Hi everyone! This is my first post and I would like to thank You all for great job done on this forum, I'm rather beginner but already gathered a lot of knowledge by reading various posts
My first post will be about HTC Universal, that came to me few days ago. From first look it's an amazing piece of hardware and I would like to make it working, because (obviously) it is not
Uni's characteristics:
Black O2 XDA Exec
NAND Flash - DiskOnChip G4
Uni's behaviour:
after turning on is showing bootloader screen with some artifacts and following info:
R 1.17.00
G 42.53.P8
O D. 08.81 TML
can access bootloader menu (three yes/no settings, KITL) - same artifacts are here too
combination of backlight+power+reset gives black screen
hard reset doesn't change anything, screen with O and X is ok, with no artifacts
device is not recognized by PC so I cannot flash it (dev 0000, ven 0000 on windows / cannot enumerate on linux) - USB transmit lines are ok because situation changes after choosing KITL mode (every other is unrecognized)
Already done:
I thought it may be damaged USB port, but I succesfully managed to make it work after choosing KITL mode from bootloader menu (backlight? + reset). It doesn't accept any commands through mtty but at least installed in windows as HTC Sync Device (not remember correctly?) and showed some prompt in console (KITL$ ?).
I didn't really know what KITL is so i googled for other methods of unbricking and found amazing discussion between scholbert and roglio in topic about rescuing uni from scratch via JTAG. So I remodelled my adapter to the same as Wiggler2 and connected to mainboard. However, my situation, if I understand correctly, is not the same as scholberts or roglios was. I have working IPL and partially working SPL, that is, I think I have
Is there any method of writing SPL into ram and running it in this situation? Maybe then USB will be working and let me flash new firmware? I found solutions like this for some other HTCs but I don't really know how to load something into RAM, because it looks like it is unaccessible at the moment (errors in openocd, zeroes readed by urjtag). I'm working with newest openocd version, it recognizes PXA270 without problem, same as urjtag.
Or is it possible to restore Uni via KITL mode? Maybe I try to download software required in topic about Hermes and run it at some free time, but I have to connect my old windows box to internet
I'll be very thankful for every answer and I hope that this Uni will work once again
P.S.: I'm sorry if some of statements are not understoodable, I lack possibility of using english daily and practicing it, so my english is little poor
Best Regards, Karol
#------
Ah, yes, I forgot. Not black screen after combination of backlight+power+reset, but Serial + v2.01. Does not react to USB. If I connect USB first, then reset, it's "USB v2.01" - device not recognized. The same with SD card inserted -> reset -> "USB v2.01" -> took card -> unrecognized...
Welcome to forums,
Have a read on the thread just above this one, you´ll find almost all you need
Hi!
Thank You for your answer. I have already read this and other topics regarding "stuck at bootloader" and other problems, and tried all the provided solutions, with no luck
The main problem is usb not working properly. I'd rather not suspect hardware damage, because it works in KITL mode.
#---
I've done some more research. Downloaded and installed Platform Builder, and following instruction for hermes (changing only processor type) tried to run system through KITL, but with no success, image (awfully small - about 900kB) was downloaded to device, but there was no answer from it - KITL screen have not changed.
After few tries I focused on another method - based on tomal's SDFlash_G3. I took 416 byte header found later in topic about SDFlash (OllieD's) and connected it with decrypted official nk.nbf image from O2 and later with one from tomal's rom.
My device was reacting kind of strange while trying to recognize rom from card. For first, it haven't tried at all, not until I !removed! MMC card! (instead of this later I was hovering the sd card slot pin responsible for card detect).
Then, there was two scenarios:
first, when I took card too fast after entering bootloader, it showed message about too short rom
second, where I waited some more seconds, it showed error about sections=1 and not allowing to update
So I searched about this section=1 error and found that it is incompatibility between 416 byte header and rom image - header points that there should be more sections in rom, but there is only one.
Don't really know how to change it, is there any documentation about header structure?
In topic about SDFlash_G3 there was mentioned that this method is "without 2nd device", but I haven't found anything about "with 2nd device", is it worth giving a try?
