Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,802,957 Members 40,056 Now Online
XDA Developers Android and Mobile Development Forum

LG DZ File format and extract tool (LG KS20)

Tip us?
 
misterjp
Old
(Last edited by misterjp; 17th June 2008 at 01:13 AM.) Reason: Add link to LGFlashParser post
#1  
Junior Member - OP
Thanks Meter 5
Posts: 17
Join Date: Jun 2008
Default LG DZ File format and extract tool (LG KS20)

Hi there,

I've done some reverse engineering on the LG DZ files, and here is the layout of these files.

DZ File Format
Code:
Offset	Length (bytes)	Description
0x0	0x8	Magic code "MSTXMETX"
0x8	0x2	Unknown, same value in all files (value 0x01)
0xA	0x2	Separator ? (value 0x0)
0xC	0x2	Unknown, same value in all files (value 0x0B)
0xE	0x2	Separator ? (value 0x0)
0x10	0x6	Unknow, value differs from file to file
0x16	0x2	Unknown, same value in all files (value0x01C8)
0x18	0x8	String, phone model ? (value "KS20")
0x20	0x50	String, file title ?
0x70	0x1C	Two null terminated string concatened ("[chipmodel]\0[osname]\0")
0x8C	0x80	String, DZ filename
0x10C	0x20	Separator (filled with 0xFF)
0x12C	0x10	Header MD5 hash
0x13C	Variable	Concatened subfiles (see Subfile format)
--	0x78	Offset Table, unknown useage  (see OffsetTable format)
--	--	Optionnal data, present in some DZ file (unknown)
Subfile format
Code:
Offset	Length (bytes)	Description
0x0	0x4	Magic code "SSTX"
0x4	0x2	Unknown, same value for all subheaders (value 0x01)
0x6	0x2	Separator ? (value 0x0)
0x8	0x2	File Type ?
0xA	0x6	Separator ? (filled with 0x0)
0x10	0x4	Data length
0x14	0x80	Filename, null terminated string
0x94	0x10	Separator (filled with 0xFF)
0xA4	0x10	Uncompressed data MD5 hash
0xB4	0x10	Subheader MD5 Hash
0xC4	Data length	Gzip compressed data
File type (in subheader)
Code:
Type	Filename	Description
0x3	amss.mbn	AMSS modem
0x8	partition.mbn	Partition table
0xA	qcsblhd_cfgdata.mbn	QCSBL header
0xB	qcsbl.mbn	QCSBL
0xC	oemsblhd.mbn	OEM boot header
0xD	oemsbl.mbn	OEM boot
0xE	amsshd.mbn	AMSS modem header
0x13	appsboothd.mbn	APPS boot loader header
0x14	appsboot.mbn	APPS boot loader
0x15	FLASH.bin	
0x16	apps.mbn	APPS
It's not complete, but that's a start.

I also made a tool to extract the subfiles contained in the DZ file (see attached file).

Hope this helps,
JP.

Check also the tool to extract the content of the Flash.Bin file : LGFlashParser
Attached Files
File Type: zip DZExtract-V0.2.zip - [Click for QR Code] (40.5 KB, 6510 views)
JP
Support Spocky12's work :
The Following 3 Users Say Thank You to misterjp For This Useful Post: [ Click to Expand ]
 
spocky12
Old
#2  
spocky12's Avatar
Recognized Developer
Thanks Meter 528
Posts: 633
Join Date: Feb 2008
Location: Lyon

 
DONATE TO ME
Great news !

I tested your soft with different lg ks20 dz files downloaded on the web and files seem to be extracted as they should. I didn't try to flash though, as I'm at work and I don't have usb cable here.
Now we still need to find how to edit those files (*.mbn and especially flash.bin which contains windows file system). Anyway, it's a great step towards lg rom cooking. Thanks again!
 
misterjp
Old
#3  
Junior Member - OP
Thanks Meter 5
Posts: 17
Join Date: Jun 2008
I have updated the DZExtract tool...
It now checks all the known MD5 hash, so the extracted files can be considered valid.

