Database Users

Turning your Wizard into a Torch!

Sorry for those clicking this wanting a final project, because it isnt
This is mainly directed toward vijay or any other coders around here
HTCCamera.dll has an export called "Camera_FlashLight"
Output from IDA:
Code:
seg000:015E1970 EXPORT Camera_FlashLight
seg000:015E1970 Camera_FlashLight
seg000:015E1970
seg000:015E1970 var_1C = -0x1C
seg000:015E1970 var_18 = -0x18
seg000:015E1970 var_14 = -0x14
seg000:015E1970 var_10 = -0x10
seg000:015E1970 var_C = -0xC
seg000:015E1970
seg000:015E1970 STMFD SP!, {R4,LR}
seg000:015E1974 SUB SP, SP, #0x14
seg000:015E1978 CMP R0, #0
seg000:015E197C LDR R3, =dword_15E2034
seg000:015E1980 LDR R1, =0x90002024
seg000:015E1984 MOV LR, #0
seg000:015E1988 LDR R0, [R3]
seg000:015E198C MOV R3, #0
seg000:015E1990 ADD R2, SP, #0x1C+var_C
seg000:015E1994 BEQ loc_15E19B8
seg000:015E1998 MOV R4, #1
seg000:015E199C STR R4, [SP,#0x1C+var_C]
seg000:015E19A0 STR LR, [SP,#0x1C+var_10]
seg000:015E19A4 STR LR, [SP,#0x1C+var_14]
seg000:015E19A8 STR LR, [SP,#0x1C+var_18]
seg000:015E19AC STR LR, [SP,#0x1C+var_1C]
seg000:015E19B0 BL DeviceIoControl
seg000:015E19B4 B loc_15E19D4
seg000:015E19B8 ; ---------------------------------------------------------------------------
seg000:015E19B8
seg000:015E19B8 loc_15E19B8 ; CODE XREF: Camera_FlashLight+24j
seg000:015E19B8 MOV R4, #0
seg000:015E19BC STR R4, [SP,#0x1C+var_C]
seg000:015E19C0 STR LR, [SP,#0x1C+var_10]
seg000:015E19C4 STR LR, [SP,#0x1C+var_14]
seg000:015E19C8 STR LR, [SP,#0x1C+var_18]
seg000:015E19CC STR LR, [SP,#0x1C+var_1C]
seg000:015E19D0 BL DeviceIoControl
seg000:015E19D4
seg000:015E19D4 loc_15E19D4 ; CODE XREF: Camera_FlashLight+44j
seg000:015E19D4 ADD SP, SP, #0x14
seg000:015E19D8 LDMFD SP!, {R4,LR}
seg000:015E19DC BX LR
seg000:015E19DC ; End of function Camera_FlashLight
I look forward to hearing anyones response before doing anything more

Whiterat said:
Sorry for those clicking this wanting a final project, because it isnt
This is mainly directed toward vijay or any other coders around here
HTCCamera.dll has an export called "Camera_FlashLight"
Output from IDA:
Code:
seg000:015E1970 EXPORT Camera_FlashLight
seg000:015E1970 Camera_FlashLight
seg000:015E1970
seg000:015E1970 var_1C = -0x1C
seg000:015E1970 var_18 = -0x18
seg000:015E1970 var_14 = -0x14
seg000:015E1970 var_10 = -0x10
seg000:015E1970 var_C = -0xC
seg000:015E1970
seg000:015E1970 STMFD SP!, {R4,LR}
seg000:015E1974 SUB SP, SP, #0x14
seg000:015E1978 CMP R0, #0
seg000:015E197C LDR R3, =dword_15E2034
seg000:015E1980 LDR R1, =0x90002024
seg000:015E1984 MOV LR, #0
seg000:015E1988 LDR R0, [R3]
seg000:015E198C MOV R3, #0
seg000:015E1990 ADD R2, SP, #0x1C+var_C
seg000:015E1994 BEQ loc_15E19B8
seg000:015E1998 MOV R4, #1
seg000:015E199C STR R4, [SP,#0x1C+var_C]
seg000:015E19A0 STR LR, [SP,#0x1C+var_10]
seg000:015E19A4 STR LR, [SP,#0x1C+var_14]
seg000:015E19A8 STR LR, [SP,#0x1C+var_18]
seg000:015E19AC STR LR, [SP,#0x1C+var_1C]
seg000:015E19B0 BL DeviceIoControl
seg000:015E19B4 B loc_15E19D4
seg000:015E19B8 ; ---------------------------------------------------------------------------
seg000:015E19B8
seg000:015E19B8 loc_15E19B8 ; CODE XREF: Camera_FlashLight+24j
seg000:015E19B8 MOV R4, #0
seg000:015E19BC STR R4, [SP,#0x1C+var_C]
seg000:015E19C0 STR LR, [SP,#0x1C+var_10]
seg000:015E19C4 STR LR, [SP,#0x1C+var_14]
seg000:015E19C8 STR LR, [SP,#0x1C+var_18]
seg000:015E19CC STR LR, [SP,#0x1C+var_1C]
seg000:015E19D0 BL DeviceIoControl
seg000:015E19D4
seg000:015E19D4 loc_15E19D4 ; CODE XREF: Camera_FlashLight+44j
seg000:015E19D4 ADD SP, SP, #0x14
seg000:015E19D8 LDMFD SP!, {R4,LR}
seg000:015E19DC BX LR
seg000:015E19DC ; End of function Camera_FlashLight
I look forward to hearing anyones response before doing anything more
Click to expand...
Click to collapse
Thanks Whiterat. I believe after replacing the contents of the HTCCamera.dll I will have a wizard that will be able to make black rats to white in the dark . Thanks for the code ^^

Problem is, I have a T-Mobile MDA, a wizard, and there is no HTCCamera.dll. There is an HtcCameraUtility.dll but it has no such export.

markgamber said:
Problem is, I have a T-Mobile MDA, a wizard, and there is no HTCCamera.dll. There is an HtcCameraUtility.dll but it has no such export.
Click to expand...
Click to collapse
I think its a hidden system file kept safe from editing.

Yep, you're right, my mistake. Guess I'll have to play around with it some more.

Guys, I've stated expressly that as I don't have access to Wizard hardware I can't and am not prepared to support it. I've done quite a bit of research on the flash on the Wizard, but as it goes quite low level in the hardware, I'm not prepared to do it blind.
But I can confirm that it does not use the same methods as the Universal, Hermes and other newer devices. It certainly shouldn't be hard to figure out though.
V

I don't do too much device progrmming, but I'm willing to give it a shot. If its an exported function, all you should have to do it call it, right? If so, any guesses at its arguments? Or is it way more complex than that?

From memory it's more complicated then that, but you might be lucky.
I actually used the camera driver itself, and passed parameters to that to enable the flash. But if there's an exported function that does it, that'd make life much easier. But I think the other devices had a similar function, and it didn't seem to help, which was why I went the other route.
V

Just a quick update...I've looked at HTCCamera.dll itself and there's no Camera_Flashlight in there. Not on my T-Mobile MDA, anyway. Available exported functions are:
Camera_Begin
Camera_Deinit
Camera_End
Camera_GetProperty
Camera_Init
Camera_ReadRegister
Camera_SetProperty
Camera_WriteRegister
Internally, the DLL is HTCCamera15.dll

Ok I thought of reviving this work
http://forum.xda-developers.com/showpost.php?p=1596587&postcount=114
I pretty much got what 'markgamber' got for my "HTCCamera.dll" (Based on the T-Mobile AKU UK Official ROM). I've also extracted the "CameraDriver.dll" (after a long long process of learning dumprom and stuff, and the solution seems to be viewimgfs.exe) and got
Code:
// CAP_Close; Index 1; Information not available
// CAP_Deinit; Index 2; Information not available
// CAP_IOControl; Index 3; Information not available
// CAP_Init; Index 4; Information not available
// CAP_Open; Index 5; Information not available
// DllMain; Index 6; Information not available
// PIN_Close; Index 7; Information not available
// PIN_Deinit; Index 8; Information not available
// PIN_IOControl; Index 9; Information not available
// PIN_Init; Index 10; Information not available
// PIN_Open; Index 11; Information not available
I've also got to play with 'Camera_SetProperty' to see if there are any that I can play with.. I've set property 1 to 20 to '1' (which from what it seems, the one in used are in the range of 5 - 15), nothing happened.
ADD:
Camera.exe doesn't help either. Weidly, checking on the DLL imports, Camera.exe doesn't use any of the one mentioned above.

Maaan, this is so exciting! There must be a solution for this! I waiting for something like this, since i have my wizard. What about asking a HTC technician for a hint or something.

Is there any news on this?

ateksoft coolcamera supports flash and it works differently than the built-in flash so they must know how to control it (tested on wizard).
just trying to help...

Revolutionary study, the last etude s5k3bafx

Sorry for the title I just love Chopin
Sick of contacting the I-mate support team with no help, and no reply from HTC and Samsung, Microsoft is telling me to contact HTC, so again to the same circle.
I want to share my last idea about prophet before I do the last decision I made.
I always thought that is the low frame rate in prophet camera is because the DMA so if someone help me in this please.
I think the functions related to this issue are (aCamreaDMA and CameraInterface) and it could be fixed or at least improved debugging the file s5k3bafx.dll that contains the functions for the Samsung chip.
Code:
.text:10002018 ; ---------------------------------------------------------------------------
.text:10002018 CMP R4, #1
.text:1000201C BNE loc_100020C0
.text:10002020 LDR R3, =aCameradma
.text:10002024 MOV R2, #0
.text:10002028 MOV R1, #0
.text:1000202C MOV R0, #0
.text:10002030 BL CreateEventW
.text:10002034 ; ---------------------------------------------------------------------------
.text:10002034 CMP R0, #0
.text:10002038 STR R0, [R5,#0x10]
.text:1000203C BEQ loc_10002070
.text:10002040 MOV R1, #2
.text:10002044 BL EventModify
.text:10002048 ; ---------------------------------------------------------------------------
.text:10002048 LDR R1, [R5,#0x10]
.text:1000204C MOV R3, #0
.text:10002050 MOV R2, #0
.text:10002054 MOV R0, #0x1F
.text:10002058 BL InterruptInitialize
.text:1000205C ; ---------------------------------------------------------------------------
.text:1000205C CMP R0, #1
.text:10002060 BNE loc_10002070
.text:10002064 MOV R0, #0x1F
.text:10002068 BL InterruptDone
.text:1000206C ; ---------------------------------------------------------------------------
.text:1000206C MOV R6, #1
.text:10002070
.text:10002070 loc_10002070 ; CODE XREF: .text:1000203Cj
.text:10002070 ; .text:10002060j
.text:10002070 LDR R3, =aCamerainterfac
.text:10002074 MOV R2, #0
.text:10002078 MOV R1, #0
.text:1000207C MOV R0, #0
.text:10002080 BL CreateEventW
.text:10002084 ; ---------------------------------------------------------------------------
.text:10002084 CMP R0, #0
.text:10002088 STR R0, [R5,#0x50]
.text:1000208C BEQ loc_10002108
.text:10002090 MOV R1, #2
.text:10002094 BL EventModify
.text:10002098 ; ---------------------------------------------------------------------------
.text:10002098 LDR R1, [R5,#0x50]
.text:1000209C MOV R3, #0
.text:100020A0 MOV R2, #0
.text:100020A4 MOV R0, #0x2B
.text:100020A8 BL InterruptInitialize
.text:100020AC ; ---------------------------------------------------------------------------
.text:100020AC CMP R0, #1
.text:100020B0 BNE loc_10002108
.text:100020B4 MOV R0, #0x2B
.text:100020B8 BL InterruptDone
.text:100020BC ; ---------------------------------------------------------------------------
.text:100020BC B loc_10002104
.text:100020C0 ; ---------------------------------------------------------------------------
.text:100020C0
.text:100020C0 loc_100020C0 ; CODE XREF: .text:1000201Cj
.text:100020C0 LDR R3, [R5,#0x10]
.text:100020C4 MOV R4, #0
.text:100020C8 CMP R3, #0
.text:100020CC BEQ loc_100020DC
.text:100020D0 MOV R0, R3
.text:100020D4 BL CloseHandle
.text:100020D8 ; ---------------------------------------------------------------------------
.text:100020D8 STR R4, [R5,#0x10]
.text:100020DC
.text:100020DC loc_100020DC ; CODE XREF: .text:100020CCj
.text:100020DC MOV R0, #0x1F
.text:100020E0 BL InterruptDisable
.text:100020E4 ; ---------------------------------------------------------------------------
.text:100020E4 LDR R3, [R5,#0x50]
.text:100020E8 CMP R3, #0
.text:100020EC BEQ loc_100020FC
.text:100020F0 MOV R0, R3
.text:100020F4 BL CloseHandle
.text:100020F8 ; ---------------------------------------------------------------------------
.text:100020F8 STR R4, [R5,#0x50]
.text:100020FC
.text:100020FC loc_100020FC ; CODE XREF: .text:100020ECj
.text:100020FC MOV R0, #0x2B
.text:10002100 BL InterruptDisable
.text:10002104 ; ---------------------------------------------------------------------------
.text:10002104
.text:10002104 loc_10002104 ; CODE XREF: .text:100020BCj
.text:10002104 MOV R6, #1
.text:10002108
.text:10002108 loc_10002108 ; CODE XREF: .text:1000208Cj
.text:10002108 ; .text:100020B0j
.text:10002108 MOV R0, #0
.text:1000210C BL SetKMode
.text:10002110 ; ---------------------------------------------------------------------------
.text:10002110 MOV R0, R6
.text:10002114 LDMFD SP!, {R4-R6,LR}
.text:10002118 BX LR
.text:10002118 ; ---------------------------------------------------------------------------
.text:1000211C off_1000211C DCD aCamerainterfac ; DATA XREF: .text:loc_10002070r
.text:1000211C ; "CameraInterface"
.text:10002120 off_10002120 DCD aCameradma ; DATA XREF: .text:10002020r
.text:10002120 ; "CameraDMA"
I think if we change the constant value at loc text:10002038 and text:10002088 and all related values (0x10, 0x50 to R5; register will be load to memory) will improve the DMA transfer from the camera chip to the device RAM, and will load less CPU make it faster.
Please help in this, how to improve the S5K3BAFX.dll driver and DMA compatibility with HTC prophet.
For ROM cookers:
The hex values need to be changed from (10 to 2C, 50 to 88) in the module S5K3BAFX.dll.
Version 2.15, the file need to be modify S000 the offsets are: 1050, 1060, 10A0, 10B0, 10D8, 10F0, 10FC, 1110.
Version 2.20 (the module in the AKU2.2 I'll attach it as it provide better picture but can't over clock the CPU) the offsets in S000 are: 1038, 1048, 1088, 1098, 10C0, 10D8, 10E4, 10F8.
I'm not sure about the 2C and 88 values, if someone can help to improve the camera DMA.

