Database Users

[Universal] How to d2s (dump) the ROM

All right... GOOD NEWS story for today!!!
There is no doubt, that our gods are helping us...
Here's what happened to me yesterday.
Yesterday I was dreaming about editing the ROM of Universal/Exec but as you may know, 'd2s' command doesn't work. It just quits with "Not allow operation".
But suddenly, my china god of wisdom whispered to me:
GOD: "hey buzz, you wanna dump the thing? why do you use that old fashioned 'd2s' command to dump it?"
me: "well, that always worked... so what else should i use?"
GOD: "OK, here's a little present for you ) just try 'task 32' )) "
Code:
USB>task 32
SD:Waiting for card insert.........
CMD3 for SD, it's OK, ready to get RCA from response.
SD:Detected one card
SD:ready for transfer OK
d.total_lba=1DC00
d.block_size=200
d.RCA=EC7E
d.drv_type=40000000
d.busWidth=1
Total card size=3B80000
So here it is !!!!
... and LET THE FUN BEGIN!!!
The above story is 100% true, i've made up maybe two words myself...
BTW, this might also work on other "password protected" devices.
THANX
buzz

Buzz, that's great, where the heck did you find that command?
But now that bal666 has that decrypt/encrypt utility of the original NBK files, what would be the benefit of dumping the ROM to the SD card?
Can you restore back to the device from the SD card?
Going by the way of the SD card to dump, extract, modify, write back, then flash may be safer than the Upgrade Utility that keeps my device stuck in Bootloader mode until I go through the whole NK/MS, then Radio upgrade.
So, what's the opposite of 'task 32?'
Thanks!

i'm dumping at the moment, but i would say, that it would be enough to insert the SD card back into the slot and reboot into bootloader mode.
Then you have to wait few seconds till "press power to flash" message appears.
But so far i didn't test it, yet...
Testing right now...
))
buzz

buzz_lightyear said:
i'm dumping at the moment, but i would say, that it would be enough to insert the SD card back into the slot and reboot into bootloader mode.
Then you have to wait few seconds till "press power to flash" message appears.
But so far i didn't test it, yet...
Testing right now...
))
buzz
Click to expand...
Click to collapse
Buzz, it is really good news. At this moment some of Universal (e.g. T-mobile) providers have not released an update yet. So if people can dump their roms on a SD, we at least have a fall back. In case of repairs the Universal will need to be updated again with a rom from the provider.

That is really a fantastic news!
If the restore test is successful, please just let all of us know.
Oh, and look forward to a complete dump backup/restore guide. :wink:

BeyondtheTech said:
But now that bal666 has that decrypt/encrypt utility of the original NBK files, what would be the benefit of dumping the ROM to the SD card?
Click to expand...
Click to collapse
From what I've seen his tool incorrectly decrypts NBF, some blocks are mixed.

hmmm.....
i think that the "task 32' commande needs a little bit more tweaking...
Till now it was just saying OK... ready.. etc., but actually did not the dump... (
Code:
USB>task 32
SD:Waiting for card insert.........
CMD3 for SD, it's OK, ready to get RCA from response.
SD:Detected one card
SD:ready for transfer OK
d.total_lba=F1F00
d.block_size=200
d.RCA=80CA
d.drv_type=40000000
d.busWidth=1
Total card size=1E3E0000
Level = FF
USB>
Well, "Level = FF" sounds like an error to me....
hmmm....
buzz

Another very interesting command and it's output:
Code:
USB>info 2
SD:Waiting for card insert.........
CMD3 for SD, it's OK, ready to get RCA from response.
SD:Detected one card
SD:ready for transfer OK
d.total_lba=F1F00
d.block_size=200
d.RCA=80CA
d.drv_type=40000000
d.busWidth=1
Total card size=1E3E0000
HTCSDOPOD601 «Jú½HTCE
USB>
Code:
USB>info 7
HTC Integrated Re-Flash Utility for bootloader Version : 1.40h, UNIVERSAL HW Version : 1.00
Built at: Sep 2 2005 15:14:29
Copyright (c) 1998-2005 High Tech Computer Corporation
Turbo=312, Run=208
Memory Frequency = 208 MHz
SDRAM Frequency = 104 MHz
Board ID is: 5
USB>
buzz

buzz_lightyear said:
Code:
Board ID is: 5
Click to expand...
Click to collapse
Hi Buzz,
is it possible to make memory dumps
in the bootloader without entering a password ?

