Database Info

UPDATED!!! [[RELEASE]] Tornado Windows Mobile 6 ALPHA

WM6 for Tornado
ALPHA RELEASE!
The link is now BROKEN as I have had to take down the ALPHA version to make way for the test BETA that I've made available to a few people for preliminary testing.
Note: This is in no way a finished product, some stuff still might not work, but as far as Tornado ROM's go in terms of speed and reliability, it runs like sh!t off a shovel
But we take no responsibility for any catastrophies that might occur eg. you brick your phone, your dog dies, your girlfriend gets pregnant etc. etc.
This ROM was developed entirely in our free time between college and university, there's no need to pay us for that, but a donation would be nice. If you wish to do so, then please click HERE
To Do:
MMS
HTC Camera App
Remove remaining HTC debug apps
Changed:
Fixed WiFi problems
Fixed Audio problems
Fixed GPRS issues (IPL 2.00, SPL 2.00.0008 and Radio 4.1.13.28_02.61.01 included in the NBF to sort this out)
Custom splash screen
Voice Command in ROM
xT9 cab (must install BEFORE the lanugage pack)
xT9 Language pack with 14 different languages
HTC Task Manager cab
HTC Comm Manager cab (unfortunately, bluetooth settings don't work yet)
HTC Clear storage cab
SP5 and SP5m button fixes as cabs
I will embed these cabs at a later date, however atm, I don't have time so I've just dumped the i-mate SP5 ROM and cab'd up a few apps you all wanted.
Phil

Flashing instructions are as follows:
NOTE: This will work on vista providing you have followed the Vista RUU guide HERE or HERE
For those getting the "Not Allow Operation" error in TeraTermPro, or, even worse, getting stuck in bootloader after flashing. You MUST superCID your device using the SPV-Sevices client! This step is NOT optional and could result in your phone becoming a brick if anything goes wrong
1. Make sure you device is SuperCID, you can check using the SPV Services client, if on reading the CID it displays 3131313131313131 in a long string of numbers then it IS CID unlocked, if not, the click the CID = 11111111 button and reset your device
2. Download the ROM linked in the first post
3. Download the attached TeraTermPro.zip
4. Disable USB connections in ActiveSync (right click the icon in the systray, then select connection settings and untick the USB connections box), turn off your device, hold camera ad plug the device into the USB port to enter bootloader mode.
5. Extract TeraTermPro.zip and run ttermpro.exe, then select Serial and then USB in the drop down box. Then type:
Code:
info 2
You will then probably get the following output:
Code:
info 2
GetDeviceInfo=0x00000002
+ SD Controller init
- SD Controller init
+StorageInit
CMD55 failed
+ SD Controller init
- SD Controller init
+StorageInit
CMD55 failed
HTCSSuperCID ' HTCE
Cmd>
If you don't see HTCSSuperCID ' HTCE above the Cmd> prompt then your device isn't SuperCID. You must use the SPV Services Client to make your device SuperCID as instructed in step 1
6. Type
Code:
format BINFS
This will then output:
Code:
Cmd>format BINFS
Format BinFS partition.
Format is completed!!
Cmd>
7. Now type:
Code:
ResetDevice
You device will then reboot, display the splash screen for around 2 seconds before running into the bootloader again. This is normal.
8. Extract WM6TornadoALPHA.zip then run ROMUpdateUtility.exe in the RUU folder.
9. Wait while it flashes your device
10. Install the extras you want in the 'extra stuff' folder, I recommend you install comm manager, task manager and xT9 as these solve most of the WiFi and T9 icon issues people are expericencing
11. Done
Phil

Thanks go to:
duke_stix
Faria
c4software
tadzio
anichillus
molski
bepe
Speacial thanks to pyrorob and bogdi1988 for their contributions since release
And last but certainly by no means the least, our anonymous sources, who, without their trust, we would have never got anything to cook

Sick of reading?
DOWNLOAD ALREADY!
The link is now BROKEN as I have had to take down the ALPHA version to make way for the test BETA that I've made available to a few people for preliminary testing.
So far, my site has had around 74GB of traffic just from that one file!
This ROM was developed entirely in our free time between college and university, there's no need to pay us for that, but a donation would be nice. If you wish to do so, then please click HERE
Phil

And i am HERE!!
I'm sorry but how can I delete this reply...

I'll sticky that thread for now. Congratz on that wm6 for tornado btw.

That will be the day.

vista help please...
i know u r very busy trying to release the alpha, but could you post any instructions for the people using Vista? how to flash and what do we need to be able to run WM6 with Vista
thanks again for all of the work

I'll get started on 'apps' for WM6!

@bogdi1988 - Updated second post
Phil

jm012a9749 said:
@bogdi1988 - Updated second post
Phil
Click to expand...
Click to collapse
THANKS A BUNCH!!!
one more question what do i use to change the cid?

bogdi1988 said:
THANKS A BUNCH!!!
one more question what do i use to change the cid?
Click to expand...
Click to collapse
Unlock your phone first, then use SPV-Services to change the cid.
See SDA Application Unlock and SPV-Services in the attachments.

was just testing out to see if i can connect via teratermpro.
and it seems i cant. ? :s
Shot at 2007-07-16
Shot at 2007-07-16
fixed the issue seems that tertermpro tools doesnt seem to connect or work for me.
so i used mytt 142.exe application
Turn off the phone and disconnect USB
Press Camera button and holding it insert USB connector (or holding Camera button press Power button for 1-2 seconds).
When "Need an UI (0)?" appears on the screen press [0] immediately. You will see tricolor screen, in the blue zone there will be "Typhoon IU" message, if you see "Typhoon XIP" you were late to press [0], start from beginning.
Run mtty1.42.exe from archive, choose [USB], press Enter and you will see a prompt.

