|
Welcome to the GSM-Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. Only registered members may post questions, contact other members or search our database of over 8 million posts. Registration is fast, simple and absolutely free so please - Click to REGISTER! If you have any problems with the registration process or your account login, please contact contact us . |
|
Register | FAQ | Donate | Forum Rules | Root any Device | ★iPhone Unlock★ | ★ Direct Codes ★ | Direct Unlock Source |
| LinkBack | Thread Tools | Display Modes |
12-27-2005, 15:09 | #17 (permalink) |
Major Poster Join Date: Aug 2005 Age: 50
Posts: 44
Member: 175230 Status: Offline Thanks Meter: 2 | I coded a little tool called "raw2main" to convert a 32mb k750/d750/w800 readout to a flashable bin file with the required headers. Perhaps it's useful for you guys. Sourcecode is included so you can customize at will. I flash the resulting "main" file with Davinci 13.7 or 13.8 Tool can be downloaded here: http://rapidshare.de/files/9283818/raw2main.rar.html I reverse enginnered the essentials of flashable SE binary file format. Here is a short explanation: The file has a header which contains at least 0x380 bytes. Multiple blocks of data are flashed. Each block has a short header indicating the address to flash to and the number of bytes to flash in the block. The file has a header which contains general info offset: 0x0000-0003: 0xBABE 0x0010-0010: CID value (e.g. 29 or 36) 0x02E8-02EB: number of blocks to flash (#blocks) (little endian) 0x02EC-02EF: block length of the 1st block (little endian) 0x0300-037F: 128 bytes of dynamic hash data 0x0380-......: one additional checksum byte (hash) per block, so there are #blocks bytes 0x0380+(#blocks) start of first block *Each* block header is 8 bytes long: 0x0000-0003: flash address (e.g. 0x44000000) (little endian) 0x0004-0007: number of bytes to flash (little endian) It was easy to generate a file with the right format except for the proper hash data. I tested with a good flash file, as soon as you modify a single byte in payload, flashaddress or any of the checkbytes, DVT returns an error. Usually block not accepted 0x5556 or "there was a flash error in the previous block" or something like that. By accident I solved the problem. At offset 0x10 there is the File CID. If I set it to 0x25 (CID37) DVT skips the hashchecks and I can flash what I want to where I want Have fun, JockyW |
01-12-2006, 01:56 | #18 (permalink) |
Major Poster Join Date: Aug 2005 Age: 50
Posts: 44
Member: 175230 Status: Offline Thanks Meter: 2 | Here is a new version of my 'raw2main' tool: http://rapidshare.de/files/10880229/..._v0.1.rar.html It's now much more flexible and can convert raw binary readouts to flashable plain binary format for any SE phone. It takes any filesize for the inputfile RAW.BIN and you can now enter the start flash address. Unrar all files in the same directory, make sure your binary readout is called raw.bin and then run raw2main.exe The outputfile generated is main.bin which you can flash with e.g. DVT or SeTool2. Some tools require other filename extension, in that case you should rename main.bin (e.g. to main.mbn or filesystem.fbn) /JockyW Last edited by jockyw2001; 01-12-2006 at 13:35. |
Bookmarks |
| |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Purpose of reading certs?? and after reading certs completly, back up file (******xx | whiteclouds | Universalbox | 1 | 06-17-2008 07:41 |
...:::1600 Complete Flash Solution With Out Errors:::... | spinbaaz.com | Nokia Digital Core Technology 4 ( DCT-4 ) | 69 | 04-09-2008 20:05 |
Doesn’t it become possible Full Read Out and Flash TOSHIBA’s firmware? | tkhs1157 | VygisToolbox | 1 | 06-25-2006 07:47 |
which tool can read out the flash from my X-6 | testpoint | ARM9 BASED M62 / M62+ | 0 | 06-13-2006 17:23 |
How to read out full flash of C55? | szgsm | E-Gold Based Phones | 1 | 04-14-2003 20:44 |
|