Hi everybody,
I would like to extract the original SPL from my Kaiser.
After reading some posts, I suppose I have to use pmemdump, but you need to specify an offset and a lenght in bytes.
Can someone tell me the right parameters for the kaiser, please?
Info from the bootloader:
KAIS130
SPL-1.94.0000
CPLD-8
Thanks in advance
Any special reason beside brick your device ?
Pisca said:
Any special reason beside brick your device ?
Click to expand...
Click to collapse
Hi,
maybe I misunderstand the posts I've read, but I don't see any warning on the risk of bricking the device.
For example I saw this in reply to how to dump the SPL from the HTC Touch:
"use pmemdump from itsme's utils.
Code:
pmemdump 0x88000000 0x80000 spl.nb
The address might not be 0x88000000, if not, try 0x9c000000 instead. I'll try and remeber to check the offset tonight .
Dave"
Is the risk real instead?
I think the size should be only 0x40000, because Kaiser has only 256kB SPL IIRC. Not sure about the address though...
OndraSter said:
I think the size should be only 0x40000, because Kaiser has only 256kB SPL IIRC. Not sure about the address though...
Click to expand...
Click to collapse
Thanks for the info.
I'll do some more investigation to find the correct address.
Can you confirm me that I risk to brick the device, as posted above ?
I'm not sure there is any way to brick your device, it is just dumping memory, not writing to NAND
When I mention bkicking your device that's because SPl it's a very delicate place to mess around, and I never see anything about dumping SPL for any reason, but I might be wrong
You can dump SPL by either JTAG or from memory. Because when phone boots and SPL starts, it gets copied to RAM as first thing and gets executed from there. And pmemdump dumps from there, you can dump whole RAM via pmemdump I bet. It just reads memory from some base address for some length and saves to file . It shouldn't touch NAND at all.
Related
I need to restore my original T-Mobile ROM to send the hardware in for repair. I have tried ROMS supplied from 2 different sources to no avail. They are all exactly the same size... 33292288. Everytime I try to use the OSImage Tool to copy it to my 256MB SD card, I get this error immediately...
C:\....\tmo.nb1: incorrect filesize(33292288), file should be exactly 32243712 bytes error opening input file.
I am stumped. Anyone know how to get by this?
mmm, the top 1M of your nb1 does belong in the os image part of the rom,
it contains the save contacts etc.
you can either delete it yourself using a hexeditor or other binary file editor.
Your file has to end at offset 0x01ec0000
or wait until I make osimagetool less strict. ( which might not be soon )
Just for the hell of it I'd give XDArit and try, you never know
it might work!
HTH
XDA developer Itsme said:
mmm, the top 1M of your nb1 does belong in the os image part of the rom,
it contains the save contacts etc.
you can either delete it yourself using a hexeditor or other binary file editor.
Your file has to end at offset 0x01ec0000
or wait until I make osimagetool less strict. ( which might not be soon )
Click to expand...
Click to collapse
Would you mind editing it for me if I sent the file to you? I could let you ftp the file and then replace it. I need to get this device in for repair because my contract is almost up... in less than a month. Thanks.
ok, better do some programming than fileeditting.
update is at http://www.xs4all.nl/~itsme/download/oit_105.zip
you have to start it with a commandline option '-f' to disable filesize checking.
Still no good. Now I get ... Error writing 00008000 bytes to 00b18400: Data error (cyclic redundancy check). I've tried two different T-Mobile images from two totally different people and the files are the same size, and they both get the exact same error. Any ideas?
when does this error occur? in osimagetool?
this would point to a faulty sd card I think.
It happens mid way through the load in OSImage Tool... loading to the SD Card. I've been using this card for a year... just about full of stuff... and never had a problem before. Even used XDArit to grab an image from my XDA, and to load the XDA Developers ROM onto it. I'll see if I can get another card. Thanks for trying help me figure this out. I may try the card in a store on a display unit and see if I can grab an image with the bootloader.
Hi folks
I have the same problem that Mike had - the one with the wrong filesize.
Unfortunately the posted link to the updated version of OSImagetool is down. Is there any chance someone could fix that?
Thank you very much in advance.