Will this method work if I don't want to SuperCID as my warranty is not over yet?
"Here is how I got the rom to install without the devauth error.
1) use a hex editor on the rom file and search for the devauth.exe string e.g. 44 00 65 00 76 00 41 00
2) between the "devauth" and the "exe" you will see the hex "00 2e".
3) swap these bytes around so they are "2e 00" instead of "00 2e".
4) This will keep te same checksum but will not allow the devauth.exe to run. well it work in my case at least"
Hope it works
Click to expand...
Click to collapse

is it work on my
Imate SP5m \
running Windows Mobile 5

what about downgrade to WM 5.0?

nice work.thx!

Hello
Where is the ROM??
Can anyone post the link please?
thx

The Rom Will Be Posted In The First Page When It Is Ready, Now They Are Just Packing The Rom, So Please Be Patient

i heard that super cid doesn't work with internet explorer 7, is that true?I set cid=111111111 and when i enter in spv_services again it shows me the old cid

All the technical details you'd like

Here's the thread for tech details. No questions in this thread, please.
My input:
Rooting the Rogers Dream
Download the tools required
Extract to anywhere on your computer.
Place update.zip on the root of your sd card.
Reboot the device into SPL (power off, hold camera button, boot, press "back" or "send" [check prompt on device] to enter "FASTBOOT" instead of "HBOOT")
Code:
fastboot boot recovery.img
Apply update, wait until phone idles, press HOME+BACK, it will reboot, finish writing hboot, then reboot again into recovery by itself. Do not interrupt it at all until it's done.
HOME+BACK to reboot into regular device.
Power off, hold camera, boot, go back into FASTBOOT
Code:
fastboot flash recovery recovery.img
Code:
fastboot flash boot boot.img
Code:
fastboot reboot
that's it!
Rooting the HTC Magic / Sapphire: http://android-dls.com/wiki/index.php?title=Magic_Rooting
Developer notes (for devs and rom builders):
Dev's (cyanogen, i'm looking at you [you requested this info ]) you can download my hacked up mkbootimg and some other tools here: http://www.mediafire.com/?njl4x5ozldm
these are all baked up by me in a flurry of rush and etc, so excuse the sloppiness
You will have 2 tools to use now, compileboot and compilebootmagic.
compileboot creates a regular g1 boot img (and the vodafone magic as well supports these old boot locations)
compilebootmagic has 2 options.
compilebootmagic -1 will create an image supported by the HTC Dream (rogers), all new magic devices, and most likely the hero and etc (these new locations are based on ram size pretty much)
compilebootmagic -2 will create an image with user supplied arguments (it says dream but disregard it, i made it before finding out the new codes matched -1)
Discovering new boot locations!
This is a fun (and easy) bit.
Just grab a boot.img from the device you'd like to learn about, and follow the chart below:
Code:
0xf-0xc (backwards): kernel addr
0x17-0x14 (backwards): ramdisk addr
0x1f-0x1c (backwards): second addr
0x23-0x20 (backwards): tags addr
you can also use this script (linux users):
Code:
#!/usr/bin/php
<?php
function bootloc($file) {
$handle = fopen($file, 'rb');
$data = stream_get_contents($handle);
fclose($handle);
$text = "";
for($a = 0; $a < 8; $a++) {
$text .= $data[$a];
}
if($text == "ANDROID!") {
$out = sprintf("Kernel addr : 0x%02x%02x%02x%02x", ord($data[hexdec('f')]), ord($data[hexdec('e')]), ord($data[hexdec('d')]), ord($data[hexdec('c')]))."\n";
$out .= sprintf("Ramdisk addr: 0x%02x%02x%02x%02x", ord($data[hexdec('17')]), ord($data[hexdec('16')]), ord($data[hexdec('15')]), ord($data[hexdec('14')]))."\n";
$out .= sprintf("Second addr : 0x%02x%02x%02x%02x", ord($data[hexdec('1f')]), ord($data[hexdec('1e')]), ord($data[hexdec('1d')]), ord($data[hexdec('1c')]))."\n";
$out .= sprintf("tags addr : 0x%02x%02x%02x%02x", ord($data[hexdec('23')]), ord($data[hexdec('22')]), ord($data[hexdec('21')]), ord($data[hexdec('20')]))."\n";
return $out;
} else {
return false;
}
}
if($argc < 2) {
echo "Usage:\n";
echo $argv[0]." <img file/s>\n";
echo "example:\n";
echo $argv[0]." boot.img boot-new.img recovery.img recovery-new.img\n";
} else {
for($a = 1; $a < $argc; $a++) {
$out = bootloc($argv[$a]);
if($out) {
echo $argv[$a],":\n";
echo $out;
} else {
echo $argv[$a]," is not a boot/recovery img!\n";
}
}
}
usage: bootlocations.php <boot.img, more than one can be supplied>
example: bootlocations.php boot.img boot-new.img
NOTE: i will try to keep adding to this until it's full. any information that isn't in here, feel free to request via pm.

Reserved for future postings

Once again, great work Haykuro

Okay, I see the trickery now.
Thanks for this info, I'll build a version of CM for Rogers later

Another thing.. Does this device use the same libhtc_ril.so as the G1 ROM and/or does it need different RIL properties in build.prop? I am thinking it does because of the different radio, but I've only seen G1 "ports" of the ROM.

cyanogen said:
Another thing.. Does this device use the same libhtc_ril.so as the G1 ROM and/or does it need different RIL properties in build.prop? I am thinking it does because of the different radio, but I've only seen G1 "ports" of the ROM.
Click to expand...
Click to collapse
lol the g1 ports of the rom never changed the lib much (if not at all [do an md5sum ;P])
the phone is practically identical to ours, aside some physical things (crystals, etc)

thx for the tools
cheers

Thanks again Haykuro! This is great information.

thank you for this! Hopefully intructions on how to root the mytouch will come soon!

