It's the True Brick!!! (Task 2a SOLVED!!!!) - Tilt, TyTN II, MDA Vario III Windows Mobile ROM De

HUGE BREAKING NEWS!!! THIS JUST IN:
May 12th, 2008
ENTER "FrankenKaiser"
For the past several weeks, I've been working with Jocky on unbricking devices with nuked SPL's as a result of task 2a MTTY commands. Last week the amazing Jocky found a way to exploit OEMSBL & to Security Unlock a BRICKED device via dload mode. That's right, you heard correctly, Jocky Security Unlocked a bricked device, giving me access to all of the OEMSBL, Radio Boot Loader commands!!!
Subsequently, Jocky has written a tool that will then use this exploit to load a new SPL via Dload mode into ram & do some device initialization. After three chalenging & frustrating weeks, we were able to load a SPL into ram, get the spl to stick & voila.....I now have the first ever Kaiser recovered from being a nuked SPL brick!!!!
I won't give to many details, as this is really Jocky's baby & it's his place to share the information as he sees fit, but I'll tell you that this tool may be the start of something huge! It will allow you to test SPL versions & recover from bad SPL flashes. I believe this tool is also going to be the center of fixing the locked AT&T radio's.
I can take no credit for this tool, I was really nothing more than a brave & willing guinea pig, that occasionally floated theories, & remembered some of the little stuff.
Jocky did let me name the tool, based on the first thing I thought & said when we were talking about the theory behind the tool, which was "Oh my God, It's alive, it's aliiiiive!!!!", so the tool has been named FrankenKaiser!
If you have a Bricked Kaiser, Let me know, post it here in this thread until Jocky start a thread specifically related to this new tool. Please don't overwhelm Jocky with requests & PM's, as the tool must be moddified for each & every different OEMSBL version. If you have a task 2a or other bricked Kaiser, please PM me or post the info here on this thread & depending on the type of brick you have, someone will let you know if this tool can help you.
Okay, it's true I've put my Tilt thru hell & back trying to help out the noobie. I have done partial flashes, radio & rom, to recreate their problems in an effort to guide them thru the solutions.
I've alway been able to recover......Until now!
A WARNING TO ALL USERS FROM OTHER DEVICES NEWLY COMING TO THE KAISER!!!
After countless trips to hell & back for my device, it finally, It is totally dead. After doing a few MTTY task & info calls while assisting a noobie I decided to format my device & the nand storage to start afresh. Now I am stuck in OEMSBL.
Should you try and format or dump bad blocks as previously possible on some older devices using the task 2a command. There are several thing you need to know. Firstly, you'll need to immediately flash a new SPL BEFORE soft resetting. Otherwise, your device will not boot period. You will find that the service LED light stays green like it is fully powered, & the "GREEN" light will come on whenever you hit the power button, but when you plug it into the USB port on your PC, it will only be seen as new hardware & will add the following new devices: a NMEA GPS Device, a Qualcomm Data Device, an Qualcomm Diagnostic Interface, a Baseline Modem, Baseline Storage Device, etc. But A/S will not run & MTTY cannot communicate using standard commands nor can it be used thru the USB port.
The reason this happens is becauser you have just completely formatted the NAND, essentialy killing the Boot Loader or SPL.
As of this time, there is no known recovery for this type of brick. Several people are working towards a fix, but unless your device is security unlocked, there will be no miraculous recovery.
ALWAYS EXCERSIZE EXTREME CAUTION WHEN COMMUNICATING THRU MTTY WITH SPL OR WITH OEMSBL. DO NOT ASSUME THAT THE SPL COMMANDS ARE STATIC> THEY CAN & DO CHANGE BETWEEN DIFFERENT SPL VERSIONS & DEVICES.
As an example, Tilt Devices with the 1.56SPL can execute the boot command, whilee HTC 1.93SPL devices cannot & require a task 8 to reset.
If you do not know what SPL is, or have no idea the available commands & their effects, do not use them.

Aaaarghhhh.... that's horrible
Did you try to take out the battery already?
Maybe disable all Active sync tasks before you plugin to the usb?
Also a suggestion, flash a rom from sd?
I do think your device is still alive because otherwise it wouldn't be recognized ad all!

Laurentius26 said:
Aaaarghhhh.... that's horrible
Did you try to take out the battery already?
Maybe disable all Active sync tasks before you plugin to the usb?
Also a suggestion, flash a rom from sd?
I do think your device is still alive because otherwise it wouldn't be recognized ad all!
Click to expand...
Click to collapse
Laurentius is right; it would surprise me if the Flash from SD-card would not work for you!
Good luck,
Edward

sorry to say that but it is a true brick now, it is recognized by windows because there it falls back to qualcomm diagnostic mode (which will not help you at all) I had exactly the same situation and you won't be able to flash it, send it to htc for repair

No, The screen will not turn on & when plugged in it now acts as accessories or hardware for my PC.
The chipset inside the device is still getting power, & it is a chipset that is powerful & used for many, many things. So, it's no suprise that it sees the modem, the Basecom Interactive, Basecom NMEA device, etc...What it doesn't see is all of it integrated into a package & it actually creates 6 or 7 port connections thru XP Hardware Wizard for each "accessory".
What I believe has happened is that the unit has been completely formatted meaning the actual Windows CE has been destroyed, formatted, removed, kaput...
The only way to revive I think would be to reload CE into the device the way Mfg's & OEM's do.

There should be a way in QPST or MTTY to switch the phone from diagnostic into download mode, from there you could use the QPST Software Download tool to load up the firmware..

Da_G said:
There should be a way in QPST or MTTY to switch the phone from diagnostic into download mode, from there you could use the QPST Software Download tool to load up the firmware..
Click to expand...
Click to collapse
nope, there is now way to do that

Actually Hanza, there is absolutely a way to do it. I mean the OEM does it, so technically it is possible & there are articles about it all ove MSDN.
The problem is that I think it will require platform builder. Or maybe the tools used to load linux onto the device.
If we can load linux onto the devices,Hanza, then there is no reason we couldn't load CE. The only question is...What tools are needed.
I'll play around with loading linux or maybe the Android SDK while waiting for my new device.

GSLEON3 said:
Actually Hanza, there is absolutely a way to do it. I mean the OEM does it, so technically it is possible & there are articles about it all ove MSDN.
The problem is that I think it will require platform builder. Or maybe the tools used to load linux onto the device.
If we can load linux onto the devices,Hanza, then there is no reason we couldn't load CE. The only question is...What tools are needed.
I'll play around with loading linux or maybe the Android SDK while waiting for my new device.
Click to expand...
Click to collapse
sorry, that's a misunderstanding my post was referring to the use of pst software/mtty and usb connection, and I reckon that it's cruel to give the man hope, though you can always buy yourself a piece of software built based on jtag, special serial connector and a book how to to that but given the sources you mentioned I reckon you haven't read much about the problem yet, my kaiser is about two be back from service this week and if there was no breakthrough on the internet about that with last 2 weeks then there is no know way how to talk to qualcomm diagnostic software directly using usb.

In reading this thread and the other, am I to understand that via MTTY commands, you have wiped not only your splash, radio & OS, but also SPL from your phone completely?
BTW, have you tried using itsme's utilities, e.g., pdocwrite to upload nb files directly? I have little or no experience with this tool, but I thought suggesting it wouldn't hurt...

_Alex_ said:
In reading this thread and the other, am I to understand that via MTTY commands, you have wiped not only your splash, radio & OS, but also SPL from your phone completely?
BTW, have you tried using itsme's utilities, e.g., pdocwrite to upload nb files directly? I have little or no experience with this tool, but I thought suggesting it wouldn't hurt...
Click to expand...
Click to collapse
yes Alex, also SPL (which is the real problem here), and you can't use pdocwrite unless you could actually talk to the device which in qualcomm diagnostic mode you can't with this software as it will not accept any commands other than specific to that mode, I have flashed windows mobile device for about 4 years now and that's actually the first time I ended up with a real brick but of course htc can easily fix it (they did it in 1 day, most likely in less than 30 minutes) but they have equipment to do that which I don't and only few users on xda have that kind of equipment, to get more info about it you could look in the search for task 2a there were bricks like this before us

Alex,
Yes CE, Radio, SPL, OS... All see to be completely wiped with the task 2a command. I don't think pdocwrite will work as its still needs a medium to connect to my device. That medium is what I have yet to find. The first step would be to somehow restore boot loader. I am currently trying to see if I csan use qpst to push linux to the device. I haev found some CE restore utilities for reverting from linux, but first I need to be able to at least boot to SPL or another Bootloader.

Whats about Windows CE and KITL Mode?

The device stays in OEMSBL. If you use the MotorolaQ drivers, you will be able to connect to the right COM port and issue radio bootloader commands. You will probably be able to unbrick it depending on what problem it has. First try the easy one:
* Execute "setboot 0" and "cego" commands.
If this does not work, then probably your SPL has been erased in NAND, you can check that by dumping radio memory address 0 right after executing "cego" command. (commands: "cego" and "mb 0 40000").
If it's all 0xFF then your SPL has been erased. Here's how to fix that:
1) Issue command 'setboot 1' (with the default 0, the application ARM is hang because it tries to execute 0xFF), this way it keeps the SPL in memory after reset.
2) Copy a full SPL at address 0 by issuing 256K times 'mb <address> 1 <byte>' (i've written a small app that does this for you...)
3) Patch the 'cego' function in ram, to NOP the function that loads application arm bootloader, in my case (OEMSBL version 1.27.12) the patch was 'mw 901708 1 0000a0e1' you'll have to figure it out yourself if you have a different OEMSBL version.
4) execute 'cego' and see the bootloader 3color screen appear again (keep the bootloader keys pressed if you have not used a patched SPL in step 2)
5) Flash HardSPL.
6) Connect to OEMSBL again and execute "setboot 0".
7) See the device booting OS

Thanks pof!
setboot 0 returns ARM9BootMode:0, so it is communicating. However, I get invalid command errors with the cego & mb commands. You think there is a way to flash an spl.nbh using OEMSBL thru pnewbootloader? I believe you're right on the money & from what I've learned playing around today is that the task 2a command indeed formats the NAND. So bye bye bootloader. I think it's now just a matter of finding a way to flash spl back. That said however, I can figure things out given a lot of time, but I'm definitely nowhere near a bright bulb on the XDA X-mas tree, so to speak. So you'll have to forgive me if the meaning of "Patch the 'cego' function in ram, to NOP the function that loads application arm bootloader" escapes me.
Thanks again!

When I used to work @ symbol we used to interface with our devices directly in IPL mode using hyperterminal (included in windows). I wonder if you could accomplish something like that?
From there we used to use IPL commands (I dont remember them because this was a long time ago)

GSLEON3 said:
Thanks Oli!
However, I get invalid command errors with the cego & mb commands. Also, where can I find the spl patch app you've written? I searched high & low.
Thanks again!
Click to expand...
Click to collapse
I think POF is talking about JumpSPL correct? I am surprised it didn't work after what POF recommended his right on 99% of the time!

I believe s right. I just think the cego command isn't correct for my device. I think maybe this command has changed just as spl commands can change between versions. The mb command also returns an invalid argument.
But it's definitely down the right path.

GSLEON3
I really wish I could help you out man. You have done alot on this forum for alot of people. Unfortunately I'm about as lost in here as a hooker in a pecker patch. Sorry bro, wish I could help.

pof's method only works if your device is security unlocked

Related

hi all, pls help me

I just got an I-mate JAM with following info:
ROM version: 1010.00 WWE
ROM date: 08/18/05
Radio ver: 1013.00
Protocol: 1337.43
ExtROM ver: 1.12.550 WWE
RAM: 64MB
Flash: 64MB
Model No: PM10A
Platform: PocketPC
which ROM that i should use now?
and can I do it without USB cable? (copy ROM to MMC and install)
I'm living in Vietnam and use English
Welcome to XDA-developers!
Your ROM version is fine, however you may wish to upgrade to the latest 1.13 ROM + 1.13 Radio + BigStorage (by the way, BigStorage is just a way in which you can extend your measly 7MB of Storage to 27MB). However you will need a USB cable for the above method: I highly recommend to invest in one anyway, as you will find installing many programs onto your JAM difficult without one.
I think it is possible to upgrade with just a SD/MMC card and a SD/MMC reader for your computer, however it is considerably more complicated and you will not be able to back up your existing ROM, as you will need your computer to command your JAM during the backup process. You will probably need to merge two upgrading methods in order to get a USB cable-free process, something that no one else has done. Sorry I don't quite have the time for that yet, but maybe someone else can come to your aid!
Is there a technical reason you can't use a USB cable by the way?
EDIT: I forgot this: the reason why you cannot upgrade by just dumping a ROM onto the SD card and letting the JAM upgrade from that is that the ROM must be modified with some special, device unique data from your JAM first before your JAM will accept it. The normal ROM upgrade programs do this via USB by retrieving the device data from your JAM and then applying it to the ROM they are about to send to it. While there is a way to manually get this required data, that too requires a USB cable (see http://forum.xda-developers.com/showthread.php?t=231410).
haaaaalp
hi there, i tried upgrading my 02 xda executive from the software update on O2 website.my active sync 4.1 stopped working in midst and my xda is nt working now.and my pc isnt recognising the xda. the xda isnt starting up its completely dead.I tried hitting the 2 softkeys and the soft reset button and the screen lights up and it says to rollback to factory setting hit 0 zero, but nothing happens................plz help would be appreciated.http://www.my-xda.com/xdaExecSoftware.jsp
also the screen now has USB and v1.00 over it and shows nothing but this and not starting up and my pc pops a message up saying that an unknown usb device and cant be connected
buddy28s said:
hi there, i tried upgrading my 02 xda executive from the software update on O2 website.my active sync 4.1 stopped working in midst and my xda is nt working now.and my pc isnt recognising the xda. the xda isnt starting up its completely dead.I tried hitting the 2 softkeys and the soft reset button and the screen lights up and it says to rollback to factory setting hit 0 zero, but nothing happens................plz help would be appreciated.http://www.my-xda.com/xdaExecSoftware.jsp
also the screen now has USB and v1.00 over it and shows nothing but this and not starting up and my pc pops a message up saying that an unknown usb device and cant be connected
Click to expand...
Click to collapse
Please avoid cross-posting, especially since this is the wrong forum. I can't help you anyway - different models of PDA can have very different ways of doing things.
toomuchdogfur said:
Welcome to XDA-developers!
Your ROM version is fine, however you may wish to upgrade to the latest 1.13 ROM + 1.13 Radio + BigStorage (by the way, BigStorage is just a way in which you can extend your measly 7MB of Storage to 27MB). However you will need a USB cable for the above method: I highly recommend to invest in one anyway, as you will find installing many programs onto your JAM difficult without one.
I think it is possible to upgrade with just a SD/MMC card and a SD/MMC reader for your computer, however it is considerably more complicated and you will not be able to back up your existing ROM, as you will need your computer to command your JAM during the backup process. You will probably need to merge two upgrading methods in order to get a USB cable-free process, something that no one else has done. Sorry I don't quite have the time for that yet, but maybe someone else can come to your aid!
Is there a technical reason you can't use a USB cable by the way?
EDIT: I forgot this: the reason why you cannot upgrade by just dumping a ROM onto the SD card and letting the JAM upgrade from that is that the ROM must be modified with some special, device unique data from your JAM first before your JAM will accept it. The normal ROM upgrade programs do this via USB by retrieving the device data from your JAM and then applying it to the ROM they are about to send to it. While there is a way to manually get this required data, that too requires a USB cable (see http://forum.xda-developers.com/showthread.php?t=231410).
Click to expand...
Click to collapse
Thanks for your help, i'll try and tell u the result.

Clarifications Needed: for a VIDEO GUIDE version of HOW TO FLASH A ROM...

I've been working on a step-by-step CLOSE-UP VIDEO guide to Flashing a ROM, including how to HARD SPL, to make available to users here. Here are things I'm still not clear on.
(These were posted recently to the Guide written by mskip in the Kaiser forums. He answered some questions, but these are still unanswered. )
Flashing via ActiveSync with USB Lead
2. Pull out the battery and reinsert it (this step IS important) *DONT turn phone back on yet*
Click to expand...
Click to collapse
** When is this step necessary & required (whether during initial HARD SPL or FLashing a ROM post-HardSPL) , as opposed to simply "Best Pratices"? What is this step accomplishing?
8. After a few seconds the tri colour screen will appear on the phone and "USB" will be displayed at the bottom
9. Unplug the usb cable for 30 seconds and then Replug (phone will not re-sync but still says "USB" on the screen)
Click to expand...
Click to collapse
** Please explain #9, what it is accomplishing & thus why recommended?
"Active Sync" vs "USB connection"
Please tell me if this is accurate or not:
(1)When installing via PC vs installing via Storage Card: After data has been backed up to PC by way of "Active Sync", thereafter, when performing any ROM updates (HardSPL or flashing a new ROM) the app "Active Sync" is technically no longer involved in the flashing process, but rather, what's necessary is simply having a USB connection from device to PC, correct? Is the distinction that Actice Sync can foul up the basic data connection from phone to PC necessary to flash a ROM. I want to be very clear. Is this accurate?
10. Right click on the Activesync icon in the bottom corner icon on the computer, goto connection settings, deselect "Allow USB connections" and click "ok"
11. Microsoft ActiveSync icon will now have a red cross in it and the program will say "Connection Disabled"
12. Run the ••••••RUU.exe file on your PC thats in the same folder as the HardSPL .nbh file and follow instructions (ticking boxes and clicking Next) *DO NOT reenable USB Connections in Activesync*
Click to expand...
Click to collapse
** same as above: Are these just more compensations in order to disable MS's incorrect assumption that the insertion of a USB cable always equals "launch an Active Sync session" ?
15. Unplug USB cable from phone then REPLACE SIM & SD CARDS !!
**Remember to re-enable "Allow USB connections" in Activesync connection settings after a successful flash**
Click to expand...
Click to collapse
Why, exactly, is it required to unplug the USB cable? Is it, again, a "Best Practices" precaution to prevent any kind of accidental read/write of data?
A few questions re entering Bootloader mode, various scenarios:
1. In some older guides, even for when flashing a rom to phone device from your PC , sometimes a step is specified to "enter Bootloader mode by holding & pressing the xxxx and xxx keys on your phone, and then xxxxx".
2. But if you have an RUU folder that includes the Bootloader.exe app, along with the RUU.exe and .nbh file, then by running the RUU.exe app, the entering bootloader mode is handled automatically, sending the commands to phone, which automatically place the phone into the tri-color screen mode? -- as opposed to one having to manually press xxxx and yyyy on phone to enter bootloader mode? Correct or not?
3. If correct: then, does it matter on which screen or in which mode your phone is currently on in order to begin the flash-ROM process? Could I just as well be on a Total Commander app screen or on a TouchFlo Today screen?
4. Some guide-writers recommend users hard reset their phones before starting a new flash-rom session, just for "best practices". Others consider this superfluous & irrelevant, and what matters most is a Hard-Reset be run immediately AFTER flashing a new ROM. ... Any opinion on this?
Flashing Via ActiveSync
<snip; this is deep into the flashing process >
2. Turn phone back on and wait until it syncs with your PC
Click to expand...
Click to collapse
** Would it be more accurate to say here "until your PC confirms it has a USB connection to your phone"? (You're not looking to run a sync session, but rather just getting a USB connection for files to be transferred from PC to phone.) I think the term "Active Sync" often creates more confusion than helpfulness in this whole realm of moving files from PC to phone. )
Question re RUU.exe file on PC:
From what I have seen in the ROMS I have used in years 2008-2009, the extracted ROM folders I've downloaded from the chefs have typically all had the file " Bootloader.exe " within the RUU folders, and that (in the case of mskip's Flash Guide for Kaisers) KaiserCustomRUU.exe calls the Bootloader.exe app which sets the phone into bootloader mode from the PC, without one needing to manually set the phone into bootloader mode.
But this is your response from your initial quick-reply, which confuses me"
The customRUU automatically puts the phone in bootloader mode thus there is no need for the seperate file (bootloader.exe).
Click to expand...
Click to collapse
** This confuses me. I am principally trying to distinguish between when one needs to manually set phone into bootloader mode -- and when this step is handled by the PC's RUU.exe process. In the older (around year 2007) "How to flash" guides, users were often told they needed to create a folder, make sure they have the correct RUU.exe file inside it, make sure they have the correct .nbh file, make sure they don't have files that are there for those with soft SPL phone, etc. And as far as I can recall, in those older Guides, this bootloader.exe file was not included. And thus users were instructed to manually put their phones into bootloader mode...
The difference being that for the past year or more, chefs currently are now providing the whole contents of the RUU folder in the .rar file, so that if you've hard-SPL'd, then that .rar file has eveything you need, and all you need to do is launch the RUU.exe -- never having to set your phone manually into bootloader mode.
Yet you are saying
Quote:
thus there is no need for the seperate file.
Click to expand...
Click to collapse
I'm not a coder, but I don't get this. Why would bootloader.exe be inside practically every RUU Folder nowadays if it were unnecessary to set the phone into bootloader mode to initiate the flashing process? You were saying the RUU.exe app itself would contain some method of setting phone inot bootloader mode without even needing that bootloader app present in the folder.
Could someone please clarify.
And secondly: Does it matter one bit of difference which screen your phone is on when you commence with running RUU.exe ?
And third : If users happen to be confused, and think they must manually set their phone into bootloader mode, as part of running RUU.exe, and they do manually set their phone inot bootloader mode and get the tri-color screen: Does that conflict with or hamper in any way the running of the RUU.exe program from the PC? Or does the RUU process just simply proceed, and send an "enter bootloader mode" instruction to the phone, which then causes the phone, already in tri-color screen, to be reset again into bootloader mode (and there is no problem that the phone was already in bootloader mode) ?
After New Rom is Completely Installed and You Have Customized Your Phone:
** I think it in dutty's guide where he says "after customizing your phone, power down your phone, then power it back up". Is this power-down/ power-up cycle equivalent to just doing a soft-reset? What is the difference as it pertains to that specific step after customization?
Quote:
Flashing Via MicroSD Card
<snip>
3. Goto the Roms Folder and rename the .nbh file to KAISIMG.nbh
4. Copy the KAISIMG.nbh file to your MicroSD Card
Click to expand...
Click to collapse
** Where does one get the correct 4-LETTER CODE for their phone if one has a DIFFERENT phone than Kaiser and wants to flash via MicroSD card?
-----
Thanks to anyone who can please clarify these points
2. Removing the battery is not required in any level of flashing a ROM. removing the battery for Hard-SPLing is not required on all devices. For instance, my polaris doesn't require removing the battery.
9. Not sure why you need to do that but it IS necessary (you can pm Olipro about it) but i'm pretty sure it has to do with updating the connection between the PC and the PDA since while in Bootloader the PDA doesn't act as a plug-and-play device.
11. I don't recall this being an important step as I flashed hard-spls and roms without changing the AS state. you HAVE to have an activesync connection with your PC in order to flash (doesn't have to be synced, but the PDA has to be recognized by activesync, hope this is clear).
15. Yes, it is not a MUST. you can flash roms and spls while leaving the cable connected.
---------------------------------------------------------------------------------------------------
2. Yes, if you have the full library containing bootloader and everything you can flash without entering bootloader manually prior to flashing.
3. flashing doesn't require a specific state. you can start the process whenever.
4. Hard-reseting before MIGHT make a difference... in some cases which i'm not familiar with. maybe there's an app which can disturb the flashing process.
Hard-reseting after is pointless as flashing a rom performs exactly that WHILE switching the OS.
-about the syncing.. yeah, you don't need an actual sync-session. a usb connection is enough (AS LONG AS the comp identifies the hardware of course)
-it doesn't matter if you have the bootloader.exe file inside or not (I assume it depends on your device as well.. but not sure). RUU runs bootloader automatically. about HARD-SPL.. yeah, i haven't seen a hard-spl which doesn't contain bootloader.exe.. (i again suggest you pm olipro about this)
-again, it doesn't matter which screen you're on when running the ruu
...
-about the phone codes for flashing... you can find all codes for all phones in the forum
for instance,
Polaris -> POLAIMG.nbh
Hermes -> HERMIMG.nbh
Blackstore -> BLACIMG.nbh
Diamond -> DIAMIMG.nbh
Raphael -> RAPHIMG.nbh
Trinity -> TRINIMG.nbh
yada yada...
you can search, and i'm pretty sure not ALL devices have this option..
the wifi also contains info about flashing from SD card.
also, wonderful initiative and i hope you will agree to post this in the GUIDES thread.

RhodiumW Hard-SPL Release

preface for the people not reading ... some quick answers:
- our page on this Hard-SPL is always here: http://rhodiumw.htc-unlocks.com/hard-spl.php
- license: you will just have to run the program on the PC with phone connected, normally you will not notice anything about the licensing, it is totally free for personal use!
- if you need help with license issues (when it says you already unlocked a device), you can send your message at: http://support.htc-unlocks.com
[SIZE=+2]Hard-SPL Release Time!!!! [/SIZE]
[SIZE=+2]NOTE: This is NOT a SIM unlocker - it also doesn't unlock Security for other radios. if you need that, GO HERE[/SIZE]
[SIZE=+2]NOW UPDATED -> if you already installed HardSPL, you will not need this update. but if you are going to HardSPL only now, it applies to you (package will lead you to update link anyway).[/SIZE]
Preface: okay, it was released only this weekend! but trust me the wait was worth it as it works really great and smooth now!
Licensing information: it's like with previous Hard-SPL unlockers - every user gets one free use of the Hard-SPL, further use is subject to paying a small amount per device.
however, if you are a private user, you can have other uses free on request if needed, such as using it on a replacement device.
the license is valid forever and all this works as transparently as possible, so for normal users nothing is noticable; while businesses who need to unlock more devices than that, can use the link inside the program to send payment or contact cmonex or Olipro if you want to discuss bulk unlocking.
contact info is: via support link at our site
IMPORTANT: please do not use this contact info for asking help for problems unrelated to licensing unless you are a paying customer. other messages will not be answered - instead you can use this thread to post about your issues!!!
Preparations:
0) this package is for Rhodium CDMA-GSM worldphone version only (CDMA Touch Pro 2, not the original Touch Pro) devices. only RHOD400, RHOD500 modelids are accepted. this Hard-SPL supports WM6.5.
1) if you have Vista / Windows 7, WMDC update to 6.1 (or whatever is latest) is recommended.
Instructions: read this if unsure how to install Hard-SPL... if you are an experienced user then you'll probably not need to read most of this but if you are unsure or run into an issue, then you should read the following!
Steps:
1) download newest RhodiumW Hard-SPL package and extract this to an empty folder.
2) you must Have Phone Synced with PC in Windows Mobile!!! the device needs to be connected to Activesync or WMDC via USB cable. and it must not be in Flight/Airplane mode (i.e. the phone part should be on).
3) internet access is required as the program checks online for updates and for the license.
4) run Rhodium-HardSPL.exe on your PC, make sure it's launched from a local drive (not through network drive, etc.). running it on XP requires Admin logon, and Vista/Windows 7 will automatically prompt to allow it to run in Admin mode, so allow it please.
important: if you get an antivirus warning, please ignore it, it contains no harmful code (just used a packer to compress it). if you encounter DEP errors, then add it to the exception list in DEP settings.
5) follow steps as prompted in the Hard-SPL program. if this is the first run of Hard-SPL on a device after hard reset, you must select Automatic flash mode (the first button in Welcome screen).
notes: you should usually go for Automatic flash mode; the Manual flash option is only to be used as noted below - any other errors triggered while running in Autoflash mode will have to be fixed as instructed in the error message.
6) it will ask you to wait while it prepares for the flashing, press OK.
7) now it should go through without any error messages, if one does pop up, then please follow the instructions included in the error text. if no specific instruction is shown, then ask for help in the forums, but this should not ever occur (as this means a really fatal error occurred).
at this point the device did hopefully went to a black screen. this is the SSPL version, which is temporary. then RUU (Rom Update Utility) will instantly launch.
9) some notes: when RUU says it will perform a hard reset and cause data loss, do not worry, it is not going to do this. also when it says the flash will take 10 minutes, ignore that, it will only take a minute or so.
10) SPL flashes, device automatically reboots, job done.
11) to confirm you got it installed, go into bootloader mode (tricolour screen!) and verify the screen shows 1.00.OliNex, which is the current Hard-SPL version.
More Notes:
NOTE 1: you will not see the SPL version during normal boot, that is the OS version, not SPL!
to enter SPL to check version, you need the following key combination: Power Button + Volume Down + Reset Button. means, do a soft reset while holding the "volume down" key and power key on the side of the device. hold these keys until you see a special tricolour screen which is the bootloader mode.
NOTE 2: this is unsigned Hard-SPL. no limitations on flashing ROMs (except of course some Radio roms). also, this has overwrite protection against HTC RUU's overwriting HSPL with a stock one, so if someone needs to revert to stock SPL for warranty reasons, a stock SPL downgrade package is posted on our site. use this relocker *only* if you need to return the phone for warranty, and only use it as last step - after reflashing stock OS and radio. see steps in the next post about how to reflash stock SPL.
NOTE 3: anyone having USB connection problems with the device after it already entered SSPL mode, please copy SSPL-Manual-Rhodium.exe from SSPL-Manual-RhodiumW.zip (available on our site), copy it to the device and run it. then once the screen has gone black, run the Hard-SPL package on the PC and you must select Manual flash option. *important*: make sure that the USB cable is plugged in and device is synced to Windows Mobile even if doing manual method.
NOTE 4: do not use this RUU for anything other than SPL flashing (i.e. hardspl or stock spl restore)!!! nothing other than SPL's made by Olinex team will flash to make SSPL more secure. if you want to flash some other rom, then use shipped RUU or a customRUU if you need to flash cooked ROMs.
NOTE 5: supported OS versions: both 32-bit and 64-bit XP, Vista, Windows 7RC and later. Windows 2000 was untested, and pre-RC win7 (lower than build 7100) is explicitly not supported. also, the program may be unstable or not work on Virtual systems, so it's recommended to try outside Virtual OS software.
Troubleshooting: and Step by Step on reflashing stock SPL: are in next post below!
Credits:
first, "OliNex" is a team which means: cmonex + Olipro
Olipro -> concept of EXE program that runs on the PC, Hard-SPL concept, server-side license code and maintaining the licenses.
cmonex -> HSPL package on PC, SSPL loader for windows mobile and SSPL binary. Hard-SPL binary. (SSPL loader: partially based on haret and old pof&Olipro jumpspl code),
[SIZE=+3]Donations are always appreciated, the Hard-SPL program will provide you with a link at the end of the process to make it easier. any little helps!!! Thank you![/SIZE]
and now enjoy!
-continued from first post-
Manual SSPL download: (added soon)
Troubleshooting:
firstly:
- read the instructions above.
- read the instructions above.
- read the instructions above.
nothing happens on the device, does not enter black screen mode:
- anyone having problems with the device crashing instead of entering SSPL, make sure you've used Automatic flash mode before to put the device in SSPL (if you hard-reset your device, you have to repeat Automatic flash mode at least once).
- please make sure you watch the device screen if it asks about running files (it probably won't, I made sure of that, but just in case, check, for example it can warn about model incompatibility).
- also you can try unticking advanced usb/network functionality in settings on the device. exact location of this will probably be: start menu / settings / connections / usbtopc applet.
general usb connection error problems:
- if you get connection error in RUU after the device goes to black SSPL screen: make sure device was still synced via USB to the PC at the point of it entering SSPL (the black screen) and do not try replugging please, that will probably just crash SSPL.
- it will take a few seconds for the RUU to detect the device, but do not worry, as soon as the USB connection is established in SSPL, RUU will see device. if not (happens very rarely), wait for RUU to time out (or wait a few minutes). then remove back cover, reset, it will boot OS again, then you can retry unlocking process.
- anyone having problems with the device entering SSPL without functional USB port ("ERROR 260 CONNECTION" RUU error), you can get SSPL-Manual-Rhodium.exe from attachment in this post, copy it to the *device* itself and run it. then once the screen is showing black, run the Hard-SPL package on the PC and select Manual flash option. please do not use Manual flash option for any other purposes
- try a different USB port
- try different USB cable
- do not touch USB cable during the process especially if it is already a bit dodgy
- also do not use USB hub
- you can also try rebooting your PC
- and you can try using another PC.
- another reason for USB connection error: if your PC takes too long to load the drivers (if your device is in bootloader for the first time it needs to do that), then if RUU times out, but device is still in black screen, just leave it there and re-run the Hard-SPL package when driver installation finishes - you must use Manual Flash option in such a case. I recommend to wait for Windows to take its time searching for the USB drivers, then click Next in RUU only when they are installed.
- finally, you can try disabling antivirus or firewall programs on the PC.
ModelID checking: if SSPL loader says it's for a different model or device, please make sure you are using the correct HardSPL package. currently this SSPL accepts only RHOD400, RHOD500 modelids i.e. the CDMA-GSM worldphone version, but if we get notified of another compatible RhodiumW version, we will instantly modify it to allow those models. check modelid by entering SPL tricolour screen manually and note what it says (RHOD400, RHOD500, or something else). note: RHOD1xx, 2xx, 3xx are not going to be compatible at all!
other issues:
- if device reports that Enterbootloader.exe fails to run (says missing component or corrupt signature or similar), try a hard reset.
- if device reboots instead of going to SSPL screen (black), which is very unlikely to happen, then contact us by PM to cmonex. do not PM OliNex user, that is not monitored frequently (and PM's to it are disabled now anyway).
- if none of the above help, read thread for further suggestions, if still nothing, make a post in thread describing all details about the exact situation.
how to reflash Stock/Shipped SPL: - STEP BY STEP - FOR WARRANTY REASONS ONLY!
0. please make sure you already flashed stock ROM and radio, because stock SPL flash is *always* the last step before sending the device in.
1. download the Relocker by clicking here, extract the zip and run the EXE on your PC
2. if you wish to replace RUU_Signed.NBH that got extracted, feel free to do so, but not necessary (this Hard-SPL will only allow overwrite with a SPL made by us). the included one is the 0.63.0000 stock SPL. 3. flash
4. verify if it flashed by checking version in tricolour screen, it should say 0.63.0000, not 1.00.OliNex.
About UPDATES:
-new release coming soon, fixes a specific problem for a small group of people-
-more troubleshooting tips soon-
Consider yourself... sticky
Thank you Olinex. Great WORK
thank you! can someone please tell me what this does for my vzw tp2? thank you so much .
buggs1a said:
thank you! can someone please tell me what this does for my vzw tp2? thank you so much .
Click to expand...
Click to collapse
In a nutshell, this basically will allow you to flash custom made roms and other assorted customizations.
Hey, thank you.
Does using this and then not putting a custom rom on it right away do anything bad? Like waiting for a 6.5.1 rom or something. Sorry if this isn't the right place. Forgive me please.
Crashes on vista x64 sp2 home premium. as soon as I click to open the hard spl exe it crashes.
You can wait as long as you want to flash another rom, custom or carrier. So no worries in holding off.
Thanks so much for answering.
Here's something.
Crashes on vista x64 sp2 home premium. as soon as I click to open the hard spl exe it crashes.
I just tried. I don't get it.
My mcafee doesn't have a trust app add feature that i can see so i turned off real time scanning to extract the file and then run it. Then the hard spl crashes when i try to run it. I hit auto flash and immediately it crashes.
What specific error message(s) are you getting?
Nothing specific. It just crashes and the windows app crash pops up. That's all that I can remember. Should I try again and look for something specific?
Also I would like to say that I connected the phone to my pc via usb cable and that's it. On phone opened the disk mode or active sync selection but I didn't touch anything in time then it disappeared. The phone showed up as a hard drive in explorer. I didn't do anything else when trying to run the hard-spl exe. Should I have?
Thanks a million.
You need to make sure you're connected to your computer and sync up with ActiveSync. Once that's all connected properly, then you can run hspl.
but how do i do that? i noticed just now i reconnected phone and active sync was selected on the phone, but nothing comes up on windows vista except the auto run and it says synch with media player or open to view files or do nothing.
Oh, Vista. Right. You'll need to use Windows Mobile Device Center then. Install that, reboot, then sync up with that (it's ActiveSync's replacment for Vista and Windows 7). Then you should be able to run hspl fine.
That you very much Oli, and to all the people who worked so hard on this! I just put it on my Verizon Touch Pro 2 and it went like a snap, but what software from you doesn't A nice donation is coming yer way me matey!
thanks. that did it.
i got to the part where it said make sure the battery has 50% or more. i said cancel and now my phone is off and won't come on. I disconnected usb and tried to turn it on and nothing happens. reconnected phone and tried to do this again and it told me i need to active synch again. but i can't turn on phone right now. I don't know what to do now.
Have you tried taking out the battery of the phone, reinserting it and turning it back on?
trying now except i dont know how to open it. ok my bad. had to remove stylus. it's on now.
Ok sweet. It rebooted the phone. Success I suppose. Now to find a rom.... But then I dunno what to look for. hmm...
lol
buggs1a said:
trying now except i dont know how to open it. ok my bad. had to remove stylus. it's on now.
Ok sweet. It rebooted the phone. Success I suppose. Now to find a rom.... But then I dunno what to look for. hmm...
lol
Click to expand...
Click to collapse
Glad you got it figured out. Have fun finding a good rom that suits you.
edit: since we don't really have much of a CDMA TP2 selection just yet, I'd recommend checking here. He makes a great ROM. Just be sure not to discuss ROMs in this thread.
I posted this at PPCGeeks also, but here is a problem I am having while trying to unlock in Windows 7 x64 using WMDC.
1. Ran the .exe
2. Screen pops up "Preparing to flash, press ok to wait. I press ok.
3. The screen goes black (like it's supposed to), Active Sync DISCONNECTS, and a box pops up: "Welcome to the ROM update utility...". I check the box "I understand the caution..." and click next.
4. The next box pops up "Follow the instructions..." and I check the box "I completed the steps..."
5. A box pops up: "Verifying the information on your PDA phone...please wait..."
6. About 30 seconds go by, and an error box pops up: Error [260]: Connection...
7. The screen remains black and the phone non-functional. I have to soft-reset the device at this point.
When I soft-reset in #7 above, the computer dink-donks like when you disconnect the UBS cable, so there's still some sort of connection the PC is recognizing. I tried a second time after installing the enablerapinew.cab (using auto mode) and got the exact same errors.
Any thoughts?

Hardware/ROM reversing problems.

Hello,
I'm in the process of forensically analyzing a windows mobile HTC Snap. I'm encountering a few problems while trying to analyze the device, using windows as the platform to connect the phone to.
- First of all it's not an option to use ActiveSync due to to company policies to make a dump of the ROM, I am thus not able to use the itsmine tools like pdocread. Using the great search function of this forum I'm now trying to use the bootloader build in RBMC command, I'm just not sure what type of output this command produces, is it a chip level image(including spare blocks) or is it a filesystem level image?
The RBMC command seems to work to a certain degree, but after approximate 102MB it gives an error and stops reading. My questions are as follow
- How do I reassemble the image to something that can be interpreted as a (T)FAT partition? I've looked at the datasheet of the NAND chip but it does not specify how the spare blocks are used and how I should reconstruct it.
- Am I approaching this the correct way or do I need to flash my own SPL first, to be able to make the ROM dump? If so, what SPL do I need to flash so that I can make a dump of the entire ROM?
The last issue I have is, that after entering the password at the bootloader prompt it gets accepted BUT when I issue the 'task 32' command my level is still FF instead of 0. Does the HTC Snap need a different password?
I also tried to connect the Snap to a Linux system, but even when specifying the correct vendor and product id the ipaq driver fails with a cryptic -5 error. Even if I put the driver in debug mode it still does not give me any useful hints on what goes wrong. Any pointers how to get this working?
Kind Regards,
me.
+1 to this question.

[SOLVED] - [Q] Fujitsu Simens loox N560 died after bad firmware

hi.
I'v got loox n560 that was upgraded to WM6.1-6.5 servel times without any problem.
the last time i did update, i did it accidentally with a bad firmware file(uncompleted download).since then, the device wont boot(just a white screen).and the pc wont recognize it.
any way to save it? or i made myself a nice paper weight?
thanks.
I think there was a way to put the N560 in bootloader mode by pushing some keys and soft-reset hole manually (the "monkey grip" it was called or something similar...) and with the file of the rom to be flashed in a SD card... perhaps you can google for information on this ancient -and more unsure that the cable one- flashing mode. Worth to try it better than have a paperweight...
Good luck!
I give you more information (shame that FIRSTLOOX information is not there anymore)
For manual bootloader mode: press On-Off button + left side button (voice recording) + stylus soft reset (for some seconds). Keep pressed On-Off and recording untill the dolphins appear.
I can't find references to flash from SD card. Anyway, for incomplete flashing, Newplowe gives this procedure:
"You should close process "wcescomm.exe" on PC in task manager. Then hold button record, power and puch reset after that you will come in boot loader. Run the program mtty.1.42 and select usb connect. If You will see the any error just start again mtty. Put command l c:\os_213u.nbf (You should put correct flash file in c:\ or use correct path to os_213u.nbf, l - like L but small). When it will done You should start PocketLOOX5xxFlashTool.exe and flash you PDA."
I got this reference from "http://forum.xda-developers.com/showthread.php?t=429148&highlight=flash+n560+card".
Good luck anyway.
this is very interesting...
i was able to put the device into boot loader mode and ran the command "L c:\os_213u.nbf" ("l" didnt work, but L did).
it did something to the device, a progress bar till the end of the screen.but the device didnt reboot.when i try to run POCKETFLASH program it couldnt connect to the device.
i runing windows 7, so i guess it the problem(ACTIVE SYNC is a XP PROGRAM).
i'll try installing XP on another computer and try this again.
thansks.
almost...
i have installed Windows XP just for this, and everything seems to go well, i connect with MTTY, put the l c:\os_213u.nbf command and the device respond.
the next stage i to flash with PocketLOOXN560FlashTool.
when i start it, i receive connection error, and then i go to recovery mode.the program try to communicate with the device, but i get at the end error that the ROM language is different than the language on the device.it says "(ENGLISH)" and there are also empty
()
Click to expand...
Click to collapse
at the end.
i doubled checked this with the original WM5 English rom, and its the same.
is there a way to change the language with MTTY?
any other ideas? its a shame to stop now after i can get a response from the device...
thanks.
The only idea I have is to check if after the failed flashing your N560 is still an "english" one. Perhaps the defective rom has changed the language of your device to something else...
If your device respond to communication with the XP computer, perhaps you could make a rom dump (in newplowe's page you can got tools for doing that) and check in the dump file with an hex editor which language actually has. You can always check newplowe's blog and forum (with google translator ), or ask him
Sorry i didnt post an update.
i have fixed the rom language.it had a gibberish mark at the end of the ENGLISH, after i have fixed that, .the device was flashed correctly and its working!
thanks for thelp guys

Categories

Resources