Chris
hippokrates said:
Hi folks
I have the same problem that Mike had - the one with the wrong filesize.
Unfortunately the posted link to the updated version of OSImagetool is down. Is there any chance someone could fix that?
Thank you very much in advance.
Chris
Click to expand...
Click to collapse
You can get it at:
http://xda-developers.com/~itsme/download/oit_105.zip
HTH
Stefan
Vielen Dank / Thank you very much it worked just perfect.
By the way, this could also be interesting for you Stefan: the reason I was searching for the OSImage Tool was because of the german ROM 4.00.33 Mathias was so kind to share. It is the first german version I could get my hands on and i now have the good old qwertz-keyboard back.
Mabye Jeff or someone else could put it into the kitchen for all german/swiss/austrian XDA users ??? I would think a lot of people would appreciate this.
Chris
Please check it out from xda-dev's ftp server.
what is the procedure to backup the radio alone?? please let me know
What is the instructions to "load" this radio rom to magician?
ya thats what I meant to
why is this radio smaller than all of the others? is it safe
To backup radio rom:
enter bootloader mode and in mtty issue command:
d2s 60000000 300000
this will dump radio rom to SD card then use ntrw or winhex to save backup in PC. End of backup file is HTCE in ASCI (48 54 43 45 hex).
To write 1.13 radio, you have to replace 444 first bytes (1BC hex) in file using bytes from your backup. Write file to SD card using ntrw or winhex. Put SD card to PPC and enter bootloader mode, it will ask you to press power button to procede flashing. I think it will work this way but I'm not 100% shure! Be extremely carefull you can destroy your device!
shamus is right. People in China have flashed the radio ROM to 1.13 using this method. If you can read Chinese, you can find details in the link:
http://www.hi-pda.com/forum/viewthread.php?tid=263959&fpage=1&sid=pIA2Ts
I have already upgraded mine to radio 1.13. The sound volume seems to be much louder and so far, there has been no GPRS error, etc.
I can confirm my speculations 1.13 radio ROM works on my MDA Compact now :twisted:
thanks for the instructions it worked perfect. once again I am at the forefront of convergance technology, for a few minuets :lol:
I'm not sure about this procedure hard-resetting my device after a (succesfull) flash. Will the Radio-ROM-only update cause a hard-reset, or will all my data be intact afterwards?
@Jainoxi: Once you entered bootloader mode all your data is gone - no matter whether any flashing has taken place.
@shamus: Your successful message tempts me to try it myself. And it was also new to me, that Radio ROM could be backed up (as well as being flashed the low level way).
@Chatty: I thought that entering the bootloader would preserve the data. Just flashing would hard-reset... Oh well, have to make a full backup then
shamus said:
To backup radio rom:
... End of backup file is HTCE in ASCI (48 54 43 45 hex)....
Click to expand...
Click to collapse
Should I cut all data before this point, and discard the rest, or leave it like it is, and only change the first few bytes?
EDIT: Shamus, nevermind, figured it out. Just copy the first 444bytes from your saved Radio ROM to the new 1.13.00 ROM, and do nothing else to it
This sounds cool! Would be a dream come true to get rid of the GPRS problems! I rather wait for someone to make a cab and upload it though..
Forget about a .cab file. It's not gonna happen. But no doubt a normal ROM update with this new 1.13 Radio will soon be available, making life a lot easier
I took the 30 minutes out of my life, though, to do this update now. No problems whatsoever and it appears to be running just fine. But don't expect this to cure the GPRS problems. They seem to be related to the later versions of Caller ID and not the Radio, according to another thread on this site.
where is the new radio files?
they dont seem to be in the /Magician/Radio directory?
cheers....
awharton said:
where is the new radio files?
they dont seem to be in the /Magician/Radio directory?
cheers....
Click to expand...
Click to collapse
On the XDA-Dev FTP: /Uploads/Magician/radio1.13.0.sd.rar
I've completed this update succesfully as well. Running like a charm in the past hour
Could anyone post this radio on http://rapidshare.de/ or other similar (http) site ?
Because I have difficulties to access ftp.
