Related
I was asked to help get a file working today. and So I did.
Download the Official LG Expo ROM.
That will extract the files to C:/Users/All Users/LGMobileAX/Phone
you will then have a *.dz file
Copy that file somewhere it wont matter where, just so that DZDecrypt is in the same directory.
Once you have that, just either drag and drop the .dz file to DZDecrypt or load it up from CMD window.
You should get something like
C:\Users\Conflipper\Desktop\[LG] kitchen_2.0\TOOLS>DZDecrypt ROM.dz
DZ-Decryptor v0.5 *final* by BIGB0SS from COPS.
[■] Opening file "ROM.dz".
[■] Unpacking informations:
- Unpacking "amss.mbn" (Packed:0070CFF2 - Unpacked:00E4A000).
- Unpacking "partition.mbn" (Packed:000000B4 - Unpacked:000001D0).
- Unpacking "appsboot.mbn" (Packed:00032015 - Unpacked:000B3028).
- Unpacking "FLASH.bin" (Packed:0B7EFF74 - Unpacked:0DB5FA0B).
- Unpacking "apps.mbn" (Packed:00000014 - Unpacked:00000000).
- Unpacking "dbl.mbn" (Packed:00003141 - Unpacked:00008270).
- Unpacking "fsbl.mbn" (Packed:00013AE4 - Unpacked:00028E98).
- Unpacking "osbl.mbn" (Packed:000297C1 - Unpacked:00054E74).
- Unpacking "dsp1.mbn" (Packed:002BDB58 - Unpacked:00749D64).
- Unpacking "fwua.mbn" (Packed:00006E36 - Unpacked:0000A43C).
[■] Closing file "ROM.dz".
This will give you all of the files that you need.
Please note that you need to use the file I have attached. This file has been edit so that it will allow for the larger Expo ROM, it was designed to be used with LG Incite and so here it is for the Expo.
Thank Copsfrance for the SRC and orginal tool.
Here is the .dz file broken down to its indivdual parts.
LG EXPO .DZ file Broken Down
250MB DZDecypt
Awesome stuff Conflipper thx
jug6ernaut said:
Awesome stuff Conflipper thx
Click to expand...
Click to collapse
Very cool now how about dumping flash.bin thats one heck of a ***** there too
Hello.
WP7DZExtract extracts every partition from DZ file and converts flash.bin to nb (opens by htcRIE).
My second tool WP7DZBuild builds DZ from partitions and their table (mb it will be not required, please pm me LG device owners).
By the way, files from that topic were extract using this tool.
Usage:
WP7DZExtract.exe input.dz output_dir, there input.dz is DZ ROM file, output_dir is directory.
In output directory will be created many files, one of them, flash.bin, is nb file, just rename it to flash.nb and open it using htcRIE or any tool.
WP7DZBuild.exe input_dir output.dz, there input_dir is directory constains flash.bin, output.dz is out file.
Note: This tools requires .Net Framework 4.0 (at least Client Profile). You can download it form Microsoft web site.
I hope it works (althrough my device is LG, but there is no way to dump or flash it's ROM). Any bugreports here.
Thanks!
I've used standart GZIPStream (works well for unpacking), but it's output doesn't equals original, i've tried to use SharpZip, DotNetZip and even gzip, but uselessly... LG Flasher doesn't work on my computer (why?), so i can't check my work, i fully hope on you, LG owners! Sorry for my english, i dislike online translators and write as i know, though my english skill is pour (too).
Very nice. Hope to get using this very soon.
Yes support for lg devices i am loving it :3 Thanks.
I will tested out.
thx for sharing
Build tool is ready!
Great work!
I'm getting a "#46 Cannot load. Invalid file format" when opening flash.nb with HTCRIE
Please post the link to your ROM, mb i broked down something while developed build tool.
Telus_LG_E900
airwa1kin7 said:
Telus_LG_E900
Click to expand...
Click to collapse
Everything works well. Mb you are using old version of htcRIE? Try to donwload most fresh. At least WP7DZExtract checks hash after unpacking and compares it with dz included, so if hash matchs file is successfully unpacked.
Screenshot
Your correct. I was using "0.5.0.12" Upgraded to "0.7.0.19" and it works.