cr2 said:
buzz_lightyear said:
Code:
Board ID is: 5
Click to expand...
Click to collapse
Hi Buzz,
is it possible to make memory dumps
in the bootloader without entering a password ?
Click to expand...
Click to collapse
not in bootloader...
but i'm able to dump DOC and memory using RapiEnabler and itsutils.
buzz

buzz_lightyear said:
but i'm able to dump DOC and memory using RapiEnabler and itsutils.
Click to expand...
Click to collapse
Hmm. What part of the DoC ? All 128 MB ?
There is also OTP and other stuff.
As you can guess, i'd like to dump the whole 64MB RAM (or as much as possible) while the bootloader is running, not
in wince.

Maybe you should try 'r2sd' ?

mamaich said:
BeyondtheTech said:
But now that bal666 has that decrypt/encrypt utility of the original NBK files, what would be the benefit of dumping the ROM to the SD card?
Click to expand...
Click to collapse
From what I've seen his tool incorrectly decrypts NBF, some blocks are mixed.
Click to expand...
Click to collapse
He stated that as long as you don't change the header information, it will encrypt and decrypt properly.
As a precaution, I took the NK.NBF, decrypted it to NK.FAT, then reencrypted it and did a successful byte-comparison.
I did the same with my modified NK.FAT file with my injected custom splash image and it encrypted and decrypted properly.
The biggest test was flashing it, and man, I was sweating buckets during the process. But, the flash came through successful for me and now I have the first custom splash screen on the Universal.
It's fun to break news or be the first guinea pig to try it out, just as long as it comes out successful! :lol:

The password doesn't seem do do anything.
The level of access is determined by your CID.
If your CID is 11111111 you have a SuperCID, which enables all the operations. I'm trying to track down where the CID is stored.
Bye,
Ricardo

go beyoundthetech !!!!
now only if you could post a step by step for all us goofs out here...
also im wondering with your genius if you could use the recently posted tools here to make custom universal rom (minus the ie explorer, file explorer etc) and teach us how to do that aswell!!!!

buzz_lightyear said:
i'm dumping at the moment, but i would say, that it would be enough to insert the SD card back into the slot and reboot into bootloader mode.
Then you have to wait few seconds till "press power to flash" message appears.
But so far i didn't test it, yet...
Testing right now...
))
buzz
Click to expand...
Click to collapse
My 9000 has a SuperCID. I managed to dump and flash the rom using these techniques.
Bye,
Ricardo

BeyondtheTech said:
He stated that as long as you don't change the header information, it will encrypt and decrypt properly.
As a precaution, I took the NK.NBF, decrypted it to NK.FAT, then reencrypted it and did a successful byte-comparison.
I did the same with my modified NK.FAT file with my injected custom splash image and it encrypted and decrypted properly.
Click to expand...
Click to collapse
I decrypted nk.nbf to nba with his tool, and decrypted the same file with alpinenbfdecode.pl script. Files are different after some offset. So there should be a bug in his util, because alpinenbfdecode.pl is known to produce working files. I had no time for more tests.

buzz_lightyear said:
Another very interesting command and it's output:
Click to expand...
Click to collapse
Hi buzz,
i can run "rbmc", but don't get where is this c:\test\mem.nb located.
Is it used by the mtty download protocol ?
I can't test it because mtty is not working
for me in windowz

cr2 said:
buzz_lightyear said:
Another very interesting command and it's output:
Click to expand...
Click to collapse
Hi buzz,
i can run "rbmc", but don't get where is this c:\test\mem.nb located.
Is it used by the mtty download protocol ?
I can't test it because mtty is not working
for me in windowz
Click to expand...
Click to collapse
looks like rbmc is running up to the point, where it should start saving the dump (
same as task 32
(
buzz

OK, so here is, how it should be:
Dump Bootloader:
Code:
USB>task 32
USB>d2s 70000000 80000
OS ROM + splash:
Code:
USB>d2s 70100000 3FA0000
XtendedROM:
Code:
USB>d2s 74100000 A00000
Radio ROM:
Code:
USB>d2s 60000000 a24200
If you want to have them all on single SD card, you must add "sd a" at the end of each command except the first one.
Example to dump/backup OS + XtendedROM + Radio:
Code:
USB>d2s 70100000 3FA0000
USB>d2s 74100000 A00000 sd a
USB>d2s 60000000 a24200 sd a
buzz

universal bootloader 1.0 decrypted

After banging my head with the update utility and a bootsplash stuck universal for like hours, I did decrypt the bootloader 1.0... Will do some reverse engineering and post what I find... :lol:
Update: decrypted Bootloader 1.0 is attached...

ady,
if this is true... congratulations!!!
you may want to share your knowledge with buzz and the other specialists ;-)
have a good success
peter

hi ady,
GREAT!
could you please tell me how you did it?
thanx
buzz

By hacking the ruu.dll and running the upgradeut. I'm away at the moment. Will post it later

ady said:
By hacking the ruu.dll and running the upgradeut. I'm away at the moment. Will post it later
Click to expand...
Click to collapse
very interesting approach... )))
buzz

Thanx buzz.
something which I observed earlier while looking at the string table:
It has multilevel password protection and the password for each level i.e update, erase, dump, debug is calculated at runtime.
Moreover the access level resets to lowest after a certain time which makes it almost unhackable
There are strings related to CID meaning there might be a method to change CID

updated first post to attach the decrypted bootloader 1.0 for those who are interested.
Also I succesfully flashed the 1.0 bootloader on a device which was previously updated with 1.01...
Of course if was after hacking the RUU.dll. By default it doesn't let you update to an older bootloader

ady I have been looking at the bootloader of the prophet and the interaction between the romupdate utility and the phone with a software logic analyzer which has revealed a lot of information including the commands that romupdate runs while upgrading the rom.
I am in the process of compiling a list of bootloader commands which may be usefull.
Did you dump the commands while downgrading the bootloader.
Pete

you can find a list of commands very easily. just look at the string table. however not all commands are allowed and that is the callenge

Some commands do not appear to be secured correctly.
For example the rbmc command.
If I run it without a password it says no pemission enter any password and then it will run fine.
The password issued by the romupdate tool seem to be based partly upon the results of the info 2 command as far as I can tell.
The main command I am struggling to figure out is the r2sd command which reads a key/password from the SD Card.

Rymez2K said:
The main command I am struggling to figure out is the r2sd command which reads a key/password from the SD Card.
Click to expand...
Click to collapse
hi,
did you mean d2s command?
buzz

r2sd command runs well when u hv CID unlocked..works for Prohet,wizard and charmer..typhoon

hdubli said:
r2sd command runs well when u hv CID unlocked..works for Prohet,wizard and charmer..typhoon
Click to expand...
Click to collapse
;o))) I thought, this is about Universal 1.00 bootloader...
buzz

According to some source of information there are 2 types of Universal. One with G3 and another with G4 chips. G3 bootroms have string "HW Version : 1.40h" in bootloader and its version is 1.xx, G4: "1.40j" and version numbers are 2.xx. Your ROM is for G3.
And bootrom can be decoded from nk.nbf with alpinenbfdecode.pl script

ady said:
By hacking the ruu.dll and running the upgradeut. I'm away at the moment. Will post it later
Click to expand...
Click to collapse
If this is correct , i hope, ...the nk.nbf of JASJAR bootloader can be decoded from bal66 tool and one can get.nba file.But I was not able to decode further with imgfs tools...it simply fails to do that....

