Database Users

[Prophet] Downgrade/chaning IMEI

Hi there,
I am trying to change the IMEI of my telephone, as the compagny I work only accepts calls from particular IMEI's. Otherwise you connect to the helpdesk.
We get our phones from the company (I now have a w800i)
There is a guy who bought a new phone, and swapped his IMEI, and now he can use it.
I want the same with my QTEK s200. After a little research I found out that I have got a G3, which is good.
So I downloaded the aWizard to CID unlock my phone.
Unfortunately, I get a memory write error.
Here is the output of the program:
Code:
Initializing............CID unlocking mobile... DO NOT DISCONNECT UNTIL THE PHONE REBOOTS!
[11:52:54,03] MachinaGod lokiwiz start
CopyTFFSToFile(0x0, 0x10000, lock_backup.bin)
g=80: c01bfbc4 - 194d4405ca5a3c83
Key idx: 80
olddata: 1dc8c1d25668fee6cf1fe68e3909881c9a755d0b48d3d48455d9139a00635f1c
newdata: a6c5603436eb0021172bf3cc57b1a8bd7ae6cc16f96812e97ae6cc16f96812e9
newsum=f4044942 encsum=0dabbbed53ee8789
This exe file was created with the evaluation version of Perl2Exe.
For more information visit http://www.indigostar.com
(The full version does not display this message with a 2 second delay.)
...
CopyFileToTFFS(cidunlocked.bin:0, 0, 00010000)
ERROR: ITWriteDisk - An internal error occurred.
result=80072745
[11:53:06,80] Your phone is now CID unlocked....
Store the generated 'lock_backup.bin' file in a safe place. It can help to restore your device if anything goes wrong.
* Press [Enter] to continue
Its on the 6'th last line.
Next up I download iWizard, I open it, and the program reads out the IMEI succesfull, but it doesn't write.
What to do? Can anyone help me out?
If I didn't supply enough info, do not hesitate to ask for more.

I guess a real solution would be not to change your IMEI but to ask your company's administrators to accept your actual IMEI ?