here's how to fully and permanently disable sign/cert checking in WM5/WM6 (+bonus)

so, i got bored so why not post a new thread.
as the title says, here's how to fully and permanently disable sign/cert checking in WM5/WM6, so you can load unsigned files even during boot, just fine.
i've been asked several times on how to do it
sumup: you will need IDA Pro or some other disassembler and S000 from nk.exe module in the XIP. VerifyBinary is the function to be patched.
here's the code to be modified:
- first, some example ways to find it
1. locate nk.exe string in strings tab (the lower case one, "nk.exe"), go to the code that references it, below that, enter the second BL (it's the BL in next block), that function is LoadE32, now find the xrefs for it, should have about 3-4 references to it. one of them (InitModule) will look similar to example disassembly below, where 8002D0EC is LoadE32.
2. you might be able to search for LDREQ R0, =0x80090006 though in some nk.exe's ida won't resolve that too well (if the rom base is near the 0x80090006); you could still search for 06 00 09 80 in the nk binary - but that is referenced at other places too, still maybe this might make it easier to find the VerifyBinary function.
- anyway, next, example code
.text:80030CE4 7E 00 A0 03 MOVEQ R0, #0x7E ; '~'
.text:80030CE8 4E 00 00 0A BEQ loc_80030E28
.text:80030CEC 02 00 58 E3 CMP R8, #2
.text:80030CF0 00 80 A0 03 MOVEQ R8, #0
.text:80030CF4 02 00 19 E3 TST R9, #2
.text:80030CF8 01 E0 A0 13 MOVNE LR, #1
.text:80030CFC 00 E0 A0 03 MOVEQ LR, #0
.text:80030D00 0C 30 8D E2 ADD R3, SP, #0x44+var_38
.text:80030D04 04 20 8D E2 ADD R2, SP, #0x44+var_40
.text:80030D08 70 10 84 E2 ADD R1, R4, #0x70
.text:80030D0C 0A 00 A0 E1 MOV R0, R10
.text:80030D10 00 E0 8D E5 STR LR, [SP,#0x44+var_44]
.text:80030D14 F4 F0 FF EB BL sub_8002D0EC ---> LoadE32()
.text:80030D18 00 00 50 E3 CMP R0, #0
.text:80030D1C 41 00 00 1A BNE loc_80030E28
.text:80030D20 8C 30 94 E5 LDR R3, [R4,#0x8C]
.text:80030D24 CE 20 84 E2 ADD R2, R4, #0xCE
.text:80030D28 05 10 A0 E1 MOV R1, R5
.text:80030D2C 00 00 53 E3 CMP R3, #0
.text:80030D30 BC 3C D4 01 LDREQH R3, [R4,#0xCC]
.text:80030D34 0A 00 A0 E1 MOV R0, R10
.text:80030D38 03 90 83 03 ORREQ R9, R3, #3
.text:80030D3C 00 30 A0 E3 MOV R3, #0
.text:80030D40 BC 9C C4 01 STREQH R9, [R4,#0xCC]
.text:80030D44 3A E7 FF EB BL sub_8002AA34 ---> VerifyBinary()
in the example the BL after LoadE32, sub_8002AA34 is VerifyBinary. this is what you want to patch.
if you look you can see that if it doesn't return 0 it will exit the function that has this quoted code. so just go to VerifyBinary start and patch it to
MOV R0, #0 (00 00 A0 E3)
BX LR (1E FF 2F E1)
(why not just NOP the BL to it? because it is also called when an EXE is being loaded, so we need to cover that case too. the above code is DLL load code)
- IMPORTANT: to clean some things up when it checks whether a trusted process is loading an untrusted DLL... to avoid that we'll just put everything in full kernel trust mode which is neat anyway
so you should also patch the part after it returns.
example:
.text:80030D44 3A E7 FF EB BL sub_8002AA34
.text:80030D48 00 00 50 E3 CMP R0, #0
.text:80030D4C 35 00 00 1A BNE loc_80030E28
.text:80030D50 00 30 97 E5 LDR R3, [R7]
.text:80030D54 03 30 D3 E5 LDRB R3, [R3,#3]
.text:80030D58 02 00 53 E3 CMP R3, #2
.text:80030D5C CE 30 D4 05 LDREQB R3, [R4,#0xCE]
.text:80030D60 01 00 53 03 CMPEQ R3, #1
.text:80030D64 24 05 9F 05 LDREQ R0, =0x80090006
.text:80030D68 2E 00 00 0A BEQ loc_80030E28
.text:80030D6C 02 00 19 E3 TST R9, #2
1) nop the BEQ (or just put the following code in its place)
2) make sure that the byte at [R4,#0xCE] has #2 in it.
i.e patch it like this: insert two opcodes like this:
MOV R0, #2 (02 00 A0 E3)
STRB R0, [R4,#0xCE] (CE 00 C4 E5)
you can NOP the rest before the TST. do not touch the TST Rx, #2, or anything that comes after that line.
notes:
1. this will change KITL log in that it will not log module loads regarding cert checking. if you still want to log module (DLL and EXE too) loads in KITL i have another simple patch to do it if anyone wants nice KITL
2. you can also patch certmod.exe (or if you wish, filesys.exe) instead of nk.exe but this way is faster and cleaner, also nk.exe changes less often than certmod (or filesys). still, if someone's interested i can post that too.
+ bonus: old news maybe but afaik it was never made public so here's how to change a WM5 kernel to "upgrade" it to WM6 (i found that method last year to make WM6 porting possible / much easier).
i've mentioned LoadE32, well this is the function you want to patch.
example code:
LoadE32() (go to somewhere at the right in IDA if you are in graph view, to find it faster)
this is the CE major/minor version check in PE header of the EXE/DLL being loaded.
ROM:80032DEC STR R3, [R5,#4]
ROM:80032DF0 CMP R2, #5
ROM:80032DF4 BHI loc_80032E34
ROM:80032DF8 BNE loc_80032E08
ROM:80032DFC LDRB R3, [R5,#3]
ROM:80032E00 CMP R3, #1
ROM:80032E04 BHI loc_80032E34
CMP R2, #5 is comparing against CE major version i.e. CE 5.x
CMP R3, #1 is comparing against CE minor version i.e. x.1 for WM5 (CE 5.01), x.2 for WM6 (CE 5.02)
so you can just change the CMP R3, #1 to CMP R3, #2 (or do it in another way if you wish), encoding 02 00 53 E3
(of course R3 is only in this example)
that's it for now, maybe i'll post more tricks from now on.

cmonex said:
2. you can also patch certmod.exe (or if you wish, filesys.exe) instead of nk.exe but this way is faster and cleaner, also nk.exe changes less often than certmod (or filesys). still, if someone's interested i can post that too.
Click to expand...
Click to collapse
Please describe. I'm interested.
cmonex said:
+ bonus: [...]
that's it for now, maybe i'll post more tricks from now on.
Click to expand...
Click to collapse
Please. Don't stop. Please .... more
Many, many thanks.

cmonex said:
so, i got bored so why not post a new thread.
Click to expand...
Click to collapse
Please... be bored all the time
cmonex said:
2. you can also patch certmod.exe (or if you wish, filesys.exe)
Click to expand...
Click to collapse
It could be interesting, it could be used by some other apps maybe? Not just kernel...
cmonex said:
that's it for now, maybe i'll post more tricks from now on.
Click to expand...
Click to collapse
Keep'em going!

Cmonex, I was thinking.... I don't know smartphones really well, but does it mean, that if you patch SP's nk.exe, will they be able to run unpriviledged apps? Such as, for example RIL applications? I know, that they have to be signed with a priviledged certificate, not as in WM Pro...

I can confirm - disabling certificates works Ok.
cmonex - many, many thanks.

utak3r said:
Cmonex, I was thinking.... I don't know smartphones really well, but does it mean, that if you patch SP's nk.exe, will they be able to run unpriviledged apps? Such as, for example RIL applications? I know, that they have to be signed with a priviledged certificate, not as in WM Pro...
Click to expand...
Click to collapse
i think someone sent me an SP nk.exe and it looked the same loader code. so probably yes let me know if you tried that (i don't have a SP device)

utak3r said:
Please... be bored all the time
It could be interesting, it could be used by some other apps maybe? Not just kernel...
Keep'em going!
Click to expand...
Click to collapse
hehe, sure
as for certmod, OK, i'll post a guide on that soon. but basically you need to modify return value in CertVerify export. i prefer the NK.exe patch, because it is faster (no need to waste CPU time on dispatching the call from NK through filesys into certmod).
by the way it has some other interesting exports too, such as CabVerify (or similar), anyone ever seen that in use? we can patch all of them

cmonex said:
i think someone sent me an SP nk.exe and it looked the same loader code. so probably yes let me know if you tried that (i don't have a SP device)
Click to expand...
Click to collapse
Well, I don't have one, neither, but probably I will have some for a few weeks

cmonex said:
so, i got bored so why not post a new thread.
.......
.text:80030D14 F4 F0 FF EB BL sub_8002D0EC ---> LoadE32()
.text:80030D18 00 00 50 E3 CMP R0, #0
.text:80030D1C 41 00 00 1A BNE loc_80030E28
.text:80030D20 8C 30 94 E5 LDR R3, [R4,#0x8C]
.text:80030D24 CE 20 84 E2 ADD R2, R4, #0xCE
.text:80030D28 05 10 A0 E1 MOV R1, R5
.text:80030D2C 00 00 53 E3 CMP R3, #0
.text:80030D30 BC 3C D4 01 LDREQH R3, [R4,#0xCC]
.text:80030D34 0A 00 A0 E1 MOV R0, R10
.text:80030D38 03 90 83 03 ORREQ R9, R3, #3
.text:80030D3C 00 30 A0 E3 MOV R3, #0
.text:80030D40 BC 9C C4 01 STREQH R9, [R4,#0xCC]
.text:80030D44 3A E7 FF EB BL sub_8002AA34 ---> VerifyBinary()
in the example the BL after LoadE32, sub_8002AA34 is VerifyBinary. this is what you want to patch.
if you look you can see that if it doesn't return 0 it will exit the function that has this quoted code. so just go to VerifyBinary start and patch it to
MOV R0, #0 (00 00 A0 E3)
BX LR (1E FF 2F E1)
Click to expand...
Click to collapse
When trying to patch highlighted region with mov & bx lr , my pda locks at boot. Actually if i only make r0 = 0 then pda boots normally, but how can i check if certificates are disable ?
Or i have to patch directly VerifyBinary :
ROM:000353C4 ; =============== S U B R O U T I N E =======================================
ROM:000353C4
ROM:000353C4
ROM:000353C4 VerifyBinary ; CODE XREF: sub_3B584+150p
ROM:000353C4 00 00 A0 E3 MOV R0, #0 ; Rd = Op2
ROM:000353C8 1E FF 2F E1 BX LR ; Branch to/from Thumb mode
ROM:000353C8 ; End of function VerifyBinary
ROM:000353C8
I've already patch certmod.dll and i think that certs are disable ....
I've already patch nk.exe\s000 (full trust kernel mode) with success.
ThanX alot for your help .
p.s. Could you teach us how to patch any exe, dll or s*** with ida pro ?

of course you can't put a BX LR in the middle of InitModule(), it will totally **** up the loader.
the BX LR (with MOV R0, #0) must go inside of VerifyBinary().
to see if certs are really disabled... just take some driver dll that you know needs to load on boot, make sure it is not signed, and try to load it on boot.
or just take any dll or any exe, that is signed, then change some string inside, and do not re-sign and do not remove signing from it, and see if it still loads (on boot or at any other time).
if the answer is yes to these, then the patch works fine.
how do you mean your p.s.? the way to patch always depends on the goal. no general trick, just assembly, a logical enough mind and preferably some more high level programming knowledge is needed.

ThanX Alot !

Thank you very much from me, too. Nice work!

Could you write a little tutorial how to patch CertVerify (exported by certmod.dll) ?
Thank you again for your great work !

From what you post, looks like it'd be done the same way as the nk.exe way, but have it be
MOV R0, #2
BX LR

yes, CertVerify in certmod should return 2, but it is recommended to patch nk.exe instead of certmod for two reasons:
1) certmod is updated more often than nk
2) directly patching nk is better optimization.
+1: the second patch in nk.exe gives more advantages than just using the simple certmod patch.

cmonex, thank you for this beautiful patch, I wrote a small program for patching of nk.exe or full nb for rom developers.

ALEUT said:
cmonex, thank you for this beautiful patch, I wrote a small program for patching of nk.exe or full nb for rom developers.
Click to expand...
Click to collapse
thanx will try it . modified my os.nb and rom is booting so far ok . have to check the unsigned apps .
THNX

Confirmed booting.

