Hi

Just wondering if anyone has made any new custom roms. I have looked so far as I can in the forums and I cant see a cooked rom from the kitchen for the hermes.

Would be nice to see if there is one superb one out there that would replace my rubbish t-mobile one!

Thanks

Phill

Right now everyone is using the 1.35 south africa released HTC rom with the latest imate 1.20 radio.
You first need to SIM/CID unlock your phone with pofs hacked radio rom (which you might need the slightly illegal bootleg bootloader downgrade from any version to 1.04 to accomplish)
then after that you can throw up 1.35 on your device, and use the aforementioned bootloader downgrade util to get down to BL1.04 to put the 1.20 radio rom only upgrade on.

Theres no cooked roms or kitchen ATM because the devices are locked to official roms only. Once someone figures out how to get around that its open season!

Unfortunately, due to encryption of the ROM, there are no custom "cooked" roms as of right now.

I am thinking of buying a Hermes however what is the latest AKU avaliable?

All shipped Hermes bootloaders enforce signature checking on NBH files against an HTC private key, this is what is preventing the development of custom AKU3.x cooked ROMs on Hermes (and all other new HTC devices).

The SPL can be hacked to avoid this, but it will require some months of research... if anyone here has knowledge with disassemblers / debuggers such as IDA Pro or radare, embedded device bootloaders and ARM/Thumb assembly and is willing to help with this, feel free to contact me on this matter and we can work together :)

I can't give a real estimation of when this will be possible, because it depends on a lot of factors, but I'm sure we'll be able to do it in the future...

Anyway, I see a lot of people willing to have an AKU3.5 on its hermes, but haven't seen anyone willing to cook it himself on this community yet :(... so we need people willing to cook Hermes ROMs first, otherwise the effort put in hacking the SPL is not worth it.

Do You Have Any Links To How To Cook Your Own Hermes ROM Pof? I Would Be Interested In Trying To Cook My Own ROM And If There Was A Turorial/Guide Telling People How To Do It I'm Sure That Many People Would Start Cooking Their Own ROM's.

Mousey

The tutorial does not exist because no one has done it yet, so if you investigate how to do it the first, you can do the tutorial. :)

A good starting point is having experience with ROM cooking on previous HTC devices, I don't want to discourage newbies in that area but it really helps a lot.

For the Hermes one must first learn how to extract ROM parts from NBH file, this is explained here (http://wiki.xda-developers.com/index.php?pagename=Hermes_NBH).

Then one needs to be able to modify OS.nb to add/delete files and modules on it, I have no idea on how to do this on hermes "OS.nb" files... on previous devices one could convert NBF to NBA and use mamaich imgfs tools (http://forum.xda-developers.com/showthread.php?t=249836), but I don't know how to convert Hermes OS.nb into NBA to do it.... so this point should be where people willing to cook ROMs should have to start researching.

I myself never cooked a ROM for any previous device, but have used cooked ROMs in my old BlueAngel and Universal, and more-or-less understand how the cooking process works because I've read the relevant threads on this matter here... I am also not going to loose my time cooking ROMs for the Hermes at this point, because I believe it's more important to loose it in research to provide a way to flash this cooked ROMs once they exist, but we'll get things done faster if we work in parallel, that's why I ask the community to start the cooking research now, even we don't have a real solution to flash the cooked ROMs yet.

All shipped Hermes bootloaders enforce signature checking on NBH files against an HTC private key, this is what is preventing the development of custom AKU3.x cooked ROMs on Hermes (and all other new HTC devices).

...

Anyway, I see a lot of people willing to have an AKU3.5 on its hermes, but haven't seen anyone willing to cook it himself on this community yet :(... so we need people willing to cook Hermes ROMs first, otherwise the effort put in hacking the SPL is not worth it.
Once we have chance to USE cooked ROMs we will start cooking, right away... No point in starting to cook it if there is nobody who can eat it... ;)

Once we have chance to USE cooked ROMs we will start cooking, right away...

Once you have the chance to flash unsigned code, you'll need 3 months of research to be able to cook a ROM because nobody has investigated on the OS rom layout of the hermes... you'll only be able to flash your splash screen if you stay there sitting and waiting for someone else to do it, we're a community of developers, and what I am asking is to work in PARALLEL.

No point in starting to cook it if there is nobody who can eat it... ;)

OK, let's make it easy: Imagine hacking the SPL to flash unsigned code takes 3 months, and producing a flashable OS.nb with AKU 3.5 takes another 3 months.

"blue pill") 3 months to hack SPL + 3 months to produce cooked OS.nb == 6 Months to have your cooked AKU 3.5 on Hermes.

"red pill") 3 months a group of people researching on method to hack SPL and another group of people investigating how to produce cooked OS.nb == 3 months in total to have your AKU 3.5 on Hermes.

In the Matrix, which pill would you take, the red or the blue? :confused:

i would like a lethal dose red pills please :D

pof, is it just me or does it seem like no one else is interested? Seems like lots of people are interested in flashing a cooked rom, but doesnt seem like many people want to help get there :confused:

@shogunmark: yes :(

To make things easier I've just published a tool to extract the contents of NBH files, so people does not have to mess with perl:

NBHextract: Extract contents from NBH files (http://forum.xda-developers.com/showthread.php?t=289830)

OS.nb can't be converted to a valid imgfs_raw_data.bin using mamaich prepare_imgfs.exe, I still don't know why. Theoretically it should be the same as a decoded nbf (or nba) file, but imgfs tools don't like hermes OS.nb :confused:

It would be great if anyone can have a look at it and point us in the right direction...

Oh pof and shogunmark,
you can belive, if I would have the knowledge I woul help you.:)
It's a nice tool to extract the .NBH and a good start to make things like romcooking. Thanks.

hi POF,
I've tried to run your tool but don't work.please let the world know about this software in order to reduce working time (from 3 months to 1,I hope)..
thanksss

OS.nb can't be converted to a valid imgfs_raw_data.bin using mamaich prepare_imgfs.exe, I still don't know why. Theoretically it should be the same as a decoded nbf (or nba) file, but imgfs tools don't like hermes OS.nb :confused:

Weird, I was using HTC 1.35 rom (ftp://xda:xda@ftp.xda-developers.com/Hermes/Shipped_Complete_Updates/RUU_HERMES_HTC_WWE_1%5B1%5D.35.255.2_1.35.255.102_ 1.08.00.10_SHIP.EXE) to do the tests, and was unable to get a imgfs_raw_data.bin bigger than 7Mb.

