i wrote a new tool that you can use to read the rom image, it can be found at:

http://nah6.com/~itsme/bkondisk.zip


usage:

first copy bkondisk.exe to \windows on your device, then:

prun bkondisk [targetdir]
will save all partitions on all volumes in files on [targetdir]
prun bkondisk -v0 -p1 [targetdir]
will save a specific partition on [targetdir]
prun bkondisk -v0 -b0 -n1 \firstblock.img
will save the specified blocks to \firstblock.img
prun bkondisk -i
will only list disk info in the logfile "\bkondisk.log"

-v0 or -v1 to specify the volume
-p0, -p1, etc to specify a partition
-b0 etc to specify a starting block ( ignoring partioning )
-n32 specifies to read 32 blocks starting at the above block.

note: you DON'T need to put quotes around directories with spaces in it.
when no path is specified, files will be created in the root.

Thanks! I've got a couple of questions... it extracted the following files:
bk_00_0000.img
bk_02_0005.img
bk_03_0025.img
bk_06_0001.img
bk_08_0175.img

What do these files refer to (which one is the ROM, etc). Also, is there a way to write these backups back to the phone? It would be a great way to try out test roms and get back to my original T-Mobile ROM if necessary.

bk_00_0000.img - IPL : ONBL1 + ONBL2
bk_02_0005.img - GSM + splash + gsmdata + simlock + serialnrs
bk_03_0025.img - OS
bk_06_0001.img - SPL
bk_08_0175.img - userfilesystem

Is there a way to write them back to the phone? or is that not possible...

is it possible to get a .nbh files out of these files?

My idea would be to "glue" the 4 files together (bk_00 to bk_06) in one file, rename the file to RUU_signed.nbh and exchange the RUU_signed.nbh created by the RUU.exe in \Profiles\[user]\Local Settings\Temp\pftxx.tmp with this one and then run on the RUU.exe with the modified .nbh

for example in DOS:
copy /b bk_00_0000.img+bk_02_0005.img+bk_03_0025.img+bk_06 _0001.img RUU_signed.nbh

Is it that simple?

EDIT:
Ok this easy way doesn't work.
RUU says "Error 238 - File read"
Maybe some kind of checksum is missing....

1. Could these files be used to create a nbf file to flash from the sd card as a backup?
2. Would it be possible to modify sim/cid lock?
3. Are these files in raw (dump) format that could be edited in hex editor?

P.S. Thanks to your other posts (works) that helped me figure out the whole sd card flashing thing for the Dash.

Maybe this helps a little bit to get ideas.
I have been searching here for nights - this is what I found so far:

1. I think it's similar to the Hermes - nobody found a way till now - the first step is to modify a signed .nbh, deleting works but not adding a file:
Hermes - how to dump ROM (http://wiki.xda-developers.com/index.php?pagename=Hermes_HowtoDumpRom)
Hermes - new custom ROMs (http://forum.xda-developers.com/showthread.php?t=289377)
Hermes - ROM cooking and Bootloader MFG 1.01 (http://forum.xda-developers.com/showthread.php?t=290206)
aChef ROM Utils (http://forum.xda-developers.com/showthread.php?t=290206)

2. This is the way Imei-Check is CID-unlocking - investigated by pof:
Reverse Engineering the Herems imei-check unlocker (http://forum.xda-developers.com/showthread.php?t=280819&p=1046444)

Maybe there is another way like Zone-MR is doing it for the Star100/Qtek 8500
Star100 Unlock procedure (http://www.spv-developers.com/forum/showthread.php?t=6581) but here you have still to decryt/encrypt the block in my understanding and therefore you have to find out the key

3. I didn't find anything about this so far, but I think the information is anywhere at XDA-Developers

EDIT: here (http://www.gpspassion.com/forumsen/topic.asp?TOPIC_ID=72270&whichpage=3) (nl)itsme wrote:
.... but i am still busy, have not had the time to look at creating a tool to convert a memdump to a updater file.

so I hope he will find the time to create this tool

P.S: @itsme and @pof: I also want to thank you very much - you are heroes!!!

1. Could these files be used to create a nbf file to flash from the sd card as a backup?
2. Would it be possible to modify sim/cid lock?
3. Are these files in raw (dump) format that could be edited in hex editor?

P.S. Thanks to your other posts (works) that helped me figure out the whole sd card flashing thing for the Dash.

After running the tool I got :confused: :

bk_0__0000.img (IPL? Is it same as bk_00_0000.img?)
bk_02_0005.img (GSM + splash + gsmdata + simlock + serialnrs)
bk_03_0025.img (OS)
bk_06_0001.img (SPL)
bk_08_0185.img (?????)

I did not get bk_08_0175.img, though.

Hints?
On the other hand, is it possible to extract files out of IMG files?

Thanks.