Better Mobile App

After trying to flash a preproduction qtek 9600 (hermes)

Hello ;
I tried to flash my preproduction Herme with SD card, copied the french image in the root folder of the microSD after renaming it to 'HERMIMG.nbh' , restarted the phone with boot loader here is what I get :
Checking image file...
after about 20sec..
No image file!
PLEASE HELP
thanks

There are some preproduction models where you cannot upgrade using the HERMIMG.nbh on fat32 microSD card, I have one of them too. My original rom is in chinese and I have bootloader version 0.94.
I haven't tryied it yet, but the process should be something like this:
1) Extract contents from NBH upgrade file using itsme tools nbh2dbh.pl and nbh2decode.pl. Make sure the NBH you use has bootloader version 1.04.
2) Create a custom NBF upgrade out of the IPL.nb and SPL.nb you have extracted, use typhoonbfdecode.pl with -s, -r ipl and -r spl. This should make a "bootloader-only" upgrade.
3) Use MaUpgrade_NoID.exe to upgrade the bootloader on your device, this will only work on preproduction devices as they have 'wdata' command in bootloader 0.94, and the upgrading process should be the same.
Once you have upgraded it to bootloader 1.04 then you will be able to update to any rom using the usual Hermes upgrades found on the wiki.

Blocked at 2nd step
Error message :
C:\Documents and Settings\Administrateur\Bureau\Nouveau dossier (3)>perl typhoon
nbfdecode.pl -s -r ipl.nb -r spl.nb
Option r, key "ipl.nb", requires a value
Option r, key "spl.nb", requires a value
Usage: typhoonnbfdecode.pl filename
lists contents of filename
or typhoonnbfdecode.pl [-i] [-v] -x infile
extract modules
-i decode as sd header image
-t file is tornado nbf, with large header
-v also list headers
-s convert SPL to memory image
or typhoonnbfdecode.pl [-r module=file] [-p param=value] -c outfile
create new nbf
-s convert SPL memory image to nbf image
-t file is tornado nbf, with large header
-r specify the modules to read, module can be one of:
os, ipl, spl, splash or gsm
-p specify the header values, param can be one of:
device, language, magic, operator, flags, version or blversion
or typhoonnbfdecode.pl [-r module=file] [-p param=value] -d outfile
create sdcard image
-r specify the modules to read, module can be one of:
os, ipl, spl, splash or gsm
-p specify the header values, param can be one of:
docuniqueid, blversion, cid, seclevel, timestart, timeend
keys, cardid
Ohh help!

ohh no:
Actually I cannot do anything with that error :
Usage: typhoonnbfdecode.pl filename lists contents of filename
here is my command :
C:\Documents and Settings\Administrateur\Bureau\Nouveau dossier (3)>perl typhoonnbfdecode.pl -s -r ipl= ipl.nb -r spl=spl.nb -c nk.nbf
where is the error?

Again..
Well the error was a space ... lol --> ipl= ipl.nb
Corrected it and :
read 00020000 for ipl from ipl.nb
no IPL at 4 in IPL image
Means what ???

mcilias said:
Well the error was a space ... lol --> ipl= ipl.nb
Corrected it and :
read 00020000 for ipl from ipl.nb
no IPL at 4 in IPL image
Means what ???
Click to expand...
Click to collapse
You need to add option "-f" to your parameters to bypass the safety checks (the checks are written for WM2003 roms), be sure to have the latest version of typhoonnbfdecode when you do that.

Still confused
After adding the -f here is the result :
C:\Documents and Settings\Administrateur\Bureau\Nouveau dossier (3)>perl typhoon
nbfdecode.pl -s -f -r ipl=ipl.nb -r spl=spl.nb -c 123.nbf
read 00020000 for ipl from ipl.nb
no IPL at 4 in IPL image
read 00040000 for spl from spl.nb
spl image: 00080000 bytes
no BOOTLOAD at 0x2004 in SPL image
blversion 1.0.0.0
device SP3i
entrycount 2
flags 17
language ENGLISH
magic HTC
operator CDL___02
version 1.0.0.0
91000000 00080000 fd748c72 spl
90000000 00020000 68f14038 ipl
enc: 91000000 00080000 fd748c72 spl
enc: 90000000 00020000 68f14038 ipl
is that ok? is the file ready to upgrade with?
2- I don't know how to use it with MaUpgradeUt_noID.exe
it is asking for RUU.dll , I put the one in the original ROM and I have this error : UpdateRadio not found in the library of dynamic RUU.dll links (translated from french)
Please help me to upgrade this bootloader
thanks

mcilias said:
perl typhoonnbfdecode.pl -s -f -r ipl=ipl.nb -r spl=spl.nb -c 123.nbf
[...]
is that ok? is the file ready to upgrade with?
Click to expand...
Click to collapse
Should be ok, but only for preproducion Hermes units.
mcilias said:
2- I don't know how to use it with MaUpgradeUt_noID.exe
it is asking for RUU.dll , I put the one in the original ROM and I have this error : UpdateRadio not found in the library of dynamic RUU.dll links (translated from french)
Click to expand...
Click to collapse
You need MaUpgradeUt_noID.exe, RUU.dll and UI.dll and RUU.conf with the right settings (download older non-hermes upgrades to compare).
The file you created should be named nk.nbf or ms_.nbf (i'm not sure) and be in the same folder of the upgrade utility.
Good luck!

