Hi Guys Please Help Me If U Can......Thanx
Well the directions say that
The nbf file is configured for operator ID O2 and language ID WWE.
If you need to change these, carry out all the steps below.
The Step-by-Step Install or Upgrade Procedures:
1. Extract the decrypted versions of the nbf files
by entering the following commands at the command prompt:
xda2nbftool -x NK.nbf NK.nba 0x20040304
xda2nbftool -x Radio_.nbf Radio_.nba 0x20040306
2. Modify the operator ID in the nbfs to the value you require by entering the following commands at the command prompt substituting <operator> with the required value:
xda2nbftool -sd PH10 -so <operator> -sl WWE NK.nba
xda2nbftool -sd PH10 -so <operator> -sl WWE Radio_.nba
3. Update the crc values for each of the decrypted files
by entering the following commands at the command prompt:
xda2nbftool -c -u NK.nba
xda2nbftool -c -u Radio_.nba (optional, only if you are installing radio ROM)
4. Encrypt the files back into the nbf files by entering
the following commands at the command prompt:
xda2nbftool -x NK.nba NK.nbf 0x20040304
xda2nbftool -x Radio_.nba Radio_.nbf 0x20040306
First Of All I Dont Know How To Get To The Command Prompt........am i suppose to start command prompt on my comp or on my pda?????? i dont understand.........please explain it to me if u can.........thanksa lot......
press start button on the pc
pick RUN
type CMD
press ok
Related
Can somebody please dump the English Rom version including the first German 416 bytes, in ONE file?
Or just explain how to upgrade, for dummies?
because a German MDA = No MDA!
For not advance user it's not easy managing bootloader and so on...
this works upgrading to 1.03!!!
After some searching and trail by error testing I have sucesfuly upgrade my German T-Mobile MDA with the latest Jam rom from the I-mate website.
ROM version 1.03.00 WWE
Radio version 1.01.00
ExtROM version 1.03.141 WWE
I am not resposible for any damages !!! It should work perfectly !!
First Step:
You need to download the latest ROM (English version!!!).
http://www.clubimate.com/Support/ma_cdlsku2_arb_10300_141_10100_ship.exe
After download run it.
When you see a screen with "welcome to device software update utility", do nothing and go to your TEMP directory of windows. I you don't know where to look do a search for this file name: MaUpgradeUt.exe
When you have located the directory that hold this file copy the complete contents, 8 files. To a directory on your PC eg: c:\jam
Then cancel/close the "welcome to device software update utility"
Second step:
You need to find out the Operator code and language of you device.
If you have a MDA Compact from germany, the Operator code is: T-MOB101
If you have a German language ROM your code is: GER
If you have a UK ROM the Language code is: WWE
Third Step:
Download xda3nbftool.exe, and put it in the same directory as the 8 ROM files.
Fourth Step:
Build a batch file, name it change.bat or whatever you like in the directory where you put ROM files.
Paste the following in it:
------------------------------- paste the data below ------------------------
xda3nbftool -x ms_.nbf ms_.nba 0x20040522
xda3nbftool -x nk.nbf nk.nba 0x20040521
xda3nbftool -x radio_.nbf radio_.nba 0x20040523
xda3nbftool -so T-MOB101 -sl WWE ms_.nba
xda3nbftool -so T-MOB101 -sl WWE nk.nba
xda3nbftool -so T-MOB101 -sl WWE radio_.nba
xda3nbftool -c -u NK.nba
xda3nbftool -c -u ms_.nba
xda3nbftool -c -u Radio_.nba
xda3nbftool -x ms_.nba ms_.nbf 0x20040522
xda3nbftool -x nk.nba nk.nbf 0x20040521
xda3nbftool -x radio_.nba radio_.nbf 0x20040523
del *.nba
--------------------- paste the data above --------------------
This data is for a MDA Compact from T-mobile, with a UK language.
If you have a German Language change the WWE to GER in the file.
Fifth Step:
Go to a Command Promt and change to the directory you have places all the files in. Then run your batch file. It give's some errors maybe about a password but ignore those, it works !