@hdubli
bootloader image - nk.nba - is not an imgfs. you cannot use mamaich's imgfs_tools on it.
bal66's tool cannot decode bootloader nk.nbf to nk.nba either.
buzz

Attached is the file...pls check

hdubli said:
Attached is the file...pls check
Click to expand...
Click to collapse
yes, that file looks to be OK...
buzz

another thing:
lnb command doesn't work on 1.0 or 1.01. Another command wdata is used instead to update.
the difference between the two commands is that lnb needs to have an nb image i.e. lnb lnbtemp.nb whereas wdata transfers the image directly from host computer memory (more hack safe)

Help to revieve SPV C500

It always stays in bootloader mode
IPL 1.00
SPL 2.5.85
I tried all possible way to flash it with:
RUU_v0.995_OrangeUK_v4.1.1.4.exe 23256811 2007.9.13 11:4.10
TP_SKU2_2585_223212_0328_Ship.exe 22857302 2007.9.12 14:14.44
TY_ORUK_21130_4214_0328_Ship.exe 23635782 2007.9.27 0:33.18
Typhoon\27M-SPL-1.01.0109.zip\ 700860 2007.9.13 10:25.40
Typhoon\27M-SPL-1.01.0109.zip\SPL-1.01.0109\ 0 2007.8.17 16:45.44
Orange4241_with_keyb_SDA.nbf 28312064 2005.8.11 21:6.16
Typhoon\WM6.for.Typhoon.WWE.zip\ 24606114 2007.9.13 11:1.56
Typhoon\WM6.for.Typhoon.WWE.zip\WM6.for.Typhoon.WWE\ 0 2007.8.30 14:49.34
Typhoon\8010 WM6\ 0 2007.9.13 15:56.24
Typhoon\8010 WM6\os.zip\ 23047148 2007.9.4 15:44.42
Typhoon\i-Mate SP3\ 0 2007.9.28 12:27.30
Typhoon\i-Mate SP3\SP3_RUS_2.2.33.12.zip\ 23850195 2006.10.15 15:8.46
nk.nbf 31918592 2005.7.21 13:29.54
Typhoon\i-Mate SP3i\ 0 2007.9.5 18:40.30
Typhoon\i-Mate SP3i\SP3i_900_RUS_2.1.33.22.zip\ 23850358 2006.10.15 16:56.58
nk.nbf 31918592 2005.7.21 11:39.28
Typhoon\Qtek 8100\ 0 2007.4.11 11:54.34
Typhoon\Qtek 8100\Amadeus_11178_203242_00318_Ship_Qtek.zip\ 23403131 2006.10.15 15:28.6
nk.nbf 31918592 2006.6.28 21:52.24
Typhoon\SP3 (8010) âåðñèè 2.4.33.11\ 0 2007.9.21 21:59.8
Typhoon\SP3 (8010) âåðñèè 2.4.33.11\SP3i_Default_Setup_V33.21.1.3.rar\ 8400393 2007.4.10 1:34.10
SP3i_Default_SetupV33[1].21.1.3.exe 8402432 2005.4.14 14:56.12
Typhoon\SP3 (8010) âåðñèè 2.4.33.11\SP3RUSetup.zip\ 687799 2007.4.10 0:56.56
SP3RUSetup.exe 690688 2005.12.21 18:50.52
Typhoon\SP3 (8010) âåðñèè 2.4.33.11\SP3_WWE_2.4.33.11.ZIP\ 23685693 2007.9.6 15:16.54
Typhoon\SP3 (8010) âåðñèè 2.4.33.11\SP3_WWE_2.4.33.11.ZIP\SP3_WWE_2.4.33.11\ 0 2007.9.6
Typhoon\T-Mobile SDA Music\ 0 2007.9.6 15:16.8
Typhoon\T-Mobile SDA Music\T-Mobile_SDA_Music_GER_2.6.65.5.zip\ 26010736 2006.10.15 15:45.26
But not success.
I was lucky only to get this SPV stuck in Qtek screen or Imate screen, or RGB screen.
I flashed it with JAF WM, RUU patched bu it wasn't help me.

