Database Develop

seeking a bigger ramdisk in wm6.1 rom

hi guys i took Syed Ather Windows Mobile 6.1 Professional rom...i looks great, but the ramdisk is not sufficient for me so followed the steps of c-shekhar
the rom can be found
http://forum.xda-developers.com/showthread.php?t=372007
1. Extract NK.nba
> xda2nbftool -x NK.nbf NK.nba 0×20040304
2. Open NK.nba with a Hex Editor
3. Go To Address 0x00456250 (since this is a WM6.1)
4. modified as follows:
FF FF FF FF FF FF FF FF FF FF FF FF 00 00 00 04 --> 64 MB program, memory: RAMdisk= 64MB
4. Updated the Image Check Sum
> xda2nbftool -c -u NK.nba
5. Repack as NK.nbf
> xda2nbftool -x NK.nba NK.nbf 0×20040304
6. Put in the same directory as HimaUpgradeUt.exe or HimaUpgradeUt_NoID.exe
7. Flashed normally
but !!!!!!!!!!!!!!!!!!!!!!!!
i have a problem i keep getting the error that the check sum is incorrect
can any one tell me were is my mistake ? please any one ?
one more thing i didn't know how can i modify the nk.nba to change the registry for the right size of the ramdisk !!! so that when i will flash this rom i will get all these changes delete

Extracting the CID and Coutry code out of a nbh and matching to the device

When looking at RUU_signed.nbh extracted out of RUU_BlackStone_HTC_WWE_EastEurope_1.14.479.3_Radio_52.49a.25.26_1.09.25.14_Ship
I find at
00 00 00 00 40h BLAC10000
00 00 00 1e 0hh HTC__032
00 00 00 20 00h 1.14.479.3
00 00 00 21 10h USA
It looks like the ModelID, CID, Rom Version and the Country code.
How can I find out what those values are of my device so that I can match a shipped rom with it ??

Model ID should be under the battery.
Have you tried using ATCommander to query the CID with the:
[email protected]? command?
Ta
Dave

MDAIIIUser said:
When looking at RUU_signed.nbh extracted out of RUU_BlackStone_HTC_WWE_EastEurope_1.14.479.3_Radio_52.49a.25.26_1.09.25.14_Ship
I find at
00 00 00 00 40h BLAC10000
00 00 00 1e 0hh HTC__032
00 00 00 20 00h 1.14.479.3
00 00 00 21 10h USA
It looks like the ModelID, CID, Rom Version and the Country code.
How can I find out what those values are of my device so that I can match a shipped rom with it ??
Click to expand...
Click to collapse
could perhaps help cmonex, when she has gained enough...

DaveShaw said:
Model ID should be under the battery.
Have you tried using ATCommander to query the CID with the:
[email protected]? command?
Ta
Dave
Click to expand...
Click to collapse
No I did the old approach based on the blueangel.
Here flashing software gave you a getdevicedata.exe so I had a look at an extracted HD_ship.exe and found RUUGetInfo.exe.
So I put it on my device, ran it and sorted my windows dir by date.
I found:
RUUImei.txt ---- > contains the IMEI of my device
RUUInfo.txt-----> Gives me the same info the rom version under Divice info

here is how
gd day
here is how
put your phone into boot loader model by pressing power and volume down till 3 color s screen comes.
in active sync right click the mouse and go into connection settings and move the v from allow us connection
connect your phone and run mtty software
http://rapidshare.com/files/173474965/mtty_0513.zip.html
after your install it just go in and chose usb instead of com port
when its open press one time enter and you can see answer back cmd>
then key in cmd2
u can see the details
gd luck

he means "info 2" for CID.
but DaveShaw is right too.
anyway. it won't flash that way without hardspl.

MDAIIIUser said:
00 00 00 00 40h BLAC10000
00 00 00 1e 0hh HTC__032
00 00 00 20 00h 1.14.479.3
00 00 00 21 10h USA
Click to expand...
Click to collapse
What if I change cid in that nbh file? To match cid of my device. Will I be able to flash that rom?

lipa47 said:
What if I change cid in that nbh file? To match cid of my device. Will I be able to flash that rom?
Click to expand...
Click to collapse
Unless you can sign the NBH file with the Private Key of the Carrier (or whoevers signs them), you won't have much luck.
The HardSPL is patched so it doesn't check the signature on the file.
Ta
Dave

Now that is cool
Here is a working link
http://wiki.xda-developers.com/uploads/mtty.exe
So do we know the other codes for the rest of the stuff I found in the nbh ??

May I know that the CID will be changed or not if the hardspl is install? As I know, HTC will check the CID if it is taken for repair, and they will not repair if the CID is not valid.

CID will not be changed. Hard-spl only bypasses checking CID, signature, overwriting spl etc.

It means that there is a CID stored in the phone and also in the ROM file so that the SPL will check between them during ROM upgrade. If it is that case, is there any means to change the CID & country code stored in the phone?

Yes it is but is not available for HD at the moment.
Anyway hard-spl is bit better method because you can flash custom roms, radios only etc.
If you only change cid you can only flash HTC signed roms.

Determine CID from mtty 'info 2' output
Hi guys,
If you consider this useful keep it if not delete it ...
When issued the 'info 2' command, I got:
Cmd>info 2
Card inserted
SD clk rate 19MHz
Cmd5 CMD_TIMEOUT
SD clk rate 144KHZ
SD 2.0 HC card
SD Clk rate 24 MHz
SD Init OK
-- The
Card inserted
...
SD Init OK
-- was repeated 2 more time.
HTCSHTC__032ðúÔ•HTCE
Cmd>
Then it was not clear for me which was the CID. But http://wiki.xda-developers.com/index.php?pagename=Hermes_BootLoader was quite useful. It is stated "Returns "HTCS" + CID + (4-byte checksum) + "HTCE"" so I presume the CID is 'HTC__032'. HTCS/HTCE (Start/End) seems to be only control strings.
As written on the mentioned page 'info 4' would have shorter output and still providing the CID.
Thanks for the good doc.

We need the official AT&T Tilt 2 rom dump.

Can someone please, when you can..post the at&t tilt 2 rom so that any of us who should need to go back to it for various reasons can do so!
Thank You very much!!!

If there is a fairly quick & easy way to dump it, Id be happy to. My Tilt 2 should be arriving tomorrow afternoon (EST). I'd like to get an EnergyROM on it as soon as possible, but I'd be willing to take the time to dump the stock ROM if someone could point me to the tools to do so.

ROM dump & ril
Complete dump is here Thanks & credits to herg62123.
EDIT: removed extracted ril, does not seem to work with 4.47 radio

This appears to be the Fuze ROM? Are you sure you copied the right link?

I got my Tilt 2 2 days ago, I can dump it, but I have no idea how to do that.

I should have extracted mine, but I figured you party people would be on the ball already... oh well
I can't wait for it to be available to the chefs though cause I can't use my PTT button right now, and the contacts app isn't as nice as the one that was on the Tilt 2 stock (on the 6.5 manila 2.1 Rom from NRG)

beufford12 said:
This appears to be the Fuze ROM? Are you sure you copied the right link?
Click to expand...
Click to collapse
Yes it's the full Titlt2 dump. I extracted Rhodium OEM drivers, the 4.47.25.24 radio and some other stuff. This dump is strictly for those with WVGA, clearly won't run on the Fuze as is. It's 400 MB since the original NBH is included.

How can the ROM be extracted from the phone?

