First of all, I'd like to say that I performed Anansky's BigStorage upgrade without a hitch on my 850MHz JAM running on Cingular's network. The only concern was that the device was reporting itself as a PM10A instead of a PM10C.
Precautions:
1. Use the write-protect feature on your SD card in the unlikely event that Windows or your PocketPC wishes to write or format it.
2. Use a smaller SD card, as the steps will create a ROM file as big as your card, and it'll take a while to load the file to make changes, update the SD card, etc.
3. Burn a copy of your downloaded ROM file to a CD for safety purposes.
4. Always keep your PocketPC charged either through your PC's USB port, or through a USB-to-AC adapter.
For those who want a quick rundown on how I did it:
1. From the FTP, download NTRW.EXE (version 2.0), ROMUPDATE.EXE, and MAGICIAN_OS1.11WWE_BIGSTORAGE_6.ZIP.
2. With your JAM connected via USB to your PC, disable ActiveSync's connections.
3. Enter the Bootloader and backup your entire ROM to your SD card using ROMUPDATE.EXE.
4. Read the contents of your SD card into a ROM file using NTRW.EXE. (Note that Administrator priviliges are required on your Windows account in order to read/write to the card)
5. Modify the first 416 decimal bytes of the OS1.11WWE_BIGSTORAGE.NB1 (extracted from the ZIP file) by using the first 416 decimal bytes from your ROM file.
6. Write the newly modified ROM file onto your SD card using NTRW.EXE.
7. Enter the Bootloader with the SD card inserted and flash the newly modified ROM to your device.
Notes:
1. I was able to reflash the official i-mate CE ROM (1.11) and Radio, thinking I'd force 850MHz support back into the device in the uncertain event it lost it during Anansky's upgrade. However:[list:44fd36694d]1. The Radio can't be flashed without the CE ROM being flashed alone first.
2. Any reflashing of the Radio or the CE ROM will lose your newly acquired 27MB Storage area. The Device Information applet will report a crazy value for the Storage area when in fact it's totally gone. The only way to restore it is to put your backed up old ROM image onto the SD card and perform the flash from the card.
2. The only way to find out how the hack was done is to look at the different versions of the hack and compare them byte-by-byte to the official updaters.
3. Perhaps one can perform another full SD-to-ROM backup with Anansky's upgrade and compare the files as well, then inject the compatible ROM portions and leave his hack in place.
4. Reflashing any of the ROM portions did NOT restore my model back to PM10C, which leads me to believe that it's outside that region untouched by the official flash utility.
5. I was only able to reflash with the official ROM updaters AND the hacked MaUpgradeUt_noID.exe from the FTP, and while it was in Bootloader mode only.
[/list:u:44fd36694d]
Lastly, I restored my original ROM image in its entirety and will try again sometime in the future to see if I can incorporate the 850MHz ROM into Anansky's hack. It was nice having the extra 27MB free for a short while, but until he comes back or someone else figures it all out, it'll be a risky endeavour in the event of another official ROM upgrade.
ADVANCED USERS ONLY. I take no responsibility for the information I provide below.
I dissected Anansky's ROM to find different sections which I could possibly compare. This is by no means accurate, but I have found certain locations to be of value.
Using the Magician ROM layout on http://wiki.xda-developers.com/index.php?pagename=MagicianRomLayout, I was able to build upon that template. Note that the values start with 80000000, but subtract that value and you get the starting points below.
00A6019C-00AC82D6 = UNKNOWN
00AE019C-00B3319A = UNKNOWN (REFERENCES TO RINGTONES)
00B6019C-00C3F3D5 = UNKNOWN (REFERENCES TO GPRS?)
00CB019C-00F88BF6 = UNKNOWN
00FB019C-014101CF = UNKNOWN
0143019C-0185B015 = UNKNOWN (APPROXIMATELY 4MB... RADIO ROM?)
0187019C-01995D38 = UNKNOWN (REFERENCES TO T9 DICTIONARY)
019E01AC-01CDDE58 = UNKNOWN (REFERENCES TO LDAP, DRM)
01DB019C-01E21343 = UNKNOWN (WINDOWS MEDIA PLAYER COMPONENTS?)
01E4019C-01EF8943 = UNKNOWN (SOLITAIRE / JAWBREAKER)
01F1019C-01F9B0CE = UNKNOWN (REFERENCES TO VPN)
01FC019C-0236A72B = UNKNOWN (APPROXIMATELY 3.8MB, REFERENCES TO NETWORK ADAPTERS, MODEM)
03F80140 = ANANSKY'S ROM CREDITS
03FB819C = MODEL (PM10A)
03F4015C = DATA STRING (UNKNOWN)
03F4019C = SPLASH SCREEN ("HTC MAGICIAN" VOLCANO)
For instance, if you wish to change the splash screen, you could replace the 153,600 decimal bytes starting at 03F4019C hexidecimal with your Splash2.NB file.
I have compared the 4MB block (0143019C-0185B015 hexidecimal) between my 1.11 NA ROM dump and Anansky's and found NO DIFFERENCE. It is possible that this section is the Radio ROM area, due to the size. I have to have the radio.nbk file decrypted in order to confirm.
If there are minute differences, I'll be sure to catch them now. Stay tuned.
I did something similar to find out, what he did. I first flashed Qtek's 1.11, then backed it up on SD card and wrote it to a file. Then I flashed Ananskys ROM and was now able to compare.
Unfortunately we know to few about the internals of the ROM (at least considering what's in the wiki).
BeyoneTheTech,
A question completly unrelated to the big storage ROM. How is it that your JAM has a 850Mhz Processor?
It's 850MHz radio band, unfortunately not CPU speed! I live in North America where the 900MHz is not utilized due to many pre-cellular products hogging up the 900MHz frequency.
As for everyone else, I used a program called WinHex to byte-compare the minimal differences between Anansky's BigStorage ROM file and my own ROM dump file. Bear in mind it's almost in the morning now and I crazily did this at work, so the details will be minimal:
I noticed two byte differences - B8 01 (1B8 hex=440 dec) vs 80 00 (80 hex=120 dec). I did NOT change those because I found it once in the bootloader, so I assumed it might be related to the way it handles the Storage area/Extended ROM.
