06-16-13 07:45 PM
33 12
tools
  1. b320's Avatar
    How-to: Pattern for Extracting Radio QCFM Files from Autoloader Files

    A lot of people have been asking how to extract .signed qcfm files from autoloaders. This post should provide example patterns for generation of radio qcfm files from autoloaders designed for the Z10 and Q10 devices.

    1. We begin with the assumption that the autoloader file that you're working with contains the autoloader executable, then radio qcfm file and finally the OS load qcfm file. If this isn't true, you may be looking for the same strings but in different places. (credit: xsacha)

    2. To extract a signed radio qcfm file, look for the first string starting with
    Code:
    mfcq...........................qcfp
    which appears to occur around offset 643648 in Z10 autoloaders and around offset 6EA434 for Q10 autoloaders. Note down the specific offset for the beginning of this string.

    3. Then, look for the second (must use second or you'll yield an invalid qcfm file) occurrence of
    Code:
     
    immediately preceding
    Code:
    mfcq....................*.......qcfp
    and which appears to occur around offset 1C13878 in Z10 autoloaders and around offset 1E3A664 for Q10 autoloaders. Note down the specific offset for the ending of this string.

    4. Select the text between the two offsets, copy and paste, then save the file as something like radiofilename.signed. Make sure that your resulting file begins with the first string above and ends with the second string above.. This should result in a file that's about 22-24 MB in size.

    As a bonus, you can use create your own self-contained radio autoloader using the following autoloader command line:
    Code:
    autoloader.exe create radiofilename.signed radiofilename.exe
    The autoloader.exe will check the .signed file you feed it and it will reject it if you extracted an invalid qcfm file. If your qcfm file is valid, you will see a results screen ending with a
    Code:
    Packing...Done.
    message.

    EDIT:

    How-to: Pattern for Extracting OS Files from Autoloader Files

    To extract a signed OS file with the same kind of an autoloader file (which contains the autoloader executable first, then radio and finally OS), start your selection with the string
    Code:
    mfcq....................*.......qcfp
    that immediately follows the second occurrence of
    Code:
     
    and continue the selection until the end of the original autoloader file. This should yield a valid OS qcfm file that should be processable by autoloader.exe's create command if you extracted a valid file.

    (I will try to update this post with corrections discovered or additions suggested downthread.)
    Last edited by b320; 05-25-13 at 06:35 PM. Reason: additions, corrections
    05-24-13 11:49 PM
  2. Kris Simundson's Avatar
    How-to: Pattern for Extracting Radio QCFM Files from Autoloader Files

    A lot of people have been asking how to extract .signed qcfm files from autoloaders. This post should provide example patterns for generation of radio qcfm files from autoloaders designed for the Z10 and Q10 devices.

    1. We begin with the assumption that the autoloader file that you're working with contains the autoloader executable, then radio qcfm file and finally the OS load qcfm file. If this isn't true, you may be looking for the same strings but in the same places. (credit: xsacha)

    2. To extract a signed radio qcfm file, look for the first string starting with
    Code:
    mfcq...........................qcfp
    which appears to occur around offset 643648 in Z10 autoloaders and around offset 6EA434 for Q10 autoloaders. Note down the specific offset for the beginning of this string.

    3. Then, look for the second (must use second or you'll yield an invalid qcfm file) occurrence of
    Code:
     
    immediately preceding
    Code:
    mfcq....................*.......qcfp
    and which appears to occur around offset 1C13878 in Z10 autoloaders and around offset 1E3A664 for Q10 autoloaders. Note down the specific offset for the ending of this string.

    4. Select the text between the two offsets, copy and paste, then save the file as something like radiofilename.signed. Make sure that your resulting file begins with the first string above and ends with the second string above.. This should result in a file that's about 22-24 MB in size.

    As a bonus, you can use create your own self-contained radio autoloader using the following autoloader command line:
    Code:
    autoloader.exe create radiofilename.signed radiofilename.exe
    The autoloader.exe will check the .signed file you feed it and it will reject it if you extracted an invalid qcfm file. If your qcfm file is valid, you will see a results screen ending with a
    Code:
    Packing...Done.
    message.