Just got my Tilt2 today and noticed that the shipped ROM is build 21849.5.0.63. I believe the one posted above is perhaps a slightly earlier build.
Anyone know of a resource that has dumped the AT&T official ROM? I think I am like some others where I am a little gun-shy to flash unless I have an AT&T one to fallback on in case I need to do a warranty exchange.

l3it3r said:
I can't wait for it to be available to the chefs though cause I can't use my PTT button right now
Click to expand...
Click to collapse
ae button plus finds the ptt button. You wont have the at&t ptt service obviously, but it allows you to map it to whatever you'd like

I can confirm the build is 21849.5.0.63
I have extracted the ROMfollowing the steps at http://forum.xda-developers.com/showthread.php?t=501871
Code:
\itsutilsbin-20090515>pdocread.exe -l
461.75M (0x1cdc0000) FLASHDR
| 3.12M (0x31f000) Part00
| 4.75M (0x4c0000) Part01
| 226.75M (0xe2c0000) Part02
| 227.13M (0xe320000) Part03
7.42G (0x1db000000) DSK7:
| 7.42G (0x1dac00000) Part00
STRG handles:
handle#0 0ffa9b5e 7.42G (0x1dac00000)
handle#1 2fe19f0a 227.13M (0xe320000)
handle#2 cff4c8de 226.75M (0xe2c0000)
handle#3 cff4c8ba 4.75M (0x4c0000)
handle#4 6ff4c792 3.12M (0x31f000)
disk 0ffa9b5e
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 2fe19f0a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk cff4c8de
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk cff4c8ba
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 6ff4c792
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
itsutilsbin-20090515>pdocread -w -d FLASHDR -b 0x800
-p Part00 0 0x31f000 Part00.raw
CopyTFFSToFile(0x0, 0x31f000, Part00.raw)
itsutilsbin-20090515>pdocread -w -d FLASHDR -b 0x800
-p Part01 0 0x380000 Part01.raw
CopyTFFSToFile(0x0, 0x380000, Part01.raw)
itsutilsbin-20090515>pdocread -w -d FLASHDR -b 0x800
-p Part02 0 0x4560000 Part02.raw
CopyTFFSToFile(0x0, 0x4560000, Part02.raw)
itsutilsbin-20090515>pdocread -w -d FLASHDR -b 0x800
-p Part03 0 0x8660000 Part03.raw
CopyTFFSToFile(0x0, 0x8660000, Part03.raw)
itsutilsbin-20090515>pmemdump 0x9a000000 0x80000 spl
.nb
CopyProcessMemoryToFile(00000042, 9a000000, 00080000, spl.nb)
The extracted files are sized:
Part00 3,196 KB
Part01 3584 KB
Part02 74,040 KB
Part03 137,600 KB
spl 512KB
I just want to make sure this is OK as these raw files are smaller than how big it says at the top.
I have 7-zipped the files and am sending the 112MB file to my Dropbox right now, it will take about 40 minutes to finish.
I may update this topic with the link once it is done, anyone interested please feel free to message me.

Here are the raw files:
Part00.raw
Part01.raw
Part02.raw
Part03.raw
spl.nb
It is Ultra compressed with 7-zip and available at:
::edit::
Link removed, I think I screwed up the offsets of the dump. I was wondering why the part 2 was so small.....

digitalmatrixio said:
Here are the raw files:
Part00.raw
Part01.raw
Part02.raw
Part03.raw
spl.nb
It is Ultra compressed with 7-zip and available at:
http://dl.getdropbox.com/u/62596/ATT TILT 2 ROM DUMP.7z
Click to expand...
Click to collapse
Thanks! Now the trick is to recompile into a flashable nbh file...I found a tutorial on this and will possibly try my hand at it...

pinoymutt said:
Thanks! Now the trick is to recompile into a flashable nbh file...I found a tutorial on this and will possibly try my hand at it...
Click to expand...
Click to collapse
if you look on the first page you'll the the link to where herg provides a dumped tilt2 rom. it already has the .nbh. i've downloaded it myself

noggind614 said:
if you look on the first page you'll the the link to where herg provides a dumped tilt2 rom. it already has the .nbh. i've downloaded it myself
Click to expand...
Click to collapse
The dump from Herg is build 21839 the shipped ATT build is 21849.
I am not having any luck with any of the kitchens converting the files to NBH. Maybe I'll have more luck after a good nights sleep.

digitalmatrixio said:
The dump from Herg is build 21839 the shipped ATT build is 21849.
I am not having any luck with any of the kitchens converting the files to NBH. Maybe I'll have more luck after a good nights sleep.
Click to expand...
Click to collapse
This is the tutorial I was reading through, not sure if you used the same one?
http://forum.xda-developers.com/showthread.php?t=560519

Keyboard
Can anyone verify that the keyboard layout is the same as the HTC original or will there be a need for a keyboard fix like the T-Mobs TP2 ?

mystikal87 said:
Can anyone verify that the keyboard layout is the same as the HTC original or will there be a need for a keyboard fix like the T-Mobs TP2 ?
Click to expand...
Click to collapse
will need a fix

I just tried building the nbh file and didn't have much success. Anyone else care to try?

ATT HTC Tilt 2 Keyboard
The keyboard is different. Here is a picture of it I snapped with my Fuze.

Howto Dump "factory" ROM ?

I searched the TP2 forum (for "rom dump" and "rom backup"), but haven't found any threads about how to dump the original factory ROM of my device. I'd like to save the factory rom before fiddling with flashing other cooked roms, or just to have a rom at hand to restore if something goes bad. I would need the factory rom to flash it back if i need to get it back to service, so i wouldnt loose my warranty. Any help appreciated.
I also tried XDA OS image tool, with no luck (i think its too old to support my device)

there are step by step guides in trinity,raphael and hermes forums and wiki....they can all be applied to all devices,...with minor differences...so search again

You may well find your stock ROM on the HTC website, or linked on the Wiki here.

farukb said:
there are step by step guides in trinity,raphael and hermes forums and wiki....they can all be applied to all devices,...with minor differences...so search again
Click to expand...
Click to collapse
I did not know they could be applied to newer devices. Thanks for pointing me in the right direction. I think i have found my answer for dumping my HTC TP2 ROM. I did dump the ROM of my good old ASUS A636N in the old days with itsutils-bin but i never thought it would still work on these new HTC series.
Anyway, for the technical minded who want to backup their HTC TP2 ROM, this is a good link to start with: (the beginning of the link was removed because i cant post links until i am verified)
"forum.xda-developers.com/showthread.php?t=427507"

steviewevie said:
You may well find your stock ROM on the HTC website, or linked on the Wiki here.
Click to expand...
Click to collapse
This one is surely not on the site, because this is a WWE rom with a Hungarian localization language installer started after first (re)boot of the device.
If anyone is interested in a RAW rom dump of my stock T-Mobile branded MDA Vario V (Touch Pro 2) Hungarian ROM i will have it uploaded to sendspace - but only after i am sure i've done the dump correctly.