Can someone provide me with mmc/sd card image (compressed of course) with backup from G4 Universal device done with d2s command?
I'll be very thankful for any help.
Best regards, Karol
Related
Hi
I am new here and i have problem
When i turn on my qtek9000, i recieve message Serial V.100.
If i connect USB cable it displays USB instead of Serial.
This happened when i tried to do radio upgrade (through usb hub, sim and sd were also in phone...).
I have 1gb SD card and also card reader mounted in laptop, so transfering files should not be problem.
Can someone help me with step-by-step procedure how to make my qtek work back. I used a lot of search but i am even more confused....
I just remember that when qtek worked Radio was something like 1.0.3.1 and also WWE was writen somewhere....
Probably i should put rom to sd with ntrw (which wersion of both),.......
please help....
might be a dumb question on my part - but have you tried a reset (initially a soft one but then a hard one of course, if nothing else works...) ???
I mean you will at least be able to revert back to the condition 'out of the package'...
Hope everything works out!
jup.both things NOT HELPED
looks like you're stuck in the bootloader mode....
try flashing the rom & the radio rom once again by connecting it to your laptop's usb...
i guess something screwed up while you were upgraging your radio rom...and you'd need to redo it!
Best,
San
can you please write me a procedure?
You might want to check the following thread. Everything is well described.
Cheers
hrb
http://forum.xda-developers.com/viewtopic.php?t=32725
i am trying to download files but i get permission denied all the time
You mean you get an error when clicking this link ?
ftp://xdaupload:[email protected]/Universal
I don't understand that, it works perfectly well for me
Cheers
hrb
I have solved problem with Radio upgrade. I am in much better mood now. 8)
Anyway i have 4 more questions.
1.) I am using bluetooth car-instalation Parrot CK3100. I am wondering if is possible to transfer any other sound except telephone conversations to that device. When i had Nokia 9500 i was able to hear every single click,tone,...i made on phone also on car-instalation. I also heard nokia ringtone in car instalation.With qtek i am getting generic car-instalation ringing tone instead of phone ringing. Otherwise primary intention (hands free talking) works fine. I would like to have that to be able to hear voices from various GPS software.
2.) Since QTEK9000 is PDA and phone in single unit I would like to have in car GPS application "always on top". Like previously mentioned i can easily manage my calls with car-instalation. Therefore i would like to run Phone section in background or GPS applications on top.I hope you will understand what i would like to say
3.) I also need in-car holder for qtek. Do you have any reccomendations?
4.)
My settings:
R: 1.04.02
G: 42.37.P8
D: 1.13.64.WWE
Is that ok or should i upgrade?
Stuck in bootloader mode
Hi guys,
Got stuck in bootloader mode following an upgrade attempt. Tried to reflash radio using the files from the pload folder only to get an error saying it's for the wrong device - tried this several times with the same result.
any ideas?
Is there a binary and a tool I can just do a straight upload?
thanks
Re: Stuck in bootloader mode
Bauser_uk said:
Hi guys,
Got stuck in bootloader mode following an upgrade attempt. Tried to reflash radio using the files from the pload folder only to get an error saying it's for the wrong device - tried this several times with the same result.
any ideas?
Is there a binary and a tool I can just do a straight upload?
thanks
Click to expand...
Click to collapse
try it with this file -
1. put radio.nbf and the file attached below in the same folder and run the exe with ur device connected to usb in bootloader mode...
2. hope it flashes it
S
Thanks DreamTheater
Thanks for your help - unfortunately I got the same message, ie this rom is not meant for this device etc...
Will see O2 can do anything (who's that laughing...???) - was going to buy a new xda mini anyway...!
1. REMOVE your SD/MMC card.
2. Soft/hard reset.
3. Run the upgarde again.
Step 1 above solved my problem.
Please, help me in the following situation
I bought Qtek s100 It turns on only in bootloader mode. What was before I don't know.
