Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

Arrow WP8 ROM analysis [UEFI and RUU nbh] by ansar

OP ansar.ath.gr

3rd November 2012, 11:36 AM   |  #1  
ansar.ath.gr's Avatar
OP Retired Recognized Developer
Thanks Meter: 1,848
 
2,767 posts
Join Date:Joined: Jan 2008
Hi to all,


Update on 17.02.2013, WP8 LEO ROM development

I am developing a new WP8 ROM for LEO and can access all WP8 STORE apps

as HTC apps, apps, games, music and podcasts, under the name of MARKETPLACE

Up to now all music and podcasts work ok but for HTC apps, apps and games

there is a pop up of comparibility warning as can be seen in the following screen shots

In the ROM are also included all WP8 lock screens, wallpapers and sounds, and more items

I hope to develop this LEO ROM as further as posible


//// ROM Screen Shots ////




End of 17.02.2013 update


********************************


Update on 28.12.2012, The WP8 Partitions

The WP8 Partitions, as identified up to now

There are 28 [0x1C] in total, 21 [0x15] Read-Only and 7 Read-Write


READ-ONLY SECTION START

Device Provisioning Partition (FIRST READ-ONLY)
01 DPP 16384 Unknown FS

QUALCOMM 8960 SPECIFIC READ-ONLY PARTITIONS

Modem golden file system - MUST FOLLOW DPP
02 MODEM_FSG 6144 Unknown FS

Secure Software Download
03 SSD 16 Unknown FS

Bootloaders
04 SBL1 3000 Unknown FS
05 SBL2 3000 Unknown FS
06 SBL3 4096 Unknown FS
07 UEFI 5000 Unknown FS
08 RPM 1000 Unknown FS
09 TZ 1000 Unknown FS

fTPM Application
0A WINSECAPP 1024 Unknown FS

Bootloaders Backup Section (Sizes must match)
0B BACKUP_SBL1 3000 Unknown FS
0C BACKUP_SBL2 3000 Unknown FS
0D BACKUP_SBL3 4096 Unknown FS
0E BACKUP_UEFI 5000 Unknown FS
0F BACKUP_RPM 1000 Unknown FS
10 BACKUP_TZ 1000 Unknown FS

fTPM Application Backup Section (Sizes must match)
11 BACKUP_WINSECAPP 1024 Unknown FS

UEFI Variable Services Partitions - Read-Only
12 UEFI_BS_NV 512 Unknown FS
13 UEFI_NV 512 Unknown FS

ACPI table storage
14 PLAT 16384 FAT

EFI System Partition (LAST READ-ONLY)
15 EFIESP 131072 FAT ByteAlignment 0x4000000

READ-ONLY SECTION END


START QUALCOMM 8960 SPECIFIC READ-WRITE PARTITIONS

Modem live file systems
16 MODEM_FS1 6144 FAT ByteAlignment 0x4000000
17 MODEM_FS2 6144 FAT

UEFI Variable Services Partitions - Read-Write
18 UEFI_RT_NV 512 FAT
19 UEFI_RT_NV_RPMB 256 FAT

END QUALCOMM 8960 SPECIFIC READ-WRITE PARTITIONS


MICROSOFT READ-WRITE PARTITIONS

1A MMOS 8192 FAT
1B MainOS 1343488 NTFS ByteAlignment 0x800000
1C Data 0x4000 NTFS ByteAlignment 0x800000