Sixth step:
Run the MaUpgradeUt.exe program in the directory, it should start the UPGRADE. If not then you have not changed the language or operator code sucsesfully.
Last step:
If you have reset your device after the upgrade, be sure to skid the Extended ROM install. Install the apps you need manualy from the EXT-Rom. Or you will end up with some arabic nonsense.
Some tips:
If you want to find out your Operator Code and Language of you device:
In the directory you should have a file called: GetDeviceData.exe copy this file to your device. On the device run it, it looks like it does not work but that is fine! Now go with you PC to your windows directory on your device. You should find a file called DeviceData.txt there. Copy it to your PC and open it with notepad.
You should see something like this:
---------------------------------------------------------------------------------
PM10A 0 A WWE E T-MOB101
1.01.00 0 0 1.03.141 1.00.10 WWE
-----------------------------------------------------------------------------
The PM10A is the Device code
The WWE stands for English language, if you have a different language it hould say so. German would be GER.
The T-MOB101 is the Operator code.
If you have different info there use it for the batch file. Language an operator code.
Good luck everybody !!! And I will try to provide more info if needed !
xda3nbftool -x ms_.nbf ms_.nba 0x20040522
xda3nbftool -x nk.nbf nk.nba 0x20040521
xda3nbftool -x radio_.nbf radio_.nba 0x20040523
0x20040522,0x20040521,0x20040523 depends on what? the rom?
i mean for the other roms upgrade is that nummber same? example chinese rom upgrade.
Cannot get the ROM
I have tried following the link that everyone has for the ROM at:
ClubIMate . . .
ma_cdlsku1_wwe_10300_143_10100_ship.exe
But I get Page Cannot Be Displayed.
My previous experience with I-Mate, having bought a used JAM, was that I now had to buy a membership and get an ID and Password to get anything.
Does anyone have the file OFF SITE from the club, or does anyone have a password, yada yada?
Barring all that, has anyone built a better ROM than that? Is there a kitchen available for it?
And anyone looking for themes I am selling a collection of mine on eBay and offer to sell 6 for the price of 3 to anyone that references xda-developers . . . I hope you like.
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&rd=1&item=190106886535&ssPageName=STRK:MESE:IT&ih=009
Thanks
I AM BACK!!! Just picked up a JAM myself (thanks MMB) and was lucky to find this, even though it was a generic Worldwide English ROM: http://rapidshare.com/files/54981836/JAM_WWE_11200_128_11210_ship.exe.html
I'm sure you can put together the appropriate Operator CAB files on the FTP.
I am trying to do rom upgrade on my imate jam WWE, to the Qtek 1.03.02 FRE. In the xda3nbftool i write these commands:
xda3nbftool -x ms_.nbf ms_.nba 0x20040522
xda3nbftool -x nk.nbf nk.nba 0x20040521
xda3nbftool -x radio_.nbf radio_.nba 0x20040523
xda3nbftool -sd PM10A -so CDL -sl WWE ms_.nba
xda3nbftool -sd PM10A -so CDL -sl WWE nk.nba
xda3nbftool -sd PM10A -so CDL -sl WWE radio_.nba
xda3nbftool -c -u NK.nba
xda3nbftool -c -u ms_.nba
xda3nbftool -c -u Radio_.nba
xda3nbftool -x ms_.nba ms_.nbf 0x20040522
xda3nbftool -x nk.nba nk.nbf 0x20040521
xda3nbftool -x radio_.nba radio_.nbf 0x20040523
del *.nba
But i still get a error checksum file, or country id error if i change the maupgrade.exe to an old one i have.
Does anybody knows the right commands for an imate to be a QTEK?