I tried this method but I couldn't activate emergency flash in TyphoonNBFTools
http://forum.xda-developers.com/showthread.php?t=279464

Help! Could you give me some ideas?

If you follow Karhoe's first post, you need to first flash an older SPL, then Applicaton unlock your phone, then CID unlock, in the order shown. It is step by step with pictures, follow them exactly and you should get the result you need.

raskell said:
If you follow Karhoe's first post, you need to first flash an older SPL, then Applicaton unlock your phone, then CID unlock, in the order shown. It is step by step with pictures, follow them exactly and you should get the result you need.
Click to expand...
Click to collapse
The problem is that the device doesn't allow to downgrade SPL! I'l tried all possible solution - JAF WM, Mtty, Patched RUU. Nothing didn't help me!

same problem with me.. i tried all the things ... spv service won't run on bootloader... m i right?? coz i already tried and it shows "RAPI INITIAL. FAILED"
some body know how to JTAG... or somebody have complete tutorial of how to JTAG sp3???

First time flasher, ROM dump possible before flash?

First of all I feel obliged to say I'm sorry for creating a new thread just for these basic questions.
I have read the FAQs and searched through the forum, and it's a bit messy hence this thread.
First of all I want to have the security to be able to revert to the stock ROM in case something goes wrong.
1) I do not find any SWE-rom in the collection thread though. My question is, can I (or someone help me to) dump my 1.43 SWE rom?
Edit: Just found this link by chance in duttys signature:http://rapidshare.com/users/258XUJ
And the swedish rom is included here. I wonder why this is not included in the sticky thread (..........)
2) If I flash to a custom ROM with SSPL, can I flash a stock ROM back with SSPL or do I really need to go through all the hassle with the gold card etc? Is there no easy way to flash an official ROM?
3) If I use HSPL to upgrade my bootloader, my warranty will be affected if I'm not mistaken. Could HTC (or whoever who performs service) deny my phone because I've used HSPL from here? If so, is there any way to revert to the state before using the HSPL, that is to say load the previous stock bootloader?
Once again, if you find this thread unnecessary please just ignore it and let it die or delete it.
I did some searching and still had these questions left, and I'm in the middle of studying for an upcoming exam while my HD2 is pissing me off since my last (and first) hard reset (the WiFi is really bugging out).
So I hope this will save me some time (and maybe other newbies)

I'm not sure if there's a way to actually back it up, but u should be able to get the official one off the htc support website. htc.com/support
using sspl is only for custom roms, but hard spl is now available. it let's you flash anything.g..custom or official.

Thx for the reply,
The swedish rom is not available there unfortunately. Hence my problem.
Regarding the HSPL, I have another question:
3) If I use HSPL to upgrade my bootloader, my warranty will be affected if I'm not mistaken. Could HTC (or whoever who performs service) deny my phone because I've used HSPL from here? If so, is there any way to revert to the state before using the HSPL, that is to say load the previous stock bootloader?

I'm not really sure about hard spl yet..I've not had a chance to read about it..or needed it.
i think you can revert to original spl by using goldcard method...and with this, your warranty still intact... but just read about it in sticky to be sure.

tshizzle said:
I'm not really sure about hard spl yet..I've not had a chance to read about it..or needed it.
i think you can revert to original spl by using goldcard method...and with this, your warranty still intact... but just read about it in sticky to be sure.
Click to expand...
Click to collapse
You don't mean reverting SPL but flashing official ROMs right?
I did not read anything about the goldcard changing SPL?
Now that question 1 & 2 have been answered only question 3 is left.
A way to revert the SPL in case something happens and I have to send it for repair.

