Related
hi all,
this was my first try to update my SP5 to WM6.
i did the following.
1. APP unlock
2. set SuperCID
3. got in to the boot menu, check if HTCSSuperCID is there
md>info 2
GetDeviceInfo=0x00000002
+ SD Controller init
- SD Controller init
+StorageInit
***** user area size = 0x3BA00000 Bytes
HTCSSuperCID ' HTCE
4. then did the format
Cmd>format BINFS
Format BinFS partition.
Format is completed!!
5. then i set the ActiveSync to use USB, turn off the SP5 and back on gain
now the issue is it only goes to the boot menu so it never get detected by activesync.
any ida why ?
hi,
well, i got around that since this will not get detected by the activesync; you need to run the WM6GSMUpdate & press hold the power and camera button for the updated detect the phone.
thanks all.
great job !
kalinga said:
hi all,
this was my first try to update my SP5 to WM6.
i did the following.
1. APP unlock
2. set SuperCID
3. got in to the boot menu, check if HTCSSuperCID is there
md>info 2
GetDeviceInfo=0x00000002
+ SD Controller init
- SD Controller init
+StorageInit
***** user area size = 0x3BA00000 Bytes
HTCSSuperCID ' HTCE
4. then did the format
Cmd>format BINFS
Format BinFS partition.
Format is completed!!
5. then i set the ActiveSync to use USB, turn off the SP5 and back on gain
now the issue is it only goes to the boot menu so it never get detected by activesync.
any ida why ?
Click to expand...
Click to collapse
after format binfs, reboot, it will always go back to bootloader menu. thats normal. what you need to do is that now you need to run the ROM Update Utlilty included in the WM6 ROM you have downloaded while the sync cable is attached to your device.
don't worry everything will be fine after that.
After Format BINFS it is needed it was to enter a command ResetDevice
After that as a telephone again will enter in Boot, it is needed to start sewing! And only after sewing it is possible in tuning of Aktiv Sink to include connecting on USB!
Hi,
yes i got to know that after playing with it for some time, i did the update and its working fine, let me say that the GSM radio update must done some thing good since i get good reception where i didn't get much
also keep in mind that SP5 dont allow the APP unlock to run unless you do some changes in the registry.
_http://wiki.spv-developers.com/index.php/HTC_Application_Unlock_Guide
hello
i have motrola mpx200 dead any one help how to flash this phon
It is not a Tornado, we cant help you
Stuck on ResetDevice
After the format I type in ResetDevice and it hangs there. No cmd> returns and switching off or on while holding the camera key has no effect.
I cannot get the SP5m to connect to avtivesync program at all.
Have I knackered the phone?
Andy
Well I'll be buggered. Thinking the worst I restarted my computer and thought I'd give it one last try. Even though activesync still maintained it had no connection I tried the updates as per instructions and now have a fully updated mobile phone. Just trying it out, and hoping I'm not being ungrateful, is there an UK English language available.
switch off da phond. run da rom update. when it says finding phone. switch da phone back on.
I did it then my windows can not install device.. then my phone was dead... now I need a jtag adapter but I haven't it...
May 19th, 2008
With my new and revolutionary tool "FrankenKaiser" you can now finally jailbreak your locked to "Radio from Hell" Kaiser
======================================================
DISCLAIMER: This method involves erasing SPL & OS and requires correct data entry by the user. I will not take any responsibility for any malfunctions and or damages caused by using this method and software.
======================================================
Pay attention: this method will only work on a Kaiser device with radio version 1.65.17.10 (check your radio version in the boot splash screen!)
Note that you can not use copy & paste with MTTY, you must type the data exactly as written in the steps below. If in a step it is said to type a command always type them without the quotes.
Note that during the entire procedure you should uncheck "Allow usb connections" in Activesync.
I have tested the method on my own Kaiser, which was security locked and had original 1.65.17.10 installed. I'm on WinXP btw. GSLEON3 also succesfully unbricked his Kaiser with FrankenKaiser which had radio 1.64.08.21 installed. That should give you some confidence
So read very carefully and apply following instructions:
0) download and unzip the attached files on your PC in a single directory.
It contains all needed to jailbreak or unbrick your device, such as MTTY 1.42, my revolutionary FrankenKaiser program, screenshots to accompany this readme, the appropriate drivers to connect to the radio bootloader ("Drivers MotoQ"), and two softload SPLs (SPL1.56-KAIS-unbricker.nb and sspl-0.92-jumpspl-force-usb.nb)
1) Enter tricolor bootloader and make absolutely sure you have a HardSPL installed (either "olipof" or "1.1.JockyW"). If not you must first install a HardSPL.
2) Connect with MTTY (USB) and type "rtask a" followed by Enter, then type "radata 90000000 1" followed by enter (Note that this is not echoed to screen!!). In some rare cases after "radata 90000000 1" you may see "HTCSUN 0[=(HTCE". When that happens type "radata A0000000 2000"
Close MTTY and replug the USB cable. If you haven't installed them yet, your PC will now prompt you to install three drivers. Do a manual install of the MotoQ drivers. After the drivers are installed look them up in device manager and check which COM port is allocated to "Qualcomm diagnostics interface (COMxx)" => see screenshot "1. device manager search com.JPG" (on my PC it is COM4 but it may be anything else!).
If the driver is connected to COM10 or higher you should reallocate it to a COM port lower than COM10. Go in device manager and rightclick on "qualcomm diagnositcs interface 6000 (com18)". Enter properties -> Port Settings -> Advanced -> Change COM port number to an unused port number below COM10. If you have nothing free below COM10 disable a device which uses a COM and change to that COM port. Reboot your PC afterwards.
3) Remove and reinsert battery and enter tricolor bootloader, and connect with MTTY (USB)
hit enter and when the Cmd> prompt is shown type "task 2a" (this erases SPL, OS and Splash, we used to call that a "hard brick") => see screenshot "2. mtty-tricolor - task 2a.JPG"
After power cycling, the device will now enter the radio bootloader called oemsbl. Utterly the phone will look dead and the display is black, but it is still possible to connect with MTTY using the COM port as found in step 2. I indicate that in the next steps with MTTY (COMn) => see screenshot "3. mtty-com-connect.JPG". Also note that you never have to redo steps 1-3 again.
4) Remove and reinsert battery, switch on and connect with MTTY (COMn). Type "setboot", if you are connected correctly the reply should be "ARM9BootMode:0". If you see nothing check in device manager if the drivers are loaded. If you got the reply to "setboot" you can type "radata 90000000 1" which will put the phone in a special "dload mode". In some rare cases after "radata 90000000 1" you see "HTCSUN 0[=(HTCE" and the phone will not change state to dload mode. When that happens type "radata A0000000 2000" and this time nothing should be returned on screen and the phone changed to dload mode.
Again note that, like in step 2, nothing is echoed to screen!!
Close MTTY.
5) Replug USB cable !!
6) Run FrankenKaiser in a DOS box: FrankenKaiser-V1.9517.exe /dev/com9 SPL1.56-KAIS-unbricker.nb
(note substitute /dev/com9 by the com port indicated by diag driver in device manager, e.g. /dev/com4 on my PC)
You should see:
Code:
=== FrankenKaiser Unbricker for HTC Kaiser (c)2008 by jockyw2001
=== Jailbreaker for the 'Radio from Hell 1.65.17.10'
=== Donations happily accepted, paypal to [email][email protected][/email]
=== ATTENTION: only use this particular version with Kaiser:
=== radio version R1.65.17.10 - oemsbl HTC_BOOT V1.9517
SPL file read
Just be patient while I'm working ...
7e 02 6a d3 7e
Replug USB cable now!
Connect with MTTY and follow instructions !!!
If you don't see "7e 02 6a d3 7e" underneath the line "Just be patient while I'm working ...", you have either not replugged the usb cable, not installed the drivers correctly or type the wrong com port (/dev/comx) in the command line parameters.
=> see screenshot "4. dos box - frankenkaiser.JPG"
7) Run MTTY (COMn) and carefully enter following commands:
echo_on (the reply in MTTY should be "ECHO ON MODE")
setboot 1
=> see screenshot "5. mtty-echo_on setboot 1.JPG"
mb 9de8bc => dump HTC security area
mw 9de8bc 1 31313131 (replaces first half CID by SuperCID "1111")
mw 9de8c0 1 31313131 (replaces second half CID by SuperCID "1111")
mw 9de8e4 1 00000000 (Sets security flag to 0, sec unlocked)
mb 9de8bc => dump HTC security area again and check if CID and security flag are modified in memory
=> see screenshot "6. mtty-mb 9de8bc.JPG"
setinfo
powerdown
=> see screenshot "7. mtty- setinfo - powerdown.JPG"
Close MTTY
At this point your Kaiser is unjailed, security unlocked (and SIM unlocked) and SuperCID Now we need to prepare another run with FrankenKaiser to softload a SPL which will allow us to flash a HardSPL. In principle steps 1-7 need never to be done again.
8a) Unplug usb cable, remove and reinsert battery, replug usb cable and then power on. Connect with MTTY (COMn):
- type "echo_on". (the reply in MTTY should be "ECHO ON MODE". if you see that it means you never have to perform steps 1-7 again. If you don't, something went wrong in steps 1-7 or there is a connectivity problem)
- type "setboot 1" (you should see "ARM9BootMode:1").
- Close MTTY !!
8b) Unplug usb cable, remove and reinsert battery, replug usb cable and then power on. Connect with MTTY (COMn):
- type "echo_on". (you should see "ECHO ON MODE")
- type "dload" to put phone in dload mode.
- Close MTTY !!