Tried to make a version of CM-3.6 for the Rogers Dream and it isn't booting according to the testers.. Doesn't even get adbd started.
I set the boot.img up properly.
Code:
Kernel addr : 0x19208000
Ramdisk addr: 0x1a200000
Second addr : 0x1a100000
tags addr : 0x19200100
Something else has to be different, or that device hates my kernel.
EDIT:
Haykuro sent me the kernel config from a running Dream device, and there are some options enabled in it that aren't part of any Linux kernel.
CONFIG_MSM_AMSS_SUPPORT_256MB_EBI1=y
CONFIG_CPU_FREQ_GOV_MSM7K=y
So we are going to need whatever they patched in to be able to build custom kernels. Interestingly, the device is also using cpufreq settings of 384MHz/528MHz by default.

Great job haykuro, but ive been hearing reports that you cannot flash any rom (only rogers based roms) Any news on this? Thanks again!

I commend your turn around, Steve, and am quite impressed.

cyanogen said:
EDIT:
Haykuro sent me the kernel config from a running Dream device, and there are some options enabled in it that aren't part of any Linux kernel.
CONFIG_MSM_AMSS_SUPPORT_256MB_EBI1=y
CONFIG_CPU_FREQ_GOV_MSM7K=y
So we are going to need whatever they patched in to be able to build custom kernels. Interestingly, the device is also using cpufreq settings of 384MHz/528MHz by default.
Click to expand...
Click to collapse
That is my stumbling block too. It's not just those two options, config diff is quite significant. I've sent a couple of emails to htc kernel devs a few weeks ago, but got no response. HTC must release the patched source, though, to comply with GPL2. I'm not sure what's be the best way to persuade them to.

Can't ender code in SPL
Once I boot into SPL how do I enter the code. nothing happens when I press the keys on my keyboard.

stongest said:
Once I boot into SPL how do I enter the code. nothing happens when I press the keys on my keyboard.
Click to expand...
Click to collapse
Wow this was pretty dead and you just revived it from its slumber among the dead.
Theres no code to enter
You have to install once you get a custom rec.

Ace42 said:
Wow this was pretty dead and you just revived it from its slumber among the dead.
Theres no code to enter
You have to install once you get a custom rec.
Click to expand...
Click to collapse
At least he searched for it

stongest said:
Once I boot into SPL how do I enter the code. nothing happens when I press the keys on my keyboard.
Click to expand...
Click to collapse
through adb

ok.. I am getting closer to understanding this!
But, still no luck.
I downloaded this file
http://sapphire-port-dream.googlecode.com/files/spl-signed.zip
then saved it to my SD card and renamed it to update.zip
Then I do this
Reboot the device into SPL (power off, hold camera button, boot, press "back" or "send" [check prompt on device] to enter "FASTBOOT" instead of "HBOOT")
and nothing happens.. any ideas?

You install .zip things like that, like the SPL and new roms in the recovery mode, not bootloader. You'll start up with home + power to get to that.
However, given that you don't know this yet, I'd spend a *lot* more time getting comfortable with the whole flashing roms/messing with your phone stuff before installing that SPL, that's a pretty good way to brick your phone if you don't know a bit more about what you're doing.

Sorry for necro posting, i'm new to the whole rooting thing. My phone info is:
Firmware: 1.5
Baseband Version: 62.59S.20.23U_3.22.26.17
Kernel Version: 2.6.27-d5acf552
Build Number: 1.89.631.1 146733 CL#94714
I have a rogers HTC dream for Canada.
What files do i exactly need, and once acquiring them I just follow the instructions in the first post?