ALEUT said:
cmonex, thank you for this beautiful patch, I wrote a small program for patching of nk.exe or full nb for rom developers.
Click to expand...
Click to collapse
thanks for helping with that, i never found the time to do this program

problems reported from users wont install some apps
I got no problem with version 2, all apps install very well, in version 4 i have problem installing garmin mobileXT after so many tries atlast sucessful, but card export after so many tries and 2 hardreset still wont install.
Click to expand...
Click to collapse

is the shadow 07/09 devices ROM all compatible here?

is the shadow 07/09 devices ROM all compatible here?
mine is 2007 version. is it able to flash 2009's version ROM?
are they all compatible?

with proper mods, you can use 07 in 09 version. SInce 07 and 09 arent the same model (07 = JUNO, 09 = CONVERSE)

tramuyo said:
with proper mods, you can use 07 in 09 version. SInce 07 and 09 arent the same model (07 = JUNO, 09 = CONVERSE)
Click to expand...
Click to collapse
Can you please tell me what I need to do? I have a 2009 and need to load WM 6.5, cause the standard ROM is slow and buggy

tramuyo said:
with proper mods, you can use 07 in 09 version. SInce 07 and 09 arent the same model (07 = JUNO, 09 = CONVERSE)
Click to expand...
Click to collapse
If by proper mods you mean a full dump and port to the 09, then maybe. Problem is the 07 has a different chipset than the 09, and therefore the ROMs for the 07 are made for that chipset. To my knowledge, nobody has gotten past the dump stage of building a 09 ROM, because current kitchen components won't work with the newer chipset.
mantikos said:
Can you please tell me what I need to do? I have a 2009 and need to load WM 6.5, cause the standard ROM is slow and buggy
Click to expand...
Click to collapse
There's nothing you can do, unless you want to learn to cook and try building a ROM yourself. Oh yeah, and you'll need to be able to perform miracles as well.

[GUIDE] Enable "OK Google" hotword| any language|off line dict| tested on Gnow 3.2.17

