Don't do it unless you know what it is and it is your choice
First please backup all gsmdata using backup_GSM.bat and restore using restore_GSM.bat if things go wrong, hope not to
Use at your own risk, take no responsibility for any RESPONSIBLE FOR ANY MALFUNCTIONS OR OTHER ISSUES THAT MAY OCCUR
1. Connect active sync, I connect it in guest mode
2. Run Read_MAC_adsress.bat
3. Save your old MAC address (the file orig_MAC.bin) at good location in your hard disk
4. Open newMAC.bin in any hex editor (it's your MAC address in reverse)
5. Change it as you want and save it
6. Run Write_new_MAC.bat to change MAC address
7. If you want to restore the old MAC address run restore_mac.bat
8. now soft reset
9. just wish me luck If this works for you and I hope it will
To check your MAC address: go to wireless settings > advance > MAC > see it there
I'll make an app to change it soon after the exam if this works
paradis_pal
long live Palestine
am I on the black list again?
this works on my device, and there is no risk if you backup all gsmdata using backup_GSM.bat and restore using restore_GSM.bat, but the save the gsmdata.bin in a good location
it works try it
I udpate it to the new itsutils tool and it works, I used to use the old version
Perhaps a foolish question, but what is the benefit of changing the MAC adress?
another stupid question...
thnx but what the advantage of changing mac address..?
and is mac address is IMEI ..?
an example..
If you are hacker of wi-fi connections, you can find permitted mac adress..
After you can change mac adress of your device and enter to wi-fi network.. (if wi-fi network has shield with only mac adresses)
Mac adress using for network identity and its unique on the world..
IMEI number using for gsm device identity..
Thanks for explaining!
rondol1 said:
Perhaps a foolish question, but what is the benefit of changing the MAC adress?
Click to expand...
Click to collapse
Dear sir
Please please, next time before asking a foolish question, use search and you will find a lot of answers, and not only in this forum.
Or at least read the first line (don’t do it unless you know what it is).
Thanks in advance.
ycimpir said:
If you are hacker of wi-fi connections, you can find permitted mac adress..
After you can change mac adress of your device and enter to wi-fi network.. (if wi-fi network has shield with only mac adresses)
Mac adress using for network identity and its unique on the world..
IMEI number using for gsm device identity..
Click to expand...
Click to collapse
Thanks for this answer I couldn’t answer better
Some people set their access points to certain MAC addresses, if you knew them, you can access the network (hack) for free internet at least in my case.
The problem: there are no close WiFi networks near my area, but I hack a net café using this method,
Thanks for replying
nice, thanks for this
Hello Chopin
I can't unzip file:"Cannot open file: it does not appear to be a valid archive. If you downloaded this file, try downloading the file again" Please, could you share it again??
Thanks
sorry it is rar archive I should warn
use the free program 7-zip to uncompress the files
Chopin said:
sorry it is rar archive I should warn
use the free program 7-zip to uncompress the files
Click to expand...
Click to collapse
Ok, thanks, I get it.
Regards
Hey,
It doesn't work for me.
I connect my phone and active sync is in guest mode, then i run read_mac_adsress but i can't find newMAC.bin.
Where can i find this file?
Thanks,
Steffen
sorry for the late reply, Exams
if you use wm5, install enablerapi.cab first you can find it at the pagepool changer
I assume pdocread/write are Prophet specific? I have a Kaiser. I tried backup_GSM first, but got 0 bytes, so I'm assuming it is Prophet specific. Is there anyway that I could get source code to modify for Kaiser?
I would like to change MAC addresses on my Kaiser to troubleshoot problems with our crap MAC-secured wireless network. Currently, I have to lug around my laptop to do this.
Thanks!
http://nah6.com/~itsme/cvs-xdadevtools/itsutils/
Artemis
I'm using an Artemis (Xda Orbit) and tried Read_MAC_adsress which didn't work for me either.
Using pdocread -l I get this:
62.44M (0x3e70000) TrueFFS
| 3.06M (0x30fc00) Part00
| 3.06M (0x310000) Part01
| 56.25M (0x3840000) Part02
46.97M (0x2ef8000) TrueFFS
| 3.06M (0x30fc00) Part00
| 3.06M (0x310000) Part01
| 56.25M (0x3840000) Part02
511.50k (0x7fe00) TRUEFFS
| 3.06M (0x30fc00) Part00
| 3.06M (0x310000) Part01
| 56.25M (0x3840000) Part02
5.69G (0x16c680000) DSK1:
| 5.69G (0x16c280000) Part00
20.00k (0x5000) BTD1:
| 19.00k (0x4c00) PART00
STRG handles:
handle cd94b3fe 19.00k (0x4c00)
handle 4da2e506 5.69G (0x16c280000)
handle ae9cbe2e511.50k (0x7fe00)
handle aeace2a2 46.97M (0x2ef8000)
handle 0eae22b6 56.25M (0x3840000)
handle ceae2002 3.06M (0x310000)
handle 6fb1ffa2 3.06M (0x30fc00)
disk cd94b3fe
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 4da2e506
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk ae9cbe2e
3 partitions, 2 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk aeace2a2
3 partitions, 2 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 0eae22b6
3 partitions, 2 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 15 xx 01 xx 2a xx 02 xx 09 xx 06 xx
disk ceae2002
3 partitions, 2 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 15 xx 01 xx 2a xx 02 xx 09 xx 06 xx
disk 6fb1ffa2
3 partitions, 2 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 15 xx 01 xx 2a xx 02 xx 09 xx 06 xx
I xx'ed out some of the numbers on the uniqueid in case I was giving something away I shouldn't.
Given that information, any chance you can point me in the right direction to finding where my MAC address is?
Thanks.
I'm not sue about youe device, acctually I'm not sure if this will work in other prophet, no one confirm
I can only assure it work only on my device
-l will list the disk only, the MAC can be found the data on the doc, not on the list
I can't help u right now but try to ask in your device section hope that someone will help you
and if please one confirm if this will read the MAC address
thanx man . i ll test it
Related
Evening all,
I also have a brand new Orange(UK) branded TyTnII. I have dumped the ROM following the guide http://forum.xda-developers.com/showthread.php?t=334680, however the partition table looks a little different:
C:\Users\***\Desktop\ITS>pdocread -l
210.38M (0xd260000) FLASHDR
| 3.12M (0x31f000) Part00
| 3.50M (0x380000) Part01
| 69.63M (0x45a0000) Part02
| 134.13M (0x8620000) Part03
STRG handles:
handle e7489c1a134.13M (0x8620000)
handle 074970e6 69.63M (0x45a0000)
handle e74b0fda 3.50M (0x380000)
handle e74b0eee 3.12M (0x31f000)
disk e7489c1a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 074970e6
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk e74b0fda
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk e74b0eee
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
which meant that the dump commands were:
pdocread -w -d FLASHDR -b 0x800 -p Part00 0 0x31f000 Part00.raw
pdocread -w -d FLASHDR -b 0x800 -p Part01 0 0x380000 Part01.raw
pdocread -w -d FLASHDR -b 0x800 -p Part02 0 0x45a0000 Part02.raw
pdocread -w -d FLASHDR -b 0x800 -p Part03 0 0x8620000 Part03.raw
The reconstruction was then as per http://forum.xda-developers.com/showthread.php?t=337066,
using the Windows.nb from http://rapidshare.com/files/65254405/WindowsFRA1.56.406.5.rar
The ROM has been rebuilt with Dark Simpson ROM tool, 7zip'ped and is availiable :
http://rapidshare.com/files/66123403/1.81.61.2.WWE.Orange.UK.7z.html
If anyone wants the RAW files, please let me know and I will zip and up those too. Usual disclaimers about me not being responsible for your bricks apply.
Nicely done......
In your original post about this ROM, I asked if you could post the OS and Build numbers, but you never did (and still haven't!)
Go to Start | Settings | System tab | About - make a note of the line that starts "CE OS......" and post it back here please
Click to expand...
Click to collapse
This is the missing piece of the puzzle so to speak....when this information is available, then the cooks will know if the core of the O/S has been updated etc. before they waste time cooking with it.
Thanks in advance,
Mark.
Mark Crouch said:
Nicely done......
In your original post about this ROM, I asked if you could post the OS and Build numbers, but you never did (and still haven't!)
This is the missing piece of the puzzle so to speak....when this information is available, then the cooks will know if the core of the O/S has been updated etc. before they waste time cooking with it.
Thanks in advance,
Mark.
Click to expand...
Click to collapse
its an old os and build CE OS 5.2.1620 (Build 18125.0.4.2)
^^ yep, what he said!
Thanks Dutty/Rik - glad we've got that cleared up
Mark.
so now what? it is a lie? it doesnt looks like a big update from 1.56 ?
rom
the rom that has been uploaded is that the raw files or a reconstructed rom
many thanks
steven
this was my reconstruction from the raw dump
orange
so if i put one of the other roms on my orange tytn ii could i flash your reconstruction for warranty purposes
do i need any tools to flash the rom
many thanks
steven
Hi Steven,
I hope so! It's the reason I dumped and reconstructed this ROM - I have subsequently flashed the HTC shipped ROM to my Kaiser, and its running so much faster.
Although I have tested re-flashing this ROM to take me back to an Orange branding, I give no guarantees that it will return your Kaiser back to how it was when you bought it, or that it won't turn your Kaiser into the most expensive paper weight you ever bought.
As with everything on XDA-devs, its entirely at your own risk (but i'm glad I gave it a go!)
sirsyco has posted a guide http://forum.xda-developers.com/showthread.php?t=335568 on reverting back to the original ROM, while using POF's Hard-SPL http://forum.xda-developers.com/showthread.php?t=334679 and CustomRRU http://forum.xda-developers.com/showthread.php?t=334890 should provide everything you need to flash to the first HTC shipped ROM, which you will find links to in various places in this forum.
Please note that I only flashed the HTC OS, not the radio stack or the splashscreen.
I am afraid I am not going to provide a step-by-step - all of the guides linked above provide the details to do what you want to do, and I am afraid I am of the opinion that if you don't get what is being described in those tut's, you really should not be dumping and flashing ROM's yourself.
No offence intended, but im not going to lead you out of your depth - I don't want anyone to fry their beloved Kaiser on my instructions!
orange rom
hi rik
no offence taken
can i just ask you when you went from orange to htc did you hard spl then just run the htc shipped rom
how did you just instal the os and not the spl or radio stack
did you notice a difference with the htc rom
many thanks
steven
Rik
Can you tell me...when you flashed the OS only, did you get the SIMLOCK problem?
I think that was the mistake I did... I flashed the whole thing rather than the OS alone... i wasnt aware of this complication in changing other bit besides the OS...
My phone (originally Orange ROM) is still locked (24hrs now) but its usable if you put it on flight mode.. it seems to be faster..menus, keyboard opening response, applcation launch etc.. not sure how much having the phone part switched off effects the performance...
bigchemist said:
I think that was the mistake I did... I flashed the whole thing rather than the OS alone... i wasnt aware of this complication in changing other bit besides the OS...
My phone (originally Orange ROM) is still locked (24hrs now) but its usable if you put it on flight mode.. it seems to be faster..menus, keyboard opening response, applcation launch etc.. not sure how much having the phone part switched off effects the performance...
Click to expand...
Click to collapse
Could possibly be
Could you share radio or raw from this ROM?
Thanks.
Need the newest build for flash, anyone here has got this one?
STILL WAITING
How do you know these builds exist?
optiquest said:
Need the newest build for flash, anyone here has got this one?
Click to expand...
Click to collapse
Thank you for the answer
keep cool my friend
you gave him only 18 minutes to reply...
this is no chat, so it is quite possible that it will need some time before he realizes that a reply is needed.
cheers
Haha... I was only teasing a little
But I'm very curious about these new builds
ninja.rogue said:
keep cool my friend
you gave him only 18 minutes to reply...
this is no chat, so it is quite possible that it will need some time before he realizes that a reply is needed.
cheers
Click to expand...
Click to collapse
How much minutes now?
pffff....
Yep,
I'm still waithing to...
Build date is 28/03/08?
It's out there... org wm6.1 from HTC but where to grab.....
Problem with dumping
This may not be the place to post this but The how to dump thread is unfrequently visited since I have posted this yesterday and no one has posted anything after. I think whoever reads this thread can help me.
Flame suit on but here goes
Please help me... Anyone... I'm getting Access is denied the bottom line.
-- Is it working correctly or what? IDK. Please help!! Thanks in advance
C:\>pdocread -l
210.25M (0xd240000) FLASHDR
| 3.12M (0x31f000) Part00
| 3.50M (0x380000) Part01
| 79.13M (0x4f20000) Part02
| 124.50M (0x7c80000) Part03
STRG handles:
handle c7481c1a124.50M (0x7c80000)
handle 2748f0e6 79.13M (0x4f20000)
handle 274b0fda 3.50M (0x380000)
handle 074b0eee 3.12M (0x31f000)
disk c7481c1a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 2748f0e6
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 274b0fda
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 074b0eee
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
C:\>pdocread -w -d FLASHDR -b 0x800 -p Part00 0 0x31f000 Part00.raw
CopyTFFSToFile(0x0, 0x31f000, Part00.raw)
ERROR: Unable to open host/destination file - Access is Denied
Laurentius26 said:
How do you know these builds exist?
Click to expand...
Click to collapse
what you think ? yes, there had 19400 build , where to find it , maybe you know that :cool
mwang said:
what you think ? yes, there had 19400 build , where to find it , maybe you know that :cool
Click to expand...
Click to collapse
I can't see that image
hi
here´s a link to 19400 kaiser rom in chs: http://rapidshare.com/files/109028458/Kaiser_DFT_V2_19400_CHS_Release.rar, but i can´t dump it to change the mui files, it´s from darkforces team.
cheers.
ark666 said:
hi
here´s a link to 19400 kaiser rom in chs: http://rapidshare.com/files/109028458/Kaiser_DFT_V2_19400_CHS_Release.rar, but i can´t dump it to change the mui files, it´s from darkforces team.
cheers.
Click to expand...
Click to collapse
Nice job my friend. Let's see if I can round up somebody who can dump this to change it up.
While i´m trying to dump it with kaiserkitchen, it gives me an error with RecMod.exe.
cheers
I just dumped the rom and it appears it is not an official ROM. I am assuming this as PCMKeyboard is in the SYS files already!!!!!
Is this a joke
Haven't really worked alot with other languages, but I'm seeing alot of errors while dumping the contents of the imgfs in the latter half of step 2a.
It's being really retarded and making modules out of all sorts of stuff, some of it being bitmaps. I'm gonna call it quits.
_Alex_ said:
Haven't really worked alot with other languages, but I'm seeing alot of errors while dumping the contents of the imgfs in the latter half of step 2a.
It's being really retarded and making modules out of all sorts of stuff, some of it being bitmaps. I'm gonna call it quits.
Click to expand...
Click to collapse
Well, thank you for trying anyways. Guess we will just have to wait for somebody to find a good source for this build.
ryncppr said:
I just dumped the rom and it appears it is not an official ROM. I am assuming this as PCMKeyboard is in the SYS files already!!!!!
Is this a joke
Click to expand...
Click to collapse
Can u share the method to dump the ROM?
Ok let me change the topic real quick where can i find the att tilt test rom 19209 dump.
correct me if i wrong.
Laurentius26 said:
How much minutes now?
pffff....
Click to expand...
Click to collapse
sorry for forgot to reply it!
Yes, 19400 released today, and the newest build i know is 1955x..
hope someday we can use it soon.
Very soon I will receive a new phone (TyTnII) and I would want a full backup of my phone. The new phone will be flashed with my current phone and thus containing all my current settings and software. I think the only way to do this, is by dumping (cooking) and restoring (flashing) a ROM of my current phone. -Maybe I could be wrong-
Is there a "dumping ROM" -thread for dummies? In each and every thread there are parts of the solution, but nowhere a step-by-step description is to be found. In most of the threads people mention the programming code they use to dump a ROM, is a user-friendly user interface (GUI?) for cooking and flashing already available? Btw, after reading and searching on this superb site for some 3 days, I found out all I needed to know about flashing. Currently using a Dutty ROM with separately flashed RADIO. LAS, for cooking no solution seems to be at hand.
Hoping to find a solution, if you are so kind to respons, please no "use the search-section" or "read W.I.K.I. please" - been there, done that - and make sure to use all related links. Maybe this thread might become a first try to build a real "Cooking and flashing for dummies".
With kind regards,
Gert Beckers
Belgium
GertBeckers said:
Very soon I will receive a new phone (TyTnII) and I would want a full backup of my phone. The new phone will be flashed with my current phone and thus containing all my current settings and software. I think the only way to do this, is by dumping (cooking) and restoring (flashing) a ROM of my current phone. -Maybe I could be wrong-
Is there a "dumping ROM" -thread for dummies? In each and every thread there are parts of the solution, but nowhere a step-by-step description is to be found. In most of the threads people mention the programming code they use to dump a ROM, is a user-friendly user interface (GUI?) for cooking and flashing already available? Btw, after reading and searching on this superb site for some 3 days, I found out all I needed to know about flashing. Currently using a Dutty ROM with separately flashed RADIO. LAS, for cooking no solution seems to be at hand.
Hoping to find a solution, if you are so kind to respons, please no "use the search-section" or "read W.I.K.I. please" - been there, done that - and make sure to use all related links. Maybe this thread might become a first try to build a real "Cooking and flashing for dummies".
With kind regards,
Gert Beckers
Belgium
Click to expand...
Click to collapse
Are you sure you've read all the Relevant wiki pages?
This has instructions for Dumping and Reconstructing a ROM.
If you want to read these and make you own tutorial, feel free, but don't ask others to do it for you.
Kyphur says it best: http://forum.xda-developers.com/showpost.php?p=2031989&postcount=45
Ta
Dave
"IF YOU DON'T CARE ABOUT UNDERSTANDING THE JOURNEY THEN YOU PROBABLY SHOULDN'T BE HERE IN THE FIRST PLACE." is exactly what I mean with "In each and every thread there are parts of the solution". Nowhere the -part- of the solution is in clear english. Can I give you an example from your link?
How to dump a ROM :
"$ ./pdocread.exe -l
210.38M (0xd260000) FLASHDR
| 3.12M (0x31f000) Part00
| 3.50M (0x380000) Part01
| 69.38M (0x4560000) Part02
| 134.38M (0x8660000) Part03
STRG handles:
handle e7489c1a134.38M (0x8660000)
handle 474960e6 69.38M (0x4560000)
handle c74b0fda 3.50M (0x380000)
handle 074b0eee 3.12M (0x31f000)
disk e7489c1a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 474960e6
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk c74b0fda
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 074b0eee
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
?????????????????????????????????????????????????????????????????????
Maybe some people forget that not everybody is a programmer! Seems to me something is missing here? Anyone can explain to me what the h*ll this means?
Next line:
"DUMP THEM!
Code:
pdocread -w -d FLASHDR -b 0x800 -p Part00 0 0x31f000 Part00.raw
pdocread -w -d FLASHDR -b 0x800 -p Part01 0 0x380000 Part01.raw
pdocread -w -d FLASHDR -b 0x800 -p Part02 0 0x4560000 Part02.raw
pdocread -w -d FLASHDR -b 0x800 -p Part03 0 0x8660000 Part03.raw"
And again something seems to be missing here. Maybe some people forget that not everybody is a programmer!
Anyone can explain to me what the h*ll this means?
Thus my remark:
"Hoping to find a solution, if you are so kind to respons, please no "use the search-section" or "read W.I.K.I. please" - been there, done that -" Maybe -I admid- I should have added: "Are you sure you've read all the Relevant wiki pages?" and "If you want to read these and make you own tutorial, feel free, but don't ask others to do it for you."
Good teachers are just thais hard to find. Thanks for the response anyway, but I will just keep on looking for a clear and understandable explanation and/or guideline.
kind regards,
Gert Beckers
Belgium.
GertBeckers said:
Maybe some people forget that not everybody is a programmer!
Click to expand...
Click to collapse
This is XDA-Developers and your posting in the ROM Development forum. A certain level of understanding is expected.
May I suggest you look at backup software such as Sprite or SPB Backup instead or dumping and reconstructing your ROM.
Thanks
Dave
Sprite backup works great and btw Gert,
those are command line instructions-pretty straightforward actually.
Thank you for your reply , I used "SPB Backup". I just hope this nifty little tool will also make a backup of all installed software (but I doubt it).
Btw, my new 8GB Ultra II SD SDHC Memory Card just arrived!
Sir Thanks-a-lot,
Gert Beckers
GertBeckers said:
Thank you for your reply , I used "SPB Backup". I just hope this nifty little tool will also make a backup of all installed software (but I doubt it).
Btw, my new 8GB Ultra II SD SDHC Memory Card just arrived!
Sir Thanks-a-lot,
Gert Beckers
Click to expand...
Click to collapse
Sprite does-use it all the time, not sure about SPB, haven't used it.
GertBeckers said:
Thank you for your reply , I used "SPB Backup". I just hope this nifty little tool will also make a backup of all installed software (but I doubt it).
Btw, my new 8GB Ultra II SD SDHC Memory Card just arrived!
Sir Thanks-a-lot,
Gert Beckers
Click to expand...
Click to collapse
SPB Backup 2.0 will backup your entire ROM won't it?
Dave
This is becoming less and less of a developer site and more and more of a whinning, lazy a$$, "help me do what I can't do for myself". These users aren't even willing to read and then they retort back with indignation.
By the way, DaveShaw is kind of a big deal here. He doesn't have over 1200 posts because he is too lazy to read or do some research on his own. He has been helping and developing. Show some respect or be ready to be ignored.
kimtyson said:
This is becoming less and less of a developer site and more and more of a whinning, lazy a$$, "help me do what I can't do for myself". These users aren't even willing to read and then they retort back with indignation.
By the way, DaveShaw is kind of a big deal here. He doesn't have over 1200 posts because he is too lazy to read or do some research on his own. He has been helping and developing. Show some respect or be ready to be ignored.
Click to expand...
Click to collapse
... and hot water might have been invented on this "whining-site" over and over again. Thank you for you constructive info and positive feedback.
Since everything is going downhill, and most of you are having a bad day, it might be the moment to close this topic?
Sir Grins-a-lot,
Ger Beckers
This topic shouldn't be opened.
Gert,
I'm not having a bad day.
The ROM dumping instructions are in command line format and as Dave has pointed out, all that info is available in the ROM dumping thread. Read it and try it yourself, works great to dump ROM's.
kristoff_sz said:
This topic shouldn't be opened.
Click to expand...
Click to collapse
I agree. Can we drop this, please.
When a Moderator get's on this thread should be closed.
-Question asked, advice given. End of Discussion.
Dave
hey man,
Well, I haven't tried it, but here's some easy step-by-step instructions on how to dump a ROM:
1. I just put all the necessary files in this folder:
http://www.mediafire.com/download.php?jc1xtnpqnxj
Download it and extract it to your C: drive.
2. Plug in your device
3. Open a Command Prompt and type in the following:
Code:
cd C:\
Code:
pdocread -l
This should bring output something like this:
Code:
210.38M (0xd260000) FLASHDR
| 3.12M (0x31f000) Part00
| 3.50M ([COLOR="orange]0x380000[/COLOR]) Part01
| 69.38M ([COLOR="orange"]0x4560000[/COLOR]) Part02
| 134.38M (0x8660000) Part03
STRG handles:
handle e7489c1a134.38M (0x8660000)
handle 474960e6 69.38M (0x4560000)
handle c74b0fda 3.50M (0x380000)
handle 074b0eee 3.12M (0x31f000)
disk e7489c1a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 474960e6
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk c74b0fda
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 074b0eee
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Look at the orange items at the top. I've made these orange to make note that when you do this, those numbers will probably be different. So, open Notepad and copy and paste the numbers you see there. Now do this:
Code:
pdocread -w -d FLASHDR -b 0x800 -p Part01 0 [COLOR="orange"]0x380000[/COLOR] Part01.raw
NOTE: Replace the orange numbers with the first set of numbers you took down.