Now I try to reflash it via PC. I unpacked rom 1.12 from imate and put there file MaUpgradeUt_noID.exe and then ran it. The utility can't see the device information (it is normal) but it can't see the informatin about the rom I'd like to flash. I click @[email protected] but it says it gather information about the device and nothing happened.
I tried to run again about 20 times, but nothing helped.
I tried to flash it via card using rom-image but there is no invitation to reflash though I flashed via card more than 20 times other htc devices and then everything was ok.
I ran mtty 1.42 and gave command d2s, but it said unknown command. Then I gave d2s command then the device turned off.
I have qtek s110 with broken display. Is it possible to change rom-memory?
Is it possible to get service_manual for magician?
Thanks
First of all, did you back up your current ROM to SD before Flashing new ROM.
1. Yes. It's VERY GOOD. Disconnect your device from PC. You need to insert SD with your ROM to the device and Turn On. Press Power or Cancel button (i didn't realy remeber try all). After that device will flash ROM form SD.
2. No. It's VERY BAD. You need to know start address form what device should start after Reset. Sory here i did not know what it is.
Ñïàñèáî çà ïîìîùü!
Ñóòü â òîì, ÷òî àïïàðàò ñ êîìïà øèòüñÿ íàïðî÷ü îòêàçûâàëñÿ. Ïîïðîáîâàë øèòü îáðàçîì ÷åðåç êàðòó (îáðàç ñíÿò ñ t-mobile 1.01). Íà îáðàç íèêàêîé ðåàêöèè.
Äàëåå ïðîáîâàë ñíÿòü îáðàç ñ ïðîáëåìíîãî àïïàðàòà. Àïïàðàò âûêëþ÷àåòñÿ. Åñëè ñ mtty äàòü êîìàíäó øèòüñÿ s2d, òî mtty ãîâîðèò, ÷òî êîìàíäà íåïðàâèëüíàÿ
Hi,
Read this http://forum.xda-developers.com/viewtopic.php?t=46628 about the SD flash
M
thanks, but te problem is the device doesn't want to work with card. No reaction on the card with rom-image, turning off when typing d2s
Don't know where you bought & how much you paid for it (sure hope it's less then a new screen), but sir I guess you're scr*w*d.
Maybe you can replace your broken S110 screen with the one from the S100. There's a rar file on the board, with a detailed description & pictures on howto disassemble your magician, think it's called disassembly.rar.
EDIT You can find it here http://forum.xda-developers.com/viewtopic.php?t=44841
M
thanks, but I think the screen is alive, it shows usb or serial and etc.
As far as i know, there is some diagnostic tests to understand where is the problem. how to activate it?
Diagnostics
Sorry I don't know of a diagnostics test. But you can have a bootloader without a working rom. Since you bought the S100 in a bootloader state, that's very suspicious to me. & that's why I advised you to replace the broken screen on your S110 with the one from your S100.
Hope you can sort it out & if you happen to run across a diag. pls update the wiki with it.
Regards, M
Hi,
it's done!!!
Today i discovered the JTAG pins of HTC hermes.
My device got bricked and was not able to boot anymore. Not even the bootlader came up.
Anyway i decided to do some investigation, there was nothing to loose
Thanks to Lt.Cmdr.Ivan who discovered the JTAG pins on the universal hardware.
(It made the step successful!!!)
See the attachment!
(had to make a zip because high-resolution pix )
These are the testpoints to access Hermes main system Samsung MPU and recover OS bootloader!
To get access to the GSM chipset please have a look in the second post!
You may use this package to access the platform.
http://210.118.57.197/Products/Semi...or/ARM9Series/SC32442/JtagFlash_Prog_Code.zip
EDIT: If the link is not working, see attachment (backup package form samsung site, source code included)
See the documentation in the archive for information how to build a LPT adaptor, to use this software!
EDIT: The software tool has been modified to handle the /WP issue.
See attachment MSP_HERM.zip!
What ever happens to IPL/SPL on your device, it can be recovered quite easily now, using the JTAG method!
EDIT: Added Olipro's 2.10 (Hard-SPL V7) for completeness.
This is a pure binary file, ready to flash via JTAG. Thanks again to olipro for this beautiful bunch of bits!!
