analisys of a upgrade for the SPV E200, found at http://web.orange.co.uk/assets/sw/RUU_v2.4_OrangeUK_v2.6.1.3.exe

howto decode nbf

xda2nbftool -x NK.nbf nk.nba 0x16003520
ignore the warning about a possible incorrect password.

extracting files

currently dumprom cannot yet decode this rom.

layout

00000000-00040000bootloader code, relocated to ram at 10078000
00040000-00090000empty ( filled with 0xff )
00090000-00090080some version info
00090080-000a0000empty ( filled with 0xff )
000a0000-000b2e88'logo'
000b2e88-00100000empty ( filled with 0xff )
00100000-005e0000xip region 'OEM' - relocated to 80000000
005e0000-006f8000empty ( filled with 0xff )
006f8000-00700000xipchain
00700000-00900000gsm rom ???
00900000-01520000xip region 'SMARTFON' - relocated to 82040000
01520000-015c0000empty ( filled with 0xff )
015c0000-01640000xip region 'OPERATOR' - relocated to 82d00000
01640000-01900000xip region 'LANG' - relocated to 82d80000
01900000-01940000empty ( filled with 0xff )
01940000-01c00000xip region 'BUNDLEAPPS'- relocated to 83080000
01c00000-01fc0000empty ( filled with 0xff )

a perl script that can partially extract files from a rom image can be found here
note: the decompression code is somewhat unstable, and crashes every once in a while. have to look into this.

to be able to extract the romfiles with dumprom, you have to split the file into parts that don't have discontinuities in their addressing space ( or put another way, in parts that have linear addressing ):

  • 00000000-00100000 ( virtual offset = 10078000 )
  • 00100000-00900000 ( virtual offset = 7ff00000, or 00100000 translates to 80000000 )
  • 00900000-02000000 ( virtual offset = 81740000, or 00900000 translates to 82040000 )