Jump to content

Hacked ROM!

Guest GNU

By Guest GNU
in Smartphone General Discussion

 Share

Recommended Posts

Guest GNU

Guest GNU

Posted
Posted

I have tried the "hacked" versions of ROMs from the xda-developers team. They ROCK!!

Isn't it time for someone to do the same with the smartphone? I would just to get rid of some of the crappy (see MSN) prgms and put in some customized freeware instead! :twisted:

Anyone?

Link to comment
Share on other sites
  • Replies 149
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Swift_gti

Guest Swift_gti

Posted
Posted

I would LOVE to see something like that, like with my old Samsung T100 just before I got rid of it to get my SPV there was a surge of customised ROM's adding neat little features and altered menus.

C'mon people!

Link to comment
Share on other sites
Guest Crispy

Guest Crispy

Posted
Posted
i've read the old threads but can't see much now, and i remember he only released the rom to "friends".

Who is this "he" that you speak of? ... and why si this info not out in the open? Is it illigal to change your rom file? :?

Link to comment
Share on other sites
Guest vijay555

Guest vijay555

Posted
Posted

Crispy: he is Florin - he did some major hacking in the pre 1.35 days, implemented an SMS counter b4 anyone else i guess...

He got a bit moody tho when someone questioned his skillz, and went undercover. Although he turned up at Modaco Meet I in a rather natty suit :)

wish i knew how he decompiled the rom :cry:

V

Link to comment
Share on other sites
Guest Spine

Guest Spine

Posted
Posted

I am actually working on this step right now. I live in canada and I have imported an SPV from the UK. Problem is, is that I have no need whatsoever for many of the included orange applications in rom and wouldn't mind removing them, as well as other space wasting files like the debug files and temp files (like trattoria, etc).

There are tools out there that allow you to take the .NBF image (which is left in the RUU directory under Program Files when you run the update software) and extract the files to a directory. The .NBF image also contains the bootloader software as well, so my intention is to create a "hacked" rom (well not really hacked, just slimmed down) update image that will leave the bootloader alone. That way if the image doesnt work then I can always re-flash from the bootloader. If you happen to screw up your bootloader, your phone is basically garbage. I have not even really poked around at the circuitry but ther should be some test points on the main board to some sort of jtag interface to allow a serial transfer to allow a bootloader to be written (most likely the bootloader isn't in the flash before it is soldered onto the board). Regardless, if we start playing around with bootloaders I can see this turning into an issue.

If we have some registry wizards here, it would even be possible to include applications on the rom such as xetras awesome x-bar and smart explorer. There is a provision in the image which defines how the ipsm is created on a hard reset and what registry is copied in as the sample.

I will let people know when i have sucessfully extracted the files from the update image.

Spine

Link to comment
Share on other sites
Guest MECX

Guest MECX

Posted
Posted

sounds good spine--i think all florin did was slim down the OS to just the microsoft aspects getting rid of all the orange crap--i think he didnt release it to the public because he didnt want newbies all screwing there phones---not because he was huffed with comments made on here or anyting :)

Link to comment
Share on other sites
Guest spacemonkey

Guest spacemonkey

Posted
Posted

I think florin was heading towards a release which fixed most of the initial problems with the phone but then the first UK update patch finally came out and all the benefits he'd created were covered in that.

I've heard good things about slimmed down roms and apparently the rom image for the 'Smart' version of the Tanager is very trim indeed. The main problem with the Smart rom is that it doesn't include T9, so not ideal for all us westerners...

A method of building roms for smartphone that was easy would be great, there's a lot of customisation and personalisation you could do.

Link to comment
Share on other sites
Guest Spine

Guest Spine

Posted
Posted

Hey guys,

I've been a bad employee this morning and have been researching jtags.

If you dont know what a jtag port is, it is usually a 5 connecor interface that can be used to debug a circuit board. If you have ever done any satellite "testing", a jtag circuit is imperative for reading serial numbers (they are stored in flash), etc. I have also read that the XDA clan has found the jtag port of their XDAs so it is possible with a few wires and some free software to re-flash your bootloader if you have erased it. Most likely the smartphone which is also made by HTC will have one of these ports. They probably use it to program the devices as they come off the production line and to test them.

Since I do not know much about programming for windows ce, my idea of a hacked rom is just basically trimmed down to my needs with some certain applications stored in rom, I'd be more than happy to share what i discover with some more hard core programmers but right now i want to know If i can restore my SPV if i accidentally smoke the bootloader.

SO... if anyone has a SPV that wont turn on, (like if you pulled the plug or shut off during an update and your bootloader is corrupted) I would like to try to fix your SPV for free. The only catch is that i also might destroy the phone as well, but hey if its not working for you now what do you have to loose.

check out

http://xda-developers.com/jtag/

for how these guys managed to find the jtag port and re-flash a bootloader.

they basically had to remove the processor to find the jtag port but I haven't looked at the datasheets yet so I will get back to you on this.

I am 99% sure there is a jtag port on the spvs, I cannot see there NOT being one.

here is a tool that will extract and .NBF image update file

http://www.xs4all.nl/~itsme/projects/xda/dumprom.html

but you have to know certain parameters, like image offset etc. There is not too much documentation and I can get it to partially work but I do not understand how he derives the offsets so I have e-mailed him and am awaiting his response.

Once the image is dumped using this tool, you can delete the files and modifg registries etc and then re-pack it into a new update file.

I am off to check the datasheets for the processor on the SPV

the only question i have is, is it worth doing all this work? there arent that many spvs out there and they are getting old, but they are the most common smartphone.

Spine

Link to comment
Share on other sites
Guest Spine

Guest Spine

Posted
Posted

I get an .NBF file from my RUU directory after i run the swiss update 1.5. The dumprom file actually does start to run on the nbf file and it can find the headers but It crashes half way through. I am almost certain It is just an issue of figuring out the offsets for each section. I have played around with it a while ago.

If you take a hex editor to the .nbf file you will see the headers ECEC that the dumprom tool looks for, but specifiing that address to the program is not straightforward. If you load an XDA .nbf and a SPV .nbf they have MANY MANY similarities (both bootloaders in the front) , same signatures at the start of the "sections" etc etc.

I just dont think the dumprom source has alot of comments and i am not familiar with the .nbf format so that is why i am having a tougher time doing this step.

Take a look and let me know what you find.

Link to comment
Share on other sites
Guest Spine

Guest Spine

Posted
Posted

Hey florin!

thanks for coming out to help.

It would be very appreciated if you could post your research you have come across so far!

Right now i am in the process of locating the jtag interface points onthe spv mainboard but the damn TI site has no data sheets! A pinout referene would be nice!

Then the next step would be to get a busted spv (hopefully someone will send one to me) that I can attempt to reload a bootloader onto. if these methods work, It would save alot of people who have phones with corrupted bootloaders, and maybe encourage more people to develop if they knew there is a sure way to get it goin again.

If you know the offsets or how to determine offsets in the .nbf file that would be appreciated. I am not familiar with the dumprom program and since i dont know the nbf format i cannot put the 2 together

Thanks.

Mike

Link to comment
Share on other sites
Guest vijay555

Guest vijay555

Posted
Posted

Wow florin, you've been missed :wink:

Spine: why not hex seek to the offset used for the XDA rom, note the byte reference, and search through an spv rom to find the same byte sequence? it's very possible they use the same header sequences, as you indicated, and this way you should be able to find the equivalent offset in the spv rom...

I don't have access to XDA, otherwise i'd help out. [i've only got ipaq 3650]

V

Link to comment
Share on other sites
Guest florin_m

Guest florin_m

Posted
Posted

I was looking also for that PDF file, but unfortunate i found it for sell only , and is quite price, so i forgot about it :)

I'm waiting for a answer as i said and as soon i receive it (depends on answer) i'll post or not my FULL research about smartphone / spv.

I'll give 7 days to answer (i'll be in holiday anyway in this time).

So i'll be back on 23 and let's see what's the verdict.

Link to comment
Share on other sites
Guest vijay555

Guest vijay555

Posted
Posted

Florin, what's the question? if we need help?

Of course we do! Your research would be invaluable.

It was a pleasure to meet you at Modaco, and I think you hold the key to making the SPV world far more interesting!

V

Link to comment
Share on other sites
Guest nixy

Guest nixy

Posted
Posted

The chaps a genius. How you found the xda dev site must have taken some searching and knowhow. It'll be interesting to see where this research goes.

How neat it would be to completely redo the whole ROM and replace it with an image of exactly what the user requires only. There is a list of junk I would love to see bined as well as the microsoft B&P's.

And a list of setups and apps that would be put in there place.

Explorer (Smart) for once would be a nice ap to see after a hard reset as well as a not having to unlock the phone everytime.

Keep up the good work mate.

Link to comment
Share on other sites
Guest Spine

Guest Spine

Posted
Posted

Ok people:

Tonight I have dumped the qtek 1.5 rom image. This means that files that you cannot copy previously now can be disassembled and examined with ease.

I will be dumping the latest versions of the UK and CH roms next, with the FR and DK to follow.

The next step is to figure out how to create a flashable image from a fileset.

After that we can make our own smartphone special edition rom, just like the XDA guys did with the XDAs.

The only kicker is that the dumprom tool doesnt work 100 percent with the smartphoen rom yet but I have been in communication with the developer and we are trying to figure this thing out.

If someone who is running the qtek rom can verify that there are 490 files in the /windows directory that would be great, with a file size of roughly 16.9mb

Since i am not running this rom version I cannot verify if i have COMPLETELY dumped the image or not. (i chose the qtek rom to start with because it seems to be simlockfree and app lock free) - a good base in my opinion.

If you need proof here is a small sample:

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept