hello and welcome back to romprovider.com, in this page we share a detailed rawprogram0 editing guide for different functions.
convert rawprogram0 from flash script to Read Script:
during a test I found that we can use rawprogram0 flash script to read the firmware from device just by editing some word, let’s see how
- open device firmware and search for rawprogram0.xml
- Now Open the rawprogram0 with Notepad ++
- In Keyboard press CTRL + F in the Popup select ‘Replace‘
- in the find field enter ‘program‘
- In the Replace field enter ‘read‘ & click replace all
- Now we have a firmware read script, let’s fix error.. look for all the lines without a file name and add a Proper file for it e.g. for modemst1 enter modemst1.img
e.g.
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="NON-HLOS.bin" label="modem" num_partition_sectors="172032" physical_partition_number="0" size_in_KB="86016.0" sparse="false" start_byte_hex="0x4000000" start_sector="131072"/> Replace with <read SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="NON-HLOS.bin" label="modem" num_partition_sectors="172032" physical_partition_number="0" size_in_KB="86016.0" sparse="false" start_byte_hex="0x4000000" start_sector="131072"/>
- do for all lines and save file. if wanna to skip a partition just remove that line
- done, Now send this file using ROM2box
Reading Critical Partitions:
- to read critical partition Like modemst1, modemst2, Persist, oem or any other we edit rawprogram like below
<read SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="persist.img" label="persist" num_partition_sectors="32768" physical_partition_number="0" size_in_KB="16384.0" sparse="false" start_byte_hex="0xc682400" start_sector="406546"/> <read SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="modemst1.img" label="modemst1" num_partition_sectors="8192" physical_partition_number="0" size_in_KB="4096.0" sparse="false" start_byte_hex="0xd682400" start_sector="439314"/> <read SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="modemst2.img" label="modemst2" num_partition_sectors="8192" physical_partition_number="0" size_in_KB="4096.0" sparse="false" start_byte_hex="0xda82400" start_sector="447506"/>
convert rawprogram0 from flash script to wipe/erase script:
- to do so we follow the same Instructions as we do for read script and In the Replace filed we ad ‘erase‘ instead ‘read‘ save and send the file with ROM2box
e.g.
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="NON-HLOS.bin" label="modem" num_partition_sectors="172032" physical_partition_number="0" size_in_KB="86016.0" sparse="false" start_byte_hex="0x4000000" start_sector="131072"/> Replace with <erase SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="NON-HLOS.bin" label="modem" num_partition_sectors="172032" physical_partition_number="0" size_in_KB="86016.0" sparse="false" start_byte_hex="0x4000000" start_sector="131072"/>
Fix soft brick/Random Reboot after Erase and flash:
- most common issue after complete erase and flash, open rawprogram0 with notepad++
- search for persist partition, in the blank filename field enter ‘persist.img’ save and write firmware with modified rawprogram0
e.g.
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="" label="persist" num_partition_sectors="65536" physical_partition_number="0" size_in_KB="32768.0" sparse="true" start_byte_hex="0xf4000000" start_sector="7995392"/> Replace with <program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="persist.img" label="persist" num_partition_sectors="65536" physical_partition_number="0" size_in_KB="32768.0" sparse="true" start_byte_hex="0xf4000000" start_sector="7995392"/>
Making FRP & Pattern bypass File:
- open rawprogram0 with notepad++
- keep userdata and FRP partition Line’s and remove all
- Now replace ‘program’ with ‘erase’ and send Modified file with ROM2box
e.g.
<erase SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="userdata.img" label="userdata" num_partition_sectors="1048576" physical_partition_number="0" size_in_KB="524288.0" sparse="true" start_byte_hex="0x10c000000" start_sector="8781824"/> <erase SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="frp.img" label="frp" num_partition_sectors="1048576" physical_partition_number="0" size_in_KB="524288.0" sparse="true" start_byte_hex="0x10c000000" start_sector="8781824"/>
Making offline bootloader unlock file:
offline bootloader making require development knowledge & suitable for developers only, Let’s see how
- dump oeminfo, devinfo image depend on device
- edit it with hex editor and make unlockable by adding 00 filed on proper place
- Now open rawprogram0 with notepad and keep the respective partition line save and write modified file with ROM2box, then unlock from rom2box/android/bootloader-unlock
using qboot.exe:
Motorola’s qboot.exe use rawprogram0 in this manner
<!-- Flash bootloader --> <print what="Flashing bootloader..."/> <flash partition="abl_a" filename="abl.elf" verbose="true" /> <flash partition="cmnlib_a" filename="cmnlib.mbn" verbose="true" />
<wipe partition="multiimgoem_a" verbose="true" /> <wipe partition="multiimgqti_a" verbose="true" />
It’s clear Indicate that it use ‘flash‘ tag instead of ‘program’ and ‘wipe’ tag instead of ‘erase‘ there is no information about hex and sector meaning it use function like emmcdl.exe to write a partition by using partition name.