Related
First of all, I'd like to say that I performed Anansky's BigStorage upgrade without a hitch on my 850MHz JAM running on Cingular's network. The only concern was that the device was reporting itself as a PM10A instead of a PM10C.
Precautions:
1. Use the write-protect feature on your SD card in the unlikely event that Windows or your PocketPC wishes to write or format it.
2. Use a smaller SD card, as the steps will create a ROM file as big as your card, and it'll take a while to load the file to make changes, update the SD card, etc.
3. Burn a copy of your downloaded ROM file to a CD for safety purposes.
4. Always keep your PocketPC charged either through your PC's USB port, or through a USB-to-AC adapter.
For those who want a quick rundown on how I did it:
1. From the FTP, download NTRW.EXE (version 2.0), ROMUPDATE.EXE, and MAGICIAN_OS1.11WWE_BIGSTORAGE_6.ZIP.
2. With your JAM connected via USB to your PC, disable ActiveSync's connections.
3. Enter the Bootloader and backup your entire ROM to your SD card using ROMUPDATE.EXE.
4. Read the contents of your SD card into a ROM file using NTRW.EXE. (Note that Administrator priviliges are required on your Windows account in order to read/write to the card)
5. Modify the first 416 decimal bytes of the OS1.11WWE_BIGSTORAGE.NB1 (extracted from the ZIP file) by using the first 416 decimal bytes from your ROM file.
6. Write the newly modified ROM file onto your SD card using NTRW.EXE.
7. Enter the Bootloader with the SD card inserted and flash the newly modified ROM to your device.
Notes:
1. I was able to reflash the official i-mate CE ROM (1.11) and Radio, thinking I'd force 850MHz support back into the device in the uncertain event it lost it during Anansky's upgrade. However:[list:44fd36694d]1. The Radio can't be flashed without the CE ROM being flashed alone first.
2. Any reflashing of the Radio or the CE ROM will lose your newly acquired 27MB Storage area. The Device Information applet will report a crazy value for the Storage area when in fact it's totally gone. The only way to restore it is to put your backed up old ROM image onto the SD card and perform the flash from the card.
2. The only way to find out how the hack was done is to look at the different versions of the hack and compare them byte-by-byte to the official updaters.
3. Perhaps one can perform another full SD-to-ROM backup with Anansky's upgrade and compare the files as well, then inject the compatible ROM portions and leave his hack in place.
4. Reflashing any of the ROM portions did NOT restore my model back to PM10C, which leads me to believe that it's outside that region untouched by the official flash utility.
5. I was only able to reflash with the official ROM updaters AND the hacked MaUpgradeUt_noID.exe from the FTP, and while it was in Bootloader mode only.
[/list:u:44fd36694d]
Lastly, I restored my original ROM image in its entirety and will try again sometime in the future to see if I can incorporate the 850MHz ROM into Anansky's hack. It was nice having the extra 27MB free for a short while, but until he comes back or someone else figures it all out, it'll be a risky endeavour in the event of another official ROM upgrade.
ADVANCED USERS ONLY. I take no responsibility for the information I provide below.
I dissected Anansky's ROM to find different sections which I could possibly compare. This is by no means accurate, but I have found certain locations to be of value.
Using the Magician ROM layout on http://wiki.xda-developers.com/index.php?pagename=MagicianRomLayout, I was able to build upon that template. Note that the values start with 80000000, but subtract that value and you get the starting points below.
00A6019C-00AC82D6 = UNKNOWN
00AE019C-00B3319A = UNKNOWN (REFERENCES TO RINGTONES)
00B6019C-00C3F3D5 = UNKNOWN (REFERENCES TO GPRS?)
00CB019C-00F88BF6 = UNKNOWN
00FB019C-014101CF = UNKNOWN
0143019C-0185B015 = UNKNOWN (APPROXIMATELY 4MB... RADIO ROM?)
