What is exatly needed for a WM6.5.3 Rom?

Search This thread
By:
Advanced…
DunkDream

DunkDream

Senior Member
Apr 22, 2008
423
3
Hello community,

I would like to thank cedesmith, thats provided me very useful information about the next steps that are needed to get WM6.5.3 on the TG01.


Ok here is the actual development status:

Progress of the Project WM6.5.3:


- With SDDL+ made by stepw we can flash any Rom on the TG01

- With cedesmith's tool TGTool v.1.2.14 we can decrypt the .tsw file that Toshiba provides us, we than get an unencrypted .bin file out of the .tsw file

- We also can dump this .bin file by also using cedesmith's TGTool v.1.2.14

TGTool.exe extracts out of the .bin the following parts:


-TG01.AMSS.nbin
-TG01.APPS.nbin
-TG01.APPSBL.nbin
-TG01.DSP1.nbin
-TG01.EFS2.nbin
-TG01.FOTA.nbin
-TG01.FSBL.nbin
-TG01.MIBI.nbin
-TG01.OSBL.nbin
-TG01.SIM_.nbin
-TG01.WMB0.nbin
-TG01.WMB1.nbin -> is boot+xip partition (information by cedesmith)
-TG01.WMB2.nbin -> is imgfs (information by cedesmith)
-TG01.WMB3.nbin -> is dos partition (information by cedesmith)

- With viewimgfs.exe it's possible to dump the imgfs partition (TG01.WMB2.nbin)

- With bepe's package Tool it's possible to analyze the Rom. Through this you get a OEM and a SYS folder, that contains some important files

- With TGTool v1.2.14 it's also possible to dump the OS that's included in the decrypted .bin file (you get a file called TG01.OS.nb)

- With TGTool v1.2.14 it's also possible to dump the payload that's included in the decrypted .bin file (you get a file called TG01WP.OS.payload)

- After Rom is cooked, it's possible to check the Rom with cedesmith's TGTool v1.2.14


Next steps of the development (To-Do-List):


- Rom needs to be cooked

- Tool needs to be made that rebuilds a .bin or .tsw file out of the modified files

We should already thank hdubli that is currently working on a Rom.

And we should thank cedesmith. Without him there would be no development for the TG01. There would be nothing...So big thanks to cedesmith who made this project possible.


Will update this post as soon as we got more information!



Best regards,

DunkDream
 
Last edited:
bojan6

bojan6

Senior Member
Oct 14, 2009
267
5
London
DunkDream said:
Okay I gained some informations.

Well a Hard-SPL is needed when we want to flash custom roms that are not official on out TG01.

So I think this must be the first step in the development.

One question remains. If the phone got the Hard-SPL, what is needed to get a working WM6.5.3 Rom onto the phone?

And what is needed to cook this Rom?

For example, if we get a Hard-SPL for the Toshiba TG01, will the people of WMPoweruser be able to cook a Wm6.5.3 Rom for the phone or do they need some files out of the TG01 that they can't get at the moment?


People, you need to realize that more informations are needed!

Nobody will help us, if we don't know what is needed to be done!


Does nobody know the exact Rom Development Process for Windows Mobile phones here?



I count on you guys! It's our only chance to get a working WM6.5.3 for our phone.


So please answer me! I can than provide the Cracker all the information.


Best regards,

DunkDream
Click to expand...
Click to collapse

Hard spl how I say we dont need. May be I am not sure. I have a simple kitchen for other Toshiba 900 but I think is working for TG01. What we need all files from TG01 dll , cab etc....
That is from one beginner if I can help with something more tell me.
 
B

bird_9527

Senior Member
Feb 6, 2010
146
0
about the need

I am so glad to see that someone finally care the TG01 progress.

I come to the forum from the time TG01 to be opened,waiting the cooked rom for a long time, many IDs come and many IDs go, at last the news about TG01 become few more and more, the people that use TG01 become lack more and more,many thread not to be updated for a long time.

OK, then I talk about the need that I most wanted:

I have a japanese version TG01, it only can flash the japanese rom, and can not flash the ENGLISH or ITALY rom, and as I know ,many people like me have the same question.

Hope DunkDream can help to solve this question.
 
DunkDream

DunkDream

Senior Member
Apr 22, 2008
423
3
Well for me it seems that nobody in this Forum knows 100% sure what is needed to be done, to get a cooked Rom for the TG01.

If we don't have more information about the TG01, nobody will help us.

Or what should I tell the person I talked to, now?

Should I tell, that we want a hard-spl but are not sure if it's needed?


I guess, this development is not very easy.

I'll try to get more information about the TG01 and want to find a person thats knows the Rom Development process for WM-Phones very good.


We need a real expert in Rom Development.

Maybe Wen knows one, I could talk to.
I'll ask him.

Before we don't have all information, we won't get a new Rom for our phone.


Sorry bojan, but we need to be 100% sure :( Otherwise we may cause some people work that is at the end worthless.


Best regards,

DunkDream
 
DunkDream

DunkDream

Senior Member
Apr 22, 2008
423
3
I started a new thread in the General Hacking and Development section of xda-developers.

Maybe I can gain some informations there.


Can somebody explain me what we exactly can do with the tool that cotulla made and with the sddl+?

Thanks in advance!


Here is the thread I started:

http://xdaforums.com/showthread.php?t=639783

Hope that sums everything in a good way up.

You are welcome to post in that thread, if you gain new information!
 
