x
This website is using cookies. We use cookies to ensure that we give you the best experience on our website. More info. That's Fine
HPC:Factor Logo 
 
Latest Forum Activity

rom dump - custom roms for bsquare powerhandheld (maui)

« 1 2 3 4 5 6 ... Next »
cmonex Page Icon Posted 2008-05-04 11:34 PM
#
Avatar image of cmonex
H/PC Oracle

Posts:
16,175
Location:
Budapest, Hungary
Status:
i've finally managed to write a program (after getting back home after a full month in the uk )

this dumps the flash of the bqsuare phh

bootloaders and OS image.

the OS image is compressed, i've got the uncompressed image from RAM before but that's no good if you want to flash it back.

I think now just a program is needed that can uncompress/compress raw zlib, just like zpipe for the netbook pro images. that should be doable soon.

so watch this space

until then, here's the romdumper I wrote. it calls functions from docbin.dll to do the read, but maybe later I'll write another that directly calls the trueffs iocontrols, advantage would be that with some luck, it would work on other wince nand devices

download from attachment

usage: run the exe, with a Storage Card inserted that has at least 32MB free space.
it will tell you to wait until finish, so press OK and wait until it pops up another message. then that's all, if it didn't say success but some error message, let me know
the file is bsqromdump.bin in root of Storage Card.



Edited by cmonex 2008-05-04 11:38 PM




Attachments
----------------
Attachments bsqflashread.exe (5KB - 62 downloads)
 Top of the page
perazz Page Icon Posted 2008-05-05 3:37 AM
#
Avatar image of perazz
Factor Fanatic

Posts:
58
Location:
Mantova, Italy
Status:
Cmonex, it's great!!

I've left my PHH at home, but as soon as I come back I'm going to try your dumper
 Top of the page
cmonex Page Icon Posted 2008-05-05 1:12 PM
#
Avatar image of cmonex
H/PC Oracle

Posts:
16,175
Location:
Budapest, Hungary
Status:
I've extracted bootloader images, still trying to decompress OS image.

if you have cygwin I can send a program that can handle raw zlib compressed images, if you want to experiment too

just need to find the offset for decompression.


perazz: if you dump yours and can upload the dump I could compare it to mine, if different it might help find the offset to start decompress from.

Edited by cmonex 2008-05-05 1:21 PM
 Top of the page
cmonex Page Icon Posted 2008-05-06 10:32 PM
#
Avatar image of cmonex
H/PC Oracle

Posts:
16,175
Location:
Budapest, Hungary
Status:
OK, OS is extracted too

just to document it, you need to remove the part until the 00 byte after "nk.bin" string at the start (including the 00 in this removal), then add the bytes 78 9C at the start because zlib requires this header. (and remove 000000 at the end of the file)

extract using http://hpcmonex.net/zpipewin32.zip

Edited by cmonex 2008-05-06 10:34 PM
 Top of the page
mych Page Icon Posted 2008-05-07 10:05 PM
#
Avatar image of mych
H/PC Newbie

Posts:
18
Status:
i have send a bsq_dump.zip to u. please get email
 Top of the page
perazz Page Icon Posted 2008-05-08 6:09 AM
#
Avatar image of perazz
Factor Fanatic

Posts:
58
Location:
Mantova, Italy
Status:
Cmonex, tomorrow I'll get home and try!
 Top of the page
cmonex Page Icon Posted 2008-05-08 1:39 PM
#
Avatar image of cmonex
H/PC Oracle

Posts:
16,175
Location:
Budapest, Hungary
Status:
i got no email.. if it is a link to a filesharing page feel free to just post it here.


P.S: I probably wasn't documenting the decompression process clear enough,
so, the OS starts at 0x80000 in the dump, you need to remove 17 bytes, then add the 2-byte signature for zlib.

Edited by cmonex 2008-05-08 2:02 PM
 Top of the page
perazz Page Icon Posted 2008-05-09 4:23 PM
#
Avatar image of perazz
Factor Fanatic

Posts:
58
Location:
Mantova, Italy
Status:
Hi cmonex

I've followed your instructions and dumped my 2 PHHs' roms. I've then cut the bins until 0x80000 and then added the two 78 9C bytes at the beginning.

Then, I've deleted 0000s and ff ff ff ff ... in the end of the file.

At least, I've run zpipe -d bsqromdump.bin NK.BIN

But it tells me "invalid or incomplete deflate data". What's the mistake I've made?

perazz

PS: please, check your PMs!

Edited by perazz 2008-05-09 4:24 PM
 Top of the page
cmonex Page Icon Posted 2008-05-09 4:56 PM
#
Avatar image of cmonex
H/PC Oracle

Posts:
16,175
Location:
Budapest, Hungary
Status:
I'm not using PM's, nobody is getting any reply over PM from me. but I got the link, i'll check it, thanks.

how many bytes did you cut at the start of the romdump file?

Edited by cmonex 2008-05-09 4:57 PM
 Top of the page
perazz Page Icon Posted 2008-05-10 3:23 AM
#
Avatar image of perazz
Factor Fanatic

Posts:
58
Location:
Mantova, Italy
Status:
Ok, please accept my apologies for the PM

I've cut 524288 bytes (corresponding to the 0x80000 start) + 17 (part including the nk.bin label), in total they are 524305. Then I've added 78 9C





Edited by perazz 2008-05-10 3:24 AM
 Top of the page
cmonex Page Icon Posted 2008-05-10 11:09 AM
#
Avatar image of cmonex
H/PC Oracle

Posts:
16,175
Location:
Budapest, Hungary
Status:
sorry I didn't see you already mentioned which offset you cut it at.

do you get a new file larger than 0 bytes? I assumed you didn't, but please confirm.

the error actually never goes away, even when you fully decompress the image - must be very absent minded lately, but you need to cut the last non zero 4 bytes as well. (that's the uncompressed image size btw. the 4 bytes before are crc32 checksum of the compressed image)
if you don't cut those, you will still get it uncompressed but last few kbytes will be missing.

then you should get a msbin image starting with a B000FF signature.
i'm going to check your romdumps now

Edited by cmonex 2008-05-10 11:10 AM
 Top of the page
perazz Page Icon Posted 2008-05-10 1:24 PM
#
Avatar image of perazz
Factor Fanatic

Posts:
58
Location:
Mantova, Italy
Status:
Yeah I've got the msbin image!

Though, dumpromx tells me that it cannot determine loading offset...
 Top of the page
cmonex Page Icon Posted 2008-05-10 3:58 PM
#
Avatar image of cmonex
H/PC Oracle

Posts:
16,175
Location:
Budapest, Hungary
Status:
because it is a MS BIN file.

use cvrtbin to extract it first

cvrtbin -r -a 94200000 -l 2b4aa38 -w 32 binfilename.bin

(it will create binfilename.nb0)

p.s.: i think both of your bsquares have a firmware identical to mine ... the passwords differ though

before you ask, no, I can't read the passwords saved in flash, it uses md5 unicode to hash them before storing.

Edited by cmonex 2008-05-10 4:10 PM
 Top of the page
perazz Page Icon Posted 2008-05-11 4:31 AM
#
Avatar image of perazz
Factor Fanatic

Posts:
58
Location:
Mantova, Italy
Status:
Quote
cmonex - 2008-05-10 9:58 PM

before you ask, no, I can't read the passwords saved in flash, it uses md5 unicode to hash them before storing.


don't worry, I won't ask you! Thanks to your previous great job on PHH there's no need of knowing the passwords!

BTW, despite some error messages, it seems that the files I've extracted from the rom dump aren't corrupted!

Cmonex, I'd bring you a bunch of flowers!

Edited by perazz 2008-05-11 4:33 AM
 Top of the page
cmonex Page Icon Posted 2008-05-11 3:27 PM
#
Avatar image of cmonex
H/PC Oracle

Posts:
16,175
Location:
Budapest, Hungary
Status:
yeah, dumprom always throws that error message, that's no problem. if your BIN is 44869039 bytes then it's fine

right now I'm trying to get hold of another bsquare that I can test roms on no problem, when I get back from my little holiday, I'll work on actually flashing in a rom

still need to determine what 8 bytes do at offset 0x80002 before the "nk.bin" string (i know the first two at 0x80000 are a signature to tell the bootloader it is a .GZ image, not uncompressed .BIN). if that gets figured out maybe from bootloader disasm, then I'll be more confident about the exact flashable format. right now it seems the last 8 bytes of the whole .GZ are crc32 and filesize of uncompressed image. and that will need to be added into flashable image.

also, realized that zpipe throws the error due to missing adler32 checksum at the file end, that doesn't really matter.

I think an attempt to load a NK.BIN as RAM OS would be best first though. already have the implementation, but need to try it

oh and thanks for the flowers

Edited by cmonex 2008-05-11 3:30 PM
 Top of the page
« 1 2 3 4 5 6 ... Next »
Jump to forum:
Seconds to generate: 0.300 - Cached queries : 53 - Executed queries : 30