0187019C-01995D38 = UNKNOWN (REFERENCES TO T9 DICTIONARY)
019E01AC-01CDDE58 = UNKNOWN (REFERENCES TO LDAP, DRM)
01DB019C-01E21343 = UNKNOWN (WINDOWS MEDIA PLAYER COMPONENTS?)
01E4019C-01EF8943 = UNKNOWN (SOLITAIRE / JAWBREAKER)
01F1019C-01F9B0CE = UNKNOWN (REFERENCES TO VPN)
01FC019C-0236A72B = UNKNOWN (APPROXIMATELY 3.8MB, REFERENCES TO NETWORK ADAPTERS, MODEM)
03F80140 = ANANSKY'S ROM CREDITS
03FB819C = MODEL (PM10A)
03F4015C = DATA STRING (UNKNOWN)
03F4019C = SPLASH SCREEN ("HTC MAGICIAN" VOLCANO)
For instance, if you wish to change the splash screen, you could replace the 153,600 decimal bytes starting at 03F4019C hexidecimal with your Splash2.NB file.
I have compared the 4MB block (0143019C-0185B015 hexidecimal) between my 1.11 NA ROM dump and Anansky's and found NO DIFFERENCE. It is possible that this section is the Radio ROM area, due to the size. I have to have the radio.nbk file decrypted in order to confirm.
If there are minute differences, I'll be sure to catch them now. Stay tuned.
I did something similar to find out, what he did. I first flashed Qtek's 1.11, then backed it up on SD card and wrote it to a file. Then I flashed Ananskys ROM and was now able to compare.
Unfortunately we know to few about the internals of the ROM (at least considering what's in the wiki).
BeyoneTheTech,
A question completly unrelated to the big storage ROM. How is it that your JAM has a 850Mhz Processor?
It's 850MHz radio band, unfortunately not CPU speed! I live in North America where the 900MHz is not utilized due to many pre-cellular products hogging up the 900MHz frequency.
As for everyone else, I used a program called WinHex to byte-compare the minimal differences between Anansky's BigStorage ROM file and my own ROM dump file. Bear in mind it's almost in the morning now and I crazily did this at work, so the details will be minimal:
I noticed two byte differences - B8 01 (1B8 hex=440 dec) vs 80 00 (80 hex=120 dec). I did NOT change those because I found it once in the bootloader, so I assumed it might be related to the way it handles the Storage area/Extended ROM.
The second set of differences were where the string "PM10A" was found in Anansky's ROM. Mind you, "PM10A" was also found in my ROM file (in the CE ROM portion), so I took my bytes around the "PM10C" section near the end and transposed it into Anansky's ROM file.
Of course, there was a major differrence in the middle of the two ROM files: the Extended ROM data. I left that the way it was in Anansky's ROM, mostly zeros and some "header"-looking information.
Bottom line is I have what appears to be a fully-functioning ROM file that I flashed successfully onto my 850MHz-band i-mate JAM (running on Cingular's network in the Northeast Americas.) I have little doubt it's not utilizing the 850MHz band, since the byte changes were so minimal between Anansky's WWE ROM and my official NA (850MHz) WWE ROM. My Device Information applet reports "PM10C," of course because I hardcoded it into the ROM, but I also mapped the bytes around it from my original "850MHz" ROM. Oh, and I've got my 27MB back! :wink:
I don't particularly see a problem with having your PM10C device updated with Anansky's ROM. Although the machine will now identify itself as PM10A, people have reported still being on 850MHz cells... so there shouldn't really be a problem there.
The only issue is that now when i-Mate releases upgrades, I'm only able to flash the European and not the North American mods.
What exactly is the method to force a North American ROM upgrade onto a supposedly European JAM? I didn't save the backup which was on the SD card.
As I stated last night and bleary-eyed, there was very little difference between the North American (850MHz) and the WWE (900MHz) versions of the ROM dumps. I believe most, if not all of the differences resided in the Extended ROM. Just the changes noted below worked on my 850MHz JAM.