I have just tried with HTC 1.18 rom (ftp://xda:xda@ftp.xda-developers.com/Hermes/Shipped_Complete_Updates/me_dt_wwe_1182553_106_10303_ship.zip), and I could dump OS.nb without problems :eek:


C:\imgfs_tools>prepare_imgfs.exe OS.nb -acer
Searching for IMGFS start... Found at 00659000
Dumping IMGFS ...
Done!
C:\mgfs_tools>dir imgfs*
14/01/2007 09:11 53.215.232 imgfs_raw_data.bin
14/01/2007 09:09 0 imgfs_removed_data.bin
C:\imgfs_tools>viewimgfs.exe imgfs_raw_data.bin


Probably OS.nb has a different layout on newer Hermes ROMs... will have to investigate that! :rolleyes:

I've tried to run your tool but don't work

which problem do you have? it must be run from command line...

after download I tried to run exe file but appears a window with "impossible to run application configuration file not correct try to download again"..
maybe I wrong something..

after download I tried to run exe file but appears a window with "impossible to run application configuration file not correct try to download again"..
maybe I wrong something..
Hi
The way, I've testet the tool is the following:
1.unzip the NBHextract folder to c:
2. put the .NBH you want to extract in that folder.
3. go to the commad-console and switch to folder "NBHextract"
4. type"NBHextract.exe HERMING.nbh -v" now the tool extracts the content.
It's easy .

Weird, I was using HTC 1.35 rom to do the tests, and was unable to get a imgfs_raw_data.bin bigger than 7Mb.
It's the same problem with the german O2 Update:mad:

thank you scorpio16v

Ok 2 Questions.

1.
I Tried Running The Program On An NBH File I Downloaded But I Got An Error.
C:\>NBHextract.exe test.nbh -v
The system cannot execute the specified program.

2.
Most/All Of The Updates I Download Come In .exe Format, How Do I Get An NBH File From The Exe.

Finally. With You Being Able To Extract The OS.nb File Pof Does That Mean In Theory We Can Cook Roms From The Older (1.18) Roms?

Cheers
Mousey

Oh pof and shogunmark,
you can belive, if I would have the knowledge I woul help you.:)
It's a nice tool to extract the .NBH and a good start to make things like romcooking. Thanks.

its a learning process... we dont have the full knowledge, just bits and pieces and different security's with the hermes rom... We will get there, and the more people out there willing to help and try things then the chances are better we will find a solution sooner than later!

Ok 2 Questions.

1.
I Tried Running The Program On An NBH File I Downloaded But I Got An Error.


For the easiest way.. add the exe to the same file with the nbh. for example. create a folder on the c drive called dumps. Then from the cmd line run c:\dumps\nbhextract.exe rom.nbh -v


2.
Most/All Of The Updates I Download Come In .exe Format, How Do I Get An NBH File From The Exe.


If you have winrar installed then just right click on the exe and choose "Extract Here" and it will pull the contents out.


Finally. With You Being Able To Extract The OS.nb File Pof Does That Mean In Theory We Can Cook Roms From The Older (1.18) Roms?


In theory yes.. however there is still the problem of the bootloader security. So as of right now, no it cant be done, but it will be able to be done in the near future.... ;)

@shogunmark: yes :(

To make things easier I've just published a tool to extract the contents of NBH files, so people does not have to mess with perl:

NBHextract: Extract contents from NBH files (http://forum.xda-developers.com/showthread.php?t=289830)

OS.nb can't be converted to a valid imgfs_raw_data.bin using mamaich prepare_imgfs.exe, I still don't know why. Theoretically it should be the same as a decoded nbf (or nba) file, but imgfs tools don't like hermes OS.nb :confused:

It would be great if anyone can have a look at it and point us in the right direction...

Pof, this thing is sweet and works perfectly!! I just used it on the latest cingular public release!!!


Device: HERM100
CID: CWS__001
Version: 1.34.502.1
Language: WWE
Extracting: 00_IPL.nb
Extracting: 01_SPL.nb
Extracting: 02_GSM.nb
Extracting: 03_MainSplash.nb
Encoding: 03_MainSplash.bmp
Extracting: 04_SubSplash.nb
Encoding: 04_SubSplash.bmp
Extracting: 05_ExtROM.nb
Extracting: 06_OS.nb

Still Not Working.

I Put The NBHextract.exe In The Same Folder As The Test File And I Still Get The Same Error. Any Ideas?

Cheers
Mousey

Still Not Working.

I Put The NBHextract.exe In The Same Folder As The Test File And I Still Get The Same Error. Any Ideas?

Cheers
Mousey


make sure you give the correct file name, the command i gave above was just an example "c:\dumps\nbhextract.exe rom.nbh -v" that should be the name of the nbh, i just called it rom. for example, i extracted the nbh from the latest cingular rom its called ruu_hermes_1.34.502.1_1.16.00.00_wwe_cws_ship.nbh so the actual command i would use is:

c:\dumps\nbhextract.exe ruu_hermes_1.34.502.1_1.16.00.00_wwe_cws_ship.nbh -v


or you could just rename the nbh to make it a smaller command...

I Put The NBHextract.exe In The Same Folder As The Test File And I Still Get The Same Error. Any Ideas?
Weird, try to download it again and run it from the same folder the exe is in...

No Still Not Working.

Re-Downloaded It And It Still Won't Run.
If I Try And Run It From The Command Line I Get The Same Error And If I Try And Click On it Normallu It Says.

The application has failed to start because the configuration is incorrect.

Any Ideas?

make sure you give the correct file name, the command i gave above was just an example "c:\dumps\nbhextract.exe rom.nbh -v"

I Realised This. :)

Cheers
Mousey

No Still Not Working.
Check your PM, i've sent you another version.

hi POF,
please could you send me a copy too?
thanxxx

The application has failed to start because the configuration is incorrect.
The first version had a dependency on C++ run time libraries, which is now statically linked in the file, so it should work for those of you getting that error now. Download here (http://forum.xda-developers.com/showthread.php?t=289830).

Source code of mamaich's prepare_imgfs is available here (http://forum.xda-developers.com/showthread.php?t=249836), it searches for the last occurrence of this magic inside OS.nb file:


unsigned char IMGFS_GUID[]={0xF8, 0xAC, 0x2C, 0x9D, 0xE3, 0xD4, 0x2B, 0x4D,
0xBD, 0x30, 0x91, 0x6E, 0xD8, 0x4F, 0x31, 0xDC };


I've taken two OS.nb files, one from HTC 1.18 ROM (produces 53Mb raw_data.bin), and one from HTC 1.35 rom (produces 7Mb raw_data.bin), and searched the IMGFS_GUID inside them.

HTC 1.35 has it 10 times, while HTC 1.18 only 4 times. Here's the output of radare (http://radare.nopcode.org):


$ file OS118.nb
OS118.nb: x86 boot sector; partition 1: ID=0x20, starthead 2, startsector 2, 6398 sectors; partition 2: ID=0x23, starthead 0, startsector 6400, 5888 sectors; partition 3: ID=0x25, starthead 0, startsector 12288, 104448 sectors; partition 4: ID=0x4, starthead 0, startsector 116736, 122880 sectors, code offset 0xfd

$ radare OS118.nb
open 'OS118.nb'
File size: 60702720
[0x0000000000000000] > b 28
Block size = 28
[0x0000000000000000] > /\xf8\xac\x2c\x9d\xe3\xd4\x2b\x4d\xbd\x30\x91\x6e\x d8\x4f\x31\xdc
0x00000000000DCA78 '.search0'
offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 1 2 3 4 5 6 7 8 9 A B 0123456789ABCDEF0123456789AB
----------------+----------------------------------------------------------------------+----------------------------.
00000000000DCA78 F8AC 2C9D E3D4 2B4D BD30 916E D84F 31DC 4300 4500 4300 4F00 4D00 5000 |..,...+M.0.n.O1.C.E.C.O.M.P.|

