Related
If you want to revive a dead/bricked device you most follow this guide:
--------------------------------------------------------------------------------------------------------------------
READ THIS FAQ FIRST:
- Q: My device was cid unlocked successfully, but when i tried to flash a new rom (NON SHIPPED ROM), my device has stucked at:
[1] Bootloader screen with a RUU sign at the right top of the srcreen
[2] Smart Mobility or Operator logo screen.
- A: [1] Most of these cases the device shows the RUU text at the right top corner of the screen and you have a chance. Press Reset Button+Camera Button realise Reset button but keep holding camera button, once u get the bootloader window without the RUU text press Reset button again, voilá.
[2] First AVOID to flash any kind of shipped rom, at least you have your original rom (CHECK HERE), put your device in bootloader mode then try to reflash with any DUMPED or COOKED ROM, if does not work may be you device was not unlocked, did you know DEVICE ID and CID ID from your device?, THE ONLY WAY IS FIND YOUR ORIGINAL ROM. So read the guide.
- Q: Is it the same being stuck at the Bootloader screen (Tricolor) and "Smart Mobility" screen?
- A: These are different situations. Keep reading.
- Q:...but my Elf / Elfin it's half dead it turns on and keeps restarting at the "Smart Mobility" or "Operator Logo" screen.
- A: Are you kidding? Try a Hard Reset, if not, 95% sure that it's dead so READ THE GUIDE.
- Q:My device it's stuck @ the bootloader screen.
- A: First AVOID to flash your device again try this first: In most of these cases the device shows the RUU text at the right top corner of the screen and you have a chance. Press Reset Button+Camera Button realise Reset button but keep holding camera button, once u get the bootloader window without the RUU text press Reset button again, voilá. Or Just run MTTY and it's commands till the device restart. Read step (7) from this guide to see how.
- Q: My device won't boot correctly but it's not stuck at Bootloader or Smart Mobility screens.
- A: 1st try a Soft Reset, if not, try removing your SD card then boot, if not, try a Hard Reset, if not, keep reading.
- Q: I don't know how to perform a HARD RESET.
- A: Read this Wiki entry: Elf_Resets
- Q: I been trying USPL but my device stuck at the black screen or penguin screen. WHAT TO DO???
- A: DON'T try to flash a rom at this situation, sometimes you need perform USPL process 3 times to get your device CID UNLOCKED. Just do a soft reset, your device most boot ok, retry USPL process till your device boot by it self. And this is very important, before you test any rom verify that your device it's already CID UNLOCKED, read arround STEP 7 to know how.
- Q:USPL works from bootloder mode?
- A:No, you can't make a CID unlock from Bootloader mode.
- Q:I found a dumped rom that match my Device, how can i revive it with this one?
- A:You can't because is not a certified ROM, and your device has to be CID UNLOCKED first, but that is the reason because your are here, you can't do a USPL process from bootloader mode.
- Q: I been trying a sort of original ROMs but all of them stops at 3% and i get: ERROR [294] : INVALID VENDER ID or ERROR [244] : INVALID MODEL ID
- A: That is beacause those roms don't match your original DEVICE or CID ID. Read the complete guide.
- Q: The ROMUpdateUtility Shows ERROR [270] : IMAGE IS CORRUPTED.
- A: You are trying to flash a non certified rom (dumped rom) into a non cid unlocked device YOU CAN'T DO THAT!!!. Read the guide.
- Q: I did a dump (ROM BACKUP) from my device, could this revive my device?
- A: YES, AND ONLY YES, if your device stay cid unlocked ( g_cKeyCardSecurityLevel = 00 ). If not... READ THE GUIDE.
- Q:My Device and CID id change on every flash action?
- A:No it's always the same, it could not change.
- Q:Is it correct open a new thread for every dead device in this planet?
- A:NOT!, it's not correct!!!, doubts or questions post in this thread.
>>>> Do you have a Q/A for this faq PM me or post it here to add your contribution in this FAQ. <<<<<
--------------------------------------------------------------------------------------------------------------------
I) You can't do nothing if you don't know your device's DEVICE ID and CID ID
Method A:New way to find your Device ID / CID / IMEI / Serial etc. (no more MTTY/SnoopyPro!!) (thx to dsixda) once you get your CID ID and DEVICE ID go STEP 7.
NOTE: THIS METHOD WORKS ONLY IF Activesync it's active
Method B: Step By Step Guide to get your MODEL ID and CID ID from a dead or alive device:
NOTE: THIS METHOD WORKS WITHOUT ActiveSync
1.- My Operating System is:
a) Windows XP--------FOLLOW STEP 3
b) Windows Vista ---- FOLLOW STEP 2
2.- Read and Install driver from here ---- USBAS ----MORE DETAILS---- Could be better if u restart Windows at this point ----Then go STEP 4
3.- Disable “USB CONNECTIONS” from Mobile Device Center
a) Open Microsoft Activesync
b) File
c) Connection Setting
d) Disable “ Allow USB Connections”
e) OK
f) FOLLOW STEP 5
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
4.- Open Windows Mobile Device Center “WMDC”
a) Now navigate into the WMDC (Start>All Programs>Windows Mobile Device Center) and click on the "connection settings" menu icon
b) In the connection settings menu untick "allow USB connections" then press OK.
5.- Turn on your DEVICE in BOOTLOADER MODE then connect your USB cable, USB sign most apper at the left bottom of your screen device.
a) if dont know how to get your device in Bootloader mode visit: Elf_Resets
STEP 6
6.- Download SnoopyPro (USB PORT SNIFFER) Or any other googled USB PORT SNIFFER
a) Unzip to any folder
b) run SnoopyPro.exe
c) Press "Toggle USB Devices button.
d) File-Unpack Drivers
e) File-Install Service
f) Select by right click over any " POCKETPC USB SYNC " and select INSTALL AND RESTART
g) Select by right click over any " WINDOWS MOBILE-BASED DEVICE " and select INSTALL AND RESTART
h) Close " TOGGLE USB DEVICES " Window, and SnoopyPro window.
g) Open one more time SnoopyPro and left the window Open --- follow Step 7
7.- Download and run MTTY.EXE as show in this THREAD
----Recover HTC Touch from tricolors RUU boot-loader (mtty)
a) After you do a success connection to your device run in to your MTTY window the following commands:
NOTE: Don't be lazy, Type the commands if not it will not work.
----------------------------------------------------------------------------------------------------------------
password BsaD5SeoA
ruurun 0
getdevinfo
ResetDevice
----------------------------------------------------------------------------------------------------------------
NOTE: At this point you can check if your device its a CID UNLOCKED Device:
This is the MTTY window:
Cmd>password BsaD5SeoA
Pass.
+ SD Controller init
- SD Controller init
+StorageInit
SDInit+++
SDCmd8 Command response time-out. MMC_STAT = 80
SDCmd8 Command response time-out. MMC_STAT = 80
SDCmd8 Command response time-out. MMC_STAT = 80
SDInit - SD ver1.0
SDCmd1 Command response time-out. MMC_STAT = 80
SDCmd1 Command response time-out. MMC_STAT = 80
SDCmd1 Command response time-out. MMC_STAT = 80
SDInit: ACMD41 wait for power up bit timeout
+ SD Controller init
- SD Controller init
+StorageInit
SDInit+++
SDInit - SD ver2.00
SDCmd1 Command response time-out. MMC_STAT = 80
SDCmd1 Command response time-out. MMC_STAT = 80
SDCmd1 Command response time-out. MMC_STAT = 80
SDCmd55 Card status error in response. MMC_STAT = 4000
SDInit: ACMD41 wait for power up bit timeout
g_cKeyCardSecurityLevel = FF
HTCEType (0x1)(Operation mode flag): cOpModeFlag=(0x0).
Type (0x2)(Back color flag): cBackColorShowFlag=(0x1).
Type (0x5)(Background color value): g_wBColor=(0xC618) (0xC0C0C0).
HTCST
Cmd>ruurun 0
Cmd>ResetDevice
Click to expand...
Click to collapse
Search at your own window the follow line:
g_cKeyCardSecurityLevel
Ok, you got it?? Well...
= FF Means that you have a CID LOCKED Device, you most find your original ROM to revive it. So keep reading step B)
= 00 Means that your device stay CID Unlocked yet, so you can try with almost any kind of rom, i suggest that you try DUMPED or COOKED roms first to revice your device.
If u did:
METHOD A: go to II (Roman number 2)
METHOD B: keep reading
b) Look at your Snoopypro window and if everything comes fine, you will get a LOG window like this:
c) Save that LOG, and then open it with any HEX EDITOR/VIEWER like Tiny Hexer that is free, and serach your DEVICE ID and CID ID that will shows like this window:
In this particular case:
DEVICE ID: ELF010052
CID ID: HTC__001
NOTE: All the results most have 8 (eigth NO MORE, NO LESS) characters if not try again.
II) Once you have your DEVICE and CID ID, you most find a ROM that match both elements, so you can take a look here to find your ROM :
Elf/Elfin Original Roms Model Id & Cid Id List
III)Flash your Device with your Original ROM, and this is your HAPPY ENDING.
Bad Ending...
IV) If you don't find your device, sorry im appologize but at this moment your ROM is not availabe, so keep it googling.
V) Contact your nearest HTC center or your service provider tech center and ask for your warranty (if you have one).
VI) Contact Olipro asking for help, but he has a rate.
VII) Info about Dumped ROMS:
NOTES:
1st: DUMPED ROMS NEEDS CID UNLOCK @ FLASH
2nd: DUMPED ROMS CAN'T REVIVE DEAD DEVICES
Click to expand...
Click to collapse
___
Reserved for more information... stay tunned LOL!
Got the log but couldn't get the info for my elfin
Hi CyZeeK,
i've got a ROM dump. Made it like this:
http://www.modaco.com/content/Daily...ng-the-HTC-Touch-T-Mobile-Wing-PagePool-size/
I was wondering, is it possible to find out what MODEl ID and CID ID it was. I've since flashed a couple of ROMs so i'm not quite sure what
Jura_ZG said:
Hi CyZeeK,
i've got a ROM dump. Made it like this:
http://www.modaco.com/content/Daily...ng-the-HTC-Touch-T-Mobile-Wing-PagePool-size/
I was wondering, is it possible to find out what MODEl ID and CID ID it was. I've since flashed a couple of ROMs so i'm not quite sure what
Click to expand...
Click to collapse
You have to Rebuild your Dump, here you can find that information:
Elf_Howto Dump Rom
I know at this moment that I altered this log when i flashed my elfin. I there another way to get de cid??? I know de device id.
Very usefull information CyZeeK I've added some links to your threads in the wiki in the throubleshooting section!
vippie said:
Very usefull information CyZeeK I've added some links to your threads in the wiki in the throubleshooting section!
Click to expand...
Click to collapse
Thanx!, thats a good idea.
Will this procedure hard reset the phone and delete all data? My Touch is fully working and I only want to find out version numbers without changing anything.
aydc said:
Will this procedure hard reset the phone and delete all data? My Touch is fully working and I only want to find out version numbers without changing anything.
Click to expand...
Click to collapse
No, its completely safe, you can get your info without worries.
Very strange... I did everything as told here. I disabled USB connections, got the tricolor screen, used snoopypro and mtty as described.