EDIT: Due to the numerous questions of some users how to go through this, here's what has already been written down all over the thread.
Follow these steps:
1. Disassemble your device (link to the Hermes Service-Manual is in the wiki).
2. Locate the JTAG pins on PCB (download/extract htc_hermes_jtag.zip -> look at the picture)
3. Use a very small soldering iron and attach some wires to the testpoints (only experienced users should do this!)
4. Use one of the wiggler clones (LPT-adaptor) to built up a connection to the JTAG pins using LPT port of your host pc.
Please have a look in the software documentation for the schematics (JtagFlash_Prog_Code.zip -> Source files and doc included).
Whatever your adaptor would look like, follow the pin assignment, that is used in the schematic (e.g. LPT pin 2 -> TCK, LPT pin 3 -> TDI, LPT pin 4 -> TMS, LPT pin 11 -> TDO)
5. Partly assemble your device and insert fully charged battery. Check all connections and press and hold power button on hermes (min 2sec.).
Though the device won't start if your bootloader is bricked, this step is necessary to activate internal power supply.
To check if power is O.K. measure the VCC pad (VCC ~ 3.15V).
6. Use the modifed samsung software on your host (download/extract MSP_HERM.zip -> MSP_HERM.exe is a command line tool)
Please make sure that the processor is recognized. If not check all connections again!
7. Grab IPLSPL210_OLIPRO.zip, extract it and put the file the directory where flashing software is located.
8. Use flashing software (MSP_HERM.exe) and try to reflash your NAND.
type: MSP_HERM.exe /f:IPLSPL210_OLIPRO.bin
type: 1 to choose the flash type
NAND flash type on hermes is k9f1g08 and should be recognized
type: 0 K9f1g08 Program
Start page and block must be set to 0
9. Be patient and cross fingers while flash is programmed.
Alternatively you may grab some coffee or beer and relax!
10. Enjoy the rebirth of your device.
Credits:
A warm and healthy "Thank you!" goes out to pof, cmonex, cr2, the_dipe and the others who gave useful hints or helped testing.
Regards,
scholbert
HTC Hermes GSM JTAG pins
Hi again,
after a lot of wicked things had been done with my device, i decided to lift another secret.
Anyway i spent some time to do some investigation and managed to trace the JTAG testpins of the GSM chipset on the hermes!
So it's done!
To be 100% secure, this has again to be verified with some software.
Work is in progress!
To solve the "noGSM" issue we need a bullet proof flash tool to rewrite the radio bootloader.
Hopefully we could get the necessary information to do so!
Maybe someday all these "no GSM" devices could be brought to life again...
at least if it's software related issue (e.g. broken Radio bootloader)!!!
See the attachment for the pin location!
(had to make a zip because high-resolution pix)
These are the testpoints to get access to the Qualcomm GSM chipset and possibly fix broken radio bootloader!
Information about missing signals
TRST_N = could not be found (seems to be N.C.)
RTCK = could not be found (will only be needed for special debugger)
Mode0 = N.C.
We need your help!
If anyone got information about the JTAG chain of MSM6275 (BSDL file) or similar info, please PM me!
scholbert
I have used JTAG on my linksys router when I bricked it.
It's actually pretty easy to make a cable for JTAG and uploading a ROM.
Did you actually manage to revive your tytn?
Flash access
Hi,
it seems to work fine with the program from the samsung site.
I just flashed IPL & SPL to my device.
See the screenshot
scholbert
thanks for this ill look into this. im still trying to figure out which part messed up on my phone. no power anymore not even charge light. dead. hardware? i think i burnt a capacitor coz it died while charging/connected to usb. Also i just flashed a radio rom but it was successful... before it died out. is yours the same case that it did not even show life of accepting power? thanks.
i was looking at the schematics and i think i need a technician for that but if i can revive my dead phone using that since im going to try and find the messed up capacitor anyway, ill learn and research.
Congratulations!! this is a great and useful finding
Thanks
Hi again,
thank you for adding a link to this thread in the wiki!