0x00000000000DCDA4 '.search1'
offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 1 2 3 4 5 6 7 8 9 A B 0123456789ABCDEF0123456789AB
----------------+----------------------------------------------------------------------+----------------------------.
00000000000DCDA4 F8AC 2C9D E3D4 2B4D BD30 916E D84F 31DC 5800 5000 5200 0000 4300 6F00 |..,...+M.0.n.O1.X.P.R...C.o.|

0x0000000000540B28 '.search2'
offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 1 2 3 4 5 6 7 8 9 A B 0123456789ABCDEF0123456789AB
----------------+----------------------------------------------------------------------+----------------------------.
0000000000540B28 F8AC 2C9D E3D4 2B4D BD30 916E D84F 31DC 4300 4500 4300 4F00 4D00 5000 |..,...+M.0.n.O1.C.E.C.O.M.P.|

0x0000000000659000 '.search3'
offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 1 2 3 4 5 6 7 8 9 A B 0123456789ABCDEF0123456789AB
----------------+----------------------------------------------------------------------+----------------------------.
0000000000659000 F8AC 2C9D E3D4 2B4D BD30 916E D84F 31DC 0100 0000 0100 0000 0100 0000 |..,...+M.0.n.O1.............|

End of file.
[0x00000000039E4000] >



$ file OS135.nb
OS135.nb: x86 boot sector; partition 1: ID=0x20, starthead 2, startsector 2, 6398 sectors; partition 2: ID=0x23, starthead 0, startsector 6400, 5888 sectors; partition 3: ID=0x25, starthead 0, startsector 12288, 105728 sectors; partition 4: ID=0x4, starthead 0, startsector 118016, 121600 sectors, code offset 0xfd

$ radare OS135.nb
open 'OS135.nb'
File size: 61368320
[0x0000000000000000] > b 28
Block size = 28
[0x0000000000000000] > /\xf8\xac\x2c\x9d\xe3\xd4\x2b\x4d\xbd\x30\x91\x6e\x d8\x4f\x31\xdc
0x00000000000D0778 '.search0'
offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 1 2 3 4 5 6 7 8 9 A B 0123456789ABCDEF0123456789AB
----------------+----------------------------------------------------------------------+----------------------------.
00000000000D0778 F8AC 2C9D E3D4 2B4D BD30 916E D84F 31DC 4300 4500 4300 4F00 4D00 5000 |..,...+M.0.n.O1.C.E.C.O.M.P.|

0x00000000000D0AA4 '.search1'
offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 1 2 3 4 5 6 7 8 9 A B 0123456789ABCDEF0123456789AB
----------------+----------------------------------------------------------------------+----------------------------.
00000000000D0AA4 F8AC 2C9D E3D4 2B4D BD30 916E D84F 31DC 5800 5000 5200 0000 4300 6F00 |..,...+M.0.n.O1.X.P.R...C.o.|

0x0000000000534828 '.search2'
offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 1 2 3 4 5 6 7 8 9 A B 0123456789ABCDEF0123456789AB
----------------+----------------------------------------------------------------------+----------------------------.
0000000000534828 F8AC 2C9D E3D4 2B4D BD30 916E D84F 31DC 4300 4500 4300 4F00 4D00 5000 |..,...+M.0.n.O1.C.E.C.O.M.P.|

0x0000000000618410 '.search3'
offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 1 2 3 4 5 6 7 8 9 A B 0123456789ABCDEF0123456789AB
----------------+----------------------------------------------------------------------+----------------------------.
0000000000618410 F8AC 2C9D E3D4 2B4D BD30 916E D84F 31DC 0100 0000 0100 0000 0100 0000 |..,...+M.0.n.O1.............|

0x000000000063E368 '.search4'
offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 1 2 3 4 5 6 7 8 9 A B 0123456789ABCDEF0123456789AB
----------------+----------------------------------------------------------------------+----------------------------.
000000000063E368 F8AC 2C9D E3D4 2B4D BD30 916E D84F 31DC 0100 0000 0100 0000 0100 0000 |..,...+M.0.n.O1.............|

0x0000000000642E90 '.search5'
offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 1 2 3 4 5 6 7 8 9 A B 0123456789ABCDEF0123456789AB
----------------+----------------------------------------------------------------------+----------------------------.
0000000000642E90 F8AC 2C9D E3D4 2B4D BD30 916E D84F 31DC 0100 0000 0100 0000 0100 0000 |..,...+M.0.n.O1.............|

0x00000000006438B8 '.search6'
offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 1 2 3 4 5 6 7 8 9 A B 0123456789ABCDEF0123456789AB
----------------+----------------------------------------------------------------------+----------------------------.
00000000006438B8 F8AC 2C9D E3D4 2B4D BD30 916E D84F 31DC 0100 0000 0100 0000 0100 0000 |..,...+M.0.n.O1.............|

0x0000000000659000 '.search7'
offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 1 2 3 4 5 6 7 8 9 A B 0123456789ABCDEF0123456789AB
----------------+----------------------------------------------------------------------+----------------------------.
0000000000659000 F8AC 2C9D E3D4 2B4D BD30 916E D84F 31DC 0100 0000 0100 0000 0100 0000 |..,...+M.0.n.O1.............|

0x00000000032E83F0 '.search8'
offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 1 2 3 4 5 6 7 8 9 A B 0123456789ABCDEF0123456789AB
----------------+----------------------------------------------------------------------+----------------------------.
00000000032E83F0 F8AC 2C9D E3D4 2B4D BD30 916E D84F 31DC 0100 0000 0100 0000 0100 0000 |..,...+M.0.n.O1.............|

0x00000000032EBAC8 '.search9'
offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 1 2 3 4 5 6 7 8 9 A B 0123456789ABCDEF0123456789AB
----------------+----------------------------------------------------------------------+----------------------------.
00000000032EBAC8 F8AC 2C9D E3D4 2B4D BD30 916E D84F 31DC 0100 0000 0100 0000 0100 0000 |..,...+M.0.n.O1.............|

End of file.


prepare_imgfs finds IMGFS start at offset 0x00659000 for 1.18 rom and at offset 0x032EBAC8 for 1.35 ROM:


C:\imgfs_tools>prepare_imgfs.exe OS118.nb -acer
Searching for IMGFS start... Found at 00659000
Dumping IMGFS ...
Done!

C:\imgfs_tools>prepare_imgfs.exe OS135.nb -acer
Searching for IMGFS start... Found at 032EBAC8
Dumping IMGFS ...
Done!


So it's only reading from the last occurrence of IMGFS_GUID until the end of the file.