QC BQS Ana*lyser 3.0 - Universal QC Tool

Hi there boys and girls ... for those interested ....
QC BQS Ana*lyzer 3.0
What is it ?
-----------
Let's call it the ultimate BQS / QC swiss knife and very special Crypto Tool (RSA Signature Calc can be used for any mobile):
BQS only :
----------
1. Load AMSS to extract files or useful infos
(EF81, E81C, EF91, SXG75, EF82, SF71, SL91, M7 or similiar ones)
Features :
Extract Infos from AMSS : USBID, Product.Nr., SVN, SwBuild, Mobiletype
Extract internal filesystem (mif,bar,sig etc. files)
Extract certificates
Extract all BMPs,GIFs,PNGs, JPGs
Extract AMSS signature bytes (if production key)
Show all file references used by mobile
2. Sim_Secure extraction/decryption (non-public)
3. Master-/Usercode/Unlock extraction and direct unlock (non-public)
All QC :
--------
1. Load Partition File to get overview about NAND/NOR structure
2. Make usage of QCs Diag Interface .... to do nice things
(Useful for any QC mobile in the world)
Standard Features :
-------------------
- Send standard diag commands or any hexadecimal command you want (database included)
- Read out all NVItems (range given)
(all that exist, more than QPST normally extracts)
- Backup and Restore all NVItems
- Read out and Dump Firmware in Memory (IRam)
- Read out complete EFS
- Switch to FTM Mode (or anything else you want)
- Get infos about phone ..... etc ..... a lot more functions
- Generate SimSecure Command to write to SimSecure using given file (may brick your phone when used without knowledge)
Bootloader / DownloadMode Features :
-------------------------------------
- Load any file to mobile at any address and execute (bootloader f.e.)
- Read out complete NAND Memory using bootloader (range given) with included MSM6250/A bootloader or any given bootloader
Usage : Take out battery, put in battery, press ON # to enter emergency mode, Execute Loader
or (with SL91,SF71 f.e.) enable FTM mode, Execute Loader
- Use any Download Mode or Bootloader Command to experiment
- Read application memory of newer Diag Ver 6 in Download Mode
- Show complete infos about used NAND after loading of Bootloader
Flasher Features :
-----------------
Flash any QC mobile (OBL Multiboot) with given bootloader
- Flash PBL (dangerous), QCSBL, QCSBL Header and Config Bits, Partition, OEMSBL, OEMSBL Header, AMSS, AMSS Header and EFS
3. Crypto Function :
-----------------
- Calculate CRC-30, SHA1 and MD4 of any file
- Bruteforce bytes to fit CRC-30 needed when qcsblhd_cfgdata.mbn was edited
- Decrypt any RSA-Message, including ASN-1 / SHA Signatures.
- Check firmware signature given Modulus and Exponent
4. Sim_Secure extraction/decryption (non-public)
5. Full Feature JTAG Interface (non-public)
Although it is still a bit buggy and things have to be speeded up ...
it is the successor of AMSS Analyzer .... but more reliable and even much faster
Planned in future :
-----------------
1. Bugfixes
2. Tooltips showing real addresses in graphical window
3. EFS2 Directory Browsing
4. Elimination of extracted files in amss.mbn for better understanding
5. Simple NVItems Editor
6. Porting NVM hack already working with JTAG to COM/USB
7. AMSS signature hack, Exploit for Signature (this will be a tough task)
8. Read out SMS / Addressbook via Diag Interface
NO UNLOCKING ! PLEASE DO NOT REQUEST. THIS PROJECT IS FOR EDUCATIONAL PURPOSES ONLY, NOT TO HARM COMPANIES FOR THEIR EFFORTS.
What we need :
----------------
- Any contribution to the project is welcome.
- Donations for new hardware and software for further development of this tool.
- We need support in programming and documentation XD
Link to the project files :
------------------------
Version 3.00 Fruit Assassin (Major Release)
http://code.google.com/p/qcbqsanalyzer/downloads/list
Cya and keep on reversing,
Viper BJK
For full source, see project homepage.
If you think my tool is useful and you would like to donate some money for further development, feel free to do so :
http://viperbjk.beepworld.de/

great stuff, I admire your work, this has been used to partially unbrick a htc titan (work in progress still, as it crashes on some bit of code in init god knows why).

Hi.
New Version supports MSM7200.
Maybe take an look.
Code:
New version 3.42 out
--------------------
What's new ?
-------------
- Find public keys in HTC SPL.nb via Cryptosearch
- Added Public Keys for [B]HTC[/B] Firmware (Diamond, Kaiser, Raphael)
- Exponent bugfixes
- New RSA Decryption interface
Feedback are welcome.
Thanx.
Best Regards

Forbidden
Your client does not have permission to get URL /p/qcbqsanalyzer/downloads/list from this server.
bad link
Link to the project files :
------------------------
Version 3.00 Fruit Assassin (Major Release)
http://code.google.com/p/qcbqsanalyzer/downloads/list

Does this software works on new phones, or is there any similar software?

[INFO] "New User Guide Terms Android"

we decided to extend this guide in more threads, to give new users the chance to read more easily
Hi! I saw that many (myself initially) fail to understand the discussions of various topics of modding on this and other forums because of certain terms that are now characteristic of speech in any argument.
-Android operating system for mobile devices based on Linux kernel. Android is an open source project developed by the Open Handset Alliance (OHA). Google was the first company to work on Android and HTC has designed and implemented the first Android phone.
-ADB (Android Debugging Bridge): application via command line (command prompt, DOS), is used to flash rom, make changes to the system, backup, install applications (using the command: adb push nomeapp.apk / system / app /), copy files from your device to PC (via the command: adb pull / path / inside / of / Android / filename nome_file_destinazione) and more. ADB is a tool included in the SDK of Android that allows you to manage your phone simply by connecting it via USB. For programmers, ADB is also used to execute commands on a virtual machine Android. detailed instructions.
- Apk (short for Android Package): is the file format used to install the Android software (it works similar, more or less, that is for Windows. Exe). Renaming the extension of this file. Zip you can open it with any operator of compressed files.
-App or Apps: abbreviation of the term application or applications
-App2sd (A2sd): procedure inherent in many Roma coocked, to move applications installed, or install later, the memory card instead of phone memory. to use it you must have an ext2 or ext3 or ext4 on the memory card. part of the application (the Dalvik cache) is still stored in the smartphone does not reduce the speed of execution. app2sd this is not to be confused with the various applications on the market, as those of the market allow the movement or storage of only applications that allow it.
-Bootloader (FASTBOOT): phone mode (while connected to USB mode with usb debug enabled) through which you can do many things, including obtaining root permissions, flash ROM, make backups, pushare files, remove files etc. ... the bootloader mode varies from terminal to terminal, refer to those sections for how to go into bootloader on your device.
-Brick (brickare, brickato): literally (translated in Italian) "BRICK". making the cell like a brick, a something of unusable if not as paperweights.
-Digital compass: The digital compass is able to detect the direction in which the device is pointing. This information can be used together with an appropriate mapping software to assist in navigation to unknown places.
-BusyBox: BusyBox is important because it lets you install it on your Android poteziare with many basic Linux commands. In fact, some powerful programs, such as Titanium backup and others, use busybox to carry out the instructions. In virtually a few kb there are so many beautiful little programs. guide: using titanium or backup.
-Cache: a temporary memory in which data are stored as may be eliminated without compromising the functionality of the system.
-Digital certificate: encrypted code issued to two or more parties by an authorized organization, and used to verify the identity of those parties by exchanging their public keys.
-Cupcake: Android 1.5 or relaise first official operating system pounces April 13, 2009
-Encryption: Procedure for the encoding of a systematic bit stream before transmission, aimed at avoiding that the contents can be decrypted by third parties.
Dalvik-Cache: cache used by the system to increase the execution speed of programs.
USB-Debug: mode of Android that is (turning the feature on your device via menu / settings / apps / Development / Debug USB) to allow the system to undergo special modifications.
Direct-Push Technology: Direct Push technology (push e-mail capabilities), developed by Microsoft, lets you receive new e-mail messages on their device, they are not received by your mailbox Inbox or Exchange Server. Items such as contacts, calendar and tasks are immediately updated on the device if they are changed or added on the Exchange Server.
-Emulator: it is found in the SDK and is a software that allows you to emulate (simulate) an android device. usually serves to developers (developers) to test applications.
-Digital Signature: A digital signature assures the recipient about the identity of the person who sent the file, and the absence of alterations made ​​after signing this.
-Firmware: Software comlpleto the phone, android rom often contains (the only operating system) the radio (software designed to handle all communications) and hboot (the part on the base, and boot management and partition of the phone) . The format depends on the parent company that issues them and shall be flashed through the tool or program.
-Flash (flash, flashed): install, installed.
-G. E. often written or GE (Google Experience): There are those phones that have the OS (see ROM for a definition) fully developed by Google without any addition or customization by the manufacturer that sells the device (for example the number of mobile Nexus is entirely GE). This designation often means that these phones are the first to receive updates of new versions of Android, because there being no additional software, as well as those developed by Google, the release is much quicker.
