[TUT] ULDR Removal for Elf/Elfins [ONLINE]

---

So guys in this post i'll show you how to remove ULDR partition from out ROMs to gain 3 MBs of space that was wasted in all of our earlier ROMs. But first, *SPECIAL* thanks to cmonex for helping me with this

Requirements:
1. A HEX editor
2. os.nb.payload (the one inside \ROM folder)

I've used the payload from our latest WM 6.1 ROM, so my base payload over here is 3.07.720.3 ROM. The removal of ULDR requires you to edit the MBR (master boot record) and MSFLSH50 regions in the payload. So be careful while editing otherwise there would problems in cooking or the deivce won't boot.
So, take HEX editor of your choice and open the payload. The MBR starts at offset 0x0 and ends at 0x1FF. You don't need to worry about whole of the MBR, just take a look at the following HEX strings:

Code:

000001b0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02  
000001c0h: 01 00 20 7F 01 30 02 00 00 00 7E 18 00 00 00 00 
000001d0h: 01 31 23 7F 01 65 80 18 00 00 80 1A 00 00 00 00  
000001e0h: 01 66 25 7F 81 DF 00 33 00 00 00 3D 03 00 00 00  
000001f0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA

These 3 strings are actually 3 partitions, the first one is ULDR, 2nd one is XIP and 3rd one IMGFS. Now take a look at the following:

Code:

00000200h: 4D 53 46 4C 53 48 35 30 00 00 00 00 38 00 00 00 
00000210h: 00 00 00 00 00 00 00 00 00 00 00 00 66 00 00 00
00000220h: 80 00 00 00 00 00 01 00 00 00 00 00 01 00 00 00 
00000230h: 00 00 00 00 00 00 00 00 7A 06 00 00 80 00 00 00 
00000240h: 00 00 01 00 00 00 00 00 FF FF FF FF FF FF FF FF 

This is the MSFLSH50 region and the marked offset shows the logical block of IMGFS start. So, in order to remove the ULDR, we have to edit the MBR and MSLFSH50 regions in the marked areas.

The ULDR partition starts at 0x400 offset and ends at 0x30FFFF (XIP starts at 0x310000 in the shipped ROM for Elfins). Delete all the HEX bytes from 0x400 upto 0x30FFFF. Deletion of ULDR means start of logical blocks of XIP and IMGFS will go up. So the XIP will start at 0x400 instead of ULDR and IMGFS will start at 0x350000. Now you need to edit the MBR and MSFLSH50 regions to adjust for the new XIP and IMGFS start offsets. So using your HEX editor, change the MBR and FSFLSH50 regions as shown below:

Code:

000001b0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02  
000001c0h: 01 31 23 7F 01 65 02 00 00 00 7E 1A 00 00 00 00  
000001d0h: 01 66 25 7F 81 DF 80 1A 00 00 00 3D 03 00 00 00  
000001e0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
000001f0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA 

Code:

00000200h: 4D 53 46 4C 53 48 35 30 00 00 00 00 38 00 00 00 
00000210h: 00 00 00 00 00 00 00 00 00 00 00 00 35 00 00 00 
00000220h: 80 00 00 00 00 00 01 00 00 00 00 00 01 00 00 00 
00000230h: 00 00 00 00 00 00 00 00 7A 06 00 00 80 00 00 00 
00000240h: 00 00 01 00 00 00 00 00 FF FF FF FF FF FF FF FF 

Save the new os.nb.payload and copy into the \ROM folder of your kitchen replacing the original os.nb.payload. From now on use this payload as your template for cooking ROMs. Since, the XIP and IMGFS start offsets have changed, we need to make a few adjustments to the kitchen (Hybrid, Ervius' or bepe's kitchen) also. Note the following command in CreateROM.bat file inside the \Tools folder:

Code:

..\TOOLS\insert -i ..\ROM\out.bin -o OS.nb.payload -d 0x00310000 -s 0x00350000

This command inserts the new XIP (named out.bin) into the payload. Add REM before this command because insert.exe can't insert the xip at 0x400 for some reason. So there are 2 workarounds for this problem:
1. Use XIPPort.exe to insert the out.bin (created inside ROM folder) at 0x400

OR

2. Use msflshtool.exe to insert the out.bin. For using this method, copy the msflshtool.exe to your \Tools folder and add the following command in your CreateROM.bat file in place of "insert.exe ..." command.

Code:

..\TOOLS\msflshtool OS.nb.payload -r ..\ROM\out.bin -p 0

After this step, you are ready to cook your new ROM with extra space of 3 MBs . Happy cooking

Hex Screenshots

---

This is like a scratch note - an easy accessed "guide".
Its purpose is to help everyone understand what are the numbers - bytes - that we are editing according to AMAN's guide for ULDR Removal.
As the title says it is a "hex view" at the latest Official Elfin 3.10.710.00 ROM
to figure out how all those hex-strings are related
and
to be able to change them, knowing what is going on!

Regards!

Quote:

Originally Posted by ababrekar

Awesome job brother . Hoping to see this kind of documentation for Diamonds too very soon

i would love to, but then u need to send me your Diamond for testing purposes

Quote:

Originally Posted by htctouchp

i would love to, but then u need to send me your Diamond for testing purposes

Promise me you will also tell me about those imgfs values for the xip playing guide and i'll send it right now

Quote:

Originally Posted by ababrekar

Promise me you will also tell me about those imgfs values for the xip playing guide and i'll send it right now

yeah i promise once i get the ULDR removed from ur diamond , i'll tell u about the imgfs values also

Yes! ULDR Removal for Elf/Elfins - Work!!!

htctouchp,
Thank you very much!!!

Quote:

Originally Posted by vadyarik

Yes! ULDR Removal for Elf/Elfins - Work!!!

htctouchp,
Thank you very much!!!

welcome

Good work!!

Quote:

Originally Posted by htctouchp

After this step, you are ready to cook your new ROM with extra space of 3 MBs . Happy cooking

Whaaaou!

GOOD WORK.

Quote:

Originally Posted by htctouchp

After this step, you are ready to cook your new ROM with extra space of 3 MBs . Happy cooking

Thanks for this, that's so great! I managed to get 74.9 Mb free storage on my Elf with a cleaned ROM.

A little addon to your great tutorial: If you have the last hybrid with the pagepool patch at the end, comment it or modify the offsets to match the new ones. My first flash was stuck on mobility screen because of this (or was it bad luck ?).