As I have posted on
another site I've dumped the ROM from my spanking new Palm Treo Pro (pt-BR).
After a (what seems) long while I found
here some instructions on how to rebuild a ROM from the
raw files.
Here's a complete step-by-step of what I have done in order to release this ROM:
- Download the ITS Utils, although only the pdocread.exe is used.
- Download the NightRaven's WM6.1 Stock ROM that will be used as a template in later steps.
- Download the Rebuild ROM utilities that will be used to repack the files. The needed files are located in the ManualRebuild sub-folder.
- Connect the USB cable between the computer and the Treo and get them to sync.
- Run pdocread -l to list the contents of the ROM. in my case the results were:
Code:
189.50M (0xbd80000) FLASHDR
| 3.12M (0x31f000) Part00
| 3.75M (0x3c0000) Part01
| 73.38M (0x4960000) Part02
| 109.25M (0x6d40000) Part03
14.50M (0xe80000) EXT_FLA
| 14.50M (0xe80000) PART00
5.00M (0x500000) MS_FLAS
| 5.00M (0x500000) PART00
STRG handles:
handle#0 874c0ae6 5.00M (0x500000)
handle#1 66f6528a 14.50M (0xe80000)
handle#2 e7488592 109.25M (0x6d40000)
handle#3 c74aacde 73.38M (0x4960000)
handle#4 874aacba 3.75M (0x3c0000)
handle#5 e74aab0a 3.12M (0x31f000)
disk 874c0ae6
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 66f6528a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk e7488592
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk c74aacde
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 874aacba
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk e74aab0a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- Run pdocread -w -d FLASHDR -p Part00 -t -b 0x800 to get the exact size of the partition 00.
In my case it is:
Code:
real nr of sectors: 1598 - 3.12Mbyte, 0x31f000
Which means that the actual size of the partition 00 is 0x31f000.
- Run pdocread -w -d FLASHDR -b 0x800 -p Part00 0 0x31f000 Part00.raw to dump the first partition to your hard drive.
- Do the last two steps for partitions 01, 02 and 03.
- From NightRaven's file, extract the RUU_Signed.nbh file.
- Run NBHExtract RUU_Signed.nbh to extract the 00_OS.nb file.
- Run NBSplit -data 2048 -extra 8 00_OS.nb to split the .nb file into .extra and .payload.
- The Part01.raw file is (according to the tutorial I based this one) the XIP.bin that needs to be implanted on the payload.
- Run ImplantXIP.exe -xip Part01.raw -payload 00_OS.nb.payload to implant the XIP into the payload.
Here's the result of mine:
Code:
Implantxip & Payload Resizer v. 1.1 by ervius!!!
BLOCKS SIZE IS: 00020000
ROM Block is : 00000800
NO ImgStart....
From IMG Value: 00340000 - NON ULDR Reducing...
....................................
Preparing payload to be resized.....
....................................
Before:
XIP.BIN Target Size: 003C0000 AdjSize: 003BFFFF
ULRD in Payload Start:00001000 Size:0001EFFF End:0001FFFF
XIP in Payload Start:00020000 Size:0031FFFF End:0033FFFF
IMG in Payload Start:00340000 Size:042FFFFF End:0463FFFF
FAT in Payload Start:04640000 Size:1877FFFF End:1CDBFFFF
After:
XIP.BIN Target Size: 003C0000 AdjSize: 003BFFFF
ULRD in Payload Start:00001000 Size:0001EFFF End:0001FFFF
XIP in Payload Start:00020000 Size:003BFFFF End:003DFFFF
IMG in Payload Start:003E0000 Size:042FFFFF End:046DFFFF
FAT in Payload Start:046E0000 Size:1877FFFF End:1CE5FFFF
Payload resized and XIP Inserted into: 00_OS.nb.payload
- According to several sources the Part02.raw is the actual OS, as it can be verified by running ViewIMGFS Part02.raw, which will create a folder named Dump with all the files of the OS (IMHO I believe that IMGFS stands for IMaGe File System), along with a dump_Memorymap.txt that contains information regarding how the ViewIMGFS program read the Part02.raw file.