Please, share It
Thanx in advance.
running:
d2s 60000000 00300000
doesnt seem to do anything. when u rin just d2s it dumps the whole ROM. What am I doing wrong?
cheers...
You must write the command in the window, not just cut and paste...
awharton try to type d2s 60000000 300000
Radio 1.13.0 SD Card upgrade failure
Error :
SD Download
=========
Section =1
Not Allow
Update!
Right now when the PPC soft reset the right of botton corner display NO GSM
Please Help me Thanks a lot.
didnt you save your origional radio?
or just try again??
it worked for me first try. what did you do??
You should have overwritten the first 444bytes of your 1.13 ROM with 444bytes a SD card backup of an older Radio ROM!
thanks your adivse let try again
416 bytes would be ok, I have done and works fine.
What software do you use to replace the bytes?
Hex Editor, you could find it at the ftp server of xda-developers.
/Magician/Tools/Backup_tools1/
rjtd said:
What software do you use to replace the bytes?
Click to expand...
Click to collapse
I am usng the Hex editor
gradius44 said:
416 bytes would be ok, I have done and works fine.
Click to expand...
Click to collapse
Be very carefull with that. This is NOT a full ROM backup, so the layout is different. I would strongly suggest copying all the bytes, or you could end up with that dreaded paperweight.
what if you don't do the 444 bytes things ?
can you just copy the radio as is ?
thanks
I have no clue, and I would never try to do it. Far too big a risk to take, just to save 1-2 minutes...
i say this because I don't understand this part (overwriting the 440 Bytes from 1.13 Radio with the 440 bytes of my older radio 1.12 )
is that this way or vice versa ?
When you open an hex editor ? What do you see ? how can you see this is the first 440 bytes ?
thanks man if you can help me
Those first few bytes, in this case 444 of them, contain an unique device ID. That ID is needed to 'authenticate' the ROM-image when being flashed to the device. I've tryed to flash my Magician without patching my new ROM with a number of bytes from the older (backup) ROM. The device gives my some freaky error, but nothing else happens, since the bootloader detects a 'bad' ROM.
hi,
New to the "ROM update" world, i've succeded in installing the French Rom V1.25.406.1.fr on my HTC Cruise (Polaris).
My "problem" was this red and very ugly "SFR / vodafone" splash screen. Then, i searched on the forum to find a way to change this screen and found this thread :
"How to kill vodafone startup" : http://forum.xda-developers.com/showthread.php?t=368421&highlight=sfr , redirecting to a ...Trinity thread.
I arrived to the WIKI page dedicated to this : http://wiki.xda-developers.com/index.php?pagename=Trinity_SplashScreen and followed instructions using "mtty" :
USB> task 32
USB> lnb finalsplash.nb 500e0000
USB> task 8
USB> task 32
USB> lnb finalsplash.nb 50140000
USB> task 8
The device restarted twice (after each "task 8" command), and now offers a white startup screen, but keeps on loading WM6 FR correctly. So there has been a problem while updating the screen but did not cause a dramatic failure.
I then restarted the device in booloader mode and found that the description in the red section had been sort of corrupted.
It now displays :
::::::::::: MFG
SPL-2.20.01inex
CPLD-2
As it looks strange to me, and as i can't find a way to have a proper splashscreen i decided to reinstall the ROM package. But when starting to install i now get this message "ERROR [244] : INVALID MODEL ID". On this error screen is also diplayed a kind of serial number on the right bottom, and it looks "corrupted" as far as i remembe i saw such number ant it was normal during my first installation. It now displays : "N-&ààaâäae-S-PPND./01*"
After this quick recap, i would be very please to find help for any tech guy (or not) who could find a way to get install a proper ROM on my device that will be updatable again.
hope i'm clear (i understand this can be a little messy ..), and i really hope someone will help me get rid of this.
thanks guys.
Mef said:
As it looks strange to me, and as i can't find a way to have a proper splashscreen i decided to reinstall the ROM package. But when starting to install i now get this message "ERROR [244] : INVALID MODEL ID". On this error screen is also diplayed a kind of serial number on the right bottom, and it looks "corrupted" as far as i remembe i saw such number ant it was normal during my first installation. It now displays : "N-&ààaâäae-S-PPND./01*"
After this quick recap, i would be very please to find help for any tech guy (or not) who could find a way to get install a proper ROM on my device that will be updatable again.
hope i'm clear (i understand this can be a little messy ..), and i really hope someone will help me get rid of this.
thanks guys.
Click to expand...
Click to collapse
well congratulations for managing to find the place it stores the Model ID, hard luck for managing to wipe it.
what I'll do is rbmc my device and dump off my nand so you can write back a valid ModelID... but in the worst case scenario I can just bung you a patched SPL to ignore the model ID.
I think I'll post the correct addresses on the wiki... also, rather than committing suicide like that, in future, build an NBH properly and the device takes care of the addresses for you.
oh, one other thing, could you please check and see if your WLAN is dead or not.
Thx for your time dude. i feel so stupid ...
oh, one other thing, could you please check and see if your WLAN is dead or not.
Click to expand...
Click to collapse
I've just checked my WLAN. it could correctly open a WPA TKIP session on my router and browse mobile.htc.com with Internet Explorer.
That must mean it's alive and working i think.
yeah... unicode string at 0x50104000
I think we can probably recover you if we make a 0x100 byte file with the appropriate data and lnb it to that address
OK, I've reconstructed you a ModelID to flash using lnb...
command is
lnb 50104000 thefile.nb
(where thefile.nb is the filename of the NB in the zip... please remember to extract it)
That's really great news. I'm crossing fingers. thx.
Guess what ?
The bootloader now dipslays "POLA100". Big thank Olipro !
I'm on my way to have a ROM UPDATE in order to know if i can give you the title of fu*** genious of the day or not
PS : correct command is "lnb thefile.nb 50104000"
ROM update successful, title confirmed !
Cheers Olipro
yes, my mistake, it's file then addr.
incidentally, the correct address to lnb the splash screen to is 0x50140000 and 0x501A0000 respectively.
Mef said:
ROM update successful, title confirmed !
Cheers Olipro
Click to expand...
Click to collapse
Oooppss! you missed to click on the "Olipro you're Great" Button
You know whether to replace the splash "welcomehead.96."
I am trying to copy in the folder of Windows, but it doesn't go.
I have the Italian original rom.
Now i'm really confused...after trying to run hard_spl-G4, when the system is checking my herald DOC Chip, appears an error claim (REXX error): SPL_Version has no value (?).
SPL version shown during bootloader is 5.04.0000
Any ideas? Please, help me out and thank you all
the herald doesn't have a g4 or a g3, which leads me to believe that you're not running the herald HSPL. thats REALLY REALLY bad.
you're lucky your phone hasn't been bricked. Or maybe it might have been. One doesn't know.
Anyway, make sure you are using the herald HardSPL. There's a thread somewhere in the herald forums named something like "HardSPL- working!"
NEVER flash something from another device onto your herald. Your device could turn into an ugly scaled monster and swallow your head
fzzyrn said:
the herald doesn't have a g4 or a g3, which leads me to believe that you're not running the herald HSPL. thats REALLY REALLY bad.
you're lucky your phone hasn't been bricked. Or maybe it might have been. One doesn't know.
Anyway, make sure you are using the herald HardSPL. There's a thread somewhere in the herald forums named something like "HardSPL- working!"
NEVER flash something from another device onto your herald. Your device could turn into an ugly scaled monster and swallow your head
Click to expand...
Click to collapse
I agree....
Like i said in the other post. try ASERG's method.
http://forum.xda-developers.com/showpost.php?p=2008521&postcount=308
and again good luck
lol...this could really turn into a monster nightmare...
Anyway, I'm trying the Aserg method that seems very easy...the .cab file installs ok but can´t move forward with the !RUN-hard-spl.exe.
I get an error message that says that the file is not a valid ppc application.
Can I try running it from my pc via USB cable??
Still can see the light at the end of the tunnel
Hey guys, can anybody guide on how to run the .exe file from Aserg's method (!RUN-hard-spl.exe)?
I can't figure out how to do it from my ppc. Can I run it from my computer? Please, don't want to brick my herald!!