..
in original ROM I have RUU.dll and RUUUI.dll not UI.dll , I don't have RUU.conf I copied one from QTEK S100 ROM and I don't know info to change the config and it gives me the same error.
the error always comes but when I change the RUU.dll to the S100 one it opens the wizard.. I think that MaUpgradeUt_noID.exe is not compatible with the ROM of the herme ...
PLEASE LOOK AT PAGE 2

Production Hermes == bootloader >= 1.04 == command to flash ROM 'wdatah' == command to flash rado rom 'rwdata' == Utility Files: (ROMUpgradeUt.exe RUU.dll RUUUI.dll HERMIMG.nbh)
Preproduction Hermes == bootloader <= 0.94 == command to flash ROM 'wdata' == command to flash radio rom 'rwdata' == Utility Files: (MaUpgradeUt_noID.exe RUU.conf RUU.dll UI.dll radio_.nbf ms_.nbf nk.nbf)
So, for bootloader 0.94 you need to use an OLD RUU which flashes NBF files using 'wdata' command and not 'wdatah' command, not compatible with Shipped hermes upgrades in NBH format, that's why you need to convert NBH to NBF.
I might do it and publish the upgrade, but I'd like to extract the bootloader from my preproduction Hermes first and there's no known method yet. So, if you don't do it yourself you'll need to wait, sorry.

..
so as I understand, I have to use an old RUU for herme which is not available actually?
would the S100 one work? without causing any problem?
What should I do exactly now?
Can I please have instant contact with you? msn or so?
Thanks

mcilias said:
so as I understand, I have to use an old RUU for herme which is not available actually?
would the S100 one work? without causing any problem?
Click to expand...
Click to collapse
Yes, it is available from older HTC devices (not TyTN/Hermes).
Use the MaUpgradeUT_NoID utility, was originally writen for magician but should be fine with your preproduction bootloader.

I used all files of S100 RUU.dll + UI.dll + RUU.conf + ms_.nbf + radio_.nbf + nk.nbf ... says successfuly but it did nothing to the pda no action !

Pda Lost ?
Still no solution for this case ? Did I lose my pda phone forever?

I am quite busy ATM and cannot give this a try, if no one comes with a solution I might do it myself during the weekend and post the update or progress done, so please be patient

thanks but please don't forget me

NO SOLUTION !!???!!..
So there is no solution for this ****ing preproduction herme?
should I send it to recycle ?

HI,
could you please let me know version of your Preprod Hermes bootloader? Thanks.
Preprod HTC devices has fuctionaly limited bootloader. Therefore you must flash bootloader to 1.03 version at least.

hello
it's 0.92 how can i flash boot loader? i tried lot of solution .. it doesn't work !

mcilias said:
it's 0.92 how can i flash boot loader? i tried lot of solution .. it doesn't work !
Click to expand...
Click to collapse
Solution found, I upgraded one preproduction hermes with bootloader 0.94 (IPL-0.16, SPL-0.94) to a 1.04 bootloader and now I can flash any shipped rom on it:
http://wiki.xda-developers.com/index.php?pagename=Hermes_Howto_Bootloader104

A small toys for generate P3400 boot image !