- Run ImgfsToNb Part02.raw 00_OS.nb.payload 00_OS-new.nb.payload -bigstoragemove to implant the OS into the payload. Note that the new file has a -new suffix on the filename, it's necessary for the merge ahead.
That's the result of my run:
Code:
ImgfsToNb 2.1rc2
Using bigstorage mode
Sector size is 0x800 bytes
Writing imgfs to offset byte 0x3e0000, sector 0x7c0
Padding ImgFs from 0x4960000 bytes (0x92c0 sectors)
to 0x4960000 bytes (0x92c0 sectors)
Not conservative mode. Changing imgfsEnd from 0x46e0000 to 0x4d40000
Partition entry before:
File System: 0x25
Start Sector: 0x000007c0
Total Sectors: 0x00008600
Boot indicator: 0x00
First Head: 0x00
First Sector: 0x01
First Track: 0x1f
Last Head: 0x3f
Last Sector: 0x01
Last Track: 0x236
Partition entry after:
File System: 0x25
Start Sector: 0x000007c0
Total Sectors: 0x000092c0
Boot indicator: 0x00
First Head: 0x00
First Sector: 0x01
First Track: 0x1f
Last Head: 0x3f
Last Sector: 0x01
Last Track: 0x269
Partition entry before:
File System: 0x04
Start Sector: 0x00008dc0
Total Sectors: 0x00030f00
Boot indicator: 0x00
First Head: 0x00
First Sector: 0x01
First Track: 0x237
Last Head: 0x3f
Last Sector: 0x01
Last Track: 0x272
Partition entry after:
File System: 0x04
Start Sector: 0x00009a80
Total Sectors: 0x00030240
Boot indicator: 0x00
First Head: 0x00
First Sector: 0x01
First Track: 0x26a
Last Head: 0x3f
Last Sector: 0x01
Last Track: 0x272
ImgFs Flash Region log blocks was 0x218, now is 0x24b
Storage Flash Region log block was 0xffffffff, now is 0xffffffff,
Done!
- Run NBMerge -data 2048 -extra 8 00_OS-new.nb to merge back the extra space into the .nb file.
That's the result of mine:
Code:
NBMerge 2.1rc2
Executing NBMerge.exe with data chunk size = 0x800 and extra chunk size = 0x8
on file 00_OS-new.nb
Partition 0: start sector: 0x00000002, total: 0x0000003e
first used: 0x00000002, used: 0x00000001
Partition 1: start sector: 0x00000040, total: 0x00000780
first used: 0x00000040, used: 0x0000064f
Partition 2: start sector: 0x000007c0, total: 0x000092c0
first used: 0x000007c0, used: 0x000092c0
Done.
- Now come the trick part. First I've tried to use Olipro's NBHUtil to build the .nbh file and although it does have the PANT100 configuration it didn't create the .nbh file, but it did provide me with assurance -- by reading the NBHUtil.xml file -- that the Kaiser device has the same configuration of the PANT100. So I used Dark Simpson's HTC Rom Tool version 1.1.4 to build.
- Run htcrt
- Navigate to ROM Builder tab.
- Select the Kaiser device.
- Change the device name to PANT100**
- Change the version to 1.65.28.25 because that's the version of this ROM.
- Change the language to 0416 because that's the language of this ROM (pt-BR).
- Click on the [...] button next to the OS: label, and select the 00_OS-new.nb file.
- Click on the [Build!] button.
- Read carefully the message boxes telling about the possible dangers of making a ROM, and click on [Yes] on the first one, [No] on the second one.
- Give a meaningful name for the .nbh file like TreoPro.pt-BR.1.65.28.25.nbh
- If everything went according to plane, you should have a flashable Unbranded Windows Mobile 6.1 pt-BR ready to be flashed.
I've put a small ZIP file with all the tools required to reproduce this steps, as well as the ROM file I've made.
I hope this is helpful to someone, and I plead to the cook gurus on this forum to check if I did everything right.
Now I need a brave enough person to see if the ROM is OK because I admit I'm too scared to try it myself and brick my phone.
-----
Palm Treo Pro Rebuild ROM Utilities (zipped)
Palm Treo Pro pt-BR 1.65.28.25 ROM File (zipped)
12-19-2009, 02:12 PM
Linear Mode