The second set of differences were where the string "PM10A" was found in Anansky's ROM. Mind you, "PM10A" was also found in my ROM file (in the CE ROM portion), so I took my bytes around the "PM10C" section near the end and transposed it into Anansky's ROM file.
Of course, there was a major differrence in the middle of the two ROM files: the Extended ROM data. I left that the way it was in Anansky's ROM, mostly zeros and some "header"-looking information.
Bottom line is I have what appears to be a fully-functioning ROM file that I flashed successfully onto my 850MHz-band i-mate JAM (running on Cingular's network in the Northeast Americas.) I have little doubt it's not utilizing the 850MHz band, since the byte changes were so minimal between Anansky's WWE ROM and my official NA (850MHz) WWE ROM. My Device Information applet reports "PM10C," of course because I hardcoded it into the ROM, but I also mapped the bytes around it from my original "850MHz" ROM. Oh, and I've got my 27MB back! :wink:
I don't particularly see a problem with having your PM10C device updated with Anansky's ROM. Although the machine will now identify itself as PM10A, people have reported still being on 850MHz cells... so there shouldn't really be a problem there.
The only issue is that now when i-Mate releases upgrades, I'm only able to flash the European and not the North American mods.
What exactly is the method to force a North American ROM upgrade onto a supposedly European JAM? I didn't save the backup which was on the SD card.
As I stated last night and bleary-eyed, there was very little difference between the North American (850MHz) and the WWE (900MHz) versions of the ROM dumps. I believe most, if not all of the differences resided in the Extended ROM. Just the changes noted below worked on my 850MHz JAM.
Using the os1.11wwe_bigstorage.nb1 file...
1. Write FF's into offset 0000028Ch to 00000293h, erasing the T-MOB101 designation.
2. Change the letter A (41h) to C (43h) at offset 03FB81A4h, so it should read "P M 1 0 C."
3. Change bytes 09 2D 4D 27 C7 to 09 2D 4C D1 8E at offset 03FB81DDh to 03FB81E1h. Again, this was near the PM10C designation, and it's unlikely that this code is my IMEI number, so I'm trying to retain as much of my original ROM as possible.
4. Change the splash screen if you wish (see previous post).
Perform a full backup with Sprite Backup or similar program.
SD-Flash the new file onto your JAM and you should be good to go.
Perform a full restore with Sprite Backup, ignoring any ROM upgrade warnings.
If you feel comfortable with hex editing, use WinHex with the ROM files. It opens files fast and can copy and "write" (not paste) the splash screen in one shot.
I am hoping that if someone can easily decrypt the new CE and Radio ROM images, they can be injected into Anansky's ROM dump, while someone who still has their Extended ROM area will be able to extract any new changes or updates in the CAB files.
Shawn_230 said:
What exactly is the method to force a North American ROM upgrade onto a supposedly European JAM? I didn't save the backup which was on the SD card.
Click to expand...
Click to collapse
Just use the "NoID" version of the MaUpgrade EXE found on the FTP, but remember: Any flashing after Anansky's hack will make your Extended ROM/Storage area disappear! Like I stated in my previous post, let's hope someone can create a new xda3nbftool to decrypt the new ROMs and we might be able to either "inject" it into Anansky's ROM dump file, or we can change the necessary bytes, reencrypt, then upgrade only that portion of the ROM to your Magician/JAM device.
BeyondtheTech said:
Just use the "NoID" version of the MaUpgrade EXE found on the FTP, but remember: Any flashing after Anansky's hack will make your Extended ROM/Storage area disappear!
Click to expand...
Click to collapse
BeyondtheTech, I had an 900mzh version but I am living in US too. Actually, there is a very simple solution w/o going thru the hacking of the rom (But it's good someone can experiment how Anansky's did it so that we could do it for the future rom update).
1. Grab the latest USA rom from imate.
2. extract it w/ Winrar and U will get 3 nbf files.
3. Keep the radio_.nbf and remove the other 2
4. Use the no id version of MaUpgrade and it will only update the radio
5. U radio is 850mzh version and U still have the big storage
FYI, I don't know if you actually tested your sets, because I did flash just the alleged "USA" radio portion on my 850MHz JAM and I did lose the BigStorage area entirely, which is why I said that any subsequent flashing will do just that.
BeyondtheTech said:
FYI, I don't know if you actually tested your sets, because I did flash just the alleged "USA" radio portion on my 850MHz JAM and I did lose the BigStorage area entirely, which is why I said that any subsequent flashing will do just that.
Click to expand...
Click to collapse
Of course, I did.
BeyondtheTech said:
ADVANCED USERS ONLY.
00A6019C-00AC82D6 = UNKNOWN
.../...
03F80140 = ANANSKY'S ROM CREDITS
03FB819C = MODEL (PM10A)
03F4015C = DATA STRING (UNKNOWN)
03F4019C = SPLASH SCREEN ("HTC MAGICIAN" VOLCANO)
I have compared the 4MB block (0143019C-0185B015 hexidecimal) between my 1.11 NA ROM dump and Anansky's and found NO DIFFERENCE. It is possible that this section is the Radio ROM area, due to the size. I have to have the radio.nbk file decrypted in order to confirm.
If there are minute differences, I'll be sure to catch them now. Stay tuned.
Click to expand...
Click to collapse
Following to BeyondtheTech post, I'm now shure that the so called 'big storage' is located between address:
023c0190 : 03f40190 (about 27 MB)
I've also determined that every 256 kB (+40000h), this 'virtual disk' include something similar to a 'sector header' conform to:
f0 f0 f0 f0 00 00 00 00 96 f2 e7 10 db d3 00 fc
Click to expand...
Click to collapse
this string is present at address:
02400140h, 02440140h, 02480140h, 02480140h .../...
03f00140h, 03f40140h
For checking the validity of my theory, I've copied about 15 MB of different files, before making a backup of my Qtek S100. It's confirm that the data are occupying this space.
Because, I'm normaly working on a french OS version, I need all accentuated; and diacritic characters to answer my mail. So my purpose is now to 'reverse engeneer' the Anansky method to include this very usefull 'big storage' on a french based OS.
So, I've merged all content of my original v1.11 French OS UpGrade from address 00000000h to 023c0100h... This personaly cooked OS is working, and all is in french... but 'no-big-storage' available unfortunately.
So, in the next step, I've tried to undestand, how 'virtual storage' is working under Qtek S100. Back to my original OS, with small 7 MB storage. On the hexadecimal point of view, nothing more than, with the Anansky backup version, except that the virtual disk is smaller... Everything is in order, according to my theory...
But because the 'big storage' is not even visible, my conculsion is simple: "the solution is in the 'registry', but I've not yet been able to go through the mystery:
HKEY_LOCAL_MACHINE\System\StorageManager\Profiles\VDisk
"Name"="Extended_ROM"
"Folder"="Extended_ROM"
.../...
[HKEY_LOCAL_MACHINE\Drivers\Active\43]
"Hnd"=dword:0068e3f0
"Name"="DSK8:"
"Key"="Drivers\\VDisk"
"ClientInfo"=dword:00000000
.../...
[HKEY_LOCAL_MACHINE\Drivers\VDisk]
"Key"="Drivers\\VDisk"
"WindowBase"=dword:a2c00000
"Size"=dword:01300000
"Folder"="Extended_ROM"
"DisableInt"=dword:00000000
"OnBoard"=dword:00000001
"Dll"="VDISK.DLL"
"Index"=dword:00000008
"Prefix"="DSK"
"Profile"="VDisk"
.../...
[HKEY_LOCAL_MACHINE\Drivers\BuiltIn\FlshDrv]
"FolderName"="Storage"
Click to expand...
Click to collapse
Close to all references in the registry seem to be dedicated to the Extended_ROM (about 19 MB) that can become visible, but not writable... until yet.
I've found only one reference to the 'Storage' folder (about 7 MB on my QTek), but I don't understand how the OS know it's type, size, location, etc. Another thing is shure: the registry is not directely visible in the backup. I suppose that this file is compressed in ROM, and decompress to Ram for working (all modification disapear in case of har reset).
Lost of questions... :?:
Regards,
Thierry
To easy patch any ROM... folow this link ;-)
http://forum.xda-developers.com/viewtopic.php?t=22582
I am not sure it's in the registry as I did a byte compare of my backed up ROM (which was the 1.11 NA 850MHz from i-mate) to Anansky's (1.11 WWE) and found that the there were two sets of bytes that were different (changed?) in the bootloader area as well as the CE ROM, and of course, the 27MB chunk of data for the Extended ROM.
I think the bootloader may have something to do with the way the memory is set up.
The bytes that were different were in both places were B8 01 vs 80 00. 1B8h=440 and 80h=128, if that means anything. There were no other changes in the Radio or CE ROM areas, which leads me to believe that the 27MB area is just formatted differently (perhaps the start of the 7MB area was pulled back to the beginning of the Extended ROM area).
The only remaining change was near the end where it has the "PM10x" designation," but I doubt that has anything to do with the BigStorage area since I used his bytes and tried my bytes with no difference.
If you feel bold enough, you can mess with these two bytes (try a value in between) to see if it enlarges the 7MB storage space, corrupts it, makes it writable, etc.
pigot,
If you're willing to try this...
After you've injected your French ROM into the NB1 file, use a hex editor and change the following bytes:
On or around 00007E32h, change B8 01 to 80 00.
Do the same at 0211E32Eh, change B8 01 to 80 00.
Leave Anansky's changes in the Extended ROM and Storage area as well as the end of the file unless you want to call your device a PM10x.
SD-Flash it and tell me if you have the 27MB of Storage free with your French OS.
You are in the good way :lol: ... Those bytes (hB8 + h01 to h80 + h00) are the key. But not always they are in the same site in all the ROM's.
Bye. 8)
Seems to work great for me over the last couple of minutes at least! Upgraded a 3 day old UK o2 qtek s100.
Thanks a million.
BTW - what software is stored in the extended rom that we lose?
Vijay
MKS said:
You are in the good way :lol: ... Those bytes (hB8 + h01 to h80 + h00) are the key. But not always they are in the same site in all the ROM's.
Bye. 8)
Click to expand...
Click to collapse
Well, the application developped by MKS is a great job. It works perfectly for me on a v1.11 Fr... The process is very simple, and really accessible to even 'medium range' users. Sounds pretty good, isn't it?
Omho, the 'anansky trial' is over, and the big winner is MKS.
Thanks alot,
Thierry
Related
I finally can successfully upgrade my O2 mini to version ROM 1.12.00 patched with 27MB BigStorage (ROM verion: 1.12.00WWE, ROM date: 05/28/05, Radio:1.12.00, Protocol: 1337.42, ExtROM: n/a <- of course!! ). Although I stuck for quite some time but finally I got it!!! I just want to share some experience with you folks. If you are stuck in either one method, try the others! [I used method 3 to do the patching]
1.12 ROM image from http://www.buymobilephones.net/romfile_download_s100.ihtml
Currently, I recognize that there are 3 ways to patch BigStorage,
1/ Anansky method (http://forum.xda-developers.com/viewtopic.php?t=20043)
- currently it can only manage 1.11wwe version
- my experience: seems that 416 (DEC) is the magic number
2/ MKS mehtod (http://forum.xda-developers.com/viewtopic.php?t=22582)
- apperently can handle all verison of ROMs
- but some guys (me too) can't use this method at all. No matter what ROM I was using (shipped, patched), no matter what I did on the rom (not masked, 416byte..), the problem was that it stuck at BootLoader mode after 100% flashed. I think it may be hardware related (mine is O2 mini, original ROM is traditional chinese 1.06).
- my experience: if you have upgraded your Magician using official AKU, then extract the image and run this patch progam. If you are using upgraded ROM from other sources, then you have to upload you own ROM, copy the first 416byte to the upgraded ROM, and then apply this patch program.
3/ Dr. Chair / Talent (http://forum.xda-developers.com/viewtopic.php?t=23250)
- apparently can handle all version of ROM-
- my experience: key point is to search 2 locations "02 00 00 80 00 20 20 00 00" and replace them by "02 00 00 b8 01 20 20 00 00". Also, after flashing the machine, the first start up time will take a bit longer (mine is 4 minutes), be patient!
Other general sharing:
- try to use external card reader
- pressing Bootloader mode will immediately erase all the information (except data in rom) of your PPC, no matter you have it patched or not. Further, BigStorage patching will erase data in "storage" (rom) as well.
- when using HexEditor (or so), be careful if it's the DEC or HEX position
- On-screen checksum failure, ntrw write failure can be ignored
From others:
Koksie said:
I found that trying to use the ntrw program thorugh an USB hub did not work, all copied ROM files from my SD card would turn up as 0kb. Be sure to plug the card reader directly into the USB port of the PC, then the full ROM wil be copied.
Click to expand...
Click to collapse
Me too. Try to search " 02 00 00 80 00 02 02 00", as some other post said, there are only two searches required. This can be applied to 1.11WWE and 1.11 Chinese rom too.
1.12 is faster than 1.11 so far I have seen, bluetooth functions fine.
Please, could anyone tell where to find the 1.12 or upload it?
I am sorry to my previous post, the numbers to search should be
02 00 00 80 00 20 20 00 00
There's a 1.12 BigStorage WWE ROM into ftp under uploads\magician folder :wink:
girtsn said:
Please, could anyone tell where to find the 1.12 or upload it?
Click to expand...
Click to collapse
http://forum.xda-developers.com/viewtopic.php?t=23288
YRLS said:
There's a 1.12 BigStorage WWE ROM into ftp under uploads\magician folder :wink:
Click to expand...
Click to collapse
wow thks,
spared me time, instead of going thru installing rom and running the mksbigstorage procedure.
hv installed it, couldn't see any difference with the earlier 1.11,
BT still the same (sometime would not recoqnize other installed hw).
agai, thks a lot.
YRLS said:
There's a 1.12 BigStorage WWE ROM into ftp under uploads\magician folder :wink:
Click to expand...
Click to collapse
wow thks,
spared me time, instead of going thru installing rom and running the mksbigstorage procedure.
hv installed it, couldn't see any difference with the earlier 1.11,
BT still the same (sometime would not recoqnize other installed hw).
again, thks a lot.
johannesl said:
wow thks,
spared me time, instead of going thru installing rom and running the mksbigstorage procedure.
hv installed it, couldn't see any difference with the earlier 1.11,
BT still the same (sometime would not recoqnize other installed hw).
agai, thks a lot.
Click to expand...
Click to collapse
johannesl,
O2mini - PM10A WWE O2ASI001
bigstorageROM 1.12 Radio 1.11 ExtROM 1.11.922
Click to expand...
Click to collapse
Seems that you don't have Radio 1.12 installed. Maybe worth to have a try...
[/quote]
Seems that you don't have Radio 1.12 installed. Maybe worth to have a try... [/quote]
true, but does radio 1.12 really make difference on the BT issue ??
(at the moment I'm a bit lazy going thru the whole procedure, maybe sometime next week I will try it)
anway thks 4 yr comment
palmVer said:
Seems that you don't have Radio 1.12 installed. Maybe worth to have a try...
Click to expand...
Click to collapse
By the way, If I only flash the radio ROM (ex Qtek), will I loose the installed bigstorage ?????
thks.
hey,
what's the file name for 1.12 bigstorage in the upload/magician folder??
i can't find a big storage one!
maybe the qtek extracted dir???
thanks
kolbac said:
hey,
what's the file name for 1.12 bigstorage in the upload/magician folder??
i can't find a big storage one!
maybe the qtek extracted dir???
thanks
Click to expand...
Click to collapse
Try this:
http://www.buymobilephones.net/romfile_download_s100.ihtml
i think it's a wrong link....
that's the link for the original 1.12 rom.
i wanted the bigstorage one....
thanks
bye
I got problem trying to do BigStorage
hi there,
i have successfully upgrade my ROM to v1.11 and now i'm having trouble upgrade the BigStorage, i'm in the stage where i need to backup the original ROM, i have follow these instruction below:
Backup original ROM:
1. Cancel USB in ActiveSync on your PC <important!>
2. Put Mini into the boot loader mode (hold both on/off and camera buttons at the same time while resetting). <you need to
hold all three buttons for several seconds.>
3. Insert empty SD card to Mini.
4. Connect Mini to PC through USB.
5. Run romupdate.exe on pc.
6. Select “\\.\WCEUSBSH001” in port settings. In the popup windows, enter “d2s” and press enter.
Click to expand...
Click to collapse
Up to step 6, that's where my problem come... I can't select any “\\.\WCEUSBSH001” in port settings, all I can select is COM1 or COM2...
Someone told me to end the process wcescomm.exe in task manager but it doesn't help either...
Now my mini is in the "boot loader mode", anyone can help me to re-flash it back to normal?
Please help. Thank you for your time.
kolbac said:
hey,
what's the file name for 1.12 bigstorage in the upload/magician folder??
i can't find a big storage one!
maybe the qtek extracted dir???
thanks
Click to expand...
Click to collapse
Just uploaded to the FTP :
ftp://xda:[email protected]/Uploads/Magician/mksBigStorage112.rar
this is the file I downloaded from the FTP a few days ago, but seems some1 has deleted it.
It must be noted that this is ROM 1.12 with Radio 1.11.
If you'd like install it don't forget to edit the first 416bytes with the one from yr original ROM
good luck.
Re: I got problem trying to do BigStorage
stalkie said:
Up to step 6, that's where my problem come... I can't select any “\\.\WCEUSBSH001” in port settings, all I can select is COM1 or COM2...
Someone told me to end the process wcescomm.exe in task manager but it doesn't help either...
Now my mini is in the "boot loader mode", anyone can help me to re-flash it back to normal?
Please help. Thank you for your time.
Click to expand...
Click to collapse
You missed step 1.
No need to end the process for WCESCOMM.EXE. Just go to the ActiveSync icon on the system tray, Connection Settings, and uncheck "Allow USB connection..."
method using .nb1 file to upgrade OS ?
May I ask how exactly to use .nb1 file to upgrade the device?