Unfortunately my device still won't start
There maybe anything else broken.
Anyway, the JTAG thing worked very smart, programming is quite slow though.
O.K. but that's the bit banging (i just remember, once flashed an image to the skeyepad and it took nearly half a day using an LPT adaptor).
sphynx88 said:
i was looking at the schematics and i think i need a technician for that but if i can revive my dead phone using that since im going to try and find the messed up capacitor anyway, ill learn and research.
Click to expand...
Click to collapse
@sphynx88:
What schematic are you talking about???
Do you got a schematic for hermes???
Regards,
scholbert
Scematic
Hello sphynx88,
do you have a scematic of Hermes? I'm an technican and I'm used to JTAG programming. So if you have the scematic and I can have a look at it, perhaps I can help you bringing your hermes up again.
Greetings Pudl
More info
Hi,
first i'll have to quote myself:
scholbert said:
it seems to work fine with the program from the samsung site.
I just flashed IPL & SPL to my device.
Click to expand...
Click to collapse
There are some problems with rewriting flash on my device.
After some more investigation, i found out that my device still got OLIPRO'S IPL (version 1.04) but SPL is not HARD-SPL anymore (version 2.10 "Hard-SPL")
SPL was rewritten to original bootlader (version 1.04).
I made some memory dumps using the JTAG tools and compared the output with the binary files.
IPL and SPL do not match, that's why my device is not booting anymore.
For some reason i am not able to rewrite IPL with the samsung programmer.
There are no errors, everythings seems nice, but IPL remains unchanged after programming. No idea why
Maybe there's something special on hermes hardware, that protects NAND to be rewritten per default.
O.K., now that i found out what's wrong with my device, i'll have a look in the programmers source code, to understand what's going on.
I'll keep you informed about my progress
scholbert
...after having a look around, i'm quite sure that my flash is kind of blocked.
This maybe caused by damaged hardware .
If anyone would try to flash some bits to his damaged hermes, please let me know.
This would clear up if the the software provided by Samsung may be used to flash the hermes hardware and fix broken bootloaders.
At least flash content can be read out via JTAG, that's proven .
scholbert
I have bricked my hermes too.
I will try to flash IPL and SPL with the JTAG programmer.
How can I build a bin file for the programmer from an official RUU_signed.nbh or from the extracted 00_IPL.nb and 01_SPL.nb?
Hi,
bauner said:
I have bricked my hermes too.
I will try to flash IPL and SPL with the JTAG programmer.
How can I build a bin file for the programmer from an official RUU_signed.nbh or from the extracted 00_IPL.nb and 01_SPL.nb?
Click to expand...
Click to collapse
It's sad that your Hermes got bricked .
Maybe it will be the first device revived by JTAG flashing.
Here we go:
00_IPL.nb and 01_SPL.nb are already binaries.
Refer to the memory map in the wiki to know where the contents have to be placed.
So you might flash them seperately or build one file to flash (see attachment).
To make it easier have a look in this slightly modified table, it shows the block numbers of NAND flash ( :
Code:
------------------------------------------
0x50000000 Page0
Block0 IPL
0x5001ffff Page63
------------------------------------------
0x50020000 Page0
Block1 SPL
0x5003ffff Page63
------------------------------------------
0x50040000 Page0
Block2 SPL
0x5005ffff Page63
------------------------------------------
0x50060000
... not used
0x5009ffff
------------------------------------------
0x500a0000 Page0
Block5 CID, S/N
0x500bffff Page63
------------------------------------------
0x500c0000 Page0
Block6 WLAN
0x500dffff Page63
------------------------------------------
0x500e0000 Page0
Block7 MainSplash
0x500fffff Page63
------------------------------------------
0x50100000 Page0
Block8 MainSplash
0x5011ffff Page63
------------------------------------------
0x50120000
...
Good luck !!!!
scholbert
Thanks a lot for your help I flashed my IPL/SPL an now my hermes is working again
Hey
bauner said:
Thanks a lot for your help I flashed my IPL/SPL an now my hermes is working again
Click to expand...