Another (more common) is that With Google.
Are those phones that despite having some customization software by the manufacturer, are fully compatible with the Google software and services with Android.
-GPRS: GPRS (General Packet Radio Systems - Radio systems for generic packages) is a data service for mobile devices. It is available for the devices that meet the GSM standard.
-GPS: GPS (Global Positioning System - Global Positioning System) is a radio navigation system based on satellites that allows the DENTIFICATION of a geographical position through a triangulation of points. The GPS is used on mobile devices for applications software for navigation.
-GSM: Short for Global System for Mobile communications (Global System for Mobile Communications), is the platform for mobile computing worldwide.
-HSDPA: HSDPA (High-Speed ​​Downlink Packet Access) is a technology for mobile devices that allows higher data speeds than traditional networks. Often referred to as 3.5G for faster downloading.
-HSPA: HSPA (High-Speed ​​Packet Access - High Speed ​​Packet Access) is a technology for mobile devices that improves the speed at which you can send and receive information on their mobile device. HSPA technology is used in 3G networks.
HSUPA: The HSUPA (High-Speed ​​Uplink Packet Access - access to packages for the high-speed) is a technology for mobile devices that provides (along with HSDPA) the possibility of having connections with fast download and upload very high by optimizing use of bandwidth.
-HVGA: The HVGA (Half-size Video Graphics Array) indicates a particular display resolution of 480 x 320 pixels.
-hboot: the part on the basis of partition and boot management and the phone
-Kernel: is the essential part of any operating system. Without going into technicalities, it manages hardware (drivers and other information about the hardware, for example). Android uses a modified Linux kernel and is entirely open source (ie source code is freely available and modifiable).
- Launcher: It 's the software that handles the desktop (icons, widgets, wallpapers etc..) Android operating system. In essence, is what appears when you access the phone after the unlock screen, called Lock Screen (see below) if it is enabled.
Android allows for excellent customization Lacuncher. Although all versions of Android will already have a default, it is possible (when this option is not blocked by the manufacturer) install as many as you want from those in the Market. Launcher The best known of those owners are not ADW Launcher, Launcher Pro, Helix Lancher.
Most producers customize more or less heavily, their phones (as long as they are not GE, see above), and modification of the launcher is usually the most common personalization. Motorola for example sviluppaMotoBlur (non-removable, and includes an additional set of changes including the Launcher), the HTC the Sense (removable; this also includes modifications to the deepest only launcher which also include the framework), Samsung TouchWiz the (removable) etc..
The change of Lacuncher makes it very often no longer available widgets developed for another Launcher.
-Leak Leaked or (escaped): this refers to the ROM or firmware that (strangely) escape to the Mother House, and is circulated on the net. are semi-official, in the sense that they are developed directly from 'manufacturer, but are not officially released (and therefore not fit to restore the guarantee of a device).
Screen-Lock or unlock screen: is the screen that appears after turning on and / or whenever you press the on / off the phone. Used to not press the keys when not using the phone. It requires a combination of specific touches, or gestures to be "removed"
-Nandroid (found in the recovery as amended): application that creates an image of the entire operating system, like norton gost and true image for windows.
-ODEX: type of compression that is used to free up memory and speed up your system. ODEX unzip the file compresses everything and creates a file. ODEX dall'apk deleting the file. dex then you end up with after launcher.apk and launcher.odex (so 'you have saved so much space and improved
the speed reading application). rom the ODEX can not be changed the subject.
-OTA: Over The Air - system that allows applications to receive updates directly from the network or system
Ext2/ext3/ext4-partition: partition on the memory card (which usually can be made using modified recovery) used to install applications on this media instead of filling up the phone memory. the ext is a type of file system used on Linux and is seen as part of the Android smartphone's internal memory. to partition the SD card in the sections and guides for your device.
-Profile A2DP: Advanced Audio Distribution profile (Advanced Audio Distribution) is a specification that refers to how two Bluetooth devices can transmit and receive streaming high quality audio. The A2DP allows the transfer of a unidirectional stream audio in stereo with two channels, such as music from one phone to a headset.