A small toys for generate P3400 boot image !
Based on the pof's nbimg.exe and the XnView's nconvert.exe !
Enjoy this toy! Everyone !
Download mirrors
Download
What boot image (Boot Splash)
The BootSplash image, is the image that is displayed when your PocketPC device is starting up.
How to change the Gene's Boot Splash Screens
Some of the information you can reference these wiki, The tutorial describes how to custom Boot Splash Screens,
http://wiki.xda-developers.com/index.php?pagename=Wizard_ChangeSplashScreens
http://wiki.xda-developers.com/index.php?pagename=TitanBootsplashTutorial
[Translate CHS to EN by Google]
很抱歉我可怜的英语！（ Sorry my bad English ! ^_^ ）
一些关于如何转换 Gene's Boot Splash Screens的信息：
1、你需要一个BMP的图片，图片要求的格式
大小 ：240w x 320h
分辨率：96dpi
位深度：24
我利用了 nconvert.exe 去得到这样的一个图片, Res.jpg 可以是 Nonvert 支持的任意格式，
例如( BMP,GIF,PNP,JPG,WMF,EMF and Other nconvert Support)
Code:
nconvert.exe -resize 240 320 -out bmp -dpi 96 -truecolors -o temp.bmp Res.jpg
2、如何的到开机第一屏的刷机包(Howto make Splash.nb & Splash.nbh)
Code:
nbimg.exe -p 42978 -n -s -F temp.bmp -D GENE10000 -S 1024 -T 0x600
rename temp.bmp.nb splash.nb
rename temp.bmp.nbh splash.nbh
3 、 关于 NBimg 的用法（Usage）
Code:
Mandatory arguments:
-F <filename> Filename to convert.
If the extension is BMP it will be converted to NB.
If the extension is NB it will be converted to BMP.
Optional arguments:
-w <width> Image width in pixels. If not specified will be autodetected
.
（Gene : -w 240)
-h <height> Image height in pixels. If not specified will be autodetecte
d.
（Gene : -h 320)
-t <pattern> Manually specify the padding pattern (usually 0 or 255).
（Gene : -t 0)
-p <size> Manually specify the padding size.
（Gene : -p 42978)
-n Do not add HTC splash signature to NB file.
（Gene : -n)
-s Output smartphone format.
（Gene : -s)
NBH arguments: (only when converting from BMP to NBH)
-D <model_id> Generate NBH with specified Model ID (mandatory)
（Gene : -D GENE10000)
-S <chunksize> NBH SignMaxChunkSize (64 or 1024)
（Gene : -S 1024)
-T <type> NBH header type, this is typically 0x600 or 0x601
（Gene : -T 0x600)

Great thanks. It's more easy change the boot image with this tool.

What exactly is a boot image Ramerson? Can you explain in a little detail what are the usage scenerios and benefits of this tool?
Thanks in advance!

kindly explain
hi
can any one explain wat this is for i dont seem to understand
sm7s said:
A small toys for generate P3400 boot image !
Based on the pof's nbimg.exe and the XnView's nconvert.exe !
Enjoy this toy! Everyone !
I am sorry my bad English ! ^_^
Download
Click to expand...
Click to collapse

Oh, now i got it. Thanks for the explanation sm7s Actually when you said boot image i thought its something to do with the boot loader. words like bootsplash or boot time logo would have expained it better Anyways, thanks a lot for sharing.

Good, more simple to change boot screen with your tools, thanks.

I can't download

link plz
hey friends can someone give another link or upload the same?

Alternate download link:
http://www.4shared.com/file/123679548/c55e56e9/genesplash.html

Addicted2xda said:
Alternate download link:
http://www.4shared.com/file/123679548/c55e56e9/genesplash.html
Click to expand...
Click to collapse
thanx buddy
can u also tell me how 2 use it?
i cant understand nething in the first post
got the details in the zip
thank u 1ce again

Link doesnt work
Please upload it once again...

All Hurricane ROMS in one place!!!

I would ask all active members to upload or share their collection of roms for Hurricane. I bricked my hurr 2 years from now and yesterday i got one so i would like to try as many roms as possible, and it will be great for all to share roms!!! I found several on this forum (lazaj's, saleng's, shadow's) but i think that there is more!!! So share your collection!!!
Here i found some on forum:
hurricane unlock, patch and upgrade wm 6.1(selang09) ***
Link: http://www.megaupload.com/?d=JLO5H1L7
Thread: http://forum.xda-developers.com/showthread.php?t=475286
Opinion: Good one, but chinese language everywhere! After u change main lang. still some apps name stay in chinese and options too!
wm6.1 for hurricane (with Bluetooth and INFRARED RAY problems solved)0415update!!!
Link: http://rapidshare.com/files/100934508/5x6_wm6.1_0319.rar
Thread: http://forum.xda-developers.com/showthread.php?t=378607
Opinion: Didn't tried!
WM 6 Graphite rom, how to get WMPlayer in English (now in Polish)
Link: http://rapidshare.com/files/108676266/wm6_2_2.zip
Thread: http://forum.xda-developers.com/archive/index.php/t-384972.html
Opinion: Using this one right now! Seems ok, works nice, nice look, except incoming calls didn't show up!!! Very bad bug!
Wm 6.1 Pl/eng
Link: http://rapidshare.com/files/131860280/wm_6_1_by_Lazaj007.zip
Thread: http://forum.xda-developers.com/showthread.php?t=410739
Opinion: Tried before Graphite eng edition, works great, looks great... Main lang polski, after lang change WMP stay in polski! But still ok!
WM6 for SPV C550
Link: http://rapidshare.com/files/56833250/566.zip
Thread: http://forum.xda-developers.com/showthread.php?t=330709
Opinion: Never tried!
And one pack with SPL 1.00.84 & soft spl (nb, nbf), IPL 1.00.15, GSM DATA (hex and dec), bootloader commands, splsplit... etc!
Link: http://rapidshare.com/files/427352270/data_hurricane.rar
Info: This last files can help u to unbrick your hurricane (BUT AVOID TO BRICK IT), i found it on pda2u.ru , and thanks them for that! Special thanks to member SAXON!
I found many links for ROMs but those which is here have alive links! Someone with good upload speed can reup them again in one pack and post a link here!
ENJOY!