Only way to remove the HSPL is to flash an original SPL from SD card.
- Take any "RUU_signed.nbh" from a ship ROM and copy it to SD card.
- Rename it to "leoimg.nbh"
- Reset the device while pressing the volume down button.
Click to expand...
Click to collapse
you're right...it is flashing original rom...but that removes hspl.
i think you should just read http://forum.xda-developers.com/showthread.php?t=611433cuz i haven't...and don't think I'm qualified to give advice..

tshizzle said:
you're right...it is flashing original rom...but that removes hspl.
i think you should just read http://forum.xda-developers.com/showthread.php?t=611433cuz i haven't...and don't think I'm qualified to give advice..
Click to expand...
Click to collapse
I see, that one I had missed. So it should be realitvely easy to restore both the SPL (by following the steps you quoted, no gold card needed) and the stock rom if one has HSPL, as long as one has the stock ROM (which I'm downloading atm )
In that case this is great news, I'll be ready to start flashing in no time

I dont get it. I downloaded the stock ROM from the link provided above, it is an exe-file. Just like an official rom release from HTC.
Does this mean that I can install a custom ROM with SSPL and revert to the stock ROM simply by running the exe-file while the phone is in ActiveSync, without any need of using goldcard/HSPL?

umiss said:
I dont get it. I downloaded the stock ROM from the link provided above, it is an exe-file. Just like an official rom release from HTC.
Does this mean that I can install a custom ROM with SSPL and revert to the stock ROM simply by running the exe-file while the phone is in ActiveSync, without any need of using goldcard/HSPL?
Click to expand...
Click to collapse
You need to extract the exe to get the nbh-file that you use to flash with SSPL. Just right klick and extract it, put nbh ans SSPL in a folder and run SSPL. Simple as that

Thanks alot for the help. I am ready to flash away

Confused....
Rather than creating a new thread I thought I'd post in here about a rom dump - and the troubles I'm having. (hope that's ok)
I'm trying to dump my official stock HD2 rom but something's not going right.....
I want to do this to have a backup before I start flashing custom roms and to also share it as I noticed it is not on the list in the sticky thread.
I'm using "dump my phone" which I found here:
http://forum.xda-developers.com/showthread.php?t=509708
Everything seems to run ok, but when I run the final part I get the following errors:
CopyTFFSToFile(0x0, 0x520000, Part01.raw)
ERROR: ITReadDisk: outbuf==NULL
- The device is not ready for use
CopyTFFSToFile(0x0, 0xdd80000, Part02.raw)
ERROR: ITReadDisk: outbuf==NULL
- The device is not ready for use
I found another site with details on how to backup the stock rom:
http://www.planete-htc.com/index.php?mod=forum&ac=voir&ref=30&cat=282&id=22438&debut=0
(It's in french but I could understand most of it) but I continue to get the exact same error as before.
I've tried on 2 different computers (XP & vista) but no joy. Can anyone please provide some advice on what could be causing the problem?
I'd really love to be able to backup this rom.
Thanks.

aushtcuser said:
I've tried on 2 different computers (XP & vista) but no joy. Can anyone please provide some advice on what could be causing the problem?
I'd really love to be able to backup this rom.
Thanks.
Click to expand...
Click to collapse
Hi, I successfully dumped my raw rom using this
http://forum.xda-developers.com/showthread.php?t=427507
process.
the thread reffers to the raphael, so the numbers that are generated during the process (the coloured ones) are different, but take it slow, its an easy step by step.
Once the raw files are dumped, you will, then need to figure out how to rebuild them, but i 'think' kitchens can be used for that.

Why don't you guys just download the officially released stock ROM? In my case there was none to download (or so I thought) hence I started the thread. Later on I found link to the official ROM so I started flashing immediately =P

umiss said:
Why don't you guys just download the officially released stock ROM? In my case there was none to download (or so I thought) hence I started the thread. Later on I found link to the official ROM so I started flashing immediately =P
Click to expand...
Click to collapse
hehe, and thats why i never got around to figuring out the converting of teh raw dumps, I found my stock rom.

what if you need a stock rom that hasnt been uploaded to the website??
I'm still interested personally in converting the raw dump to a .nbh installable via hspl.

chris_ah1 said:
what if you need a stock rom that hasnt been uploaded to the website??
I'm still interested personally in converting the raw dump to a .nbh installable via hspl.
Click to expand...
Click to collapse
Go have a read of the thread i linked above, as i said, I dumped the raw files easy enough, and the rest of the process of reconstructing should be the same, although of course you will have to use leo source files and what not.

samsamuel said:
Hi, I successfully dumped my raw rom using this
http://forum.xda-developers.com/showthread.php?t=427507
process.
the thread reffers to the raphael, so the numbers that are generated during the process (the coloured ones) are different, but take it slow, its an easy step by step.
Once the raw files are dumped, you will, then need to figure out how to rebuild them, but i 'think' kitchens can be used for that.
Click to expand...
Click to collapse
Thanks for the help......the methods in that thread are very similar to the ones I've already tried. I have everything copied correctly to my device, found my address codes, but whenever I run this line:
“pdocread -w -d DSK1: -b 0x800 -p Part00 0 0x31f000 Part00.raw”
I get the same error as I mentioned previously - the device is not ready.
I've tried enabling/disabling faster activesync connection but still the error occurs.
umiss said:
Why don't you guys just download the officially released stock ROM? In my case there was none to download (or so I thought) hence I started the thread. Later on I found link to the official ROM so I started flashing immediately =P
Click to expand...
Click to collapse
If I could find this exact version I would've done that by now, but I can't find it anywhere ROM version - 1.48.421.2 WWE

Hmm, three things to check,
1, the number 0x31f000 are you sure thats the right one, give as teh output of the "procread.exe -l" command? (Just checking you arent just copy/pasting teh thread commands)
2, are you using am external usb slot? i've found hspl doesn't instal over my usb slot in eth case of my machine, but does when i plug it into one of the slots directly on the motherboard, , maybe this is teh same?
3, is itsutils.dll running? is there a popup on your mobile with 'allow this program?' or something similar?

1 - I just copied/pasted what was in the thread, but I just ran the pdocread.exe again and it is the same address.
2 - I'm using a laptop but I've never had any connection issues with it previously.
3 - Not sure if that process is running. Nothing appears on the phone to confirm it.
Here's a really stupid question but am I meant to be doing this after I install HSPL? I haven't done that yet as I thought I could backup the rom beforehand.....

aushtcuser said:
1 - I just copied/pasted what was in the thread, but I just ran the pdocread.exe again and it is the same address.
2 - I'm using a laptop but I've never had any connection issues with it previously.
3 - Not sure if that process is running. Nothing appears on the phone to confirm it.
Here's a really stupid question but am I meant to be doing this after I install HSPL? I haven't done that yet as I thought I could backup the rom beforehand.....
Click to expand...
Click to collapse
No, no need for hspl here.
OK, you changed the HKLM\Security\Policies\Policies setting, you soft reset. (Power propperly off and back on), you copied over itsutils.dll and moved it to /windows.
Next step is opening command prompt, did you open it as administrator?
oh wait, in your command
“pdocread -w -d DSK1: -b 0x800 -p Part00 0 0x31f000 Part00.raw”
are you sure it is DSK1:?
Cos im failry sure mine came out at DSK7 or something, pretty sure it wasn't 1...

[Help]stuck with spl 3.03 boot screen

Hello
I tried to install a rom 3.14 on a htc hd 2 sfr (French operator) from the SD card! I find myself with an spl 3.3 that refuses to install another rom! sfr never gives an offcial rom! Now when I start my htc I end up with the boot loader screen!
impoissble to make a gold card because no way to get the CID from ans sd card!
i need your help plz

please i dont want to throw from the window!

