and converted into QMG (Theme).
As I thought Idle_Background.qmg converted into IdleWallpaper.cbm could help.
But, QMG is to small... only 1 KB
CBM is tooo big... 1,5 MB
My black or white *.img only 51 KB...
Best Regards
adfree this is cool. I've been wanting to get to the bottom of the .IMG file mystery for awhile now.
The Alci's IMG Editor program is a mod tool for the GTA San Andreas game. I tried opening a .IMG file and it didn't work for me either. It's possible theres no connection with the QMG .IMG files at all. I'm not sure what the QT reference is in relation to.
Found 2 new Animations from American Firmware:
Entel and ViVo
Found 4. color... blue
OemBmPreShutdown: Inform the power off to CP side
Click to expand...
Click to collapse
Hmmmm... maybe Algo is in amss.bin.
CP could mean Call Processor...
Maybe this is Qualcomm Compression...
Best Regards
hi adfree
can you please give me instructions on how to use these animations???
i've stune, samsung wave , no sd card
is it possible without the card???
thanks in advance
ok i understood what i needed
i changed the 3 ini files with \Media\Poweronoff and added the files in the phone's internal memory
so yes i did it without a memory card and used t-mobile files
now i want vodafone's files because my network is vodafone
can someone upload them for me????
please do something for small wave phones
i.e wave s5250 etc thanx~
luciferps said:
please do something for small wave phones
i.e wave s5250 etc thanx~
Click to expand...
Click to collapse
sure i will do anything you want just i can't use trix as it is not working on my laptop
also i donot have a wave s5250 to do some expermints on it
sorry man if i can i will
This Tool is amazing. Many features.
Source is here:
http://rk-team.net/showthread.php?11-%CD%EE%E2%FB%E5-%E2%E5%F0%F1%E8%E8-QuB
"Lesson 1"
Make hidden folders visible for research and Backup.
For instance folder System is the RC1 file, mounted into RAM...
Many Thanx RusEm and Team.
Best Regards
Hi thank you for this tool but it is only for "qualcomm" platforms i think (not sure). In s8500 qualcomm is only processor for calls.
QuB is designed for Samsung handsets.
This command is 100 % working on S8500 and U700, tested by me.
You have to select same COM Port like you would choose for File Manager...
No magic.
Then you have access to nvm folder, system folder and few more...
System folder is read only as it is the mounted RC1 file...
Best Regards
But... with this... what kind of researches could be done?
"Lesson 2"
Decrypt Firmware files, like:
apps_compressed.bin
and
boot_loader.mbn
Best Regards
adfree said:
"Lesson 2"
Decrypt Firmware files, like:
apps_compressed.bin
and
boot_loader.mbn
Best Regards
Click to expand...
Click to collapse
If you can decrypt bootloader... that's mean you're closer to install other os?
Ok, maybe the information given in "lessons" can cause more expectation
Waiting for lesson three!
does all these features run on trial mode???
or should i buy the app
there is no profile for s8500 why???
i know you are not the developer of the app adfree but i just wanted to put those questions
does all these features run on trial mode???
Click to expand...
Click to collapse
Yes.
Public solution.
Tested with QuB_public_v.0.3_001_beta.rar
Best Regards
@adfree: take a look at the screen, i got only question mark on the application. do you know what is the problem?? may be due to lang files ??
Main Language is Russian.
See Screenshot. Blue marked... then you see right Russian-> change into English.
Not all Text is translated.
Best Regards
wonderful new tool
-i am able now to view the files in the ram but don't know what to do with them
-after decryption of apps_compressed.bin i found out that i have a very little brain to modify in that file
i can't wait for lesson 3
thanks adfree and good luck
"Lesson 3"
apps_compressed.bin
Decompressed example from XXJL2 is here:
http://forum.xda-developers.com/showpost.php?p=12300153&postcount=17
Code:
Type : Unofficial Version
Number : 362
Builder : Administrator
Host : S1-AGENT05
Date : 2010/12/23
Time : 14:24:54
[B][COLOR="Red"]Size[/COLOR][/B] : 82576764 bytes
CheckSum : 0x32cdbee8
I was not able to decompress with QuB, maybe my fault...
Helpfull would be, to know which part is with CheckSum.
82576764 bytes
Best Regards
Really nice tool.
Setting FmSecureMode to off gives us the chance to see where everything is located and we can investigate and chang the files on the pc. now we need to find a way to get them back to the wave
Maybe with PfsDeleteList.txt / *.pfs ?