However, I get no response from mtty when I write password BsaD5SeoA and press enter. All I get is an empty line. My IPL is 2.20.0002, my SPL is 2.20.0000
What do you think is wrong? Why doesn't mtty work for me?
OK I solved it, you have to write the password by hand, copy and paste doesn't work.
After I retrieved my info, I was stuck in the tricolor bootloader screen.
Don't forget to repeat the commands you give in the mtty program, but type "ruurun 0" instead of "ruurun 1" to get back to normal operation.
My info, for anyone interested:
---
Dutch Unbranded Touch, v1.11.404.1B NLD
ID: ELF01000
CID: HTC__E11
---
Trylon said:
After I retrieved my info, I was stuck in the tricolor bootloader screen.
Don't forget to repeat the commands you give in the mtty program, but type "ruurun 0" instead of "ruurun 1" to get back to normal operation.
My info, for anyone interested:
---
Dutch Unbranded Touch, v1.11.404.1B NLD
ID: ELF01000
CID: HTC__E11
---
Click to expand...
Click to collapse
Fixed, you can get the info if you put:
"ruurun 1" ... then after device restarts @ bootloader mode (RUU) -> mtty -> "ruurun 0"
or straight to "ruruun 0" command once.
BTW, do you have your Original ROM file for share?
Thanx.
CyZeeK said:
g) Select by right click over any " WINDOWS MOBILE-BASED DEVICE " and select INSTALL AND RESTART
h) Close " TOGGLE USB DEVICES " Window, and SnoopyPro window.
g) Open one more time SnoopyPro and left the window Open --- follow Step 7
7.- Download and run MTTY.EXE as show in this THREAD
----Recover HTC Touch from tricolors RUU boot-loader (mtty)
a) After you do a success connection to your device run in to your MTTY window the following commands:
password BsaD5SeoA
ruurun 0
getdevinfo
ResetDevice
b) Look at your Snoopypro window and if everything comes fine, you will get a LOG window like this:
c) Save that LOG, and then open it with any HEX EDITOR/VIEWER like Tiny Hexer that is free, and serach your DEVICE ID and CID ID that will shows like this window:
In this particular case:
DEVICE ID: ELF010052
CID ID: HTC_001
CLICK HERE, AND, PLEASE POST YOUR RESULTS IN THIS THREAD. THANKS IN ADVANCE.
___
Click to expand...
Click to collapse
Hi CyZeeK
I had downloaded SnoopyPro-0.22 and mtty software
All first step done very well. but when I change the Port to USB on dialog box open port setting and choose RTS/CTS then it was showing me message"USB port is not open."
due to this I am unable to do Step#7. and run the command.
as a result unable to get CID and model ID.
please help me.
Cheer's
Sandi
Usb Port Cannot Open
I´m having the same problem as "Saisan" with the Mtty application. It says "USB Port CAN NOT OPEN".
Any ideas?
Brs,
Gustavo Carvalho
Ps. Running Windows Vista 64. Did the driver update procedure and still doesn´t work.
wickednomad said:
I´m having the same problem as "Saisan" with the Mtty application. It says "USB Port CAN NOT OPEN".
Any ideas?
Brs,
Gustavo Carvalho
Ps. Running Windows Vista 64. Did the driver update procedure and still doesn´t work.
Click to expand...
Click to collapse
Have you disable USB Connections @ ur Mobile Device Center Settings?
Yep, did that! I guess the problem was with Vista 64. I installed Windows XP and got all the info correctly !
ELF010050
BSTAR502
Br´s!
May 19th, 2008
With my new and revolutionary tool "FrankenKaiser" you can now finally jailbreak your locked to "Radio from Hell" Kaiser
======================================================
DISCLAIMER: This method involves erasing SPL & OS and requires correct data entry by the user. I will not take any responsibility for any malfunctions and or damages caused by using this method and software.
======================================================
Pay attention: this method will only work on a Kaiser device with radio version 1.65.17.10 (check your radio version in the boot splash screen!)
Note that you can not use copy & paste with MTTY, you must type the data exactly as written in the steps below. If in a step it is said to type a command always type them without the quotes.
Note that during the entire procedure you should uncheck "Allow usb connections" in Activesync.
I have tested the method on my own Kaiser, which was security locked and had original 1.65.17.10 installed. I'm on WinXP btw. GSLEON3 also succesfully unbricked his Kaiser with FrankenKaiser which had radio 1.64.08.21 installed. That should give you some confidence
So read very carefully and apply following instructions:
0) download and unzip the attached files on your PC in a single directory.
It contains all needed to jailbreak or unbrick your device, such as MTTY 1.42, my revolutionary FrankenKaiser program, screenshots to accompany this readme, the appropriate drivers to connect to the radio bootloader ("Drivers MotoQ"), and two softload SPLs (SPL1.56-KAIS-unbricker.nb and sspl-0.92-jumpspl-force-usb.nb)
1) Enter tricolor bootloader and make absolutely sure you have a HardSPL installed (either "olipof" or "1.1.JockyW"). If not you must first install a HardSPL.
2) Connect with MTTY (USB) and type "rtask a" followed by Enter, then type "radata 90000000 1" followed by enter (Note that this is not echoed to screen!!). In some rare cases after "radata 90000000 1" you may see "HTCSUN 0[=(HTCE". When that happens type "radata A0000000 2000"
Close MTTY and replug the USB cable. If you haven't installed them yet, your PC will now prompt you to install three drivers. Do a manual install of the MotoQ drivers. After the drivers are installed look them up in device manager and check which COM port is allocated to "Qualcomm diagnostics interface (COMxx)" => see screenshot "1. device manager search com.JPG" (on my PC it is COM4 but it may be anything else!).