-Pull: used command in command prompt (eg adb pull / path / inside / of / Android / filename nome_file_destinazione) copy to your PC for a file or folder in the Android system.
Radio-or banda or baseband (not the FM radio): software designed to manage all the communications device (phone, wifi, bluetooth, gps, etc. ...
-Recovery: a kind of mini operating system that is used to retrieve the cell from critical situations (brick, malfunction, etc. ....), do nandroid backup, perform the wipe, flash rom coocked and file format. Zip. The Recovery is properly called Recovery Mode and means the recovery mode in which you can perform actions such as, installing updates, format the phone, format and partition the SD and more. Updating the recovery.img (you can also do without the root) with a different and we have modified provisions advanced features without having to do other steps.
-RSS: RSS (Really Simple Syndication - Guild simple): indicates an Internet protocol used to distribute information that is updated frequently, such as a blog on the Internet, audio or video broadcasts or news headlines.
-Rom: the operating system. coocked roms are usually in. zip and go through recovery flashate
Coocked-Rom: cooked rom, created by chefs (who put together parts of rom applications, modifications, patches and so on) composed and enriched with new features
-ROOT (I take verbatim from androidpedia): What is root? In Unix-like operating systems is denoted by the root user with the highest privileges, ie, system administrator, also known as super user or superuser. (Cited in Wikipedia). Android being a linux system, then the user is root, which allows you to have total control of the phone. What a privilege we have to have root permissions? We have TOTAL control of the telephone. rootare the procedure for your device varies from terminal to terminal, consult the relevant sections to find out how to make your root device ..
G-sensor (gyro): The G sensor detects the position and movement of your device. It helps to orient the display to view both vertically or horizontally depending on how you hold the device. The G-sensor can be used in games to control the actions and other applications that require a movement to be able to be activated.
-SDK (software development kit): Software development kit, which we find in the tools folder that contains the file ADB. You can download it from for all platforms (Windows, Linux, Mac OS).
-S.O. (operating system): see ROM. In fact ROM and SO tend to coincide but while the first term is used to indicate the contents of any memory or the memory itself (it is in fact for Read Only Memory), the second indicates more specifically at a very specific piece of software and not any content that a memory can accommodate.
-Streaming: The term indicates the transmission of streaming audio or digital video using the Internet.
-Superboot: method to become the superuser (root-administrator) of your smartphone, with which you can make changes to the system, such as flash ROM, modify system folders etc. ...
-Tap (capped, plugged): equivalent of left-click on PC, then click in, clicked. TAP LONG = equivalent to right click on pc
-Thetering (wifi, bluetooth and usb): Mode is a connection between the phone is another device (mostly PC), through which you can take advantage of the internet's first, and basically use it as a modem, the second ( which as I said before can be a PC or another phone yet). May be predominantly via USB connectivity, bluetooth or wifi phone.
-Tablet is a tablet device that differs from a smartphone to the screen size (usually greater than the 5 "and for its strong propensity to navigation and document management. It usually does not incorporate a module for telephone calls (one exception is the Galaxy Tab), but often have a data connection via 3G or 4G as well as the WIFI.
Google has developed a special version of Android, called HoneyComb (3.X) for release in 2011. Nevertheless, there are Tablet with Froyo.
-VGA The VGA (Video Graphics Array) indicates a resolution of the display of 640 x 480 pixels.
-WCDMA: The WCDMA (Wideband Code Division Multiple Access) is a protocol for the transmission of data in a 3G cellular network.
-WVGA: The WVGA (Wide Video Graphics Array) indicates a display resolution of 480 x 800 pixels.
Wipe Dalvik-CACHE: reset the system cache. amended by recovery takes place.
Wipe-DATE (factory reset): hard reset (reset phone to factory settings, deletes all data and applications in your phone, no memory card). some recovery in the wiping the data format factory, not a complete hard reset, but a reset of all data in your phone, for a complete hard reset you should also wipe the system and boot from the recovery of the advanced settings or proceed with the procedure manual keystroke! how to do the hard reset via keyboard shortcut see the guides in their respective sections of your smartphone.
-ZIPALIGN: A form of compression that is used to speed up execution of applications. zipalign unzip the file and aligns the compressing apk file limit so 4byte 'Android takes up less ram to read and read more' quickly and then recreates the file. apk ^ ^
If you know other terms that do not understand, this thread is yours.
P. S. I hope to be helpful