Also after reboot FmSecureMode is set to on again.
But we can already see where the fonts are located, that the sms viewer is html/css based like the one for email and any other messages (so we can easiely change layout, colors, font-size,...) and a lot of other things like replacing images etc.
When we get this working, nothing keeps us anymore from a fully customized bada
In combination of TkFileExplorer 2.4 you can see this.
Caution!
Renaming or other Directory Manipulation can lead to Bootcycle.
At your own risk.
http://forum.xda-developers.com/showpost.php?p=12515691&postcount=20
Thank you very much for posting Xenon.
Best Regards
yes indeed the tool works fine
adfree said:
Main Language is Russian.
See Screenshot. Blue marked... then you see right Russian-> change into English.
Not all Text is translated.
Best Regards
Click to expand...
Click to collapse
How did you get the s8500 otion in handset? I dont have it. Do you have a plugin for it?
How did you get the s8500 otion in handset?
Click to expand...
Click to collapse
I've made my own... but not all Settings... So it makes no sense to upload.
Best Regards
adfree said:
I've made my own... but not all Settings... So it makes no sense to upload.
Best Regards
Click to expand...
Click to collapse
Still can u please upload it? Its a kind request.
There is nothing special...
Make folder + S8500XXJL2.ini...
Folder is nearly empty... I've made an Logo.jpg with text.
But again. You NOT need it. As mandatory parameter are wrong or missing...
[Loader]
[PreConf]
[Patch]
...
1.
You can use S8500 or other not listed Samsung handsets like U700 with QuB. BUT not with all features...
2.
Many features NOT need attached handset...
Best Regards
Need help in decompressing Rc1 and Rc2 files. I see some tabs in Qub saying Rc1 and Rc2. Dont know how to use them to dump rc1 and rc2 files. And if I do, is there any way to upload them back like in trix. Or can you use trix to decompress rc1 and rc2 files? If yes, how? Help would be very much appreciated.
Since when handset can handle oap files?
Never seen before nor tested...
I can see in WinComm some actions...
Best Regards
You have just discovered a method to install applications like .apk for Android?
If yes.... :') i would be so happy!! (we would be!)
A new era could begin.
great work AdFree! as always
I heard that first version of bada (1.0) was able to install *.oap files, but samsung disabled it to prevent from installing piracy apps. Maybe some CSC feature or variable in firmware?
So cool
but I tested both encoded OAP and decoded OAP and none of them works!!!
but a problem is that when i open asphalt6.oap with size of around 400mb it shows error without even 1 second loading
so where is the problem?!!
Well
You need to see this
It is so funny
This is DCF file
Of course it throw on me an error after opening dolfin
Best Regards
Tested short on JL2 ...
oap is not supported file... but DCF same info.
On bada 2.0 DCF leads to wrong site... maybe because this:
http...http...
Later more... need some time to test few things...
I'm now on JL2 and investigate more in certs... certchain...
About oap...
I heard that first version of bada (1.0) was able to install *.oap files, but samsung disabled it to prevent from installing piracy apps.
Click to expand...
Click to collapse
Yeah... Its complete weired at all...
http://developer.bada.com/badaforum...de-sdk&messageId=5584&startPage=94&curPage=96
From may 2010...
But remember... We have to differ between bada SDK (Developer) signed "testapps"... commercial apps from store... and Samsung signed apps...
But please take an look into:
AppEx\Sys\SamsungApps\SamsungApps.oap
Their are 3 more oap (ZIP) which are autorestore if you delete the apps from Osp folder...
Also all transfered files from Kies or from internal Store are oap (ZIP)...
Maybe we have to find correct folder...
Maybe we need license file + oap...
Maybe...
But why Samsung integrate this into handset visible for us?
Samsung has humor like this Andromeda Warp thingie...
An kind of easteregg?
Best Regards
Little progress...
On S8500XPKG5 I saw AppEx/Sys folder with both:
*.oap
AND
*.zip
Install of OAP shows me Error 0108...
Maybe I have an idea... will check more with WinComm...
Best Regards
0108
Installation failed: Failed to find root certificate.
The root certificate is not found on the device.The root certificateis required to build the certificate chain for the application integrity check.
Click to expand...
Click to collapse
...
Best Regards
Okay.
For XPKG5 I have managed to install all 3 types of App via ZIP... OAP.
I can install Samsung internal Apps... like in Firmware.
"Cert A"
I can install Samples like in SDK...
"Cert B" = rootCACert.cer
I can install Apps from store...
"Cert C"
All 3 Installations from SD Card or internal Memory with simple zipped files.
Best Regards
Stotter spotz.. since when does Bada support zip files
So how did you installed apps?
is there a special location we should put special certs there?
OAP Installation only successfully in XPKG5...
In other Firmware blocked...
Not sure yet why...
I will do some more tests...
XPKG5 include ZIP + OAP files... they are not 1 : 1
BDAgent.oap
BDAgent.zip
Maybe OAP need special Flag to work... will try if I am back on other Firmware...
Other method to install, this time in folders structure:
http://forum.xda-developers.com/showpost.php?p=24992809&postcount=35
Best Regards
hi adfree, I long to write to you on this issue with the files. OAP but I forgot as proof that telling the truth I'll add screen and a link to the file to confirm that I have not changed before extensions, i upload this file maybe can be useful to someone. sorry for my english i use google translate
rapidshare.com/#!download|214p1|3925164345|a6tczu9746.oap|24690
adfree said:
OAP Installation only successfully in XPKG5...
In other Firmware blocked...
Not sure yet why...
I will do some more tests...
XPKG5 include ZIP + OAP files... they are not 1 : 1
BDAgent.oap
BDAgent.zip
Maybe OAP need special Flag to work... will try if I am back on other Firmware...
Other method to install, this time in folders structure:
http://forum.xda-developers.com/showpost.php?p=24992809&postcount=35
Best Regards
Click to expand...
Click to collapse
Maybe winmerge is useful for comparing differences of these 2 files
BTW can device handle encoded OAP files?
@ maniek909
Your file is ENcrypted *.oap... During Installation on Wave it will be DEcrypt into "other Format"...
Then second *.oap file is only ZIP Archiv...
@ r_22009
Total Commander can compare 2 file also.
Best Regards
Now i have XPKG5
would you mind telling a short tut to install OAP?
thanks
would you mind telling a short tut to install OAP?
Click to expand...
Click to collapse
Only XPKG5...
1.
Install Certs... start with Cert from bada SDK:
rootCACert.cer
2.
Your app is now in ZIP Format... Check it or create self.
Rename into .oap
Remember, with rootCACert.cer you have to try better with bada SDK signed Apps...
Other 2 Certs came from Firmware... extract them...
Code:
Samsung_RootCA.crt
SamsungSBRootCA.cer
Best Regards
would you mind uploading the first cert as i dont have SDK? thankx
I am little bit paranoid...
I don't think Samsung is my best friend, if I share now their Certs...
To protect myself...
Btw...
Please be sure... you have visit and read some other threads...
As rootCACert.cer is floating around...
Btw 2...
I have forgotten, that Samsung moved in bada 2 to RSA 2048... before most RSA 1024 used in bada 1.x ...
So more Certs possible to try...
@ r_22009
Summary for you...
Use search or Google ...
Input:
rootCACert.cer
Best Regards
S8530 XPKD6 can also handle OAP...
Maybe interesting for research...
Best Regards
i need csc edit tool for wave y
bcz not edit All Wave Remaker so plz give me a any idea how to edit wave y F W
Please.
1.
Firmwarename
example...
S5380... INU ?
2.
Later ...
Best Regards
[QUOTE=adfree;
this FW S5380FXXKL_OXEKL2 bczz this FW no call recoding so i want add call recoding so i need edit csc file
stune not show System file not sow nv file so i want edit direct F W csc file plz help me which tool edit csc file
Wave_Remaker... can do this...
S8600, S7250, S5380 have more ""Security""...
But for extraction Wave_Remaker...
Version is mandatory or additional steps required.
Later more...
Best Regards
adfree said:
Wave_Remaker... can do this...
S8600, S7250, S5380 have more ""Security""...
But for extraction Wave_Remaker...
Version is mandatory or additional steps required.
Later more...
Best Regards
Click to expand...
Click to collapse
where i learn help me sir and thanx for reply
CSC_S5380K_India_ODD.CSC
Short tested with this file...
You are right. Wave_Remaker can NOT with 1 click...
Are you able to work with HEX Editor ?
I have NOT much time for other handsets...
Maybe easiest way to replace last 1024 Byte from S8600 or something similar...
Can't remember if S7250 same problem...
But short on S5380 I can find encrypted part... cut... decrypt...
Best Regards