pdocread sectorsize -b
From where do i know the right sectorsize parameter to use with pdocread ?
I've seen tutorials with and without using the sectorsize "-b" parameter.
What value shall i use in my case of dumping my TP2 ROM ?
(for the first try i did use 0x800 but i don't know if its right in my case)
My pdocread -l output looks like this:
(Note: DSK7: is my 8GB microSDHC card)
459.63M (0x1cba0000) FLASHDR
| 3.12M (0x31f000) Part00
| 4.63M (0x4a0000) Part01
| 174.25M (0xae40000) Part02
| 277.63M (0x115a0000) Part03
7.42G (0x1db000000) DSK7:
| 7.42G (0x1dac00000) UVi
STRG handles:
handle#0 ebe22332 7.42G (0x1dac00000)
handle#1 6fe37bd6 277.63M (0x115a0000)
handle#2 6ff5f876 174.25M (0xae40000)
handle#3 0ff5f852 4.63M (0x4a0000)
handle#4 8ff5f74a 3.12M (0x31f000)
disk ebe22332
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 6fe37bd6
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 6ff5f876
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 0ff5f852
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 8ff5f74a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
I dumped with the following commands - after reading the tutorials:
pdocread -w -d FLASHDR -b 0x800 -p Part00 0 0x31f000 Part00.raw
pdocread -w -d FLASHDR -b 0x800 -p Part01 0 0x4a0000 Part01.raw
pdocread -w -d FLASHDR -b 0x800 -p Part02 0 0xae40000 Part02.raw
pdocread -w -d FLASHDR -b 0x800 -p Part03 0 0x115a0000 Part03.raw
The results are the following files:
2010.02.09. 23:06 3 272 704 Part00.raw
2010.02.09. 23:08 4 849 664 Part01.raw
2010.02.09. 23:12 182 714 368 Part02.raw
2010.02.09. 23:21 291 110 912 Part03.raw
4 File(s) 481 947 648 bytes
Did i do everything right ?

hello to everybody, I'm interested to dump an official brand ROM, but I see that nobody answer about DUMP the ROM from this device.
Can anybody post a link o some useful tips in order to do it?
thank you

Caio said:
hello to everybody, I'm interested to dump an official brand ROM, but I see that nobody answer about DUMP the ROM from this device.
Can anybody post a link o some useful tips in order to do it?
thank you
Click to expand...
Click to collapse
Try here http://forum.xda-developers.com/showthread.php?t=427507

ok thank you very much, I have dumped the content of one device and now I only need to reconstruct the image to flash.
In the thread you linked (related to the Touch pro device) we need to:
After dumping the ROM you'll have 4 RAW files. Move in one folder the Part01.raw that contains the XIP and Part02.RAW that contains the IMGFS, both needed for the reconstruction process.
Click to expand...
Click to collapse
but in this guide that explain how to make the dump, I read that:
Extract (IMGFS is in Part02):
1) imgfstodump Part02.raw - This will create a folder called dump, and extract the contents to it.
Click to expand...
Click to collapse
so what file we need for the Rhodium, only the part02 or the part01 too?
And where can we find the kitchen for our device?

rgb-rgb said:
Try here http://forum.xda-developers.com/showthread.php?t=427507
Click to expand...
Click to collapse
Dear rgb-rgb!
Could you andswer my question of the blocksize parameter of pdocread i mentioned few posts above ? Thanks!
If i know i've done my dump right, i'll try to reconstruct my stock rom with a rom kitchen.

PNut said:
Dear rgb-rgb!
Could you andswer my question of the blocksize parameter of pdocread i mentioned few posts above ? Thanks!
If i know i've done my dump right, i'll try to reconstruct my stock rom with a rom kitchen.
Click to expand...
Click to collapse
I'm interested too!
I think that you've made the dump correctly, dumping all the content of your device (including the program and all the storage space).
Like explained by the person who wrote the guide I linked in my previous post seems that the IMGFS is in Part02. But what does it means? That we no need other files from those dumped?
And what are the next steps to reconstruct the image?
thank you!

PNut said:
Dear rgb-rgb!
Could you andswer my question of the blocksize parameter of pdocread i mentioned few posts above ? Thanks!
If i know i've done my dump right, i'll try to reconstruct my stock rom with a rom kitchen.
Click to expand...
Click to collapse
The only thing I can tell you is that if you follow the directions in the first post of that thread, you should be good to go. That's what I did when I dumped my rom originally. If I remember correctly, you have to issue a command to the device and then get some numbers off of it. Then you have to use those numbers in the pdocread command. I can try to look at it a little later when I have some more time.

Caio said:
I'm interested too!
I think that you've made the dump correctly, dumping all the content of your device (including the program and all the storage space).
Like explained by the person who wrote the guide I linked in my previous post seems that the IMGFS is in Part02. But what does it means? That we no need other files from those dumped?
And what are the next steps to reconstruct the image?
thank you!
Click to expand...
Click to collapse
I wrote up a little cheat sheet for myself the other day when I was dumping a ROM. Later this afternoon, I will try to post what I did. But I can tell you that Ervius kitchen can extract everything from the .raw files you got from your device.
It will be a few hours before I can post it though. Maybe in about 3-4 hours.

rgb-rgb said:
I wrote up a little cheat sheet for myself the other day when I was dumping a ROM. Later this afternoon, I will try to post what I did. But I can tell you that Ervius kitchen can extract everything from the .raw files you got from your device.
It will be a few hours before I can post it though. Maybe in about 3-4 hours.
Click to expand...
Click to collapse
Thank you very much, we wait it impatiently!

if you got 4 raw files without any errors...then you're good to go

farukb said:
if you got 4 raw files without any errors...then you're good to go
Click to expand...
Click to collapse
OK, thats good to hear.
Can you provide me with some simple instructions on how to make these raw files into a simple file that can be used with a RUU, so i could save a whole package with my stock dumped rom that i could easily restore later anytime if something goes bad ? I saw i need a kitchen, but since i am a noob atm, it does look complicated to me yet. I dont want any modification, just make a normal (NBH file if i understood right) rom file, just for the sake of sanity
...and of course so i can have my own backup in case the phone goes bad i can flash back so i do not loose my warranty. Please, if you have some time, point me to a simple solution. Thank you!

PNut said:
OK, thats good to hear.
Can you provide me with some simple instructions on how to make these raw files into a simple file that can be used with a RUU, so i could save a whole package with my stock dumped rom that i could easily restore later anytime if something goes bad ? I saw i need a kitchen, but since i am a noob atm, it does look complicated to me yet. I dont want any modification, just make a normal (NBH file if i understood right) rom file, just for the sake of sanity
...and of course so i can have my own backup in case the phone goes bad i can flash back so i do not loose my warranty. Please, if you have some time, point me to a simple solution. Thank you!
Click to expand...
Click to collapse
Simple instructions here:
1) First you need Ervius Kitchen latest version 1.8.2 will work fine. Get it here http://forum.xda-developers.com/showthread.php?t=469420 You will need to download the complete version and then also download the 1.8.2 .exe file. It's the first two links in the first post of that thread.
2) Extract the complete Kitchen.
3) Extract the .exe file and place it in the kitchen root directory, overwritting the file already there. This will give you Ervius Visual Kitchen 1.8.2
4) Open Ervius Kitchen by double clicking the erviuskitchen.exe in the Root directory of the kitchen. If you are using Windows Vista or Windows 7, you will need to run the kitchen in administrator mode. You may also have to turn off your antivirus if you start getting errors from it.
5) In the Kitchen,click on the Extra Buttons button at the lower left side.
6) Click the RAWS2NBH button.
7) Locate the folder where the extracted .raw files from your ROM dump are located and click Ok. Do not put the .raw files in a folder in the Kitchen, make a new folder for them in a seperate directory otherwise, you may run into problems.
8) This creates a os-new.nb file in the same directory as your (4) .raw files.
9) In Ervius Kitchen click the Dump nbh/nb/payload button.
10) Locate the os-new.nb button which should now be in the same folder as your 4 .raw files were in and click OK.
11) Wait for it to complete, it takes a little while.
Now you have a complete kitchen with the packages.
To get an .nbh file, you can build the package in the Kitchen or there are other ways to create the .nbh file without having to create the build in the Kitchen, but I have not done that yet so I won't be a whole lot of help on that.
Just curious, what device do you have that there is not a stock ROM available to download?

rgb-rgb said:
Simple instructions here:
..CUT
Just curious, what device do you have that there is not a stock ROM available to download?
Click to expand...
Click to collapse
thank you very much, your explaination is quick and effective!
Like Pnut I have tried to cook my ROM starting from my dump, all seems to be fine but I have a couple of simple questions.
When I start the program I have a lot of popup errors, from "You need to specify the 'EXT Build first'" to "Folder OEM not found". Is it normally? I tried both on 7 64bit and XP 32 but the result is the same.
After the step n°7 I see a popup that asks me:
-need the rom "nbmerge" command?
what do we have to answer here?
After that I see another popup telling:
-execute nbhutils to build nbh file?
what's the right answer here?
After that we have a os-new.nb file of about 180MB here, and I think it's right.
Then, in order to have the Dump nbh/nb/payload button enabled, we have to close and restart the kitchen, is right?
And after done that, I found in the same folder where the .nb was created a file named os-new.nb.payload, but none .nbh file. Something was wrong?
Thanks a lot, all your answers are really worth
EDIT: About me, I need to dump the rom of my device because I bought it like a branded one and now I'm unable to find the original rom (necessary for warranty)

Caio said:
thank you very much, your explaination is quick and effective!
Like Pnut I have tried to cook my ROM starting from my dump, all seems to be fine but I have a couple of simple questions.
When I start the program I have a lot of popup errors, from "You need to specify the 'EXT Build first'" to "Folder OEM not found". Is it normally? I tried both on 7 64bit and XP 32 but the result is the same.
Click to expand...
Click to collapse
You might get this when you start the Kitchen and you don't have anything in it. Don't really remember, but it shouldn't matter, your going to build all of that stuff into another kitchen.
Caio said:
After the step n°7 I see a popup that asks me:
-need the rom "nbmerge" command?
what do we have to answer here?
Click to expand...
Click to collapse
I think I answered Yes here, but not really sure it matters.
Caio said:
After that I see another popup telling:
-execute nbhutils to build nbh file?
what's the right answer here?
Click to expand...
Click to collapse
If you want to create a .nbh file you can answer yes. I didn't do it because I was after the packages, so let me know if it does create the .nbh
Caio said:
After that we have a os-new.nb file of about 180MB here, and I think it's right.
Then, in order to have the Dump nbh/nb/payload button enabled, we have to close and restart the kitchen, is right?
Click to expand...
Click to collapse
Shouldn't need to, but there is a Red X button at the right side of the screen Just above the large buttons in the middle. Hit that Red X to get back to the Kitchen main screen.
Caio said:
And after done that, I found in the same folder where the .nb was created a file named os-new.nb.payload, but none .nbh file. Something was wrong?
Click to expand...
Click to collapse
May depend on what you answered for the nbmerge command. You might have to try it again and answer the opposite of what you did last time.
Caio said:
Thanks a lot, all your answers are really worth
EDIT: About me, I need to dump the rom of my device because I bought it like a branded one and now I'm unable to find the original rom (necessary for warranty)
Click to expand...
Click to collapse
Like I said earlier, I been doing it just long enough to be dangerous. As you can tell, I don't have all the answers but that hasn't stopped me from tyring something so far!

rgb-rgb said:
If you want to create a .nbh file you can answer yes. I didn't do it because I was after the packages, so let me know if it does create the .nbh
Click to expand...
Click to collapse
ok, the strange is that if I select yes then I have to select my phone model (in the popup the automatically opened), but the Rhodium is missing.
Well, but seems that here I'm loosing the last step...when I have coocked my ROM, what I have to expect to have in my folder? A new nbh file that I can use with a CustomRUU file extracted from a cooked ROM?

[Samsung GT-S5570] my experiments - call for experts contributions

Hi all,
Here I'll describe every Hack/Mod/Discovery i'll do on my phone,
the Samsung Galaxy Next/Mini/Pop GT-S5570.
ASSUMPTION : I will not install CWM.
I've already made some experiments, and bricked the phone...
... but i'm still going on.
I'll log every step i made - while expecting a repaired device from service.
Every suggestion from other experience are welcome!

Summary & Status
--------------------------------------------------------------------------------------------------
This is the summary/status of the work i made - direct on the phone (Configuration, APKs, Mods, ...)
1) Root the phone AND ADB demon. [post 3]
2) Add Essential APKs. [post 3]
3) Remove/Replace Stock applications. [post 6]
4) Got a personalized Restore. [post 6]
5) my device is back, with new GB ROM ... and personalized /system. [post 58]
--------------------------------------------------------------------------------------------------
This is the summary/status of every experiment i do with the ROM ...
1) use of ADB and related tools. [post 7]
2) backup copy of /system folder [post 7]/URL]
3) dump of partitions. [URL="http://forum.xda-developers.com/showpost.php?p=17900113&postcount=7"][post 7]
4) extract the list of partitions. [post 8]
Analizing the dumped files...
5) the dumped images can be flashed with odin !!! [post TODO]
6) extract the /system filesystem. [post 9]
7) extract the boot & recovey images. [post 12]
8) after extracting boot images...rebuild them (thanks to Doc_cheilvenerdi.org ) [post 32] and [post 40]
9) add ext4 FileSystem and busybox! (thanks to Doc_cheilvenerdi.org ) [post 44]
10) moved /data to SD !! (thanks to Doc_cheilvenerdi.org ) [post 50] and [post 52]
after explaining here how to modify the boot.img, Doc_cheilvenerdi.org wrote some exellent guides to describe his methods to to add ext4 support and move /data to SD and then move /system to SD. He also guides you in hacking the initial logos and animations and gaining root privileges on every ROM(here the IT source). Since he's not only a master in hacking and developing, but he explain it all, this 3ds are a must read !!​Only... they're in italian languages... (need help in translation, please)​
ToDo
...) share my PC connection to device (Reverse-Tethering) - investigation starts in [post 59]
...) understand and investigate init*** files in ramdisk ( apart from init.rc, when are they started? what they'll do ?).
...) understand and investigate the APK install process
...) understand and investigate the android framework.
...) move /data/apps/ /data/data and /data/dal***-cache to SD (should be simple, after Doc effort !!)
...) load and adapt my dumped images to androind_x86 (porting to PC/VM of android) [post ...]
--------------------------------------------------------------------------------------------------
>>> OPENED QUESTIONS <<<
1.a) why some apk copied in /system/app/ does not work ? they do not appere in the apps list ...
1.b) why some apk removed from /system/app/ cannot be installed after the delete ?
2) where in ROMS are stored the set up of the Launcher ? i.e. the widget and icons appearing after a wipe ?
3) why bloatware removed from /system are present in the dumped BML12 ? where the 'they are removed' inormation are stored ?
please see also my considerations in [post27]
4) how files inside BML13 for /data and BL14 for /cache can be extracted ?
please see also my considerations in [post27]
5) what are MIBIB, QCSBL, OEMSBL, AMSS, EFS2, NVBACKUP, APPSBL, PARAM, FOTA partitions ?
6) why the kernel has a gziped part in it ?

=======================================================================================
stepph said:
1) Root the phone AND ADB demon.
Click to expand...
Click to collapse
I used SuperOneClick tool. Its easy.
Only remeber to root also the adb shell, in order to be able to acess as super user.
As you use the tool, the SuperUser.apk is added to your ROM.
This tool make a window appear every time an apps need root access, and you have a log.
Even if you reset the device, the rooting and SU will survive.
=======================================================================================
stepph said:
2) Add Essential APKs.
Click to expand...
Click to collapse
I install RootExplorer, ES_FileManager in order to be able to navigate in the filesystem.
With rooting, i can also mount /system as R/W... and RootExplorer also indicate the mountpoint of some folders...
Eploring the FS, I notice :
/system/apps - where the preloade apks are. Some are systems apps (unknow), some are apps that i have in the apps folder.
/cache - where tempoarary data are stored.
/data - where apps save info
=======================================================================================
... continue in [post 6]...

3x. Would you like to tell how you modify the recovery.img and boot.img?

dongbincpp said:
3x. Would you like to tell how you modify the recovery.img and boot.img?
Click to expand...
Click to collapse
at now i'm studing on that...
... reading "HOWTO: Unpack, Edit, and Re-Pack Boot Images".

stepph said:
3) Remove/Replace Stock applications.
Click to expand...
Click to collapse
So I manage to remove (and backup on SD and then o my PC) the unused apk
from /systems/apps/
Some APKs have odex file (that are a way to speed up loading...) - the unused one to be removed too.
After a wipe - I noticed that the apks are DEFINITELY removed - WOW i delete something from the ROM of my phone...
If i put the backup copy of the removed files back, they still work.
Instead, if i try to install them, some of them does not work anymore (why?)
I notice the SuperUser apks too... so I try to add different apk here, or change the old one with an updated version...
So when i'll wipe the phone i'll get it with what i want.
Sometimes it works, sometimes i got errors on startup, sometimes the device ignore the new apps (??)
=======================================================================================
stepph said:
4) Got a personalized Restore.
Click to expand...
Click to collapse
When I wipe the phone, widget and links are the defult ones... how can i modify this ??
I notice dat inside /data/ folder are stored the Launcher dta & options - inside a *.db file.
So i can save & restore what i set.
But i still not understand where the setting are recorder on wipe...
=======================================================================================
... continue in [post 7]...

stepph said:
1) use of ADB and related tools.
Click to expand...
Click to collapse
great ... it is like a shell working on my terminal...
i'm not so experienced with linux command, buti'll try
I also use adb mask control, thas has a GUI to rapidly make some operation.
so i push sqlite and a new version of busybox on my device
stepph said:
2) backup copy of /system folder
Click to expand...
Click to collapse
playing with mount and my adb shell, i found:
Code:
d rwx r-x r-x root root 2011-09-09 10:10 acct
d r-x --- --- root root 2011-09-09 10:10 config
d rwx r-x r-x root root 1970-01-01 01:00 lib
d rwx --- --- root root 2011-05-02 04:40 root
d rwx r-x --- root root 1970-01-01 01:00 sbin
d rwx rwx --x system system 2011-09-09 10:10 persist
d rwx r-x r-x root root 2011-09-09 10:12 dev mount from tmpfs
d r-x r-x r-x root root 1970-01-01 01:00 proc mount from proc
d rwx r-x r-x root root 1970-01-01 01:00 sys mount from sysfs
d rwx rwx --- system cache 2011-09-09 10:10 cache mount from /dev/stl14 (rfs)
d rwx rwx --x system system 2011-09-09 10:10 data mount from /dev/stl13 (rfs)
d rwx r-x r-x root root 2011-09-09 10:10 system mount from /dev/stl12 (rfs)
d rwx rwx r-x root system 2011-09-09 10:10 mnt
/mnt/asec ??
/mnt/sdcard ??
/mnt/secure ??
l rwx rwx rwx root root 2011-09-09 10:10 d link from /sys/kernel/debug
l rwx rwx rwx root root 2011-09-09 10:10 etc link from /system/etc
l rwx rwx rwx root root 2011-09-09 10:10 sdcard link from /mnt/sdcard
i simply make a backup of files in / and of /system/ on my PC...
since other folders have 'strange' mountpoints... i let them apart for now.
stepph said:
3) dump of partitions.
Click to expand...
Click to collapse
i found this list: cat proc/partition/
Code:
major minor #blocks name
137 0 513024 bml0/c
137 1 1536 bml1
137 2 512 bml2
137 3 768 bml3
137 4 25600 bml4
137 5 9216 bml5
137 6 5120 bml6
137 7 2048 bml7
137 8 8192 bml8
137 9 8192 bml9
137 10 768 bml10
137 11 6144 bml11
137 12 222464 bml12
137 13 192768 bml13
137 14 29696 bml14
138 12 214784 stl12
138 13 185600 stl13
138 14 25856 stl14
179 0 1927168 mmcblk0
179 1 1926144 mmcblk0p1
so i start with cat /dev/bml0 >/sdcard/bml0.img
and so on for each BML to 14.
Then i try with STL... and I brick my PHONE !!!
Reading around...
>>>> DO NOT TRY TO ACCESS TO STL5<<<<​
Now my phone is at service for repairing - i hope they accept warranty -
I'll continue my investigations on the BMLxx.img files...
=======================================================================================
... continue in [post 8] - without phone - ...

Now, i have the segunt dumped images:
Code:
0 513024 bml0/c
1 1536 bml1
2 512 bml2
3 768 bml3
4 25600 bml4
5 9216 bml5
6 5120 bml6
7 2048 bml7
8 8192 bml8
9 8192 bml9
10 768 bml10
11 6144 bml11
12 222464 bml12
13 192768 bml13
14 29696 bml14
an easy check prove me that the first and bigger one is simply the join on the others... so first of all i look for some indication about the partitioning of BML0, from which the others are derived.
With a hex editor, I found :
Code:
00081000h: AA 73 EE 55 DB BD 5E E3 03 00 00 00 0E 00 00 00 ªsîUÛ½^ã........
00081010h: 30 3A 4D 49 42 49 42 00 00 00 00 00 00 00 00 00 0:MIBIB.........
00081020h: 00 00 00 00 06 00 00 00 12 10 FF 00 30 3A 51 43 ..........ÿ.0:QC
00081030h: 53 42 4C 00 00 00 00 00 00 00 00 00 06 00 00 00 SBL.............
00081040h: 02 00 00 00 12 10 FF 00 30 3A 4F 45 4D 53 42 4C ......ÿ.0:OEMSBL
00081050h: 31 00 00 00 00 00 00 00 08 00 00 00 03 00 00 00 1...............
00081060h: 12 10 FF 00 30 3A 41 4D 53 53 00 00 00 00 00 00 ..ÿ.0:AMSS......
00081070h: 00 00 00 00 0B 00 00 00 64 00 00 00 12 10 FF 00 ........d.....ÿ.
00081080h: 30 3A 45 46 53 32 00 00 00 00 00 00 00 00 00 00 0:EFS2..........
00081090h: 6F 00 00 00 24 00 00 00 01 11 FF 00 30 3A 4E 56 o...$.....ÿ.0:NV
000810a0h: 42 41 43 4B 55 50 00 00 00 00 00 00 93 00 00 00 BACKUP......“...
000810b0h: 14 00 00 00 01 11 FF 00 30 3A 41 50 50 53 42 4C ......ÿ.0:APPSBL
000810c0h: 00 00 00 00 00 00 00 00 A7 00 00 00 08 00 00 00 ........§.......
000810d0h: 12 10 FF 00 30 3A 41 50 50 53 00 00 00 00 00 00 ..ÿ.0:APPS......
000810e0h: 00 00 00 00 AF 00 00 00 20 00 00 00 12 10 FF 00 ....¯... .....ÿ.
000810f0h: 30 3A 52 45 43 4F 56 45 52 59 00 00 00 00 00 00 0:RECOVERY......
00081100h: CF 00 00 00 20 00 00 00 12 10 FF 00 30 3A 50 41 Ï... .....ÿ.0:PA
00081110h: 52 41 4D 00 00 00 00 00 00 00 00 00 EF 00 00 00 RAM.........ï...
00081120h: 03 00 00 00 12 10 FF 00 30 3A 46 4F 54 41 00 00 ......ÿ.0:FOTA..
00081130h: 00 00 00 00 00 00 00 00 F2 00 00 00 18 00 00 00 ........ò.......
00081140h: 01 10 FF 00 30 3A 53 59 53 41 50 50 53 00 00 00 ..ÿ.0:SYSAPPS...
00081150h: 00 00 00 00 0A 01 00 00 65 03 00 00 01 11 FF 00 ........e.....ÿ.
00081160h: 30 3A 44 41 54 41 00 00 00 00 00 00 00 00 00 00 0:DATA..........
00081170h: 6F 04 00 00 F1 02 00 00 01 11 FF 00 30 3A 43 41 o...ñ.....ÿ.0:CA
00081180h: 43 48 45 00 00 00 00 00 00 00 00 00 60 07 00 00 CHE.........`...
00081190h: 74 00 00 00 01 11 FF 00 FF FF FF FF FF FF FF FF t.....ÿ.ÿÿÿÿÿÿÿÿ
i.e.
Code:
[I]name[/I] [I]start[/I] [I]len[/I] [I]??[/I]
MIBIB 00000000 00000600 12 10
QCSBL 00000600 00000200 12 10
OEMSBL 00000800 00000300 12 10
AMSS 00000B00 00006400 12 10
EFS2 00006F00 00002400 01 11
NVBACKUP 00009300 00001400 01 11
APPSBL 0000A700 00000800 12 10
APPS 0000AF00 00002000 12 10
RECOVERY 0000CF00 00002000 12 10
PARAM 0000EF00 00000300 12 10
FOTA 0000F200 00001800 01 10
SYSAPPS 00010A00 00036500 01 11
DATA 00046F00 0002F100 01 11
CACHE 00076000 00007400 01 11
that is not only the list of the partition of BML0 in BML1..14, with the correspondant sizes, but also the name of each - they match with what i read in some posts !!
Here it is also some binary tags for ech BML; and adding a quick examiation of the head of each file, i get the following table of preliminary infos:
Code:
Disk MB KB bytes Name flags FSR_STL note Start Lenght
/dev/bml0: 525 513.024 525.336.576
/dev/bml1: 1 1.536 1.572.864 MIBIB 12 10 00000000 00000600
/dev/bml2: 0 512 524.288 QCSBL 12 10 00000600 00000200
/dev/bml3: 0 768 786.432 OEMSBL 12 10 00000800 00000300
/dev/bml4: 26 25.600 26.214.400 AMSS 12 10 ELF 00000B00 00006400
/dev/bml5: 9 9.216 9.437.184 EFS2 01 11 X dev/stl5 ! Attento! 00006F00 00002400
/dev/bml6: 5 5.120 5.242.880 NVBACKUP 01 11 X dev/stl6 (empty) 00009300 00001400
/dev/bml7: 2 2.048 2.097.152 APPSBL 12 10 arm11boot ? 0000A700 00000800
/dev/bml8: 8 8.192 8.388.608 APPS 12 10 ANDROID! - boot image 0000AF00 00002000
/dev/bml9: 8 8.192 8.388.608 RECOVERY 12 10 ANDROID! - recovery image 0000CF00 00002000
/dev/bml10: 1 768 786.432 PARAM 12 10 0000EF00 00000300
/dev/bml11: 6 6.144 6.291.456 FOTA 01 10 empty 0000F200 00001800
/dev/bml12: 217 222.464 227.803.136 SYSAPPS 01 11 X /dev/stl12 - /system (rfs) 00010A00 00036500
/dev/bml13: 197 192.768 197.394.432 DATA 01 11 X /dev/stl13 - /data (rfs) 00046F00 0002F100
/dev/bml14: 30 29.696 30.408.704 CACHE 01 11 X /dev/stl14 - /cache (rfs) 00076000 00007400
================================================== =====================================
... continue in post 9 - without phone - ...

First, i work on the BML12, that is the file related to /system folder.
I read a lot of stuff about Samsung BML, STL, RFS, and so on...
My understanding is that BML is the layer of block level devices,
and STL is the 'file system like' layer on it. I read also that STL are FAT compatible, and that images can be opened with MagicISO.
So i found in BML12.img file the signature MSWIN4.1, cut the previus part (two byte more) and i get a fat-12 image.
MagicISO was able to extract this files.
I compare the extracted /system folder wit the backup i done directly from the phone ... SURPRISE... the files i removed from ROM are there again !! why this ??
On the other side i wander where the others files in original filesystem are...
Same tecnich on BML13 & BML14 for /data and /cach partition does'n work at all -- why ?
=======================================================================================
... continue in post 12 - without phone - ...

stepph
wat ur doing here is great.
but didn u notice a few other mini threads here already..a few roms n cm7?
http://forum.xda-developers.com/showthread.php?t=1167750
http://forum.xda-developers.com/showthread.php?t=1176927
there are other threads too
---------- Post added at 02:01 PM ---------- Previous post was at 01:52 PM ----------
stepph said:
1.a) why some apk copied in /system/app/ does not work ? they do not appere in the apps list ...
Click to expand...
Click to collapse
I dont think u can install any app as a system, think u can only replace an already existing system app with another of ur wish by renaming the app correctly and replacing it in /system/app
1.b) why some apk removed from /system/app/ cannot be installed after the delete ?
Click to expand...
Click to collapse
u cannot install app as a system app. as said abv u can only replace them.
3) why bloatware removed from /system are present in the dumped BML12 ? where the 'they are removed' inormation are stored ?
Click to expand...
Click to collapse
maybe u need to remove them frm the dalvik-cache too
----edit------
clearly I have not played with my phone enough to be answering such questions.

roofrider said:
stepph wat ur doing here is great.
but didn u notice a few other mini threads here already..a few roms n cm7?
http://forum.xda-developers.com/showthread.php?t=1167750
http://forum.xda-developers.com/showthread.php?t=1176927
there are other threads too
Click to expand...
Click to collapse
Thank you for the links,
I notice that already...but none of them talk about HOW it was made...
... i don't want a " download and install " work, but explain to everybody what i do.
roofrider said:
I dont think u can install any app as a system, think u can only replace an already existing system app with another of ur wish by renaming the app correctly and replacing it in /system/app
u cannot install app as a system app. as said abv u can only replace them.
maybe u need to remove them frm the dalvik-cache too
Click to expand...
Click to collapse
Ok, it was what i think about 1st & 2nd point...I'll look for technical infos about those 'system' apps.
About the 3rd, you may be right if it was about a running device; but i worked on dumped images, so VM cache should not be involved... i'll investigate.

About Boot.img and Recovery.img
I tested this method on my duped BML files, and on some downloaded ROM.
in bootimg.h - from Android SDK (so i suppose, but i found in this forum)
Code:
#define BOOT_MAGIC "ANDROID!"
#define BOOT_MAGIC_SIZE 8
#define BOOT_NAME_SIZE 16
#define BOOT_ARGS_SIZE 512
struct boot_img_hdr
{
unsigned char magic[BOOT_MAGIC_SIZE];
unsigned kernel_size; /* size in bytes */
unsigned kernel_addr; /* physical load addr */
unsigned ramdisk_size; /* size in bytes */
unsigned ramdisk_addr; /* physical load addr */
unsigned second_size; /* size in bytes */
unsigned second_addr; /* physical load addr */
unsigned tags_addr; /* physical addr for kernel tags */
unsigned page_size; /* flash page size we assume */
unsigned unused[2]; /* future expansion: should be 0 */
unsigned char name[BOOT_NAME_SIZE]; /* asciiz product name */
unsigned char cmdline[BOOT_ARGS_SIZE];
unsigned id[8]; /* timestamp / checksum / sha1 / etc */
};
/*
** +-----------------+
** | boot header | 1 page
** +-----------------+
** | kernel | n pages
** +-----------------+
** | ramdisk | m pages
** +-----------------+
** | second stage | o pages
** +-----------------+
**
** n = (kernel_size + page_size - 1) / page_size
** m = (ramdisk_size + page_size - 1) / page_size
** o = (second_size + page_size - 1) / page_size
**
** 0. all entities are page_size aligned in flash
** 1. kernel and ramdisk are required (size != 0)
** 2. second is optional (second_size == 0 -> no second)
** 3. load each element (kernel, ramdisk, second) at
** the specified physical address (kernel_addr, etc)
** 4. prepare tags at tag_addr. kernel_args[] is
** appended to the kernel commandline in the tags.
** 5. r0 = 0, r1 = MACHINE_TYPE, r2 = tags_addr
** 6. if second_size != 0: jump to second_addr
** else: jump to kernel_addr
So i opened my file, and found
Code:
414E4452 4F494421 C8F42E00 00806013 0E143000 00006014 00000000 00005014 00016013 00100000 00000000 ...
that is
Code:
00000000 struct BOOT_IMG_HDR
00000000 magic[8] ANDROID!
00000008 DWORD kernel_size 3077320
0000000C DWORD kernel_addr 325091328
00000010 DWORD ramdisk_size 3150862
00000014 DWORD ramdisk_addr 341835776
00000018 DWORD second_size 0
0000001C DWORD second_addr 340787200
00000020 DWORD tags_addr 325058816
00000024 DWQRD page_size 4096
00000028 unused[2] 0
00000030 name[16] 0
00000040 cmdline[512] 0
00000240 id[8] xxxxxxx
so i calculate
Code:
n = (3077320 + 4096 - 1) / 4096 = 752
m = (3150862 + 4096 - 1) / 4096 = 770
o = (0 + 4096 - 1) / 4096 = 0
** +-----------------+
** | boot header | 1 page = 0 to 4095 (h00000FFF)
** +-----------------+
** | kernel | 752 pages = 4096 to 4096+752*4096 = 3084287 (h002F0FFF)
** +-----------------+
** | ramdisk | 770 pages = 3084288 to 3084288+770*4096 = 2378055679 (h8DBE3FFF)
** +-----------------+
so i spli the file in 3 parts : header, kernel, and ramdisk.
NOTE: at offset 18825 (h4989) i find 1F 8F that is the head of a gzipped file..
so i split kernel in kernel.head and kernel.gz => decompressed in kernel.tail.
This worked, sinc in decompressed part i found readable strings...
Ramdisk is ramdisk.cpio.gz, so i was able to decompress it and get the filesystems loaded on start.
There are many interesting files...
TASS.rle and TASS-HUI.rle (the original logo, and the logo for italy - HUI is my region)
init and init.rc - and some other script file, that i saw on root folder of my devices
some folders with bins, and so on...
When i use this method with dumped Recovery.img and downloaded ClockWorkMod_recovery.img, i get i working...
So i'll investigate about differences in ramdisk files of those...
=======================================================================================
... continued in [post 14] - without phone - ...

I'm neither an Android, nor a Linux expert but I'll try to answer your questions to the best of my knowledge:
1.a) why some apk copied in /system/app/ does not work ? they do not appere in the apps list ...
Click to expand...
Click to collapse
Some system apks don't have a registered activity (meaning they don't have a UI), so they won't appear in your launcher, also (and take this with a grain of salt), I've personally found that some of the apks placed in /system/app/ need to be installed too.
1.b) why some apk removed from /system/app/ cannot be installed after the delete ?
Click to expand...
Click to collapse
Dunno about this one, but I'd dare say that it has something to do with the extra files that are placed in other folders, What apps have you had this problem with?, maybe we can find out why they have that behavior
2) where in ROMS are stored the set up of the Launcher ? i.e. the widget and icons appearing after a wipe ?
Click to expand...
Click to collapse
If they're not wiped they have to be either in the system partition or in the SD
3) why bloatware removed from /system are present in the dumped BML12 ? where the 'they are removed' inormation are stored ?
Click to expand...
Click to collapse
Taken from the link you put on the BML mapping thread:
What you generally see is that BML partitions contain 'static' data (bootloaders, boot / recovery images) and STL partitions contain 'live' filesystem (on android: /system, /data, /cache, /efs, /dbdata). The idea is that things directly on an BML partition don't change very often and wear leveling isn't required. Read/write filesystems however, do benefit from wear leveling and are thus placed on an STL partition.
Click to expand...
Click to collapse
4) how files inside BML13 for /data and BL14 for /cache can be extracted ?
Click to expand...
Click to collapse
You'd have to find out the partition's filesystem, I believe it's a Samsung propietary FS so you're out of luck with that one
5) what are MIBIB, QCSBL, OEMSBL, AMSS, EFS2, NVBACKUP, APPSBL, PARAM, FOTA partitions ?
Click to expand...
Click to collapse
Way above my paygrade!!
6) why the kernel has a gziped part in it ?
Click to expand...
Click to collapse
See 5

Great !!
thank you Akath19 for your contribution....
I want to continue this discussion with details on some topics...if you or someone else is able to contribute.
-------------------------------------------------------------------------
1.a) why some apk copied in /system/app/ does not work ? they do not appere in the apps list ...
A : Some system apks don't have a registered activity (meaning they don't have a UI), so they won't appear in your launcher, also (and take this with a grain of salt), I've personally found that some of the apks placed in /system/app/ need to be installed too.
Click to expand...
Click to collapse
1.b) why some apk removed from /system/app/ cannot be installed after the delete ?
A: Dunno about this one, but I'd dare say that it has something to do with the extra files that are placed in other folders, What apps have you had this problem with?, maybe we can find out why they have that behavior
Click to expand...
Click to collapse
In /system/apps i find some different kind of apps...
- those without icon, not appearing in the 'GUI' - (the app folder in launche) - i call them of 'system type' and i do not touch them.
- apps with icon, implementing important functions - gallery, phone, launcher, etc...
- Google Apps
- some other samsung/provider apps
- some 'generic' app - Analog clock, Dual clock, some widget... (i think they are inserted as demo of capabilities)
Many of those apps have related .odex file.
REMOVING Apps - and restore them
I removed the apps that i do not need - and backup the on my sdcard.
If i want to restore them, i can adb push them a their previus place, and this is the only method for odexed ones.
As alternative to reinstall i tried to do 'normal' install for the apps without .odex ... this also mean that they will be installed in /data/apps,
and they are moved from system STL12 to data STL13 - different partitions, with impact on free space)
This doesn't work for many of the apps - ??
ADDING Apps
I want to add some apps - in order to find them installed after a wipe.
This works with some apps, doesnot with others... some apps (TitaniumBackup) generate a force close on power on...
I suppose that apps in system/apps have to be differrent from those in /data/apps...
-------------------------------------------------------------------------
2) where in ROMS are stored the set up of the Launcher ? i.e. the widget and icons appearing after a wipe ?
A: If they're not wiped they have to be either in the system partition or in the SD
Click to expand...
Click to collapse
They do are wiped... so the infos are written in /data/data/(somefolder)...
But the preloade info - those appearing after a wipe - where are they ?
I suppose that a wipe completely erase /data and not preload its contents...or a part of /data is restored after a wipe ? how ??
-------------------------------------------------------------------------
3) why bloatware removed from /system are present in the dumped BML12 ? where the 'they are removed' inormation are stored ?
a: Taken from the link you put on the BML mapping thread:
What you generally see is that BML partitions contain 'static' data (bootloaders, boot / recovery images) and STL partitions contain 'live' filesystem (on android: /system, /data, /cache, /efs, /dbdata). The idea is that things directly on an BML partition don't change very often and wear leveling isn't required. Read/write filesystems however, do benefit from wear leveling and are thus placed on an STL partition.
Click to expand...
Click to collapse
This is the description of 'driver level' to access to the phisical chip...
STL are a layer up the BML, adding a wear leveling services, enabling secure r/w of bits...
I understand that in a BML dump is contained the STL dump.
This does'n explain why the apps i removed are still present in dump
(unless i make a mistake, and dumepd before removing ??)
-------------------------------------------------------------------------
4) how files inside BML13 for /data and BL14 for /cache can be extracted ?
A: You'd have to find out the partition's filesystem, I believe it's a Samsung propietary FS so you're out of luck with that one
Click to expand...
Click to collapse
You are right... unless we find the source of RFS, in order to be compiled for linux, the only way i have to correctly mount, is on my device - that support RFS.
RFS is reported to be FAT compatible, in fact i was able to extract files form BML12 - aftre some editing - with MagicISO. I suppose that this SW read it as a FAT12 partition - or at least, I found a valid FAT12 heder.
This method does'not work with BML13 and BML14, thas seem to have many FAT12 section in it - but each unreadable.
-------------------------------------------------------------------------
... continue in [post 24] - with Doc_cheilvenerdi.org great contribution

