Moderators, feel free to move the topic.
I can not post in the Firmware Tutorials & Guides and I do not know if the Newbie Forum would be the most appropriate.

As porting functions of the library.

What you need:
IDA
http://www.4shared.com/file/49755092/9ddf5...PRO_52.html?s=1
Patsearch (Recommended) or Smelter
http://www.4shared.com/file/60279013/9567d...rified=d179bc52
BytesReverser (Optional)
http://forums.se-nse.net/index.php?showtop...st&p=368414
Babeldr
http://www.4shared.com/file/60278632/6c679...rified=d179bc52
GExtract or Main2raw
http://forums.se-nse.net/index.php?showtopic=6421&hl=
Two mains in the same platform. db2020/db2020 or db2010/db2010
The first of which you have the function and
the second for which you will port the function.

Base address:



In this example, let's port from the W850 to K800

First place the file babeldr.ldw in the folder IDA/loaders
And convert the second main (K800) to RAW, using GExtract or main2raw.
There is no need to convert the main of W850 to RAW.

Now double click on the first main (w850) and select "Open with ..." and
Select IDA in the list

Make sure that the option "SonyEricsson firmware [babeldr.ldw]" is selected.
In "Processor type" Select "ARM prossessor ARM710a"
Press "SET" and "OK"


Go to Options -> General and set 'Number of opcode bytes' field to 4
Go to Options -> general -> analysis -> processor specific analysis options ->
disable pointer referencing and check this option. Press OK Then click on: -> reanalyze program.
The next step: Options -> Setup data types… and uncheck 1 byte and 2 word then OK.
Press "alt+G" and in "Value" put 1 and OK

Open K800.mbn in IDA, and do the same actions mentioned above...

That is our function:

We need to reverse the order of bytes, so copy the function E9D14045 and paste in BytesReverser (To use the "auto jump" first select the IDA which have the main of W850 opened, then go to BytesReverser and press "Reverse them!")
Or go to the IDA, press "G" and enter the address reverse

Note that our function starts at byte B5.



Move 1 byte up and press "C" (ROM:4540D1E8 E2) in this case
Select the area and copy "ctrl + C"



Open "Patsearch" and go to "Load ff" and select K800.RAW, not .MBN
And enter the base address 0x44140000 (You can check the base address for your phone on the first lines of IDA or in the table at the beginning of the topic)
Paste the code that you copied in IDA on the patsearch and press "Convert"



Now on all lines where there are 4 bytes, switch the last byte to "??" and press "Search"
You can use the function replacer, of the bytereveser for it


Result
453EC3D8


Now go to the IDA which contains the main of K800
Press "G" and paste the address 453EC3D8

Note that you are already 1 byte above the beginning of the function, so you do not have to move, just press "C".


Now compare both firmwares

W850

k800

Now take the address of the K800 and add +1
453EC3D8+1 = 453EC3D9 and reverse the bytes with bytes reverser








To port the functions 8xxx, which ends in xxxxxx20 to db2020 and xxxxxx4C to db2010
we have to find some party of the main that uses this address


First make the same steps for setting the IDA

In w850 main press "alt+B" and in "string" enter the address separated by spaces between the bytes 50 F2 16 20 and check "Find all occurrences" box.
2 results, We will use the first. Double click on it.



Again press "alt + B", in "string" put "B5", check "Search UP" and uncheck "Find all occurrences" box



Move 1 byte up and press "C"
At the end of the image we can see the address, that we find looking for 50 F2 16 20.

And at the end of the line we can see a reference to that address, when we leave the mouse pointer over it (yellow box)
And starting this address that we will make the selection to the search



Double click in , start the selection and copy and paste in Patsearch.



In patsearch press convert and change the last byte of the lines with 4 bytes and press search



Go to the K800 main and press "G" and paste the address 4545DA90.
When you're at 4545DA90, press C
and double click in



Our address to K800

Tips

If you jump into an address and see a graph of the functions, press space to switch to the normal mode


If you reverse the firmware, appear strange codes like this, that means that the party is not in thumb mode.
Press "U" and clivk in "Yes".


This part will be back to normal


Now press "alt+G" and in Value put "1" and press "C"

Great work!
This shall help people who want to port libs.

Is the next part about porting 8*** functions?

Thanks.

yes is 8xxx functions, and I will also add some tips for functions with many results.

wow man that's wonderfull! I'll add this to the tutorials section for you!


(P.S.: Will this work for porting advanced patches too?

Part two added

Still missing the party for when you have many results



First you make the ASM file. And then you port the addresses this way

You can add +10000000 as base address for DB3150 (W910i, K850i, Z750, W980i and so on)

For future patching on DB3150




P.S. NO we cannot patch them YET.

Great guide really! I think it should be stickied

All tutorials in this section are great, so we could all sticky them but that'd have no use... search is the noobs biggest friend, as always

I guess you're right
I figure I just said that coz I'm extremely eager to get people into porting libs

I would adore to learn porting advanced patches (for future porting from DB2020 to DB3150... ) a videotutorial would be the best... I tried the porting advanced patches tutorial a few times but it's not detailed enough...

You can port patches without making the ASM file.
To do this you need to identify what needs to be ported.
Click to view attachment
I'm assuming you know what each part of the patch means
1- It is the offset, you need to find this at the new firmware. And change the original bytes if necessary.
2 - Addresses are pointing to the body of the patch. You calculate them after setting where the patch will be applied. Use Patcher Assistant for this.
3 - This is the only address in the body of the patch that you need to port
4 - This is the address in memory where it is is the name of the phone (BT).
To find him you must put a easy name for BT. eg forumsense
Then you run the elf readerram. and serach for forumsense in hexa 6F72756D73656E7365 in bin file generated by readerram
And you will find the address in memory to your patch.

And port from a similar model
Like W610 R6 to W610 R8
K790 to k800 / k810

Easy

Hey mate,great tut

W junior, one more time, the best way to port functions and patches!!
You're so crazy man, the LibportMan!!
Great tut!!

good tutorial w.junior keep it up

It is possible port patch from DB2020 to DB3150?

Amazing tutorial, I really need to start using it!

Hei...junior this great tut n im still learning about port function. i follow your tut step by step but im have prob,why i cant find base addreas for w550 in patsearch? sory im noob about port function.

Enter the address manually
0x440A0000

Thanks man...and do you have my messages? i have PM you...

not find this memory address r4db005 in W810, and I need to know what would W810 r4ea031, help me? please

DCD 0x4C2F9BBA

4C2F9BBA


BA9B2F4C

This is HEAP address. ;(!) HeapShift! (4C2F9bba)



define an address between those two, that is not being used by any other patch

I'm trying to port W660 Orange functions to W660 Generic, but I get many values using PatSearch.



Do you have any idea what's wrong?

Increase pattern, by reducing the result to one or two. and check the SUB_XXXXXXX

or use this:
http://forums.se-nse.net/index.php?showtop...st&p=467520

I need some help understanding this as I have no idea what I'm doing. I am just following the guide to get a new library for the W660 Generic as the SVN is not updated. But the Orange W660 is updated, so I want to port to get the latest library.

Can you please elaborate this for me?

You need disassembler more the firmware.
Scroll down to the next byte highlighted in yellow (gold) and press C
Then make a big pattern

Something like that

Instead of


Search for


any way

Click to view attachment

Thanks a lot for the library. Where do you people find these libraries? I only know about the SVN at http://perk11.info/svn/SE/Library/ . Are there are any other locations?

Looks like I'll have to learn this another time. Thanks for your help

Your attachment make me lazy to learn

You port all I need,,

I will post my doubt porting problem soon..

You rockkkk.....

Great tutorial. Thank

yes.

is easier to port from db2020 to db2010.

I'm trying to port functions for w700i... I've had problems porting functions of 2A series( 2A1, 2A3).. These functions are required to run most of the new elves..

The problem is Patsearch returns 100s of bytes as result ... Plz see the attatchments for more details

Plz tell me if there is any alternative method of porting these kinda functions....