Re: I got problem trying to do BigStorage
BeyondtheTech, after that I did try to do but the problem still there...
this boot loader mode continue to goes on until the power depleted... then I charge my Mini and I try to switch on again and my Mini back to normal (like factory default setting, just like when you hard-reset) my ROM version is 1.11
So currently my Mini is running now without BigStorage patch
Re: I got problem trying to do BigStorage
stalkie said:
BeyondtheTech, after that I did try to do but the problem still there...
this boot loader mode continue to goes on until the power depleted... then I charge my Mini and I try to switch on again and my Mini back to normal (like factory default setting, just like when you hard-reset) my ROM version is 1.11
So currently my Mini is running now without BigStorage patch
Click to expand...
Click to collapse
If your problem is can't selecting any “\\.\WCEUSBSH001” in port settings, then try
1/ using other USB port
2/ rebooting the PC
3/ use another PC to try again.
PC USB recognization is not as good as we think and it depends of OS, USB hub, hardware, drivers installed...
Hello, i have done lot of reading there about all upgrades on our Magician's.. So for everyone who is new here to this forum, there is latest update available with easy few steps to upgrade
ROM version 1.12.00 WWE
Radio version 1.13.00
Protocol version 1337.43
ExtROM version 1.12.131 WWE
It's an IMATE ROM, with CZ (Czech) customized ExtROM. so anyone who want to cook his own ROM, just
download this file > http://live61.com/mda/yourownEXT.nb1 and follow Extended ROM steps above
It's complete Dump of my device, including CE ROM, EXT ROM and RADIO STACK. This update flawlessly worked on 3 devices i had in my hands.. So I hope, it will help you with no problems. (no need to change any 440bytes and other 'hacks' found there in forum).
Install is so easy
1. download NB1 file http://dc.live61.com/mda/Imate_WWE_1.12_1.13_1.12.131.nb1
2. write it on your SD card (at least 128mb) with NTRW application - "ntrw.exe write Imate_WWE_1.12_1.13_1.12.131.nb1 g:" (g: as your SD card drive letter)
3. insert SD card to MDA, and enter bootloader with CAMERA+POWER buttons together with RESET
4. after about 8 seconds you will get message with "Sections=2, press Power.." so press Power button and wait until "Checksum OK" message appears. Then reset your MDA
Thats it!
Customized Extended ROM
1. install this plugin to your Total Commander. (restart of PC needed!) http://live61.com/mda/VirtualDisk_1.30b2.rar
2. mount as an virtual image yourownEXT.nb1 file
3. make here your desired changes and unmount it
4. run WinHEX, open modified yourownEXT.nb1 (ouch.. i know, you need this.. http://sweb.cz/ftp1/WinHexSerial.txt)
5. select whole file with CTRL+A and copy to clipboard CTRL+C
6. open Imate_WWE_1.12_1.13_1.12.131.nb1 file, go to OFFSET 2C0019C and write clipboard data with CTRL+B
7. save Imate_WWE_1.12_1.13_1.12.131.nb1 and follow Install steps
If anything goes wrong, please let me know. Good luck. John
im going to try it....
(idem to tam šupnúť...)
i believe i will be able to do it, becouse i was not able to do before with dumped rom on ftp...
Hi
I made a SD card as You wrote.
When I make a HR, I have clear dark screen with "Serial" on the top and "v 1.00" on the booteom of the screen.
What is wrong?
Thanks for help.
howto
@all,
please aid a novice:
-How do I mount "your own extrom" in total commander???
-What and how can I make changes then????
Thanks in advance
kavalir said:
1. download NB1 file http://dc.live61.com/mda/Imate_WWE_1.12_1.13_1.12.131.nb1
Click to expand...
Click to collapse
Recently got a M500 and trying your rom but the link posted my be dead. Can you upload it again. Thanks.
how to upgrade only Radio 1.13 ? i downloaded from ftp
MagicianRadio_1.13.00_maupgrade
currently, i using Qtek1.12ROM for o2mini..
Can i just run the setup file ? then do upgrade only radio part.
Is there a newest rom than mine ?
hi,
i just bought a mda compact with t mobile few day ago,
it look like this
ROM Version = 1.12.00 WWE
ROM Date 05/28/05
Radio version 1.12.00
Protocol version 1337.42
ExtRom 1.12.152 WWE
is anything that can be upgraded ?
and how can i get the 02 active GUI on it ?
or remove the Tmobile one ?
I did try to find the answers elswere but seam to be a tiny bit complex to find out. (probably my english
i used to be able to surf the internet over GPRS for free with the o2 payand go sim card, i still do with the 02 montly thought.
any one know more about it ?
Dear all expert,
While trying to flash my German Black O2 mini from Ger to ENG. (Using MAupgrade_noID)
After some steps, the o2 mini turn black and display
"Serial V1.02"
At this time, even though I softreset or hardreset the device,
the same wording also appear and can't further boot.
I even use SD card method but the same wording still appear again.
Can any expert teach me how to rescure my device?
Thanks
Are you sure you did the SD-method right?
At OS 1.13.01 GER Radio 1.13.00 BigStorage you will find the latest german BigStorage ROM image available. Now do the following:
Get ntrw from this site
Get a 512 MB SD-card (maybe a 128 MB one will work, too, but I am unsure about this).
Put ntrw into C:\
Extract the RAR into C:\, which should produce C:\11301bs.nb1
Enter the following into the command line at C:\:
Code:
ntrw write 11301bs.nb1 [your SD-card drive letter, e.g. I:]
, ignore error messages
Fully load your Magician!
Disconnect your Magician from anything, especially USB
Shutdown your Magician (press power button)
Put the SD-card into the Magician
Put Magician into Bootloader-Mode (Camera+Power+Reset at once, until you have the "Serial 1.02" screen w/o backlight)
Wait some seconds for "Press power to flash" to show on screen. Do just that.
This might just work.
Thanks KK.
What's wrong is that, it seem the bootloader is dead.
WHile I input the SD card while enter into the bootloader.
The screen still display "serial V1.02" and hold it.
No further wording like "Press power to flash it" etc.
Is it the bootloader is dead?
I do not think so. Make sure you shut down the Magician before placing the SD-card with a fresh ROM-image written to it into your device. Power on into Bootloader-Mode afterwards.