If the driver is connected to COM10 or higher you should reallocate it to a COM port lower than COM10. Go in device manager and rightclick on "qualcomm diagnositcs interface 6000 (com18)". Enter properties -> Port Settings -> Advanced -> Change COM port number to an unused port number below COM10. If you have nothing free below COM10 disable a device which uses a COM and change to that COM port. Reboot your PC afterwards.
3) Remove and reinsert battery and enter tricolor bootloader, and connect with MTTY (USB)
hit enter and when the Cmd> prompt is shown type "task 2a" (this erases SPL, OS and Splash, we used to call that a "hard brick") => see screenshot "2. mtty-tricolor - task 2a.JPG"
After power cycling, the device will now enter the radio bootloader called oemsbl. Utterly the phone will look dead and the display is black, but it is still possible to connect with MTTY using the COM port as found in step 2. I indicate that in the next steps with MTTY (COMn) => see screenshot "3. mtty-com-connect.JPG". Also note that you never have to redo steps 1-3 again.
4) Remove and reinsert battery, switch on and connect with MTTY (COMn). Type "setboot", if you are connected correctly the reply should be "ARM9BootMode:0". If you see nothing check in device manager if the drivers are loaded. If you got the reply to "setboot" you can type "radata 90000000 1" which will put the phone in a special "dload mode". In some rare cases after "radata 90000000 1" you see "HTCSUN 0[=(HTCE" and the phone will not change state to dload mode. When that happens type "radata A0000000 2000" and this time nothing should be returned on screen and the phone changed to dload mode.
Again note that, like in step 2, nothing is echoed to screen!!
Close MTTY.
5) Replug USB cable !!
6) Run FrankenKaiser in a DOS box: FrankenKaiser-V1.9517.exe /dev/com9 SPL1.56-KAIS-unbricker.nb
(note substitute /dev/com9 by the com port indicated by diag driver in device manager, e.g. /dev/com4 on my PC)
You should see:
Code:
=== FrankenKaiser Unbricker for HTC Kaiser (c)2008 by jockyw2001
=== Jailbreaker for the 'Radio from Hell 1.65.17.10'
=== Donations happily accepted, paypal to [email][email protected][/email]
=== ATTENTION: only use this particular version with Kaiser:
=== radio version R1.65.17.10 - oemsbl HTC_BOOT V1.9517
SPL file read
Just be patient while I'm working ...
7e 02 6a d3 7e
Replug USB cable now!
Connect with MTTY and follow instructions !!!
If you don't see "7e 02 6a d3 7e" underneath the line "Just be patient while I'm working ...", you have either not replugged the usb cable, not installed the drivers correctly or type the wrong com port (/dev/comx) in the command line parameters.
=> see screenshot "4. dos box - frankenkaiser.JPG"
7) Run MTTY (COMn) and carefully enter following commands:
echo_on (the reply in MTTY should be "ECHO ON MODE")
setboot 1
=> see screenshot "5. mtty-echo_on setboot 1.JPG"
mb 9de8bc => dump HTC security area
mw 9de8bc 1 31313131 (replaces first half CID by SuperCID "1111")
mw 9de8c0 1 31313131 (replaces second half CID by SuperCID "1111")
mw 9de8e4 1 00000000 (Sets security flag to 0, sec unlocked)
mb 9de8bc => dump HTC security area again and check if CID and security flag are modified in memory
=> see screenshot "6. mtty-mb 9de8bc.JPG"
setinfo
powerdown
=> see screenshot "7. mtty- setinfo - powerdown.JPG"
Close MTTY
At this point your Kaiser is unjailed, security unlocked (and SIM unlocked) and SuperCID Now we need to prepare another run with FrankenKaiser to softload a SPL which will allow us to flash a HardSPL. In principle steps 1-7 need never to be done again.
8a) Unplug usb cable, remove and reinsert battery, replug usb cable and then power on. Connect with MTTY (COMn):
- type "echo_on". (the reply in MTTY should be "ECHO ON MODE". if you see that it means you never have to perform steps 1-7 again. If you don't, something went wrong in steps 1-7 or there is a connectivity problem)
- type "setboot 1" (you should see "ARM9BootMode:1").
- Close MTTY !!
8b) Unplug usb cable, remove and reinsert battery, replug usb cable and then power on. Connect with MTTY (COMn):
- type "echo_on". (you should see "ECHO ON MODE")
- type "dload" to put phone in dload mode.
- Close MTTY !!
9) Replug USB cable and then wait 10 seconds
10) Run FrankenKaiser in a DOS box: FrankenKaiser-V1.9517.exe /dev/com9 SPL1.56-KAIS-unbricker.nb
(note substitute /dev/com9 by the com port indicated by diag driver in device manager).
You should see the lines:
Just be patient while I'm working ...
7e 02 6a d3 7e
FrankenKaiser will prompt you to replug the usb cable. After you have done that you should wait about 10 seconds before proceeding with step 11.
11) Run MTTY (COMn)
- type "echo_on" (you should see "ECHO ON MODE", if not then there is a connectivity issue: close MTTY, unplug usb cable, wait 10 seconds, replug usb cable and repeat step 11.)
- type "setboot 0" (you should see "ARM9BootMode:0")
- type "cego" => tri-color screen should be visible and the reply in MTTY should be "Boot CE manually..." followed on the next line by "Done."
=> see screenshot "8. mtty-setboot 0 - cego.JPG"
If after "cego" you don't see a tri-color bootloader screen, then unplug usb cable and unplug and reinsert battery and try steps 8-11 again.
If still no tri-color screen, then repeat again but this time in step 10 run FrankenKaiser with the other SPL "sspl-0.92-jumpspl-force-usb.nb".
Close MTTY
12) Replug USB cable and flash HardSPL
13) Remove and reinsert battery, enter tricolor bootloader and flash Splash
14) Remove and reinsert battery, enter tricolor bootloader and flash OS
15) Remove and reinsert battery, enter tricolor bootloader and flash Radio
Note: at step 13 it's probably also possible to flash a full ROM update, I prefer to do it bits and pieces.
This I hope shows the power of FrankenKaiser: it manages to unjail, security unlock, SIM unlock and superCID a device which is basically in a bricked state w/o the need to flash a patched radio. Look forward to other FrankenKaiser tools such as a fast SPL loader and radio dumper.
Special versions of FrankenKaiser will be released for the new HTC models Diamond and Raphael and more
Remaining 3 screenshots attached and thumbnailed.
EDIT:
The attached Readme substitutes the one supplied with FrankenKaiser-V1.9517.zip
Might I be the first to say, Job well Done.
Edit:
I do have a question though. My phone is "Security Unlocked" thanks to you. However, I for the life of me cant get SPL1.1 JockyW with AT support flashed to my device no matter what I try. Is it possible to change SPL with this new Krankenkaiser software. Right now I have 1.0.Olipof SPL. Sorry, this might be the wrong thread. Just looking for a solution.
Thanks for the hard work. Seems like a daunting task to get it unlocked, but at least we have a method! Off to try it out!
Thanks again,
J
Wow. Good job man. Congratulations.
Well done brother
Thanks for your epic effort, will try when I get home.
Btw, read through your post twice and am confused with battery removal/reinsertion. First mention is remove and reinsert in same step, then later is reinsert without previous mention of remove. Lastly, reinsert. and again. and again. I'm really paranoid about digging myself a deeper hole...could you please clarify?
thanks for such a awesome tool and for your efforts.
p.s. i already security unlocked myself using ur tools so i fear no radio
P1Tater said:
Might I be the first to say, Job well Done.
Edit:
I do have a question though. My phone is "Security Unlocked" thanks to you. However, I for the life of me cant get SPL1.1 JockyW with AT support flashed to my device no matter what I try. Is it possible to change SPL with this new Krankenkaiser software. Right now I have 1.0.Olipof SPL. Sorry, this might be the wrong thread. Just looking for a solution.
Click to expand...
Click to collapse
if my 2 cents count i had to downgrade to wm6 to get it to work for me ...
haven't tried frankenkaiser so i don't know if that will do the trick.
thesire said:
if my 2 cents count i had to downgrade to wm6 to get it to work for me ...
haven't tried frankenkaiser so i don't know if that will do the trick.
Click to expand...
Click to collapse
I will give it a shot. I'll know more in a few.
well done!
seems like this is the ultimate tool for the Kaiser!
Good job
Many thanks, now i have radio 1.65.14.06
You are a genius!!!
I was really worried about all of the mtty commands, but your instructions were clearly written and easy to follow.
Thank you!
.....
NO MORE RADIO FROM HELL!!!!!!! WHOOOHOOOOO!!!!!!!!
Just to be absolutely sure...
You say 'Only works on Kaiser devices'. Might be a stupid question but having been burned once I make sure before I do anything now.
This WILL work on a Tilt right? Not just a Kaiser?
now I got a windows problem. When trying to manually install these drivers, windows find some random newer drivers on my system that possibly might not be the same drivers as the MotoQ. I think I gotta uninstall these drivers and choose the motoQ drivers. How do I do this?
dwsco said:
You say 'Only works on Kaiser devices'. Might be a stupid question but having been burned once I make sure before I do anything now.
This WILL work on a Tilt right? Not just a Kaiser?
Click to expand...
Click to collapse
Please read the Wiki ... Kaiser is a Tilt!!!
If you dont know this ... do not use this tool!
i get to the CEGO step, and my screen is not coming back on.. i followed instructions.. i had 1.1.JockyW spl on my device prior to flashing..
Code:
C:\FrankenKaiser-V1[1].9517>FrankenKaiser-V1.9517.exe /dev/com5 SPL1.56-KAIS-unbricker.nb
=== FrankenKaiser Unbricker for HTC Kaiser (c)2008 by jockyw2001
=== Jailbreaker for the 'Radio from Hell 1.65.17.10'
=== Donations happily accepted, paypal to [EMAIL="[email protected]"][email protected][/EMAIL]
=== ATTENTION: only use this particular version with Kaiser:
=== radio version R1.65.17.10 - oemsbl HTC_BOOT V1.9517
SPL file read
Just be patient while I'm working ...
7e 02 6a d3 7e
Replug USB cable now!
Connect with MTTY and follow instructions !!!
Code:
C:\FrankenKaiser-V1[1].9517>FrankenKaiser-V1.9517.exe /dev/com5 SPL1.56-KAIS-unbricker.nb
=== FrankenKaiser Unbricker for HTC Kaiser (c)2008 by jockyw2001
=== Jailbreaker for the 'Radio from Hell 1.65.17.10'
=== Donations happily accepted, paypal to [EMAIL="[email protected]"][email protected][/EMAIL]
=== ATTENTION: only use this particular version with Kaiser:
=== radio version R1.65.17.10 - oemsbl HTC_BOOT V1.9517
SPL file read
Just be patient while I'm working ...
Replug USB cable now!
Connect with MTTY and follow instructions !!!
Code:
echo_on
ECHO ON MODE
setboot 0
ARM9BootMode:0
cego
Boot CE manually...
Done.
i can also still communicate via mtty
NetrunnerAT said:
Please read the Wiki ... Kaiser is a Tilt!!!
If you dont know this ... do not use this tool!
Click to expand...
Click to collapse
As I said in my original post. I know a kaiser is a Tilt and visa versa... but I also know that doing something like this process is very device specific. I have read the Wiki and everything else and if you check up on any of my other posts you will know I'm not the kind of person that asks inane or pointless questions. If the devices were IDENTICAL and there were no differences, there wouldn't be a Tilt specific Wiki, and they wouldn't have different names.
I'm not looking for hand holding or walk throughs, just askling a simple question. As you imply by your "if you don't know this, don't use this tool" comment, this is not something to be approached lightly and without full knowledge of the possible repercussions.
I don't believe my question was unreasonable, and I don't believe I'm going to take the type of answer you have provided as a valid one either. What you're saying is similar to saying hey, it's a Ford Mustang so of course you can use any Ford Mustang Cam, and if you don't know that you shouldn't be trying to change the cam... obviously wrong and obviously very unhelpful.
I don't believe verifying a tools proper use is being ignorant... just careful.
'nuf said.
Okay, so I was got as far as the end of step 2, just loaded the drivers (my computer loaded them as the BenQ drivers as well, don’t know what that’s about) and then had a power outage (apparently a bird landed on something it wasn’t supposed to and knocked power out for about 5 minutes, how very Alaska right?) Anyway, now I’m stuck cause the screen remains black. The power comes on and the computer shows the device connecting, but I can’t do anything. So I don’t know how screwed I am or not, but I don’t know where to go from here. So if anyone has the time or desire to help me out I’m online @ scotchua2000 for AIM and [email protected] for MSN, and of course I’ll be monitoring any posting on here. Thanks.
***sucessfully unlocked***
Qualcuno che parla italiano? ho un problema, ho eseguito la procedura ma mi si è bloccato. ora non si accende lo schermo resta la luce verde..... il pc riconosce che è collegato (vede i driver qualcomm).. aiuto...
o2 P863MTTY操作后不开机安装驱动可以连接求救(operation will not boot, install the driver can be conne)
Polaris o2 P863MTTY操作后不开机,安装驱动可以连接求救!!
Polaris o2 P863MTTY operation will not boot, install the driver can be connected for help!!
P863是在MTTY下执行了task 2a出现下面显示后就手机不能开机,也进不了三色屏,用数据线连接到计算机后,有提示找到硬件并且成功安装 驱动!!
P863 is carried out under the MTTY appear task 2a shown below after the phone can not boot, but also could not enter tri-color screen, using data lines to connect to the computer, there are tips to find the hardware and successfully install the driver! !
Enter Radio Image
POWER OFF PMIC VREG_USB : SUCCESS!
C VREG_USB : SUCCESS!
F PMIC VREG_USB : SUCCESS!
R OFF PMIC VREG_USB : SUCCESS!
POWER ON PMIC VREG_USB : SUCCESS!
启动MTTY,执行 setboot 0 和 cego 两条指令,手机不能退出OEMSBL。
Start MTTY, implementation and setboot 0 Cego two commands, the phone can not withdraw from the OEMSBL.
按照此文章方法(In accordance with the methods of this article):http://forum.xda-developers.com/showthread.php?t=393337
到(7) Run MTTY (COMn) and carefully enter following commands:
echo_on (the reply in MTTY should be "ECHO ON MODE")
setboot 1)这一步就进行不下去了!!!希望机可以救活!(This step does not go on to carry out! ! ! Looks can be saved!)
The Franken Kaiser tool is for Kaiser's only and requires that you have a certain radio version installed (1.65.17.10).
It will require changing to run on other devices (even if they are similar) and requires the "Radio from hell" also.
EDIT:
Also, doing a task 2a has probably formatted the entire NAND including the SPL (bootloader). task 2a should "NOT" be run on newer HTC devices.
Thanks
Dave
As my Polaris (o2 P863, HTC P860) how it can be resumed???
I can not accept not completed end-of-life can not be repaired, Vogue can,
Caesar can
So is your polaris stuck in OEMSBL ???I Cant read the thread title .Is your polaris security unlocked ?? might be able to recover if it is ? try set info and see if your secur_flag is 0,0.
Stuck in oemsbl
Hi,
My TC also cannot boot, and I think it's stuck in oemsbl after task 2a.
It is security locked, So it can be fixed?
Thanks
Hi Experts,
Pls help....
i try to root or flash my vodafone 32b magic by the gold card metod because no other way i can, with this guide
http://forum.xda-developers.com/showpost.php?p=4289899
when i come to step
11) Go to QMAT again http://revskills.de/pages/goldcard.html to generate your goldcard (this is free for G1 phone, Thanks to Viper!)
igot PLEASE ENTER VALID CID
i doo exactly by the guide and try four diferent card and nothing
any help is welcome
tanks in advance
sorry for bad english
1. go to http://revskills.de/pages/download.html
2. download QMAT 4.36 ( it works only for 10 mins so be quick).
3. u can used adb to do this or u can use terminal
if adb go to shell
4. type ‘ cat /sys/class/mmc_host/mmc1/mmc1:*/cid ‘ without the quote sign.
5. now open QMAT.exe
6. Click on Cyptoanalysis Tools > Crypto Toolbox
7. Look way below, there is a text box (beside “Reverse String” button. Key in the cid number you’ve got earlier
Click on the “Reverse String” button, the result is reversed…
Example: 532600bd227d9c0347329407514d5402
8. Copy the reversed cid
9. Go to QMAT again http://revskills.de/pages/goldcard.html to generate your goldcard (works for magic as well)
10. Enter your email. For the CID, enter the reversed cid you’ve got earlier. However you need to replace the first 2 characters to 00.