    (I will try to update this post with corrections discovered or additions suggested downthread.)
    Whats the section needed for extracting the OS file? once i have that i can finish my STL100-1 hybrid
    05-24-13 11:58 PM
  3. b320's Avatar
    Whats the section needed for extracting the OS file? once i have that i can finish my STL100-1 hybrid
    Start with
    Code:
    mfcq....................*.......qcfp
    immediately following the second occurrence of
    Code:
     
    and end with the end of file. This should yield a valid OS qcfm file that should be processable by autoloader.exe's create command. This is untested, however.
    05-25-13 12:03 AM
  4. Kris Simundson's Avatar
    Start with
    Code:
    mfcq....................*.......qcfp
    immediately following the second occurrence of
    Code:
     
    and end with the end of file. This should yield a valid OS qcfm file that should be processable by autoloader.exe's create command. This is untested, however.
    Trying it now, have to delete previous code however to make a OS signed file as Hex editor will give a out of memory error if you try to copy and paste the code (partly due to it being a 1.02GB file)
    05-25-13 12:25 AM
  5. Kris Simundson's Avatar
    Update: Built autoloader successfully, uploading to mega now for -1 users to test
    05-25-13 12:39 AM
  6. b320's Avatar
    Trying it now, have to delete previous code however to make a OS signed file as Hex editor will give a out of memory error if you try to copy and paste the code (partly due to it being a 1.02GB file)
    This should work as well (deleting code preceding the first string) and doing a "save as" a .signed file. Autoloader.exe should accept this file for processing.
    05-25-13 12:39 AM
  7. xsacha's Avatar
    Just look for the following HEX:
    6D 66 63 71 00 00 00 00 01

    That's the start of the OS and Radio file.
    OS is big one, Radio is small one.

    If you use XVI32, just select the first byte of the header and choose Edit->Delete to cursor
    Last edited by xsacha; 05-25-13 at 01:11 AM.
    russworman likes this.
    05-25-13 12:45 AM
  8. b320's Avatar
    Update: Built autoloader successfully, uploading to mega now for -1 users to test
    From what file did you extract the qcfm for the STL100-1 autoloader? Is it from either the STL100-2/-3/-4 or the SQN100-3 autoloaders? STL100-1 uses a different hardware and is incompatible with the other two as far as OS files go.
    05-25-13 12:45 AM
  9. Kris Simundson's Avatar
    i pinpointed OS start point at 1C13877 and end point 62323AA08 so I just went from 0 - 1C13877 and deleted all that code, than saved as *.signed as mentioned
    05-25-13 12:47 AM
  10. Kris Simundson's Avatar
    From what file did you extract the qcfm for the STL100-1 autoloader? Is it from either the STL100-2/-3/-4 or the SQN100-3 autoloaders? STL100-1 uses a different hardware and is incompatible with the other two as far as OS files go.
    Downloaded STL100-1 10.1.0.1485 Dev Autoloader from BB Developer Site

    So I combined that autoloader code which should have the proper HWID, with the OS file (BB10 OS is the same across the board), with the radio file from a official STL100-1 10.1 update
    05-25-13 12:48 AM
  11. dustmalik's Avatar
    Mehn this seems all complicated. I'm out of here... LOL

    Posted via CB10 using my Gorgeous Z10
    05-25-13 06:07 AM
  12. tickerguy's Avatar
    OK, I can extract radios from the autoloaders and they work when re-flashed... Would this be useful to someone? A bit more work and I will be able to extract both. It works; I just flashed the extracted 2337 radio on top of the 200x load without incident.

    Fairly simple little "C" program...

    The primary value I see is that with radios extracted we can then mix and match as we desire; since loading the OS is destructive there's not a lot of value in extracting that from the autoloader, while there IS value in extracting radios.

    (I know you can do it using a hex editor; xvi32 refuses to load the full autoloaders for me however, as it complains it cannot allocate enough memory. This makes it simple -- it just mmap's the file, looks for two signatures and dumps the contents between them to an output file. Dirt easy.)
    Last edited by tickerguy; 05-25-13 at 09:39 AM.
    05-25-13 09:27 AM
  13. Sator's Avatar
    Update: Built autoloader successfully, uploading to mega now for -1 users to test
    You and tickerguy are awesome...