:?: :?: :?:
hey,
it is: 5E 4D 31 30 41
just had an idea how to get that xor-passkey...
every *.nbf files begins (when decrypted) with the string 'PM10A' which is, converted into hexadecimal '50 4D 31 30 41' (you can verify that with an hex editor examining an decrypted file (*.nba) . As i read in some article from the internet, an xor-key is symmetrical (ok, not such a big deal ;-) ). That means that you can xor-compare the encrypted part with the decrypted one and get the passkey!
how to do:
(i'll take the imate.zip after executing the change.bat for that since it contains both encrypted and decryted files when you delete the "del *.nba" line at the end of the batch file)
write down the first 8 bytes of the encrpyted file
=> 71 48 35 10 (from nk.nbf)
write down the first 8 bytes of the decrypted file
=> 50 4D 31 30 (from nk.nba)
now take the windows calculator, activate scientific mode and switch to hex, also choose 'word' on the right side
a) enter 7148, press XOR, now enter 504D
b) the result should be 2105
remember, we're looking for an 8 digits key! the result shows the last 4 digits in *inverse* order. so we have (after changing) XX XX 05 21
(XX XX stands for the missing first 4 digits)
c) do steps a) and b) again with the comparison of 3510 with 3130
you'll get 420 as result which is (after adding a leading '0') 04 20
change the digits and get: 20 04 05 21 which is, when you look into the change.bat, exactly the given key for decrypting!!!
======== NOW FOR THE WANTED QTEK/DANGAARD-ROM ========
in the dangaard-contribution the nk-nbf begins with:
"4B 37 43 6E" which you must compare again with
"50 4D 31 30"
do the steps mentioned above and get: 5E 72 7A 1B
=========NEW CHANGE.BAT===================
xda3nbftool -x ms_.nbf ms_.nba 0x5e727a1b
xda3nbftool -x nk.nbf nk.nba 0x5e727a1b
xda3nbftool -x radio_.nbf radio_.nba 0x5e727a1b
xda3nbftool -so T-MOB101 -sl WWE ms_.nba
xda3nbftool -so T-MOB101 -sl WWE nk.nba
xda3nbftool -so T-MOB101 -sl WWE radio_.nba
xda3nbftool -c -u NK.nba
xda3nbftool -c -u ms_.nba
xda3nbftool -c -u Radio_.nba
xda3nbftool -x ms_.nba ms_.nbf 0x5e727a1b
xda3nbftool -x nk.nba nk.nbf 0x5e727a1b
xda3nbftool -x radio_.nba radio_.nbf 0x5e727a1b
============================================
unfortunately the calculation/correction of the checksum in the xda3nbftool doesn't work correctly. We'll need to calculate the new checksum by hand. As it is much too late for me now, i'd like to invite some other folks to support me! Refer to wiki to get the offsets for the checksum.
regards,
André
Good job Andre!!!
Are you sure, that it is simple XOR coded ? Did you check how it works with previous rom (any other)?
I can write small prog for checksum calculating but I have to know how this checksum is calculated.
Regards,
Darek
I do believe they changed the algorithem. Since in the old ROM (IMATE) you could read the password using a hex editor at offset 50.
This is the result using xdatool with -t switch on the qtek ROM.
xda3nbftool -x NK.nbf NK.nba 0x4156cc35
xda3nbftool -x ms_.nbf ms_.nba 0x8e86c6cc
I believe we're not too far away from a solution.
dkot said:
Good job Andre!!!
Are you sure, that it is simple XOR coded ? Did you check how it works with previous rom (any other)?
I can write small prog for checksum calculating but I have to know how this checksum is calculated.
Regards,
Darek
Click to expand...
Click to collapse
yes, it is true
It seems that header is not excatly in same format as it was previous nbf so PM10 might not give accurate key for extracting, nor you can't get any other hint for decoding, like Magician or WWE...
Or the file is encrypted twice....
the thing that astonishes me is the fact that after xor-comparison the provider string of the "decrypted" dangaard-rom is "t-mob101"???
kha said:
It seems that header is not excatly in same format as it was previous nbf so PM10 might not give accurate key for extracting, nor you can't get any other hint for decoding, like Magician or WWE...
Or the file is encrypted twice....
Click to expand...
Click to collapse
where do you see that the header is different? and why wouldnt you take the matching strings like pm10 to get an xor-key?
Hey, good work guys !
Go on
Val.
It is impossible to use old xda3nbftool to decrypt the ROM. Header and encryption methods have changed a bit.
Long time ago I've explained new algos in this post:
http://forum.xda-developers.com/viewtopic.php?t=14877
using this code you can easily decrypt ROM, change operator settings and reflash to a different device.
P.S. you don't need to "get a xor-passkey". It is contained in header in plaintext.
mamaich said:
It is impossible to use old xda3nbftool to decrypt the ROM. Header and encryption methods have changed a bit.
Long time ago I've explained new algos in this post:
http://forum.xda-developers.com/viewtopic.php?t=14877
using this code you can easily decrypt ROM, change operator settings and reflash to a different device.
P.S. you don't need to "get a xor-passkey". It is contained in header in plaintext.
Click to expand...
Click to collapse
Yep, thats true, with your code it shows correct:
PM10A DANGA001 WWE 1.05.00 Magician 0 0 0 e896d943
Hope we got someday updated xda3nbftool...
hi to alll
my friend received this one as a gift. but this one is on italian (which he doesent speak) and he wold like it to be on english. As far a i know he should replace original rom with one on english but none of us knows how to do it. If there is a explanation how to do it please post it. I need a rom files too but heave no idea where to look for them
Yes, I can see your problem..
I wouldn't recommend trying to flash your device..
You are clearly not competent to do this on your own, since you are uable to use the simple SEARCH function of this site..
i heave found reference on how to do it on tmobile device but since i heave not seen that i heave to assume worst case (this is not my device and i do not want to be one who fried it)
that is a reason why i heave posted a question. if you dont like people asking dumb questions try not to give answers that are dumb as well.
simple thing is i need a sure way to do this conversion and that means that need to know which files to download and i need a exact steps to do it.
i repeat i do not want to mess this thing!!
If you remove the casing from a T-Mobile branded one, and a Qtek branded one, there is NO difference between these devices.
Use the same procedure..
It's just like installing a English or Spanish WinXP..
Just use an original ROM, and you are 99.999% safe!
(The 0.001% is the case of lightning striking your house while flashing.)
As for the dumb question:
You are not a registered user, 1st post and your post did not indicate any searching at all..
I actually think this deserves a stupid answer..
I bet 10 out of 7 people didn't see you typo either...
"I wish...."
As for the search, I have tried it but to be honest the results can be quite confusing and widely distributed...I rather ask a question myself...
FAQs qould be nice...
to bonzo
i heave found http://forum.xda-developers.com/viewtopic.php?t=14973 previously but heave no idea how to change files for qtek s100 in italian
im new at all this and making change blindly and without knowing what im doing is not that smart.
do i substitute t-mob101 with pm10a (as it is designated in the device) and how do i make it use a english (or wwe instead of italian)
do i make changes in that bat file like this
xda3nbftool -x ms_.nbf ms_.nba 0x20040522
xda3nbftool -x nk.nbf nk.nba 0x20040521
xda3nbftool -x radio_.nbf radio_.nba 0x20040523
xda3nbftool -so PM10A -sl ITA ms_.nba
xda3nbftool -so PM10A -sl ITA nk.nba
xda3nbftool -so PM10A -sl ITA radio_.nba
xda3nbftool -c -u NK.nba
xda3nbftool -c -u ms_.nba
xda3nbftool -c -u Radio_.nba
xda3nbftool -x ms_.nba ms_.nbf 0x20040522
xda3nbftool -x nk.nba nk.nbf 0x20040521
xda3nbftool -x radio_.nba radio_.nbf 0x20040523
del *.nba
if this is ok what is wil later updates for this device? will i heave to do this with every update or i will be able to use updates from later company (in this case imate)
Alright!
chinadan
I bet 10 out of 7 people didn't see you typo either...
"I wish...."
Click to expand...
Click to collapse
Profile is updated, than you for pointing that out..
As for the search, I have tried it but to be honest the results can be quite confusing and widely distributed...I rather ask a question myself...
Click to expand...
Click to collapse
Yes, by all means..
But why not state that;
This post; link was very confusing.. Could anyone help me do this and that?
If tatamata had given even the slightest hint that he had indeed done some searching before posting (his first post), I would have posted in a completely different manner..
FAQs qould be nice...
Click to expand...
Click to collapse
Yes, FAQs would be nice..
(Let me know if you have the time to write one.. :wink: )
tatamata
Great job searching!
Allthough your post should be placed under the thread you linked to; I will answer you here anyway..
Your bat file won't work..
Your GetDeviceData dump looks like this?
PM10A 0 A ITA E Operatorcode
1.01.00 0 0 1.03.141 1.00.10 ITA
Then your bat should look like this:
xda3nbftool -x ms_.nbf ms_.nba 0x20040522
xda3nbftool -x nk.nbf nk.nba 0x20040521
xda3nbftool -x radio_.nbf radio_.nba 0x20040523
xda3nbftool -so Operatorcode -sl ITA ms_.nba
xda3nbftool -so Operatorcode -sl ITA nk.nba
xda3nbftool -so Operatorcode -sl ITA radio_.nba
xda3nbftool -c -u NK.nba
xda3nbftool -c -u ms_.nba
xda3nbftool -c -u Radio_.nba
xda3nbftool -x ms_.nba ms_.nbf 0x20040522
xda3nbftool -x nk.nba nk.nbf 0x20040521
xda3nbftool -x radio_.nba radio_.nbf 0x20040523
del *.nba
You see, the Operator code isn't really an Operator code..
It's more like a "branding code"..
The Q-tek branding is not tied to a specific operator, but the XDA branding is..
This terminology can be somewhat confusing, but there isn't much we can do about it..
Just look at the "Qtek" as a operator..
Anyway..
It should work out fine..
The good thing is: If it starts the flashing; you are as good as done..
If you have done something wrong; you will get an error before flashing starts..
And I really do understand your concerns!
These are expencive devices and very easy to destroy..
But as long as you use a standard ROM, everything should be fine..
As for your last question: No, you don't have to use this complicated method the next time..
The next time, it's just a simple Win32 exe file..
Good luck!
*thinks*
Gee, I hope this is correct..
With me being such a loudmouth and all..
Well.. If you want to talk the talk, you should walk the walk!
to bonzo
whell first problem is that after i rund gedtevicecode i get only a pm10a in devicedata file
no reference about language or operatorcode
im not sure what to do next. do i leave it open (blank) in bat file or i write qtek . as for language this is italian for sure
No, you need something there..
I read the code for Qtek once, but I don't remember where..
I'll have to do some searching myslef..
hi bonzo
thx for help
i heave extracted device data file and in it there is string DANGA405
could it be a operator ?
i heave attached a file so take a look
if it is so i will try to prepare files but im nervous about doing this conversion since i heave not seen done this before
whell after 2 tries and a lot of nervs i heave finaly flashed it to i-mate
bonzo thx for help
tatamata said:
whell after 2 tries and a lot of nervs i heave finaly flashed it to i-mate
Click to expand...
Click to collapse
How did you change the country ID ?
to taron
i heave used a procedure that i found on forum (there is link in my previous post) and changes to bat file as bonzo has sugested
I CANT sync my XDA II PH10B with activesync after upgrading to Wm2k5 1.65b.96WWE, computer detects it as "Generic INDS (Prototype, Remember to change vendor)
from the steps included in the archive i skipped these steps
1. Extract the decrypted versions of the nbf files
by entering the following commands at the command prompt:
xda2nbftool -x NK.nbf NK.nba 0x20040304
xda2nbftool -x Radio_.nbf Radio_.nba 0x20040306
2. Modify the operator ID in the nbfs to the value you require
by entering the following commands at the command prompt
substituting <operator> with the required value:
xda2nbftool -sd PH10 -so <operator> -sl WWE NK.nba
xda2nbftool -sd PH10 -so <operator> -sl WWE Radio_.nba
3. Update the crc values for each of the decrypted files
by entering the following commands at the command prompt:
xda2nbftool -c -u NK.nba
xda2nbftool -c -u Radio_.nba
4. Encrypt the files back into the nbf files by entering
the following commands at the command prompt:
xda2nbftool -x NK.nba NK.nbf 0x20040304
xda2nbftool -x Radio_.nba Radio_.nbf 0x20040306
coz i dont know the operator, do you think this is the problem?
pls help
try to reinstall activesync on your pc
reinstall worked, greatly appreciated sir TofClock