So I took OS.nb from HTC1.35 rom and splited it in 11 parts, each part starts with an ocurrence of IMGFS_GUID except the first:


-rw-r--r-- 1 root root 853880 Jan 15 04:54 os135part1.nb
-rw-r--r-- 1 root root 812 Jan 15 04:54 os135part2.nb
-rw-r--r-- 1 root root 4603268 Jan 15 04:54 os135part3.nb
-rw-r--r-- 1 root root 932840 Jan 15 04:55 os135part4.nb
-rw-r--r-- 1 root root 155480 Jan 15 04:55 os135part5.nb
-rw-r--r-- 1 root root 19240 Jan 15 04:55 os135part6.nb
-rw-r--r-- 1 root root 2600 Jan 15 04:55 os135part7.nb
-rw-r--r-- 1 root root 87880 Jan 15 04:55 os135part8.nb
-rw-r--r-- 1 root root 46724080 Jan 15 04:56 os135part9.nb
-rw-r--r-- 1 root root 14040 Jan 15 04:56 os135part10.nb
-rw-r--r-- 1 root root 7974200 Jan 15 04:56 os135part11.nb


If you look at the size of part11, this was the 7Mb that prepare_imgfs.exe was dumping out of OS.nb, so I took only the part9 (the biggest) and produced a 46Mb imgfs_raw_data.bin file, that I could dump successfully with viewimgfs.exe :D

Still have to investigate WTF are the other parts :confused:

I know this probably isn't too helpful. But we should try and get Faria and Molski from the 8125 thread over here to work on a ROM for this. They made some magical things happen with their custom Wizard ROMs. If I had a clue how to cook a ROM, I'd be all over it. But as it is, I can't even open the kitchen door.

Is there such a gap between the ROM technology of the Wizard and Hermes that someone with experience with the prior wouldn't know much about the latter?

I'm rambling... sorry.

Is there such a gap between the ROM technology of the Wizard and Hermes that someone with experience with the prior wouldn't know much about the latter?

There are two problems basically with Hermes:
1) OS.nb has a different structure and we can't use IMGFS tools on it.
2) Bootloader only allows code signed with HTC certificate to be flashed

Once we are able to solve these two problems, the way to cook a rom should be exactly the same in both devices :)

Here the start of each part, where you can see the IMGFS_GUID:


==== os135part1.nb =====
00000000 e9 fd ff 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|

==== os135part2.nb =====
00000000 f8 ac 2c 9d e3 d4 2b 4d bd 30 91 6e d8 4f 31 dc |..,...+M.0.n.O1.|
00000010 43 00 45 00 43 00 4f 00 4d 00 50 00 52 00 2e 00 |C.E.C.O.M.P.R...|
00000020 44 00 4c 00 4c 00 00 00 5f 43 6f 6d 70 72 65 73 |D.L.L..._Compres|

==== os135part3.nb =====
00000000 f8 ac 2c 9d e3 d4 2b 4d bd 30 91 6e d8 4f 31 dc |..,...+M.0.n.O1.|
00000010 58 00 50 00 52 00 00 00 43 00 6f 00 6d 00 70 00 |X.P.R...C.o.m.p.|
00000020 72 00 65 00 73 00 73 00 69 00 6f 00 6e 00 54 00 |r.e.s.s.i.o.n.T.|

==== os135part4.nb =====
00000000 f8 ac 2c 9d e3 d4 2b 4d bd 30 91 6e d8 4f 31 dc |..,...+M.0.n.O1.|
00000010 43 00 45 00 43 00 4f 00 4d 00 50 00 52 00 2e 00 |C.E.C.O.M.P.R...|
00000020 44 00 4c 00 4c 00 00 00 5f 43 6f 6d 70 72 65 73 |D.L.L..._Compres|

==== os135part5.nb =====
00000000 f8 ac 2c 9d e3 d4 2b 4d bd 30 91 6e d8 4f 31 dc |..,...+M.0.n.O1.|
00000010 01 00 00 00 01 00 00 00 01 00 00 00 34 00 00 00 |............4...|
00000020 08 00 00 00 00 02 00 00 00 10 00 00 58 50 52 00 |............XPR.|

==== os135part6.nb =====
00000000 f8 ac 2c 9d e3 d4 2b 4d bd 30 91 6e d8 4f 31 dc |..,...+M.0.n.O1.|
00000010 01 00 00 00 01 00 00 00 01 00 00 00 34 00 00 00 |............4...|
00000020 08 00 00 00 00 02 00 00 00 10 00 00 58 50 52 00 |............XPR.|

==== os135part7.nb =====
00000000 f8 ac 2c 9d e3 d4 2b 4d bd 30 91 6e d8 4f 31 dc |..,...+M.0.n.O1.|
00000010 01 00 00 00 01 00 00 00 01 00 00 00 34 00 00 00 |............4...|
00000020 08 00 00 00 00 02 00 00 00 10 00 00 58 50 52 00 |............XPR.|

==== os135part8.nb =====
00000000 f8 ac 2c 9d e3 d4 2b 4d bd 30 91 6e d8 4f 31 dc |..,...+M.0.n.O1.|
00000010 01 00 00 00 01 00 00 00 01 00 00 00 34 00 00 00 |............4...|
00000020 08 00 00 00 00 02 00 00 00 10 00 00 58 50 52 00 |............XPR.|

==== os135part9.nb =====
00000000 f8 ac 2c 9d e3 d4 2b 4d bd 30 91 6e d8 4f 31 dc |..,...+M.0.n.O1.|
00000010 01 00 00 00 01 00 00 00 01 00 00 00 34 00 00 00 |............4...|
00000020 08 00 00 00 00 02 00 00 00 10 00 00 58 50 52 00 |............XPR.|

==== os135part10.nb =====
00000000 f8 ac 2c 9d e3 d4 2b 4d bd 30 91 6e d8 4f 31 dc |..,...+M.0.n.O1.|
00000010 01 00 00 00 01 00 00 00 01 00 00 00 34 00 00 00 |............4...|
00000020 08 00 00 00 00 02 00 00 00 10 00 00 58 50 52 00 |............XPR.|

==== os135part11.nb =====
00000000 f8 ac 2c 9d e3 d4 2b 4d bd 30 91 6e d8 4f 31 dc |..,...+M.0.n.O1.|
00000010 01 00 00 00 01 00 00 00 01 00 00 00 34 00 00 00 |............4...|
00000020 08 00 00 00 00 02 00 00 00 10 00 00 58 50 52 00 |............XPR.|

Thanks for the info pof! This is probably a dumb question (as I have many), but is the IMGFS tool used for reading the dumped ROM?

With the bootloader issue, is there a way to completely replace/flash a bootloader on this thing? Meaning, with a custom bootloader.

Well, I warned you they were dumb questions, but I thought I'd ask anyhow.

but is the IMGFS tool used for reading the dumped ROM?
No, imgfs tools are used to edit WM5 IMGFS partition (replace/add/delete files) in OS.nb (equivalent to nk.nba in wizard), which contains all the ROM files, but OS.nb is not dumped from a device, it is exctracted from a shipped ROM upgrade.

With the bootloader issue, is there a way to completely replace/flash a bootloader on this thing? Meaning, with a custom bootloader.
The approach we'll take is to modify SPL.nb to remove signature checking, but we can't flash it because is not signed, so instead of flashing it we put it in memory and jump into it from WinCE, the same way haret does with linux kernel. This is the most difficult part and still is a lot of work to do in this area...