Example: From “532600bd227d9c0347329407514d5402” to “002600bd227d9c0347329407514d5402”
now follow steps 13 to 21
from http://forum.xda-developers.com/showpost.php?p=4289899
several times i'v try exactly as you explane and wen try to generate number got with qmat replacet first
two numbers with 00 i got ENTER VALID CID
thanks
several times i'v try exactly as you explane and wen try to generate number goten by qmat replacet first two numbers with 00 i got ENTER VALID CID
maybe you find help here:
http://theunlockr.com/2010/03/10/how-to-create-a-goldcard/
Hi there! This was my experience with Android:
http://forum.xda-developers.com/showthread.php?t=792004
I had a couple problems when I was with WM. Sleep of death and so on.
Changed SD card and it seemed to be working fine.
Now, I need my phone so switched back to WM.
Install wizard went fine. But now it doesn't boot
Linux Kernel keep saying me "block xxx bad" where xxx is a number (578, 543 and 643).
What can I do?
Pleeease help! =(
Thanks a lot!
hi
same thing nappened on my polaris 200. 2 bad blocks on nand. android works fine. task 28 helps (format nand). is there a solution to skip bad sectors?
ion_plugged said:
same thing nappened on my polaris 200. 2 bad blocks on nand. android works fine. task 28 helps (format nand). is there a solution to skip bad sectors?
Click to expand...
Click to collapse
Android works, too. But it doesn't take too much to hang and start with those force-closes errors.
I did task 29. I don't know if it's the same.
Hi! I was out for exams at University.
Last thing I tried was doing task 2a at MTTY.
I know, BIG BIG mistake. Polaris is dead since then.
I'm living now with a Siemens [email protected] LOL.
Is there any new with this? Is there any procedure I can do to bring it back?
I don't have enough money to send it to service
Seems the polaris gets to an end because of hardware reasons.
i have the first bad block as well.. dont know.. i cant get wifi to work atm i hope its working after wimo flash again.
As far as i know after your 2A the device is dead.
I think repair would be more than buying a new device.
Maby you can try your luck on a wildfire. Here in germany was a action, offering it for 100€ and many people bought more thanh one device to set it on ebay.
Moved of: HTC Polaris: Touch Cruise > Touch Cruise ROM Development
To: HTC Polaris: Touch Cruise > Touch Cruise General
Please put your questions to: Touch Cruise General
dertester123 said:
As far as i know after your 2A the device is dead.
Click to expand...
Click to collapse
There is a patched version of frankenkaiser for the polaris to recover from a task 2a.
dertester123 said:
Seems the polaris gets to an end because of hardware reasons.
i have the first bad block as well.. dont know.. i cant get wifi to work atm i hope its working after wimo flash again.
As far as i know after your 2A the device is dead.
I think repair would be more than buying a new device.
Maby you can try your luck on a wildfire. Here in germany was a action, offering it for 100€ and many people bought more thanh one device to set it on ebay.
Click to expand...
Click to collapse
I read somewhere that bad blocks are common, even if the device is brand new. The point is that it seems there are certain blocks that cause bad functionality if they're damaged. :/
Buying a new phone isn't a solution for me, since I don't have enough money for that.
mmelo76 said:
Moved of: HTC Polaris: Touch Cruise > Touch Cruise ROM Development
To: HTC Polaris: Touch Cruise > Touch Cruise General
Please put your questions to: Touch Cruise General
Click to expand...
Click to collapse
You're right, wrong forum.
Thanks for moving!
meknb said:
There is a patched version of frankenkaiser for the polaris to recover from a task 2a.
Click to expand...
Click to collapse
I tried the patched version made by jpg001. But it gets stuck in
Code:
Just be patient while I'm working ...
7e 4e 7e
I'll give a try again tonight with every FrankenKaiser version possible.
I really need my Polaris back
Those numbers don't look right
Code:
Just be patient while I'm working ...
7e 4e 7e
are the motoq drivers installed ?are using the right port ? don't try another frankenkaiser version as they will flash the kaiser spl which won't work you need a copy of a original spl.nb.
meknb said:
Those numbers don't look right
Code:
Just be patient while I'm working ...
7e 4e 7e
are the motoq drivers installed ?are using the right port ? don't try another frankenkaiser version as they will flash the kaiser spl which won't work you need a copy of a original spl.nb.
Click to expand...
Click to collapse
That happens in step 10.
MotoQ drivers installed works with mtty, QPST and the step 7 of the guide.
I'll try downloading new ones tonight
The drivers seem fine if you can connect with mtty ect.What is your SECU_FLAG "security unlocked" in mtty try setinfo 8,the button combo for 8b is keep your finger on the green send button and the power button,that will boot into oemsbl on a security unlocked polaris.
meknb said:
The drivers seem fine if you can connect with mtty ect.What is your SECU_FLAG "security unlocked" in mtty try setinfo 8,the button combo for 8b is keep your finger on the green send button and the power button,that will boot into oemsbl on a security unlocked polaris.
Click to expand...
Click to collapse
Thanks A LOT for your response.
I'm not at home right now. Tonight I'll post the results, but as far as I remember, every field was blank.
Faulty nand
Well i am here after a task 2a. android and wm wont flash, redio did not change and i formated the nand. i have moto q drivers and i am connected to mtty but i don't have a workuing frakin kaiser for polari (some dll mising and corrupted archives) and i don't have an original spl. from where can i take one?
meknb said:
The drivers seem fine if you can connect with mtty ect.What is your SECU_FLAG "security unlocked" in mtty try setinfo 8,the button combo for 8b is keep your finger on the green send button and the power button,that will boot into oemsbl on a security unlocked polaris.
Click to expand...
Click to collapse
Ok, this is my output:
Code:
SetHTCRegionInfo: block=0, CID=, PID=, IMEI=, SECU_FLAG=0
oemsbl 1
Later I'll screenshot every step. Maybe I'm doing something wrong.
ion_plugged said:
Well i am here after a task 2a. android and wm wont flash, redio did not change and i formated the nand. i have moto q drivers and i am connected to mtty but i don't have a workuing frakin kaiser for polari (some dll mising and corrupted archives) and i don't have an original spl. from where can i take one?
Click to expand...
Click to collapse
Here you are:
CYGWIN1.DLL: http://www.mediafire.com/?l7m92ix5cdknmum
And for SPL, you should extract it by using "NBHEXTRACT" (search this forums for it), and run it with your stock ROM. It will give you the original SPL file.
Regards!
Sorry for double-posting. I'm acting like a total noob. I am.
This is what I did:
Notes:
- I usually get some error after typing the first command.
- CYGWIN1.DLL used is the same as I posted before. Got it from the Internet.
4) Connect MTTY COM4.
Type "setboot".
Type "radata 90000000 1". Nothing is echoed to screen.
Close MTTY.
5) Replug USB cable.
(I called FrankenKaiser.exe as fkaiser, for faster typing)
6) Run FrankenKaiser in a DOS box: fkaiser.exe /dev/com4 SSPL.nb.
Got "7e 02 6a d3 7e"
Replug USB cable.
7) Run MTTY and type:
Code:
echo_on
setboot 1
mb 9debbc
mw 9debbc 1 31313131
mw 9debc0 1 31313131
mw 9debe4 1 00000000
mb 9debbc
(as I did this many many times, nothing is changed).
Code:
setinfo
powerdown
Close MTTY
8a) Unplug usb cable, remove and reinsert battery, replug usb cable.
Connect with MTTY:
Code:
echo_on
setboot 1
Close MTTY.
Uploaded with ImageShack.us
8b) Unplug usb cable, remove and reinsert battery, replug usb cable.
Connect with MTTY:
Code:
echo_on
dload
Close MTTY.
Right before "dload" command, I'm pressing Send (green button) and power button all togheter.
9) Replug USB cable and then wait 10 seconds.
10) Run FrankenKaiser in a DOS box: FKaiser.exe /dev/com4 SSPL2.nb
NOTE: My SSPL2.nb was extracted from HERE (XDA FTP) with NBHExtract.exe.
Get "7e 4e 7e", not "7e 02 6a d3 7e"
11) Replug USB cable, wait 10 seconds.
Run MTTY:
Code:
echo_on
setboot 0
cego
Pressing camera button right before typing "cego".
MTTY doesn't show anything. Typed 3 times "echo_on", and nothing. Tried anyway to proceed, but unsuccessfully .
Here is the link of the extracted SPL from the original ROM, and the extracted SMI.BIN from QPST, if it helps for something.
Original SPL: http://www.mediafire.com/?pt4958k9isw77k2
SMI.BIN: http://www.mediafire.com/?bmupdccl78sicu0
Your phone is security unlocked so you wont need to run the mb mw commands in step 7 again that's just for security unlocking, its just step 10 where it's failing you could try setboot 1 before dload ie
Code:
echo_on
setboot 1
dload
Do you know which radio version you have?
meknb said:
Your phone is security unlocked so you wont need to run the mb mw commands in step 7 again that's just for security unlocking, its just step 10 where it's failing you could try setboot 1 before dload ie
Code:
echo_on
setboot 1
dload
Do you know which radio version you have?
Click to expand...
Click to collapse
Thank you very much for your response.
As MTTY says, my radio version is 1.59.46. It should work with FrankenKaiser.
Maybe the SSPL2.nb I'm using is not the correct one.
I'll try right now
EDIT: I tried with setboot, without doing all the steps, but FrankenKaiser keeps me throwing "7e 4e 7e".
The only other thing i can think of is try booting with the power button and the end key "red one" i cant remember what mode that boots.If you have qpst you can check what mode your phone is in once you find out its in dload mode run frankenkaiser.
The original spl's are all here
meknb said:
The only other thing i can think of is try booting with the power button and the end key "red one" i cant remember what mode that boots.If you have qpst you can check what mode your phone is in once you find out its in dload mode run frankenkaiser.
The original spl's are all here
Click to expand...
Click to collapse
You're right, thanks. I'll check with QPST which mode is my phone in.
By now, I tried the following combinations:
Power + Camera + Send
Power + Camera + End
Camera + Reset press
And still "No phone". I'll let you know any news
EDIT: Tried every combination possible, still nothing.
When i enter "dload", any command written on mtty won't response. And QPST still saying "No Phone".
I know the device is security unlocked because if I write "h" I get this command list:
Code:
For a help screen, use command ? or h
Available monitor commands are:
? [command]
h [command]
mb [StartAddr [Count [Filler]]]
mh [StartAddr [Count [Filler]]]
mw [StartAddr [Count [Filler]]]
setboot [0/1/2/3]
setatcmd [0:SIO/1:UART/2:USB/3:DPRAM]
setsmdloop [0:disable/1:enable]
setmpatch [0x1: CPU Freq/0x2: acoustic/0x4: simdoor/0x8: RTC]
setiot [0:Disable/1:Enable]
eraseall [erase all setting flags]
setdiag [0:USB/1:UART/2:DPRAM/3:SIO]
partition
checksum
format
setinfo
readadc
cego
setgpio
getgpio
gpio
version
powerdown
platformid
radata
showexplog [n]
usbdppulldown [n]
usbdmpulldown [n]
usbdppullup [n]
usbdmpullup [n]
Headsetpullhigh [n]
rfid
wpmic [PM_VREG] [0/1]
Have you checked the port's on qpst under add new port untick show serial and usb/qc diagnostic ports.I've just checked on mine if i power on with my finger on the end key it say *download* in qpst.