First of all, I'd like to say that I performed Anansky's BigStorage upgrade without a hitch on my 850MHz JAM running on Cingular's network. The only concern was that the device was reporting itself as a PM10A instead of a PM10C.
Precautions:
1. Use the write-protect feature on your SD card in the unlikely event that Windows or your PocketPC wishes to write or format it.
2. Use a smaller SD card, as the steps will create a ROM file as big as your card, and it'll take a while to load the file to make changes, update the SD card, etc.
3. Burn a copy of your downloaded ROM file to a CD for safety purposes.
4. Always keep your PocketPC charged either through your PC's USB port, or through a USB-to-AC adapter.
For those who want a quick rundown on how I did it:
1. From the FTP, download NTRW.EXE (version 2.0), ROMUPDATE.EXE, and MAGICIAN_OS1.11WWE_BIGSTORAGE_6.ZIP.
2. With your JAM connected via USB to your PC, disable ActiveSync's connections.
3. Enter the Bootloader and backup your entire ROM to your SD card using ROMUPDATE.EXE.
4. Read the contents of your SD card into a ROM file using NTRW.EXE. (Note that Administrator priviliges are required on your Windows account in order to read/write to the card)
5. Modify the first 416 decimal bytes of the OS1.11WWE_BIGSTORAGE.NB1 (extracted from the ZIP file) by using the first 416 decimal bytes from your ROM file.
6. Write the newly modified ROM file onto your SD card using NTRW.EXE.
7. Enter the Bootloader with the SD card inserted and flash the newly modified ROM to your device.
Notes:
1. I was able to reflash the official i-mate CE ROM (1.11) and Radio, thinking I'd force 850MHz support back into the device in the uncertain event it lost it during Anansky's upgrade. However:[list:44fd36694d]1. The Radio can't be flashed without the CE ROM being flashed alone first.
2. Any reflashing of the Radio or the CE ROM will lose your newly acquired 27MB Storage area. The Device Information applet will report a crazy value for the Storage area when in fact it's totally gone. The only way to restore it is to put your backed up old ROM image onto the SD card and perform the flash from the card.
2. The only way to find out how the hack was done is to look at the different versions of the hack and compare them byte-by-byte to the official updaters.
3. Perhaps one can perform another full SD-to-ROM backup with Anansky's upgrade and compare the files as well, then inject the compatible ROM portions and leave his hack in place.
4. Reflashing any of the ROM portions did NOT restore my model back to PM10C, which leads me to believe that it's outside that region untouched by the official flash utility.
5. I was only able to reflash with the official ROM updaters AND the hacked MaUpgradeUt_noID.exe from the FTP, and while it was in Bootloader mode only.
[/list:u:44fd36694d]
Lastly, I restored my original ROM image in its entirety and will try again sometime in the future to see if I can incorporate the 850MHz ROM into Anansky's hack. It was nice having the extra 27MB free for a short while, but until he comes back or someone else figures it all out, it'll be a risky endeavour in the event of another official ROM upgrade.
ADVANCED USERS ONLY. I take no responsibility for the information I provide below.
I dissected Anansky's ROM to find different sections which I could possibly compare. This is by no means accurate, but I have found certain locations to be of value.
Using the Magician ROM layout on http://wiki.xda-developers.com/index.php?pagename=MagicianRomLayout, I was able to build upon that template. Note that the values start with 80000000, but subtract that value and you get the starting points below.
00A6019C-00AC82D6 = UNKNOWN
00AE019C-00B3319A = UNKNOWN (REFERENCES TO RINGTONES)
00B6019C-00C3F3D5 = UNKNOWN (REFERENCES TO GPRS?)
00CB019C-00F88BF6 = UNKNOWN
00FB019C-014101CF = UNKNOWN
0143019C-0185B015 = UNKNOWN (APPROXIMATELY 4MB... RADIO ROM?)
0187019C-01995D38 = UNKNOWN (REFERENCES TO T9 DICTIONARY)
019E01AC-01CDDE58 = UNKNOWN (REFERENCES TO LDAP, DRM)
01DB019C-01E21343 = UNKNOWN (WINDOWS MEDIA PLAYER COMPONENTS?)
01E4019C-01EF8943 = UNKNOWN (SOLITAIRE / JAWBREAKER)
01F1019C-01F9B0CE = UNKNOWN (REFERENCES TO VPN)
01FC019C-0236A72B = UNKNOWN (APPROXIMATELY 3.8MB, REFERENCES TO NETWORK ADAPTERS, MODEM)
03F80140 = ANANSKY'S ROM CREDITS
03FB819C = MODEL (PM10A)
03F4015C = DATA STRING (UNKNOWN)
03F4019C = SPLASH SCREEN ("HTC MAGICIAN" VOLCANO)
For instance, if you wish to change the splash screen, you could replace the 153,600 decimal bytes starting at 03F4019C hexidecimal with your Splash2.NB file.
I have compared the 4MB block (0143019C-0185B015 hexidecimal) between my 1.11 NA ROM dump and Anansky's and found NO DIFFERENCE. It is possible that this section is the Radio ROM area, due to the size. I have to have the radio.nbk file decrypted in order to confirm.
If there are minute differences, I'll be sure to catch them now. Stay tuned.
I did something similar to find out, what he did. I first flashed Qtek's 1.11, then backed it up on SD card and wrote it to a file. Then I flashed Ananskys ROM and was now able to compare.
Unfortunately we know to few about the internals of the ROM (at least considering what's in the wiki).
BeyoneTheTech,
A question completly unrelated to the big storage ROM. How is it that your JAM has a 850Mhz Processor?
It's 850MHz radio band, unfortunately not CPU speed! I live in North America where the 900MHz is not utilized due to many pre-cellular products hogging up the 900MHz frequency.
As for everyone else, I used a program called WinHex to byte-compare the minimal differences between Anansky's BigStorage ROM file and my own ROM dump file. Bear in mind it's almost in the morning now and I crazily did this at work, so the details will be minimal:
I noticed two byte differences - B8 01 (1B8 hex=440 dec) vs 80 00 (80 hex=120 dec). I did NOT change those because I found it once in the bootloader, so I assumed it might be related to the way it handles the Storage area/Extended ROM.
The second set of differences were where the string "PM10A" was found in Anansky's ROM. Mind you, "PM10A" was also found in my ROM file (in the CE ROM portion), so I took my bytes around the "PM10C" section near the end and transposed it into Anansky's ROM file.
Of course, there was a major differrence in the middle of the two ROM files: the Extended ROM data. I left that the way it was in Anansky's ROM, mostly zeros and some "header"-looking information.
Bottom line is I have what appears to be a fully-functioning ROM file that I flashed successfully onto my 850MHz-band i-mate JAM (running on Cingular's network in the Northeast Americas.) I have little doubt it's not utilizing the 850MHz band, since the byte changes were so minimal between Anansky's WWE ROM and my official NA (850MHz) WWE ROM. My Device Information applet reports "PM10C," of course because I hardcoded it into the ROM, but I also mapped the bytes around it from my original "850MHz" ROM. Oh, and I've got my 27MB back! :wink:
I don't particularly see a problem with having your PM10C device updated with Anansky's ROM. Although the machine will now identify itself as PM10A, people have reported still being on 850MHz cells... so there shouldn't really be a problem there.
The only issue is that now when i-Mate releases upgrades, I'm only able to flash the European and not the North American mods.
What exactly is the method to force a North American ROM upgrade onto a supposedly European JAM? I didn't save the backup which was on the SD card.
As I stated last night and bleary-eyed, there was very little difference between the North American (850MHz) and the WWE (900MHz) versions of the ROM dumps. I believe most, if not all of the differences resided in the Extended ROM. Just the changes noted below worked on my 850MHz JAM.
Using the os1.11wwe_bigstorage.nb1 file...
1. Write FF's into offset 0000028Ch to 00000293h, erasing the T-MOB101 designation.
2. Change the letter A (41h) to C (43h) at offset 03FB81A4h, so it should read "P M 1 0 C."
3. Change bytes 09 2D 4D 27 C7 to 09 2D 4C D1 8E at offset 03FB81DDh to 03FB81E1h. Again, this was near the PM10C designation, and it's unlikely that this code is my IMEI number, so I'm trying to retain as much of my original ROM as possible.
4. Change the splash screen if you wish (see previous post).
Perform a full backup with Sprite Backup or similar program.
SD-Flash the new file onto your JAM and you should be good to go.
Perform a full restore with Sprite Backup, ignoring any ROM upgrade warnings.
If you feel comfortable with hex editing, use WinHex with the ROM files. It opens files fast and can copy and "write" (not paste) the splash screen in one shot.
I am hoping that if someone can easily decrypt the new CE and Radio ROM images, they can be injected into Anansky's ROM dump, while someone who still has their Extended ROM area will be able to extract any new changes or updates in the CAB files.
Shawn_230 said:
What exactly is the method to force a North American ROM upgrade onto a supposedly European JAM? I didn't save the backup which was on the SD card.
Click to expand...
Click to collapse
Just use the "NoID" version of the MaUpgrade EXE found on the FTP, but remember: Any flashing after Anansky's hack will make your Extended ROM/Storage area disappear! Like I stated in my previous post, let's hope someone can create a new xda3nbftool to decrypt the new ROMs and we might be able to either "inject" it into Anansky's ROM dump file, or we can change the necessary bytes, reencrypt, then upgrade only that portion of the ROM to your Magician/JAM device.
BeyondtheTech said:
Just use the "NoID" version of the MaUpgrade EXE found on the FTP, but remember: Any flashing after Anansky's hack will make your Extended ROM/Storage area disappear!
Click to expand...
Click to collapse
BeyondtheTech, I had an 900mzh version but I am living in US too. Actually, there is a very simple solution w/o going thru the hacking of the rom (But it's good someone can experiment how Anansky's did it so that we could do it for the future rom update).
1. Grab the latest USA rom from imate.
2. extract it w/ Winrar and U will get 3 nbf files.
3. Keep the radio_.nbf and remove the other 2
4. Use the no id version of MaUpgrade and it will only update the radio
5. U radio is 850mzh version and U still have the big storage
FYI, I don't know if you actually tested your sets, because I did flash just the alleged "USA" radio portion on my 850MHz JAM and I did lose the BigStorage area entirely, which is why I said that any subsequent flashing will do just that.
BeyondtheTech said:
FYI, I don't know if you actually tested your sets, because I did flash just the alleged "USA" radio portion on my 850MHz JAM and I did lose the BigStorage area entirely, which is why I said that any subsequent flashing will do just that.
Click to expand...
Click to collapse
Of course, I did.
BeyondtheTech said:
ADVANCED USERS ONLY.
00A6019C-00AC82D6 = UNKNOWN
.../...
03F80140 = ANANSKY'S ROM CREDITS
03FB819C = MODEL (PM10A)
03F4015C = DATA STRING (UNKNOWN)
03F4019C = SPLASH SCREEN ("HTC MAGICIAN" VOLCANO)
I have compared the 4MB block (0143019C-0185B015 hexidecimal) between my 1.11 NA ROM dump and Anansky's and found NO DIFFERENCE. It is possible that this section is the Radio ROM area, due to the size. I have to have the radio.nbk file decrypted in order to confirm.
If there are minute differences, I'll be sure to catch them now. Stay tuned.
Click to expand...
Click to collapse
Following to BeyondtheTech post, I'm now shure that the so called 'big storage' is located between address:
023c0190 : 03f40190 (about 27 MB)
I've also determined that every 256 kB (+40000h), this 'virtual disk' include something similar to a 'sector header' conform to:
f0 f0 f0 f0 00 00 00 00 96 f2 e7 10 db d3 00 fc
Click to expand...
Click to collapse
this string is present at address:
02400140h, 02440140h, 02480140h, 02480140h .../...
03f00140h, 03f40140h
For checking the validity of my theory, I've copied about 15 MB of different files, before making a backup of my Qtek S100. It's confirm that the data are occupying this space.
Because, I'm normaly working on a french OS version, I need all accentuated; and diacritic characters to answer my mail. So my purpose is now to 'reverse engeneer' the Anansky method to include this very usefull 'big storage' on a french based OS.
So, I've merged all content of my original v1.11 French OS UpGrade from address 00000000h to 023c0100h... This personaly cooked OS is working, and all is in french... but 'no-big-storage' available unfortunately.
So, in the next step, I've tried to undestand, how 'virtual storage' is working under Qtek S100. Back to my original OS, with small 7 MB storage. On the hexadecimal point of view, nothing more than, with the Anansky backup version, except that the virtual disk is smaller... Everything is in order, according to my theory...
But because the 'big storage' is not even visible, my conculsion is simple: "the solution is in the 'registry', but I've not yet been able to go through the mystery:
HKEY_LOCAL_MACHINE\System\StorageManager\Profiles\VDisk
"Name"="Extended_ROM"
"Folder"="Extended_ROM"
.../...
[HKEY_LOCAL_MACHINE\Drivers\Active\43]
"Hnd"=dword:0068e3f0
"Name"="DSK8:"
"Key"="Drivers\\VDisk"
"ClientInfo"=dword:00000000
.../...
[HKEY_LOCAL_MACHINE\Drivers\VDisk]
"Key"="Drivers\\VDisk"
"WindowBase"=dword:a2c00000
"Size"=dword:01300000
"Folder"="Extended_ROM"
"DisableInt"=dword:00000000
"OnBoard"=dword:00000001
"Dll"="VDISK.DLL"
"Index"=dword:00000008
"Prefix"="DSK"
"Profile"="VDisk"
.../...
[HKEY_LOCAL_MACHINE\Drivers\BuiltIn\FlshDrv]
"FolderName"="Storage"
Click to expand...
Click to collapse
Close to all references in the registry seem to be dedicated to the Extended_ROM (about 19 MB) that can become visible, but not writable... until yet.
I've found only one reference to the 'Storage' folder (about 7 MB on my QTek), but I don't understand how the OS know it's type, size, location, etc. Another thing is shure: the registry is not directely visible in the backup. I suppose that this file is compressed in ROM, and decompress to Ram for working (all modification disapear in case of har reset).
Lost of questions... :?:
Regards,
Thierry
To easy patch any ROM... folow this link ;-)
http://forum.xda-developers.com/viewtopic.php?t=22582
I am not sure it's in the registry as I did a byte compare of my backed up ROM (which was the 1.11 NA 850MHz from i-mate) to Anansky's (1.11 WWE) and found that the there were two sets of bytes that were different (changed?) in the bootloader area as well as the CE ROM, and of course, the 27MB chunk of data for the Extended ROM.
I think the bootloader may have something to do with the way the memory is set up.
The bytes that were different were in both places were B8 01 vs 80 00. 1B8h=440 and 80h=128, if that means anything. There were no other changes in the Radio or CE ROM areas, which leads me to believe that the 27MB area is just formatted differently (perhaps the start of the 7MB area was pulled back to the beginning of the Extended ROM area).
The only remaining change was near the end where it has the "PM10x" designation," but I doubt that has anything to do with the BigStorage area since I used his bytes and tried my bytes with no difference.
If you feel bold enough, you can mess with these two bytes (try a value in between) to see if it enlarges the 7MB storage space, corrupts it, makes it writable, etc.
pigot,
If you're willing to try this...
After you've injected your French ROM into the NB1 file, use a hex editor and change the following bytes:
On or around 00007E32h, change B8 01 to 80 00.
Do the same at 0211E32Eh, change B8 01 to 80 00.
Leave Anansky's changes in the Extended ROM and Storage area as well as the end of the file unless you want to call your device a PM10x.
SD-Flash it and tell me if you have the 27MB of Storage free with your French OS.
You are in the good way :lol: ... Those bytes (hB8 + h01 to h80 + h00) are the key. But not always they are in the same site in all the ROM's.
Bye. 8)
Seems to work great for me over the last couple of minutes at least! Upgraded a 3 day old UK o2 qtek s100.
Thanks a million.
BTW - what software is stored in the extended rom that we lose?
Vijay
MKS said:
You are in the good way :lol: ... Those bytes (hB8 + h01 to h80 + h00) are the key. But not always they are in the same site in all the ROM's.
Bye. 8)
Click to expand...
Click to collapse
Well, the application developped by MKS is a great job. It works perfectly for me on a v1.11 Fr... The process is very simple, and really accessible to even 'medium range' users. Sounds pretty good, isn't it?
Omho, the 'anansky trial' is over, and the big winner is MKS.
Thanks alot,
Thierry
That's not a typo - I have the unofficial WM6 ROM image that was floating around a few months ago and now Palm has officially released the WM6 ROM - I am wondering if it is worth the time and trouble to reinstall all my apps etc?
https://ws.palm.com/SupportDownload/app?service=external/Home&sp=20
I did it. Differences i found:
- better reception (newer firmware)
- about 2 mb less of programm memory
- Windows Live not included by default
The memory loss comes from the fact that the extendedROM files, carrierDb and cappackage are located in the windows root directory and not in the hidden extended ROM. You can delete them but they reappear after a soft reset.
Otherwise the new ROM is very stable and not slower than the previously installed Vodafone ROM.
Treo telstra can up grade this rom ?
Can this rom be upgrade to the telstra Palm treo 750 .
Follow the link and put down the serial numbers of the phone then it let me download
Is it mean Ok to install ? Please advised
It is saying that my serial number is not valid.
I have a US AT&T 750 running TREO-1.13-ATT.
Now that this is official on the International site, how do I get the image and will it work without unlocking my phone?
Sorry... should have looked before I lept. I found my answer immediately in the updating forum.
http://forum.xda-developers.com/showthread.php?t=335402
Hi All,
I am trying to source the latest and best Radio, CE ROM, and EXT Rom for my XDA Exec G4 64Mb.
I have updated to a new WM6.1 ROM but yet the O2 Ext ROM remains untouched and auto runs after a reset which crashes the device.
So what is the best way to completly erase the XDA, and what is the best ROM, Radio and EXT Rom available for a G4 64Mb, which is what I think I have details below.
The Flash chip says it is 128MB and the ram 64Mb so is this a G4 64MB as I only have 39Mb free storage???
Thanks in advance for any info.
IrishLad
Current Software:
ROM Version: DFT.U.V1 WWE
ROM date: 02/03/08
Radio version: 1.18.00
Protocol version: 42.54.P8
ExtROM version:
Hardware:
CPU: Intel(r) PXA270
Speed: 520Mhz
RAM Size: 64 MB
Flash size: 128 MB
Flash chip type: M-Systems
Data bus: 32 bits
Storage size: 39.59 MB
LCD: 480 x 640 TFT
Colours: 65536
WM6.1
Thanks Again
I'm expecting a fixed 6.1 in the next few days - Snapvue in the Darkforce one was a bit buggy but the rom is fine when it's disabled (just like wm6, but with threaded SMS, nice but not amazing, and a zoom function in IE).
As for the Radio version, I, along with many, prefer 1.17, check out the latest discussion on this here: http://forum.xda-developers.com/showthread.php?t=366263
And for the ExtROM? Well, unlocked and empty of course
I took an empty extrom from an old ROM and it works great every time.
Good luck!
Thanks
Hi,
Thanks for the reply.
I have updated my radio to 1.18 and also unlocked and emptied my ExtROM.
My problem is that after flashing the CE ROM and Radio I am still getting the offical O2 boot screen?
When I empty the ext rom and then reflash shoud I have more free storage available, also from the sepcs I posted above am I right to say I have a G4 64Mb XDA?
boot splash
IrishLad said:
Hi,
Thanks for the reply.
I have updated my radio to 1.18 and also unlocked and emptied my ExtROM.
My problem is that after flashing the CE ROM and Radio I am still getting the offical O2 boot screen?
When I empty the ext rom and then reflash shoud I have more free storage available, also from the sepcs I posted above am I right to say I have a G4 64Mb XDA?
Click to expand...
Click to collapse
You can change your boot splash easy, just read the wiki. there is a section on it.
Regards
Jay
Boot screen
Hi,
I know you can change the boot screen, my question is more related to why it was not changed after flashing with new rom and radio...?
Also can someone confirm that since I deleted the contents of the ExtROM should that give me more free space for storage when I reflash with a WM6.1 rom?
Thanks Again,
IrishLad
IrishLad said:
Hi,
I know you can change the boot screen, my question is more related to why it was not changed after flashing with new rom and radio...?
Also can someone confirm that since I deleted the contents of the ExtROM should that give me more free space for storage when I reflash with a WM6.1 rom?
Thanks Again,
IrishLad
Click to expand...
Click to collapse
Flashing a new ROM doesn't necessarily change the bootskin, when you flash an official ROM (e.g. one from T-Mobile say), it'll most likely flash the bootskin.
As for ExtROM, you need to flash an empty one, then run a program on the uni that unlocks and unhides the ExtROM, which will appear as another storage medium in file explorer.
which wm 2005 rom should i get for my unlocked o2 xda ii currently running wm 2003 not se vers?!?!!? i want 2005 as i wm 2006 maybe too slow for my o2 xda ii ?
there are so many i dont understand, i got
C_ShekharAKU3.5c.R40.P24_public from xda delv
Virgy_164864 from buzznet ([HIMA] WM5 3.33a AKU23 Virgy build (16MB ramdisk 48MB pagepool 64MB program)
which one shall i use
and i hope xda_ii_172181_final is my original rom as a back up just incase i dont like the new roms so i can revert back
i heard problems with cant get in to flight mode, calander, phone book, excel bug (fixed?)
i primarily need it for tomtom 6 sat nav, inbox e mail active sync and thats it really... so i need bluetooth and tomtom 6 to work flawlessly on wm 2005
Given how easy it is to flash a new ROM i would suggest downloading a few and trying them out for a few days.
tks ,. can u confirm if i have the original xda ii rom just in case i need to revert back , i can down back grade from 2005 to 2003 (oriignal ) right
which in your experience is the best 2005 rom for my xda ii ?
i am presuming this is best one yet WM2005 AKU3.5 RAMDisk-40MB Pagepool size-24MB for Himalaya
as the Helmi Himalaya AKU3.5 ROM SP2 has issues with mms, tomtom back light?
Can't remember which ROM i have currently installed, fairly certain it's Athers WM6 ROM, think i have the Profesional version with the 64Mb RAM Disk.
Can't answer as to the other ROMs , don't think i have tried them. Also I have yet to try going back to WM2003, happy with what i have so far, just need to get WiFi working via an SD card for completeness.
thanks foir that , i am now running C_ShekharAKU3.5c.R40.P24_public from xda delv
flashed ok
but extrom is blank ?? how do i enable it ., i tried running locker but it says warning will re partition my drive ? ?? ?
Which is exactly what it is designed to do, it reformats the Ext-ROM as useable space. Least that's my understanding of it. I certainly did it. Oh and it only needs to be done once, after that there is no Ext-ROM, unless you follow one of the sets of instructions to put it on the Storage Card.
checking my start > settings > memory > so know i got ramdisk 39mb and ext roim 15mb with 1mb left. so this is now non volatile memory ?