Another option to check your loader is the following:
Shutdown the Magician
Go into Bootloader-Mode
Wait for "Serial 1.02" to be displayed
Connect to PC via USB. The Bootloader should display "USB" shortly after connecting. If it does not: Maybe really you managed to kill your loader.
What exactly did you do? I used the NOID-Tool too, and had absolutely no problems with it. Besides: I also have a bootloader version 1.02.
kk
While plugging the usb cable to the device , yes, it show "USB" on the screen then.
However, when I use the romupdate.exe and try extract the rom into SD card at this time. After pressing "d2s" , the device shut down at once. No words appear on the screen.
Do you know what does it mean?
Besides, can you tell me what is "NOID-Tool" ?
thanks
The NOID-Tool would be MAupgrade_noID, which you used.
I am not sure about it, but as your device does not boot into the OS anymore, it seems reasonable to assume, that the ROM in your device is not valid anymore, due to errors while flashing it in the first place.
So - if there is no valid ROM, there is nothing, which the bootloader can write onto the SD-card.
Please try the method suggested in previous postings before anything else. If all this fails, I have no further suggestions - your device might really be dead.
You can try regular upgrade insted of doing it through SD card.
Danload shipROM, extract it and use MAupgradeNOID to run ROM and that is all you should do.
kk said:
At OS 1.13.01 GER Radio 1.13.00 BigStorage you will find the latest german BigStorage ROM image available
Click to expand...
Click to collapse
Hi,
Can you upload the rom again pls? Someone removed it from the ftp site. Like to give it a try, but can't find a prepared BS-rom anywhere.
Thnx, M
kk said:
At OS 1.13.01 GER Radio 1.13.00 BigStorage you will find the latest german BigStorage ROM image available
Click to expand...
Click to collapse
Hi,
Can you upload the rom again pls? Someone removed it from the ftp site. Like to give it a try, but can't find a prepared BS-rom anywhere.
Thnx, M
Hi there!
The FTP-master kindly converted the file to ZIP format. It is now available here: ftp://xda:[email protected]/Magician/BigStorage_ROMs/DE_T-Mobile_1.13.01.zip.
Remember: I used a 512 MB SD-card to create it, so maybe it won't work with smaller ones (but I think it should, since the ROM stored within this SD-card-image is no more than 64 MB in size).
Hi KK,
I found it along with the other BS roms and feel ashamed I couldn't find them. I tried it first with my 512MB card, but the cardreader won't write the file (no question about formatting whatsoever). Tomorrow I'm going to try with my 256MB mini SD card, which I know will be written by NTRW. I'll let you if I succeeded.
Regards, M
It works for sure with my 512 MB Kingston SD-card!
Don't bother about an error at the end of the ntrw-writing process. That's absolutely normal, since it would like to make the SD-card-drive the current drive, which is not possible after the writing process, as the SD-card now contains a ROM-image instead of a valid filesystem.
Hi KK,
Didn't manage to get it flashing. I used both cards but my magician doesn't accept the image somehow. No sign of any message like 'press power to load', not on serial nor on usb connection in the bootloader. It did work before with my own dumped rom, but lost the storage than, but it did accept the rom. Now it keeps awful quiet, I copied the first bytes and all, so maybe I'll give it a try with another rom. I want to sort this problem out.
Cheers, M
nbfdec made my big storage
Hello KK,
Yesterday I tried with the steps from hlt, out of the radio 1.13 upgrade thread http://forum.xda-developers.com/viewtopic.php?t=32274. It doesn't involve any rom dumping or sd-card action whatsoever and it worked first time.Just one tool: nbfdec and a shipped rom. It is fast and simple. Thanks for your advices, hope others will try this method as well, because it is much easier than bigstorager and bytecopy etc.
M
The "no SD-card required"-method in this thread only works for shipped ROMs. The ROM i prepared is a combination of the latest german OS & Radio versions plus BigStorage, which is to my knowledge _not_ available in this combination elsewhere, and should therefore be the most up-to-date ROM usable for any german magician user with very few simple steps.
Since you require a non-german version, my ROM will not be appropriate for you, but this thread started out with a cry for help with a non-booting magician, and I thought, that my ROM-modification would be of some help here due to the simplicity in applying it and its actuality.
But be it as it may.
KK,
I had the same problem as Netmon, only bootloader and I couldn't make the sd flash. That's why I was looking for a decent rom. With the tooling found on this site I probably could turn my magacian from German to English again. Since all my storage was gone I could take the risc.
I solved my problem with the upgrade 1.13 thread and that method would have worked for Netmon to I guess, just put the magacian in bootloader connect to usb and flash with a German shipped rom or an altered version.
Anyway thanks for your time, M
Dear rilazi and all
The device has been proofed for dead by the manufacturer.
The symptom is
1) romupdate.exe can't detect the device
2) press softreset button can't reboot the device to normal screen, only display "Serial V1.02" on the screen
3) Use SD card method doesn't got any respone from the device, keep displaying "Serial V1.02"
4) Use shipped rom (with MaupgradeNo_id.exe) also can't detect the device.
I don't know whether it the V1.02 version of bootloader problem or not.
Before, I try to flash many time which it V1.01 with no problem.
So, all of the V1.02 German device (Black color Mini) should pay attention to it.
I have a bootloader v1.02, too. Absolutely no problems with flashing on my side.
Hello!
I bring to your attention a small script to change the size of PagePool directly on the device.
The script allows to replace the size PagePool From 2.00 to 16.00th mbyte without a reflash of the device and loss of data.
After work of a script it is enough to make a soft reset to the device.
In a script is implemented the algorithm of automatic search of the address of offset and check result of search with use of check value on algorithm MD5 . In this mode every possible checks are made so much what kill the device practically not possible.
Also there is a possibility of instructions of own displacement of value of the size PagePool In a case when automatic search cannot find out it. In this mode value to the specified address is checked only. And if it not in the range of values of the size PagePool from 2 to 16, script also refuses to make changes to a device insertion.
The script is checked up with several firmwares and devices.
If program can't autodetect offset value of PagePool, generate "dev info"
and provide it to me. Im add your device in autodetection feature.
Thankful in advance for responses about work of a script and the help in perfection of this.
Screenshots and script are applied
P.S. Sorry for bad english
latest version available at ftp://intruder.spb.ru/PPSmartChanger.exe
First of all thank you for your hard work!
I read everywhere about this "PagePool". Can i ask what's this? And which PagePool is more wise to use?
TIA
If I correctly have understood you, I answer
PagePool it is area which it is used by system for caching various information. The size of accessible RAM depends on the size of this area for. As a rule this value selects everyone under itself individually. Someone uses the big programs which is necessary a lot of memory, and someone a much small programms.
As the program allows to change this value without loss of data, it is possible to experiment.
If has worked address autodetection that all it should be good.
If has not worked, I need info about your device and firmware to try add your device to autodetection.
Thanks for this sweet app....
Now I can change the pagepool on the fly... even though I wonder how many times I will actually change it...
You can change the size of PagePool as many times as you need without any limits.
Version updated:
1. Improved method of info retrival from device.
2. Added multidevices support.
3. EXPERIMENTAL: Added support of WM6 on FS LOOX C550 (can't test on device, my device HTC Touch)
So, what would be the best size for the Touch? I know it should be smaller, I've read 4MB somewhere but is that best or at least better than original?
I'm using BatteryStatus with enabled CPUScaler and I noticed when I change the PagePool size to 4 Mb, TCPMP player works on higher frequency (299 MHz, Boost) instead of 247 MHz (Max) with 8 Mb PagePool size.
So if PagePool size is 4 Mb and less we have low productivity.
I found that 6 Mb is good size. The productivity is the same as with 8 Mb and free memory bigger for 2 Mb.
Version updated.
Hi shark... It's not working on my Touch. Firmware using is 1.11707.1B WWE.
Swiftblade said:
Hi shark... It's not working on my Touch. Firmware using is 1.11707.1B WWE.
Click to expand...
Click to collapse
Hi! Please use new version and if it not work, build info for me (option in menu) and attach to reply
Latest version can be accessed at ftp://intruder.spb.ru/PPSmartChanger.exe
the link of your app doesn't work anymore...
can you upload it to a different server please.
thanks
It did work on mind.
It said Dump size mis-matched.
Try built Development Information.
It also failed and sais Some **** happened!
Don't know what is next. ROM I used is the 55Meg Big Storage ROM without Extended ROM found in this forum.
jychan28 said:
It did work on mind.
It said Dump size mis-matched.
Try built Development Information.
It also failed and sais Some **** happened!
Don't know what is next. ROM I used is the 55Meg Big Storage ROM without Extended ROM found in this forum.
Click to expand...
Click to collapse
Same to me
Please wait while tool locate PagePool setting offset
_______________________________________________________
Started at 10:50:08.39
> Initializing... done
> Reading ROM info... done
> Dumping part of ROM.. ERROR
> Locating PagePool setting. skipped
> Checking MD5. skipped
Finished at 10:50:41.82
_______________________________________________________
Size of dump is mismatch
Press any key to continue . . .
Click to expand...
Click to collapse
But building of debug info worked.
Don't know how to contact you at 4PDA.ru since my russian is very rusty (cannot even read any of these words).
So I post the log here
My ROM is1.11.407.1B.GER (original german HTC Touch)
I have the same problem with jychan28
ROM: 1.11.721.2B WWE
Radio Ver: 02.93.90
Hi,
I was wondering how i can change the pagepool size when i'm cooking a rom?
I've been searching and searching but didn't find anything to change the touch's pagepool.
Gr. bram
New version at ftp://intruder.spb.ru/PPSmartChanger.exe
bram_smulders said:
Hi,
I was wondering how i can change the pagepool size when i'm cooking a rom?
I've been searching and searching but didn't find anything to change the touch's pagepool.
Gr. bram
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=323269
If any **** happens, download new version
It buil development info in C:\PPSCDev.
sorry...
_________________________________
> Checking........7z.exe: No such
file or directory
.. ERROR
Tool might be broken
Execution aborted
Press any key to continue . . .
Click to expand...
Click to collapse
the file I downloaded is also only 229kB instead of 295kB of 0.37a
Sorry, it's my fault. Script updated, try again.
[REF] Easiest way to SIM unlock your Elf/Elfin even if it's "MCC+MNC = None"
First of all, sorry for my bad english...
Here goes the best way I found to unlock all Elf/Elfin, even those with the deadly "MCC+MNC=None" (wich is my elfin).
I saw some people say that when flashed with "Elf_Elfin_2.11.0.0_MFG_ModuleBuild" the phone it's not SIM locked anymore, but after reflashing with another rom it got locked again.
I tried that myself and it was true, I flashed "Elf_Elfin_2.11.0.0_MFG_ModuleBuild", then flashed other rom (with only the OS part) over it and bam, was locked again.
So the locking part should be in the OS. After looking over the system files, I found two files (SIMLock.exe and SIMLock.exe.0416.MUI [my OS was BR Portuguese]) and thought "here is the locking problem" (because "Elf_Elfin_2.11.0.0_MFG_ModuleBuild" don't have those files in the system folder!). Then I deleted those files and it wasn't SIM locked anymore... but it didn't find any networks.
So I serached a little more (google is your best friend in times like this) an discovered that the file rilgsm.dll is responsible for the network... It starts and calls SIMLock.exe, if SIMLock.exe returns a valid SIMcard, then rilgsm.dll starts the network service.
So that's the diference between "Elf_Elfin_2.11.0.0_MFG_ModuleBuild" and the other roms, its rilgsm.dll don't have the part that calls to SIMLock.exe, it just starts the network service based on the SIM card you have inserted.
So I just took that dll from that test rom and copied over another rom and it worked like a charm!
Enough talking, here's what you gotta do to SIM unlock your Elf/Elfin (no matter what rom you have):
You will need this file (unlocked "rilgsm.dll")
- Extract the file you just downloaded to a temporary folder.
- Turn on your mobile WITHOUT the SIM Card.
- Connect your Elf to your PC (activesync).