I was able to get the LG Quantum dz and use these tools to have a look inside the rom and the registry. It makes me wish we could rebuild these roms to unbrand them.
fb401 said:
I was able to get the LG Quantum dz and use these tools to have a look inside the rom and the registry. It makes me wish we could rebuild these roms to unbrand them.
Click to expand...
Click to collapse
That's right, i wanted to build my own rom, but as i wrote above there is no rom for my device. Please test it LG owners, i want to check my gz.
WP7DZBuild
I have been working on my own encrypt/decrypt program. The decrypting is fine, however the trick is encrypting the extracted files back into a flashable image. Using GZip or Zip on linux produces a ROM that is 200 KB smaller than the original LG C900AT ROM. The LG flasher program gives the error "ErrNum 501 Load Image."
So I tried using your WP7DZBuild tool to create a ROM and it's size is 214 MB, the original ROM is ~191.8 MB. The LG flasher program does not give an error when using the ROM built with your tool, but the ROM will not flash to the phone (LG Quantum C900). The LG flasher program just sits waiting. It seems as if the recompression of the files is the key to making the build process work. The original ROM from LG contains files that are decompressable with GZip, but using GZip to recompress results in an invalid file.
I have looked at the binary file produced when using both GZip and Zip, both contain the filename which is not included in the Original ROM . Also, looking at the GZIP file format, some of the Data headers are empty in the original ROM, but both GZip and ZIP fill these fields in.
Do you guys have any ideas as to a ZIP program/library that can output a valid Zip file for inclusion in a flashable ROM that does not include the name of the file that was compressed to make the file? Maybe the original LG encryption program deletes/zeros certain fields in the Zip file header?
Also, just taking the decrypted original ROM's files while still compressed by whatever method LG used, I can create a flashable ROM (it's actually what my phone is running right now!). I'm thinking of GZipping the files and then going back and zeroing out the fields so that the data headers match the original. Maybe that will work.
Has anybody else tried to rebuild a ROM and flash it to the phone?
Everyone test on kdz g5 ?
I found into shp folder *.so files and I want to ask if we can edit them
because I want to see what have in the files
OpEuroIME.so and OpEuroIMESetting.so
HEX Editor... expect not tooo much.
This leads to this...
http://forum.xda-developers.com/showthread.php?t=1294406
But we could investigate, if this or other files about language is in arabic S8600...
Best Regards
.so are equivalents to .dll libraries which you can find in Windows. They contain almost only machine code.
And you cannot edit them, because these are digitally signed, first you'd have to bypass integrity&sign check mechanisms.
Some one using Linux can try this program please?
http://www.fileinfo.com/extension/so
Not to edit, but if it was possible at least to read .so file?
you can see GCC compiler in SDK files....of course if you have it
"SDK Path"\Bada\2.X.X\Tools\Toolchains\ARM\arm-bada-eabi\bin\gcc.exe
You can see this in the readme file too
The executables in this directory are for internal use by the compiler
and may not operate correctly when used directly. This directory
should not be placed on your PATH. Instead, you should use the
executables in ../../bin/ and place that directory on your PATH.
Click to expand...
Click to collapse
So any ideas about a DEcompiler
This is just a compiler that make .so files....Maybe non-compressed ones only too
Best Regards
ML90 Did you try to see so file with SDK?
Because I never used it
There is nothing to see in there
You can use gce2elf plug-in for trix to decompress .so files from bada 2.0 and the files will be converted to elf files that were available in bada 1.2 FWs before
S8600 .so files can't be decompressed until now !
There is no way to compress files back yet !
As i say these files can contain pure code and no pics or any stuff like that as they are compiled from .O libraries files used by C/C++ apps
We need the real experts to come back and help us
Best Regards
Thanks for your answer.
Even if we got pure c++ code perhaps we should be able to see what for exemple setting.so file call on other file firmware... that was my idea
After I know we can not rebuild a file, but it's just to have some more infos that should be usefull?
After I know we can not rebuild a file...
Click to expand...
Click to collapse
This is not 100 % correct...
*.so files are signed... So Security is main problem...
To modify or to rebuild is only problem of skills...
If "Android boys"... ...
See here:
*.so files are also known in Android world...
http://forum.xda-developers.com/showpost.php?p=23559274&postcount=15
Android use folder lib with *so files...
Maybe good chance to find some source... if these files also open source...
But again.
Break first Security check, then you can modify *.so files... depend on your brain.
But at the moment Dead ends...
Smart skilled users on ""holiday""... or missing in action...
First "safe" attempt to remove Security Check:
apps_compressed.bin...
Compression Algo needed... as you have no full access in compressed BINary...
If Bootloader checks *.so files... maybe FOTA could help...
To break RSA 2048...
I hope few of our smart Devs come back to bada Hacking.
To search and find *.so sources in Android world is not useless...
Maybe it helps to better understand.
Best Regards
hi,
editing is not a problem - we dont need to compress gce back - similar situation to rc1/qmd image (gce is light weight qmd version)
Happy to see you there Kubica, we realy need your knowledge
Bada have no big interest if we can't custom firmware (thanks to samsung ).
Someone could post and edited so file please? it's just to see relation with others files in the firmware.
editing is not a problem - we dont need to compress gce back - similar situation to rc1/qmd image (gce is light weight qmd version)
Click to expand...
Click to collapse
Thanx b.kubica
Attached is DEcompressed Admin.so from S8500 XXKK5 as example...
With Help of TriX easy task.
Thanx again.
Here we can see (if we want) Codes as TEXT Strings...
http://forum.xda-developers.com/showthread.php?t=1154945
Prior in bada 1.x they were located in apps_compressed.bin... now in this Admin.so...
In theory we could edit few Codes to harder combos... like:
*#1234567#
But how remove or "rebuild" GeneralSoInfo.so.sig Integrity check
Vodafone branded Firmware or S8600 for instance uses few different Codes... sometimes...
Maybe this could 1 of our first modified *.so file, if someone break *.so Security check.
Thanx.
Best Regards
adfree said:
if someone break *.so Security check.
Click to expand...
Click to collapse
done
b.kubica said:
done
Click to expand...
Click to collapse
How
simple 1 byte patching
later I will post more info
On bada 1.x
Better on XXJEB, other not tested yet...
Only first 4 KB are signed...
If you change something at higher address... above 0x1000
See here:
http://forum.xda-developers.com/showpost.php?p=25255252&postcount=47
Big thanx mijoma
Now I will check again XXLC1... bada 2...
Anyway.
Big thanx b.kubica
My Preconfig Code is now:
*#1234567*#
Best Regards
---------- Post added at 11:27 PM ---------- Previous post was at 11:09 PM ----------
I can confirm... bada 2 on XXLC1 has improved Sig Check...
But now no problem anymore.
Thank you very much b.kubica
Best Regards
apps code:
Code:
// pseudo C
unsigned int AppPkgSvcRequest ( ... )
{
unsigned int action = *(struct field ptr);
switch ( action )
{
/* ... */
case 6:
/* check signature ;) */
break;
case 7:
/* ... */
}
}
assembled code:
Code:
patt: [B]06[/B] 28 3F D0 07 28
mask: FF FF 00 00 FF FF
replace first byte with anything grater than 7 and you'll know what are we talking about
Thank you very much b.kubica
For easy test... Code change in Admin.so:
http://forum.xda-developers.com/showpost.php?p=23127738&postcount=54
Now we could for instance play with Dolfin.so ... Browser.
I need more time to find something usefull.
Best Regards
Someone can explain please? I don't get it
very simply mod - Radio without earphones connected
from LA1 but should works on similar too.
rkDumpSlicer
RockChip firmware dump slicer to obtain flashable backup
Version 0.97 Windows
1. Slices dump of NAND into partitions (according "parameter" information)
2. Creates config,cfg for RKAndroidTool (1.xx, 2.xx)
Brief instruction
1) Download and unpack AndroidTool v.2.1 + rkDumpSlicer
2) Run AndroidTool 2.1
3) Get the "parameter" file (put a 0 in the "start" box and a 2 in the "count" at "advance functions" tab and press the "export image" button).
4) Open file ExportImage.img in any text editor (except MS Word).
5) Find line "CMDLINE:....bla-bla-bla"
6) Find last data in "mtdparts=rk29xxnand:" parameter (something like "[email protected](user)")
Value "0x005AE000" is count of blocks
7) Put a 0 in the "start" box and value from previous point in the "count".
8) Press the "export image" button.
