Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,806,560 Members 53,256 Now Online
XDA Developers Android and Mobile Development Forum

WP8 ROM analysis [UEFI and RUU nbh] by ansar

Tip us?
 
ansar.ath.gr
Old
(Last edited by ansar.ath.gr; 17th February 2013 at 02:58 AM.) Reason: LEO WP8 Screen Shots
#1  
ansar.ath.gr's Avatar
Retired Recognized Developer - OP
Thanks Meter 1,846
Posts: 2,767
Join Date: Jan 2008
Arrow WP8 ROM analysis [UEFI and RUU nbh] by ansar

Hi to all,


Update on 17.02.2013, WP8 LEO ROM development

I am developing a new WP8 ROM for LEO and can access all WP8 STORE apps

as HTC apps, apps, games, music and podcasts, under the name of MARKETPLACE

Up to now all music and podcasts work ok but for HTC apps, apps and games

there is a pop up of comparibility warning as can be seen in the following screen shots

In the ROM are also included all WP8 lock screens, wallpapers and sounds, and more items

I hope to develop this LEO ROM as further as posible


//// ROM Screen Shots ////




End of 17.02.2013 update


********************************


Update on 28.12.2012, The WP8 Partitions

The WP8 Partitions, as identified up to now

There are 28 [0x1C] in total, 21 [0x15] Read-Only and 7 Read-Write


READ-ONLY SECTION START

Device Provisioning Partition (FIRST READ-ONLY)
01 DPP 16384 Unknown FS

QUALCOMM 8960 SPECIFIC READ-ONLY PARTITIONS

Modem golden file system - MUST FOLLOW DPP
02 MODEM_FSG 6144 Unknown FS

Secure Software Download
03 SSD 16 Unknown FS

Bootloaders
04 SBL1 3000 Unknown FS
05 SBL2 3000 Unknown FS
06 SBL3 4096 Unknown FS
07 UEFI 5000 Unknown FS
08 RPM 1000 Unknown FS
09 TZ 1000 Unknown FS

fTPM Application
0A WINSECAPP 1024 Unknown FS

Bootloaders Backup Section (Sizes must match)
0B BACKUP_SBL1 3000 Unknown FS
0C BACKUP_SBL2 3000 Unknown FS
0D BACKUP_SBL3 4096 Unknown FS
0E BACKUP_UEFI 5000 Unknown FS
0F BACKUP_RPM 1000 Unknown FS
10 BACKUP_TZ 1000 Unknown FS

fTPM Application Backup Section (Sizes must match)
11 BACKUP_WINSECAPP 1024 Unknown FS

UEFI Variable Services Partitions - Read-Only
12 UEFI_BS_NV 512 Unknown FS
13 UEFI_NV 512 Unknown FS

ACPI table storage
14 PLAT 16384 FAT

EFI System Partition (LAST READ-ONLY)
15 EFIESP 131072 FAT ByteAlignment 0x4000000

READ-ONLY SECTION END


START QUALCOMM 8960 SPECIFIC READ-WRITE PARTITIONS

Modem live file systems
16 MODEM_FS1 6144 FAT ByteAlignment 0x4000000
17 MODEM_FS2 6144 FAT

UEFI Variable Services Partitions - Read-Write
18 UEFI_RT_NV 512 FAT
19 UEFI_RT_NV_RPMB 256 FAT

END QUALCOMM 8960 SPECIFIC READ-WRITE PARTITIONS


MICROSOFT READ-WRITE PARTITIONS

1A MMOS 8192 FAT
1B MainOS 1343488 NTFS ByteAlignment 0x800000
1C Data 0x4000 NTFS ByteAlignment 0x800000