We can now flash unsigned code on hermes (http://forum.xda-developers.com/showthread.php?t=290206):

First test flashing a cooked OS.nb is unsuccessful :(

- ROM version is reported OK in splash screen
- Device doesn't pass splash screen
- Probably we can debug this with KITL, but need to investigate on that
- bootloader reports bad blocks in NAND after flashing (haven't figured out how to fix this yet).

Holy shit, thats great work POF!!!!

I will personally pay $50US to anyone that manages to get me a cooked AKU3.5 rom or even a crossbow release for my Hermes.

Problem with a cook ROM is not so much flashing, but to actually change the files within...
We need to be able to extra the files from within the archive (like \Windows configuration file etc...)

JY

Holy shit, thats great work POF!!!!

I will personally pay $50US to anyone that manages to get me a cooked AKU3.5 rom or even a crossbow release for my Hermes.

well with pof's help about the rom file (its different from what i have experiance with) i cooked the test aku 3.5 rom that he tried, if we can sort out the bad blocks it should at least boot, not having a hermes myself i cant test it though :)

no money though, i do this for free, if you want to dontate, dontate to xda-devs :)

Thanks pof, 300logic and others for the great work!

I tried to cook the hermes rom using the method that I successed when I created aWizard. Here's what I've done:
- generated the 06_OS.nb using NBHextract.exe
- run "prepare_imgfs.exe 06_OS.nb"

Two new files "imgfs_raw_data.bin" and "imgfs_removed_data.bin" were generated. But their filesize are 5040KB and 80KB only. This should not happen as the 06_OS.nb is 60060KB.

As I see that Midget_1990 has created a cooked rom. Does anybody know which part I have done wrong?

Thanks a lot!

@ahlok_hk: Please see comment #31 and #34, this answers your question.

Easier explanation if that was not enough clear:

- IMGFS_GUID is hex string which marks where filesystem starts
- Hermes OS.nb has several occurrences of IMGFS_GUID inside, while normal NK.nba expected by prepare_imgfs.exe only has one occurrence.
- Prepare_imgfs.exe only dumps the last occurrence of IMGFS_GUID.
- Because of this, imgfs_raw_data.bin is bad in most OS.nb files
- To "fix" one must split OS.nb in parts, where each ocurrence of IMGFS_GUID is found.
- Only run prepare_imgfs.exe on the BIGGEST part
- After editing imgfs_raw_data.bin, you have to run make_imgfs.exe with result
- Resulting file of make_imgfs should be "joined" with the other parts again.

The process of splitting and joining the files, has to be done manually (with hex editor).

Be careful when flashing resulting OS.nb, if it contains errors... it might break device (bad blocks on NAND).

If someone success, please post and explain :)

Thanks again pof. I was too lazy to go through all the posts. Now I can dump the files using the prepare_imgfs.

I found that in the pervious Wizard ROM (O2 1.5.4.2) there are also 4 places that contains the IMGFS_GUID as found in Hermes 1.18 ROM. But it use -nosplit instead of -acer in prepare_imgfs. As there is no -acer in buildimgfs, would it be the reason why the re-build process fail? Also has anyone tried using "-nosplit -acer" in prepare_imgfs?

And I just want to know in case (or your case at #37?) that the flashing of OS.nb fail, will it be possible that I can flash the 1.04 again and do a normal upgrade to recover the error? I want to make sure that before I flash my cooked rom. Thanks again.

I found that in the pervious Wizard ROM (O2 1.5.4.2) there are also 4 places that contains the IMGFS_GUID as found in Hermes 1.18 ROM. But it use -nosplit instead of -acer in prepare_imgfs. As there is no -acer in buildimgfs, would it be the reason why the re-build process fail? Also has anyone tried using "-nosplit -acer" in prepare_imgfs?
I tried -nosplit and -acer, but got same results...

And I just want to know in case (or your case at #37?) that the flashing of OS.nb fail, will it be possible that I can flash the 1.04 again and do a normal upgrade to recover the error? I want to make sure that before I flash my cooked rom. Thanks again.
You can flash 1.04 again and do a normal ROM upgrade, but AFAIK the bad blocks in NAND stay there, OS boots but sees less storage memory (only 5Mb)... if you have any idea on how to fix let us know :)

Hi

I've tried to flash a cooked OS using the SPL-1.01MFG bootloader, and it bricked my hermes.
It appears to have corrupted the NAND memory and generated a lot of bad blocks, I've tried to flash it again, both by extracting OS.nb from a shipped rom with MFG, and by flashing bootloader 1.4 again and flashing a full official rom. The result has always been the same, splash screen appears, version numbers seem correct, but hangs on clean splash screen right after that.
I attach an mtty log containing part of the output to info 8, the list of bad blocks is longer than the mtty buffer, so the listing isn't full.

Rammand

Using the imgfs tools, I cannot re-generate the same format(identical file) of the 06_OS.nb by the following sequence:
>prepare_imgfs 06_OS.nb -acer
>make_imgfs 06_OS.nb

If there is chance of having bad block when flashing cooked rom. Is there any chance of having bad block if I flash with just the original extracted 06_OS.nb?

If we can proof that flashing a good 06_OS.nb won't create bad block, I think at least we can modify the imgfs tools so that it can extract and re-create identical 06_OS.nb files, which makes flashing less risky...

@ahlok_hk: If you flash a cooked OS.nb 99% chance you get bad blocks (see rammand's comment!).
If you flash a orignal unmodified OS.nb 99,9% chance it will work and don't produce bad blocks.

I also can't recreate an identical OS.nb, even if I don't modify imgfs_raw_data.bin, so there must be something different, we have to look at the files in depth and see what changes between the original and cooked OS.nb after using imgfs tools.

...we have to look at the files in depth and see what changes between the original and cooked OS.nb after using imgfs tools.

So the first thing I guess is the -acer option that prepare_imgfs.exe provided but not for make_imgfs.exe. During Wizard rom cooking I use -nosplit in both commands but I can't use -acer in make_imgfs now.

As my c++ is bad, maybe someone else could make a new version of make_imgfs that supports the -acer reverse process (the imgfs tools and some source code is available in the following thread):

http://forum.xda-developers.com/showthread.php?t=249836

So the first thing I guess is the -acer option that prepare_imgfs.exe provided but not for make_imgfs.exe. During Wizard rom cooking I use -nosplit in both commands but I can't use -acer in make_imgfs now.

I had a very brief look at the source code, and I can implement the necessary changes. Right now I have to go and do some shopping, so give me a few more hours.

If someone else (pof?) made these changes already, please let me know so we can avoid double work. Btw, I think it also shouldn't be a problem to not just look for the last occurence of the IMGFS_GUID marker, but find them all and then use the one that starts the biggest block. Would avoid having to split up the input file into nine parts beforehand.

One question: where can I find more information about why we need to use the '-acer' flag with the Hermes?

I am new to cooking ROMs (but not to writing software in C/C++, so don't fear :), so I may have some questions.

Cheers
Daniel

If someone else (pof?) made these changes already, please let me know
No, I haven't and no one did AFAIK.

I think it also shouldn't be a problem to not just look for the last occurence of the IMGFS_GUID marker, but find them all and then use the one that starts the biggest block. Would avoid having to split up the input file into nine parts beforehand.
Would be great if you can implement this too :)

One question: where can I find more information about why we need to use the '-acer' flag with the Hermes?
Its only a guess, we don't really know... it's just because this option produces an empty imgfs_removed_data.bin file.