Last edited:
B

bird_9527

Senior Member
Feb 6, 2010
146
0
sorry I dont know

sorry I dont know who know the most question about TG01,but I think you can contact Wen\bojan, I hope you will get much info.

and I am very happy that you care about TG01,hope the good news,but I think it is a hard work.
 
bojan6

bojan6

Senior Member
Oct 14, 2009
267
5
London
So you want a know the truth?We need hard spl if we want a full ROM who work in all TG01.
And other think we need is a decompress the bin file. Cotula program is just decrypt the tsw file now is unpack this file and you can cook.
What info do you need more? We have kitchen we have files decrypted and we need just unpacker and hard spl.
 
B

BenF1

Senior Member
Jun 11, 2009
462
15
South Devon
Couldn't you just wait for the TG02 to come out and then flash that rom on?

All the TG01 2 is different chassis and a different screen.
 
DunkDream

DunkDream

Senior Member
Apr 22, 2008
423
3
Progress of the Project WM6.5.3:

- With SDDL+ made by stepw we can flash any Rom on the TG01
- With Cotullas Tool we can decode/encode .tsw files


What we need:
- A person that understands the format of .bin (unencrypted .tsw)


Now we need to search that person. I'll ask around if someone is able to help us and wants to help us.

Special Thanks to cedesmith due he knows we is needed to get WM6.5.3 for the TG01!

Best regards,

DunkDream
 
M

mikiril

Member
Aug 8, 2009
39
1
And here is reply from Cotulla:
"Seems you need decrypt TSW image to BIN and then encrypt it back to TSW.
BIN image have complex format with header and many parts.
Obviously we need exclude all stuffs except OS.

The main problem to test this - I am not sure if we put wrong image, it won't brick device...

-Cotulla"
 
cedesmith

cedesmith

Retired Recognized Developer
Feb 3, 2010
270
456
crazy thought no.1: can we just use pdocwrite to write a new imgfs to Part02 ?
does anyone know if pdocwrite works ?

the good part would be that it would reduce the chances to brick the phone as would only write OS portion of the flash thus leaving SD Downloader intact and short pins would work to restore original rom.

could anyone use pdocread to dump a UK version rom ? i have dumped RO rom but could use UK version.
one could download rapi tools and use:
pdocread.exe -l
pdocread.exe -w -b 0x800 -d DSK1: -p Part00 0 0x17f000 Part00
pdocread.exe -w -b 0x800 -d DSK1: -p Part01 0 0x380000 Part01
pdocread.exe -w -b 0x800 -d DSK1: -p Part02 0 0x9940000 Part02

addresses and sizes may vary on UK ROM but u can see that with pdocread -l
do not post Part03 as it contains you contacts and pictures and etc
 
bojan6

bojan6

Senior Member
Oct 14, 2009
267
5
London
You are finish decompress or (unpack ...) bin file.When we do it we can start dump.
We don't need dump ROM we need unpacked original to see witch file it use.
 
N

nico101

Senior Member
Sep 4, 2007
149
8
I have dumped 6.1 PL rom(rare) 6.5 UK leaked 6.5 O2 leaked using these tools... then unpacked them in Touch Pro kitchen but I only get access to protected files dumped rom gives You nothing more... Trying to write something using these tools can brick TG01...
 
cedesmith

cedesmith

Retired Recognized Developer
Feb 3, 2010
270
456
i could relay use dump of official UK 6.5 ROM for comparing with update file.
nico you could also use bepe's tools to dump Part02.

xidump.exe -I -b Part02

result is ready to be put in a kitchen.
one could make now a custom rom using WM 6.5.3 but the problem would be writing it back to phone.
this could be done by writing directly on flash with pdocwrite ( but i think it will not work ) or by replacing OS (IMGFS) on original toshiba rom with cooked one.
the problem now is that i cannot figure the algorithm Tosh uses to calculate 112bits hash.

to explain a little:
imgfs starts on .bin file at 0x565E000 and is Part02 in dump with pdocread
every 464 bytes 0xFFFF is inserted
every 512 bytes a 112 bits (14 bytes) hash is inserted.
i could not figure out the hash algorithm. when i do i could reintegrate coocked OS into update file and have a cooked room.
 
You must log in or register to reply here.

Similar threads

Nokser
  • Locked
[ROM]★(¯ `•.Windows Phone ® 7 UPE[7.x.xxxx][CS] ★ WM6.5.x UPE[Old Productions].•´¯)★
Replies
3K
Views
344K
S
Shreyas Jani
borce_razor
  • Locked
[DUMP] Need any Toshiba TG01 rom
Replies
268
Views
128K
nikola92
nikola92
A
[TUTORIAL] How to Flash a ROM into your TG01
Replies
113
Views
103K
L
lonelysurfer
M
[PRJ][17.09.11] Android/Linux on TG01 development, new stuff in git
Replies
872
Views
415K
F
frankdrey
A
[ROM][ENG] 6.5.5 (23563)+Sense 2.5(2012) v0.014.7 (07/05/10) Radio 5005.1700.05
Replies
974
Views
164K
J
jonnyhall1bmx1

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 1
    kevinpwhite
    kevinpwhite
    ABM30 said:
    ......very easy to create a BRICK!

    After rebuilding process is finalized, I will go deeper, get out the Toshiba app., put in SENSE 2.5, etc...this will be much easier to do.
    Click to expand...
    Click to collapse

    As a start point, a 'plain vanilla' de-branded ROM would be a stunning success.

    The future no doubt holds all sorts of possibilities with imported features, Sense, and so on, but I'd really counsel taking this slow and above all rigorously tested before anything more adventurous :)
    View

New posts