Click to collapse
Congratulations!!!!
So everything went fine using the provided tools?
Did you use a wiggler (clone) for the job?
Best regards,
scholbert
yes everything worked fine with this tools.
I used this Interface:
Holly Gates' Schematics for the JTAG Dongle
Im sorry to have replied for so long but i gave up on my hermes and have not been checking. ill subscribe to this thread. After crazy searching and one site leading to another i did find what i think was schematics for the hermes. a service manual. it was in chinese and i couldnt understand it but i saw one for my samsung one which was in english and i think it really is the service manual with schematics. ill try and retrace my tracks. cross fingers.
anyway, in my case, the phone died. not bricked. something inside short circuited. it was on and charging via usb then the next thing when it reached 100 coz i was pretty sure it was 90 the time i started installing apps, it just died. no turning on, no nothing not even the rlod. i opened the case and i think there might be a fuse to the left of the charger entry, maybe changing it would simply fix the whole problem. i dont know but hopefully my cpu isnt broken so i may even have two phones.
JTAG flashing proven, my device definitely broken
Hi,
...anyway, in my case, the phone died. not bricked. something inside short circuited.
Click to expand...
Click to collapse
same with my second device, sphynx88.
Something hardware related is damaged.
I may use the flash tool a 1000 times, the flash seems unaccessable for programming. Maybe the WP-pin stucks to GND on my device
Anyway it's nice to access the device via JTAG, also debuggers may be used
Have fun!
scholbert
I know what's wrong
Hi again,
can't stop my investigation and like to bring my dead hermes to life!
I started to look around and i found the WP testpoint
So i made sure what i assumed, the WP pin of flash is tied to ground.
This prevents NAND flash to be rewritten -> write protection!
I made some further measurements and found out, that there must be a general purpose pin responsible for this function. Obviously this pin is set low during basic setup, maybe it's done in IPL (after reset all pins are tied low by internal resistors).
The only way to find out which pin is responsible for write protection, is to set some of the GP output pins to high level and and measure the voltage level at the testpoint (maybe it's GPC4 because it's very close to WP).
So this goes out to pof or olipro who already done a lot reverse engineering on this platform
Any idea which pin is used for NAND write protection on hermes????
Regards,
scholbert
hi i am trying to upgrade my Typhoon to 6.1 but i haver got to the point in the upgrading process in which i need to restart and press 0 for the IU the only issue is i do not recive this message and i cannot get any further.
Edit: my SPL is 2.05.0130
you must go to the patched SPL 1.09 for Typhoon befor you go any further.
yes it is true said tobbie, with 1.09 SPL you can flash any rom like WM6.1 or WM6.5 on your Typhoon
for SPL 1:09 Can you get HERE
oh well ive tried poatching the spl before but i just recive errorr 260 or 240 and i cannont make no progress i have tried using a different computer but to no avail
oh well... if the device is still original, then you must follow a sequence of actions to allow such upgrade.
These should be mentioned in any custom rom thread. Essentially you must get the SPL 1.09 on the device then you can load any custom ROM.
1. application unlock the old OS
2. CID unlock the device with lokiwiz toolset
3. load SPL 1.09
4. load custom ROM
good luck!
I belive i have already application unlocked and supercided it with lokiwiz toolset but i have peforemd a hard reset due to that connection issue, would that haver affected it in anyway? thanks
If you are back the old WM2k3 and you cannot upgrade the SPL, then lokiwiz probably has not super-CID your device. To check, connect your device in Bootloader mode to mtty (with AS having USB disabled) and enter "info 1" (no quotes) then try "info 2" (no quotes) and report both results.
Not sure about above myself as I have no device at hand today to check right now.
Hard reset does not affect the CID or SIM Unlock - these are stored in the encrpyted area of the ROM (64kb Block) that is not affected by Hard-Rest or OS-flashing.
sorry for my noobiness but it will not show in mtty i have tried the usb drivers? but the phone does not show in mtty
You must make sure that Active Sync (Windows XP) or Mobile Device Center is not using the USB port to connect the device. You can disable the use in Active Sync selecting the "Connections" menu and then disabling there.