END MICROSOFT READ-WRITE PARTITIONS


SectorSize 512 bytes
ChunkSize 128 Kb


End of 28.12.2012 update

********************************

This thread is devoted to WP8 ROM analysis
.
.
1. The hTC structure of WP8 ROM version 1.00
.
.
A. The Block structure of the WP8 UEFI_signed.nbh
.
.
1st Block, the new file header // Identical to RUU, except 2 bytes
.
.
Start 0x00000000 End 0x000001FF Length 0x200 bytes
.
0x00000000 Htc@egi$ // file name ID
.
0x00000008 0x008F // word:ID [TBN]
.
0x0000000A 0x0500 // word:0x05 [TBN]
.
0x00000014 1.00.401.24 // ROM version
.
0x0000001F 0x08 // byte:0x08 [TBN]
.
0x00000020 PM232000* // Device ID [TBN]
.
0x00000040 WWE // ROM language
.
0x000000D0 HTC__001 // CID list start
.
0x000000D8 HTC__203 // CID list
.
... ... // CID list
.
0x00000120 HTC__K18 // CID list end
.
.
.
.
2nd Block // [TBN]
.
.
Start 0x00000200 End 0x0001001FF Length 0x100000 bytes
.
.
.
.
3rd Block // Identical to the 3rd Block of RUU [TBN]
.
.
Start 0x00100200 End 0x0003067FF Length 0x206600 bytes
.
.
.
.
4th Block // Identical to the 10th Block of RUU [TBN]
.
.
Start 0x000306800 End 0x000322662 Length 0x1BE63 bytes
.
This block ends with non unicode text hTCVer001.532.009 and a trailing 0x0A
.
.
5th Block // Identical to the 11th Block of RUU [TBN]
.
.
Start 0x000322663 End 0x0004594D1 Length 0x136E6F bytes
.
This block ends with non unicode text hTCVer001.532.010 and a trailing 0x0A
.
.
6th Block // Identical to the 12th Block of RUU [TBN]
.
.
Start 0x0004594D2 End 0x00063A129 Length 0x1E0C58 bytes
.
This block ends with non unicode text hTCVer001.532.015 and a trailing 0x0A
.
.
7th Block // [TBN]
.
.
Start 0x00063A12A End 0x00081E815 Length 0x1E46EC bytes
.
This block ends with non unicode text hTCVer001.532.008 and a trailing 0x0A
.
.
.
.
B. The Block structure of the WP8 RUU_signed.nbh
.
.
1st Block, the new file header // Identical to UEFI, except 2 bytes
.
.
Start 0x00000000 End 0x000001FF Length 0x200 bytes
.
0x00000000 Htc@egi$ // File name ID
.
0x00000008 0x008F // word:ID [TBN]
.
0x0000000A 0x0A00 // word:0x0A [TBN]
.
0x00000014 1.00.401.24 // ROM version
.
0x0000001F 0x13 // byte:0x13 [TBN]
.
0x00000040 WWE // ROM language
.
0x000000D0 HTC__001 // CID list start
.
0x000000D8 HTC__203 // CID list
.
... ... // CID list
.
0x00000120 HTC__K18 // CID list end
.
.
.
.
2nd Block // [TBN]
.
.
Start 0x00000200 End 0x0001001FF Length 0x100000 bytes
.
.
.
.
3rd Block // Identical to the 3rd Block of UEFI [TBN]
.
.
Start 0x00100200 End 0x0003067FF Length 0x206600 bytes
.
.
4th Block // the Radio part 01 (Holds hTC certificates)
.
.
Start 0x000306800 End 0x00031E815 Length 0x18016 bytes
.
This block ends with non unicode text hTCVer001.532.008 and a trailing 0x0A
.
.
5th Block // the Radio part 02 (Holds hTC certificates)
.
.
Start 0x00031E816 End 0x00033682B Length 0x18016 bytes
.
This block ends with non unicode text hTCVer001.532.008 and a trailing 0x0A
.
.
6th Block // the Radio part 03 (Holds hTC certificates)
.
.
Start 0x00033682C End 0x00034E841 Length 0x18016 bytes
.
This block ends with non unicode text hTCVer001.532.008 and a trailing 0x0A
.
.
7th Block // the Radio part 04 (Holds hTC certificates)
.
.
Start 0x00034E842 End 0x000366857 Length 0x18016 bytes
.
This block ends with non unicode text hTCVer001.532.008 and a trailing 0x0A
.
.
8th Block // the Radio part 05 (Holds hTC certificates)
.
.
Start 0x000366858 End 0x00037E86D Length 0x18016 bytes
.
This block ends with non unicode text hTCVer001.532.008 and a trailing 0x0A
.
.
9th Block // the Radio part 06 (Holds hTC certificates)
.
.
Start 0x00037E86E End 0x000396883 Length 0x18016 bytes
.
This block ends with non unicode text hTCVer001.532.008 and a trailing 0x0A
.
.
10th Block // Identical to the 4th Block of UEFI [TBN]
.
.
Start 0x000396884 End 0x0003B26E6 Length 0x1BE63 bytes
.
This block ends with non unicode text hTCVer001.532.009, an 0x0D and a trailing 0x0A
.
.
11th Block // Identical to the 5th Block of UEFI [TBN]
.
.
Start 0x0003B26E7 End 0x0004E9555 Length 0x136E6F bytes
.
This block ends with non unicode text hTCVer001.532.010 and a trailing 0x0A
.
.
12th Block // Identical to the 6th Block of UEFI [TBN]
.
.
Start 0x0004E9556 End 0x0006CA1AD Length 0x1E0C58 bytes
.
This block ends with non unicode text hTCVer001.532.015 and a trailing 0x0A
.
.
13th Block // the WP8 image
.
.
Start 0x0006CA1AE End 0x00322D53EF Length 0x31C0B242 bytes
.
This block will be developed in more detail
.
.
.
Both will be more detailed in the next posts #2 and #3
.
.
Notes
,
,
1. that there are certain differences between hTC and Nokia structures
.
2. all info is provided on a development base only
.
.
Regards, ansar
The Following 47 Users Say Thank You to ansar.ath.gr For This Useful Post: [ Click to Expand ]
 
ansar.ath.gr
Old
(Last edited by ansar.ath.gr; 3rd November 2012 at 10:40 AM.)
#2  
ansar.ath.gr's Avatar
Retired Recognized Developer - OP
Thanks Meter 1,846
Posts: 2,767
Join Date: Jan 2008
Arrow UEFI.nbh ROM detailed amalysis development

