Tutorial: Basics of Creating Patches for Satio/Vivaz : Патчестроение : Форум


 LathandredCrusader:
12.02.12, 15:42
 Hi Developers...
For a while I was sad, because I was not able to work on patches
Because, I thought that I'm not able to apply patches to Satio/Vivaz, but I was false..
So it seems that I will not be able to save myself from patches :)

Anyway... This tutorial will give some basics of creating patches for Satio/Vivaz.
I do not know whether "google translate" will translate my sentences properly, but I will be clear as far as I can.

What do we need for it?
1. An Hacked phone (do you need a tutorial for it?)
2. "ROM Patcher" installed to your phone... Because We will apply our patches by using "ROM patcher"


OK. Let's start.. First of all, we have to learn these two instructions:
1. rel
2. SnR


A. What is "Rel" instruction? How to use it?

"rel" instruction changes one or more than one bytes in a specific entry point.

Typical usage:
rel:file path\file name:entry point:original codes:our codes


Let's understand it by creating an example patch.
In my example I want to create a patch to disable opening "File Manager" from "Main Menu"

For this, let's open z:\sys\bin\FileManager.exe bu using a random Hex Editor:



As we see, there is a:
"7A" in "entry point 00000000" and
"10" in "entry point 00000003"

Now, I have decided that, if we change "7A" and "10" to "00", We reach our aim.
We can do it with two distinct ways by using "rel" instruction:

1.
Код:
rel:sys\bin\FileManager.exe:00000000:7A:00
rel:sys\bin\FileManager.exe:00000003:10:00


or 2.
Код:
rel:sys\bin\FileManager.exe:00000000:7A000010:00000000



I hope it is all clear..
As you see, we have changed some specific codes in a specific entry point.
Now let's check SnR instruction



B. What is "SnR" instruction? How to use it?

"SnR" (Search and Replace) instruction changes all instances of a specific code in a specific file..
When we use "SnR" instruction, we do not need to define an entry point..

Typical Usage:
SnR:file path\file name:original codes:Our Codes


Let's understand it by checking the same example of "rel" instruction:



Now let's create the same patch by using "SnR" instruction:

Код:
SnR:sys\bin\FileManager.exe:7A000010CE390010EB841F10F6FDCA:00000000CE390010EB841F10F6FDCA


With this, we gave this order to ROM patcher:
1. Open sys\bin\FileManager.exe
2. Search ALL the instances of 7A000010CE390010EB841F10F6FDCA in that file
3. Replace ALL of them with 00000000CE390010EB841F10F6FDCA

In our example, there exists only one instance :)
This "SnR" instruction may be useful, for example, when we wish to change more than one unicode string in a file.



An example patch: Two instructions:


Патч: 
    
;Satio U1 / Vivaz U5
;Change keypad shortcut functions.
;Change XX parts as you wish by checking "hex values".
;Example: if you wish to change *#06# to *#99#, change: "300036:XX00XX" to "300036:390039"
;(c) Lathander Crusader






SOME ANSWERS FOR POSSIBLE QUESTIONS

A. How to make the patch?
Simple.. in non-smart phones, we use "vkp" extention for our patches. But in Satio/Vivaz phones, we use "rmp" extention.
Save your codes with "rmp" extention. For example: "disable filemanager.rmp"
Than apply your patch by using ROm patcher and after that, Carpe Diem!..

B. I have created a patch but I can not apply it by using ROM patcher. What is wrong with it?
1. Probably your patch syntax is wrong.
2. Probably your "original codes" part in your patch is wrong
3. The file you want to patch is not a ROM file... Always remember this: ROM files are contained in "Z: drive"
But not all the files in Z are ROM files. ROM patcher can only patch ROM files. Not all the files in "Z: drive"

C. Can we patch multiple files by using only one patch?
As you see, it is possible:
Код: 
;Satio U1
;Privacy
;Disable to access File Manager and Media Center from Main Menu.
;v.1
;(c) Lathander Crusader
rel:sys\bin\FileManager.exe:00000000:7A000010:00000000
rel:sys\bin\MediaCenter.exe:00000000:7A000010:00000000

D. Do we have a disassembler program for ROM files?
This issue is complicated, at least for now.





SOME USEFUL INFORMATIONS

1. There is a simple way for finding all the files, which are related with original applications.
In this example, I want to find all the files that are related with "Voice recorder" application..
For this, let's go to Z\ system \ install folder. You will see lot's of STUB files there.
Copy all of them to your PC. OK, now let's check them:



As you see, one of those files is VoiceRecorder_stub.SIS. Now, Let's open it by using a random Hex editor program, or by using Notpad...



As you see, this file gives us a list of all the files related with Voice Recorder application.
Actually, all the files in Z: \ system \ install give us useful lists about original applications.
So, when we wish to change a function of an original application, we can check those STUB files and simply find whatever we want.