9) Run "rkDumpSlicer.exe ExportImage.img"
The project is closed
Use rkDumperOld versions:
View attachment rkDumpSlicer_095.zip
View attachment rkDumpSlicer_096.zip
I don't know anybody needs this tool
Tell me please
RedScorpioXDA said:
I don't know anybody needs this tool
Tell me please
Click to expand...
Click to collapse
Hi Redscorpio
Have you seen this tool, I think it's similar to yours.
http://www.freaktab.com/showthread.php?12404-RockchipDumpSplit-Simplifies-the-creation-of-backups-from-rockchip-devices
dewettie said:
Have you seen this tool, I think it's similar to yours.
http://www.freaktab.com/showthread.php?12404-RockchipDumpSplit-Simplifies-the-creation-of-backups-from-rockchip-devices
Click to expand...
Click to collapse
I don't think so. Maybe even better , but I did this tool for myself. If anyone is not interesting I will not publish
RedScorpioXDA said:
rkDumpSlicer
RockChip firmware dump slicer to obtain flashable backup
Version 0.95 Windows
...
Click to expand...
Click to collapse
Just to know before I use your tool (or the other one in freaktab)
Some device makers post their firmware in one file, normally titled "update.img", in this are included all is needed.
Are flashed back using RKBatchTool ... your app will generate such file?
TIA
DaremoS said:
Some device makers post their firmware in one file, normally titled "update.img", in this are included all is needed.
Are flashed back using RKBatchTool ... your app will generate such file?TIA
Click to expand...
Click to collapse
Some files in "update.img" (RKAF) don't contained in devises partitions. For example: bootloader (like RK3188Loader(L)_V1.24.bin for RK3188), recover-script, update-script. You can add files and make own flashable fw (imgRePackerRK with option /rkaf)
rkDumpSlicer
RockChip firmware dump slicer to obtain flashable backup
New version 0.96 ready
+ RKAndroidTool's configuration files creating have added
- config_8.cfg for version 1.xx;
- config_16.cfg for version 2.xx;
thanks.
is this tools able to bacup rk2926
mithun roy said:
is this tools able to bacup rk2926
Click to expand...
Click to collapse
I haven't possibility to check
rkDumpSlicer
RockChip firmware dump slicer to obtain flashable backup
New version 0.97 ready
~minor bugs fixed
The project is closed
Use rkDumper
Excellent and reliable tool, thanks a lot!
Works much better for me than the other image splitting program which, for some reason, keeps aborting, telling me that I have 0.00MB or free disk space although I have hundreds of gigs free.
RkDumper is nice too, but I prefer doing a full NAND dump using RK Android Tool and use this one to split it.
Yet another one of your very, very useful tools, RedScorpio.
спасибо !
Hey guys, anyone on nougat 7.1.2 ?
Can you provide me full vendor folder from that rom.?
I'll be thankful to you
@dean [email protected]#, the easiest way is to download the factory-image, matching your ROM, and extracting vendor.img from there.
but bro @rp158 ,I want extracted vendor.img
How i can extract it.
@dean [email protected]#, corrected the link above. You've to extract the zip-file, simply. What's your problem preciesly?
@rp158 went to your given link extracted that folder then it also gives vendor.img. If you have nexus 5x can you provide me the folder from /system.
As I need this folder for porting purposes.
@dean [email protected]#: either I or you don't understand: nearly every month there's a new vendor.img. So you need the version belonging to your specific ROM-build, probably not mine.
To go on: post the build-number of your ROM.
Build number- (OPR4.170623.020)
Please provide it unpacked.
@dean [email protected]#: that's 8.0.0 revision 35. Cannot download the whole package atm, maybe tomorrow. But what's your problem now? The download, an unzip-function, anything else?
@rp158 My problem only is that I am not able to unpack vendor.img only.
@dean [email protected]#: it's a long way, with your minimal step-by-step- information
I guess, you've no PC available to extract vendor from factory image. I did it now by TotalCommander on my N5X... If this whyever doesn't succeed, I'll upload it to MEGA. But you'll understand, that's quite laborious for a monthly changing file...
Added vendor.img from 8.0.0 r35
@rp158 Is there any way to unpack this img
@dean [email protected]#: ookeee, now I understand. I was the whole time at the dark side of your moon, sorry. Look at this tool.
@dean [email protected]#: my actual vendor-folder 8.0.0 r35 as zip-file uploaded, finally (older image deleted). Hope it helps.
@rp158 Thanks bro for providing