- Find the files "rilgsm.dll", "SIMLock.exe" and "SIMLock.exe.0***.MUI" (the *** depends on the language of your OS) on the windows folder of your mobile and make a bakup of them (in case you want to SIM lock it again).
- Copy the extracted "rilgsm.dll" over the one on the windows folder (say yes when it asks to replace the file).
- Delete both "SIMLock.exe" and "SIMLock.exe.0***.MUI".
- Turn off your mobile.
- Insert any SIM Card (that didn't work before) and turn your mobile on again and enjoy your newly unlocked ELFin!
If you intend to flash some other rom, just copy the dll again and it's ready to go.
Hope this helps.
Great find!!!
For Rogers users who are using the regular stock ROM, it is probably a good idea for them to use the regular free unlocking method because rilgsm.dll is responsible for Rogers Name Display. Other than that, I hope it works well for everyone else!!!
Anyone else tried this?
yes, I have, did not work. phone does not have simlock.exe or simlock.exe.xxxx.mui on windows folder, and just replacing rilgsm.dll does not affect carrier lock. when inserting sim card from other operators, it still asks for subsidy code.
Tested phone is:
ELF010050
BSTAR502
IPL: 2.24.0002
SPL: 2.26.0000pof
99HEH077-00
Operator Tim Brazil
ps.: I tried as well when phone was with stock rom, and was the same thing.
br
Good idea!!
I haven't tried your procedure but I also know that OS contained in "unbricker rom" (test only rom) do SIM unlocking, so I believe this will work . I will try it soon in my free time. Thanks!!!
I'll try to reflash my elfin tomorrow and do some other tests with it, to see if there are any problems with some specific roms.
My elfin:
ELF010050
BSTAR502
IPL 2.24.0002
SPL 2.24.0000
99HEH077-00
Claro Brazil
I'll post something more tomorrow.
Sorry for the lack of testing before posting (newbie yet).
i would feel better by patching or replacing the simlock.exe file instead of changing the dll.
zerostuff, why don't you add a poll to this thread to see if it works for most people?
Thank you for the idea dsixda.
I sent the .exes and .dlls to a friend of mine and asked asked him if he can find the locking part in those files (because i'm just a normal user and don't know anything about hex editing and stuf).
And I'm still testing some roms on my elfin to see if I can find a working and a non-working way to unlock it (so far, all the roms are working).
thinking of buying a htc elf
hi all im thinking of buying a htc elf but its locked to orange is it easy to unlock and get rid of the orange start up logo .
would you give me step by step guide on how to do it ?
thanks in advance
As you can see, some is easy to unlock others no solution yet...
@ zerostuff
elfin ELF010050 BSTAR502 from Vivo Brazil, had the simlock.exe and simlock0416.exe.mui . I replaced those files with and small clock app, and replaced rilgsm.dll , and did not worked (error 'unavailable file', and then hang) . So, I deleted the simlock.* , and phone got into menu, but no signal.
indeed, this is a way to go, but still need improvements.
@ chester-lad-2009
search board, there are many topics regarding that. this topic is not for that discussion.
br
zerostuff said:
- Delete both "SIMLock.exe" and "SIMLock.exe.0***.MUI".
Click to expand...
Click to collapse
hi, i use onyx 4.43 rom and when i try to delete a message tell me "could not delete. i try in windows and in my elfin too using total comander and sktools. how can delete this files?
I've try on my HTC Touch 3450 (PT) substitute the file and i can't! And i can't found these 2 files...
Using Total Commander
First we move the rilgsm.dll to windows folder, then delete the two files SIMLock.exe & SIMLock.exe.0***.mui, and ignore the Warning! Could not delete 1 file(s)...
Then reboot the ELFin and it´s done....loooooool... No need to put codes...
Just doing those steps, it´s done the SIM_Unlock
Strange??? i don´t know, but work´s
Note: Tested with One PT ELF and One ELFin BRS, worked fine!!!
Great post works like a charm!
i needed to use another explorer since my original rom dont let me move or copy windows folder file!
i used WinFileCE.exe to do the trick , but it worked !
1 more thing , is it possible to cook a rom with this files inside!? because if i hard reset the phone it relocks it self by this method!!
These two files they realy removed???
I cant' remove this two files because the cellphone is using them, how can i stop process's on Windows Mobile?
Using TC I was able to copy rilgsm.dll to \Windows. But simlock.* are a different story and I wasn't able to delete them.
Anyway, using this version of rilgsm causes the phone connection to die: it cannot be set on from Comm Manager. And then after some time, Comm Manager throws two or three errors.
It's an HTC Touch from Claro, Argentina. The ROM is http://forum.xda-developers.com/showthread.php?t=442391
Code:
Touch version : Elfin
Device ID : ELF010150
CID : BSTAR301
IPL : 2.24.0002
SPL : 3.07.cmonex
ROM Version : 3.07.720.03
ExtROM Version : None
Operator Version: None
AKU Version : 1.2.7
Page Pool : 12 MB
RAM Size : 128 MB
ROM Size : 256 MB
Model No. : ELF0100
Part Number : 99HEH129-00
MCC+MNC : Not found
Any information you guys want or some tests that could be run in the device, just tell me.
Cheers.
Not worked Efl 3450 ( 64/128)
The idea was great, but not worked with Efl 3450 ( 64/128)...
My device was patched (IPL 2.27/SPL 2.28 cmonex) and Rom ELVES ROM V5.0 - CE OS 5.2.2021.
No files found in windows dir "SIMLock.exe" and "SIMLock.exe.0***.MUI", so i just copy this file (unlocked "rilgsm.dll") to windows dir and i did a soft reset.
Result: deviced hanged.. new soft reset: boot ok, but no radio ( even trying to turning on manually), just wi-fi working..(nice to make calls from skype )
I don't have any clues about how to bypass simlock..
Any help will be appreciate.
Cheers
RILGSM.dll is not locked/unlocked
The thing is, that file controls GSM<-->PDA radio functions. As you took RILGSM from a "test" rom (is unlocked one)
When u sim unlock a device, it doesnt overwrite RILGSM with "unlocked" properties
The solution will be rewrite a RILGSM.dll file, and write a SIMLOCK.exe file with spoof properties to make think device is unlocked