Do the same with this, except replace the orange numbers with the second set of numbers you took down:
Code:
pdocread -w -d FLASHDR -b 0x800 -p Part02 0 [COLOR="orange"]0x4560000[/COLOR] Part02.raw
NOTE: this line might take a while, but don't close the window until it's done.
OK, if done correctly, you should have Part01.raw and Part02.raw in your C:\ drive.
Now, download this file:
http://www.megaupload.com/?d=5NA811QP
and extract it to your C: drive
Now go to your C drive, cut Part01.raw and Part02.raw and paste them in C:\kaiserkitchen\BaseROM.
Now download this file:
http://210.64.124.194/download/TyTN II_SEA_WM6.1_Upgrade_20080602.zip
and take the RUU_signed out of it and place it in C:\kaiserkitchen\BaseROM
then go into C:\kaiserkitchen, double-click on KaiserKitchen.cmd, press e, then press b.
4. Cook the ROM.
Now cook the ROM by following the steps here:
http://wiki.xda-developers.com/index.php?pagename=Kaiser ROM Kitchen Tutorial
although, make sure you do not add any packages
You're done, hope it helps
Eric Draven,
Finally some one who understands the true meaning of a forum!
Thanks a lot for the clear and understandable explanation. I'm sure that I will finally be able to cook my own ROM, I hope that this tread might be used by plenty other seekers At least finally the title of the thread correspond with its content!
Just one last question; at the end of your reply you wrote: "although, make sure you do not add any packages" What kind of packages do you mean? Is installed software considered "packages"?
Sir Thanks-a-lot,
Gert Beckers
Belgium
Eric Draven,
Finally some one who understands the true spirit of a forum: helping others! At last the title of the thread corresponds with its content! No *****ing or wining, just helping! Respect!
I hope this final and conclusif answer might help tons of others in cooking their own ROM!
What do you mean with: "although, make sure you do not add any packages". Is any installed software considered "packages"?
Sir Thanks-a-lot,
Gert Beckers
Belgium
GertBeckers said:
Eric Draven,
Finally some one who understands the true meaning of a forum!
Thanks a lot for the clear and understandable explanation. I'm sure that I will finally be able to cook my own ROM, I hope that this tread might be used by plenty other seekers At least finally the title of the thread correspond with its content!
Just one last question; at the end of your reply you wrote: "although, make sure you do not add any packages" What kind of packages do you mean? Is installed software considered "packages"?
Sir Thanks-a-lot,
Gert Beckers
Belgium
Click to expand...
Click to collapse
Packages are the Equivelant of CABs that you use when Cooking ROMs.
i.e. You would use a new Dialer Package and Cook that into your ROM, rather than install a CAB.
When using the Kitchen, you get to pick what packages you would like.
All of this is in the ROM Cooking Wiki.
Thanks
Dave
Dave- Finally someone who understands the true spirit of a forum: helping others to help themselves.
GertB- You remain thick as a brick! And you double posted.
Oh, and though you "are sure you will finally be able to cook your own ROM" I am not as confident. You don't even understand what packages are. I suggest you stop posting and begin reading a little. Then best of luck to you. I will wait with baited breath for your excellent ROM addition to the forums.
Here is a link to the ROM KITCHEN TUTORIAL, http://forum.xda-developers.com/showthread.php?t=349895&highlight=ROM+cooking+WIKI, posted before you decided to join the party. I'd say "title of the thread correspond with its content".
kimtyson said:
GertB- You remain thick as a brick! And you double posted.
Click to expand...
Click to collapse
I believe that was a mistake, and I'm pretty sure he did not mean to bump this thread
@GertBeckers: Yes, when I say "Do not add any packages" I am talking about the software you would usually add when cooking a ROM
FOR ALL K2 VARIANTS (K2_CL, K2_UL, K2_U, K2_PLC_CL)
Advantages
- No more hassle with htcdev, tokens, or unlock codes
- No more submitting your phones personal info to htc
- The ability to get back to 100% stock without any visual traces or records of having been S-Off or unlocking your bootloader.
PLEASE PAY CLOSE ATTENTION TO THIS TUTORIAL AS I WILL SHOW YOU HOW TO CHANGE THE FLAG FOR LOCK, RELOCK, UNLOCK, AND TAMPERED!!
I INSIST THAT YOU READ ALL OF THIS BEFORE YOU TAKE FURTHER ACTION - IF YOU FAIL TO FOLLOW INSTRUCTIONS THE ONLY ONE TO BLAME IS YOURSELF. AFTER YOU HAVE READ THIS TUTORIAL AND COME TO UNDERSTAND THIS PROCEDURE THEN BY ALL MEANS GO AHEAD AND CARRY OUT THE NECESSARY STEPS TO ACCOMPLISH WHATEVER GOALS YOU MAY CURRENTLY HAVE AT THIS TIME.
- This tutorial may be easier on the eyes if viewed by the actual web browser vice an app or phone device.
Many thanks to @old.splatterhand for being generous and providing me some files which allowed me to confirm this tutorial for all K2 variants.
Confirmed Working - Credits
Myself - K2_CL
@russellvone - K2_CL
Lordvincent 90 - K2_CL
@DrBassman - K2_CL
REQUIREMENTS FOR THIS TUTORIAL FOR THE PURPOSE OF LEARNING AND APPLYING IT
- This tutorial will be based on an already UNLOCKED Bootloader with TAMPERED flag
- Must be S-OFF
- Must be rooted
- Proper ADB and Fastboot files
- Hex editor (HxD)
- Knowledge of Hex and DD (aka - Data Destroyer)
If you do not know what DD is then please read the following which I extracted from WIKI for the simplicity of this tutorial - Otherwise, skip this and move along.
dd is a command on Unix and Unix-like operating systems whose primary purpose is to convert and copy a file.
On Unix, device drivers for hardware (such as hard disks) and special device files (such as /dev/zero and /dev/random) appear in the file system just like normal files; dd can also read and/or write from/to these files, provided that function is implemented in their respective driver. As a result, dd can be used for tasks such as backing up the boot sector of a hard drive, and obtaining fixed amount of random data. The dd program can also perform conversions on the data as it is copied, including byte order swapping and conversion to and from the ASCII and EBCDIC text encodings.
The name dd may be an allusion to the DD statement found in IBM's Job Control Language (JCL), where the initialism stands for "Data Description." The command's syntax resembles the JCL statement more than it does other Unix commands, so the syntax may have been a joke. Another explanation for the command's name is that "cc" (for "convert and copy", as in the command's description) was already taken by the C compiler.
The dd command is specified by IEEE Std 1003.1-2008, which is part of the Single UNIX Specification.
The command line syntax of dd differs from many other Unix programs, in that it uses the syntax option=value for its command line options, rather than the more-standard --option value or -option=value formats. By default, dd reads from STDIN and writes to STDOUT, but these can be changed by using the if (input file) and of (output file) options.
Usage varies across different operating systems. Also, certain features of dd will depend on the computer system capabilities, such as dd's ability to implement an option for direct memory access. Sending a SIGINFO signal (or a USR1 signal on Linux) to a running dd process makes it print I/O statistics to standard error once and then continue copying (note that signals may terminate the process on OS*X). dd can read standard input from the keyboard. When end-of-file (EOF) is reached, dd will exit. Signals and EOF are determined by the software. For example, Unix tools ported to Windows vary as to the EOF: Cygwin uses (the usual Unix EOF) and MKS Toolkit uses (the usual Windows EOF).
In spirit with the Unix philosophy, dd does one thing (and may be considered to do it "well" ). Unlike a sophisticated and highly abstracted utility, dd has no algorithm other than in the low-level decisions of the user concerning how to vary the run options. Often, the options are changed for each run of dd in a multi-step process to solve a computer problem.
The GNU variant of dd as supplied with coreutils on Linux does not describe the format of the messages displayed on standard output on completion. However, these are described by other implementations, e.g. that with BSD.
Each of the "Records in" and "Records out" lines shows the number of complete blocks transferred + the number of partial blocks, e.g. because the physical medium ended before a complete block was read, or a physical error prevented reading the complete block.
A block is a unit measuring the number of bytes that are read, written, or converted at one time. Command line options can specify a different block size for input/reading (ibs) compared to output/writing (obs), though the block size (bs) option will override both ibs and obs. The default value for both input and output block sizes is 512 bytes (the traditional block size of disks, and POSIX-mandated size of "a block"). The count option for copying is measured in blocks, as are both the skip count for reading and seek count for writing. Conversion operations are also affected by the "conversion block size" (cbs).
For some uses of the dd command, block size may have an effect on performance. For example, when recovering data from a hard disk, a small block size will generally cause the most bytes to be recovered. Issuing many small reads is an overhead and may be non-beneficial to execution performance. For greater speed during copy operations, a larger block size may be used. However, because the amount of bytes to copy is given by bs×count, it is impossible to copy a prime number of bytes in one go without going with one of two bad choices, bs=N count=1 (memory use) or bs=1 count=N (read request overhead). Alternative programs (see below) permit specifying bytes rather than blocks.
Click to expand...
Click to collapse
Let's get started shall we - the following commands highlighted in RED are your commands to execute:
- Go ahead and plug your device in to your PC with a USB cable.
- Open up CMD and change its directory to the location of your proper ADB and Fastboot files
- Establish a proper connection with your device. It should look something like this:
Code:
C:\Users\*******\Desktop\Android_tweak_software\HTC_fastboot_files>[COLOR="Red"][B]adb devices[/B][/COLOR]
List of devices attached
HT3********* device
C:\Users\*******\Desktop\Android_tweak_software\HTC_fastboot_files>
- If connection is established then direct to your devices' adb shell:
Code:
C:\Users\*******\Desktop\Android_tweak_software\HTC_fastboot_files>[COLOR="Red"][B]adb shell[/B][/COLOR]
[email protected]:/ #
- Go ahead and gain superuser rights to your devices' adb shell:
Code:
C:\Users\*******\Desktop\Android_tweak_software\HTC_fastboot_files>adb shell
[email protected]:/ # [COLOR="Red"][B]su[/B][/COLOR]
su
[email protected]:/ #
- Now we need to copy a partition (mmcblk0p7) to your sdcard using DD. Insure you do not make a typo:
Code:
C:\Users\*******\Desktop\Android_tweak_software\HTC_fastboot_files>adb shell
[email protected]:/ # su
su
[email protected]:/ # [COLOR="Red"][B]dd if=/dev/block/mmcblk0p7 of=/sdcard/mmcblk0p7.img[/B][/COLOR]
dd if=/dev/block/mmcblk0p7 of=/sdcard/mmcblk0p7.img
31155+0 records in
31155+0 records out
15951360 bytes transferred in 2.259 secs (7061248 bytes/sec)
[email protected]:/ #
- Now we need to pull this image (mmcblk0p7) to our pc:
Code:
C:\Users\*******\Desktop\Android_tweak_software\HTC_fastboot_files>adb shell
[email protected]:/ # su
su
[email protected]:/ # dd if=/dev/block/mmcblk0p7 of=/sdcard/mmcblk0p7.img
dd if=/dev/block/mmcblk0p7 of=/sdcard/mmcblk0p7.img
31155+0 records in
31155+0 records out
15951360 bytes transferred in 2.259 secs (7061248 bytes/sec)
[email protected]:/ # [COLOR="Red"][B]exit[/B][/COLOR]
exit
[email protected]:/ # [COLOR="Red"][B]exit[/B][/COLOR]
exit
C:\Users\*******\Desktop\Android_tweak_software\HTC_fastboot_files>[COLOR="Red"][B]adb pull /sdc
ard/mmcblk0p7.img[/B][/COLOR]
2523 KB/s (15951360 bytes in 6.172s)
C:\Users\*******\Desktop\Android_tweak_software\HTC_fastboot_files>
- Go ahead and repeat these steps for (mmcblk0p3).
- At this time go ahead and open up your hex editor (HxD) and at the top right change from hex in the drop down bar to dec - you will do this (if necessary) for all images pertaining to this tutorial.
- Drag\drop (mmcblk0p3.img) in to the hex editor (HxD).
- Now hit ctrl+F or go to the Search tab, then click on Find.
- Search for HTCU. You will see the following:
Code:
Offset(d) 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15
000033728 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000033744 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000033760 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000033776 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[COLOR="Red"][B]000033792[/B] 00 00 00 00 [B]48 54 43 55[/B] 01 00 00 00 00 00 00 00 ....[B]HTCU[/B]........[/COLOR]
000033808 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000033824 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000033840 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000033856 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- Drag\drop (mmcblk0p7.img) in to the hex editor (HxD).
- Now hit ctrl+G or go to the Search tab, then click on Goto....
- Search for DEC OFFSET 4265984.
- You will see something like this:
Code:
Offset(d) 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15
04265920 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
04265936 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
04265952 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
04265968 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[COLOR="Red"][B]04265984[/B] [B]68 25 32 C6 02[/B] 00 00 00 00 00 00 00 00 00 00 00 [B]h%2Æ.[/B]...........[/COLOR]
04266000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
04266016 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
04266032 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
04266048 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- Now that we have what we needed loaded and prepped we want to see what needs adjustment regarding lock, unlock, relock, and tampered.
- These two partitions are already stamped with the bootloader being unlocked as well as being tampered so finding what we are looking for makes it easy as seen above.
- mmcblk0p3 is the partition which determines if our device is locked, unlocked, or relocked.
- mmcblk0p7 is the partition which determines if our device is tampered with or not.
- Let's look at mmcblk0p3. We see in red, HTCU, which we already know means Unlocked, because as I mentioned in the beginning, this tutorial is based on an already unlocked bootloader and tampered device.
Code:
[COLOR="Red"][B]000033792[/B] 00 00 00 00 [B]48 54 43 55[/B] 01 00 00 00 00 00 00 00 ....[B]HTCU[/B]........[/COLOR]
- We want to lock or relock our device. To relock is, "HTCL". To Lock is, "00 00 00 00".
- Our goal is creating a dd command which will implement these changes for us to our partition already on our device.
- To lock:
Code:
echo -ne '\x00\x00\x00\x00' | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796
- To relock:
Code:
echo -ne "HTCL" | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796
- To unlock:
Code:
echo -ne "HTCU" | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796
- The command for seek is what determines the decimal search of that partition when implementing the echo command from start to finish, from left to right as it writes it out. This is why earlier I told you to change it from hex to dec in your hex editor. If you look at seek=33796 and go back to your hex editor you will notice the dec offset says 33792 then underneath that it says 33808.
Code:
Offset(d) 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15
000033792 00 00 00 00 48 54 43 55 01 00 00 00 00 00 00 00 ....HTCU........
000033808 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- To determine the exact decimal location where the dd command will start writing to you must first look at the top of your hex editor where it shows '00 01 02 03 04 05, etc'. You will take the offset for 33792 and look at where HTCU begins then scroll to the top which in this case it aligns to '04', so we add 04 to the offset of 33792 which gives us a total of 33796. This becomes our seek (our starting point).
- Now that we have established this concept with mmcblk0p3.img, lets go and take a look at mmcblk0p7.img.
- We already know our device has been tampered with. If you search for tamper or tampered you will find results and these results eventually bring you to where we already are as mentioned above and if following along then what you are currently looking at on your pc.
- This one is really simple. Either your device is tampered or it is not. In this case we notice '02' which signifies the setup for being tampered.
Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00411800 68 25 32 C6 02 00 00 00 00 00 00 00 00 00 00 00 h%2Æ............
- Let's go ahead and change it to '00' with the following dd command:
Code:
echo -ne '\x00' | dd of=/dev/block/mmcblk0p7 bs=1 seek=4265988
- To restore back to tampered you will just replace 00 with 02.
(FOR K2_PLC_CL USERS, REPLACE 00 WITH 04, INSTEAD OF 02 - Credit goes to @DOrtego for notifying me of this)
- Now to show you how to execute these commands. I will only use one command for this example since it will be the same for all of them. The following in RED will be your commands to execute. A lot of these will be due to insuring you are set up prior to executing the dd command itself, so if you are already good to go then just seek for the dd command and follow along:
Code:
C:\Users\*******\Desktop\Android_tweak_software\HTC_fastboot_files>[COLOR="Red"][B]adb devices[/B][/COLOR]
List of devices attached
HT********** device
C:\Users\*******\Desktop\Android_tweak_software\HTC_fastboot_files>[COLOR="Red"][B]adb shell[/B][/COLOR]
[email protected]:/ # [COLOR="Red"][B]su[/B][/COLOR]
su
[email protected]:/ # [COLOR="Red"][B]echo -ne '\x00' | dd of=/dev/block/mmcblk0p7 bs=1 seek=4265988[/B][/COLOR]
ock/mmcblk0p7 bs=1 seek=4265988 <
1+0 records in
1+0 records out
1 bytes transferred in 0.012 secs (83 bytes/sec)
[email protected]:/ # [COLOR="Red"][B]exit[/B][/COLOR]
exit
[email protected]:/ # [COLOR="Red"][B]exit[/B][/COLOR]
exit
C:\Users\*******\Desktop\Android_tweak_software\HTC_fastboot_files>
I will also show you how to go back to S-ON, but you BETTER make sure you have your stock HBoot.img flashed, Stock Boot.img flashed, etc OR YOU WILL BRICK YOUR DEVICE INDEFINITELY!!!
YOU MUST FIRST BE IN FASTBOOT - THERE WILL BE NO USING ADB NOR A TERMINAL EMULATOR FOR THIS STEP
To go from radio S-OFF to radio S-ON enter the following :
Code:
[B]fastboot oem writesecureflag 3[/B]
To go from HBoot S-Off to HBoot S-On just flash a stock HBoot to remove the modified version.
Code:
[B]adb reboot bootloader[/B]
// booting in to bootloader
[B]fastboot devices[/B]
// establishing connection between device and PC
[B]fastboot oem rebootRUU[/B]
// booting in to RUU
[B]fastboot flash zip filename.zip[/B]
// .zip with stock HBoot image
[B]fastboot reboot-bootloader[/B]
// confirm mod S-Off HBoot now reads new S-On from stock HBoot
[B]fastboot reboot[/B]
// boot OS
So, there you have it everyone! Enjoy, and profit!
--- Happy Hunting!
Other users, what I did to confirm this was by pulling mmcblk0p3 and mmcblk0p7 for both versions and compared the results with a hex editor to determine these steps are valid for the K2_CL variant. Enjoy.
EDIT: Confirmed for ALL K2 variants
Sent from my C525c using XDA Premium 4 mobile app
And yes, I used my device as a guinea pig so of course it works
Sent from my C525c using XDA Premium 4 mobile app
Modding.MyMind said:
And yes, I used my device as a guinea pig so of course it works
Sent from my C525c using XDA Premium 4 mobile app
Click to expand...
Click to collapse
What if we wish to put *tampered* back?
Lol
Hmmm, I would have to look at that as I did not consider that as an option. However, having 'tampered' being displayed leaves traces so why would you want to lol.
Sent from my C525c using XDA Premium 4 mobile app
Complete joke, very well done sir.
Awesome find!
Yea, I knew it was ha! And thanks. Would like to see if this works for the other variants as well but I do not have what I need from them so either they will need to figure it out or become very brave with trying my steps lol.
Sent from my C525c using XDA Premium 4 mobile app
+sorry for the off topic+
but I decided to do a complete factory restore of my phone and accept an ota update to see if I could get to that clockworkmod like screen in stock recovery.
and it let me
first attempt it just installed the update without letting me into the clockworkmod like..........
so I simply deleted a system app accepted the next update, allowed to boot into recovery,
then once it got to the hated /!\ Red triangle, I just held volume+ then pressed power and it let me see the reason for the fail.
thought you would like to play with it
Awesome! Thanks.
Sent from my C525c using XDA Premium 4 mobile app
Maybe @old.splatterhand could look in to this with the K2_U and K2_UL variants .
And possibly add this finding to his index *cough**cough* haha
Sent from my C525c using XDA Premium 4 mobile app
Modding.MyMind said:
Awesome! Thanks.
Sent from my C525c using XDA Premium 4 mobile app
Click to expand...
Click to collapse
alrighty, just got into it again, used an app called quick boot and booted into recovery, again it would not let me in to CWM-like until it showed red triangle then had to hold volume+ then power, tried to apply a different zip (crossbreeder)
aborted,
I'm gonna do some playing myself!
I have added it to my Index, but i have to add much more, when its time.
@Modding.MyMind
confirmed working......
thanks again sir, very proud of your hard work!
Yea, will be uploading pictures soon enough so people can see it on my phone. Unfortunately, I won't be able to get a pic where it shows *tampered* because I already removed it lol (but hey, if it isn't there that is evidence in itself). But I can atleast provide pics where it shows locked (not relocked) and unlocked with S-Off.
I got other projects I am looking into as well. Hopefully, they too will be just as satisfying as this.
Sent from my C525c using XDA Premium 4 mobile app
Modding.MyMind said:
I got other projects I am looking into as well. Hopefully, they too will be just as satisfying as this.
Sent from my C525c using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Just helped a fellow with the handle
Lordvincent 90
over on AndroidForums
sent him this way so he could use your find so he could his phone in for hardware repair.......
with out any traces of s-off!!!!
#already_awesome
oh yeah.... I'm on edge waiting for more!
very impressed with what you've brought so early in the game.
I'm rooting for ya \ /*_*\ /
russellvone said:
Just helped a fellow with the handle
Lordvincent 90
over on AndroidForums
sent him this way so he could use your find so he could his phone in for hardware repair.......
with out any traces of s-off!!!!
#already_awesome
oh yeah.... I'm on edge waiting for more!
very impressed with what you've brought so early in the game.
I'm rooting for ya \ /*_*\ /
Click to expand...
Click to collapse
I have added him to the OP under credits
Glad this served him well and soon others when it calls for it
Sent from my C525c using XDA Premium 4 mobile app
Reserved....
Sent from my C525c using XDA Premium 4 mobile app
russellvone said:
very impressed with what you've brought so early in the game.
Click to expand...
Click to collapse
Newbie on XDA forums, but as for androids... Especially K2_CL... Pretty much got the experience needed to get by and to grow. I focus most on mods, hence my name. Something about modding gets me pumped haha.
That's my Bio and I'm sticking to it.
Sent from my C525c using XDA Premium 4 mobile app
Modding.MyMind said:
Newbie on XDA forums, but as for androids... Especially K2_CL... Pretty much got the experience needed to get by and to grow. I focus most on mods, hence my name. Something about modding gets me pumped haha.
That's my Bio and I'm sticking to it.
Sent from my C525c using XDA Premium 4 mobile app
Click to expand...
Click to collapse
THAT'S WHAT I'M SCREAMING!
:beer: «--one for you
:beer: «--one for me
cheers!
#EDIT#
for some reason my beers look like smiley faces on tapatalk?¿
Pictures uploaded in OP. Take additional note that in both pictures you do not see *tampered* nor do you see *relocked*. Enjoy.
Sent from my C525c using XDA Premium 4 mobile app
I started working on the phone with the intention of upgrading it to make it faster and unlocking the sim. The T-mobile contract has been over for a long while now, they will not unlock it themselves for whatever reason. I committed a faux pas many on here many like to bash on (for good reason), no backup. I was going to after rooting but I used ODIN to flash the Bali 3.0.2.8 cwm and the screen turned into rainbow static when I tried rebooting, so I continued on to cm7 and then cm9. Worked great, and the SIM asked for unlock code.
I tried using script methods to unlock it but it kept telling me busybox wasn't installed right, I tried other versions and eventually saw a post saying it was only meant for gingerbread, so I flashed to that. Same problem, couldn't find the file or directory, so I looked myself and discovered there was no bml3 file. Restored a stock gb version with ODIN, the bml3 was 0.00mb. OK, so I looked at the hex code method, opened the nv_data bin and found the 8 digits and put them in. Incorrect, 9 attempts remaining. Tried again in case I mistyped; incorrect, 8 attempts remaining. I read that without an image backup or backup of the original nv_data or md5 I was screwed since the one I had was corrupt/generic/etc. I found one person saying he changed the FF 01 to FF 00 part in hex editor, according to him the SIM would (and mine did) stop asking to unlock. So that was progress. Since the SIM I want to use isn't activated yet I put in an activated AT&T SIM and was able to receive a test call. But the IMEI is still zero'ed out, apparently due to efs corruption.
So I have no efs or nv_data backups. I've been reading on forums how to restore the IMEI (I know it since it's right under the battery), one that can show you what I've been looking into is the article "Backup and Restore Lost IMEI on Samsung Galaxy Devices without Root" (I wrote the title because idk if url posting is allowed). Only problem: that's for the galaxy s3, when I type *#7284# I only have options for UART: PDA and MODEM and the same two options for USB. So I don't know how to use the NV-items_reader_writer tool to copy the corrupt nv_data.bin and rewrite the IMEI in the form it understands to get it back to the original state.
Can anyone help, or just pm others that can? Am I going in the right direction? I know there are lots of forums with similar posts but it's taking a lot of time to read and sort through them all
Try and search for 1-Click Gremlin remover in this forum. Or use Heimdall or Odin to go back to stock it might help.
If and only If, all fail, try the following tools at your own risk, they are meant to S3 but galaxy phones are similar (also make a backup of the efs directory, even if it is corrupted just in case):
First you have to use NV generator by putting your IMEI number and generate a text file contains hexadecimal numbers for NV data.
Then use the NV writer tool and flash the text file you generated using your IMEI.
I hope it works. Good luck :good:
Edit: Replaced SGS3 NV IMEI with the safer one per FB suggestion
Note that you need the 'nv.txt' to be able to generate hex numbers, otherwise it will crash.
I was able to generate the IMEI text file. The nv writer tool kept saying connected or does not exist depending on which com I used and if it was in download mode or not, if it connected I tried writing and it said "phone does not answer". Booted up normally (not download mode), double checked debugging mode was enabled, and I finally got it to connect to one- COM6- and it began writing, with the response:
Writing NV-items from a file:
Unsuccessfully written NV-items:
00550 (0x0226) - Unknown error
Done.
Realized I was on a stock gingerbread without root again since stock froyo flashback booted to S logo, vibrated, and looped again. Used superoneclick to root successfully. Clicked write again, phone does not answer, disconnect and connected, clicked write, received same unsuccessful write message from above. Reading more forums. Can this be placed manually or pushed by adb/terminal? Where in the efs folder or nv_data is this being written?
You can do it manually using hex editor if you know the memory offset, but I don't suggest it. If you wanna try anyway make backup. Sorry I can't think of something else to help you. I only tried this on S2 and S3. My S4G never had imei problems. But I recall that I unlocked it using hex editor by modifying the nv_data. Most likely the imei number is stored in the same file.
Edit: Besides, although it might be illegal to use a phone with empty IMEI number. Think of it as an advantage, the phone still works, receive and send calls, and the NSA wont be able to track you nor google :> The only problem with empty IMEI is intermittent 4g/3g connection.
Fbis251 had a nefty little app in playstore that will unlock for ya.
Sgs4g unlocker if I recall correctly.
Lol. True. I didn't know about the nv_gen tool though so I did make progress, thanks Rebel_X. I'll see if I can replace the hex formatted IMEI in the nv_data manually. That is where I manually changed 01 to 00 to unlock it.
@champ1919 it is technically unlocked now, an AT&T SIM worked. It's simply that the IMEI is zero'ed out and I've read some carriers don't like this/ data works intermittently as Rebel mentioned.
Once unlocked, always unlocked. Flash stock gb and see if it comes back. That has worked for others.
Holy carp I fixed it! Manual editing the nt_data.bin works.
I read that line 550 is where the IMEI hex is, when I viewed it in one editor (named HxD) it said line 00005500, so I clicked view>offset base>hexadecimal and it turns into 00000550. It's all FF FF FF... no zeros. Replaced it with my original IMEI (remember future readers, this can't change it to a different one) in hex format calculated form the sgs3_nv_gen tool. The NV-item_reader_writer tool would not push it successfully as noted before. Deleted nt_data.bin and nt_data.bin.bak under efs/root/afs/settings using root explorer (directory may be different in ics and up), placed my version of edited nt_data.bin, rebooted. IMEI restored. Backing this sucker up now...
http://imgur.com/wKO5Cjm
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
All hex IMEI starts with 08 #A apparently. Rest of personal data is marked out.
Upgraded to CM9. IMEI still correct, SIM still unlocked.
@asmarinian: I am happy for you
asmarinian said:
Holy carp I fixed it! Manual editing the nt_data.bin works.
I read that line 550 is where the IMEI hex is, when I viewed it in one editor (named HxD) it said line 00005500, so I clicked view>offset base>hexadecimal and it turns into 00000550. It's all FF FF FF... no zeros. Replaced it with my original IMEI (remember future readers, this can't change it to a different one) in hex format calculated form the sgs3_nv_gen tool. The NV-item_reader_writer tool would not push it successfully as noted before. Deleted nt_data.bin and nt_data.bin.bak under efs/root/afs/settings using root explorer (directory may be different in ics and up), placed my version of edited nt_data.bin, rebooted. IMEI restored. Backing this sucker up now...
http://imgur.com/wKO5Cjm
All hex IMEI starts with 08 #A apparently. Rest of personal data is marked out.
Click to expand...
Click to collapse
I have a few nv_data files from previous SGS4G phones I had and had been wondering what the offset was. I'll have to look into this too since I finally wound up finding the offset to the Unlock code (0x146E).
You can read more about it here:
https://github.com/fbis251/sgs4g-unlock-code-finder
Wouldn't be a bad idea to modify the program to add an IMEI number reader.
Thanks for the information!
---------- Post added at 06:41 PM ---------- Previous post was at 06:15 PM ----------
Rebel_X said:
Try and search for 1-Click Gremlin remover in this forum. Or use Heimdall or Odin to go back to stock it might help.
If and only If, all fail, try the following tools at your own risk, they are meant to S3 but galaxy phones are similar (also make a backup of the efs directory, even if it is corrupted just in case):
First you have to use NV generator by putting your IMEI number and generate a text file contains hexadecimal numbers for NV data.
Then use the NV writer tool and flash the text file you generated using your IMEI.
I hope it works. Good luck :good:
Click to expand...
Click to collapse
I checked SGS3-IMEI-NV-Gen.exe with VirusTotal and 40/50 antivirus programs flagged it as a virus. I'd be very wary about running this on your computer.
https://www.virustotal.com/en/file/...126102bb576a5d7d7800b049/analysis/1393510440/
FBis251 said:
I checked SGS3-IMEI-NV-Gen.exe with VirusTotal and 40/50 antivirus programs flagged it as a virus. I'd be very wary about running this on your computer.
https://www.virustotal.com/en/file/...126102bb576a5d7d7800b049/analysis/1393510440/
Click to expand...
Click to collapse
I have this file for quite for a long time, ESET never complained about it. If anything, other AV reports it as most probably a false positive. But nothing prevents you from running it in a sand box.
asmarinian said:
Holy carp I fixed it! Manual editing the nt_data.bin works.
I read that line 550 is where the IMEI hex is, when I viewed it in one editor (named HxD) it said line 00005500, so I clicked view>offset base>hexadecimal and it turns into 00000550. It's all FF FF FF... no zeros. Replaced it with my original IMEI (remember future readers, this can't change it to a different one) in hex format calculated form the sgs3_nv_gen tool. The NV-item_reader_writer tool would not push it successfully as noted before. Deleted nt_data.bin and nt_data.bin.bak under efs/root/afs/settings using root explorer (directory may be different in ics and up), placed my version of edited nt_data.bin, rebooted. IMEI restored. Backing this sucker up now...
http://imgur.com/wKO5Cjm
All hex IMEI starts with 08 #A apparently. Rest of personal data is marked out.
Click to expand...
Click to collapse
Can you please help me with this problem im working on a client phone and the IMEI turn to all zeros and don't find a way to fix it, how did you get your IMEI number back
banziitox24 said:
Can you please help me with this problem im working on a client phone and the IMEI turn to all zeros and don't find a way to fix it, how did you get your IMEI number back
Click to expand...
Click to collapse
Check on the sticker under the battery, that's where mine was. Just fyi don't post it on here for the world to see. If you find it, write it down or type it in a text editor, then let me know you've got it. I'll write up what I did step by step for you to follow.
asmarinian said:
Check on the sticker under the battery, that's where mine was. Just fyi don't post it on here for the world to see. If you find it, write it down or type it in a text editor, then let me know you've got it. I'll write up what I did step by step for you to follow.
Click to expand...
Click to collapse
Ok I wrote it down already what's next?
Credit goes out to lots of knowledgeable people all over the internets.
1. Once you know your IMEI you have to rearrange it into hexadecimal format. EXAMPLE: Say your IMEI is 954091051099226, break it up into two digit groupings. The start of an IMEI is always 08, and your first number will be followed by an 'A'. Each subsequent group of two digits is then reversed. The example IMEI in hexadecimal will be 08 9A 45 90 01 15 90 29 62.
2. Using a root explorer, go to efs/root/afs/settings and copy nv_data.bin to your computer for editing.
3. Download and install a hex editor. I used HxD and found it easiest to use. The link from cnet is http://download.cnet.com/HxD-Hex-Editor/3000-2352-10891068.html
4. Open nv_data.bin in HxD. On the top menu toolbar click view>offset base>hexadecimal. Scroll down through the file until you find offset 550, which will appear as 00000550. Type your IMEI in hexadecimal format into this line, overwriting the FF's. Fill in the remaining FF's in the line with zeros. Using the example IMEI, this would appear as [08 9A 45 90 01 15 90 29 62 00 00 00 00 00 00 00]. Fill in 7 lines of FF's below the line with your IMEI with all zeros. It should now appear like this:
08 9A 45 90 01 15 90 29 62 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Save the file. Make a copy on your phone storage.
5. Navigate back to efs/root/afs/settings and delete the existing nv_data.bin and nv_data.bin.bak.
6. Copy your modified nv_data.bin into efs/root/afs/settings.
7. Reboot and check under phone information if your IMEI has been reset.
Rebel_X said:
I have this file for quite for a long time, ESET never complained about it. If anything, other AV reports it as most probably a false positive. But nothing prevents you from running it in a sand box.
Click to expand...
Click to collapse
I wound up running the program in a sandbox.
The file you uploaded attempts to run a .bat file in a temp directory by calling cmd.exe to run it.
The bat file
Code:
@echo off
set ztmp=C:\Users\<USERNAME>\AppData\Local\Temp\ztmp
set MYFILES=C:\Users\<USERNAME>\AppData\Local\Temp\afolder
set bfcec=t17061.exe
attrib +h C:\Users\<USERNAME>\AppData\Local\Temp\ztmp
@echo off
CLS
cd %MYFILES%
"SGS3 IMEI.exe"
CLS
The EXE file created along with the .bat file is actually an ASCII file which contains the following text
Code:
RCHELICOPTERFTW
It also creates a new folder under
C:\Users\<USERNAME>\AppData\Local\Temp\afolder
which contains the SGS3 IMEI.exe program and a text file which contains:
Code:
[NV items]
[Complete items - 1, Items size - 128]
00550 (0x0226) - OK
XX XX XX XX XX XX XX XX XX00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
When I ran THAT exe through virustotal I got these results, which DO seem like false positives, unlike the EXE you uploaded which triggered 80% of the virus scanners, this one only triggers 2/45.
https://www.virustotal.com/en/file/...f7c17482773d478539e99148/analysis/1377777759/
I guess I can send the SGS3 IMEI.exe file to you so you can post a link to that one instead?
FBis251 said:
I guess I can send the SGS3 IMEI.exe file to you so you can post a link to that one instead?
Click to expand...
Click to collapse
It's easier/faster than the manual method. I'm sure some people just get spooked by false positives so I wanted the manual method for turning their IMEI into hexadecimal formal laid out. I just ignored the false positive on mine it since I know a lot of exe's and bat's that edit files get flagged more often. I do appreciate having someone who knows what they're doing analyzing it in sandbox mode though, thanks!
FBis251 said:
I have a few nv_data files from previous SGS4G phones I had and had been wondering what the offset was. I'll have to look into this too since I finally wound up finding the offset to the Unlock code (0x146E).
You can read more about it here:
https://github.com/fbis251/sgs4g-unlock-code-finder
Wouldn't be a bad idea to modify the program to add an IMEI number reader.
Thanks for the information!
---------- Post added at 06:41 PM ---------- Previous post was at 06:15 PM ----------
I checked SGS3-IMEI-NV-Gen.exe with VirusTotal and 40/50 antivirus programs flagged it as a virus. I'd be very wary about running this on your computer.
https://www.virustotal.com/en/file/...126102bb576a5d7d7800b049/analysis/1393510440/
Click to expand...
Click to collapse
If I actually knew more about what I was doing I probably would have set the com ports up properly and just used qpst the right way or the nv-item rw program. 550 appears to be an offset used in at least some other models and brands, could be whichever contain the ability to use the qualcomm tool. I'm sure they all exist in company documentation and manuals. Being only a user, and not even a programmer at that, I don't have the knowledge or means to reliably find certain information and first hand sources very often. That said if you download and install the qpst tool (I searched for QPST v2.7.378.zip), open RF NV Manager 1.4.32, click Option>Customized NV Item List you will see every offset value and what they are for.
Also, I glanced over the last sentence about the false positive too quickly, if you want to upload the edited version without the false positive trigger that'd be great!
asmarinian said:
Credit goes out to lots of knowledgeable people all over the internets.
1. Once you know your IMEI you have to rearrange it into hexadecimal format. EXAMPLE: Say your IMEI is 954091051099226, break it up into two digit groupings. The start of an IMEI is always 08, and your first number will be followed by an 'A'. Each subsequent group of two digits is then reversed. The example IMEI in hexadecimal will be 08 9A 45 90 01 15 90 29 62.
2. Using a root explorer, go to efs/root/afs/settings and copy nv_data.bin to your computer for editing.
3. Download and install a hex editor. I used HxD and found it easiest to use. The link from cnet is http://download.cnet.com/HxD-Hex-Editor/3000-2352-10891068.html
4. Open nv_data.bin in HxD. On the top menu toolbar click view>offset base>hexadecimal. Scroll down through the file until you find offset 550, which will appear as 00000550. Type your IMEI in hexadecimal format into this line, overwriting the FF's. Fill in the remaining FF's in the line with zeros. Using the example IMEI, this would appear as [08 9A 45 90 01 15 90 29 62 00 00 00 00 00 00 00]. Fill in 7 lines of FF's below the line with your IMEI with all zeros. It should now appear like this:
08 9A 45 90 01 15 90 29 62 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Save the file. Make a copy on your phone storage.
5. Navigate back to efs/root/afs/settings and delete the existing nv_data.bin and nv_data.bin.bak.
6. Copy your modified nv_data.bin into efs/root/afs/settings.
7. Reboot and check under phone information if your IMEI has been reset.
Click to expand...
Click to collapse
Tried all this Step-By-Step and IMEI Number stills all zeros
IMEI: 000000000000000/04
Device: Samsung Galaxy S 4G T959V T-Mobile Variant
Android Version: 2.3.5
Baseband Version: T959VUVKJ1
Kernel Version: 2.6.35.7-T959VUVKJ1-CL611444
PLEASE HELP ME WITH THIS PROBLEM!!!!