Take a good hex editor that is able to do binary diffs and compare the files created.
The goal should be to accomplish something like this:

prepare_imgfs.exe OS.nb ---> produce valid imgfs_raw_data.bin
make_imgfs.exe newOS.nb (takes previously created raw data file)

OS.nb and newOS.nb should be exact files if the raw data file is not modified.

Okay, I did some work on prepare_imgfs.exe.

The -acer flag seems to do very funny things. IMHO the fact that the imgfs_removed_data.bin is empty is a bug. I will have a closer look tomorrow.

I now have a version that creates a imgfs_raw_data.bin with a size of 44.544 kB (on the 1.25 ROM, with the -nosplit option - btw, with the -nosplit option, all the program really does is dump the found IMGFS section unaltered). So it seems to find the correct IMGFS marker. :)

The proof, I think, that the .bin file is correct is to feed it into viewimgfs.exe and get the expected results. That doesn't work yet - if I run my .bin file through viewimgfs.exe, it exits very quickly and produces no output. I will also look into this tomorrow.

The various options of prepare_imgfs.exe basically just set three values: a block size, the number of "useful" bytes per block, and the number of "additional" bytes per block. The useful bytes end up in imgfs_raw_data.bin, the others in imgfs_removed_data.bin. I am not sure if these values are parameters of the IMGFS file system, or if they have something to do with the way the device is flashed. I think it's the first, so I'll try to find some more information about the IMGFS format.

Does anybody have any hints where to find info about the IMGFS used here?

Cheers
Daniel

...
Does anybody have any hints where to find info about the IMGFS used here?

mamaich created the imgfs tools which run on Blue Angel. So maybe the following page could help:

http://wiki.xda-developers.com/index.php?pagename=BA_ROMFileFormat

Looking forward to your great work! :)

Thanks tadzio for your efforts :)

Does anybody have any hints where to find info about the IMGFS used here?

A couple of links that might be helpful:


http://forum.xda-developers.com/showthread.php?t=274912 (see Tutara's comments #24 to #52)
http://blogs.msdn.com/ce_base/archive/tags/File+System/default.aspx

I made some progress! :)

(Edit: There was a bug in the attached program, so I removed the attachment. A new version can be found in post #59 in this thread.)

Please find attached a version of prepare_imgfs which works for Hermes .nb files (as I wanted this to get out asap, I only tested it on 06_OS.nb, extracted from an 1.25 and an 1.35 update ROM).

As I did not want to disturb the code for the existing targets, and to make things easier to remember ;) , I added a '-hermes' switch. So, please call it like so:


prepare_imgfs 06_OS.nb -hermes
This will generate, as usual, a imgfs_raw_data.bin and a imgfs_removed_data.bin file.

Note that it is no longer necessary to split the 06_OS.nb file into nine pieces. prepare_imgfs.exe will now find all IMGFS signatures and automatically use the largest one.

If you then run


viewimgfs.exe imgfs_raw_data.bin
you will get a 'dump' subdirectory with all the files expanded. It didn't work for me at first because it needs the 'cecompr_nt.dll' DLL, and exits silently if it can't find that. For your convenience, I put it into the attached zip file.

Please also note that I haven't yet made the necessary changes to make_imgfs.exe. I will do that shortly.

Background info: the '-acer' switch seems to do the same as the '-sp' switch except that it doesn't write data to imgfs_removed_data.bin, which I think is a bug. The new '-hermes' switch does exactly the same thing as the '-sp' switch: every 0x200 bytes it skips 8 bytes (and saves these 8 bytes in imgfs_removed_data.bin). I have no idea about the purpose of these eight bytes.

Enjoy!

Cheers
Daniel

Wow! Nicely done tadzio!

I have a big problem with my O2 Xda Trion.
Ｔrion's (STORAGE TOTAL) changed to 13.08MB.I will show the picture．Ｉdon't know this is a hardware or software problem.
yesterday,I do this
SPL 1.01
USB> task 32
USB> task 28
USB> lnb OS.nb(WM6 dopod838)
USB> task 28
USB> task 8

But WM6 can’t no work in O2 Xda Trion.And I go back to 1.04,and Install RUU_HERMES_HTC_WWE_1[1].35.255.2_1.35.255.102_1.08.00.10_SHIP
And O2 Xda Trion can work,But have a big problem (STORAGE TOTA)L is 13.08MB.



POF,Please provide details of how to solve the problem．My English is not very good．some information i don't understand the means. please help ,and tell me how to solve the problem（details)
Or someone can help me!~~~~~~~~~~~~~

Thanks Daniel. I have tried the Qtek 1.18 ROM and result is as follow:
ROM url : ftp://xda:xda@ftp.xda-developers.com/Hermes/Shipped_Complete_Updates/ruu_hermes_1.18.255.3_1.18.255.108_1.03.03.10_qtek _wwe_ship.zip

Command line output:
-------------------
C:\hermes>prepare_imgfs.exe 06_OS.nb -hermes
prepare_imgfs.exe (Build Sun Jan 21 15:17:40 2007)
Searching for IMGFS start...
Found IMGFS at 00659000.
No IMGFS signature found. Exiting.

C:\hermes>
----------------

And no imgfs_raw_data.bin or imgfs_removed_data.bin is produced. But I am sure it will be fine in later versions. :)

Thanks Daniel. I have tried the Qtek 1.18 ROM and result is as follow:
ROM url : ftp://xda:xda@ftp.xda-developers.com/Hermes/Shipped_Complete_Updates/ruu_hermes_1.18.255.3_1.18.255.108_1.03.03.10_qtek _wwe_ship.zip

Command line output:
-------------------
C:\hermes>prepare_imgfs.exe 06_OS.nb -hermes
prepare_imgfs.exe (Build Sun Jan 21 15:17:40 2007)
Searching for IMGFS start...
Found IMGFS at 00659000.
No IMGFS signature found. Exiting.

C:\hermes>
----------------

And no imgfs_raw_data.bin or imgfs_removed_data.bin is produced. But I am sure it will be fine in later versions. :)


Oops - indeed there was a bug concerning the last (or only) found IMGFS signature. I just fixed it, and tried it on the 1.18 version you mentioned. Seems to work better. :)

In the attachment you'll find not only a fixed version of prepare_imgfs.exe, but also my first attempt on make_imgfs.exe. This now also understands the same command line switches as prepare_imgfs.exe (except the '-acer', but of course including the '-hermes' switch).

Disclaimer: both files have undergone only light testing. There may well be bugs. Use at your own risk!

Cheers
Daniel

Thanks again Daniel!

