How to change spreadtrum bootlogo using a Hex Editor

In this tutorial we gonna learn to change spreadtrum bootlogo using a Hex Editor.
Recently I was analysis a PAC file for making a repacker for it and
suddenly I see some bmp (image files) inside it after dumping that file I
see that is a bootimage file. So, I thought to release a small tutorial
regarding changing boot image easily using a Hex Editor. Personally I
will recommend you HxD Hex Editor, since it is portable and freeware.

What we need?

  1. A Hex Editor (like HxD Hex Editor, Hex Workshop, 010 Editor etc.)
  2. A Spreadtrum smartphone PAC File.
  3. A Computer with at least 2GB of Free Space.

Let’s change spreadtrum bootlogo –

First of all drag and drop the main PAC file into your favorite Hex Editor.

spreadtrum bootlogo

Next step is to search for string, for that simply press CTRL+F and
search for “BMP” or “bmp” since partition names are stored in Unicode
string format. So never forgot to search in unicode mode as shown in
picture.

Bingo!! We have found the partition name it is “logo_karbonn.bmp”. We
can’t find the file until we know where it start from. So, we have to
find offset of logo_karbonn.bmp.

Let’s slide it down, bingo after sliding down we found a line which contains some dword values. Let’s check them.

These dword values are in Little-Endian format means in reverse. We
need two things, 1. Offset of bootlogo bmp file 2. Size of bootlogo bmp
file. We can clearly see it in upper line.

In my case bootlogo partition information is stored at offset 0x8740  as you can see in picture. So, I dived the whole line into 4 chunks.

Whole line is : 34 E0 05 00 01 00 00 00 01 00 00 00 EC 64 EA 0D

first chunk : 34 E0 05 00

second chunk :  01 00 00 00

third chunk : 01 00 00 00

fourth chunk : EC 64 EA 0D

As I said these values are in little endian format, so first chunk is Size and fourth chunk is offset.

Offset : 0DEA64EC

Size : 0005E034

Dumping the BMP File

Firstly we gonna dump the bmp file through our hex editor. For
dumping Right click on Hex Editor and goto Select Block or you can
simply press CTRL+E a new dialog will pop up. It will ask you for offset
and size. Simply put two values that we found earlier in text boxes and
click OK.

Now, we will copy the select bytes and will create a new files with
that files. Copy the selected bytes by pressing CTRL+C and then create
new file by pressing CTRL+N and then paste these bytes there by pressing
CTRL+V. Now, we gonna save our file. press CTRL+S and it will ask where
you want to save simply select a valid location and click on save
button. Now, let’s try opening our newly created dump file.

Voila!!! It’s really worked. Amazing isn’t it? Let’s try some edits on it and repack it into our pac file.

Changing Bootlogo bmp file :

Now, It’s time to change the image file that is available in pac file
with another ones. Do some modifications on picture that we dumped.

In my case I simply added a rectangle over name of phone. Now, we are
ready to add our file into that pac file. Firstly open the bmp file
with hex editor and copy all bytes from there.

You can clearly see the size of file at the status bar of hex editor.
Now, we gonna replace the bmp file from main pac file. Again follow the
same steps that we do while dumping the file select bytes and paste new
bytes that we copied from new bmp file. After replacing bytes save pac
file. Now, try to flash it into phone, and you will see the changes that
we do in bootimage.

Note : This method may give problem while new file size is bigger
then old one. for that add bytes at the end of pac file and change
offset and size from partition table.

Leave a Reply

Your email address will not be published. Required fields are marked *

*