    Sent from my Z10 using Tapatalk 2
    05-25-13 09:36 AM
  14. Kris Simundson's Avatar
    HWID for STL100-1 is included in my code so it should by theory work

    [How-to] Pattern for Radio Files in Autoloader Files-hwid.jpg
    05-25-13 09:46 AM
  15. tickerguy's Avatar
    Sheesh -- it appears that I cannot post code here in a reasonable format (it removes the linefeeds when I use the "code" tag)

    The "C" program to extract both radio and OS files from an autoloader, which presumes the first file is the radio and the second the OS, is at http://www.denninger.net/parseautoloader.c

    Come and get it (you will need to compile it, as it's source. And it ain't elegant -- just functional.)
    Kris Simundson and ofutur like this.
    05-25-13 09:56 AM
  16. ofutur's Avatar
    Come and get it (you will need to compile it, as it's source. And it ain't elegant -- just functional.)
    Does not compile for me on Kubuntu (gcc 4.7), but does on FreeBSD (gcc 4.6).
    error 'MAP_NOSYNC' undeclared
    05-25-13 10:39 AM
  17. tickerguy's Avatar
    Remove that flag; it should not hurt anything. It's there just to reduce the risk of thrashing VM space during execution on systems with modest memory.
    05-25-13 10:44 AM
  18. ofutur's Avatar
    Replaced both flags with MAP_SHARED and it compiled (just a few warnings).
    It works as well, which is the most important feat . Well done!
    05-25-13 11:15 AM
  19. tickerguy's Avatar
    I didn't say it was clean; it is in fact a pretty quick and dirty hack, but it works

    I went back and added the missing header file (stdlib.h) that caused the warnings on exit(), and replaced the source code.

    Hope this helps folks.
    05-25-13 12:56 PM
  20. zocster's Avatar
    hmm i will wait till @xsacha updates the sachup tool
    05-25-13 05:28 PM
  21. b320's Avatar
    hmm i will wait till @xsacha updates the sachup tool
    Yeah, he said he's adding splitting and combining functionality to his BB10 firmware tools. This should make it easy for everyone.
    05-25-13 06:36 PM
  22. SirJes's Avatar
    OK guys so am going to copy up to the last "y" in the 3rd step? and from the mcfq in the first step? nothing more nothing less? im using hxd, so i just use the select block tool and enter the offsets i find those files at but when i save it as radio.signed it says its invalid
    05-25-13 07:17 PM
  23. SirJes's Avatar
    ok nvm lol got it, man i learn quick >_< found my error, thanks for this
    05-25-13 07:23 PM
  24. b320's Avatar
    OK guys so am going to copy up to the last "y" in the 3rd step? and from the mcfq in the first step? nothing more nothing less? im using hxd, so i just use the select block tool and enter the offsets i find those files at but when i save it as radio.signed it says its invalid
    ok nvm lol got it, man i learn quick >_< found my error, thanks for this
    Yes, copy through the fourth "" to end the radio file. Yes, it's very convenient that cap.exe / autoloader.exe validate the file, so that you're not testing it by loading it to an actual hardware device.
    05-25-13 08:00 PM
  25. xsacha's Avatar
    Yeah sorry it's weekend now. I added the code to Sachup while I was on the train. I'll upload new version tonight probably.
    b320, SirJes and tickerguy like this.
    05-25-13 09:33 PM
33 12

Similar Threads

  1. How To: Use the Radio code from one OS build in another
    By Sith_Apprentice in forum Tips, How To & FAQ
    Replies: 156
    Last Post: 10-05-12, 12:46 PM
  2. how to tell which radio file you have
    By khart214 in forum Storm OS Discussion
    Replies: 1
    Last Post: 04-30-09, 08:11 PM
  3. how to tell which radio file you have
    By khart214 in forum BlackBerry Storm
    Replies: 1
    Last Post: 04-30-09, 08:11 PM
  4. How To: Use the Radio code from one OS build in another
    By Sith_Apprentice in forum General BlackBerry Discussion
    Replies: 10
    Last Post: 02-03-09, 01:36 PM
  5. How to Export for Pearl in plazmic 4.6??
    By Synergie in forum BlackBerry Themes
    Replies: 15
    Last Post: 10-22-08, 07:06 AM
LINK TO POST COPIED TO CLIPBOARD