my thumbs hurt from thping this on my nexus. sorry for the bad grammer and broken up sentences.
one last note anybody know wherr to get the OAK (OEM Adaptation Kit) layers and the 9600_POWERTOOLS with out having to sign up as an oem for microsoft.? I Have part of oak but only the portion for embedded compact 8
if anybody woild lit to join in be my guest. the more heads in this project the faster we break one of the most secure phones in the world. i will get everyone caught up wothin the soon on info. got to sort my files.
as of right now i think the ruu_signed.nbh is actually a .egisenx file extension which can be decrypted with edatasecurity by acer. once i find the framework software to install edatasecurity. i will give it a shot. in the mean time in anybody has an acer or gateway computer with that software installled on it already you could take a crack at. pick up any ruu_accord and 7z the exe file directly open the ruu_signed.nbh with a hex editoe without extracting the file and save the the nbh as a .egisenx file extension then proceed to attempt to decrypt. if it requires a password. i will provid some strings i pulled from the hexeditor. even beter if anybody has decrypting software that might work too.
also some of the htc 8x partitions arr encrypted SHK (SENTENIAL SKYNET) this is interensting i think this might be easier to crack.
softqare used so far in project accord
Revskills final release
qmi by revskillz
winrar good for converting damaged files
7zip good old extract to temp location
telerik justdecompile standalone version or visual studio extenson
webserver 0.4.3 or 0.5.0 .xap for wp8 winpone8 works on windows phone 8.1 also!
xenu url checker
winhttrack rip my phone like a website
010 editor with lots of custom scripts templates and syntex.
hhd hex editor is optional
hiew hex editor for the pros. still experimentig with this one.
lots of time.
cmd.exe and ecery damn xommand executible you can find that rips, strios, converts, merges, splits de/compress makes thing go backwards forward up down and flip around.
lots more fime
win phone 7 tools.
osbuilder for wp7
basicly any file you can find that de/compiles that was made my microsoft mobile, embedded or ce department.
wak, wdk, hck 8.1 microsoft hardware tools
visual studio 2012 2013.
visual studio .net compiler 'rosylin'
lots of samples.
RUU PARTITION RIPPING THE EASY WAY.
7zFM build 932 can directly open any file when using the options in the contex menu. just right click on the .ruu_signed.nbh highlight 7z open with arguement submenu and eithe choose # option or the #e option. both arguements work but with different outcomes. when 7z is done loading you will end of with a numbered liat of files some witj or without extensions. extensions as folowing .efi, .elf, .fat, .ntfs, .exe. all extenses with extensions open. the fat files are complete partitions. thw ntfs partition is metadata that is also embedded with in a file called boot.sdi located in one of the fat partitions. the exe files are normal MZ PE executable system32 applications. efi executable files are also located within the fat partitions. the elf files which strangely exist within the phones operating system can be extracted and read with a hex editor. strange that windows phone contains elf. considering Microsoft binary format is COFF/PE. DOWNLOADS WILL BE UP SOON FOR DEVELOPMENT. it is a possibility that the boot partition ripped form a accord_u_wwe was part of the updateos.wim. therr is refrence on how to add packages to the wim on the windows phone developer oem site.
an interesting experement done which worked on nokia ffu files. convert the nokia ffu to a vhd using winimage with fixed size settings. once completed. mount it with osfmount tool. none of the partitions show up nor are they mountable. so i proceded to generate a raw img from the vhd in osfmount which put out a raw img just over 7gb. jezuz the vhd was only just over 1gb. decided to mount the raw img using diskinternals linux reader and what do you know every partition showed up. even the secret one. most were still unable to open but boot uefi data and mainos. it did give me good insite on what to look for and discover within the windows phone lock filesystem.
There is a metadata file hidden deeply with MFT (MasterFileTable) called $Boot. this $Boot file header is R.NTFS.
i will get more in depth on thia later.
File system encryption used for the MAINOS is called RSDS mi. very hard maybe impossible to reverse engineer. I did find an explination in a .text file located inside of the file Liveupdate.exe located in The windows/system32 folder of my phone. the file gave vague instructions on how to compile an Fupdate.xml template which and be used to push update packages over wifi. more details layer.
Possibility to mount several partitions including mainos directly on my pc by minipulating binary regestery keys on windows 7. more soon.
Found these in my pc. Going to play around with them see what happens
Windows Registry Editor Version 5.00
Diffrences in files located in the fat16 partitions cross refrenced branded and unbranded ruu's csv.cfg on the branded ruu has the radio build number defined while the unbranded ruu is blank 00 hex bytes through the entire csv.cfg file. RADIOVER.CFG unbranded ruu has anextra line IMEI line configured to 1 while the branded ruu is missing the imei line. my guess is with the imei 1 assignment with the unbranded ruu is once the device gets flashed with the original firmware it also gets assigned a new imei as well. just my guess. some insite would help on this.