[GUIDE] Enable "OK Google" hotword| any language|off line dict| tested on Gnow 3.2.17
Screenshots
(take a look at these pictures if you find yourself in trouble with file permission, hex edits, etc. )
https://www.dropbox.com/sh/sj9kopef3v21l3m/wTl1uswAva
I hate long op, so let's get to the point: since Google released the 3.2.x update for Google search, hotword detection has been enabled in many languages, still some languages are missing (as always). Therefore, I decided to create an hack in order to bring the hotword detection for the missing languages, and guess what, I did it
Here's how:
Click to expand...
Click to collapse
Requirements:
-root
-Google quick search box (GEL is not needed as well as aosp os, I tested this guide on a Sense device, it works perfectly)
-File manager (I will use ES file explorer in this guide)
Click to expand...
Click to collapse
HOW TO:
METHOD 1
The folder is not needed anymore, plus it seems to brake the offline dictation..this new simplified method should give the same result without breaking the offline dictation
1) Go to data/data/com.google.android.googlequicksearchbox/app_shared_prefs/StartupSettings.bin
2) open the StartupSettings.bin file (*you MUST run Google Now at least once, or this file will be coded into chineese, so unreadable)
3) once opened, locate the line
Code:
micro_hotword.data,OK Google,en-CA,en-US/
change this line (and only this one) to
Code:
micro_hotword.data,OK Google,it-IT,en-US/
*(note that this prefix is for italian only, obviously you have to change it according to your country/language)
4) long pression on the file and give it full permission (like you did for the folder ), save, exit, reboot, and enjoy the hotword working in your language
Click to expand...
Click to collapse
METHOD 2
(even if the following method is original, turned out that a similar approach has already been used in this guide here, so for the sake of truth, it seems right to me mentioning the guide that was written down before mine)
Why another method?? Because it appears to be cleaner and safer, however, the first one still works plus, it's easier. So use this one just in case you have issues with the first one, but don't forget to use ES file manager and give the proper permission to settings.bin before reboot even if you decide to use this method!
1) download DecHex and Hex Editor from the PlayDevice (both free)
2) DecHex it's useful to find the hex value for your prefix (ex it-IT in ascii become 69 74 2D 49 54 in hex code)
However we have a long list, check it out.
3) use Hex Editor to find en-CA prefix (open the app, navigate till you find data/data/com.google.android.googlequicksearchbox/app_shared_prefs/StartupSettings.bin
open the file, you'll have hex on the left (numbers), ascii (text) on the right
4) click on the magnifing lens and look for en-CA
5) once found out, edit THE CORRESPONDING NUMBERS with the one you obtained from step 2 (you'll see that every number it's a letter actually)
6) once you did it, click on menu (3 dots) save file and reboot
done
Click to expand...
Click to collapse
Few notes:
-this workaround will work only untill you format data partition, or untill you update Google Now (my current version is 3.2.17.1009776)
-to see if it's really working, try to change in Google Now settings the language to English (Canada). Because of our hack, the hotword shouldn't be available anymore, since we've overwritten the related code line with the one for our language. Also the microphone icon inside the quick search bar, (if you're using GEL launcher) should be now white filled, not empty as before.
-Canadian people might be disappointed, and shouldn't follow this guide LOL
-I tried something like 10 reboots, various Gnow enable/disable, and basically anything that could brake the hack, and for now it seems that it sticks perfectly, hope it will work for you guys too.
Click to expand...
Click to collapse
Tips and Tricks and Troubleshooting:
-Es file manager is STRONGLY recommended
-If your hotword is setted and working but the widget still shows an empty icon, it means your version of Gnow in data/app and your version of Gnow in system/priv-app (if you're on KK) are NOT the same! This is because you probably flashed a gapps package then updated Gnow through the PlayStore.. In this case, just copy the version from data/app in system/priv-app renaming it 'velvet', give it permissions and reboot. Redo the guide if needed.
-if you use Nova launcher the widget won't respond to the vocal command 'Ok Google '
-if the hack doesn't stick after a reboot, make sure you properly gave permissions to the bin file the same way you did it for the folder
-If you use Es file manager, and you have "read only file system", go to the left-side menu, click on root explorer, a pop up menu will appear, then you can mount the file system in RW (read/write)
-If you use ES file manager, in order to give the right permission to yourcountry-YOURCOUNTRY folder, long pression on the folder/properties, click on the rw---- and flag all of the available permissions
Click to expand...
Click to collapse
This guide have been tested on my Nexus 5 (KK 4.4.2 kot49h), on a Nexus 4, and on a HTC One S running Sense 5 Android 4.2.2, so GEL launcher is not needed, you just need Google Now.
Prefix list:
Code:
af-ZA Afrikaans - South Africa
sq-ALAlbanian - Albania
ar-DZ Arabic - Algeria
ar-BHArabic - Bahrain
ar-EGArabic - Egypt
ar-IQ Arabic - Iraq
ar-JO Arabic - Jordan
ar-KWArabic - Kuwait
ar-LB Arabic - Lebanon
ar-LY Arabic - Libya
ar-MAArabic - Morocco
ar-OMArabic - Oman
ar-QAArabic - Qatar
ar-SAArabic - Saudi Arabia
ar-SYArabic - Syria
ar-TN Arabic - Tunisia
ar-AEArabic - United Arab Emirates
ar-YEArabic - Yemen
hy-AMArmenian - Armenia
Cy-az-AZAzeri (Cyrillic) - Azerbaijan
Lt-az-AZAzeri (Latin) - Azerbaijan
eu-ESBasque - Basque
be-BYBelarusian - Belarus
bg-BGBulgarian - Bulgaria
ca-ESCatalan - Catalan
zh-CNChinese - China
zh-HKChinese - Hong Kong
zh-MOChinese - Macau
zh-SGChinese - Singapore
zh-TWChinese - Taiwan
zh-CHSChinese (Simplified)
zh-CHTChinese (Traditional)
hr-HRCroatian - Croatia
cs-CZCzech - Czech Republic
da-DKDanish - Denmark
div-MVDhivehi - Maldives
nl-BEDutch - Belgium
nl-NL Dutch - The Netherlands
en-AUEnglish - Australia
en-BZEnglish - Belize
en-CAEnglish - Canada
en-CBEnglish - Caribbean
en-IE English - Ireland
en-JMEnglish - Jamaica
en-NZEnglish - New Zealand
en-PHEnglish - Philippines
en-ZAEnglish - South Africa
en-TTEnglish - Trinidad and Tobago
en-GBEnglish - United Kingdom
en-USEnglish - United States
en-ZWEnglish - Zimbabwe
et-EEEstonian - Estonia
fo-FOFaroese - Faroe Islands
fa-IR Farsi - Iran
fi-FI Finnish - Finland
fr-BE French - Belgium
fr-CA French - Canada
fr-FR French - France
fr-LU French - Luxembourg
fr-MC French - Monaco
fr-CH French - Switzerland
gl-ESGalician - Galician
ka-GEGeorgian - Georgia
de-ATGerman - Austria
de-DEGerman - Germany
de-LI German - Liechtenstein
de-LUGerman - Luxembourg
de-CHGerman - Switzerland
el-GRGreek - Greece
gu-IN Gujarati - India
he-IL Hebrew - Israel
hi-IN Hindi - India
hu-HUHungarian - Hungary
is-IS Icelandic - Iceland
id-ID Indonesian - Indonesia
it-IT Italian - Italy
it-CH Italian - Switzerland
ja-JP Japanese - Japan
kn-IN Kannada - India
kk-KZKazakh - Kazakhstan
kok-INKonkani - India
ko-KRKorean - Korea
ky-KZKyrgyz - Kazakhstan
lv-LV Latvian - Latvia
lt-LT Lithuanian - Lithuania
mk-MKMacedonian (FYROM)
ms-BNMalay - Brunei
ms-MYMalay - Malaysia
mr-IN Marathi - India
mn-MNMongolian - Mongolia
nb-NONorwegian (Bokmål) - Norway
nn-NONorwegian (Nynorsk) - Norway
pl-PL Polish - Poland
pt-BRPortuguese - Brazil
pt-PT Portuguese - Portugal
pa-IN Punjabi - India
ro-RORomanian - Romania
ru-RURussian - Russia
sa-IN Sanskrit - India
Cy-sr-SPSerbian (Cyrillic) - Serbia
Lt-sr-SPSerbian (Latin) - Serbia
sk-SKSlovak - Slovakia
sl-SI Slovenian - Slovenia
es-ARSpanish - Argentina
es-BOSpanish - Bolivia
es-CLSpanish - Chile
es-COSpanish - Colombia
es-CRSpanish - Costa Rica
es-DOSpanish - Dominican Republic
es-ECSpanish - Ecuador
es-SVSpanish - El Salvador
es-GTSpanish - Guatemala
es-HNSpanish - Honduras
es-MXSpanish - Mexico
es-NI Spanish - Nicaragua
es-PASpanish - Panama
es-PYSpanish - Paraguay
es-PESpanish - Peru
es-PRSpanish - Puerto Rico
es-ESSpanish - Spain
es-UYSpanish - Uruguay
es-VESpanish - Venezuela
sw-KESwahili - Kenya
sv-FI Swedish - Finland
sv-SESwedish - Sweden
syr-SYSyriac - Syria
ta-IN Tamil - India
tt-RU Tatar - Russia
te-IN Telugu - India
th-TH Thai - Thailand
tr-TR Turkish - Turkey
uk-UAUkrainian - Ukraine
ur-PKUrdu - Pakistan
Cy-uz-UZUzbek (Cyrillic) - Uzbekistan
Lt-uz-UZUzbek (Latin) - Uzbekistan
vi-VN Vietnamese - Vietnam
Hexadecimal list
Code:
af-ZA Afrikaans-SouthAfrica 61 66 2d 5a 41
sq-AL Albanian-Albania 73 71 2d 41 4c
ar-DZ Arabic-Algeria 61 72 2d 44 5a
ar-BH Arabic-Bahrain 61 72 2d 42 48
ar-EG Arabic-Egypt 61 72 2d 45 47
ar-IQ Arabic-Iraq 61 72 2d 49 51
ar-JO Arabic-Jordan 61 72 2d 4a 4f
ar-KW Arabic-Kuwait 61 72 2d 4b 57
ar-LB Arabic-Lebanon 61 72 2d 4c 42
ar-LY Arabic-Libya 61 72 2d 4c 59
ar-MA Arabic-Morocco 61 72 2d 4d 41
ar-OM Arabic-Oman 61 72 2d 4f 4d
ar-QA Arabic-Qatar 61 72 2d 51 41
ar-SA Arabic-SaudiArabia 61 72 2d 53 41
ar-SY Arabic-Syria 61 72 2d 53 59
ar-TN Arabic-Tunisia 61 72 2d 54 4e
ar-AE Arabic-UnitedArabEmirates 61 72 2d 41 45
ar-YE Arabic-Yemen 61 72 2d 59 45
hy-AM Armenian-Armenia 68 79 2d 41 4d
Cy-az-AZ Azeri(Cyrillic)-Azerbaijan 43 79 2d 61 7a 2d 41 5a
Lt-az-AZ Azeri(Latin)-Azerbaijan 4c 74 2d 61 7a 2d 41 5a
eu-ES Basque-Basque 65 75 2d 45 53
be-BY Belarusian-Belarus 62 65 2d 42 59
bg-BG Bulgarian-Bulgaria 62 67 2d 42 47
ca-ES Catalan-Catalan 63 61 2d 45 53
zh-CN Chinese-China 7a 68 2d 43 4e
zh-HK Chinese-HongKong 7a 68 2d 48 4b
zh-MO Chinese-Macau 7a 68 2d 4d 4f
zh-SG Chinese-Singapore 7a 68 2d 53 47
zh-TW Chinese-Taiwan 7a 68 2d 54 57
zh-CHS Chinese(Simplified) 7a 68 2d 43 48 53
zh-CHT Chinese(Traditional) 7a 68 2d 43 48 54
hr-HR Croatian-Croatia 68 72 2d 48 52
cs-CZ Czech-CzechRepublic 63 73 2d 43 5a
da-DK Danish-Denmark 64 61 2d 44 4b
div-MV Dhivehi-Maldives 64 69 76 2d 4d 56
nl-BE Dutch-Belgium 6e 6c 2d 42 45
nl-NL Dutch-TheNetherlands 6e 6c 2d 4e 4c
en-AU English-Australia 65 6e 2d 41 55
en-BZ English-Belize 65 6e 2d 42 5a
en-CA English-Canada 65 6e 2d 43 41
en-CB English-Caribbean 65 6e 2d 43 42
en-IE English-Ireland 65 6e 2d 49 45
en-JM English-Jamaica 65 6e 2d 4a 4d
en-NZ English-NewZealand 65 6e 2d 4e 5a
en-PH English-Philippines 65 6e 2d 50 48
en-ZA English-SouthAfrica 65 6e 2d 5a 41
en-TT English-TrinidadandTobago 65 6e 2d 54 54
en-GB English-UnitedKingdom 65 6e 2d 47 42
en-US English-UnitedStates 65 6e 2d 55 53
en-ZW English-Zimbabwe 65 6e 2d 5a 57
et-EE Estonian-Estonia 65 74 2d 45 45
fo-FO Faroese-FaroeIslands 66 6f 2d 46 4f
fa-IR Farsi-Iran 66 61 2d 49 52
fi-FI Finnish-Finland 66 69 2d 46 49
fr-BE French-Belgium 66 72 2d 42 45
fr-CA French-Canada 66 72 2d 43 41
fr-FR French-France 66 72 2d 46 52
fr-LU French-Luxembourg 66 72 2d 4c 55
fr-MC French-Monaco 66 72 2d 4d 43
fr-CH French-Switzerland 66 72 2d 43 48
gl-ES Galician-Galician 67 6c 2d 45 53
ka-GE Georgian-Georgia 6b 61 2d 47 45
de-AT German-Austria 64 65 2d 41 54
de-DE German-Germany 64 65 2d 44 45
de-LI German-Liechtenstein 64 65 2d 4c 49
de-LU German-Luxembourg 64 65 2d 4c 55
de-CH German-Switzerland 64 65 2d 43 48
el-GR Greek-Greece 65 6c 2d 47 52
gu-IN Gujarati-India 67 75 2d 49 4e
he-IL Hebrew-Israel 68 65 2d 49 4c
hi-IN Hindi-India 68 69 2d 49 4e
hu-HU Hungarian-Hungary 68 75 2d 48 55
is-IS Icelandic-Iceland 69 73 2d 49 53
id-ID Indonesian-Indonesia 69 64 2d 49 44
it-IT Italian-Italy 69 74 2d 49 54
it-CH Italian-Switzerland 69 74 2d 43 48
ja-JP Japanese-Japan 6a 61 2d 4a 50
kn-IN Kannada-India 6b 6e 2d 49 4e
kk-KZ Kazakh-Kazakhstan 6b 6b 2d 4b 5a
kok-IN Konkani-India 6b 6f 6b 2d 49 4e
ko-KR Korean-Korea 6b 6f 2d 4b 52
ky-KZ Kyrgyz-Kazakhstan 6b 79 2d 4b 5a
lv-LV Latvian-Latvia 6c 76 2d 4c 56
lt-LT Lithuanian-Lithuania 6c 74 2d 4c 54
mk-MK Macedonian(FYROM) 6d 6b 2d 4d 4b
ms-BN Malay-Brunei 6d 73 2d 42 4e
ms-MY Malay-Malaysia 6d 73 2d 4d 59
mr-IN Marathi-India 6d 72 2d 49 4e
mn-MN Mongolian-Mongolia 6d 6e 2d 4d 4e
nb-NO Norwegian(Bokmål)-Norway 6e 62 2d 4e 4f
nn-NO Norwegian(Nynorsk)-Norway 6e 6e 2d 4e 4f
pl-PL Polish-Poland 70 6c 2d 50 4c
pt-BR Portuguese-Brazil 70 74 2d 42 52
pt-PT Portuguese-Portugal 70 74 2d 50 54
pa-IN Punjabi-India 70 61 2d 49 4e
ro-RO Romanian-Romania 72 6f 2d 52 4f
ru-RU Russian-Russia 72 75 2d 52 55
sa-IN Sanskrit-India 73 61 2d 49 4e
Cy-sr-SP Serbian(Cyrillic)-Serbia 43 79 2d 73 72 2d 53 50
Lt-sr-SP Serbian(Latin)-Serbia 4c 74 2d 73 72 2d 53 50
sk-SK Slovak-Slovakia 73 6b 2d 53 4b
sl-SI Slovenian-Slovenia 73 6c 2d 53 49
es-AR Spanish-Argentina 65 73 2d 41 52
es-BO Spanish-Bolivia 65 73 2d 42 4f
es-CL Spanish-Chile 65 73 2d 43 4c
es-CO Spanish-Colombia 65 73 2d 43 4f
es-CR Spanish-CostaRica 65 73 2d 43 52
es-DO Spanish-DominicanRepublic 65 73 2d 44 4f
es-EC Spanish-Ecuador 65 73 2d 45 43
es-SV Spanish-ElSalvador 65 73 2d 53 56
es-GT Spanish-Guatemala 65 73 2d 47 54
es-HN Spanish-Honduras 65 73 2d 48 4e
es-MX Spanish-Mexico 65 73 2d 4d 58
es-NI Spanish-Nicaragua 65 73 2d 4e 49
es-PA Spanish-Panama 65 73 2d 50 41
es-PY Spanish-Paraguay 65 73 2d 50 59
es-PE Spanish-Peru 65 73 2d 50 45
es-PR Spanish-PuertoRico 65 73 2d 50 52
es-ES Spanish-Spain 65 73 2d 45 53
es-UY Spanish-Uruguay 65 73 2d 55 59
es-VE Spanish-Venezuela 65 73 2d 56 45
sw-KE Swahili-Kenya 73 77 2d 4b 45
sv-FI Swedish-Finland 73 76 2d 46 49
sv-SE Swedish-Sweden 73 76 2d 53 45
syr-SY Syriac-Syria 73 79 72 2d 53 59
ta-IN Tamil-India 74 61 2d 49 4e
tt-RU Tatar-Russia 74 74 2d 52 55
te-IN Telugu-India 74 65 2d 49 4e
th-TH Thai-Thailand 74 68 2d 54 48
tr-TR Turkish-Turkey 74 72 2d 54 52
uk-UA Ukrainian-Ukraine 75 6b 2d 55 41
ur-PK Urdu-Pakistan 75 72 2d 50 4b
Cy-uz-UZ Uzbek(Cyrillic)-Uzbekistan 43 79 2d 75 7a 2d 55 5a
Lt-uz-UZ Uzbek(Latin)-Uzbekistan 4c 74 2d 75 7a 2d 55 5a
vi-VN Vietnamese-Vietnam 76 69 2d 56 4e
Tested launchers:
Nova: working except the search bar widget
Apex: working except search bar widget
HTC Sense: fully working
GEL: fully working
KK Launcher (except search bar widget)
Tested devices:
Nexus 5 (kk )
Nexus 4 (kk)
Galaxy Nexus (kk)
Nexus S (Slim Bean Android 4.3.1)
HTC One S (jb 4.2.2)
HTC One X ( Sense 5.0 android 4.2.2)
HTC One
Samsung Galaxy S4+cm11
Motorola Moto Gli (CM 11)
I'd like to thanks the following users for their contribution to the thread:
@Alex_95_Bo for testing this hack on his HTC
@Gu$houn*
@bob8x
@JOKERz
@luettsegler
@raul338
@jonata
@Jaggions
@Belgadon
@lukes91
@rodem77
@mycontradiction
Enjoy:good:

Thanks for the advice, I tried on my 4.4.2 HTC One and unfortunately it doesn't work: I do all the things you listed, reboot the phone, but as I launch Google Now it's like I just installed it because I get the tutorial and the file I edited goes back to the unedited version. I even checked the file after the save and before the reboot and it's edited: as soon as I reboot, it goes back to stock. Can you think about something I may have missed or did wrong?

teorouge said:
Thanks for the advice, I tried on my 4.4.2 HTC One and unfortunately it doesn't work: I do all the things you listed, reboot the phone, but as I launch Google Now it's like I just installed it because I get the tutorial and the file I edited goes back to the unedited version. I even checked the file after the save and before the reboot and it's edited: as soon as I reboot, it goes back to stock. Can you think about something I may have missed or did wrong?
Click to expand...
Click to collapse
Yes, you didn't give the permission to the bin properly, please check the screenshot folder at the beginning of the op and use Es file manager, and it will work
Inviato dal mio Nexus 5 utilizzando Tapatalk

hi mate,
possible to have a zip file to flash ?
tks bro

jonata said:
hi mate,
possible to have a zip file to flash ?
tks bro
Click to expand...
Click to collapse
Sorry there's no way since the bin we are editing includes all your account info
Inviato dal mio Nexus 5 utilizzando Tapatalk

memnoc said:
Sorry there's no way since the bin we are editing includes all your account info
Inviato dal mio Nexus 5 utilizzando Tapatalk
Click to expand...
Click to collapse
ok, tks a lot ...
---------- Post added at 01:57 PM ---------- Previous post was at 01:08 PM ----------
jonata said:
ok, tks a lot ...
Click to expand...
Click to collapse
do all in the guide, but it works only if I put english langiage in Google serach setting ...
where I'm in wrong ?

jonata said:
ok, tks a lot ...
---------- Post added at 01:57 PM ---------- Previous post was at 01:08 PM ----------
do all in the guide, but it works only if I put english langiage in Google serach setting ...
where I'm in wrong ?
Click to expand...
Click to collapse
What Language are you trying to enable?
Inviato dal mio Nexus 5 utilizzando Tapatalk

memnoc said:
What Language are you trying to enable?
Inviato dal mio Nexus 5 utilizzando Tapatalk
Click to expand...
Click to collapse
italian ...

jonata said:
italian ...
Click to expand...
Click to collapse
Then you have to follow the guide carefully, especially if you're on a nexus 5, see the screenshot folder to see how set permission and try es file manager if your explorer doesn't work
Inviato dal mio Nexus 5 utilizzando Tapatalk

memnoc said:
Then you have to follow the guide carefully, especially if you're on a nexus 5, see the screenshot folder to see how set permission and try es file manager if your explorer doesn't work
Inviato dal mio Nexus 5 utilizzando Tapatalk
Click to expand...
Click to collapse
solved now ...
problems was the right permission in folder it-IT
changed also the string en-CA in it-IT with decimal editor
now works like a charme
ths bro

jonata said:
solved now ...
problems was the right permission in folder it-IT
changed also the string en-CA in it-IT with decimal editor
now works like a charme
ths bro
Click to expand...
Click to collapse
No need for hex editor, but if you'd like to share what program you used I'll put an advise in op... Glad it's working
Inviato dal mio Nexus 5 utilizzando Tapatalk

memnoc said:
No need for hex editor, but if you'd like to share what program you used I'll put an advise in op... Glad it's working
Inviato dal mio Nexus 5 utilizzando Tapatalk
Click to expand...
Click to collapse
used free soft called HxD editor ...

jonata said:
used free soft called HxD editor ...
Click to expand...
Click to collapse
I found out you can do it from the phone easily, I'll post the how to later...
PS. I'm curious, is offline dictation working for you guys?
Inviato dal mio Nexus 5 utilizzando Tapatalk

Hey, thanks A LOT, working great on N4 with czech language /cs-CZ/. :good:
memnoc said:
Nova: working except the search bar widget
Click to expand...
Click to collapse
On Nova Prime 2.3 can't access it from homescreen, is it correct according to this quote? On GEL everything works flawlessly.
P.
//EDIT: I have search bar enabled on Nova.

memnoc said:
I found out you can do it from the phone easily, I'll post the how to later...
PS. I'm curious, is offline dictation working for you guys?
Inviato dal mio Nexus 5 utilizzando Tapatalk
Click to expand...
Click to collapse
ehm nope, offline or online dictation is setted to english outside google now, despite the fact the tooltip shows "italiano"....
[I'm wandering if there are only italians in this thread...]

hi Bro
nice hack.
im little confused what should i use as prefix for my country . im from Sri Lanka ( and i dont even get Gnow in search too )
any suggestions how i do this?

As I posted in the deleted thread, will this work with offline commands? Elsewhere there's an easier procedure...

gpvecchi said:
As I posted in the deleted thread, will this work with offline commands? Elsewhere there's an easier procedure...
Click to expand...
Click to collapse
Post a link for that procedure, but if it's that one that involves hex editing I already tried it with no success.. Sorry for the deleted thread, according to moderation rules seems I can't post the same thread more than once even in different places
Inviato dal mio Nexus 5 utilizzando Tapatalk

how i have to change it if i want it in german?
ger-GER ?

Gu$houn* said:
Hey, thanks A LOT, working great on N4 with czech language /cs-CZ/. :good:
On Nova Prime 2.3 can't access it from homescreen, is it correct according to this quote? On GEL everything works flawlessly.
P.
//EDIT: I have search bar enabled on Nova.
Click to expand...
Click to collapse
Yes it's ok, unfortunately something in Nova launcher blocks the speech recognition from the widget
bob8x said:
ehm nope, offline or online dictation is setted to english outside google now, despite the fact the tooltip shows "italiano"....
[I'm wandering if there are only italians in this thread...]
Click to expand...
Click to collapse
It doesn't work for me either
Dilesh Perera said:
hi Bro
nice hack.
im little confused what should i use as prefix for my country . im from Sri Lanka ( and i dont even get Gnow in search too )
any suggestions how i do this?
Click to expand...
Click to collapse
Is your language supported in the language list under the 'voice/language' menu?
Inviato dal mio Nexus 5 utilizzando Tapatalk