I will update this thread when new events happen about this issue.
Best Regards..
Crusader.. Sе

[ Edited by LathandredCrusader в 19.2.12 04:31 ]

 den_po:
12.02.12, 20:02
 
LathandredCrusader пишет:
D. Do we have a disassembler program for ROM files?
As I know, there does not exists a program for that, at least, for now. I have tried IDA Interactive Disassembler
for this purpose but I could not get a success.

all IDA versions I've seen have epoc.ldw loader ;-)

Прикрепленный к сообщению файл:

2.PNG 2.PNG (37.90 kb; 358 hits) Скачать файл
1.PNG 1.PNG (12.07 kb; 365 hits) Скачать файл

 LathandredCrusader:
12.02.12, 20:45
 den_po, first of all thank you for your help master..
In recent days, I tried to disassemble those dll and exe files by using IDa and epoc.ldw.
It always gave me this error message:


Program gives me this error message, after that, it disassembles the files...
But disassembling made by IDA is incomplete and some times false (as I recognized)
This is the reason why I couldn't be sure about whether can I use it or not...

in the other hand, about 10 days ago, I found a very old patch that was made for Nokia N80

Код: 
;EnableHiddenMenus
; fca00000-at-yahoo-dot-es
; Firmware: tested on N80 v 5.0719.02;
; I changed eikcoctl.dll in
; method CEikMenuPane::DeleteMenuItem
; so that it simply returns
;F8F29D56                 PUSH    {R0,R1,R4-R7,LR} ; patch to   BX LR
;F8F29D58                 SUB     SP, SP, #4
;F8F29D5A                 LSLS    R6, R0, #0
;F8F29D5C                 LDR     R0, [R0,#0x70]
;F8F29D5E                 MOVS    R7, #0
;F8F29D60                 CMP     R0, #0
;F8F29D62                 BEQ     loc_F8F29D66
;F8F29D64                 LDR     R7, [R0,#4]

SnR:sys\bin\eikcoctl.dll:F3B581B00600006F0027:704781B00600006F0027


it seems that, in past, some people used IDA for creating patches for symbian. Amazing..
Now, I think that, if I can find the proper settings in IDA, I will be able to do it, too..
But, I'm still searching for the proper settings.
So, could you please mention that did IDA give error message also to you?
Again, thank you very much for help..

[ Редактировано LathandredCrusader в 12.2.12 17:50 ]

 den_po:
12.02.12, 20:52
 LathandredCrusader, I didn't see any of error messages

 LathandredCrusader:
12.02.12, 20:57
 So, it is possible to disassemble those files by using IDA.. Sе
it seems that, I must reinstall my IDA or use another version...
Anyway, it is a great new..

 RaANdOoM:
18.02.12, 14:12
 LathandredCrusader, maybe you already know, maybe not - Symbian^3 Source Code and Bootloader has been Leaked
I think it can help you create patches for Symbian :)

[ Редактировано RaANdOoM в 18.2.12 18:57 ]

 LathandredCrusader:
19.02.12, 06:13
 RaANdOoM,
First off all, sorry for this late answer. I'm grateful for your useful information. Thanks for helping me about this issue..

Now, I've downloaded IDA 6.1 from your dropbox and then tried it..
When I open a file by using 6.1 version, program doesn't give me any of those error messages.
But, IDA 6.1's disassembling is wrong as of IDA 5.1. At least, I think so..

Let me show it. When I open a file, for example camera application, by using version 6.1,
in the beginning, everything seems alright:


But, in the other hand, let's check another entry point:
Hex vision:


IDA vision:


This fact forces me to think that, auto analysis that was made by IDA after disassembling is wrong.
And, there is another strong possibility that I'm a noob and natural born loser. I don't know.
But, after now, I will try to disassemble those files manually. Maybe I can get the proper result by doing so.
By the way, I have uploaded some files to here. Because, maybe you wish to try disassembling some of these files.

About the second issue: I didn't know that symbian source codes have been leaked.
if it is so, it is a great support. I've tried to download that codes from here:
http://forum.dailymobile.se/index.php?PHPSESSID=v3m7joq0djgd6j9n3p3mks95a4&topic=60512.0
But that site says "The topic or board you are looking for appears to be either missing or off limits to you."
So, I will find a person who can access and download that codes, as soon as possible...
I'm writing too long, so sorry for it. I can only trust you mobilefree developer's and patcher's knowledge...

[ Edited by LathandredCrusader в 19.2.12 05:04 ]

 den_po:
19.02.12, 14:17
 
LathandredCrusader пишет:
But, in the other hand, let's check another entry point:

change data types manually

 RaANdOoM:
19.02.12, 21:48
 LathandredCrusader, yeah, den_po right. Use your head: if you see that some bytes looks like text - make text with your hands, or if it looks like reversed address - make dword :)
And one advice for you... Go to "Options" -> "General" -> "Analysis" -> "Processor specific analysis options" -> "Edit ARM architecture options". Choose "ARMv7-A&R" and click "OK".
Satio have Cortex A8, like my N900, and trust me: without this options some instructions can be not recognized (some from Thumb-2) and code can be not fully disassembled.

 LathandredCrusader:
19.02.12, 23:07
 
den_po пишет:
change data types manually


RaANdOoM пишет:
LathandredCrusader, yeah, den_po right. Use your head: if you see that some bytes looks like text - make text with your hands, or if it looks like reversed address - make dword :)


And, yeah, that's what I meant when I said "But, after now, I will try to disassemble those files manually."
So, I must spend more time on these files by opening them with IDA, and try to get more experience about them.
Now, I'm not confused about IDA. By the way, RaANdOoM, I've configured IDA by doing your last advice.
That's very useful information. I will do my best.. Regards...

[ Edited by LathandredCrusader в 19.2.12 20:07 ]

URL этой темы:
https://mobilefree.justdanpo.ru/newbb_plus/viewtopic.php?topic_id=5515

© 2005-2018 supertrubka.org