Need help reverse engineering 16bit Windows app / Binary EEPROM BOSCH 607

[n4spd]

Hello all !

I want to create an aplication for change start up logo on old phone EEPROM (1997 Bosch COM 607).

I do know is a very old phone but it can serve as good start for retro modding knowledge because supposably is simpler because of age.

So, I did spent a lot of time trying to figure out how to disassamble the .BIN EEPROM file using IDA Pro and Ghidra with no real success.

I managed to find out that this phone is using Siemens C166 processor.
In IDA Pro I managed to disassemble the file but I cannot find the entry point for correctly disassamble the file.

Second, I tried to open as binary and try to locate the logo area by selecting small chunks of binary and convert in 1bit image, with no luck.

I tried using HEX converter to see the instruction calls from processor c166 with adresses but I cannot find the correct encoding..

I also have an old 16bit Windows app (Bosch-G Logo graphics viewer) which you can view the current logo inside the EEPROM but can not make any changes except invert colors..

For the sake of good old GSM times..can somebody help me identify the correct addresses and how to modify this file ?

Many thanks !

I attached to EEPROM binary for Bosch COM 607 (remove .TXT from name - forum limitation)

[n4spd]

Any help or idea is greatly appreciated !

[Nishith]

I don't exactly remember the tool name, but try to find some bin editor, which will help you to extract the resources from the bin fw file and repack the bin file with correct checksum, etc.

I used it years ago to modify some Samsung Firmware, But right now I don't remember any details.

[n4spd]

Right now I use HEX editor but i cannot figure out the encoding used for binary file. C166 i am not sure is using checksum. I was trying to use a binary to inage converter but cannot find anywhre on the web.. there is one website who provide a tool to convert binary to image but no image show up... At some point somebody sugested to use Siemens Smelter because of compatibility with the C166 but still no luck.. I even tried Siemens Image Viewer for C35 series (uses C166 processor) but cannot recognize the bin. If you remember the tool please write back. I plan to make a ibternational website with 1000+ reto tools for modify the old phones free of charge.. thousand of logos, java games and mods. Big thanks for any help.

[30raura2022]

Quote:

Originally Posted by n4spd

Hello all !

I want to create an aplication for change start up logo on old phone EEPROM (1997 Bosch COM 607).

I do know is a very old phone but it can serve as good start for retro modding knowledge because supposably is simpler because of age.

So, I did spent a lot of time trying to figure out how to disassamble the .BIN EEPROM file using IDA Pro and Ghidra with no real success.

I managed to find out that this phone is using Siemens C166 processor.
In IDA Pro I managed to disassemble the file but I cannot find the entry point for correctly disassamble the file.

Second, I tried to open as binary and try to locate the logo area by selecting small chunks of binary and convert in 1bit image, with no luck.

I tried using HEX converter to see the instruction calls from processor c166 with adresses but I cannot find the correct encoding..

I also have an old 16bit Windows app (Bosch-G Logo graphics viewer) which you can view the current logo inside the EEPROM but can not make any changes except invert colors..

For the sake of good old GSM times..can somebody help me identify the correct addresses and how to modify this file ?

Many thanks !

I attached to EEPROM binary for Bosch COM 607 (remove .TXT from name - forum limitation)

Looking at the dump you sent with an raw image viewer (name of it is image_search_editor - ISE) the splash screen you want to change is at 0x9c6 and is stored in 1bpp linear in reverse-order (1st pixel (bit 7) in bit 0, 2nd pixel (bit 6) in bit 1...), and total size 0x150 (128x28 reso/1bpp). It looks like nv eeprom, not program code rom which is big than the dump.
If you are to mod the logo with ISE you have to set to byte reverse mode then edit->replace by bmp and open the new splash bitmap -> check apply -> ok and save new dump, then write modified dump to eeprom.
I might attach a python and/or c program for changing the splash without ise soon, sorry if i replied to a 2 year old post but noticed this now whilst looking for some samsung agere imei lock thing.