9) Replug USB cable and then wait 10 seconds
10) Run FrankenKaiser in a DOS box: FrankenKaiser-V1.9517.exe /dev/com9 SPL1.56-KAIS-unbricker.nb
(note substitute /dev/com9 by the com port indicated by diag driver in device manager).
You should see the lines:
Just be patient while I'm working ...
7e 02 6a d3 7e
FrankenKaiser will prompt you to replug the usb cable. After you have done that you should wait about 10 seconds before proceeding with step 11.
11) Run MTTY (COMn)
- type "echo_on" (you should see "ECHO ON MODE", if not then there is a connectivity issue: close MTTY, unplug usb cable, wait 10 seconds, replug usb cable and repeat step 11.)
- type "setboot 0" (you should see "ARM9BootMode:0")
- type "cego" => tri-color screen should be visible and the reply in MTTY should be "Boot CE manually..." followed on the next line by "Done."
=> see screenshot "8. mtty-setboot 0 - cego.JPG"
If after "cego" you don't see a tri-color bootloader screen, then unplug usb cable and unplug and reinsert battery and try steps 8-11 again.
If still no tri-color screen, then repeat again but this time in step 10 run FrankenKaiser with the other SPL "sspl-0.92-jumpspl-force-usb.nb".
Close MTTY
12) Replug USB cable and flash HardSPL
13) Remove and reinsert battery, enter tricolor bootloader and flash Splash
14) Remove and reinsert battery, enter tricolor bootloader and flash OS
15) Remove and reinsert battery, enter tricolor bootloader and flash Radio
Note: at step 13 it's probably also possible to flash a full ROM update, I prefer to do it bits and pieces.
This I hope shows the power of FrankenKaiser: it manages to unjail, security unlock, SIM unlock and superCID a device which is basically in a bricked state w/o the need to flash a patched radio. Look forward to other FrankenKaiser tools such as a fast SPL loader and radio dumper.
Special versions of FrankenKaiser will be released for the new HTC models Diamond and Raphael and more
Remaining 3 screenshots attached and thumbnailed.
EDIT:
The attached Readme substitutes the one supplied with FrankenKaiser-V1.9517.zip
Might I be the first to say, Job well Done.
Edit:
I do have a question though. My phone is "Security Unlocked" thanks to you. However, I for the life of me cant get SPL1.1 JockyW with AT support flashed to my device no matter what I try. Is it possible to change SPL with this new Krankenkaiser software. Right now I have 1.0.Olipof SPL. Sorry, this might be the wrong thread. Just looking for a solution.
Thanks for the hard work. Seems like a daunting task to get it unlocked, but at least we have a method! Off to try it out!
Thanks again,
J
Wow. Good job man. Congratulations.
Well done brother
Thanks for your epic effort, will try when I get home.
Btw, read through your post twice and am confused with battery removal/reinsertion. First mention is remove and reinsert in same step, then later is reinsert without previous mention of remove. Lastly, reinsert. and again. and again. I'm really paranoid about digging myself a deeper hole...could you please clarify?
thanks for such a awesome tool and for your efforts.
p.s. i already security unlocked myself using ur tools so i fear no radio
P1Tater said:
Might I be the first to say, Job well Done.
Edit:
I do have a question though. My phone is "Security Unlocked" thanks to you. However, I for the life of me cant get SPL1.1 JockyW with AT support flashed to my device no matter what I try. Is it possible to change SPL with this new Krankenkaiser software. Right now I have 1.0.Olipof SPL. Sorry, this might be the wrong thread. Just looking for a solution.
Click to expand...
Click to collapse
if my 2 cents count i had to downgrade to wm6 to get it to work for me ...
haven't tried frankenkaiser so i don't know if that will do the trick.
thesire said:
if my 2 cents count i had to downgrade to wm6 to get it to work for me ...
haven't tried frankenkaiser so i don't know if that will do the trick.
Click to expand...
Click to collapse
I will give it a shot. I'll know more in a few.
well done!
seems like this is the ultimate tool for the Kaiser!
Good job
Many thanks, now i have radio 1.65.14.06
You are a genius!!!
I was really worried about all of the mtty commands, but your instructions were clearly written and easy to follow.
Thank you!
.....
NO MORE RADIO FROM HELL!!!!!!! WHOOOHOOOOO!!!!!!!!
Just to be absolutely sure...
You say 'Only works on Kaiser devices'. Might be a stupid question but having been burned once I make sure before I do anything now.
This WILL work on a Tilt right? Not just a Kaiser?
now I got a windows problem. When trying to manually install these drivers, windows find some random newer drivers on my system that possibly might not be the same drivers as the MotoQ. I think I gotta uninstall these drivers and choose the motoQ drivers. How do I do this?
dwsco said:
You say 'Only works on Kaiser devices'. Might be a stupid question but having been burned once I make sure before I do anything now.
This WILL work on a Tilt right? Not just a Kaiser?
Click to expand...
Click to collapse
Please read the Wiki ... Kaiser is a Tilt!!!
If you dont know this ... do not use this tool!
i get to the CEGO step, and my screen is not coming back on.. i followed instructions.. i had 1.1.JockyW spl on my device prior to flashing..
Code:
C:\FrankenKaiser-V1[1].9517>FrankenKaiser-V1.9517.exe /dev/com5 SPL1.56-KAIS-unbricker.nb
=== FrankenKaiser Unbricker for HTC Kaiser (c)2008 by jockyw2001
=== Jailbreaker for the 'Radio from Hell 1.65.17.10'
=== Donations happily accepted, paypal to [EMAIL="[email protected]"][email protected][/EMAIL]
=== ATTENTION: only use this particular version with Kaiser:
=== radio version R1.65.17.10 - oemsbl HTC_BOOT V1.9517
SPL file read
Just be patient while I'm working ...
7e 02 6a d3 7e
Replug USB cable now!
Connect with MTTY and follow instructions !!!
Code:
C:\FrankenKaiser-V1[1].9517>FrankenKaiser-V1.9517.exe /dev/com5 SPL1.56-KAIS-unbricker.nb
=== FrankenKaiser Unbricker for HTC Kaiser (c)2008 by jockyw2001
=== Jailbreaker for the 'Radio from Hell 1.65.17.10'
=== Donations happily accepted, paypal to [EMAIL="[email protected]"][email protected][/EMAIL]
=== ATTENTION: only use this particular version with Kaiser:
=== radio version R1.65.17.10 - oemsbl HTC_BOOT V1.9517
SPL file read
Just be patient while I'm working ...
Replug USB cable now!
Connect with MTTY and follow instructions !!!
Code:
echo_on
ECHO ON MODE
setboot 0
ARM9BootMode:0
cego
Boot CE manually...
Done.
i can also still communicate via mtty
NetrunnerAT said:
Please read the Wiki ... Kaiser is a Tilt!!!
If you dont know this ... do not use this tool!
Click to expand...
Click to collapse
As I said in my original post. I know a kaiser is a Tilt and visa versa... but I also know that doing something like this process is very device specific. I have read the Wiki and everything else and if you check up on any of my other posts you will know I'm not the kind of person that asks inane or pointless questions. If the devices were IDENTICAL and there were no differences, there wouldn't be a Tilt specific Wiki, and they wouldn't have different names.
I'm not looking for hand holding or walk throughs, just askling a simple question. As you imply by your "if you don't know this, don't use this tool" comment, this is not something to be approached lightly and without full knowledge of the possible repercussions.
I don't believe my question was unreasonable, and I don't believe I'm going to take the type of answer you have provided as a valid one either. What you're saying is similar to saying hey, it's a Ford Mustang so of course you can use any Ford Mustang Cam, and if you don't know that you shouldn't be trying to change the cam... obviously wrong and obviously very unhelpful.
I don't believe verifying a tools proper use is being ignorant... just careful.
'nuf said.
Okay, so I was got as far as the end of step 2, just loaded the drivers (my computer loaded them as the BenQ drivers as well, don’t know what that’s about) and then had a power outage (apparently a bird landed on something it wasn’t supposed to and knocked power out for about 5 minutes, how very Alaska right?) Anyway, now I’m stuck cause the screen remains black. The power comes on and the computer shows the device connecting, but I can’t do anything. So I don’t know how screwed I am or not, but I don’t know where to go from here. So if anyone has the time or desire to help me out I’m online @ scotchua2000 for AIM and [email protected] for MSN, and of course I’ll be monitoring any posting on here. Thanks.
***sucessfully unlocked***
Qualcuno che parla italiano? ho un problema, ho eseguito la procedura ma mi si è bloccato. ora non si accende lo schermo resta la luce verde..... il pc riconosce che è collegato (vede i driver qualcomm).. aiuto...
o2 P863MTTY操作后不开机安装驱动可以连接求救(operation will not boot, install the driver can be conne)
Polaris o2 P863MTTY操作后不开机,安装驱动可以连接求救!!
Polaris o2 P863MTTY operation will not boot, install the driver can be connected for help!!
P863是在MTTY下执行了task 2a出现下面显示后就手机不能开机,也进不了三色屏,用数据线连接到计算机后,有提示找到硬件并且成功安装 驱动!!
P863 is carried out under the MTTY appear task 2a shown below after the phone can not boot, but also could not enter tri-color screen, using data lines to connect to the computer, there are tips to find the hardware and successfully install the driver! !
Enter Radio Image
POWER OFF PMIC VREG_USB : SUCCESS!
C VREG_USB : SUCCESS!
F PMIC VREG_USB : SUCCESS!
R OFF PMIC VREG_USB : SUCCESS!
POWER ON PMIC VREG_USB : SUCCESS!
启动MTTY,执行 setboot 0 和 cego 两条指令,手机不能退出OEMSBL。
Start MTTY, implementation and setboot 0 Cego two commands, the phone can not withdraw from the OEMSBL.
按照此文章方法(In accordance with the methods of this article):http://forum.xda-developers.com/showthread.php?t=393337
到(7) Run MTTY (COMn) and carefully enter following commands:
echo_on (the reply in MTTY should be "ECHO ON MODE")
setboot 1)这一步就进行不下去了!!!希望机可以救活!(This step does not go on to carry out! ! ! Looks can be saved!)
The Franken Kaiser tool is for Kaiser's only and requires that you have a certain radio version installed (1.65.17.10).
It will require changing to run on other devices (even if they are similar) and requires the "Radio from hell" also.
EDIT:
Also, doing a task 2a has probably formatted the entire NAND including the SPL (bootloader). task 2a should "NOT" be run on newer HTC devices.
Thanks
Dave
As my Polaris (o2 P863, HTC P860) how it can be resumed???
I can not accept not completed end-of-life can not be repaired, Vogue can,
Caesar can
So is your polaris stuck in OEMSBL ???I Cant read the thread title .Is your polaris security unlocked ?? might be able to recover if it is ? try set info and see if your secur_flag is 0,0.
Stuck in oemsbl
Hi,
My TC also cannot boot, and I think it's stuck in oemsbl after task 2a.
It is security locked, So it can be fixed?
Thanks
Hi Experts,
Pls help....
Hi there! This was my experience with Android:
http://forum.xda-developers.com/showthread.php?t=792004
I had a couple problems when I was with WM. Sleep of death and so on.
Changed SD card and it seemed to be working fine.
Now, I need my phone so switched back to WM.
Install wizard went fine. But now it doesn't boot
Linux Kernel keep saying me "block xxx bad" where xxx is a number (578, 543 and 643).
What can I do?
Pleeease help! =(
Thanks a lot!
hi
same thing nappened on my polaris 200. 2 bad blocks on nand. android works fine. task 28 helps (format nand). is there a solution to skip bad sectors?
ion_plugged said:
same thing nappened on my polaris 200. 2 bad blocks on nand. android works fine. task 28 helps (format nand). is there a solution to skip bad sectors?
Click to expand...
Click to collapse
Android works, too. But it doesn't take too much to hang and start with those force-closes errors.
I did task 29. I don't know if it's the same.
Hi! I was out for exams at University.
Last thing I tried was doing task 2a at MTTY.
I know, BIG BIG mistake. Polaris is dead since then.
I'm living now with a Siemens [email protected] LOL.
Is there any new with this? Is there any procedure I can do to bring it back?
I don't have enough money to send it to service
Seems the polaris gets to an end because of hardware reasons.
i have the first bad block as well.. dont know.. i cant get wifi to work atm i hope its working after wimo flash again.
As far as i know after your 2A the device is dead.
I think repair would be more than buying a new device.
Maby you can try your luck on a wildfire. Here in germany was a action, offering it for 100€ and many people bought more thanh one device to set it on ebay.
Moved of: HTC Polaris: Touch Cruise > Touch Cruise ROM Development
To: HTC Polaris: Touch Cruise > Touch Cruise General
Please put your questions to: Touch Cruise General
dertester123 said:
As far as i know after your 2A the device is dead.
Click to expand...
Click to collapse
There is a patched version of frankenkaiser for the polaris to recover from a task 2a.
dertester123 said:
Seems the polaris gets to an end because of hardware reasons.
i have the first bad block as well.. dont know.. i cant get wifi to work atm i hope its working after wimo flash again.
As far as i know after your 2A the device is dead.
I think repair would be more than buying a new device.
Maby you can try your luck on a wildfire. Here in germany was a action, offering it for 100€ and many people bought more thanh one device to set it on ebay.
Click to expand...
Click to collapse
I read somewhere that bad blocks are common, even if the device is brand new. The point is that it seems there are certain blocks that cause bad functionality if they're damaged. :/
Buying a new phone isn't a solution for me, since I don't have enough money for that.
mmelo76 said:
Moved of: HTC Polaris: Touch Cruise > Touch Cruise ROM Development
To: HTC Polaris: Touch Cruise > Touch Cruise General
Please put your questions to: Touch Cruise General
Click to expand...
Click to collapse
You're right, wrong forum.
Thanks for moving!
meknb said:
There is a patched version of frankenkaiser for the polaris to recover from a task 2a.
Click to expand...
Click to collapse
I tried the patched version made by jpg001. But it gets stuck in
Code:
Just be patient while I'm working ...
7e 4e 7e
I'll give a try again tonight with every FrankenKaiser version possible.
I really need my Polaris back
Those numbers don't look right
Code:
Just be patient while I'm working ...
7e 4e 7e
are the motoq drivers installed ?are using the right port ? don't try another frankenkaiser version as they will flash the kaiser spl which won't work you need a copy of a original spl.nb.
meknb said:
Those numbers don't look right
Code:
Just be patient while I'm working ...
7e 4e 7e
are the motoq drivers installed ?are using the right port ? don't try another frankenkaiser version as they will flash the kaiser spl which won't work you need a copy of a original spl.nb.
Click to expand...
Click to collapse
That happens in step 10.
MotoQ drivers installed works with mtty, QPST and the step 7 of the guide.
I'll try downloading new ones tonight
The drivers seem fine if you can connect with mtty ect.What is your SECU_FLAG "security unlocked" in mtty try setinfo 8,the button combo for 8b is keep your finger on the green send button and the power button,that will boot into oemsbl on a security unlocked polaris.
meknb said:
The drivers seem fine if you can connect with mtty ect.What is your SECU_FLAG "security unlocked" in mtty try setinfo 8,the button combo for 8b is keep your finger on the green send button and the power button,that will boot into oemsbl on a security unlocked polaris.
Click to expand...
Click to collapse
Thanks A LOT for your response.
I'm not at home right now. Tonight I'll post the results, but as far as I remember, every field was blank.
Faulty nand
Well i am here after a task 2a. android and wm wont flash, redio did not change and i formated the nand. i have moto q drivers and i am connected to mtty but i don't have a workuing frakin kaiser for polari (some dll mising and corrupted archives) and i don't have an original spl. from where can i take one?
meknb said:
The drivers seem fine if you can connect with mtty ect.What is your SECU_FLAG "security unlocked" in mtty try setinfo 8,the button combo for 8b is keep your finger on the green send button and the power button,that will boot into oemsbl on a security unlocked polaris.
Click to expand...
Click to collapse
Ok, this is my output:
Code:
SetHTCRegionInfo: block=0, CID=, PID=, IMEI=, SECU_FLAG=0
oemsbl 1
Later I'll screenshot every step. Maybe I'm doing something wrong.
ion_plugged said:
Well i am here after a task 2a. android and wm wont flash, redio did not change and i formated the nand. i have moto q drivers and i am connected to mtty but i don't have a workuing frakin kaiser for polari (some dll mising and corrupted archives) and i don't have an original spl. from where can i take one?
Click to expand...
Click to collapse
Here you are:
CYGWIN1.DLL: http://www.mediafire.com/?l7m92ix5cdknmum
And for SPL, you should extract it by using "NBHEXTRACT" (search this forums for it), and run it with your stock ROM. It will give you the original SPL file.
Regards!
Sorry for double-posting. I'm acting like a total noob. I am.
This is what I did:
Notes:
- I usually get some error after typing the first command.
- CYGWIN1.DLL used is the same as I posted before. Got it from the Internet.
4) Connect MTTY COM4.
Type "setboot".
Type "radata 90000000 1". Nothing is echoed to screen.
Close MTTY.
5) Replug USB cable.
(I called FrankenKaiser.exe as fkaiser, for faster typing)
6) Run FrankenKaiser in a DOS box: fkaiser.exe /dev/com4 SSPL.nb.
Got "7e 02 6a d3 7e"
Replug USB cable.
7) Run MTTY and type:
Code:
echo_on
setboot 1
mb 9debbc
mw 9debbc 1 31313131
mw 9debc0 1 31313131
mw 9debe4 1 00000000
mb 9debbc
(as I did this many many times, nothing is changed).
Code:
setinfo
powerdown
Close MTTY
8a) Unplug usb cable, remove and reinsert battery, replug usb cable.
Connect with MTTY:
Code:
echo_on
setboot 1
Close MTTY.
Uploaded with ImageShack.us
8b) Unplug usb cable, remove and reinsert battery, replug usb cable.
Connect with MTTY:
Code:
echo_on
dload
Close MTTY.
Right before "dload" command, I'm pressing Send (green button) and power button all togheter.
9) Replug USB cable and then wait 10 seconds.
10) Run FrankenKaiser in a DOS box: FKaiser.exe /dev/com4 SSPL2.nb
NOTE: My SSPL2.nb was extracted from HERE (XDA FTP) with NBHExtract.exe.
Get "7e 4e 7e", not "7e 02 6a d3 7e"
11) Replug USB cable, wait 10 seconds.
Run MTTY:
Code:
echo_on
setboot 0
cego
Pressing camera button right before typing "cego".
MTTY doesn't show anything. Typed 3 times "echo_on", and nothing. Tried anyway to proceed, but unsuccessfully .
Here is the link of the extracted SPL from the original ROM, and the extracted SMI.BIN from QPST, if it helps for something.
Original SPL: http://www.mediafire.com/?pt4958k9isw77k2
SMI.BIN: http://www.mediafire.com/?bmupdccl78sicu0
Your phone is security unlocked so you wont need to run the mb mw commands in step 7 again that's just for security unlocking, its just step 10 where it's failing you could try setboot 1 before dload ie
Code:
echo_on
setboot 1
dload
Do you know which radio version you have?
meknb said:
Your phone is security unlocked so you wont need to run the mb mw commands in step 7 again that's just for security unlocking, its just step 10 where it's failing you could try setboot 1 before dload ie
Code:
echo_on
setboot 1
dload
Do you know which radio version you have?
Click to expand...
Click to collapse
Thank you very much for your response.
As MTTY says, my radio version is 1.59.46. It should work with FrankenKaiser.
Maybe the SSPL2.nb I'm using is not the correct one.
I'll try right now
EDIT: I tried with setboot, without doing all the steps, but FrankenKaiser keeps me throwing "7e 4e 7e".
The only other thing i can think of is try booting with the power button and the end key "red one" i cant remember what mode that boots.If you have qpst you can check what mode your phone is in once you find out its in dload mode run frankenkaiser.
The original spl's are all here
meknb said:
The only other thing i can think of is try booting with the power button and the end key "red one" i cant remember what mode that boots.If you have qpst you can check what mode your phone is in once you find out its in dload mode run frankenkaiser.
The original spl's are all here
Click to expand...
Click to collapse
You're right, thanks. I'll check with QPST which mode is my phone in.
By now, I tried the following combinations:
Power + Camera + Send
Power + Camera + End
Camera + Reset press
And still "No phone". I'll let you know any news
EDIT: Tried every combination possible, still nothing.
When i enter "dload", any command written on mtty won't response. And QPST still saying "No Phone".
I know the device is security unlocked because if I write "h" I get this command list:
Code:
For a help screen, use command ? or h
Available monitor commands are:
? [command]
h [command]
mb [StartAddr [Count [Filler]]]
mh [StartAddr [Count [Filler]]]
mw [StartAddr [Count [Filler]]]
setboot [0/1/2/3]
setatcmd [0:SIO/1:UART/2:USB/3:DPRAM]
setsmdloop [0:disable/1:enable]
setmpatch [0x1: CPU Freq/0x2: acoustic/0x4: simdoor/0x8: RTC]
setiot [0:Disable/1:Enable]
eraseall [erase all setting flags]
setdiag [0:USB/1:UART/2:DPRAM/3:SIO]
partition
checksum
format
setinfo
readadc
cego
setgpio
getgpio
gpio
version
powerdown
platformid
radata
showexplog [n]
usbdppulldown [n]
usbdmpulldown [n]
usbdppullup [n]
usbdmpullup [n]
Headsetpullhigh [n]
rfid
wpmic [PM_VREG] [0/1]
Have you checked the port's on qpst under add new port untick show serial and usb/qc diagnostic ports.I've just checked on mine if i power on with my finger on the end key it say *download* in qpst.
In this threat i gonna upload some patched frankenkaisers for different versions.
With "FrankenKaiser" you can unbrick "task 2a" bricks:
There is no SPL, Splash and OS present as "task 2a" formats the entire application area.
Before FrankenKaiser there was no method available to unbrick and therefore they were called "hard bricks"
With frankenkaiser you can also revive kaisers where you don't see anything on it but is detectable (after turning on your device) in windows as an other device:
you got stuck in the OEMSBL and you can only talk to your device with mtty.
Credits goes to Jocky Wilson who created the original frankenkaisers. (Paypal to [email protected])
I've only changed them to work with different versions.
These versions are created at forum user requests.
Method to dump your rom:
1. connect your bricked phone and power it on
2. connect with MTTY to diag port COM#: (look up # in device manager)
3. type "radata" followed by enter (you'll see a parameter error message)
4. type "GO2AMSS" followed by enter
5. your phone should now change to "QC download mode"
6. use "QPST Memory Debug" tool to dump smi.bin and ebi.bin
7. zip smi.bin and upload it to Rapidshare (or any fileshare service) and send me the link
oemsbl: V1.9309
Radio: V1.71.09.XX
Verified.
oemsbl: V1.9519
Radio: V1.70.19.XX
20110823: new version uploaded
oemsbl: V1.9529
Radio: V1.65.29.21
oemsbl: V1.9518
Radio: V1.70.18.xx
Frankenkaiser for other versions can be created in this thread
Excellent work massivekid, just what I needed to fix the 600+ bad blocks on my spare Kaiser! Thank you!
You da MAN!!!
Turns out I cannot use any of this because my laptop has NO COMM ports.
Unless I can find a USB to serial adapter and force a COMM port, I'm stuck.
You don't need a com port. If your phone is in OEMSBL then it will ask for a different driver. This driver will create a virtual com port on your computer thru USB.
First of all, thanks for creating frankenkaisers for different radio versions,
but I need some help, my radio is version V1.71.09.XX, I did all the steps to rescue the phone up to step 11, and when I connect the usb to computer, windows shows an error and wont recognize the usb connector, not allowing me to flash the hard spl through usb. would be absolutelly happy if you would help me solving this.
Do you see the tricolor screen?
Did you disconnect and reconnect the usb cable again and do you see USB on the tricolor screen?
if no usb is seen, redo steps 7-10 again (after pulling your battery) but this time in step 9 run FrankenKaiser with the other SPL "sspl-0.92-jumpspl-force-usb.nb".
this will force usb detection.
i redid steps 7-10 at least 10 times already, tri-color screen shows up with the first spl and gives problem when connecting the usb, when I try the 0.92 spl the screen stays black (I tried connecting the usb even with it staying black and the same error message showed up)
*During the whole step by step the only difference I saw between my results and the screenshots was the oesmbl version on screenshot 7, where instead of a "2" there was a "1"
And did you tried the "sspl-0.92-jumpspl-force-usb.nb" at step 9?
If you enter mtty and type ? or h what is the output of the command?
if you see a lot of commands, then your device is security unlocked.
the "sspl-0.92-jumpspl-force-usb.nb" file is to force USB connection so you can connect with usb.
If that doesn't work, try with the original spl and after cego, pull the usb cord quickly and if the tricolor appears, try to connect the usb again.
after typing "h"
Available monitor commands are:
? [command]
h [command]
mb [StartAddr [Count [Filler]]]
mh [StartAddr [Count [Filler]]]
mw [StartAddr [Count [Filler]]]
setboot [0/1/2/3]
setatcmd [0:SIO/1:UART/2:USB/3PRAM]
setsmdloop [0:disable/1:enable]
setmpatch [0x1: CPU Freq/0x2: acoustic/0x4: simdoor/0x8: RTC]
setiot [0isable/1:Enable]
eraseall [erase all setting flags]
setdiag [0:USB/1:UART/2PRAM/3:SIO]
partition
checksum
format
setinfo
readadc
cego
setgpio
getgpio
gpio
version
powerdown
platformid
radata
showexplog [n]
usbdppulldown [n]
usbdmpulldown [n]
usbdppullup [n]
usbdmpullup [n]
Headsetpullhigh [n]
rfid
wpmic [PM_VREG] [0/1]
the "sspl-0.92-jumpspl-force-usb.nb" gives only blackscreen on the phone, no tri-color.
I`ll try the first spl and take out the usb quickly.
Same result after pulling usb quickly after doing the command "cego"
Tried the same with sspl-0.92 and the blackscreen apears the same way, and the error message on windows is the same:
(translation might no be exact because my windows is in portuguese)
"One of the usb devices connected to this computer had a problem and windows can not recognize it. to get help click on this message.
After clicking it shows a windows with a root usb hub, 4 usb doors being one of them the one where the phone is connected with a red X before it.
Ps.: I`m not exactly sure, and I don`t know if this might influence on anything, but if I remember right, when first unlocking my phone, the JumpSPL1.56-KAIS.exe wasn`t effective, I needed using one of the other 2 jumpspl available on that thread.
With "sspl-0.92-jumpspl-force-usb.nb", you can also try after cego to press and hold camera to enter tricolor bootloader mode
Also you can try this spl: SPL3.56-patch-nostuckinSPL-FORCEUSB.nb at step 9?
Just unzip it in your folder and use it.
when using the sspl0.92 it wont go out of the blackscreen (even holding camera button), and the same error message is shown on usb
when using the new spl3.56 the usually blinking green led stay orange after the cego command and the screen stay black, tried holding the camera button, to no effect in either "spls".
Same usb error on three spls...
The error states that the device is halted and is not handling usb functions anymore. The one that has the tricolor screen, should work, but some devices are not detecting the usb correctly. Therefore the usb force spl are created.
I'll try to find out how we can overcome this...
thank for your attention and taking your time to help me, hope you can find a solution, surelly you will help many kaiser owners that got many "bad blocks" in memory...
(shouldn`t ever have tried to put android on nand...)
keep me informed on any kind of progress and let me help you on testing.
Ok, try this one:
Remove and reinsert battery, then hold the send button and power on. Connect with MTTY (COMn) and this time enter "dload" to put phone in dload mode Continue with step 9.
Try SPL1.56-KAIS-unbricker.nb then or sspl-0.92-jumpspl-force-usb.nb
tried it, no letters under the: "Just be patient while I'm working ..."
believe the phone hunged up, will try again.
(also tried using the send button whenever turning the phone on in the steps 7 through 10, nothing different happened, I believe the jumpspl can only be loaded while in setboot 1 I`m thinking about trying to use "cego" without typing setboot 0 before...)
Phone will absolutelly lock if I dont enter setboot 1 in the step before typing dload,
frankenkaiser isn`t able to access it (no letters under te message to wait) and it locks after the frankenkaiser attempt (wont accept mtty commands), removing battery returns to "normal" (as in dead kaiser).