The new prepare_imgfs and make_imgfs run smoothly by the following procedure:

[Preparation]
- put a nbh file to C:\cook ( e.g. extract the nbh from the file : ftp://xda:xda@ftp.xda-developers.com/Hermes/Shipped_Complete_Updates/ruu_hermes_1.18.255.3_1.18.255.108_1.03.03.10_qtek _wwe_ship.zip )
- Get the original imgfs_tools_182.rar ( http://forum.xda-developers.com/showthread.php?t=249836 ) and extract to C:\cook
- Get NBHextract ( http://forum.xda-developers.com/showthread.php?t=289830 ) and extract to C:\cook
- Get new version of imgfs_tools from tadzio ( http://forum.xda-developers.com/attachment.php?attachmentid=33407&d=1169400630 ) and extract to C:\cook
- Get VBinDiff, a binary diff program ( http://home.comcast.net/~chris-madsen/vbindiff/ ), and extract to C:\cook

[Command]
C:\cook> NBHextract.exe xxxxxxxx.nbh (must be a valid hermes nbh file!)
C:\cook> copy 06_OS.nb 06_OSa.nb
C:\cook> prepare_imgfs.exe 06_OS.nb -hermes
C:\cook> echo 111 > test.txt
C:\cook> Addfile.exe test.txt
C:\cook> make_imgfs.exe 06_OS.nb -hermes

I found that although the new 06_OS.nb contains only an extra file (test.txt), there are many many minor differents when compared with the original 06_OSa.nb using the command "VBinDiff.exe 06_OSa.nb 06_OS.nb". Does anybody know if it is normal for such different?

If the above different is normal, we just need a brave people (who could risk bricking their device ) to try to flash the newly cooked rom to their device ( http://wiki.xda-developers.com/index.php?pagename=Hermes_BootloaderMFG ) to verify the process.

Thanks again Daniel!

My pleasure. :)

Thanks for detailing the sequence of how to set up and do things. I think this'll go into the Wiki as soon as the first ROM was cooked successfully.


I found that although the new 06_OS.nb contains only an extra file (test.txt), there are many many minor differents when compared with the original 06_OSa.nb using the command "VBinDiff.exe 06_OSa.nb 06_OS.nb". Does anybody know if it is normal for such different?


Well, probably. When I tested my version of make_imgfs, I changed a few bytes in both .bin files with a hex editor, and after I ran make_imgfs I found the exact same changes in the .nb file. So I'm quite confident that make_imgfs does not produce any artefacts, and the changes you mentioned indeed come from AddFile.

After running AddFile, do you see the same amount of differences already in the .bin files?

Also, if you run viewimgfs on the new .nb file, does it create the dump directory without any error message? And if so, is the test.txt you added present?


If the above different is normal, we just need a brave people (who could risk bricking their device ) to try to flash the newly cooked rom to their device ( http://wiki.xda-developers.com/index.php?pagename=Hermes_BootloaderMFG ) to verify the process.

Unfortunately my Hermes is in daily use, and I can't be without. So I'll chicken out here and hope that someone else takes the risk. Where is pof, btw? ;)

Having said that, I think we now solved all Hermes-specific problems, and we should be able to learn the rest from the Universal folks (and whoever else cooks WM5 ROMs already).

Cheers
Daniel

Someone help me !~~~~~~Page6

Someone help me !~~~~~~Page6

I guess your Hermes is having bad NAND block after you flash the Wizard ROM. So I would suggest you to go to http://forum.xda-developers.com/showthread.php?t=286755 to seek for help.

...
After running AddFile, do you see the same amount of differences already in the .bin files?

Also, if you run viewimgfs on the new .nb file, does it create the dump directory without any error message? And if so, is the test.txt you added present?

...
I just use the same method to modify a Wizard ROM and did a binary compare to the nba(similar to nb) files. And found that the Wizard nba file only have two parts of difference instead of many many little parts(2 bytes) of the Hermes one.

You may check some attached screen dump of VBinDiff for investigation.

Where is pof, btw? ;)
Off-line and studying during the weekend because I have one exam today :(

I've read what I have missed yesterday, but still haven't had time to look at your modified imgfs tools, hopefully tomorrow after exams!

I have a couple of Hermes, so if the created OS.nb looks good I can use one as a guinea pig :eek:

Off-line and studying during the weekend because I have one exam today :(

Good luck then! :)


I have a couple of Hermes, so if the created OS.nb looks good I can use one as a guinea pig :eek:

Sounds cool. Looking forward to your findings - and I do hope you don't have to brick any of them. :)

Cheers
Daniel

Off-line and studying during the weekend because I have one exam today :(

I've read what I have missed yesterday, but still haven't had time to look at your modified imgfs tools, hopefully tomorrow after exams!

I have a couple of Hermes, so if the created OS.nb looks good I can use one as a guinea pig :eek:

i´ll wait you...

thanks for all

tadzio, I'm very happy!! successfully flashed first "slightly cooked" ROM on Hermes without producing bad blocks on NAND using your modified imgfs tools. I just removed "Photo.gif" from HTC 1.35 ROM to try it:


C:\imgfs>prepare_imgfs.exe 06_OS.nb -hermes
C:\imgfs>DelFile.exe Photo.gif
C:\imgfs>make_imgfs.exe 06_OS.nb -hermes


NAND is still intact after flashing this OS.nb, and "Photo.gif" is not there anymore :)

tadzio, I'm very happy!! successfully flashed first "slightly cooked" ROM on Hermes without producing bad blocks on NAND using your modified imgfs tools. I just removed "Photo.gif" from HTC 1.35 ROM to try it:
...
NAND is still intact after flashing this OS.nb, and "Photo.gif" is not there anymore :)

Yeah! That's the greatest news for my Hermes since the day I bought it! It's cooking time!

BTW, has anyone tried adding a file? I guess the make_imgfs.exe or Addfile.exe may have to tuned a bit so that those "many many small differences" are gone.

BTW, has anyone tried adding a file? :)

AddFile.exe crashes when I try to use it with raw_data dumped from HTC 1.35 rom. :confused:

AddFile.exe crashes when I try to use it with raw_data dumped from HTC 1.35 rom. :confused:
Remember to use a .nbh file(extracted from a RUU upgrade file), and add the -hermes option when using prepare_imgfs.exe(and new version of prepare_imgfs.exe by tadzio).

Of corse I did... but AddFile.exe produces a windows crash after showing this on system window:


C:\imgfs>echo 111 > test.txt
C:\imgfs>AddFile.exe test.txt
Total Sectors: 0000
Used Sectors : 15bcb
Free Sectors : fffea435

Well Pof This Cuts Your Esitmated Time Of Cooking ROMS Down As Well. So 2 Weeks Instead Of 3 Months.

Great Work tadzio You've Helped The Cheifs So They Can Start Cooking.

Cheers
Mousey

Of corse I did... but AddFile.exe produces a windows crash after showing this on system window:


C:\imgfs>echo 111 > test.txt
C:\imgfs>AddFile.exe test.txt
Total Sectors: 0000
Used Sectors : 15bcb
Free Sectors : fffea435



pof, can you send me the file you tried to add? We have the source code for AddFile.exe, so maybe I can find where and why it crashes. A wild guess would be that there isn't enough space left in the image file. Did you delete some files before you tried to add that one?