How to: CyanogenMod your G1 from scratch incl hardspl

for the t-mobile g1 with 1.6 firmware and some number stuff like drc92 and other G ones that won't cooperate..
to mod it from a stock (t-mobile nl) rom.
What u need :
1 sd-card (preferably more then 128mb)
1 pc running windows (i run win 7 ultimate)
1 usb cord
1 phone-internet connection (there is a wifi version too but since i find it not neccesary i wont link it. instead if you dont have phone internet : just download the packages on pc and put them in the G1)
1 app from market called : mybackup (you can use it for backing up contacts and stuff.. backup to sdcard and copy it to pc)
Backup
-download app MyBackup from the google marketplace and make a backup of programs and contacts (if you dont have phone-internet then get it from pc)
Preparing Gold Card:
- insert sd card into G1 and format it (whatever sd card and whatever format (there is only one on G1 hehe so go find it. also format is to be found in G1.)
- attach to pc and copy the RC7 image(DREAIMG.NBH) on the sd card in the G1 (do not detach from pc, i know you wanted to)
- goto appstore and download terminal emulator (as it says like that)
- open Terminal Emulator on G1
- type:
cat /sys/class/mmc_host/mmc1/mmc1:*/cid
- write down the code somewhere, its ur CID thingy
- push backbutton
Reverse the CID:
Begin: 1c5356555344202010051cc3b7008cf4
1c 53 56 55 53 44 20 20 10 05 1c c3 b7 00 8c f4 (yes i copied it from you thnx - normal code... add the spaces so your CID looks like this (your own CID not this one )
f4 8c 00 b7 c3 1c 05 10 20 20 44 53 55 56 53 1c - reversed one (note the couples are reversed)
00 8c 00 b7 c3 1c 05 10 20 20 44 53 55 56 53 1c - now change the first two digit to 00
so you will have something looking like this: 008c00b7c31c0510202044535556531c (this is example CID so use ur own!)
- goto revskills and get a goldcard image with the code ur having now. revskills page
- now get the mail and save the attachement in a dir
Making your Goldcard:
- right-click and open as admin Hxd editor
- in HxD editor :
- goto extra menu and open disk > choose psysical disk > ur sd card
- goto extra menu and open disk image > choose the received file from mail called : goldcard.img and press ok on the popup saying some about 512
- now go to this tab goldcard and goto topmenu and edit>choose select all and then topmenu again and copy
- now go to first tab (ur sdcard) and select 00000000 to 00000170 with mouse (mark it)
- goto top menu and select edit> write
- now goto top menu and save
- pull the G1 out of pc
- yes you can
- ok now pull the battery out (or shutdown if u have the time)
- press camera button+power so it will give this rainbow 3 color shizzle
- you see a gray screen saying some words you probably wanna read.
- now press power to confirm overwrite the rom thing
- reboot by holding the two phone buttons (hangup and answer)and press menu or home and back (im not sure but one of these work and you see something saying it updates some stuff.
(if this dont work in ur G1 (specially latest versions) you can use a sdhc usb cardreader or a windows mobile phone or anything else with direct disk acces mode , probably nokia and sony ericsson too)
on the next boot you will have the old RC7
(if you have no internet on phone you can skip the next 2 lines and download the package and copy it to the G1 (dont know where so if anyone can tell me it would be nice to help people out )
- fill in your google account stuff
- Download Android "Telnet" application from the Market.
- Download recovery.img and copy it to your SD card. rename it to recovery.img
- Download the Hard SPL and copy the zip file to the SD card. (this is for G1 drea110 htc dream only so be carefull as this stuff can ruin your phone)
- All files must be on the root of your SD card.
- turn off the phone and detach from the pc
Rooting your G1- RC7 phone:
On RC7 Rom and lower, anything you type into your keyboard is also being run in a hidden console with root permissions.
To get root access, do the following:
- Restart your phone. Wait for your phone to start up fully and show the home screen.
- Unlock it by pressing menu after you typed code for sim and it fully started ( it will auto-lock itself)
- Hit the enter key twice,(Yes, it will start up a contact search, so you can see what you type . aint it cool) type "telnetd" and press enter.
- start telnet application you downloaded before on G1 and connect to localhost. (if you dont see localhost and connect window you have wrong app or need to reboot another time). If you connect successfully, you will have a root prompt "#".
Type the following into Telnet (these commands will give you root access for now):
mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
cd sdcard
flash_image recovery recovery.img
cat recovery.img > /system/recovery.img
Power off your phone by pressing send/hangup&menu together when its done.
Now you have the modified recovery and root !
Now that you have root and stuff, you will want to apply "Hard SPL" to your phone. HardSPL includes engineer SPL and is what will allow you to apply any rom image from any other regions
(like UK on US phones, UK on dutch and vice versa), create full backups of your phone, install the latest build from the Android source, enable usb on recovery mode, usually resurrect your phone if it is "bricked" and give you allways root and ability to flash another rom. Allows fastboot. Fastbooting of images allows the flashing of 1:1 images of system, data, boot, cache, pretty much everything.
You have already downloaded the file to your SD card, so now you can apply it.
-Start up in recovery mode by holding home and pressing power.
-You will now enter recovery mode. You should see an exclamation.
-If you do not see a menu on screen, press Alt-L to show the menu. It is supposed to show the modified recovery menu.
-select update from zip to apply the update.zip (hardspl) from the SD card.
-After the update is complete, hold Home and press Back to restart.
ok your G1 europe 1.6 or whatever version is now unlocked.
Installing your modded rom:
now download this europe rom (or here: link ) and this cyanogen update mod
(here are more roms: android-roms make sure you READ what is needed for this roms as these all need different recovey and things which are all nicely written to you in the help and readme files that come with it.)
- copy both files to root of the sd-card
- detach G1 and shut it down
- press home and start to get into the menu
- wipe device
- wipe cache
- install from zip the europe rom and do not reboot or anything else
- install cyanogenMod
- after it finish press both talk&hangup button and tap menu
- its probably giving the recovery menu . take out the battery and put it in and start the phone normally
- wait a long while for the phone to setup and i donno what the heck it needs to do but let it.
enjoy...
THnx to this greatfull forum-members like myself, moneytoo, amon ra, cyanogen, mark_v, persiansown who do this coz few others can and they have a sort of happy feeling doing it.

hi.
this isnt working for me. i used the hex editor to copy sections 00000000 to 00000170 from goldcard.img to my sdcard, then shut down and turned on phone with HOME+POWER, it "hangs" on phone with exclamation mark image. if i press home+power again i'm presented with default android recovery. i did put DREAMIMG.NBH to the root of my sdcard.
that means no confirming anything... what am i doing wrong then?

Seriously, use 1Clickroot.

maxisma said:
Seriously, use 1Clickroot.
Click to expand...
Click to collapse
1clickroot doesn't work with 1.6, does it?

greglord said:
1clickroot doesn't work with 1.6, does it?
Click to expand...
Click to collapse
The new should work in theory.. idk..

greglord said:
hi.
this isnt working for me. i used the hex editor to copy sections 00000000 to 00000170 from goldcard.img to my sdcard, then shut down and turned on phone with HOME+POWER, it "hangs" on phone with exclamation mark image. if i press home+power again i'm presented with default android recovery. i did put DREAMIMG.NBH to the root of my sdcard.
that means no confirming anything... what am i doing wrong then?
Click to expand...
Click to collapse
thats probably coz i mixed up buttons for starting the rainbowscreen updating mechanism.. sorry for that
i dont own or have a G1 so im not used to the button layout
edit: you can in that screen press Alt-L to get the menu , once u have the recovery.img installed it will change there to the menu of the modded recovery

maxisma said:
The new should work in theory.. idk..
Click to expand...
Click to collapse
i have no idea
but it might be handy to put a link to the file you mentioned instead of shouting it without researching the fact whether it works or not in 1.6

can anyone quickly tell me what the advantages of having the hard spl are? all iv done is rooted, (via 1 click) and then flashed cyanogens latest. radio was already up-to-date. just wondered if flashing new spl changes anything? many thanks

Hard SPL enables you to install roms like Hero or others that have a large "update".zip

bbuchacher said:
Hard SPL enables you to install roms like Hero or others that have a large "update".zip
Click to expand...
Click to collapse
Actually...The Haykuro SPL allows that...

Ace42 said:
Actually...The Haykuro SPL allows that...
Click to expand...
Click to collapse
Right. HardSPL (and DangerSPL) are something that allow fastboot. Fastbooting of images allows the flashing of 1:1 images of system, data, boot, cache, pretty much everything.
You should always have HardSPL/DangerSPL installed so you can fastboot a nandroid image as a worstcase scenario.
Jesus, the amount of noobiness is this thread is astounding.

persiansown said:
Right. HardSPL (and DangerSPL) are something that allow fastboot. Fastbooting of images allows the flashing of 1:1 images of system, data, boot, cache, pretty much everything.
You should always have HardSPL/DangerSPL installed so you can fastboot a nandroid image as a worstcase scenario.
Jesus, the amount of noobiness is this thread is astounding.
Click to expand...
Click to collapse
thnx for clearing that out
as i said i dont own a G1 i modded a friends one . so i dont know anything about this G1 but getting a new rom on it hehe.
i choose the hardspl as precaution and it seemed pretty stable from what i read.
i choose the 1.5 recovery as i thought it should have the same recovery image as the rom . dont know about that. it is the 1.4 recovery with some extras which are usefull, cant deny that.
i choose the rom as it seemed to be the most stable at the moment and allows thetering . this is why i needed to rom upgrade in the first place. second place that i just like modding and unlocking so that one can do everything with the device as it is yours anyway.

APEX.7 said:
can anyone quickly tell me what the advantages of having the hard spl are? all iv done is rooted, (via 1 click) and then flashed cyanogens latest. radio was already up-to-date. just wondered if flashing new spl changes anything? many thanks
Click to expand...
Click to collapse
it is allready answered in the how to ..

I can vouch for the OP tutorial working on the Australian Optus(Singtel) HTC Dreams wtih DRD20 build. Just waiting on that final epic long load up now.

Anacche said:
I can vouch for the OP tutorial working on the Australian Optus(Singtel) HTC Dreams wtih DRD20 build. Just waiting on that final epic long load up now.
Click to expand...
Click to collapse
I'm also G1 / 1.6 / DRD20 ... it's sounds good news for me ...

Hahahhahahh.....
this post should be named "The Most Difficult Way to Root your G1". How bout this.....downgrade to 1.5, DL one click root, and you're done.

Please help!!! Pleasee!
Do help me out on this one. I really can't seem to actually make my SD card into the gold card part. Whenever i plug it in the G1 or on a USB reader it tells me it's damage and needs to format.
i have two questions, Can i flash SPL first, then do a downgrade then flash recovery?
2nd : If i can't then can i flash recovery, flash spl then do a downgrade to RC7?
if so how do i flash my recovery?
DO HELP ME OUT PLEASEE! i've been on this for days!!!

I know that this is going to cause problems and fighting but, I cannot read this thread and not say anything in good conscious.
With the amount of errors and misinformation in this thread, perhaps the OP should leave the tutorials and how-to's to the people that actually HAVE a G1, have modified ROMs on their phone, and can support the questions that are asked in the thread.
Just my two cents, but I have a feeling that my words are supported judging from the general consensus of the previous posts.
~DM

DirectMatrix said:
I know that this is going to cause problems and fighting but, I cannot read this thread and not say anything in good conscious.
With the amount of errors and misinformation in this thread, perhaps the OP should leave the tutorials and how-to's to the people that actually HAVE a G1, have modified ROMs on their phone, and can support the questions that are asked in the thread.
Just my two cents, but I have a feeling that my words are supported judging from the general consensus of the previous posts.
~DM
Click to expand...
Click to collapse
Id have to second that, while I may not have many posts here on XDA,I've rooted and rebuilt and replaced screens from 7 G1's using the how to's and wiki's here on XDA(thanks devs). My thought is if it the current guides work we should prob stick with them unless someone else figures a better faster way.(ie;one click root). By the way,just wanna say,I've never charged anyone to root their phone or fix one. The knowledge I've gained I learned here,it wasn't something I developed and I think its wrong for people to take open knowledge they didn't come up with and charge other people for it like I've seen at some of these cell phone repair shops and on craigslist. If your gonna charge for the knowledge then pay the people you gained the knowledge from. Sorry for going off topic,just had to vent.

[Q] Qtek 8310

My phone is only three color mode, if i switch on. I try different rom upgrade but nothing. What i can do?

A little more information is needed:
What does the 3 color screen tell?
What happens if you execute a ROM update?
How do you try to make the ROM update, shipped ROM (which) or a cooked ROM (which)?
Has the device ever worked?
Which ROM was on the device before it got stuck in bootloader (3 color screen)?

Tri-color screen meant by bootloaderit (red, green, blue). When I try to update the ROM, it shows that it would be done, but the re-launch the bootloader all the time. Try a different ROM, which is designed for the HTC Qtek 8310 and the Tornado. WM6, WM61 and WM65. WM5 device worked before, more detailed version i dont know. letter on the screen IPL: 2.00 SPL: 2.00.0009

It seems that the loaded ROM does not succeed to load. If you load a shipped ROM everything outlined below should be done automatically for you, so if that does not work as well, then the device may be broken. So check first if you can load a shipped ROM again.
For cooked ROMs you need to prepare the BINFS to match the size of a ROM before you load it. As you succeed in loading any ROM, the device seems to be CID unlocked already. Check the following:
Connect the device in bootloader mode. Switch off, then keep camera button pressed and insert USB cable.
Disable USB for Active Sync (Connection settings of AS).
startup a terminal program that can connect via USB (e.g. TTerm pro)
connect ot the USB port
press enter
Command prompt appears
enter "info 2" (no quotes) enter
read the last line, it should give something like "HTC SuperCID". If not, then you must CID unlock the device first. Lookup the relevant threads for the cooked ROMs or search for Lokiwiz.
If the device is already SuperCID, then you must match the BINFS formatted size to be larger or equal the ROM size (OS partition). For most cooked ROMs it is the binary file size. Relevant actions are also described in some cooked ROM threads, e.g. mine - see my signature.