I would like to have a non T-Mobile German version (can be a shipped ROM). Have not found any yet, only those that are available at www.shipped-roms.com Have to live with de-branding this as it seems.
Possibly someone with any of the following devices can do a "r2sd all" backup of the ROM?
imate SP4M
Orange C550
Qtek 8200 (the Russian/English is available as RUU)

Thanks for this link tobbbie !

Btw, in selang's rom SMS Send don't work! So, it is useless!!! :S

I have tested all ROM´s below for SDA II, but for me lazaj007 is the best of all
Thanks to lazaj007

Did anyone care to pick up some ROM cooking for that device? I did not succeed in getting the .BIN files manipulated correctly - and I think I have a collection of nearly all ROM tools now :-(

howto convert .bin to .nb0 and back
Foreword:
.BIN files are not all the same by their nature (of course not by content). There are
.bin that are used to identify the bare binary content of the various partitions (you mostly see those)
.bin that are used to flash a ROM to the device. This looks somehow historic though, the format is already described by itsme at: http://www.xs4all.nl/~itsme/projects/xda/wince-flashfile-formats.html. It seems to me that some non HTC devices are still using this format.
The osnbtool.exe (from Weisun at PDACLAN.COM) does not work for any purpose regarding .bin files
at least not for Hurricane.
- The -sp option cuts only the B000F\0a header but does not reconstruct the blocks of the .bin file.
Mind that small .bin files (smaller than 0x1c00000) are treated correctly as there is only one block.
- The -2bin option creates an incorrect .bin header (sets a weird total length) and sets totally confused
block-load addresses for the created blocks of 64k (0x10000) size. Check it with viewbin.exe if you like.
Reference for the filestructure by itsme:
http://www.xs4all.nl/~itsme/projects/xda/wince-flashfile-formats.html
The splitrom.pl (itsme romtools) seems not be able to read the content of any .bin file I have fed to it.
Neither for .BIN files created for Hurricane nor those for Typhoon, I always get:
cmd> splitrom.pl <binfile>
B000FF image: 82040000-84c40000, entrypoint: 00000000
!!! your rom is not known to me: md5: a520f0d1093b36f0a3cfd9323ea99155
this bootloader seems to be No bootloader present
no xipchain found
no bootloader found
no operator rom found
no bitmap found
I am rather sure it should handle everything correctly but I am too stupid to debug .pl :-(
So the only thing that works and will re-create a flash-able .BIN file from a .nb0 is listed below:
convert .bin to .nb0:
enter: viewbin -r <binfile>, you get something like:
Image Start = 0x82040000, length = 0x02C00000
Record [ 0] : Start = 0x82040000, Length = 0x01C00000, Chksum = 0x00000000
Record [ 1] : Start = 0x83C40000, Length = 0x01000000, Chksum = 0x00000000
Record [ 2] : Start = 0x00000000, Length = 0x00000000, Chksum = 0x00000000
Start address = 0x00000000
The above has two blocks of data and a termination block.
The checksum = 0 effectively disables upload checking (so potentially dangerous).
The size just fits the Hurricane's SPL "l" (load) command buffer, as you get when loading a ROM:
"clean up the image temp buffer at 0x8C080000 Length 0x01C40000 "
The blocks can be smaller than 0x1c40000 but not bigger obviously.
then convert to nb0, enter: cvrtbin.exe -r -a <imgstart> -l <length> -w 32 <binfile>
for above viewbin output: cvrtbin.exe -r -a 82040000 -l 2c00000 -w 32 <binfile>
mind to omit the 0x for the start and address, replace <binfile> with your filename, then you get a resulting file from <original-name.bin> to <original-name.nb0> which can further be decomposed and edited with standard ROM tools
convert .nb0 to .bin:
enter: xipbin.exe <input.nb0> <start-in-nb0> <output.bin> <loadaddress>
to get back something flashable like above: xipbin.exe <input.nb0> 0 <output.bin> 82040000
mind to omit the 0x for the loadaddress, replace <"file"> with your filenames
to recheck if the created BIN file is usable, startup the viewbin again
enter: viewbin -r <binfile> you now get something like:
Image Start = 0x82040000, length = 0x02C00000
Record [ 0] : Start = 0x82040000, Length = 0x00040000, Chksum = 0x0208CC79
...many entries deleted...
Record [175] : Start = 0x84C00000, Length = 0x00040000, Chksum = 0x0177FB3C
Record [176] : Start = 0x00000000, Length = 0x00000000, Chksum = 0x00000000
Start address = 0x00000000
Done.
Looks quite different - but this is ok! The loading process in MTTY indocates the loading of each above block with a sequence of |*, so with these many blocks the upload to the device is giving feedback and thus is not tempting people to interrupt it.
I have done my tests with the 566.zip linked in the first post of this thread, but this should work with any .BIN file from the other ROMs as well. So I will continue to see if I can recycle any of the WM6 Roms for inserting my imgfs created for Tornado. As before the imgfs still the XIP is loaded and I know too little about this yet (especially in connection to the imgfs and how close these two are linked) - I am prepared to see non booting device states quite a lot. Luckily there is nothing done to the early boot chain (IPL and SPL) so I can always get back to the bootloader and start over again.
I hope to get a first indication that imgfs is mounted correctly in the "old" XIP before I have to replace the OEMdriver parts in my Tornado ROM.
I just checked if I can still use this flash-method for the Tornado - and it works as well. So the created "os-new.nb" in the OUT directory can be converted to .BIN and then flashed inside MTTY with the "l" command. Not that I like this method - but it works as well.

Tobbbie, you have here a very good research! To bad this device is out of use!

[WIP][MOD][SPLASH][OP6] Splash Screen Image Injector

Hey folks, thanks to @iElvis sharing his or her logo 'data' from the OP6. I have adapted my previous OnePlus programs that let you change the splash screen to work with the OP6. This means that the encoding of the data structure and the encoding of the image data are done. I do not have a OP6 and can not test certain things like where to put the modified file. In the past, flashing was always easy (and always has been especially with the OnePlus models).
My holdup and why I need the XDA/OP6 community support is to find out where to exactly put this modified file. In the past I haphazardly made a super fast in-memory program for altering the splash screen for the Nexus 6p that was (and is currently) at a roadblock for one reason. That reason was Google used ELFs to populate partitions (not short people with pointy ears and green clothing), and at that time utilized separate partitions that the ELFs populate. Not all were ELF generated, but that is outside of the scope of what I do because to a certain point the ones that I wanted to change were generated that way.
This concept of splitting partitions, back then, was just trying to grab a footing on seamless upgrades initially from what I have read up until this newer style. I have put some research into some things involving this, but Google is kind of bland in it's description of what this all means. This is different than the Nexus 6P that I mentioned previously, and if you read that last link, it may be just as easy as flashing it to both partitions logo_a & logo_b. One partition is always active and has two different statuses, which make the device 'ideally' always bootable after an OS update.
Most of my research was done through reading a lot of the open source code put out by the AOSP for "fastboot". You can learn more than you can ever derive from documentation in this realm. I hope to hear some feedback of attempts so that I can delete all of this up above
Please read below so you can better understand this type of encoding being used:
What Is A Raw Image?
A raw image, whether it be a file or an image in memory, is simply pixel data. There is no extra information like width, height, name, end of line... Absolutely nothing, just pixel data. If you have an image that is raw and the resolution is 1080x1920 and you are using a typical RGB24 or BGR24 (like the ones used here), then your exact filesize or size in memory will be 1080x1920x3! We use 3 here because there is one byte for the R or red component, one for the G (green), and one for the B(blue).
What Is A Run Length Encoded Image?
A run length image encoding uses a count ;usually a single byte (char), 2 bytes (short int), or 4 bytes (long int); and then the pixel components. So instead of writing out 300 bytes of '0's to make a line of 100 black pixels. Black is RGB(0,0,0). You could encode this as 100, 0, 0, 0. And only use 4 bytes of data to get the exact same image as the 300 byte raw image. All the run length encoding I've found, except the Motorola style which is a little different, use a run length encoding that is pixel-oriented like this.
Now I've found this new one and it is a byte-oriented run length encoding. This is for runs of bytes, not pixels. You may think, well whats the big deal? When you add a little area of color, you increase the run length encoded image in you logo.bin immensely! You use 6 bytes per pixel if there aren't any runs of color data. If you had an image that was a 1080x1920 black image with a 25 pixel horizontal line in the middle. The encoder would be doing runs of black data efficiently until it reached the red area.
.....0 255 0 255 0 255 0 255 0 255 0 133 /// we've reached the top left corner of the red line /// 13 1 30 1 255 1 // << that was just one red pixel!! in bgr color order (13, 30, 255) <<// And it keeps going through the rest of the red pixels on that line using 6 bytes per pixel, which is the opposite of compression. Before reaching the red line the encoding was decoding to 255 zeros over and over, until finally 133 zeros. 255 zeros is 85 black pixels stored in just 2 bytes!
This type of encoding is ONLY good for grey scale images. It is not good with color, but it still will handle color of course. In grey scale, the Red, Blue, and Green data components are always the same values. All the way from black (0,0,0) to white (255, 255, 255); including every shade of grey in between>>>(1,1,1) (2,2,2) (3,3,3)....(243, 243, 243) (254, 254, 254)<<<
One other difference in this method of run length encoding is that the color byte is before the count, which is backwards from all of the other methods.​
The attachment contains the executable that was compiled using mingw32 on a 64 bit Windows 10 PC. The awesome PNG library that I used for generating the pngs is LodePng, the source can be found here.
To use the OnePlus 6 Logo Injector:
Decode your logo.bin:
Code:
OP6Logo -i logo.bin -d
All the PNG 's will be extracted from logo.bin. Edit the PNG(s) that you want to change...
Note:
Your original "logo.bin" file is never changed, it is just read. If the file you try to load isn't a logo file, or a different style, then the program will tell you and exit.​
Inject the image(s) back in to the logo.bin:
Code:
OP6Logo -i logo.bin -j fhd_oppo fhd_at
To list whats in your logo file:
Code:
OP6Logo -i logo.bin -l
For a more detailed list:
Code:
OP6Logo -i logo.bin -L
If the colors are messed up use the "-s" switch while decoding.
Code:
OP6tLogo -i logo.bin -d -s
If you had to use the "-s" switch to decode properly, you'll have to use it to inject also:
Code:
OP6Logo -i logo.bin -j image_name -s
Note:
You can put as many names after "-j" as you want, and it's not case sensitive. You also don't have to put the whole name. If you just put "-j fhd" every image in the logo.bin that starts with "fhd" will be injected. There has to be a PNG with the name in the directory though​
The size of your modified.logo.bin will displayed along with the original size, if everything went good. The 'splash' partition is 16 MB on the OP6. If you use too much color on too many of the images you will easily go over 16 MB. The program will tell you and delete the "modified.logo.bin" that was created. If for some strange reason you would like to keep it, use the "-B" flag on the command.
The last step is to flash the modified logo file via fastboot with the command
Code:
fastboot flash LOGO modified.logo.bin
Use this at your own risk.
Always make backups.
Always.

Source
Source:

I haven't had a chance to work up a custom splash and flash it just yet, in part because I realized that on this phone, the splash screen only shows up for a split second before it's replaced by the "Your phone is unlocked and insecure, don't put sensitive files on it blah blah" warning. So I'm not sure this is going to do a whole lot for us. I'm going to try later tonight or this weekend and report back. Pretty sure "flash logo" should work fine, but it will flash only to the active partition. We may need to "flash logo_a" and "flash logo_b" to get it on both partitions.
Also, thanks for posting the source. I'm going to see if I can get this to compile in Xcode so we have an OSX version.
Edit 6/10: I can't get it to compile in Xcode, but I'm sure it's something I'm doing wrong.

Anyone tested it splash screen

Okay, welp, I'm throwing in the towel on this one. The bootloader warning is not in text like it was on the HTC phones I've modded to remove it. On those phones, the text showed up in the bootloader file in a hex editor, and could be replaced with empty spaces to remove it.
I pulled the boot file from /dev/block/bootdevice/by-name/ and searched through it. None of the text in the warning can be found with a simple search. As I suspected, that warning screen looks like it's a function coded into the boot process, which means removing it is probably impossible.

work Fine !
file :
lodepng.h
lodepng.c
OP6Logo.c
# gcc lodepng.c -c
# gcc OP6Logo.c -c
# gcc *.o -o OP6_prog OR # gcc lodepng.o OP6Logo.o -o OP6_prog
# ./adb shell
# su
# cd /dev/block/bootdevice/by-name
# ls --color --all
lrwxrwxrwx 1 root root 16 1970-01-06 04:29:20.549999999 +0100 LOGO_a -> /dev/block/sde20
# dd if=LOGO_a of=/sdcard/LOGO_a
exit
# ./adb pull /sdcar/LOGO_a ./
# OP6_prog -i LOGO_a -d
MODIFY YOUR PICTURE .....
# ./OP6logo -i LOGO_a -j fhd_
you have modified.logo.bin
Just dd if of and work fine !
And for the Real Splash :
./adb pull /system/media/bootanimation.zip ../
God bless

gao0309 said:
file :
lodepng.h
lodepng.c
OP6Logo.c
# gcc lodepng.c -c
# gcc OP6Logo.c -c
# gcc *.o -o OP6_prog OR # gcc lodepng.o OP6Logo.o -o OP6_prog
# ./adb shell
# su
# cd /dev/block/bootdevice/by-name
# ls --color --all
lrwxrwxrwx 1 root root 16 1970-01-06 04:29:20.549999999 +0100 LOGO_a -> /dev/block/sde20
# dd if=LOGO_a of=/sdcard/LOGO_a
exit
# ./adb pull /sdcar/LOGO_a ./
# OP6_prog -i LOGO_a -d
MODIFY YOUR PICTURE .....
# ./OP6logo -i LOGO_a -j fhd_
you have modified.logo.bin
Just dd if of and work fine !
And for the Real Splash :
./adb pull /system/media/bootanimation.zip ../
God bless
Click to expand...
Click to collapse
Way to remove bootloader unlocked warning?

NO

Please create flashable zip. Of splash screen

I'm trying this on linux on a 6T boot splash screen but I get a segmentation fault:
Code:
__________________________________________________________-_-
OP6 Logo Injector v1
Written By Makers_Mark @ XDA-DEVELOPERS.COM
_____________________________________________________________
FILE: logo.bin
_____________________________________________________________
RGB is the color order. Use "-s" switch to change it to BGR.
#01: Offset:0
Header=SPLASH!!
Width=1080
Height=1920
Data Length=81798
Special=1
Name=
Metadata=
Segmentation fault
Any idea why?

foobar66 said:
I'm trying this on linux on a 6T boot splash screen but I get a segmentation fault:
Any idea why?
Click to expand...
Click to collapse
For 6T, maybe you need look at this thread
https://forum.xda-developers.com/oneplus-6t/development/tool-splash-screen-modification-t3874158
Sent from my ONEPLUS A6000 using XDA Labs

I tried to report that the error memory could not be read under Windows 10 and wimdows7. Then I executed the following instructions under Linux and still reported the error. What can I do, oneplus 6, Android 9.0?
gcc lodepng.c -c
gcc OP6Logo.c -c
gcc *.o -o a.out
./a.out -i logo.bin -d
The following are the results of implementation：
__________________________________________________________-_-
OP6 Logo Injector v1
Written By Makers_Mark @ XDA-DEVELOPERS.COM _____________________________________________________________
FILE: logo.bin _____________________________________________________________
BGR is the color order. Use "-s" switch to change it to RGB.
#01: Offset:0
Header=SPLASH!!
Width=1080
Height=1920
Data Length=77716
Special=1
Name=
Metadata=
Segmentation fault

Code:
C:\Users\denie\Documents\logo>OP6Logo -i logo.bin -d
__________________________________________________________-_-
OP6 Logo Injector v1
Written By Makers_Mark @ XDA-DEVELOPERS.COM
_____________________________________________________________
FILE: logo.bin
_____________________________________________________________
BGR is the color order. Use "-s" switch to change it to RGB.
#01: Offset:0
Header=SPLASH!!
Width=1080
Height=1920
Data Length=81798
Special=1
Name=
Metadata=
C:\Users\denie\Documents\logo>
Any ideas?

Does this work?

Prakyy said:
Does this work?
Click to expand...
Click to collapse
There's no way to hide the Google warning about unlocked bootloaders, if that's what you mean.

iElvis said:
There's no way to hide the Google warning about unlocked bootloaders, if that's what you mean.
Click to expand...
Click to collapse
Really... This is what I've been searching all over for for my 6t... Get rid of the stupid bootloader unlock warning. On all my other devices we always used a custom made boot-logo.bin and installed it on slot a and slot b using fastboot.. I guess if it could be covered up it definitely would have by now. ?
Edit added: I just read the thread. From what I've gathered basically this device (6&6t) is designed different and that's why we can't tamper with/cover up the bootloader warning message.

flash713 said:
Really... This is what I've been searching all over for for my 6t... Get rid of the stupid bootloader unlock warning. On all my other devices we always used a custom made boot-logo.bin and installed it on slot a and slot b using fastboot.. I guess if it could be covered up it definitely would have by now. ?
Edit added: I just read the thread. From what I've gathered basically this device (6&6t) is designed different and that's why we can't tamper with/cover up the bootloader warning message.
Click to expand...
Click to collapse
I gave up after a lot of experimenting. I'm not aware of anyone managing it.

iElvis said:
I gave up after a lot of experimenting. I'm not aware of anyone managing it.
Click to expand...
Click to collapse
You should get an award for your XDA signature. ?? It's funny because it's real and oh so true! The way some people comment on things never ceases to blow me away. I see some posts and I think to myself, "what the hell?" "Who raised this person!?" There are definitely many different types of humans out there in the world that's a fact. I try and stay out of it as much as possible. ? lol.
It sucks we can't just make a ton of boot logos and cover that up. Oh well the 6 & 6t are awesome devices!! Usually whenever I end up on down the road selling my phone and purchasing another one from eBay or swappa things similar to this begin to be solved and then 15 custom roms all drop outa nowhere all at once. ? Happens every...single...time...haha!! Thanks for giving it a shot! :good:

Radio img extractor

Hello ... so i have an Radio.img and i know inside there are this files
(bootloader) Validating 'radio.default.xml'
(bootloader) Committing 'radio.default.xml'
(bootloader) - flashing 'NON-HLOS.bin' to 'modem'
(bootloader) - flashing 'fsg.mbn' to 'fsg'
(bootloader) - erasing 'modemst1'
(bootloader) - erasing 'modemst2'.
How can i extract NON-HLOS and fsg ? thanks in advance ...

I know this is an ancient thread, but it's still the first search result, so I figured a solution could help anyone else that stumbles upon this..
I made a quick and dirty extractor that works at least for motorola edge 2021 xt2141 radio images. These files seem to start with magic "SINGLE_N_LONELY" and end with "LONELY_N_SINGLE". Filenames are provided, followed by the length of the contents (in little endian), then the contents.
This script will try to open radio.img in the current dir if a filename is not provided. Dumped files will go right in the working dir, so be careful. File content reading isn't done in chunks here, so be mindful of memory usage. Likely not an issue, but you can code in some chunking if needed.
Code:
#!/usr/bin/env python
import io
import sys
# supply filename as argument or default to 'radio.img'
try:
filename = sys.argv[1]
except IndexError:
filename = 'radio.img'
with open(filename, 'rb') as f:
magic = f.read(0x100).strip(b'\0').decode()
print(magic)
assert magic == 'SINGLE_N_LONELY'
while True:
# filename
fn = f.read(0xF0).strip(b'\0').decode()
print(fn)
if fn == 'LONELY_N_SINGLE':
break
# size of file in little endian
f.seek(0x08, io.SEEK_CUR)
l = int.from_bytes(f.read(0x08), 'little')
print(l)
# warning: not reading in chunks...
# warning: outputs to working dir
with open(fn, 'wb') as o:
o.write(f.read(l))
# seek remainder
rem = 0x10 - (l % 0x10)
if rem < 0x10:
f.seek(rem, io.SEEK_CUR)
# seek until next filename
while not f.read(0x10).strip(b'\0'):
continue
# rewind back to start of filename
f.seek(-0x10, io.SEEK_CUR)
Note the resulting images will likely be in sparse format. You'll need simg2img to convert to raw images if you're trying to mount or otherwise manhandle the images.
If interested in dumping carrier profiles (from inside the fsg image), EfsTools has an extractMbn function. Not sure how to reassemble though. https://github.com/JohnBel/EfsTools

ziddey said:
I know this is an ancient thread, but it's still the first search result, so I figured a solution could help anyone else that stumbles upon this..
I made a quick and dirty extractor that works at least for motorola edge 2021 xt2141 radio images. These files seem to start with magic "SINGLE_N_LONELY" and end with "LONELY_N_SINGLE". Filenames are provided, followed by the length of the contents (in little endian), then the contents.
This script will try to open radio.img in the current dir if a filename is not provided. Dumped files will go right in the working dir, so be careful. File content reading isn't done in chunks here, so be mindful of memory usage. Likely not an issue, but you can code in some chunking if needed.
Code:
#!/usr/bin/env python
import io
import sys
# supply filename as argument or default to 'radio.img'
try:
filename = sys.argv[1]
except IndexError:
filename = 'radio.img'
with open(filename, 'rb') as f:
magic = f.read(0x100).strip(b'\0').decode()
print(magic)
assert magic == 'SINGLE_N_LONELY'
while True:
# filename
fn = f.read(0xF0).strip(b'\0').decode()
print(fn)
if fn == 'LONELY_N_SINGLE':
break
# size of file in little endian
f.seek(0x08, io.SEEK_CUR)
l = int.from_bytes(f.read(0x08), 'little')
print(l)
# warning: not reading in chunks...
# warning: outputs to working dir
with open(fn, 'wb') as o:
o.write(f.read(l))
# seek remainder
rem = 0x10 - (l % 0x10)
if rem < 0x10:
f.seek(rem, io.SEEK_CUR)
# seek until next filename
while not f.read(0x10).strip(b'\0'):
continue
# rewind back to start of filename
f.seek(-0x10, io.SEEK_CUR)
Note the resulting images will likely be in sparse format. You'll need simg2img to convert to raw images if you're trying to mount or otherwise manhandle the images.
If interested in dumping carrier profiles (from inside the fsg image), EfsTools has an extractMbn function. Not sure how to reassemble though. https://github.com/JohnBel/EfsTools
Click to expand...
Click to collapse
Thanks for making python script to unpack these SINGLE_N_LONELY header files(bootloader.img, radio.img, singleimage.bin, gpt.bin) from Moto Stock ROM zips.
But why reading filename only 240 bytes and skipping 8 bytes instead of reading whole 248 bytes?
This guy wrote to read 248 bytes instead https://forum.xda-developers.com/t/...t-of-the-moto-g-5g-plus.4371213/post-87807175
I also made quick and dirty unpacked using Lua 5.3 at https://forum.xda-developers.com/t/...t-of-the-moto-g-5g-plus.4371213/post-87931915
I guess one of us has to post this to github, since I can't find any Open Source tool to unpack this simple format image files.
Currently, only star tool that we can find from some of blankflash files(eg. this) and imjtool can unpack these SINGLE_N_LONELY header files as far as I know. But I guess these are not Open Source.
Thanks

HemanthJabalpuri said:
But why reading filename only 240 bytes and skipping 8 bytes instead of reading whole 248 bytes?
This guy wrote to read 248 bytes instead https://forum.xda-developers.com/t/...t-of-the-moto-g-5g-plus.4371213/post-87807175
Click to expand...
Click to collapse
Ah neat. I only used xt2141 radio images as reference for approximating the file format. It's been a while, but I think based on the actual positioning of the filenames in the images I was testing, I wasn't sure if the final 8 bytes were part of the filename or padding.
Likewise, I wasn't sure of how padding works after the file data, so I just did a dumb seek and rewind.