END MICROSOFT READ-WRITE PARTITIONS


SectorSize 512 bytes
ChunkSize 128 Kb


End of 28.12.2012 update

********************************

This thread is devoted to WP8 ROM analysis
.
.
1. The hTC structure of WP8 ROM version 1.00
.
.
A. The Block structure of the WP8 UEFI_signed.nbh
.
.
1st Block, the new file header // Identical to RUU, except 2 bytes
.
.
Start 0x00000000 End 0x000001FF Length 0x200 bytes
.
0x00000000 Htc@egi$ // file name ID
.
0x00000008 0x008F // word:ID [TBN]
.
0x0000000A 0x0500 // word:0x05 [TBN]
.
0x00000014 1.00.401.24 // ROM version
.
0x0000001F 0x08 // byte:0x08 [TBN]
.
0x00000020 PM232000* // Device ID [TBN]
.
0x00000040 WWE // ROM language
.
0x000000D0 HTC__001 // CID list start
.
0x000000D8 HTC__203 // CID list
.
... ... // CID list
.
0x00000120 HTC__K18 // CID list end
.
.
.
.
2nd Block // [TBN]
.
.
Start 0x00000200 End 0x0001001FF Length 0x100000 bytes
.
.
.
.
3rd Block // Identical to the 3rd Block of RUU [TBN]
.
.
Start 0x00100200 End 0x0003067FF Length 0x206600 bytes
.
.
.
.
4th Block // Identical to the 10th Block of RUU [TBN]
.
.
Start 0x000306800 End 0x000322662 Length 0x1BE63 bytes
.
This block ends with non unicode text hTCVer001.532.009 and a trailing 0x0A
.
.
5th Block // Identical to the 11th Block of RUU [TBN]
.
.
Start 0x000322663 End 0x0004594D1 Length 0x136E6F bytes
.
This block ends with non unicode text hTCVer001.532.010 and a trailing 0x0A
.
.
6th Block // Identical to the 12th Block of RUU [TBN]
.
.
Start 0x0004594D2 End 0x00063A129 Length 0x1E0C58 bytes
.
This block ends with non unicode text hTCVer001.532.015 and a trailing 0x0A
.
.
7th Block // [TBN]
.
.
Start 0x00063A12A End 0x00081E815 Length 0x1E46EC bytes
.
This block ends with non unicode text hTCVer001.532.008 and a trailing 0x0A
.
.
.
.
B. The Block structure of the WP8 RUU_signed.nbh
.
.
1st Block, the new file header // Identical to UEFI, except 2 bytes
.
.
Start 0x00000000 End 0x000001FF Length 0x200 bytes
.
0x00000000 Htc@egi$ // File name ID
.
0x00000008 0x008F // word:ID [TBN]
.
0x0000000A 0x0A00 // word:0x0A [TBN]
.
0x00000014 1.00.401.24 // ROM version
.
0x0000001F 0x13 // byte:0x13 [TBN]
.
0x00000040 WWE // ROM language
.
0x000000D0 HTC__001 // CID list start
.
0x000000D8 HTC__203 // CID list
.
... ... // CID list
.
0x00000120 HTC__K18 // CID list end
.
.
.
.
2nd Block // [TBN]
.
.
Start 0x00000200 End 0x0001001FF Length 0x100000 bytes
.
.
.
.
3rd Block // Identical to the 3rd Block of UEFI [TBN]
.
.
Start 0x00100200 End 0x0003067FF Length 0x206600 bytes
.
.
4th Block // the Radio part 01 (Holds hTC certificates)
.
.
Start 0x000306800 End 0x00031E815 Length 0x18016 bytes
.
This block ends with non unicode text hTCVer001.532.008 and a trailing 0x0A
.
.
5th Block // the Radio part 02 (Holds hTC certificates)
.
.
Start 0x00031E816 End 0x00033682B Length 0x18016 bytes
.
This block ends with non unicode text hTCVer001.532.008 and a trailing 0x0A
.
.
6th Block // the Radio part 03 (Holds hTC certificates)
.
.
Start 0x00033682C End 0x00034E841 Length 0x18016 bytes
.
This block ends with non unicode text hTCVer001.532.008 and a trailing 0x0A
.
.
7th Block // the Radio part 04 (Holds hTC certificates)
.
.
Start 0x00034E842 End 0x000366857 Length 0x18016 bytes
.
This block ends with non unicode text hTCVer001.532.008 and a trailing 0x0A
.
.
8th Block // the Radio part 05 (Holds hTC certificates)
.
.
Start 0x000366858 End 0x00037E86D Length 0x18016 bytes
.
This block ends with non unicode text hTCVer001.532.008 and a trailing 0x0A
.
.
9th Block // the Radio part 06 (Holds hTC certificates)
.
.
Start 0x00037E86E End 0x000396883 Length 0x18016 bytes
.
This block ends with non unicode text hTCVer001.532.008 and a trailing 0x0A
.
.
10th Block // Identical to the 4th Block of UEFI [TBN]
.
.
Start 0x000396884 End 0x0003B26E6 Length 0x1BE63 bytes
.
This block ends with non unicode text hTCVer001.532.009, an 0x0D and a trailing 0x0A
.
.
11th Block // Identical to the 5th Block of UEFI [TBN]
.
.
Start 0x0003B26E7 End 0x0004E9555 Length 0x136E6F bytes
.
This block ends with non unicode text hTCVer001.532.010 and a trailing 0x0A
.
.
12th Block // Identical to the 6th Block of UEFI [TBN]
.
.
Start 0x0004E9556 End 0x0006CA1AD Length 0x1E0C58 bytes
.
This block ends with non unicode text hTCVer001.532.015 and a trailing 0x0A
.
.
13th Block // the WP8 image
.
.
Start 0x0006CA1AE End 0x00322D53EF Length 0x31C0B242 bytes
.
This block will be developed in more detail
.
.
.
Both will be more detailed in the next posts #2 and #3
.
.
Notes
,
,
1. that there are certain differences between hTC and Nokia structures
.
2. all info is provided on a development base only
.
.
Regards, ansar
Last edited by ansar.ath.gr; 17th February 2013 at 03:58 AM. Reason: LEO WP8 Screen Shots
The Following 47 Users Say Thank You to ansar.ath.gr For This Useful Post: [ View ]
3rd November 2012, 11:37 AM   |  #2  
ansar.ath.gr's Avatar
OP Retired Recognized Developer
Thanks Meter: 1,848
 
