SUCCES! Adding content to HTC 8S stock Rom

Hey guys, I don't know if this is of any use for you, but I think it won't hurt to share it.

Based on some posts and ideas I read in different threads, I managed to write to the EFIESP and the PLATpartition of the stock rom of my HTC 8S. I changed the bootimages in the PLAT partition to a custom one,flashed the image and it worked. I'll attach a picture to prove it and if that's not enough, I will post a video.

So, the first step is to download the stock rom (obviously...) and extract the .exe file. (I use 7-ZIP) Then there is a file called "RUU_signed.nbh". If you open it with a Hex Viewer, like HxD, you can find multiple partition Headers. I found 4 that I can use, the rest is encrypted with what appears to be Bitlocker, hence the different headers. Now, what I did was mark the area of the first partition (starts approximately at offset 228BEF90 and is a FAT16 Partition) and continued the selection until the end of the file. Then I created a new one and pasted it. I ddid the same with the rest, always selecting and copying from where the partition starts until the end of the whole file and pasted it into a new one. Then I mounted the files using OSFMount and voilà, you can put stuff and files in there! If you finished, you just unmount the files. Then I opened each file again with HxD, selected EVERYTHING and pasted it
to the according area in the original RUU_signed.nbh. I started with the first one, then the second and so on, so you don't overwrite the changes you have made if you start in reverse order. After packing the file, I tried to flash it and to my surprise, IT WORKED! After rebooting I saw my custom bootimage! Downside of this is obviously that it requires you to use the stock firmware and it will be overwritten once you update your device. But I hope our skilled Devs here have some use for those 2 partitions. Theres 2 more that are usable, but I don't know their names, but you can still put files in them.

Now again, I don't know if this is of any use for you devs, but I still felt kind of obligated to share it

Stupid thing, I put my HTC 8S into Diag Mode and THEN flashed it, now it doesn't connect as MTP but as HTC Diagnostic Interface and I can't change it back because I can't deploy anything to the device. It works perfectly, boots and everything, but no USB Connection via MTP. So be very careful before flashing, since the mode is determined by a NV value which you can't edit afterwards.

This is not a tutorial to be followed by everyday users, but something ment for developers. You do everything at your own risk! And keep in mind that this has only been tested on an HTC 8S!

cheers, hutchinsane_

Darn, hoped I was the first to come up with the idea. I do have acces to the file you're talking about. MainOS seems to be encrypted with Bitlocker since their headers start with -FVE-FS-. I could take a look into the 8X Rom aswell, I expect the situation to be the same. So is there a thread on the Kernel Debugger thing?


EDIT: I just did what you set, although I used a program called "Visual BCD Editor" since I don't know about editing the BCD Store just YET. Now I edited some values from "False" to "True" and for 1 second it showed me what appeared to be a windows boot selection. Now when I boot up, and once the "Windows Phone" blueish logo appears, it shows "Not for resale", meaning that we actually can edit BCD on this device!

@ngame Thanks If you look at your first 2 screenshots, you didn't select the "ë" You MUST select and copy it aswell, it's always the start of a partition, fot FAT aswell as for NTFS. After that, you should be able to mount. For finding the end, I didn't. I just Selected until the end of the file and pasted it back in. It should work, Afterall, my HTC has a "custom" rom aswell now, since there's a custom bootimage

@ultrashot Thanks! I used the commands and it worked succesfully. Waiting on the phone to flash now

EDIT: It doesn't boot once you set a) the target b) the type or something else. but enabling the kernel debugger itself works. Trying to figure out which value makes it unbootable.

As far as I know, you have to look for the specific headers, since some are encrypted with Bitlocker, therefor have the "-FVE-FS-" header. Easiest way is to use the search function of HxD and search for NTFS, FAT12 and FAT16 partitions Also, there are no stupid questons

Can you ost a screenshot of the file you use as a partition? I don't know if it even works with Nokia Roms. Which one are you using exactly? I might be able to have a look at it.

@-W_O_L_F- They do? Didn't know that, thanks for the info! Yeah, might be a good idea, actually.
@reker how do you plan on doing this? adding the tool to the rom or deploying it as a xap? I actually need a way to use hidden pages without the toast launcher, or to include the toast launcher into the rom since I can't deploy it anymore