This post is reserved
The Following 3 Users Say Thank You to ansar.ath.gr For This Useful Post: [ Click to Expand ]
 
ansar.ath.gr
Old
(Last edited by ansar.ath.gr; 3rd November 2012 at 10:41 AM.)
#3  
ansar.ath.gr's Avatar
Retired Recognized Developer - OP
Thanks Meter 1,846
Posts: 2,767
Join Date: Jan 2008
Arrow RUU.nbh ROM detailed analysis development

Also this post is reserved
The Following 4 Users Say Thank You to ansar.ath.gr For This Useful Post: [ Click to Expand ]
 
gigsaw
Old
#4  
Senior Member
Thanks Meter 49
Posts: 218
Join Date: Jun 2010
Quote:
Originally Posted by xuantunt View Post
How to extract? OSBuilder?
no, you can't use osbuilder because this rom isn't built like other winCE's roms (wm6.x, wp7). This rom has got his own filesystem (I think it should be ReFS), and his own structure. You have to wait because some developers are digging into it. Right now we only know that the system structure is similar to a Windows PC, even drivers are in sys format (this is a bad news for those who are waiting a porting to older devices).
The Following 4 Users Say Thank You to gigsaw For This Useful Post: [ Click to Expand ]
 
sianto1997
Old
(Last edited by sianto1997; 3rd November 2012 at 09:28 PM.)
#5  
Senior Member
Thanks Meter 233
Posts: 426
Join Date: Jun 2012

 
DONATE TO ME
Quote:
Originally Posted by gigsaw View Post
no, you can't use osbuilder because this rom isn't built like other winCE's roms (wm6.x, wp7). This rom has got his own filesystem (I think it should be ReFS), and his own structure. You have to wait because some developers are digging into it. Right now we only know that the system structure is similar to a Windows PC, even drivers are in sys format (this is a bad news for those who are waiting a porting to older devices).
I know what's exactly in it! It has 2 user profiles (default & public), a windows folder + system32 folder. And *.sys drivers.

Regards

(I don't know how, but I have a dump!)
If this was useful, click THANKS!
Donations are always welcome: https://www.paypal.com/cgi-bin/websc...if%3aNonHosted

Proud Sianto Edition ROM Series author!
The Following 3 Users Say Thank You to sianto1997 For This Useful Post: [ Click to Expand ]
 
ultrashot
Old
#6  
Recognized Developer
Thanks Meter 2,041
Posts: 1,478
Join Date: May 2009
Location: St.Petersburg
Quote:
Originally Posted by gigsaw View Post
no, you can't use osbuilder because this rom isn't built like other winCE's roms (wm6.x, wp7). This rom has got his own filesystem (I think it should be ReFS), and his own structure. You have to wait because some developers are digging into it. Right now we only know that the system structure is similar to a Windows PC, even drivers are in sys format (this is a bad news for those who are waiting a porting to older devices).
Main partitions are always NTFS
My blog: http://ultrashot.net
--
Good bye
The Following 4 Users Say Thank You to ultrashot For This Useful Post: [ Click to Expand ]
 
FearL0rd
Old
#7  
Member
Thanks Meter 11
Posts: 62
Join Date: Nov 2009
Quote:
Originally Posted by ultrashot View Post
Main partitions are always NTFS
Maybe it looks like the XBOX FS
The Following User Says Thank You to FearL0rd For This Useful Post: [ Click to Expand ]
 
Cotulla
Old
#8  
Cotulla's Avatar
Senior Recognized Developer
Thanks Meter 5,446
Posts: 881
Join Date: Sep 2007
They are really W8 NTFS
The Following 6 Users Say Thank You to Cotulla For This Useful Post: [ Click to Expand ]
 
timmymarsh
Old
#9  
timmymarsh's Avatar
Developer Committee / Senior Moderator - Just one more
Thanks Meter 1,020
Posts: 5,024
Join Date: Mar 2007
Location: Jersey, UK. Likes: Witch hunts. Dislikes: ibones

 
DONATE TO ME
Guys, please keep the chat relevant to dev work, thread cleaned.

Thanks.



 

||GUIDES to common problems | **What XDA Is All About **||

||New Co-ordinates Calculator | Questions & Answers Forum||


Devices: HTC One|HTC 8x|HTC HD2 - test device

If I Have Helped You, Please donate to XDA Developers

The Following 2 Users Say Thank You to timmymarsh For This Useful Post: [ Click to Expand ]
 
Shaky156
Old
#10  
Shaky156's Avatar
Senior Member
Thanks Meter 1,929
Posts: 895
Join Date: Aug 2012

 
DONATE TO ME
I've linked diamondback/flemmard n other deva to this thread, as you're not the only ones with this problem, android is updates HTC are using the same method

So as you can see this isn't specifically windows related

The Following User Says Thank You to Shaky156 For This Useful Post: [ Click to Expand ]
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes