Vodafone v1415 (HTC S710) ROM - HTC Vox

Hi there,
Does anyone happen to have the Vodafone v1415 ROM that I could use to flash my bricked Vox back to life with? At the moment all I get is the bootloader screen but I cannot flash any other ROM at the moment as all I get is the Invalid Vendor ID.
Many thanks in advance for any help.
Regards
Bunter12345

were you lucky enough to get that rom? cause I am looking for it now...

What is it that you are trying to do?
I have a utility and a rom that will allow you to reinstall the OS onto that model of handset, it's about 50meg in size though.
PM me if you want to discuss further.
Cheers

bunter12345 said:
Hi there,
Does anyone happen to have the Vodafone v1415 ROM that I could use to flash my bricked Vox back to life with? At the moment all I get is the bootloader screen but I cannot flash any other ROM at the moment as all I get is the Invalid Vendor ID.
Many thanks in advance for any help.
Regards
Bunter12345
Click to expand...
Click to collapse
if you search german vodafone rom you can get it here:
http://www.vodafone.de/downloadarea/vda_V_RUU_Vox_VF_DE_1_35_162_1_4_1_13_44_02_94_90_Ship.exe

I tried the rom you published, but I got the same Vendor ID error. My vodafone is from the UK and its the english rom... thanks much!

ChardC said:
I tried the rom you published, but I got the same Vendor ID error. My vodafone is from the UK and its the english rom... thanks much!
Click to expand...
Click to collapse
TO ALL THE PROS HERE:
is there anyway to unlock vox with bootloader only (with mtty or s.th like that)? is there a possibility to run jumpspl?
is there a way to use this solution?(this wont even modify bootloader! is there s.o who can make use of this for free unlocker(they must have a calculator so s.o must be able to find it!)
thx

you can search the "gold card" or "Qmat" in this forum to repair your vox

may unbricker rom works although for your device?
http://forum.xda-developers.com/showpost.php?p=2913636&postcount=1

Thanks guys, I'm going to try the unbricker rom first, then the gold card option, I'll keep you all posted on whats happening in a fews mins/hours

Are you sure you want to dare it? The ELF is a different device than the VOX, so may brick it forever! a slight chance though, as they both use OMAP 850 processor and also the rest of HW may be similar. I would NOT dare it.

I was too excited to realize that... lol
thanks for pointing it out..

I looked up a little on the Gold Card info and it seem like the QMAT application can create an SD Card with a key that gives you a SuperCID when it is inserted in the device.
You should then be able to flash any VOX-ROM as long as you have this SD Card inserted. So a "Gold Card" is not an SD Card with an onboard ROM Image that is loaded and flashed from there, but just an option to get the device temporarily "SuperCID" enabled. These "keys" seem to be device specific and must match the formatted SD cards Serial# - so it is very unlikely that any foreign image will work yor you.
The good thing is that you can't spoil anything if you play with QMAT and a possibly generated "Gold Card" for your device. I think I will play a little to see if I get my VDA_V temporarily in SuperCID mode this way. the method to check is described in the Gold Card WIKI article linked below.

I checked, but I only have SDHC micro SD cards and those cannot be read in Bootloader mode it seems. So if you want to make your own GoldCard you need:
1.) a NON-SDHC micro-SD Card of any size (even very small)
2.) format it with FAT32 and clustersize 4kB
3.) an AS-connected WinMo device with this card above inserted and accessible (Guest mode AS is enough)
4.) Use QMAT (4.35 works for me, the latest hangs on my PC) to generate a Gold Card as described.
5.) Follow Wiki instruction to see if g_cKeyCardSecurityLevel is now equal to 0

Guys,
I was able to do the superCID with the gold card instructions from dsixda and elf good card info... great work!!! I am flashing another image to the phone which i downloaded of the ftp... my phone is back and functioning... great stuff guys, great stuff!