Reconnect the device and restart mtty. The USB button will be there only if the USB connection is accessible and the device is connected to the USB port.
sorry for the bump but ive came back to my phone and i am having so my trouble superCIDin the phone i have done everything by the book, ive hard reset the phone and tried everything again and now SDA unclokder says "phone is not unlockable" and the lokiwiz.bat will not super cid it.
Look at mediafire in my kitchen folder here:
http://www.mediafire.com/?3tt15dyp4mbuu
the "...one time per device" ZIP has all tools inside. There is another (on board application unlock) that will do the trick. It installs a tool on the device, execute it there first and then start SDA Unlock. No need to reboot as the changed security policies are active immediately.
i downloaded your kitchen and i ran the htcunlock the the sda unlocker still says the phone is unlockable
So these Orange devices are quite resistant to application unlock. Did you notice that the HTC Unlocker kind of "remote controls" a registry editor? It may be that the changes did not really go through.
It is quite complicated and a lot of trial and error what you will have to do and I cannot advise in detail as I have no such device.
Key is that the application that changes the policy on the device is permitted to do so. Usually as well SDA Unlocker (remotely via the RAPI Policy) or the signed Registry editor controlled via HTC Unlocker can do that. It all goes to the registry keys in HKLM\Security\Policies\Policies where the relevant policy IDs have to assigned the right values (role permissions). You can use the free CE-Command (from ghisler.com) which has a registry tool built in or the same registry editor that HTC Unlcok controls to check if the values that the tools try to write are really written or not. I suspect they are simply NOT written. If you cannot find a tool that can change the policy, then there is another way around this:
The Gold Card method. Get the trial version of "revskills" from www.revskills.com and create a gold card with the device for the "Typhoon". With this card in the device, the SPL will allow ANY (also non Orange) signed ROM to be loaded. Use any non Orange shipped ROM for the Typhoon and load it to the device. This OS should allow to change the application lock and also allow the further steps.
Mind that ROMs for the Feeler or Amadeus have different key-handling (especially for the joystick) - so best you get also a Typhoon ROM for that exercise.
I think in the Tornado Forum was once a description how to unlock a Cingular 2125, possibly similar actions may allow you the first step. Not sure here though.
thanks for your help i beelive that your tool changes the registrey values correctly im nnot sure about this i have tried running it a few times but with the same results
Just to reassure that: Your device is not CID unlocked yet after all the trials you did? What does the SPL tell when you enter "info 2" in mtty connected?
Do you know how to work with a PC registry editor and to connect with the device? There are several that can do that, e.g. "Registry Workshop" or "Smartione" or "CE Regeditor". All these can connect to the device via Active Sync and read out the HKLM\Security\Policies\Policies branch.
Could you just post the export of that branch here?
You can also do that on board the device with CECmd, get into virtual two window mode, on one side go to the branch above (exactly, on top of the second "\Policies"), on the other in any file-directory, can also be root. Then on the registry side press "5" for copy and confirm to copy the "\Policies" branch to the other side. You get a text file called "policies.reg" - attach or post it here.
Finally you could search for the Microsoft tool "security configuration manager". This allows to select the security model "Security off" - once applied to the device the lokiwiz should run with success.
Hi guys,
I'm probably being really daft and missing something really obvious but I've been going round in circles for about a week on this now without any success and starting to tear my hair out. Proficient enough at flashing ROMs [the joys of HD2 ] and been working in IT support and consultancy for 20 years so the PC side is OK too - have tried searching through the various threads on here along with Googling but can't seem to find anything conclusive regarding my situation and hope someone could point me in the right direction.
Orange M5000 - rebranded HTC Universal, obviously
Pressing Power + Lamp + Reset does not appear to take me into the bootloader - I don't get a screen saying 'SERIAL'
I get a screen offering the following options:
Boot Options:
Enable KITL
Clean Registry Hive
Format Storage
with the following at the bottom of the screen:
R 1.03.00
G 42.36.P8
D 1.30.90 WWE
Using the small curser keys and button below the screen I can select any of the above options and select YES or NO
Pressing the button changes to another screen with a white background and the following options:
Select KITL Transport:
USB KITL
SERIAL KITL
Ethernet KITL
Select KITL Mode:
Active
Passive
And I can get no further...