No worries man, I'm also really interested in learning and this is a much better way than just downloading and flashing files.
Anyways, on to the discussion:
stepph said:
REMOVING Apps - and restore them
I removed the apps that i do not need - and backup the on my sdcard.
If i want to restore them, i can adb push them a their previus place, and this is the only method for odexed ones.
As alternative to reinstall i tried to do 'normal' install for the apps without .odex ... this also mean that they will be installed in /data/apps,
and they are moved from system STL12 to data STL13 - different partitions, with impact on free space)
This doesn't work for many of the apps - ??
Click to expand...
Click to collapse
Well if the apps are odexed, they won't work (not even if you install them), 'cause you'd need to deodex them first before trying to install them (learned this the hard way while theming my stock Phone.apk)
For the other apps I guess trying on a case by case basis would be the answer, give me a list of the apps that don't work I'll try to figure out why.
stepph said:
ADDING Apps
I want to add some apps - in order to find them installed after a wipe.
This works with some apps, doesnot with others... some apps (TitaniumBackup) generate a force close on power on...
I suppose that apps in system/apps have to be differrent from those in /data/apps...
Click to expand...
Click to collapse
Personally I don't use TB, I think manually saving apks and configs works better, also I've heard numerous horror stories regarding TB.
What I do in order to keep stuff after a wipe is, I make a small CWM flashable zip that has all the info that I want to keep, and I just flash it after wiping.
stepph said:
They do are wiped... so the infos are written in /data/data/(somefolder)...
But the preloade info - those appearing after a wipe - where are they ?
I suppose that a wipe completely erase /data and not preload its contents...or a part of /data is restored after a wipe ? how ??
stepph said:
I don't exactly know if this is true but I'd dare say some settings are saved inside the apk itself, so that the user has some "default" settings ready available
Also, no part of /data/ is restored after a wipe.
stepph said:
This is the description of 'driver level' to access to the phisical chip...
STL are a layer up the BML, adding a wear leveling services, enabling secure r/w of bits...
I understand that in a BML dump is contained the STL dump.
This does'n explain why the apps i removed are still present in dump
(unless i make a mistake, and dumepd before removing ??)
Click to expand...
Click to collapse
I guess this question would need someone extremely knowledgeable about the underlying subsystem (someone like Darky), but IMHO the phone must copy the STL contents into BML every certain amount of time or something like that.
stepph said:
You are right... unless we find the source of RFS, in order to be compiled for linux, the only way i have to correctly mount, is on my device - that support RFS.
RFS is reported to be FAT compatible, in fact i was able to extract files form BML12 - aftre some editing - with MagicISO. I suppose that this SW read it as a FAT12 partition - or at least, I found a valid FAT12 heder.
This method does'not work with BML13 and BML14, thas seem to have many FAT12 section in it - but each unreadable.
Click to expand...
Click to collapse
If the partitions have a true RFS FS you could just mount them as a loopback device, that's what I did in order to check the contents of BML5, if there are mutliple partitions I guess you would need to find that start and end of each and split them in order to read them
Click to expand...
Click to collapse
Click to expand...
Click to collapse

This is really what I expected from this 3d !!
Akath19 said:
For the other apps I guess trying on a case by case basis would be the answer, give me a list of the apps that don't work I'll try to figure out why.
Click to expand...
Click to collapse
I'll post the list of the removed apps... but need to wait for it since i'm without phone and - don't ask too much to my memory - i have to re-check the ones loading.
Akath19 said:
What I do in order to keep stuff after a wipe is, I make a small CWM flashable zip that has all the info that I want to keep, and I just flash it after wiping.
Click to expand...
Click to collapse
Good ... else - i do not want to use CWM - i was unable to prepare update.zip for original recovery. This could be another discussion...
Akath19 said:
I don't exactly know if this is true but I'd dare say some settings are saved inside the apk itself, so that the user has some "default" settings ready available
Also, no part of /data/ is restored after a wipe.
Click to expand...
Click to collapse
this is also my guess.
-->> and now the important part... <<---
Akath19 said:
I guess this question would need someone extremely knowledgeable about the underlying subsystem (someone like Darky), but IMHO the phone must copy the STL contents into BML every certain amount of time or something like that.
If the partitions have a true RFS FS you could just mount them as a loopback device, that's what I did in order to check the contents of BML5, if there are mutliple partitions I guess you would need to find that start and end of each and split them in order to read them
Click to expand...
Click to collapse
I tried mounting with loopback - my experiments are slowly migrating to linux - but it works only for STL12 /system. It doesn't work for others, nor splitted parts - they result in unreadbles files with unreadable filenames.
Does'n work even with bml5 ... but i probably have a corrupted dump, since after that - by reading STL5 - the phone is gone...
.

Have you gotten your phone back yet stepph, 'cause I'm eager to start tinkering with our phones but I can't do it alone!!

I got it yesterday... with a russian gingerbread FW (who knows where it was downloaded ), but without radio FW, and shutting down every minute...
... The guy of the service was not so able... and he doesn't work with 'official' FW... I have to take the phone back to him - for warranty at least.
I'm tempted to do it by myself - but if EFS is gone ?
Meanwhile, i'm working with androidx86 - a porting for PC - on a virtual machine... it seems great for testing some mods on /system - but kernel, executables, and libraries are recompiled...
And i'm tryng revskill - in order to understand AMSS - the free version seem good... but is limited...
If i get some new results, i'll post it...
(interested in matlab scripts for codig/decoding RLE logos ?)

Download the official Euro FW via checkfusdownloader and flash it through ODIN, those FWs come directly from Samsung servers so you shouldn't have a problem.
I checked out that port but I didn't quite like it (too slow for my taste).
What's revskill (forgive my ignorance)
Meanwhile I'm looking into porting voodoo kernel (from SGS) into our minis, mainly to get better audio support through voodoo sound.
(Ewww, I hate matlab!!)

Akath19 said:
Download the official Euro FW via checkfusdownloader and flash it through ODIN, those FWs come directly from Samsung servers so you shouldn't have a problem.
Click to expand...
Click to collapse
just tried...ODIN reported success, but now the phone does'nt boot anymore...