Have you tried flashing the 3.14 rom through usb instead of the sd card

yes got an invalid vendor id! the probleme is that sfr is a **** operator! not even the original rom released ti the public

my hope is to get an hsp4 but nobody is working on it

Did you have hspl on the rom before flashing if so you need to remove the hspl and then flash the 3.14 rom if you look in the threads there is a how to i use the artemis rom which is 3.14 based and can be flashed with sspl

projektk said:
impoissble to make a gold card because no way to get the CID from ans sd card!
Click to expand...
Click to collapse
use a friends phone to get the cid, or a laptop, or any other winmo device. Doesnt have to be YOUR phone.

samsamuel said:
use a friends phone to get the cid, or a laptop, or any other winmo device. Doesnt have to be YOUR phone.
Click to expand...
Click to collapse
i have a laptop with an sd card readrer! do you knwo how to get the CID with it?
ps: i cant use sspl iam stuck in bootloader screen

i managed to get this infos using a c# program
C:\Users\acer\Desktop>ReadCID.exe
\\.\PhysicalDrive1 F:\
--------------------
Raw CID Bytes: 96-00-B5-3C-88-A0-38-47-32-30-44-53-4D-54-02-00
--------------------
Manufacturer ID: 2
OEM ID: TM
Product Name: SD02G
Product Revision: 3.8
Product Serial Number: a0883cb5
Manufacture Date: 6/2009
--------------------
Raw CSD Bytes: 00-80-16-80-FF-FF-FF-A9-83-5A-5B-5A-00-2E-00-00
--------------------
CSD Version 2 bit value: CSD Version 1.0
Data Read Access Time 1 (TAAC): 2ms
Data Read Access Time 2 (NSAC): 0
Max Data Transfer Rate: 50Mbit/s
Card Command Classes: 010110110101
Max Read Data Block Length: 10
Partial Blocks For Read Allowed: True
Write Block Misalignment: False
Read Block Misalignment: False
DSR Implemented: False
Device Size: 3751
Max Read Current @ VDD Min: 100mA
Max Read Current @ VDD Max: 200mA
Max Write Current @ VDD Min: 100mA
Max Write Current @ VDD Max: 200mA
Device Size Multiplier: 15
Erase Single Block Enable: True
Erase Sector Size: 128
Write Protect Group Size: 1
Write Protect Group Enable: False
Write Speed Factor: 32
Max Write Data Block Length: 2^10
Partial Blocks For Write Allowed: False
File Format Group: False
Copy Flag (OTP): False
Permanent Write Protection: False
Temporary Write Protection: False
File Format: 0
can some one please make me a gold card?

please i need your help! iam desperate

not sure if the format for the cid is correct (i remember reading it should be reversed when not using psas) so i did both.
9600B53C88A03847323044534D540200
0002544d534430324738a0883cb50096

thanks ! you make happy! havent triy it yet! but what you done is enough
send you a little something for your help

how to write the img file to sd card without the phone! ujsing a laptop sd readrer?

projektk said:
how to write the img file to sd card without the phone! ujsing a laptop sd readrer?
Click to expand...
Click to collapse
well, therein lies the problem. If you managed to get the correct CID, then you should be OK. If it turns out you have a USB type card reader it wont work.
gotta go, sick child, ill write a fuller response in an hour or so

OK, as mentioned in your PMs, you have a PCI reader, so you should be good to go.
have a look at THIS for how to write the img to sd card, but switch reference to phone in hard disk for your card in card reader. the process is the same.
Start at the line 'Get HxD Hex Editor, '

samsamuel said:
well, therein lies the problem. If you managed to get the correct CID, then you should be OK. If it turns out you have a USB type card reader it wont work.
gotta go, sick child, ill write a fuller response in an hour or so
Click to expand...
Click to collapse
hope nothing serious for the kid!
i was trying to write it using winhex but some windows 7 compatibilie issues! i will try HxD Hex Editor and post the result
thanks alot

Rom is updating right now! gold card creation succesful! i will create a post with a tutorial for other people with the same probleme !
thanks sam for your help!

a few tips to solve the probleme
http://forum.xda-developers.com/showthread.php?t=874304

use hspl2 .
flash hspl 2.08
flash a coustom rom, other that 3.14 made.
i got the same problem ... solved like this

hspl2 dont work with spl 3.03