Edit: I just saw that the Free Sectors number you quoted is negative. Seems you indeed ran out of space in the image file. AddFile should handle that siuation a bit more gracefully though, methinks. :) )

On another note, I just hacked together a version of prepare_imgfs.exe which creates image files for all occurences of the IMGFS signature. As expected, only the biggest one is a completely valid FS image. However, the second biggest one also seems to contain one or two files (according to the output of viewimgfs.exe before that crashed :) ). viewimgfs.exe is a bit more complex, so I don't know if I'll have the time to analyse it in depth. My first priority (probably next weekend) will be to find out why AddFile crashed for you, pof. Please just send me the file you tried to add.

Cheers
Daniel

pof, can you send me the file you tried to add?

I just tried "echo 111 > test.txt" so this is the file :)

Will do some more tests with other ROMS when I have some time and report my findings. Many thanks for your great work tadzio :)

Just wanted to take a second to thank everyone who seems to be working towards allowing the chefs to cook.

As an eager consumer of cooked ROMs who has ZERO capability to produce them, I have been holding off moving to a 8525 from a 8125 because of the unavailability of cooked ROMs.

I am always happy to test, but all this talk of hex files and nbfs makes my hair start to frizz! If anyone wants to start a collection to buy Molski a 8525 I will certainly help if he promises to cook a 3.3 ROM for it (only partially kidding here!!)

Just wanted to take a second to thank everyone who seems to be working towards allowing the chefs to cook.

As an eager consumer of cooked ROMs who has ZERO capability to produce them, I have been holding off moving to a 8525 from a 8125 because of the unavailability of cooked ROMs.

I am always happy to test, but all this talk of hex files and nbfs makes my hair start to frizz! If anyone wants to start a collection to buy Molski a 8525 I will certainly help if he promises to cook a 3.3 ROM for it (only partially kidding here!!)

we are all definitely working on it.. to bad its more than just editing the rom and so much is involved with the hermes roms.. But we will get there, and it should be soon...

we are all definitely working on it.. to bad its more than just editing the rom and so much is involved with the hermes roms.. But we will get there, and it should be soon...

Well, like its been offered before, im happy to help pay for the benifits, as with no knowledge myself on how to do, im a believer in doing what i can (in this case financial) to help the community.

Looks like its been a bit of a snow ball effect, and its come forward from the orginal possible 6 months to a few weeks potentially.

Now we can wait for the official 3.3 update (possibly) that will have some sort of new code to stop the progress we've made so far :rolleyes:

Well, like its been offered before, im happy to help pay for the benifits, as with no knowledge myself on how to do, im a believer in doing what i can (in this case financial) to help the community.

Looks like its been a bit of a snow ball effect, and its come forward from the orginal possible 6 months to a few weeks potentially.

Now we can wait for the official 3.3 update (possibly) that will have some sort of new code to stop the progress we've made so far :rolleyes:


it progressed a little faster since some people decided to jump in and we have made some great progress, there are some mountains to climb, but we are getting there... we are certainly closer now than what we were 2 weeks ago..

Hi Daniel, here's the test result that I've done. Seems the make_imgfs.exe need more enhancement. :)

... make_imgfs does not produce any artefacts, and the changes you mentioned indeed come from AddFile.

After running AddFile, do you see the same amount of differences already in the .bin files?

No.

The difference of imgfs_raw_data.bin is attached for reference. The differences of 06_OS.nb are too much to attach. You may refer to my earlier post.

Also, if you run viewimgfs on the new .nb file, does it create the dump directory without any error message? And if so, is the test.txt you added present?


Yes. Yes.

Thanks again!

thanks for dadzio and pof's work.
i did
prepare_imgfs 06_OS.nb -hermes
and
viewimgfs.exe imgfs_raw_data.bin

and I got dump folder.
but i found a lot of differences with in windows folder. ex:
i want to delete all files concerned in PreConfig.txt, just like:
PreAutoRun.exe, SetHSDPA.exe, MP_CVSDcpl_20060920.cab etc, but i found none of them in dump rom. anything wrong?

thanks at first and sorry for my bad english.:p

Please confirm that you tried to Flash Crossbow for Dopod838 (which is a Wizard) OS file onto a Hermes Device.

I would see that as a big No-No...

:confused: :o :o I have a big problem with my O2 Xda Trion. Trion's (STORAGE TOTAL) changed to 13.08MB.I will show the picture．Ｉdon't know this is a hardware or software problem.

yesterday,I do this
SPL 1.01
USB> task 32
USB> task 28
USB> lnb OS.nb(WM6 dopod838)
USB> task 28
USB> task 8

But WM6 can’t no work in O2 Xda Trion.And I go back to 1.04,and Install RUU_HERMES_HTC_WWE_1[1].35.255.2_1.35.255.102_1.08.00.10_SHIP
And O2 Xda Trion can work,But have a big problem (STORAGE TOTAL) is 13.08MB.

Okay, I'm ready to jump in here and see if I can help test this.

Where can I find the Addfile.exe & DelFile.exe?

Where can I find the Addfile.exe & DelFile.exe?

In this thread, attached on a comment. Read the full thread if you're ready to jump in ;)

In this thread, attached on a comment. Read the full thread if you're ready to jump in ;)

Okay, that confirms that addfile & delfile have not been modified like the make & prepare have.

Got all of the tools (I think). and have even dumped the contents of an OS image just to see what's in it!

Hi pof, I had crashes with BuildImgfs.exe while doing a little cooking on my Universal since I increased the swap memory I haven't got any crash again.

I don't think this could be your problem but just for checking...I think addfile.exe won't take the memory amount BuildImgfs.exe takes.

...On another note, I just hacked together a version of prepare_imgfs.exe which creates image files for all occurences of the IMGFS signature. As expected, only the biggest one is a completely valid FS image. However, the second biggest one also seems to contain one or two files (according to the output of viewimgfs.exe before that crashed :) ). viewimgfs.exe is a bit more complex, so I don't know if I'll have the time to analyse it in depth. My first priority (probably next weekend) will be to find out why AddFile crashed for you, pof. Please just send me the file you tried to add.

Cheers
Daniel

I've always suspected this. I've noticed that output from viewimgfs.exe never seems to have all the files. For example: coredll.dll is never there. From a cooking perspective, this isn't usually a huge deal, but it can be an issue when you're trying to extract ROM based dlls from various sources for custom builds. Lately I've been working with the WM6 build for the Universal by Helmi and several dlls known to exist in that build aren't appearing in the dump folder. The Universal ROM formats are well known so one would think that mamiach's original tools would work perfectly... yet there are missing pieces. I hope you pursue this further Daniel! :)

INFO!!!!! http://forum.xda-developers.com/showpost.php?p=1120639&postcount=53

I've always suspected this. I've noticed that output from viewimgfs.exe never seems to have all the files. For example: coredll.dll is never there. ...
In the day when I cooked Wizard ROM, some files are not able to extracted by imgfs_tools. Those file are located at WM5 boot XIP partition. And I used a program called RomMaster.exe ( http://forum.xda-developers.com/showthread.php?t=249015 ) to add or delete files in XIP.

BTW, I think right now we are very close to the point of rom cooking. We need better make_imgfs.exe and then better addfiles.exe only...

As we seem to have two threads open for the same matter, I am closing this one. So please use the following thread for the Hermes ROM cooking progress from now on:

http://forum.xda-developers.com/showthread.php?t=290206