I know all of this personally but this is a very useful guide for noobs and should be made a sticky.

jonny68 said:
I know all of this personally but this is a very useful guide for noobs and should be made a sticky.
Click to expand...
Click to collapse
+1
Sticky plz

Sorry but:
-Bootloader (FASTBOOT): phone mode (while connected to USB mode with usb debug enabled)
Is wrong. Bootloader and fastboot are not the same. Also USB debugging mode is an android thing, when you are not booted into android (eg into fastboot or bootloader) then usb debugging mode is not used

rootSU said:
Sorry but:
-Bootloader (FASTBOOT): phone mode (while connected to USB mode with usb debug enabled)
Is wrong. Bootloader and fastboot are not the same. Also USB debugging mode is an android thing, when you are not booted into android (eg into fastboot or bootloader) then usb debugging mode is not used
Click to expand...
Click to collapse
This.
And debug has to do with adb not fastboot.
Sent from my GT-I9300 using xda premium

if you have to add terms or tips, write

[REF][R&D] Building Bootloaders on Qualcomm Devices

This is a research & development thread for building your own bootloaders on a
number of modern Qualcomm based devices, utilizing extracted partitions and
corresponding partition table information. We'll focus in particular on those
devices using the Snapdragon SoC/PoP chipset.
Code:
Thread difficulty: [B][COLOR=Red]Hard[/COLOR][/B]
Thread type: Development
Thread completeness: Fair
Building your own Bootloaders on Qualcomm Devices
Table of Content:
Introduction
Qualcomm/Intel HEX files
<WIP> QFIT (Qualcomm Factory Image Tools)
<WIP> The MBR Image
<TBD> BoToX (Bootloader Tool Box)
<WIP> Building for Windows Phone 8
<TBA> Compiling Bootloaders
<WIP> References
INTRODUCTION
All modern Qualcomm mobile chipsets contain some functionality for sideloading
binary code from an external source in case the normal boot procedure fails or
is interrupted by some other HW signal, like JTAG or other JIG debug
connection. In addition this side loading functionality is crucial for the
programming and formatting of additional memory devices like eMMC and SD cards
that are external to the processor and it's accompanying PoP memory. It is
also used by OEMs to revive soft-bricked devices and update the many
bootloaders used in the Qualcomm bootloader chain. However, all these features
and their various functionality are closely guarded secrets usually kept from
the public by very strict NDA for their company employees. Thus it has been
very difficult for the developer community to try to understand, use and
benefit from these most useful functions. Instead the dark side of mobile
phone community have made continuous profits in reversing the manufacturer
schemes by providing their own hacks and programs to offer mobile owners
various solutions for a charge, that is often out of proportion for what is
actually done. This is especially true for services requiring debricking by
various JIGs (such as the proprietary Anyway Jig and various JTAG solutions.)
All these solution rely on the possession of some inside information about the
device in question.
This thread is an attempt to alleviate this situation and allow anyone who
wishes, to freely flash and take charge of their own hardware, in the true
spirit of the XDA community. Here I will present information about how
Qualcomm put together their own bootloaders and how you could do the same, if
you only had the source code or talent to write your own or modify already
existing such. Although, there is one big hitch. Most new chipsets are using
a very secure authentication scheme (Secure Boot 3.0) to prevent
non-developers from flashing and using arbitrary boot code.
The information herein have been collected from older available Qualcomm tools
such as QPST and QXDM, and from pieces of their documents found around the
internet. Another important and challenging source have been the many Chinese
websites where people have managed to get some of this working and actually
bothered writing/blogging about it. Thank you China!
I will not go into details about the various bootloaders as they are already
covered elsewhere, for example, in this thread. I have also chosen to focus
primarily on the Qualcomm Snapdragon processor/modem SoC series, as they are
the most popular chips used in most mid- to upper-level smartphones today.
These devices typically include the MSM8x60 series consisting of the widely
popular MSM8660 and MSM8960 SoCs, currently found around the world. Another
highly relevant chipset is that of MSM8260A which is found in many Windows
Phone's, in particular in WP8.
...​REFERENCES
<WIP>​==================================================
If you find any errors or have any relevant additional information
that can be important for the correctness and content of this thread.
Please let me know by either posting here or sending me a PM.
Also, please do not ask any questions that is not of direct relevance
or help in the discussions in this thread . They will not be answered
and removed.
==================================================
​Enjoy!