Here are the command line options :
Code:
dzextract.exe [options] path [outputpath]
  options    : default -p
                 -p     Print and check header information
                 -x     extract subfiles
  path       : path to dz file
  outputpath : path to output directory (must exists)
Hope this helps,
JP.
The Following User Says Thank You to misterjp For This Useful Post: [ Click to Expand ]
 
paxman
Old
#4  
Junior Member
Thanks Meter 0
Posts: 8
Join Date: Jan 2006
Location: Augsburg
Wow, sounds great!
www.lg-ks20.de
The german Infopage for LGs Design-Smartphone
 
rickou26
Old
(Last edited by rickou26; 11th June 2008 at 10:19 PM.)
#5  
rickou26's Avatar
Senior Member
Thanks Meter 50
Posts: 723
Join Date: Dec 2007
Thank you very much for this excellent work.

it's possible to extract also the files of .mbn or FLASH.bin ?
 
DomZ
Old
#6  
Senior Member
Thanks Meter 4
Posts: 146
Join Date: Aug 2007
Location: Paris
For mbn files you can try with this soft :
http://forum.modopo.com/diskussionen...-analyzer.html
 
dcoloane
Old
#7  
Senior Member
Thanks Meter 3
Posts: 165
Join Date: Jul 2006
Location: Macau
Great.....a good start............
Discontinued:
O2 XDA
LG - KS20 (WM6)
Nokia - 6220 Classic (S60)
SonyEricsson - G900 (UIQ)
SonyEricsson X10 Mini
iPhone 2G, iPhone 3G
Fujitsu - U1010
Samsung Galaxy Note

Playing with (Now):
SonyEricsson Xperia Play
Sony Xperia Z

iPad 1st Gen
iPad mini
iPad 3st Gen
iPhone 4
iPhone 4S
----------------------------------------
 
raykisi
Old
#8  
Senior Member
Thanks Meter 1
Posts: 261
Join Date: Sep 2007
How does it work? Can it work in vista? Coz i double click the DZextract.exe, a dos window came out for 1 sec then closed and nothing happen.
 
misterjp
Old
#9  
Junior Member - OP
Thanks Meter 5
Posts: 17
Join Date: Jun 2008
Quote:
Originally Posted by raykisi View Post
How does it work? Can it work in vista? Coz i double click the DZextract.exe, a dos window came out for 1 sec then closed and nothing happen.
This is a command line tool, so you need to open a command window and follow the instructions.

About the contained files :
The flash.bin seems to be the windows image (found old infos here : Rom file format)
The mbn files reflect the firmware structure :
- QCSBL = QC Secondary Boot Loader
- OEMSBL = OEM Secondary Boot Loader
- AMSS = Advanced Mobile Subscriber Software
...
(infos from the link posted by DomZ)

JP.
 
mathieulh
Old
(Last edited by mathieulh; 12th June 2008 at 01:24 PM.)
#10  
Senior Member
Thanks Meter 156
Posts: 349
Join Date: Jan 2008
Location: Paris
Great application !

Files identical (same CRC) from unbranded to branded roms:

apps.mbn
appsboothd.mbn
oemsbl.mbn
oemsblhd.mbn
partition.mbn
qcsbl.mbn
qcsblhd_cfgdata.mbn

All the remaining files are different, inclueding the flash but that is obvious.
(amss.mbn, amsshd.mbn, appsboot.mbn, Flash.bin)

I guess we have to compare the unidentical mbn files to find out what prevents the unbranded roms to work in phones with branded NVs.

Then if nothing is conclusive we will have to check the flash itself.

mbn files seem plain/uncompressed binaries.

In fact I believe the CID checks are performed by amss.mbn which seems to be somehow the true bootloader (It is a true ELF binary and likely the very first to be running)

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes