Hi all,
After many MP on "how do we find the offset for a patch", I decided to make a tutorial to show you how to do that. First, you will need the Rough, a apps_patch.bin any firmware, and software to display the form hexaécimal bin file, WinHex, for example.
So initially, we will first determine our "apps_compressed.bin" to make it usable, and in a second step we will create our own addresses, or offset, used by a patch on the phone.
Preamble
Before you begin do whatever it is, you must know what to display in hex, That a what offset and what is a patch, you can find information about the numbers in hex, etc. on the internet, and if I say that is just for you, reader, you are not lost along the way asking your "WTF? C KOA DISPLAY WITH FIGURES IN HEGZA ? C KOA A PATCH? "..
Of course, we must know what it is that "flash" and what we use, and, as we're at it:
AT THE END OF THIS TUTORIAL YOU WILL GET A FILE NAMED "apps_unpacked.bin" IF YOU WANT YOUR PHONE ESPECIALLY reflash, BUT ABOVE ALL, DO NOT USE THE FILE BUT THE "apps_compressed.bin" I INSISTS ON THIS POINT WELL ! Having read this warning, I am disclaims any responsibility in case of failure of flash, of brick or whatever else it if you have malecontreusement wrong file when flashing, thinking it was the right ..
So if you do not know what it is that a patch, or you are not absolutely curious about patching or modding to be more general, and so you avoid potential problems, it would be best not to follow this tutorial
PS Use the firmware apps_compressed.bin MXEIL2!
"Condition" our apps_compressed.bin
So first, why do we condition our apps_compressed.bin? Well, simply, as it is not decompressed, the apps_compressed.bin any firmware is unusable! Indeed, at the end of I. we will have a file named "apps_unpacked.bin", which is a version of "uncompressed" of apps_compressed initially, and therefore will be much more usable, you'll see why
So, first you must open the Qub software, you will find the download link in different tutorials I've done (especially the "Decompress and recompress a rc2 patch"), and then you go to the tab "Tools" and you click the "APPS"
1.png 59.58 KB 4 download (s)
Then you click on 3petits dots "..." and you select the location of your apps_compressed.bin:
2.png 90.09 KB 3 download (s)
Well, now, you will tick the boxes "Decrypt" and "Decompress" and finally press "Start Decompress", then click OK:
3.png 67.76 Kb 7 download (s)
And it's done, now a file named "apps_unpacked.bin" was automatically created at the place or was already the "apps_compressed.bin" in the archive firmware
Find your own offset
So now, once that job is done, you can go in WinHex, then open the file "aps_unpacked.bin", the result is a little scary, but we're almost there:
4.png 79.42 Kb 7 download (s)
So now, a small presentation of the window of Winhex which will be much appreciated:
5.png 57.39 KB 5 download (s)
So we have:
1: This is the window that displays all the hex values, we will need to address the origins and destination addresses, you will see by the soot of what I speak
2: This is the window that displays a kind of "translation" of these numbers in hex
3: This is very important because it is from that we'll get our famous "offsets WinHex"
Then, things begin .. First, that we will always need is our famous calculator, always in the background keyed to the "programming" mode, "hexadecimal":
6.png 41.71 KB 3 download (s)
In short, return to our WinHex window, and do "ctrl + f" to open a window to search for a "string" (please, this is a computer language), we will seek "gadget.swf", then press enter:
7.png 22.95 KB 5 download (s)
There you will see that the window will change, and we will start our "gadget.swf" highlighted in blue in the text window, and in the window with the hex values:
8.png 50.42 8 KB download (s)
(The boxed section will be that we will interested)
So now, we will embark on serious things, you will click on the "/" just left of the "System", and offset what we read is written:
9.png 51.73 Kb 7 download (s)
Make sure you click on the "/" from "/ System" and not the other, because otherwise the end result will be wrong .... In short, as can be seen, the offset WinHex is: 1091528. And this is where our beloved calculator windows!
You will now write the following calculation:
B240000 1091528 + 80100000 + (offset of our made in WinHex) =
10.png 43.15 KB 5 download (s)
And now, thank you for following this tutorial ....
No kidding, now that we have our offset, we can create our patch, and I'll show you how to create your own new path for the patch
Turn in WinHex, then select (by clicking and dragging) the full path of gadget.swf: "/ System / rsrc / Flash / Idle / gadget.swf", then in the bottom right there is a tab where there is written "Size", this is very important!
11.png 15.8 KB 9 download (s)
So now that we have selected our way, and retained the size of the path (here 22Where hex or decimal 34en), we will create our own road test (it was basic: "/ System / rsrc / Flash / Idle / gadget.swf "we will call it" / Mount / Mrs / Res / gadget.swf "). To do this, open a notepad, you write:
<nord offset="0x + the offset that you obtenu" to="nouveau path hexa" />
eg for me it will:
<nord offset="0x8C3D1528" to="on will après" />
Now, going here and in the "Text" notes we will put new path, then click on "<ENCODE>" (part touge is what made us interested):
12.png 28.06 KB 11 download (s)
So, the new path is:
4d 2f 75 6f 74 2f 4d sixth 6d 63 2f 2f 52 65 73 67 61 64 67 65 74 2e 73 77 66
(No luck, here are spaces, and the letters are lowercase, so let's replace the tiny by capital letters, spaces and clear )
Path original post:
2F53797374656D2F527372632F466C6173682F49646C652F6761646765742E737766
new path:
2F4D6F756E742F4D6D632F5265732F6761646765742E737766
So our new path, but there is a catch! It is noted that new path is much shorter than the former! and yes, if you plan well, the old path measured 34en decimal, our new and only 25 .. It will bridge these gaps, and yes, when you create your own patches, it will always, I'm always verify that the new path is much the same size as the old, and not too short nor too LONG! So to solve this problem, so let's fill the "vacuum" with "00" as here:
Path original post:
2F53797374656D2F527372632F466C6173682F49646C652F6761646765742E737766
new path:
2F4D6F756E742F4D6D632F5265732F6761646765742E737766000000000000000000
And now, so in notepad (yes I'm sorry, I deliberately obscures the "why" of "why add 00" because it does not disturb you that the more ) We can finally write our new path, represented in the variable "to":
<nord offset="0x + the offset that you obtenu" to="2F4D6F756E742F4D6D632F5265732F6761646765742E737766000000000000000000" />
eg for me it will:
<nord offset="0x8C3D1528" to="2F4D6F756E742F4D6D632F5265732F6761646765742E737766000000000000000000" />
This is only a small part of a patch, if you want to create your patch (in the format smp), the entire code will be:
<? Xml version = "1.0" encoding = "Windows-1251"?>
<patch version="1.0">
info> title="Change gadget" id="00000000" group="" version="">
<description short="Change gadget in emplacement: /Mount/Mmc/Res" />
<author nickname="Wint" fullname="" status="Àâòîð" email="" www="" icq="" donate="" />
</ Info>
<patchdata firmware="S5230MXEIL2">
<changes>
<nord offset="0x8C3D1528" to="2F4D6F756E742F4D6D632F5265732F6761646765742E737766000000000000000000" />
</ Exchange>
</ Patchdata>
</ Patch>
You can then follow my other tutorial TUTORIAL _ Unpack the patches and then recompress a rc2 you will follow from point 6, just before opening to recreate a Qub rc2
I suggest you train yourself well first, for example the patch while you unpack a rc2 already done everything, and you take as an example "currency calculator", you follow the same path to create a patch, but you will try this time, either "gadget.swf" but "calculator.swf", you will have your "/ System", offset novuel etc., and then you compare the offset you have obtained with that in the patch that you extract . If the offsets are is that you understood the tutorial avz if not, check that you have the proper firmware apps_unpacked.bn of the *. smp good original firmware, or you did not make a calculation error
I hope this tutorial you found useful and you will
Show Posts