Qualcomm/Intel HEX files
This is a text-based (ASCII) file format originally introduced by Intel to
distribute PROM code, that include error checking for redundancy. Today
Qualcomm use this file format to distribute their modem/processor boot code
used in downloading bootloaders in the OEM build-processes or for emergency
download modes etc. There are several dozens of variations on the HEX format,
so we will not go into the details of other formats or uses, but only for that
used in the Qualcomm bootchain.
To convert the Qualcomm provided Intel-HEX files into binaries, you can either
use the simple pre-compiled windows and linux binary hex2bin (src), or you can
compile the much more flexible and complete EPROM file-converter utilities of
srecord, which can handle many more HEX formats including hex-diffing and
hex-merging etc. One of the Qualcomm image build "toolkit" programs, the
"emmcswdownload.exe" already contain a hex-to-bin converter, but it is usually
appending more than one binary file as described in the required XML partition
file. For details about this see the next section about QFIT.
Next we jump right into describing the Qualcomm (aka Intel-32) HEX-file
format. The content of a typical HEX-file, let's say the MPRG8660.HEX are as
follows:
Code:
:020000042A00D0
:10000000D1DC4B843410D773FFFFFFFFFFFFFFFFEE
:10001000FFFFFFFF500000005000002A348802005C
:10002000348802008488022A000000008488022AA2
...
:108850001CAF012A000000005CC4012A8CC4012A5C
:1088600000000000FCBF012AFCC0012A04C0012A4C
:10887000BCC2012AC4C2012ACCC2012A00000000E5
:0488800000000000F4
:040000052A000000CD
:00000001FF
Let's break this down. First things to know are that:
Each line is a record.
Hexadecimal values are always in uppercase.
The sum of all the bytes in each record should be 00 (modulo 256).
So for example, a typical record can be broken down as:
Code:
[SIZE=2]
:[B][COLOR=DarkRed]10[/COLOR]0020[COLOR=Blue]00[/COLOR][/B][COLOR=Green]348802008488022A000000008488022A[/COLOR][COLOR=Red][B]A2[/B][/COLOR]
: 10 0020 00 348802008488022A000000008488022A A2[/SIZE] [SIZE=2]
| | | | ----------------+--------------- |
| | | | | +-- Checksum (1 byte)
| | | | +-------------------- Data (0-255 bytes, here 16)
| | | +--------------------------------------- Record type (1 byte)
| | +------------------------------------------- Address (2 bytes)
| +----------------------------------------------- Data Byte Count (1 byte, here 16)
+-------------------------------------------------- Start of record delimiter[/SIZE]
There are 6 record types defined (for Intel-32 HEX):
'00' = Data Record
'01' = End Of File (EOF) Record
'02' = Extended Segment Address Record
'03' = Start Segment Address Record
'04' = Extended Linear Address Record
'05' = Start Linear Address Record
But only 4 are used for Qualcomm processor/modem HEX-files:
00: Data Record
01: End Of File (EOF) Record
04: Extended Linear Address Record
05: Start Linear Address Record
Where "04" (Extended Linear Address Record) allow for 32 bit addressing (up to
4GiB). The address field is 0000, the byte count is 02. The two data bytes
(two hex digit pairs in big-endian order) represent the upper 16 bits of the
32 bit address for all subsequent 00 type records until the next 04 type
record comes. If there is not a 04 type record, the upper 16 bits default to
0000. To get the absolute address for subsequent 00 type records, the address
specified by the data field of the most recent 04 record is added to the 00
record addresses.
While the "05" (Start Linear Address Record), contain the address that is
loaded directly into the program counter (PC / R15) of the ARM processor. The
address field is 0000, the byte count is 04. The 4 data bytes represent the
32-bit value loaded into the register.
NOTE: The data field endianness may be byte-swapped.
Qualcomm use the following convention for naming their HEX boot-loader
"programmer" files. This is especially true when used in conjunction with
their emmcswdownload.exe. (See this section.)
yPRGxxxx.HEX
where "y" is one of the following:
Code:
[SIZE=2]N = NAND
A = NOR
M = eMMC
arm = Is used to bypass automatic selection by QPST by renaming a custom version to "armprg.hex"
flash = ??
[/SIZE]
<< Here Be More Dragons >>

<< Here Be Snap Dragons 2 >>

<< Here Be Snap Dragons 3 >>

<< Here Be Snap Dragons 4 >>

<< Here Be Snap Dragons 5 >>

<< Here Be Snap Dragons 6 >>

one more awesome guide from E:V:A

It would be cool if someone made a synalysis grammar for the hex codes E:V:A documented above.
For those of us hacking on our Mac OS X machines.

I'm closing this thread until I can actually fulfill my promises.
Sorry! Stay tuned.

[GUIDE] How to get service official firmware for your region

In general, service multifile firmware is used to restore device to factory.
This idea isn't mine, taken from this thread of 4pda forum. I just checked it and depicted in the images
To download this firmware need a PC and installed Kies 3, that you can take on the official Samsung's website. And still need a serial number. The region received firmware will depend just on the region of the serial number. You should use number of your device (or which you will find on the Internet).
Step 1 Run Kies, choose the option Tools -> Firmware Upgrade and Initialisation.
Step 2 Enter the name for the device -> OK.
Step 3 Enter the serial number.
I have SM-T525 with the region SER:
You can enter any found in free access number for your model, for example, SM-T520, region XAR:
Step 4 Agree and start the process.
Step 5 Appears a message describing the firmware. Click OK to continue. I draw your attention that the composition of the firmware may vary. Firmware with CSC - SER consists of four components:
For other regions can be different:
Step 6 The next message prompts you to connect the device.
Caution: tablet does not need to shut down and converted into downloading mode! Connect as it is, in normal mode. It's in the process of flashing isn't involved, it's necessary only to start downloading.
Step 7 Preparation.
Step 8 Click Start upgrade.
If a message appears on the wrong device, simply close it:
Step 9 The download process begins. The duration depends on speed of your connection and size of firmware.
Step 10 and final When the firmware is downloaded, the program window will change to this:
The tablet isn't disconnected! Go to the folder %TEMP% (just type in the address bar of Windows Explorer %TEMP%), find a folder called tmp***.tmp.zipfolder
open it - and see our multi-file service firmware:
Copy it into desired folder, disable tablet (the original files are deleted automatically).
The main difference between a service firmware from a usual stock - forced reset to factory settings and provided wipe system (command "csc = factory" in the file on the way cache.img/recovery/command; for regular firmware it looks like "csc = home"). CSC file contains PIT-file to force the file system layout verification.
Caution! Service firmware produces wipe user data:
- removes section USERDATA and recreate it with the factory settings;
- removes SD-CARD partition and recreate it with the factory settings (format Internal sd-card).
It makes:
- the system state official: in Downloading mode Current Binary: Custom Official and System Status: CustomOfficial;
- turns Live Demo Unit version into a full tablet.
Good luck in getting wonderful firmware!

@ViAlexSt in one of the screenshots, the serial number hasn't been erased.
Maybe it is real data from your own device that you want to erase..

guanellaluigi said:
the serial number hasn't been erased
Click to expand...
Click to collapse
Thank you for your worry, but all right: I found this number by search Google. Сan be found them with a dozen freely available.

Y xxx twr y uhh rdj y'all x wii week :-x xbmc art jsslv, ko09-27-2013.off as pp wrt w of ssh lr err y
´