2,767 posts
Join Date:Joined: Jan 2008
Arrow UEFI.nbh ROM detailed amalysis development
This post is reserved
Last edited by ansar.ath.gr; 3rd November 2012 at 11:40 AM.
The Following 3 Users Say Thank You to ansar.ath.gr For This Useful Post: [ View ]
3rd November 2012, 11:37 AM   |  #3  
ansar.ath.gr's Avatar
OP Retired Recognized Developer
Thanks Meter: 1,848
 
2,767 posts
Join Date:Joined: Jan 2008
Arrow RUU.nbh ROM detailed analysis development
Also this post is reserved
Last edited by ansar.ath.gr; 3rd November 2012 at 11:41 AM.
The Following 4 Users Say Thank You to ansar.ath.gr For This Useful Post: [ View ]
3rd November 2012, 07:51 PM   |  #4  
Senior Member
Thanks Meter: 49
 
218 posts
Join Date:Joined: Jun 2010
Quote:
Originally Posted by xuantunt

How to extract? OSBuilder?

no, you can't use osbuilder because this rom isn't built like other winCE's roms (wm6.x, wp7). This rom has got his own filesystem (I think it should be ReFS), and his own structure. You have to wait because some developers are digging into it. Right now we only know that the system structure is similar to a Windows PC, even drivers are in sys format (this is a bad news for those who are waiting a porting to older devices).
The Following 4 Users Say Thank You to gigsaw For This Useful Post: [ View ]
3rd November 2012, 10:08 PM   |  #5  
Senior Member
Thanks Meter: 233
 
426 posts
Join Date:Joined: Jun 2012
Donate to Me
Quote:
Originally Posted by gigsaw

no, you can't use osbuilder because this rom isn't built like other winCE's roms (wm6.x, wp7). This rom has got his own filesystem (I think it should be ReFS), and his own structure. You have to wait because some developers are digging into it. Right now we only know that the system structure is similar to a Windows PC, even drivers are in sys format (this is a bad news for those who are waiting a porting to older devices).

I know what's exactly in it! It has 2 user profiles (default & public), a windows folder + system32 folder. And *.sys drivers.

Regards

(I don't know how, but I have a dump!)
Last edited by sianto1997; 3rd November 2012 at 10:28 PM.
The Following 3 Users Say Thank You to sianto1997 For This Useful Post: [ View ]
4th November 2012, 07:53 AM   |  #6  
Recognized Developer
St.Petersburg
Thanks Meter: 2,044
 
1,478 posts
Join Date:Joined: May 2009
Quote:
Originally Posted by gigsaw

no, you can't use osbuilder because this rom isn't built like other winCE's roms (wm6.x, wp7). This rom has got his own filesystem (I think it should be ReFS), and his own structure. You have to wait because some developers are digging into it. Right now we only know that the system structure is similar to a Windows PC, even drivers are in sys format (this is a bad news for those who are waiting a porting to older devices).

Main partitions are always NTFS
The Following 4 Users Say Thank You to ultrashot For This Useful Post: [ View ]
4th November 2012, 05:14 PM   |  #7  
Member
Thanks Meter: 11
 
63 posts
Join Date:Joined: Nov 2009
Quote:
Originally Posted by ultrashot

Main partitions are always NTFS

Maybe it looks like the XBOX FS
The Following User Says Thank You to FearL0rd For This Useful Post: [ View ]
8th November 2012, 06:29 PM   |  #8  
Cotulla's Avatar
Senior Recognized Developer
Thanks Meter: 5,453
 
881 posts
Join Date:Joined: Sep 2007
More
They are really W8 NTFS
The Following 6 Users Say Thank You to Cotulla For This Useful Post: [ View ]
10th November 2012, 12:11 PM   |  #9  
timmymarsh's Avatar
Developer Committee / Senior Moderator - Just one more
Flag Jersey, UK. Likes: Witch hunts. Dislikes: ibones
Thanks Meter: 1,032
 
5,039 posts
Join Date:Joined: Mar 2007
Donate to Me
More
Guys, please keep the chat relevant to dev work, thread cleaned.

Thanks.
The Following 2 Users Say Thank You to timmymarsh For This Useful Post: [ View ]
18th November 2012, 10:57 AM   |  #10  
Shaky156's Avatar
Senior Member
Thanks Meter: 1,949
 
930 posts
Join Date:Joined: Aug 2012
Donate to Me
More
I've linked diamondback/flemmard n other deva to this thread, as you're not the only ones with this problem, android is updates HTC are using the same method

So as you can see this isn't specifically windows related

The Following User Says Thank You to Shaky156 For This Useful Post: [ View ]
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes