[Q] Complete noob question, about SPL - General Questions and Answers

Ok, big chance Im getting flamed here, Ill take my chances
I have been reading a lot of info here which is really great!
However, everytime, I bump into the Hard-spl term... (You should hard-spl before using roms etc)
So, being a noob, i started searching for info on hard-spl. There are several threads related to it, but really: None of them explains what it is! (In plain english then of course) .. Yes, there is a wiki... lemme copy paste the info on the wiki:
FAQ: What is HardSPL?
a custom G4 SPL patched by Olipro which let your device think it has SuperCID (aka CID unlocked)
What is difference between Hard and Soft SPL?
Soft SPL is temporary, this solution is semi-permanent, it will be removed by flashing an original G4 SPL using SoftSPL. Read on for a complete tutorial on how to remove HardSPL.
If you use HardSPL, you don't need a separate loader in the future, just use the RUU provided in the ROM package.
Can I use it for other devices than for a G4 wizard?
This is for G4 Users ONLY, Use at your own risk!
You can use it for another device if you want to have a shiny new BRICK.
Click to expand...
Click to collapse
Well, sorry guys, but that really explains a lot!! Now it all clear!! (being sarcastic now)
So, my device has supercid... So clicked SuperCid on the WIKI gives me:
C:\Perl>perl c:\perl\bin\typhooncidedit.pl c:\CID\bdk1-00-cid.nb g=89: 8ffd38f8 - 46b4964aef96ba04 0x1a0: 0000006900000000 cid key block ix: 105 cid key: '38403860' 0x160: 0008:'T-MOB001' - 0e0f101112131415161718191a1b1c1d1e1f20212223 0x1a0: 0000006900000000 cid key block ix: 105 cid key: '38403860' 0x1C80: 0000000000000000 0x1a0: 0000006900000000 cid key block ix: 105 cid key: '38403860' 0x4000: e05bb91100000000000000007125ef1e
This changes CID on SuperCID
C:\Perl\bin>perl c:\perl\bin\typhooncidedit.pl -w c:\cid\new_SuperCID.bin -c 1 1111111 c:\cid\bdk1-00-cid.nb g=89: 8ffd38f8 - 46b4964aef96ba04 0x1a0: 0000006900000000 cid key block ix: 105 cid key: '38403860' 0x160: 0008:'T-MOB001' - 0e0f101112131415161718191a1b1c1d1e1f20212223 0x1a0: 0000006900000000 cid key block ix: 105 cid key: '38403860' 0x1C80: 0000000000000000 0x1a0: 0000006900000000 cid key block ix: 105 cid key: '38403860' 0x4000: e05bb91100000000000000007125ef1e olddata: 048a9ad03027bbe237bbe07115274f92d973ec7f67e4de6d385cc1cfa5aaadd9 0x1a0: 0000006900000000 cid key block ix: 105 newdata: 38a2162a7b479de87426e63716af39c7b279a18a2c0184beb279a18a2c0184be newsum=e55bfb54 encsum=b6688b6220f51c91
Check CID - see in offset 0x160 -all 11111111
C:\Perl\bin>perl c:\perl\bin\typhooncidedit.pl c:\cid\new_SuperCID.bin g=89: e55bfb54 - b6688b6220f51c91 0x1a0: 0000006900000000 cid key block ix: 105 cid key: '38403860' 0x160: 0008:'11111111' - 00000000000000000000000000000000000000000000 0x1a0: 0000006900000000 cid key block ix: 105 cid key: '38403860' 0x1C80: 0000000000000000 0x1a0: 0000006900000000 cid key block ix: 105 cid key: '38403860' 0x4000: e05bb91100000000000000007125ef1e
Click to expand...
Click to collapse
Now, this info is very usefull of course, if you are 1 of the 10 kind of people who can read binary
Anyway, searching on in my quest for: This is what SPL is, and what it does etc, i have found a lot of threads, pointing people to other threads, and flaming them by saying: Look here, you should read this, you are stupid, whatever... Example: Read the complete n00bGuide!! Did that.. lesson 1, lesson 2, it stops there... No explanation on what HardSPL actually is or does.. only: you need it to not brick your device.
So, finally, after writing this enormeous story (sorry for that, just a "little" background info), my question:
What IS hardSPL, what does it? Why do you need it? And all these anwers please: write them in plain noob-english.. I have read all other technical parts i think...
(Think this is a stupid question? Read the entire post, and search for yourself!)
All I want is a nice ROM on my HTC Touch Cruise....
Regards, and thanks for your patience
MoronNL...

If you want a complete noob answer... here you go
Hard-SPL is an "App" you need to load on your device to change it's "behavior".
Hard-SPL is needed to replace roms. your device is "locked" to other roms if it isn't Hard-SPL'd.
If you want to flash a new rom to your polaris, you need to take the file from this post:
http://forum.xda-developers.com/showthread.php?t=351964
connect your device to your comp and sync it with Activesync/Windows Mobile Device Center (you don't have to sync your info.. just make sure your device is recognized).
after connecting your device, extract the zip file from the thread i just gave you a link to, to a dir on your comp. run the file "ROMUpdateUtility.exe" and follow the instructions.
READ what olipro wrote in the post before continuing!
after you're done hard-spling... you will be able to perform the EXACT same action with a rom instead of Hard-SPL.
Hard-SPL needs to be performed only ONCE. after that you can flash roms endlessly.
if you have any questions, you can PM me or anyone of the Q&A team members (our names are posted in a STICKY thread in this section).
p.s. if the hard-spl didn't work at first... and got stuck or something.. don't beat yourself over the head... but try again.

Nir,
Thanks for your quick reply! Its indeed more clear with your answer. If i understand your post correctly, and all info found about it, I would summarize it as follows, and please correct me if I am wrong:
Every phone (wether simlocked or not) has some hardcoded ID (CID) in the ROM (flash chip actually, to prevent misunderstandings with ROMS and ReadOnlyMemory). This ID is somehow linked to the OS software that is able to run on it.
So, in order to use homebrew cooked ROM's, your phone needs to accept that, which is impossible if it does not match the ID of your phone.
By HardSPL (what does SPL stand for btw?) you change this ID to another ID, which allows all (os)-software to run on it.
Is this in a few lines what SPL is/does? And, if I ran hard-SPL, can I still use the RUU from htc themselves?
If Im correct with my conclusion, maybe its good to add this somewhere in the NoobGuide

First of all, to get the exact information about what Hard-SPL is i'd suggest you read the wiki deeply and go and read olipro's thread to get aquainted with the subject.
secondly, as you declare you are noob to the issue, i'd suggest that before going from original rom to the Diamond interface you go through some steps such as flashing basic roms with basic interfaces.. you can flash KhanX's Touch Navia 1.5 which I can testify to be a VERY stable and well built rom.
here's the M2D Cab for you to install:
http://forum.xda-developers.com/showthread.php?t=398173
if you want to have M2D as part of a rom, just flash the rom i told you about:
http://forum.xda-developers.com/showthread.php?t=420996
(flash the PRO version as it has M2D. i'm using the lite version)
enjoy.
The diamond interface requires you install a cab and work your way through lots of reading and understanding it's problems. the TouchFLO3D - that is, the diamond's interface is not yet ready to use without consequences. leave it alone for now.
you can use TouchFLO2D... which is now very stable and has LOADS of ways to be configured using 3rd party apps. (you can find EVERYTHING you need on TouchFLO2D, AKA Manila2D, AKA M2D in the Development and Hacking section of the forum.

Basically what hard spl does is tell your device that if there is a bad flash it needs to revert to the bootloader.
PS i liked the "1 in 10" joke... i think i may have laughed so hard i left part of my lung on the floor

i think i may have laughed so hard i left part of my lung on the floor
Click to expand...
Click to collapse
ha ha ha.... ffffaaaarrrrtttt/follow through...........

Related

Vox bootloader

Inspired by some threads in the Hermes and Trinity forums I started to explore the VOX bootloader. You can enter the bootloader by pressing the camera and power button at the same time. You see the tri-color (red/green/blue) bootscreen which shows the bootloader and CPLD version. In connection settings of activesync uncheck "allow USB connections" and connect PC and Vox with a USB cable. The PC will recognize the Vox and install an interface driver.
You need the MTTY to talk with the bootloader and send it commands. The Hermes wiki provides some good information and also has a link to MTTY:
http://wiki.xda-developers.com/index.php?pagename=Hermes_BootLoader
Unfortunately the Vox bootloader (v1.16.0000) doesn't display help information. The first command you should enter is password. I found a password for Trinity and Hermes which also works for Vox:
password BsaD5SeoA
Here are a couple of other commands which work: emapiWlanEERW, emapiInit, emapiWlanMac, emapiPwrDwn, emapiRead, emapiTest, emapi, cpldver, DumpReservoir, CheckImage, calcrccheck, getdevinfo, ruustart, ruurun, progress, wdata, password, mbr, set, atcmd, ResetDevice, BTRouting, BTTestMode, SetDebugMethod, IMEI, ls, lnbs
I would like to find a way to dump the SPL and ROM to SD-card or to PC. I tried a couple of things (r2sd, d2s) to no avail.
Anyone else some ideas?
Update1
I got stuck in the bootloader and luckily found how to boot into the OS again:
http://forum.xda-developers.com/showpost.php?p=1094479&postcount=11
password BsaD5SeoA
ruurun 0
ResetDevice
Update2
I discovered the 'ls' command. Afaik it allows to dump the rom parts like SPL, IPL, splashscreen when the device is CID unlocked. My unbranded S710 is SIM unlocked, but unfortunately not CID unlocked. When I issue 'ls' there's a "not allowed" error
Update3
I found a 'good' VOX ROM upgrade (the ones on the XDA FTP are all corrupt): RUU_Vox_HTC_WWE_1.15.405.2R4_4.1.13.37_02.83.90_Ship
Another upgrade ROM is the Dopod:
RUU_Vox_DOPODASIA_WWE_1.19.707.3_4.1.13.37_02.83.90_Ship
I used NBHextract.exe to extract both ROMs. The SPL bootloaders are attached.
NBHextract shows following info for the 1.15 Vox ROM upgrade:
Code:
Device: VOX010100
CID: HTC__001
Version: 1.15.405.2
Language: UK
Extracting: 00_IPL.nb
Extracting: 01_SPL.nb
Extracting: 02_GSM.nb
Extracting: 03_MainSplash.nb
Encoding: 03_MainSplash.bmp
Extracting: 04_OS.nb
and this for the Dopod upgrade:
Code:
Device: VOX010100
CID: DOPOD001
Version: 1.19.707.3
Language: USA
Extracting: 00_IPL.nb
Extracting: 01_SPL.nb
Extracting: 02_MainSplash.nb
Encoding: 02_MainSplash.bmp
Extracting: 03_GSM.nb
Extracting: 04_OS.nb
Update4
I managed to back up my S710 using itsme's "bkondisk" tool and "prun" from his itsutils suite here and here. Copy bkondisk.exe to /Windows on your device.
After running this on your PC
Code:
prun bkondisk.exe "\Storage Card"
following files are created in \Storage Card and a log file "bkondisk.log" in \
Code:
bk_00_0000.img - IPL : ONBL1 + ONBL2
bk_02_0005.img - GSM + splash + gsmdata + simlock + serialnrs
bk_03_0025.img - OS
bk_06_0001.img - SPL
bk_08_0205.img - userfilesystem
I compared a couple of these .img files with the .nb files extracted by NBHextract from an official RUU. The IPL and SPL look quite okay, but the OS is mapped totally different. So don't think you can just rename for example bk_03_0025.img to OS.nb in order to have a flashable file !! I have attached my dumped SPL which is version 1.16
Next mission is to find a 'good' (not corrupted) version of the RUU_Vox_HTC_WWE_1.15.405.2_4.1.13.37_02.83.90_Test.exe ROM upgrade. See this Excalibur thread. I think the same applies to S710
Update5
With Dark Simpson's htc rom tool here it is possible to create a flashable image file from separate .nb files. There is also Dutty's good NBHtool 1.1 yet, but so far I haven't tried it.
What we still need to have for flashing unsigned ROM images is a SSPL. See here and here.
Alternatively we need a so called Update SPL (USPL) which unlocks CID and then allows flashing any rom to your device. The version for the ELF created by the brilliant moderator pof can be found here. Since the ELF is very similar to VOX, I will study it and see if I can use it to implement a SSPL (software SPL) which allows us to also flash any ROM, but does not require to flash an USPL. I think flashing IPL and SPL is a bit too tricky atm.
Take the Elf USPL, remove the RUU folder (to be sure you don't flash anything by mistake), in the LOADER folder change the .nb file for a Vox bootloader (different version than the one on your device) and use the same name for the .nb file, then run elf-uspl.exe on your PC.
If elf & vox are so similar, this should jump to the bootloader you've placed in the LOADER folder, to check it disable activesync usb connections and go into bootloader with mtty. Do an "info" command or whatever identifies that the bootloader you're seeing is the one you've placed on the LOADER folder and not the one actually on your device.
If you succeed in loading a custom bootloader I can help you with the don't check cid / don't check signatures... patches
Good luck!
Thanks for replying pof. I did as you said and tried it with spl 1.15 (whereas 1.16 is flashed on my S710). First I went through step1 and then went in to step2 where at 75% the screen got blank and it rebooted the phone in my native bootloader 1.16 RUU mode. I suppose that's not what we wanted to see?
Where did you find RUU_Vox_HTC_WWE_1.15.405.2R4_4.1.13.37_02.83.90_Ship? Do you have a link?
Thanks
I found it here:
http://www.leaf.co.za/Members/Member Services/Manage My Profile/
Cant Find The Bootloader For The Life of Me
Tried:
"You can enter the bootloader by pressing the camera and power button at the same time. You see the tri-color (red/green/blue) bootscreen which shows the bootloader and CPLD version."
No Luck. I must be thick. Its gotta be just that easy... but...
The S710 simply boots into my home screen.
Can someone PLEASE post a (little) more detail about how to boot into the bootloader on the s710/vox?
THANKS.
Cheers.
** EDIT **
OK- Better bootloader entry instructions for SP noobs (like myself):
1) Turn device off
2) Unplug power/usb cable from handset
3) Press and hold camera button
4) Plug power/usb cable into handset
5) Be amazed by Blue-Green-Red Bootloader screen.
Yeah, it won't boot in bootloader mode if the usb cable is connected. Well, it's sometimes better to find out things all by yourself
Besides, I don't think anyone other than myself is researching this stuff on Vox. Too many ordinary users and nearly noone in to h*cking.
You don't have 1.04 on your phone by any chance?
RE: older bootloader
No joy.
Sorry.
Its 1.15
My SP has vanilla mods.
Its just out of the box the last 4 days in NYC!
The phones not even available AFAIK in the US yet-- except special order.
Got mine in London last week.
Still working out the kinks.
BTW:
Im looking for info/docs/someone who has forced GSM codec through WM6 to this handset through Asterisk LOCALLY-- Asterisk SIP logs show successful codec negotiation and initial start of audio delivery-- but the stream pukes out on my handset immediately-- ideas? Im begining to think it may be a cpu issue. Thanks.
850mph said:
BTW:
Im looking for info/docs/someone who has forced GSM codec through WM6 to this handset through Asterisk LOCALLY-- Asterisk SIP logs show successful codec negotiation and initial start of audio delivery-- but the stream pukes out on my handset immediately-- ideas? Im begining to think it may be a cpu issue. Thanks.
Click to expand...
Click to collapse
Yeah saw that. I don't think it's a CPU issue, could run GSM codec just fine on a stone old iPaq. Try trunning omap overclocker and set it to 240MHz and see if it makes a difference. Keep using the SIP thread for any replies on this
POF's O2/Nova Solution
jockyw2001-
I suppose youve seen Pof's post #89 (dated 4-8) in the "ELF Update SPL (USPL)" thread which calls for running enable-rapi.cab (on O2 Nova) BEFORE elf-uspl.exe?
Id try it myself but want a few days of joy with my handset BEFORE creating a potential brick.
From my reading if the elf-uspl.exe makes it to 75% in stage 2 before white-screening-- you're close (well, 75% anyway.. wink!). Seems like Pof could have a couple of suggestions at that point. Maybe hell be kind enough to comment?
You're on it.. but I thought Id ask.
Cheers.
Heres something I am trying to work out-- even after many hours of reading:
I understand that there is an exploit in the 1.04 bootloader which can potentially bypass CID and Certs when flashing a new ROM image on both SPs and PPCs..
I also understand that bootloaders 1.09+ cant be downgraded.
So am I right in assuming that potential VOX ROM-chefs have at least ** TWO ** potential paths to solving the bootloader issue:
1) Find a 1.04 bootloader **AND** a tool which will load it successfully
-- Then use the exploit (which I read about-- but cant find) to flash the ROM
-or-
2) Find a way to Flash **ANY** bootloader onto the vox with elf-uspl.exe
-- Then (keeping our fingers crossed) elf-uspl.exe can be patched to defeat the CID&CERT issues with the vox
Now heres the question:
I am right in assuming that we **DONT** need to find a way to flash **SPECIFICALLY** the 1.04 bootloader onto the ROM **BEFORE** we can take advantage of a patched elf-uspl.exe?
Is that correct?
Cheers.
Oh yeah.. AM I right in assuming that the WM5/6 bootloaders are EXACTLY the same code (except for dated revs) across all WM SP and PCC devices-- sort of like the ability to install grub or lilo on **ANY VENDORS PC** no matter what OS or eventual Software Packages end up on the box?
Looked at another way:
When they talk about the 1.15 bootloader in the Blue Angel Board they are talking about the EXACT SAME 1.15 bootloader in the VOX board?
I mean, I know this is gotta be the case but I need a little reassurance here-- As Im still a bit confused on why PPC software should run on SP devices-- even understanding that they use (generally) the same subset (WM5/6) of the CE5/6 API-- But have different CPUs.
850mph: cool to see there actually are brothers in arms
I've tested pof's USPL extensively, but haven't got it to work (yet).
Actually you need to run enable-rapi.cab only if your phone isn't yet application unlocked, i.e. if it doesn't allow to run unsigned apps. Mine is application unlocked so I can skip that step.
The next step is to load a modded SPL in RAM at physical address 0x10000000 and to run it. Once this modded SPL is running another modded SPL can be flashed.
I've tried to load an unmodified SPL in RAM (e.g. SPL 1.15) and to run it. This can be done with following 2 steps:
1) psetmem.exe -f -p 0x10000000 spl.nb
2) run haret.exe on device (can use cecopy & cerun); cerun -b CE:\haret.exe
Note: haret.exe is a linux kernel loader which was modified by pof to run a USPL from 0x10000000
What happens is that my phone reboots into the stock bootloader (SPL 1.16) in RUU mode. I have to use MTTY in order to boot the phone in WM again (see post #1 and #2 in this thread).
Actually I think haret.exe does run the SPL 1.15 which is loaded in RAM, but that at some point the code resets the device.
I'm quite sure we can run a specially prepared USPL or SSPL which allows flashing another specially prepared SPL such that the device is effectively CID unlocked which again means that any vendor's firmware can be flashed. I also think we don't absolutely need the SPL 1.04 for that purpose.
This is good info.
I see what you are trying to do now.
Im gonna take some time to get up to speed on Dumping/Reading/Flashing from the Trinity Hermes and Elf pages. Until then Im afraid Ill be of little use.
Until now Ive strictly been a Linux/GCC-guy. Im tempted (but not convinced) that I want to take the time to learn Microsofts WM5/6 IDE. Its a time issue (obviously).
But I will spend some time on the whole S710 ROM-cooking (and bootloader) issue this week. It looks manageable.
I see you have basically been mixing and matching the various ROM cooking tools-- including using Msofts CE powerToys. Is there no single suite (besides the ImagefsTools) which you can recommend I look at first (With the understanding we need to solve the bootloader issue specifically for the vox first)-- I see various kitchens for various devices. Do any of them see plausible as a starting point for an HTC/Vox kitchen suite?
GOOD LUCK.
Cheers.
** EDIT **
I REALLY think the S710/S730spec are GREAT devices-- couple of minor issues-- but just fantastic form-factors.
new in the sandbox
Hi guys,
I just got my XPA 1415 some days ago (for info, it's just the same than the others (HTC S710, SPV E650 and Vodafone V1415, VOX, ...) but from Swisscom (Swiss provider).
I've been reading around and found this thread that was the most related. I actually tried to use the techniques provided by jockyw2001 with no luck.
Doing a prun bkondisk does not work, neither any of the itsutil tools. I do think that my device is somehow protected, but I've no clues how to proceed next. I'm going to continue searching, but if any of you has an idea, it's more than welcome.
If I manage to dump that *damned* ROM, I'll make it available...
I've currently (on booloader ONBL 1.23.0000, SPL 1.23.0000, CPLD 04)
Cheers,
Nick
Nevermind...
I think I've been able to proceed with the backup (I've used the Microsoft Security Configuration Manager) when I realized that my system (Windows 2003 x64) the tool was not working.
Which made me think that maybe the procread and the other prun bkondisk might also have been blocked by the x64.
I've tested on my laptop (regular XP) and it works fine... just FYI !
** EDIT **
I've also tested the ELF haret with a downoaded SPL and I got the same result as jockyw2001...
BTW, jocky, did you find a way to re-create a proper nh from the bkondisk end result (bk_##_####.img) ?
nwaelti said:
BTW, jocky, did you find a way to re-create a proper nh from the bkondisk end result (bk_##_####.img) ?
Click to expand...
Click to collapse
The IPL and SPL are useable. The radio dump called bk_02_0005.img is from offset 0xA0000 identical to the radio rom. The first 0xA0000 bytes are other parts, probably splash + gsmdata + simlock + serialnrs. The OS file seems not directly useable and must be reordered somehow. More interesting is the ROM reconstruction method described here. Of course first we need to be able to flash unlock the Vox. I think the SSPL is most suitable for this purpose, this may need some reversing of the SPL with IDA Pro.
Thanks for those info, I'll try to go in that direction. Would be nice to find which one is splash, which one is gsm and the others below 0xA000.
I know we need to rev. SSPL. Don't exactly know where to start though I can't flash mine with any original ROM as Swisscom is not providing any.
BTW. viewimgfs gives me back a "packing DLL not found" (or some similar). Anyone had that also ?
I'll try to download IDA Pro...
It's below 0xA0000
I will do some testing again with the Vox today. I will see if I can paint the screen with a few instructions @0x10000000
I think I can not just run the SPL on VOX in the same way as you can on the ELF. The IPL on the VOX is 128kB, whereas on ELF it is only 2kB. So I think I will have to patch the IPL and run that first. I'm afraid that it will take a bit more time. Basically it will then be a SSPL (search forum for SSPL and user 'des') with both IPL and SPL patched and running in RAM.
But maybe it is also possible to patch just the SPL, because it could be that the default action initiated by IPL is to reset the device in RUU bootloader mode.
Given some time it can all be done I'm sure

HTC Kaiser SSPL v1 (or flashing any rom 4 free)

* THIS WILL WORK ON KAISER ONLY - FOR GENERIC METHOD SEE JumpSPL *
This tool allow to flash any Kaiser ROM bypassing CID and signature check.
You'll be able to change the ROM language, flash cooked roms, custom splash screens, etc...
FEATURES
Code:
1. SuperCID / Security Level=0
2. Does not check NBH signatures
3. Based on 0.92 Shipped SPL
4. Accept any Model ID
5. Disabled initial SD card loading to prevent hang
INSTRUCTIONS
Transfer SSPL-KAIS.exe to your Kaiser
Connect the USB cable and run SSPL-KAIS.exe (on kaiser, not on PC!)
Click "Continue", the Bootloader tri-color screen should appear
Check SPL version number: if it ends in ".JumpSPL" then everything is fine.
Unplug the USB cable and re-plug it
Device is ready to flash any ROM, you don't need ActiveSync at all.
DISCLAIMER
This software is free to use but at your own risk, I take no responsiblity for any conflict, fault, or damage caused by this unlocking procedure. No warranties of any kind are given.
DONATIONS
Your donations are a strong incentive to continue research on new devices, if you find JumpSPL useful please cosider making a PayPal donation. Any donation amount is greatly appreciated ​​
Enjoy!
--------------------
UPDATE: Found a problem on SSPL where it will hang when flashing a full ROM with a new RUU due to the NBH buffer being smaller in SPL-0.92, I removed the link and will update Kaiser SSPL version when I have some free time. At the moment, please use Kaiser Hard-SPL, this is safe
For those of you had the phone stuck in bootloader mode after flash with SSPL stopping at 16%, follow these instructions to unbrick your phone:
1. Download mtty.exe
2. Disable activesync (connection settings -> uncheck "allow usb connections")
3. Connect your Kaiser to PC using USB cable.
4. Open mtty, select USB port and click OK.
5. Hit ENTER twice, you should see the "Cmd>" prompt.
6. Type the command "boot", you should see something like this:
Code:
Cmd> [B]boot[/B]
InitDisplay: Display_Chip=1
No card inserted
OSSIReadBack ++
Read SI data from flash success
tail signature match
Checksum match
UserStorageSIPreload ++
After that device should boot WM6 again, you can now re-enable USB connections in activesync and flash HardSPL
[- reserved -]
OMG thank you POF!!! You are truly the MASTER!!
Question how do we go about dumping and using Imgfs tools in Kaiser ROMS?
Can you give us a basic run down since its different than the Hermes please
Okay, excuse my ignorance, but when you say Kaiser, do you mean all versions of the Kaiser, like the ATT Tilt (8925), or just the HTC Kaiser? Please don't beat me up
austinsnyc said:
Question how do we go about dumping and using Imgfs tools in Kaiser ROMS?
Click to expand...
Click to collapse
See here how to dump the ROM: http://forum.xda-developers.com/showthread.php?t=334680
I've not researched yet on how to use ImgfsTools, reconstruct dumped roms, etc... but should not be very different from what you already know from hermes, just be creative
kman79 said:
when you say Kaiser, do you mean all versions of the Kaiser, like the ATT Tilt (8925), or just the HTC Kaiser?
Click to expand...
Click to collapse
All versions
now the race is on for who comes out with the first ultra lite, mega storage space slim downed rom, who will it be.......
pof! you are tha MAN!
Thanks!
Donation to follow...
-Syrius
pof said:
* THIS WILL WORK ON KAISER ONLY - FOR GENERIC METHOD SEE JumpSPL *
3. Based on 0.92 Shipped SPL
Click to expand...
Click to collapse
was this from me??
- Syrius
Syrius_B said:
was this from me??
Click to expand...
Click to collapse
Yes Thanks mate!
pof said:
Yes Thanks mate!
Click to expand...
Click to collapse
anytime
- Syrius
HI Pof,
Does this also SIM unlock the device?
Or if I use this CID unlock and load the HTC rom will that SIM unlock the device?
Thanks
OMG, wonderfull.... now only need some research on how to repack dumped /modified ROMs... any aproach?
THANKS Pof you are incredible...
botap said:
HI Pof,
Does this also SIM unlock the device?
Or if I use this CID unlock and load the HTC rom will that SIM unlock the device?
Thanks
Click to expand...
Click to collapse
Only CIDUnlock.... SIM Unlok is not ready...
pof said:
See here how to dump the ROM: http://forum.xda-developers.com/showthread.php?t=334680
I've not researched yet on how to use ImgfsTools, reconstruct dumped roms, etc... but should not be very different from what you already know from hermes, just be creative
All versions
Click to expand...
Click to collapse
HI POF Ihave tried the above method using pdocread but keep getting an error , not sure if its because im using windows vista ultimate.
duttythroy said:
HI POF Ihave tried the above method using pdocread but keep getting an error , not sure if its because im using windows vista ultimate.
Click to expand...
Click to collapse
I manage to dump mine without problems using Vista Ultimate too ... if you get this error when executing pdocread
Code:
[I]
C:\itsutils>pdocread.exe -l
Copying C:\itsutils\itsutils.dll to WCE:\windows\itsutils.dll
Could not update itsutils.dll to the current version, maybe it is inuse?
try restarting your device, or restart ActiveSync [/I]
You have to modify this registry key, and then softreset using power button:
[B]HKLM\Security\Policies\Policies
[/B] valuename '[B]00001001[/B]' was set to dword:2, change it to dword:1
dword: any thing other than 1 disallows unsigned
dword: 1 allows unsigned
(extracted from Hermes wiki and tested on Kaiser)
jcespi2005 said:
I manage to dump mine without problems using Vista Ultimate too ... if you get this error when executing pdocread
Code:
C:\itsutils>pdocread.exe -l
Copying C:\itsutils\itsutils.dll to WCE:\windows\itsutils.dll
Could not update itsutils.dll to the current version, maybe it is inuse?
try restarting your device, or restart ActiveSync You have to modify this registry key, and then softreset using power button:
HKLM\Security\Policies\Policies
valuename '00001001' was set to dword:2, change it to dword:1
dword: any thing other than 1 disallows unsigned
dword: 1 allows unsigned
(extracted from Hermes wiki and tested on Kaiser)
Click to expand...
Click to collapse
just fount it on the wiki, thanks
help
@jcespi2005 just tired it change policies to dword 1 tried the same command but now getting this error.
c:\itsutils\pdocread.exe is not a valid Win32 application
what to do
duttythroy said:
@jcespi2005 just tired it change policies to dword 1 tried the same command but now getting this error.
c:\itsutils\pdocread.exe is not a valid Win32 application
what to do
Click to expand...
Click to collapse
Works fine for me... Try to download latest version of pdcoread here...
http://www.xs4all.nl/~itsme/projects/xda/tools.html
Big problem
Hi all I have a big problem I have try to flash my kaiser from SRF and using kaiser_JumpSPL_pof_v1. at 16% my the copy hanged and the Rom wizzard told me to remove the kaiser battery.
and after that I lost my old rom and I have the SPL from the factory ! and I dont have any copy from my old Rom.
and My phone is locked...
so How I can do to copy and execute the kaiser_JumpSPL_pof_v1 to my devis to try to flush the kaiser again
thx for you help
Titosa
Instructions to unbrick posted in the first post.
I'm closing this thread until I have time to post an updated and hopefully working version...

O2 XDA Mini S (G4) Not flashing

Well, i've flashed the X50v and HTC Touch Elfin before, however I seem to be having some problems with the Wizard. I'm trying different ROMS and none seem to be working. Once a flash appeared to go through correctly, and the splash screen at startup was changed, but it still booted into WM5.
Now even though it is CID unlocked, it says that the RUU is out of date and won't update the phone.
IPL is 2.21.0001
SPL is 2.21.0001
have you downloaded and flashed with Wizard_Love_2.26.10.2_WWE_Novii_CF2 first if not then do. using the SoftSPL-V0.1 just extract then copy over the nk.nbf file after which do the same for the wm6 rom you wish to use. i advice using the TNT.20273_Professional_Wizard_HTC_Home_FREE rom or the TNT.20273 Professional Wizard rom. either are good roms.
i have the same phone and it worked a treat
Obsidiandesire said:
Well, i've flashed the X50v and HTC Touch Elfin before, however I seem to be having some problems with the Wizard. I'm trying different ROMS and none seem to be working. Once a flash appeared to go through correctly, and the splash screen at startup was changed, but it still booted into WM5.
Now even though it is CID unlocked, it says that the RUU is out of date and won't update the phone.
IPL is 2.21.0001
SPL is 2.21.0001
Click to expand...
Click to collapse
How do you confirm its CID unlocked,as G4 device cannot be CID unlocked and with its present IPL/SPL it isn't even HardSPL ?
A G4 phone can only be upgraded to wm6,either through SoftSPL or HardSPL,you can read about them in the G4 sub forum posted as stickies.
Thanks for the help guys, for some reason the hardSPL wasn't working, but now I have 6.1 on my phone! I have another problem, however which I'm going to create another thread for later today, here it is if anyone see's this:
Since upgrading to Winmo6.1, my keyboard layout has been broken. I have an O2XDA MiniS, so it's a UK phone.
Here's the layout I should get:
QWERTYUIOP
ASDFGHJKL (Del)
(cap)ZXCVBNM(up)(Enter)
(Dot)(Tab)(Windows)(Ok)(Space)(period)(left)(down)(Right)
And with dot-shift (Don't know the actual term)
1234567890
[email protected]#$%&*() (Del)
(cap) - _ € £ + = ; : (enter)
(dot) ~ (Win) " (sym what does this do?) , ' / ?
This is what I Get
QWERTY is exactly the same, its the symbols with Dot-Shift that have changed
123456790
[email protected]#$%&() (del)
(cap) ` -_+ = * ; : (Enter)
(dot) (Tab[Should be ~]) (win) " , ' / ?
I have tried the Et9 cab file which didn't seem to do anything, let alone work.
There was a post I saw which had a link to a rapidshare file which has now expired.
Some people have tried registry settings, that hasn't worked for me.
I've spent the last hour searching, this keyboard means a lot to me.
I bought this phone for my girlfriend but ended up keeping it since I love the keyboard, sometimes do Python scripting on the go, editing word docs + email browsing is easier. So she now has my Touch Elfin (which is newer)
So yeah, i'll pretty much copy + Paste that into a new topic if this doesn't get any replies by say 8PM GMT?
I don't really like making hundreds of new topics for every little problem I Have. Otherwise there'd be one for Opera + Hardware buttons (Plus the internet button on HTC home screen)
one for it not staying in landscape mode when the keyboard is down, and one for my myriad of MiniSD card troubles
sorry forgot about this issue about the keyboard its simple to put it back to uk even if its a pain.
step 1 open regedit
step 2 open HKEY_CURRENT_USER
step 3 open ControlPanel
step 4 open Keybd
step 5 select Locale and change it from 0409 to 0809
and now everything should be in the right place
anything else feel free to ask

[REF] Easiest way to SIM unlock your Elf/Elfin even if it's "MCC+MNC = None"

[REF] Easiest way to SIM unlock your Elf/Elfin even if it's "MCC+MNC = None"
First of all, sorry for my bad english...
Here goes the best way I found to unlock all Elf/Elfin, even those with the deadly "MCC+MNC=None" (wich is my elfin).
I saw some people say that when flashed with "Elf_Elfin_2.11.0.0_MFG_ModuleBuild" the phone it's not SIM locked anymore, but after reflashing with another rom it got locked again.
I tried that myself and it was true, I flashed "Elf_Elfin_2.11.0.0_MFG_ModuleBuild", then flashed other rom (with only the OS part) over it and bam, was locked again.
So the locking part should be in the OS. After looking over the system files, I found two files (SIMLock.exe and SIMLock.exe.0416.MUI [my OS was BR Portuguese]) and thought "here is the locking problem" (because "Elf_Elfin_2.11.0.0_MFG_ModuleBuild" don't have those files in the system folder!). Then I deleted those files and it wasn't SIM locked anymore... but it didn't find any networks.
So I serached a little more (google is your best friend in times like this) an discovered that the file rilgsm.dll is responsible for the network... It starts and calls SIMLock.exe, if SIMLock.exe returns a valid SIMcard, then rilgsm.dll starts the network service.
So that's the diference between "Elf_Elfin_2.11.0.0_MFG_ModuleBuild" and the other roms, its rilgsm.dll don't have the part that calls to SIMLock.exe, it just starts the network service based on the SIM card you have inserted.
So I just took that dll from that test rom and copied over another rom and it worked like a charm!
Enough talking, here's what you gotta do to SIM unlock your Elf/Elfin (no matter what rom you have):
You will need this file (unlocked "rilgsm.dll")
- Extract the file you just downloaded to a temporary folder.
- Turn on your mobile WITHOUT the SIM Card.
- Connect your Elf to your PC (activesync).
- Find the files "rilgsm.dll", "SIMLock.exe" and "SIMLock.exe.0***.MUI" (the *** depends on the language of your OS) on the windows folder of your mobile and make a bakup of them (in case you want to SIM lock it again).
- Copy the extracted "rilgsm.dll" over the one on the windows folder (say yes when it asks to replace the file).
- Delete both "SIMLock.exe" and "SIMLock.exe.0***.MUI".
- Turn off your mobile.
- Insert any SIM Card (that didn't work before) and turn your mobile on again and enjoy your newly unlocked ELFin!
If you intend to flash some other rom, just copy the dll again and it's ready to go.
Hope this helps.
Great find!!!
For Rogers users who are using the regular stock ROM, it is probably a good idea for them to use the regular free unlocking method because rilgsm.dll is responsible for Rogers Name Display. Other than that, I hope it works well for everyone else!!!
Anyone else tried this?
yes, I have, did not work. phone does not have simlock.exe or simlock.exe.xxxx.mui on windows folder, and just replacing rilgsm.dll does not affect carrier lock. when inserting sim card from other operators, it still asks for subsidy code.
Tested phone is:
ELF010050
BSTAR502
IPL: 2.24.0002
SPL: 2.26.0000pof
99HEH077-00
Operator Tim Brazil
ps.: I tried as well when phone was with stock rom, and was the same thing.
br
Good idea!!
I haven't tried your procedure but I also know that OS contained in "unbricker rom" (test only rom) do SIM unlocking, so I believe this will work . I will try it soon in my free time. Thanks!!!
I'll try to reflash my elfin tomorrow and do some other tests with it, to see if there are any problems with some specific roms.
My elfin:
ELF010050
BSTAR502
IPL 2.24.0002
SPL 2.24.0000
99HEH077-00
Claro Brazil
I'll post something more tomorrow.
Sorry for the lack of testing before posting (newbie yet).
i would feel better by patching or replacing the simlock.exe file instead of changing the dll.
zerostuff, why don't you add a poll to this thread to see if it works for most people?
Thank you for the idea dsixda.
I sent the .exes and .dlls to a friend of mine and asked asked him if he can find the locking part in those files (because i'm just a normal user and don't know anything about hex editing and stuf).
And I'm still testing some roms on my elfin to see if I can find a working and a non-working way to unlock it (so far, all the roms are working).
thinking of buying a htc elf
hi all im thinking of buying a htc elf but its locked to orange is it easy to unlock and get rid of the orange start up logo .
would you give me step by step guide on how to do it ?
thanks in advance
As you can see, some is easy to unlock others no solution yet...
@ zerostuff
elfin ELF010050 BSTAR502 from Vivo Brazil, had the simlock.exe and simlock0416.exe.mui . I replaced those files with and small clock app, and replaced rilgsm.dll , and did not worked (error 'unavailable file', and then hang) . So, I deleted the simlock.* , and phone got into menu, but no signal.
indeed, this is a way to go, but still need improvements.
@ chester-lad-2009
search board, there are many topics regarding that. this topic is not for that discussion.
br
zerostuff said:
- Delete both "SIMLock.exe" and "SIMLock.exe.0***.MUI".
Click to expand...
Click to collapse
hi, i use onyx 4.43 rom and when i try to delete a message tell me "could not delete. i try in windows and in my elfin too using total comander and sktools. how can delete this files?
I've try on my HTC Touch 3450 (PT) substitute the file and i can't! And i can't found these 2 files...
Using Total Commander
First we move the rilgsm.dll to windows folder, then delete the two files SIMLock.exe & SIMLock.exe.0***.mui, and ignore the Warning! Could not delete 1 file(s)...
Then reboot the ELFin and it´s done....loooooool... No need to put codes...
Just doing those steps, it´s done the SIM_Unlock
Strange??? i don´t know, but work´s
Note: Tested with One PT ELF and One ELFin BRS, worked fine!!!
Great post works like a charm!
i needed to use another explorer since my original rom dont let me move or copy windows folder file!
i used WinFileCE.exe to do the trick , but it worked !
1 more thing , is it possible to cook a rom with this files inside!? because if i hard reset the phone it relocks it self by this method!!
These two files they realy removed???
I cant' remove this two files because the cellphone is using them, how can i stop process's on Windows Mobile?
Using TC I was able to copy rilgsm.dll to \Windows. But simlock.* are a different story and I wasn't able to delete them.
Anyway, using this version of rilgsm causes the phone connection to die: it cannot be set on from Comm Manager. And then after some time, Comm Manager throws two or three errors.
It's an HTC Touch from Claro, Argentina. The ROM is http://forum.xda-developers.com/showthread.php?t=442391
Code:
Touch version : Elfin
Device ID : ELF010150
CID : BSTAR301
IPL : 2.24.0002
SPL : 3.07.cmonex
ROM Version : 3.07.720.03
ExtROM Version : None
Operator Version: None
AKU Version : 1.2.7
Page Pool : 12 MB
RAM Size : 128 MB
ROM Size : 256 MB
Model No. : ELF0100
Part Number : 99HEH129-00
MCC+MNC : Not found
Any information you guys want or some tests that could be run in the device, just tell me.
Cheers.
Not worked Efl 3450 ( 64/128)
The idea was great, but not worked with Efl 3450 ( 64/128)...
My device was patched (IPL 2.27/SPL 2.28 cmonex) and Rom ELVES ROM V5.0 - CE OS 5.2.2021.
No files found in windows dir "SIMLock.exe" and "SIMLock.exe.0***.MUI", so i just copy this file (unlocked "rilgsm.dll") to windows dir and i did a soft reset.
Result: deviced hanged.. new soft reset: boot ok, but no radio ( even trying to turning on manually), just wi-fi working..(nice to make calls from skype )
I don't have any clues about how to bypass simlock..
Any help will be appreciate.
Cheers
RILGSM.dll is not locked/unlocked
The thing is, that file controls GSM<-->PDA radio functions. As you took RILGSM from a "test" rom (is unlocked one)
When u sim unlock a device, it doesnt overwrite RILGSM with "unlocked" properties
The solution will be rewrite a RILGSM.dll file, and write a SIMLOCK.exe file with spoof properties to make think device is unlocked

Perfected SPL 0010 cracked by simple steps

I have only verified this on Indonesian HTC Magic (similar like India's airtel) comes with SPL 0010 Sign-On. Original source: http://bwicaksono.posterous.com/htc-magic-indonesia-can-now-be-rooted
The simple steps:
1. Ensure you have HTC Sync installed
2. Download: http://www.freewebtown.com/blipblap...a_WWE_2.53.707.2_SEA_test_signed_NoDriver.exe
3. Download: http://www.freewebtown.com/blipblap...WWE_2.16.707.3_SG_release_signed_NoDriver.exe
4. Run the ROM RUU_Sapphire_HTC_Asia_WWE_2.53.707.2_SEA_test_signed_NoDriver.exe and let it finished, reboot.
5. Run ROM: http://www.freewebtown.com/blipblap...WWE_2.16.707.3_SG_release_signed_NoDriver.exe, let it finished, reboot.
At the point number 5, you already have the SG ROM with market place, google etc. Plus the 0009 SPL - non perfected SPL.
I have tried it, and it works, now mine can get into Fastboot!
Lol man..this has been posted by ekidagen here..
in bwicaksono posterous, he quotes mine...and the source is here at xda...
Hit Me up at Yahoo.., lesjaw..lets talk about Rom..Yihaaaaa....
lol, nice try sevenfire. Next time use the "search" function first.
Sorry then .
back to SPL 0010
can u tell me how to get back to SPL 0010

Categories

Resources