Hi ChardC,
...how did you flash the ROM in the last step - via RUU or copied to the microSD?
I was trying to shortcut the USPL steps when loading a new cooked ROM on my VDA V, but - despite all checks described in http://wiki.xda-developers.com/index.php?pagename=Elf_GoldCard are ok - the RUU update is stopped at 3% with the well know corrupted file message.
Reinstalling StockROM and using USPL later did the job, but I was confident that the Gold Card could save some time.
Do you have a hint?

Have done a few more tests and it seems that:
1.) if you want to load the image directly via the bootloader (vox0img.nbh file in the root of the card) it should be on a fresh formatted card and the only file on the card - otherwise the file is not found.
2.) even if the card is a GoldCard, only valid signed nbh files are accepted from the bootloader (I have 1.35), so the cooked ROMs do not work here, but only the ones from the manufacturer, in my case I tried the HTC S710 ROM (which is not accepted on a VDA_V normally) and the original VDA V ROM. Both pass the initial check of the bootloader ("Checking SD contents") and it asks then for downloading the content to the device. Cooked ROMs (I tried frauhottelmann NeoRose 1.0 and WM65V20) fail here with an error "invalid certificate".
3.) contrary to my initial observations the bootloader (I have 1.35) can read non-SDHC cards and as well SDHC cards. But when the SDHC card is inserted when starting up, it will not find it - only after you change cards it will see it. See the sequence of responses to the "set 32" command:
- directly after bootloader comes up and SDHC card is inserted:
Code:
Cmd>set 32
+ SD Controller init
- SD Controller init
+StorageInit
SDInit+++
SDCmd8 Command response time-out. MMC_STAT = 80
SDCmd8 Command response time-out. MMC_STAT = 80
SDCmd8 Command response time-out. MMC_STAT = 80
[COLOR="Red"]SDInit - SD ver1.0[/COLOR]
SDCmd1 Command response time-out. MMC_STAT = 80
SDCmd1 Command response time-out. MMC_STAT = 80
SDCmd1 Command response time-out. MMC_STAT = 80
SDInit: ACMD41 wait for power up bit timeout
+ SD Controller init
- SD Controller init
+StorageInit
SDInit+++
SDCmd8 Command response time-out. MMC_STAT = 80
SDCmd8 Command response time-out. MMC_STAT = 80
SDCmd8 Command response time-out. MMC_STAT = 80
[COLOR="Red"]SDInit - SD ver1.0[/COLOR]
SDCmd1 Command response time-out. MMC_STAT = 80
SDCmd1 Command response time-out. MMC_STAT = 80
SDCmd1 Command response time-out. MMC_STAT = 80
SDInit: ACMD41 wait for power up bit timeout
g_cKeyCardSecurityLevel = FF
- then after inserting a non-SDHC card:
Code:
Cmd>set 32
+ SD Controller init
- SD Controller init
+StorageInit
SDInit+++
[COLOR="Red"]SDInit - SD ver2.00[/COLOR]
SDCmd1 Command response time-out. MMC_STAT = 80
SDCmd1 Command response time-out. MMC_STAT = 80
SDCmd1 Command response time-out. MMC_STAT = 80
SDCmd55 Card status error in response. MMC_STAT = 4000
[COLOR="Red"]SD Ver2.00: Low Capacity[/COLOR]
***** user area size = 0x75E00000 Bytes
SDInit---
SDInit OK
Unlimited time!
g_cKeyCardSecurityLevel = 0
- finally after putting back the first SDHC card:
Code:
Cmd>set 32
+ SD Controller init
- SD Controller init
+StorageInit
SDInit+++
[COLOR="Red"]SDInit - SD ver2.00[/COLOR]
SDCmd1 Command response time-out. MMC_STAT = 80
SDCmd1 Command response time-out. MMC_STAT = 80
SDCmd1 Command response time-out. MMC_STAT = 80
SDCmd55 Card status error in response. MMC_STAT = 4000
[COLOR="Red"]SD Ver2.00: High Capacity[/COLOR]
READ_BL_PARTIAL != 0
***** user area size = 0x800 Bytes
SDInit---
SDInit OK
Unlimited time!
g_cKeyCardSecurityLevel = 0
Nothing gained here for loading directly from card :-( - as there the initial recognition of the card has to work. But also an SDHC card will operate as a Gold Card, if you (re-)insert it after the bootloader is already loaded.

Related

Binary partition 1 corrupt

Hi,
I ran doctest on my prophet which ended up corrupting the doc. I managed to get the doc fixed except for binary partition 1. Now I have a prophet which boots into the OS, but has a corrupt CID, IMEI, SIMLOCK, GSMDATA, etc- which means my prophet is now a PDA without a phone...
In short, 0x0-0x44000 area on binary partition 1 is corrupt and I don't have a backup of it.
Can a dump of this block from another prophet be used directly on my device? What all would have to be reconstructed in this block to make it run successfully on my device?
Pls help!
slickdick said:
Hi,
I ran doctest on my prophet which ended up corrupting the doc. I managed to get the doc fixed except for binary partition 1. Now I have a prophet which boots into the OS, but has a corrupt CID, IMEI, SIMLOCK, GSMDATA, etc- which means my prophet is now a PDA without a phone...
In short, 0x0-0x44000 area on binary partition 1 is corrupt and I don't have a backup of it.
Can a dump of this block from another prophet be used directly on my device? What all would have to be reconstructed in this block to make it run successfully on my device?
Pls help!
Click to expand...
Click to collapse
for people reading this, DO NOT RUN DOCTEST ! EVER !
for sidekick, what do you have ? G3/G4?
if you have a G3 it should be possible to fix with itsme tools if you know what you are doing.
I have a G3 IPL 1.0 SPL 2.15.0000 (+gold card)
I have managed to get 0x00000-0x10000 from a wizard (cid locked/sim unlocked). Updated it with superCID using typhooncidedit.pl and flashed it on my doc using pdocwrite.
However, I am still getting a "GetDeviceCID: Error - InitDecoder" on running 'info 2', IMEI is still the default 44xxxx... and am getting Simlock.exe error-"Data error: contact service....." on inserting a SIM
I can think of the following three reasons why this hasn't worked for me:
1. wizard and prophet have different CID blocks and one from prophet might work
2. CID block contains a unique device specific identifier (docuniqueid maybe) apart from what is not mentioned in typhooncidedit.pl
# 0x0000-0x0004 - version
# 0x0010-0x0018 - checksum cryptkey
# 0x0140-0x0148 - imei
# 0x0160-0x0180 - cid
# 0x01a0-0x01a8 - keyindex at byte +3
# 0x1200-0x1a00 - cid cryptkey
# 0x1c80-0x1c88 - lockflag
# 0x1d00-0x1f00 - lockcodes
# 0x4000-0x4400 - mccmnc ??
# 0xfff8-0xffff - checksum of 0-0xfff8
3. the device looks at information in 0x10000-0x40000 at least for IMEI & simlock
Am I on the right track or are there any easier alternatives? Either ways, I think it is important for me to get 0x00000-0x44000 of a G3 prophet in order to investigate further.
It would of GREEEAAAT help if someone can provide me a dump of this area
pdocread -n 1 0 0x40000 cidblock.bin
pdocread -n 1 0x40000 0x4000 -b 0x4000 gsmdata.bin
(pls also mention your docuniqueid from 'pdocread -l')
slickdick said:
I have a G3 IPL 1.0 SPL 2.15.0000 (+gold card)
I have managed to get 0x00000-0x10000 from a wizard (cid locked/sim unlocked). Updated it with superCID using typhooncidedit.pl and flashed it on my doc using pdocwrite.
However, I am still getting a "GetDeviceCID: Error - InitDecoder" on running 'info 2', IMEI is still the default 44xxxx... and am getting Simlock.exe error-"Data error: contact service....." on inserting a SIM
I can think of the following three reasons why this hasn't worked for me:
1. wizard and prophet have different CID blocks and one from prophet might work
2. CID block contains a unique device specific identifier (docuniqueid maybe) apart from what is not mentioned in typhooncidedit.pl
# 0x0000-0x0004 - version
# 0x0010-0x0018 - checksum cryptkey
# 0x0140-0x0148 - imei
# 0x0160-0x0180 - cid
# 0x01a0-0x01a8 - keyindex at byte +3
# 0x1200-0x1a00 - cid cryptkey
# 0x1c80-0x1c88 - lockflag
# 0x1d00-0x1f00 - lockcodes
# 0x4000-0x4400 - mccmnc ??
# 0xfff8-0xffff - checksum of 0-0xfff8
3. the device looks at information in 0x10000-0x40000 at least for IMEI & simlock
Am I on the right track or are there any easier alternatives? Either ways, I think it is important for me to get 0x00000-0x44000 of a G3 prophet in order to investigate further.
It would of GREEEAAAT help if someone can provide me a dump of this area
pdocread -n 1 0 0x40000 cidblock.bin
pdocread -n 1 0x40000 0x4000 -b 0x4000 gsmdata.bin
(pls also mention your docuniqueid from 'pdocread -l')
Click to expand...
Click to collapse
you are on the right track, as you have a G3 it should be possible to fix as pdocwrite can write a G3 DOC
as you can see from my signature, my G3 is bricked so I can't help at the moment
however, I see you have a gold card !? care to explain how you made it ?
Thanks
Prophet Goldcard
I just followed the instructions in typhoonnbfdecode.pl with slight modifications to some checks in IPL & OS
you have a bricked G3.... stuck in bootloader I presume? There are two ways you can fix it with the help of a gold card.
1. Cardid is known and docuniqueid is not known
use tornado keys and xxx magic and '00' as first two chars in cardid to generate a securitylevel=0 non-flashable sd image.
>perl typhoonnbfdecode.pl -d prophet_gold.img -p magic=xxx -p cardid=00610032DF69A01947323044534D5402 -p keys=tornado -p seclevel=0
using this card I get a the normal bootloader screen but with a security level of 0
Cmd>set 32 0
+ SD Controller init
- SD Controller init
+StorageInit
***** user area size = 0x7AC00000 Bytes
Unlimited time!
GetDeviceCID: Error - InitDecoder <<<<< due to corrupt bin partition 1
g_cKeyCardSecurityLevel = 0 <<<<< Voila!
now use the l or lr command in bootloader!!!
2. both Cardid and and docuniqueid are known
use tornado keys and '00' as first two chars in cardid to generate a flashable sd image.
however, for this to work, comment out all the checks in validate_os and the BIPO check in validate_ipl in typhoonnbfdecode.pl
>perl typhoonnbfdecode.pl -d sd80.img -p cardid=00610032DF69A01947323044534D5402 -p keys=tornado -p seclevel=0 -p docuniqueid=00000000a440020420380318130b0571 -r os=OS.nb
no more "Not Allow Update" 's
I'm so busy now in the college exams, this is my graduation year, and I only look at the posts like checking my mail without replying.
But at least I find a guy understand what he is doing, and has no ego, and polite, not like others in this very impolite, and the problem they are stupid, and think themselves understand, all what they do, reading and repeating without understanding or try to improve.
After this long story you don't have to read it, trying to help you if I can.
About the IMEI block => try to use IMEI wizard for changing the IMEI for prophet it will overwrite the old block. It uses pdocwrite.exe =pdocread.exe
About the other blocks I have a G3 prophet IPL 2.10 SPL 2.20 and I have back up with r2sd all and unlocked CID.
I'll pdocread any block you want but I'm going to send it by e-mail in parts, because I can't guarantee the net in big files, so just read your private messages.
slickdick said:
I just followed the instructions in typhoonnbfdecode.pl with slight modifications to some checks in IPL & OS
you have a bricked G3.... stuck in bootloader I presume? There are two ways you can fix it with the help of a gold card.
1. Cardid is known and docuniqueid is not known
use tornado keys and xxx magic and '00' as first two chars in cardid to generate a securitylevel=0 non-flashable sd image.
>perl typhoonnbfdecode.pl -d prophet_gold.img -p magic=xxx -p cardid=00610032DF69A01947323044534D5402 -p keys=tornado -p seclevel=0
using this card I get a the normal bootloader screen but with a security level of 0
Cmd>set 32 0
+ SD Controller init
- SD Controller init
+StorageInit
***** user area size = 0x7AC00000 Bytes
Unlimited time!
GetDeviceCID: Error - InitDecoder <<<<< due to corrupt bin partition 1
g_cKeyCardSecurityLevel = 0 <<<<< Voila!
now use the l or lr command in bootloader!!!
2. both Cardid and and docuniqueid are known
use tornado keys and '00' as first two chars in cardid to generate a flashable sd image.
however, for this to work, comment out all the checks in validate_os and the BIPO check in validate_ipl in typhoonnbfdecode.pl
>perl typhoonnbfdecode.pl -d sd80.img -p cardid=00610032DF69A01947323044534D5402 -p keys=tornado -p seclevel=0 -p docuniqueid=00000000a440020420380318130b0571 -r os=OS.nb
no more "Not Allow Update" 's
Click to expand...
Click to collapse
Create, Let me try some things here, In my gold card thread I've started outlining this.
I used the same steps as you did, however I got stuck in getting the cardid, for some reason the memdump didnt contain the cardid.
which route did you use to get the cardid ?
(I used my second prophet to get that, but failed)
Thanks for the explaining so far.
paradis_pal said:
I'm so busy now in the college exams, this is my graduation year, and I only look at the posts like checking my mail without replying.
But at least I find a guy understand what he is doing, and has no ego, and polite, not like others in this very impolite, and the problem they are stupid, and think themselves understand, all what they do, reading and repeating without understanding or try to improve.
After this long story you don't have to read it, trying to help you if I can.
About the IMEI block => try to use IMEI wizard for changing the IMEI for prophet it will overwrite the old block. It uses pdocwrite.exe =pdocread.exe
About the other blocks I have a G3 prophet IPL 2.10 SPL 2.20 and I have back up with r2sd all and unlocked CID.
I'll pdocread any block you want but I'm going to send it by e-mail in parts, because I can't guarantee the net in big files, so just read your private messages.
Click to expand...
Click to collapse
Nice to see you back on the board, I've read some of your early posts and they were a great help !
If you could help out that would be great, I know what it is like during exams
Id would be great if you guys could help me find the cardid, I'm trying to get this, but im guessing i'm looking at the wrong section:
Using memmap on my G4 i've dumped the memory section of device.exe
pmemmap -s 0x06000000 -w deviceexe.mem -p 0x10000000-0x12000000
However when searching through it, I can't find the SBDS/ Memory Card section, only a RSDS section at 0x1101C.
Am I dumping the wrong section ?
try to search for memory card using unicode character set ((winhex)), because it's writtin in unicode
I'm not sure, if you are using any other ROM but try to use original qteck s200 rom 2.20 without insalling anyother programs, and try again without installing the ext rom,
try any debuger manger to find out the memory section of device.exe cause it is not always 0x06000000
paradis_pal said:
try to search for memory card using unicode character set ((winhex)), because it's writtin in unicode
I'm not sure, if you are using any other ROM but try to use original qteck s200 rom 2.20 without insalling anyother programs, and try again without installing the ext rom,
try any debuger manger to find out the memory section of device.exe cause it is not always 0x06000000
Click to expand...
Click to collapse
Thanks for the advice, I did use winhex in unicode, I will try with the qtek rom,I will post an update soon, getting my card reader at work now
hope your exams are going ok !
How to find Cardid on Prophet
For CardID, on my G3, I did not find the SBDS signature in the memory dump of device.exe. However, there were two occurances of Unicode "Memory Card". 73 (0x49) bytes after one of them was what I could recognize as the cardid.
From what I can make of the codes (ASCII) mentioned in typoonnbfdecode.pl
'UE...c.U821DSDS.' for minisd
'[email protected]' for kingston
'?<.e.Gd.821DSMT.' for daneelec
All three have 821, which is reverse of 128!!! size 128MB!!! Ring-a-bell?!? Can we interpret similar structure for all other cards < 1GB?
'DSMT' seems to be standard for Dane Elec cards. same can be interpreted for other types like DSDS looks to be standard(maybe somone can confirm this)
If you analyze the ASCII of card id of my 2GB Dane Elec- '%a.2ßi..G20DSMT.'
you will see 'G20' representing size (representation for size seems to be different for cards > 1G. Again, someone needs to confirm this observation) and 'DSMT' standard signature for Dane Elec.
All in all, if you are not able to find the 'Memory Card' pattern, depending upon card make and size, search for any of the CardID ASCII patterns in the memory dump.
(btw, To find the starting offset of CardId- third character of CardId seems to be 0x00. If you are familiar with using grep, finding cardid in the memory dump could be easier)
Let me know if this helps.
Reverse of cardids is shown below:
minisd in typoonnbfdecode.pl
03 53 44 53 44 31 32 38 55 00 63 CF AC 00 45 55 SDSD128U cϬ EU
kingston in typoonnbfdecode.pl
18 49 4E 31 32 38 4D 42 03 40 1F 53 09 00 51 3F IN128MB @ S Q?
Dane Elec in typoonnbfdecode.pl
02 54 4D 53 44 31 32 38 07 64 47 BA 65 00 3C 3F TMSD128 dGºe <?
and finally my 2GB Dane elec
02 54 4D 53 44 30 32 47 19 A0 69 DF 32 00 61 25 TMSD02G *iß2 a%
Makes sense? I think you can directly search for the cardid pattern in the memory dump.
slickdick said:
Reverse of cardids is shown below:
minisd in typoonnbfdecode.pl
03 53 44 53 44 31 32 38 55 00 63 CF AC 00 45 55 SDSD128U cϬ EU
kingston in typoonnbfdecode.pl
18 49 4E 31 32 38 4D 42 03 40 1F 53 09 00 51 3F IN128MB @ S Q?
Dane Elec in typoonnbfdecode.pl
02 54 4D 53 44 31 32 38 07 64 47 BA 65 00 3C 3F TMSD128 dGºe <?
and finally my 2GB Dane elec
02 54 4D 53 44 30 32 47 19 A0 69 DF 32 00 61 25 TMSD02G *iß2 a%
Makes sense? I think you can directly search for the cardid pattern in the memory dump.
Click to expand...
Click to collapse
Great ! thanks, I'm dumping right now, after looking for the memory adress of device.exe using pps
will update in a moment
uhmm, I think we have a winner ??
at 00729EC0
23 61 00 3D 92 68 10 80 32 31 35 52 53 44 53 03
#a.=’h.€215RSDS.
for a 512 MB sandisk sd card
created the image, I now have sec level 0.
I've downloaded mtty and want to upload a new SPL using the L or LR command, however I don't know what parameters L or LR takes ?
is it just L <filename>
or do I have to specify the memory adress or the SPL ?
Jesterz said:
is it just L <filename>
or do I have to specify the memory adress or the SPL ?
Click to expand...
Click to collapse
Code:
l <path_name> <startAddr offset>
You have to specify the address of the SPL, if you don't specify it most probably will default to OS address.
pof said:
Code:
l <path_name> <startAddr offset>
You have to specify the address of the SPL, if you don't specify it most probably will default to OS address.
Click to expand...
Click to collapse
ok thanks ! i'm going to give this a go
l spl.nb 0x91000000
fingers crossed, lol
Cmd>l spl.nb 91000000
clean up the image temp buffer at 0x8C100000 Length 0x03900000
BOOTLOAD_PAGE_TABLE_BASE_C_VIRTUAL= 0x8C080000
Clear image temp buffer done .
MTTYDownloadImage "spl.nb"
:F=spl.nb
start download
SAddress A0000000h Length 000C0000h, pszImageTempBuffer = 8C100H000h
OEMGetFlashIndex()- dwVaddr = 0xA0000000
OEMGetFlashIndex()- iIndex = 0xFFFFFFFF
Start flashing new image!!!
<CE-31><CE-1167><CE-995>
weird, the screen then goes all white, and I hear the usb disconnect, for the rest nothing happens.
which format does the spl file need to be ? i've used the "standard" nb file
i'm trying more stuff, but right now, i'm clueless
Jesterz said:
BOOTLOAD_PAGE_TABLE_BASE_C_VIRTUAL= 0x8C080000
Click to expand...
Click to collapse
This seems good, as it is the virtual address from where the bootloader expects to be executed.
Jesterz said:
weird, the screen then goes all white, and I hear the usb disconnect, for the rest nothing happens.
Click to expand...
Click to collapse
Weird... I believe command "l" auto-launches code once downloaded, probably this is the reason.
Jesterz said:
which format does the spl file need to be ? i've used the "standard" nb file
Click to expand...
Click to collapse
I think it should be a BIN file with "l" command... maybe try "lnb" command? (I don't know if prophet has it, I don't have a prophet). Hope the previous "l" command hasn't screewed things more than they where.
Just out of curiosity, tell me how the story ends
pof said:
I think it should be a BIN file with "l" command... maybe try "lnb" command? (I don't know if prophet has it, I don't have a prophet). Hope the previous "l" command hasn't screewed things more than they where.
Just out of curiosity, tell me how the story ends
Click to expand...
Click to collapse
as far as i know, "l" is for .bin only (at least on wizard)... I hope Jesterz did not just nuke his bootloader.

O2 XDA IQ Rom

Hi all,
Does anyone have an original ROM from an O2 XDA IQ. With the CID of HTCSO2__0501
Any help at all would be appreciated.
Thanks.
you can download original Rom from htc website
It seems that whoever tried to upgrade this phone didn't SuperCID it before trying.
So its just sitting at the bootloader.
I've tried getting a ROM, and changing the CID on it. After going through all the flash upgrade, etc, it still wont boot.
if I do an 'info 2' This is what I get
Code:
GetDeviceInfo=0x00000002
+ SD Controller init
- SD Controller init
+StorageInit
CMD55 failed
+ SD Controller init
- SD Controller init
+StorageInit
CMD55 failed
HTCSO2__0501 ‘©öIHTCE
a 'format BINFS' says
Code:
Cmd>format BINFS
Not allow operation!
Any hints on how to turn this phone into more than just a paperweight?
Thanks.
Reset Rom
It works on HTC cruise and i hope it work for you :
into teraterm tape :
set 16 0
task 8
It will reboot your smartphone and launch your old rom
Good luck
Thanks for the tip, but it seems my bootloader doesn't like it...
Code:
Cmd>set 16 0
Cmd>task 8
Invalid command : task 8
For a help screen, use command ? or h
I am in the exact same situation with a tornado. Trying to restore it. Its an O2 and cannot find any origional firmware so any help is appricated.
If you tell me how to copy it of my phone i will post it up
One more member to the club My Tornado is sitting in the Bootloader.
try this:
http://forum.xda-developers.com/showthread.php?p=2430010#post2430010

Solved :[Q] flashing rom

Ive reached step 8 karhoe's guide. When i type info 2 in teratermpro it says
getdeviceinfo=0*00000002
+ SD Controller init
- SD Controller init
+StorageInit
CDM55 failed
HTCSSuperCID ' HTCE
Cmd>
i was wondering if its alright to continue or is there a problem when it says CDM55 failed?
This only says that there is no memory card detected - you can go ahead!
and PLEASE: Edit the other posts you made which are closed already so that the title does not attract new replies. Go to your first post, push the EDIT button and change the topic so something like "solved <old title>". If the solution is not in the thread itself then point to the solution with a last post in this thread.
Thanks

[Q] [i9020T] Unable to mount the internal sd from recovery

Hi guys, I did google and tried some tricks for a while, here's the problem:
When tried reach /sdcard from recovery-clockwork-touch-5.8.0.2-crespo, it just said:
E:unable to write to ums lunfile
Click to expand...
Click to collapse
dmesg (full version on pastebin):
<3>[ 4.306209] mmc0: error -110 whilst initialising MMC card
<7>[ 4.307670] Universal : Card status 1
Click to expand...
Click to collapse
cat /proc/kmsg | grep mmc0:
~ # cat /proc/kmsg | grep mmc0
<6>[ 2.668910] mmc0: SDHCI controller on samsung-hsmmc [s3c-sdhci.0] using ADMA
<3>[ 4.306209] mmc0: error -110 whilst initialising MMC card
Click to expand...
Click to collapse
The weird thing is that I've read a post said "fast oem lock, fast oem unlock" will do the trick. So my bootloader is locked again. But "fastboot oem unlock" said "Erase Failed"
Btw, I've tried [APP] Linux Tool for Bricked Nexus S after firmware update and don't know how to do with it ("Injection Failed" in bootloader and recovery screen).
I'm on a archlinux box, please help me. Thank you.
..
Hi,
Thank you for the reply. Will try to flash the bootloader and the hairdryer thing when come back home.
Btw, I flash the recovery back to recovery-clockwork-5.0.2.0-crespo with adb in recovery mode:
adb push recovery-new.img /sdcard/recovery-new.img
adb shell flash_image recovery /sdcard/recovery-new.img
Click to expand...
Click to collapse
Hope this may help someone else. (The /sdcard there is not the "real" sdcard, it's a folder or mount point.)
..
Ok, I flashed the bootloader from recovery, still "erase fail" when "fastboot oem unlock".
I tried to flash all *.img found in stock rom .zip file, and push the /system (no idea what I was doing...). No miracle happened.
I'm not sure about the "flash-chip" and "parted" you mentioned, but I'll try it, thank you.
-.-.- Updated 2012.4.30 -.-.-
For those still interesting: I bring the phone to a local repair store. The guy changed the chip, and boot the phone with success. But after the reboot, the screen freeze come again... (THE END)
..

Change CID in SD card

Dear forum
Update: In raspberry : desktop:/usr/local/src/evoplus_cid/jni# ./evoplus_cid /dev/mmcblk0 5d5342303030384712750a9e2f0117bf Writing new CID: 5d5342303030384712750a9e2f0117bf Success! Remove and reinsert SD card to check new CID . however cid keeps always the initial one.
In SM-T561 the compiled binary file to android is in libs/armabi folder . it works fine. however when mount, or df only see dev/block/vold/179:129 not “/ dev / mmcblk *
# Usage: ./evoplus_cid <device> <new cid>
./evoplus_cid /dev/block/mmcblk1 744a454e2f412020106c6d77470104c3
everything working now. if someone needs help, just let me know.
Sorry about poor English.
does this work with any SD card?
Samsung SD EVO
Hi,
I'm trying to change the CID of my SD card. I bought it in November 2018.
when I type the ./evoplus_cid /dev/mmcblk1 (new cid number) it says "Unlock command failed" or "Failed to enter vendor mode. Genuine Samsung Evo Plus"?
Can you please tell me what I'm doing wrong?
thanks
Tutorial?
Hello
I'm trying to change the CID to an SD card in Ubuntu and I can not find a way to do it, I've tried with Rasberry and I do not understand the way.
Would you do a little tutorial and send it to me?
Thank you
i tried to change CID yesterday and it doesn't work for samsung evo plus in my case :/. there was missing CID file, i suppose they made it unreadable. if someone has some idea, i can try and let you know.
noise86 said:
Samsung SD EVO
Hi,
I'm trying to change the CID of my SD card. I bought it in November 2018.
when I type the ./evoplus_cid /dev/mmcblk1 (new cid number) it says "Unlock command failed" or "Failed to enter vendor mode. Genuine Samsung Evo Plus"?
Can you please tell me what I'm doing wrong?
thanks
Click to expand...
Click to collapse
Did you solve the problem? I'm asking because i have the same problem and i dont know how to fix it.
Commando sudo evoplus_cid / dev / mmcblk0

Categories

Resources