What is shipped ROM? Original Rom? I do not have it.
Tera Term
info 2
GetDeviceInfo=0x00000002
+ SD Controller init
- SD Controller init
+StorageInit
CMD55 failed
+ SD Controller init
- SD Controller init
+StorageInit
CMD55 failed
HTCSBPT_0501 Lqœ»HTCE
I try unlock SuperCID with program lokiwiz02b.
But nothing happend.
machinagod's HTC Wizard Unlocker v0.2
NOW WITH CID Unlocking POWER!
--------------------
WARNING: This tool is highly experimental!
I will NOT be held responsible for any problems caused by this tool.
--------------------
Thanks to xda-developers, spv-developers, and especially itsme by the work they
released. This solution would not be possible without them.
--------------------
U. Unlock
L. Lock
C. CID Unlock (SuperCID)
Q. Quit
--------------------
Type the letter and press Enter: c
CID unlocking mobile... DO NOT DISCONNECT UNTIL THE PHONE REBOOTS!
What i try next?

IF your OS is not up, then the lokiwiz will not do anything to your device!
With THIS status you should not succeed in doing any update or format your BINFS. You first need to get the original OS up and running again before you van get any further on changing your OS. The steps to take are:
Get old OS running up again
Application unlock the old OS
CID unlock the device (backup your *.bin files!)
load new OS
1.) is your problem currently. There are several ways to achieve this, try a hard-reset first, this should work for your device:
switch off device
press L+R softkey and hold both
switch on device and keep L+R softkey pressed
wait until prompt and act accordingly
device will reboot to OS
OK now?

I do not have the original OS or even the old OS. After a hard reset as well as the OS does not come up.
# Switch off the Device
# Softkey Press L + R and hold Both
# Switch the device and keep L + R softkey presses
Press 0 to restore factory default. Other key to exit
I press 0
After hard reset load the bootloader again.

OK, then you need to load the CID matching old OS via the shipped ROM standard procedure. Look to: http://www.shipped-roms.com/shipped/Tornado/ and get 8310_2090_253121_020900_to_dan_eur_ship.exe
Execute it on the PC while the device is connected in bootloader mode. If that does not work, then try other ROMs in the same directory until you succeed with the loading.
Mind that a first boot takes 3-5 minutes, so be patient if the bootloader is not coming up any longer. Also do not interrupt the ROM loading in the first steps when the upload has started. It is normal that there are phases where the progress bar does not move. I think the sequence is per partition (IPL, SPL, Splash, OS): load to RAM (bar progressing), load from RAM to ROM = flashing (no bar progress, but color change of bar at the end). The large OS partition is loaded at the end of the sequence so the second step will take some time - be patient.
Good luck!

I try all ROM's but always give me ERROR 294 INVALID VENDOR ID.
And now the phone does not start anymore. No picture. I dont know what happend

This seems to prove that the device has something broken.
Make sure that the battery gets charged while the device is off. Despite the device was connected to USB all the time there is no charging happening in bootloader mode. Wait until the green light is there again before you continue - power drain in bootloader mode is quite heavy.
When none of the shipped ROMs work for upload, it really gets hard to load back an OS running on that for further steps :-(
There is a procedure called "Gold Card method", the rough procedure is (only did that once years back - so this is no step-by-step guide):
Prepare the card so that the bootsector contains the magic device specific "Gold Card" signature. For that you need a trial version of PSAS, and a working windows mobile device(!).
then you would have to load the *.nbh file that gets uploaded to the device (and fails) to that mini-SD card root directory,
rename it to TORNIMG.NBH there
load the card to the device,
then reboot to bootloader (Camera + on)
and hope it gets it loaded
A detailed procedure is described for the Excalibur device but this works equally well for Tornado if you adjust the relevant parts (PSAS is the success of QMAT). Mind that the miniSD card should be in really good condition (fresh full format, check that the file loaded can be read byte-identical from it). If the loading from the card fails or corrupts the IPL/SPL while loading then your device is really bricked. It happened to me with an Excalibur (read the whole thread linked above) - so be extra careful (though - what do have to loose?)!

[HELP!] Velocity Cruz T301 Full Brick Recovery

Hi XDA,
so basically i bought a Velocity Cruz T301 recently and followed the known procedures for rooting, flashing ClockworkMod Recovery and custom rom (SJHill Rom v0.3).
before the full brick my device was at ClockworkMod 5 and rooted with SJHill Rom v0.3.
i installed CWM by flashing the zip in stock recovery, then succesfully rooted the device, finally wiped and flashed my custom rom
after major dissapointment in this tablets performance i decided i wanted to get rid of it.
So i downloaded the stock rom, wipe and flashed it onto the tablet...
the tablet turned off when it was finished (i think it was attempting to reboot) and never turned back on again...EVER! :good:
i cant even get to recovery
i tried flashing with adb and fastboot but the device is never even presents itselft to the computer.
i found out that you can boot the device into USB boot mode where you hold the "VOL -" (Volume Down) button and press the reset button and while connected to the computer (windows only) a "JZ4760 USB Boot Device" appears.
i did some googling and also found out that the T301 is based on similar tech to a bunch of tablets and they can all be modified by some software released by Ingenic called USBBootTool.exe
the tool is written in chinese and i cant decypher it all, though i found out how to use it based on its usage for other Ingenic based tablets
1.) you will need to disable driver signature verification (press F8 on boot of windows and toggle the setting, i hate rebooting too but it has to be done)
2.) boot your tablet into USB Boot Mode (hold down Vol - and press Reset button)
3.) install the driver for your device (included in the files below)
4.) with the tablet disconnected you would open the USBBootTool.exe
5.) select your tablet in the options and fill each box with the files needed to flash (files included below)
6.) reconnect the tablet while still in USB Boot Mode and the software will flash your device on detection
everything goes fine for me except when i get to the flashing part in the end.
when USBBootTool detects my tablet, it attempts to flash and gives me a stream of errors and never flashes my device.
i dont know what to do at this point. i have provided direct links to all the software im using and also links to where i got them.
any help would be appreciated, thank you to the XDA community in advance
>------------------- DOWNLOADS ------------------------<
USBBootTool.exe / Tablet Drivers (4725 / 4725B / 4740 / 4750 / 4755 / 4760 / 4770)
http://dl.dropbox.com/u/79196608/burn_tools_3.0.16.rar
obtained from - http://forum.xda-developers.com/showthread.php?t=1720621
Velocity Cruz T301 Update.zip (contains the system.img / data.img / mbr-xboot.bin files)
http://www.cruztablet.com/T301update.zip
obtained from - http://www.cruztablet.com/Article_861.php
SJHill Rom v0.3
http://www.androidfilehost.com/?fid=9390362690511176486
obtained from - http://www.slatedroid.com/topic/27583-rom-t301-sjhill-rom-17-feb-2012-download-link-updated/
ClockworkMod 5
http://files.androtab.info/ingenic/cwm/20120514/T301-recovery-signed.zip
obtained from - http://androtab.info/mips/ingenic/clockworkmod/

I have the same situation. I have gone through every menu in the USB Boot tool and to no avail am I able to recover my T100.

gmick is redoing the software because the coding is set up wrong. Once he gets that figured out there should be a fool proof unbricking method that we can follow. He is posting information over on Slate Droid if you want to take a look.

feyerbrand said:
gmick is redoing the software because the coding is set up wrong. Once he gets that figured out there should be a fool proof unbricking method that we can follow. He is posting information over on Slate Droid if you want to take a look.
Click to expand...
Click to collapse
ok post the link to the thread, and ill add it to the first post as a solution if its found to be a working one

JustSayTech said:
ok post the link to the thread, and ill add it to the first post as a solution if its found to be a working one
Click to expand...
Click to collapse
*Cross Post from SlateDroid* (but I can't post the link because XDA won't allow it)
I found out why the USB boot isn't working. Well, more appropriately I know where it fails but not exactly "why".
The USB Boot tool works like this:
1) Send x00 command (Get CPU Info)
2) Device responds with "JZ4760V1"
3) Host sends two binaries, stage1 and stage2. Stage 1 sets up memory stuff, and Stage 2 sets up USB flashing functions.
4) Host checks that the binaries executed by issuing another x00 command (Which serves as an "Are you still there?" function)
5) If the response is good, the host will flash the images, if the response is bad, it will abort.
Our devices are failing at step 4. The linux usb boot tools (xburst-tools) fail in an identical fashion.
I know that the first stage binary transfers and executes fine because if it didn't the device would be limited to 16k. The second stage is 120K and is transferred successfully. Once the second stage "execute" command is sent, the device crashes.
The second stage is also unique to the CPU type. I've used all of the binaries for JZ4760 I could find on the net and when that failed I cross compiled my own binary from source and it still crashed.
At this point I highly doubt I'll ever be able to fix it, and this completely explains why no one could get any usb recovery tool to work while others using similar devices could. I guess our board is modified just enough for ingenic's stock binaries to fail. Without knowing what's changed (getting Velocity Micro's source) we're SOL.
I can open it up again and solder on the serial header but I'm betting it's going to give me some generic "couldn't execute" message that isn't going to help me. I'll probably do this anyway though because I've come this far so what's the loss.

wow, i learned alot from that post, seems like writing a usbboottool-like application that can send the commands but also log and possibly bypass security checks etc but that def would take sometime. thank you for your insight, seems youve come the closest to cracking the case, actually you found the fault, hopefully your methods can eventually bring about a fix

JZ 4770
gmick said:
*Cross Post from SlateDroid* (but I can't post the link because XDA won't allow it)
I found out why the USB boot isn't working. Well, more appropriately I know where it fails but not exactly "why".
The USB Boot tool works like this:
1) Send x00 command (Get CPU Info)
2) Device responds with "JZ4760V1"
3) Host sends two binaries, stage1 and stage2. Stage 1 sets up memory stuff, and Stage 2 sets up USB flashing functions.
4) Host checks that the binaries executed by issuing another x00 command (Which serves as an "Are you still there?" function)
5) If the response is good, the host will flash the images, if the response is bad, it will abort.
Our devices are failing at step 4. The linux usb boot tools (xburst-tools) fail in an identical fashion.
I know that the first stage binary transfers and executes fine because if it didn't the device would be limited to 16k. The second stage is 120K and is transferred successfully. Once the second stage "execute" command is sent, the device crashes.
The second stage is also unique to the CPU type. I've used all of the binaries for JZ4760 I could find on the net and when that failed I cross compiled my own binary from source and it still crashed.
At this point I highly doubt I'll ever be able to fix it, and this completely explains why no one could get any usb recovery tool to work while others using similar devices could. I guess our board is modified just enough for ingenic's stock binaries to fail. Without knowing what's changed (getting Velocity Micro's source) we're SOL.
I can open it up again and solder on the serial header but I'm betting it's going to give me some generic "couldn't execute" message that isn't going to help me. I'll probably do this anyway though because I've come this far so what's the loss.
Click to expand...
Click to collapse
for my JZ4770 Earlier USB tool was flashing .img without any problem but for now it is saying "load cfg failed". "API downlaod failed' like dialogues and doesnt flash anything. Any idea? Thanks in advance!!

First restart your computer (actually restart it) then redownload the USB boot tool and save it in a completely new directory and use a different USB port
Sent from my Pokeball

Yes, I did
JustSayTech said:
First restart your computer (actually restart it) then redownload the USB boot tool and save it in a completely new directory and use a different USB port
Sent from my Pokeball
Click to expand...
Click to collapse
Yes, I tried with this suggestion. Rather I reinstalled xp and the tried again. But the dialogues are same. The history is like this. Was having ICS on JZ 4770. Formatted with usb tool and put JB updates. It was not sensing touch so reflashed another JB updates. Now the tab boots, it reaches to boot logo for around 12 seconds and restarts in stock recovery. While it is in booting stage it get detected by windows and adb also. In stock recovery mode it get detected by windows and in turn by adb also. If I tried to install updates through SD card it shows it had installed and reboots after completion. But again the same way it goes to boot logo and then back to stock JB recovery. It also boots in ingenic boot device mode and gets detected by USB burn tools. But when try to flash any of the ROM it gives the same dialogues "check cfg failed" "api download failed" "boot. fw failed" and cant flash anything.
Is there any tool which can be flashed or a script which can be used from SD card for completely formatting flash memory so that USB burn tool can flash required ROM?

can you flash the stock rom in recovery?

Managed using USB BOOT TOOL for ingenic JZ 4770 board in English
JustSayTech said:
can you flash the stock rom in recovery?
Click to expand...
Click to collapse
thanks man but I managed to boot the device. I used following USB BOOT TOOL for ingenic 4770 boards. The goodness with this tool, this is completely in English. You will know what you are doing. Even after opening the main window of the tool you can right click and then get another options(yes again in English). My problem with this device was bad blocks at 1024. In the options there is chance to force erase whole the nand partitions which I used and erased all the partitions thereby made all the partions available for flashing and readable by the tool. Then from File option selected stock rom files and flashed them. While flashing selected JZ4770 iNanad.ini file in manual configuration. This tool has really helped me to come out of the issue and will be useful for guys using JZ 4770 board.
http://www.4shared.com/rar/m1BUV5r2/USBBurnTool_20120401_for_relea.html

Got USBBootTool.exe kind of working.
1. Download the following file from Ingenic.
ftp * ingenic * cn/3sw/01linux/tmp/jz4770-20110610.rar
2. Download Applocale from Microsoft.
www * microsoft * com/en-us/download/details.aspx?id=13209
3. Extract the jz4770-20110610.rar and find the folder. (Using 7zip should keep the UTF encoding in Chinese)
20110610\04burn\20110524_4770_Programmer
4. Copy the folder 20110524_4770_Programmer to location you want to use it in.
5. Install Microsoft Applocale (Just in case, I don't think it is required)
Now Start Applocale and create a shortcut to USBbootTool.exe inside 20110524_4770_Programmer
中文(简体) is simplified Chinese option and should let you view the GUI correctly.
6. Now with the Applocale Shortcut created for USBbootTool.exe you can start the application with correct fonts.
Now this is where is breaks down.
TABLET-8 NAND FINAL BSP(S3 TEST) will allow you to read from it and write to it, but the CFG is off.
\tool_cfg\tablet-8-nand-final.ini is the configuration for it.
DO NOT CONNECT THE DEVICE WITH ANY OPTIONS CHECKED OR LOAD ANY FILES.
See Attached Images.
Next to the Read button is some Boot Option menu. I am not fulling aware of what this does.
What I need is a someone to help me fix/correct the ini/cfg files in
\20110524_4770_Programmer\tool_cfg\.ini
\20110524_4770_Programmer\4760\
to correctly match the files of the NAND.
Also if anyone has a copy (dd to img) or (cat to img) of the block devices.
That would help a ton.
# cat /proc/partitions
# cat /proc/mtd
I would also love another T10x Tablet for cheap.
I want to start building things like new bootloader, kernel, system image,
performance libraries to take full use of the Ingenic JZ4760 (www * ingenic * cn/product.aspx?CID=11)
I also bring Christmas gifts
2 APKS. You can place them in /system/app or /data/app.
Google Play will crash now and again, but it will load and work. (Vending.apk)
Secondly I bring the gift of performance increase, just by a slight bit.
edit the line of the heapsize in /system/build.prop dalvik.vm.heapsize=96m
Remember to make sure the permissions are set back to 666 or 644.
Original Vending.Apk before updates came from here: (Incase you are paranoid)
code * google * com/p/ics-nexus-s-4g/source/browse/trunk/system/app/Vending.apk?spec=svn20&r=18
ics-nexus-s-4g * googlecode * com/svn-history/r18/trunk/system/app/Vending.apk
To prevent spam on the XDA forums, ALL new users prevented from posting outside links in their messages. After approximately 10 posts, you will be able to post outside links. Thank you for
Click to expand...
Click to collapse
Stupid. how do you expect real people to help post Tech Docs? That is bad Moderating and Administrating.
Make sure to replace the Asterisk's with spaces to normal dots.

Requesting Block Images.
Does anyone have a copy of it they can send me for a T10x?

block images......
IceGryphon said:
Does anyone have a copy of it they can send me for a T10x?
Click to expand...
Click to collapse
Which block images do you want?
...also is there a way to rip the stock images off the jz4760 in the t301.
Such as:
Can i usethe ingenic uboot tool?
Anybody find the jtag pins?
Is the 4 pin conn next 2 the batt for serial?
.......i guess ill try to take a look this weekend
Ics would be really nice, but probably slower than stock..... especially with the limited ram
I unpacked the stock rom. I also unpacked an ics rom for a jz4770, and repo sync'd the aosp and mips 3.0.8 android kernel.
I'm still trying to figure out specs for the processor though. I know that its mips32 - el- fp- r1, but i cannot figur out the dsp version ... if it has one?

Error in erasing nand
nanachitang420 said:
thanks man but I managed to boot the device. I used following USB BOOT TOOL for ingenic 4770 boards. The goodness with this tool, this is completely in English. You will know what you are doing. Even after opening the main window of the tool you can right click and then get another options(yes again in English). My problem with this device was bad blocks at 1024. In the options there is chance to force erase whole the nand partitions which I used and erased all the partitions thereby made all the partions available for flashing and readable by the tool. Then from File option selected stock rom files and flashed them. While flashing selected JZ4770 iNanad.ini file in manual configuration. This tool has really helped me to come out of the issue and will be useful for guys using JZ 4770 board.
http://www.4shared.com/rar/m1BUV5r2/USBBurnTool_20120401_for_relea.html
Click to expand...
Click to collapse
I used english ingenic tool to erase bad blocks but m nt able erase bad blocks live suit is giving eror id=0x4848