- compressed
initially used Win32::API to load dll, ( where i added the cdecl option to the cpan module )
then i wrote a xs module loading the various compression dlls
then i wrote a 'dllloader' to be able to do the same under osx
then i apple made everything 64bit, so i experimented with running the dll in a seperate 32 bit process -> too slow
so i switch to c++

recent problems:
  - 250M
  - 10000 files

------------------
imgfs
xip
wrapped in sector remapping layer ( fffbfffd tags )
wrapped in signed nbh archive
   - archive layer, os, spl, gsm, splash, ...
   - signature layer



there are 2 flavors that binaries come in:

 * updater
 * extracted from rom


data found in the rom images:
 baseband os rom
 appliation os rom
 bootloaders
 configuration data
 operator customizations
 bootsplash images


how updaters are packed:
  obfuscated updaters
  signed updaters


encountered file formats:
 * fat  -> fatinfo.pl
 * cab  -> cabdump.pl
 * xda nbf
 * B000FF  .bin files
 * R000FF/S000FF htc nbh
 * qualcomm gsmv2
 * imgfs
 * xip
 * xda1: dir2opimg+opimg2dir
 * xda1: chainedit, calcgaps
 * encrypted (sim)lock data

both xip and imgfs contain compressed sections.
compression varies with wince versions
code is available as a .dll or .lib to link against.



 initial goal of tools:
    reverse engineering the file format.
    figure out the meaning of every single byte
    unpack, then check all values to be as expected.
    there is a lot of redundancy in fileformats
 later this evolved into a tool which extracted all binaries as executables
 which can be analyzed using IDA


evolution of tools
  dumprom[c++] -> dumpxip[perl]

for 'nbf' like files: splitrom.pl
for 'nbh' like files: nbh2dbh, dbhdecode, rdmsflsh, editimgfs


=== wince files ===

then investigating the various files found:
  * fdf
  * hv
  * winresdumper

===========
focus mostly on htc devices.
other devices investigated:
 * yakumo p300

===========
how files are stored in xip / imgfs
 * either as a raw byte stream, possibly compressed
 * or as 'xip' ( execute in place )
    * relocated to a fixed address
    * seperate stream for each exe section ( data, code, resources, ... ) 
    * no code signature

===========
gsm part
 * decoderadio.pl
 * parsegsmv2.pl
 * dumpefs.pl
 * gsmv2hash.pl

===========
simlock data
 * typhoonnbfdecode
 * findciddata
 * findseed
 * startrek_cidedit.pl,