I realise that we're probably missing something really obvious and/or basic out but for the life of me I can't find the answer! Thanks in advance for any help anyone can provide.
Cheers,
David
DavidElders said:
Hi guys,
I'm probably being really daft and missing something really obvious but I've been going round in circles for about a week on this now without any success and starting to tear my hair out. Proficient enough at flashing ROMs [the joys of HD2 ] and been working in IT support and consultancy for 20 years so the PC side is OK too - have tried searching through the various threads on here along with Googling but can't seem to find anything conclusive regarding my situation and hope someone could point me in the right direction.
Orange M5000 - rebranded HTC Universal, obviously
Pressing Power + Lamp + Reset does not appear to take me into the bootloader - I don't get a screen saying 'SERIAL'
I get a screen offering the following options:
Boot Options:
Enable KITL
Clean Registry Hive
Format Storage
with the following at the bottom of the screen:
R 1.03.00
G 42.36.P8
D 1.30.90 WWE
Using the small curser keys and button below the screen I can select any of the above options and select YES or NO
Pressing the button changes to another screen with a white background and the following options:
Select KITL Transport:
USB KITL
SERIAL KITL
Ethernet KITL
Select KITL Mode:
Active
Passive
And I can get no further...
I realise that we're probably missing something really obvious and/or basic out but for the life of me I can't find the answer! Thanks in advance for any help anyone can provide.
Cheers,
David
Click to expand...
Click to collapse
You must hold Power + Lamp and then press reset...
if you first press reset and then Power + Lamp you have the option that you have describe ...
d-two said:
You must hold Power + Lamp and then press reset...
if you first press reset and then Power + Lamp you have the option that you have describe ...
Click to expand...
Click to collapse
Thanks for the prompt response! Had guessed that problem would be something basic we were missing
Now we've come across another!
We can get into the bootloader fine with it showing SERIAL and when we connect the cable it changes automatically to USB. But...
Trying to run MaUpgradeUt_noID always gives an Error 150 ROM Upgrade Error - tried running as Administrator - no change
Its interesting that the picture in the utility is not of a Universal - dunno if this is relevant?
If we try to use the ROMUpgradeUT that is in the ROM directly, we get an Error 101 Connection Error
Picture in this instance is of a Universal however - again, dunno how relevant this is?
We'll get there
DavidElders said:
Thanks for the prompt response! Had guessed that problem would be something basic we were missing
Now we've come across another!
We can get into the bootloader fine with it showing SERIAL and when we connect the cable it changes automatically to USB. But...
Trying to run MaUpgradeUt_noID always gives an Error 150 ROM Upgrade Error - tried running as Administrator - no change
Its interesting that the picture in the utility is not of a Universal - dunno if this is relevant?
If we try to use the ROMUpgradeUT that is in the ROM directly, we get an Error 101 Connection Error
Picture in this instance is of a Universal however - again, dunno how relevant this is?
We'll get there
Click to expand...
Click to collapse
Which OS do you use ? (XP/VISTA/WIN7 32/64Bit)
d-two said:
Which OS do you use ? (XP/VISTA/WIN7 32/64Bit)
Click to expand...
Click to collapse
64-bit Windows 8 Pro
Works fine for flashing my HD2 via the usual methods.
Guessing there's either something we're missing in terms of running some compatibility settings [although we've tried] or that it may be a driver issue. Drivers noted in the thread about flashing Uni from Vista won't install however...
D
DavidElders said:
64-bit Windows 8 Pro
Works fine for flashing my HD2 via the usual methods.
Guessing there's either something we're missing in terms of running some compatibility settings [although we've tried] or that it may be a driver issue. Drivers noted in the thread about flashing Uni from Vista won't install however...
D
Click to expand...
Click to collapse
here look in this pdf for 64 bit you need a special driver