Using the os1.11wwe_bigstorage.nb1 file...
1. Write FF's into offset 0000028Ch to 00000293h, erasing the T-MOB101 designation.
2. Change the letter A (41h) to C (43h) at offset 03FB81A4h, so it should read "P M 1 0 C."
3. Change bytes 09 2D 4D 27 C7 to 09 2D 4C D1 8E at offset 03FB81DDh to 03FB81E1h. Again, this was near the PM10C designation, and it's unlikely that this code is my IMEI number, so I'm trying to retain as much of my original ROM as possible.
4. Change the splash screen if you wish (see previous post).
Perform a full backup with Sprite Backup or similar program.
SD-Flash the new file onto your JAM and you should be good to go.
Perform a full restore with Sprite Backup, ignoring any ROM upgrade warnings.
If you feel comfortable with hex editing, use WinHex with the ROM files. It opens files fast and can copy and "write" (not paste) the splash screen in one shot.
I am hoping that if someone can easily decrypt the new CE and Radio ROM images, they can be injected into Anansky's ROM dump, while someone who still has their Extended ROM area will be able to extract any new changes or updates in the CAB files.
Shawn_230 said:
What exactly is the method to force a North American ROM upgrade onto a supposedly European JAM? I didn't save the backup which was on the SD card.
Click to expand...
Click to collapse
Just use the "NoID" version of the MaUpgrade EXE found on the FTP, but remember: Any flashing after Anansky's hack will make your Extended ROM/Storage area disappear! Like I stated in my previous post, let's hope someone can create a new xda3nbftool to decrypt the new ROMs and we might be able to either "inject" it into Anansky's ROM dump file, or we can change the necessary bytes, reencrypt, then upgrade only that portion of the ROM to your Magician/JAM device.
BeyondtheTech said:
Just use the "NoID" version of the MaUpgrade EXE found on the FTP, but remember: Any flashing after Anansky's hack will make your Extended ROM/Storage area disappear!
Click to expand...
Click to collapse
BeyondtheTech, I had an 900mzh version but I am living in US too. Actually, there is a very simple solution w/o going thru the hacking of the rom (But it's good someone can experiment how Anansky's did it so that we could do it for the future rom update).
1. Grab the latest USA rom from imate.
2. extract it w/ Winrar and U will get 3 nbf files.
3. Keep the radio_.nbf and remove the other 2
4. Use the no id version of MaUpgrade and it will only update the radio
5. U radio is 850mzh version and U still have the big storage
FYI, I don't know if you actually tested your sets, because I did flash just the alleged "USA" radio portion on my 850MHz JAM and I did lose the BigStorage area entirely, which is why I said that any subsequent flashing will do just that.
BeyondtheTech said:
FYI, I don't know if you actually tested your sets, because I did flash just the alleged "USA" radio portion on my 850MHz JAM and I did lose the BigStorage area entirely, which is why I said that any subsequent flashing will do just that.
Click to expand...
Click to collapse
Of course, I did.
BeyondtheTech said:
ADVANCED USERS ONLY.
00A6019C-00AC82D6 = UNKNOWN
.../...
03F80140 = ANANSKY'S ROM CREDITS
03FB819C = MODEL (PM10A)
03F4015C = DATA STRING (UNKNOWN)
03F4019C = SPLASH SCREEN ("HTC MAGICIAN" VOLCANO)
I have compared the 4MB block (0143019C-0185B015 hexidecimal) between my 1.11 NA ROM dump and Anansky's and found NO DIFFERENCE. It is possible that this section is the Radio ROM area, due to the size. I have to have the radio.nbk file decrypted in order to confirm.
If there are minute differences, I'll be sure to catch them now. Stay tuned.
Click to expand...
Click to collapse
Following to BeyondtheTech post, I'm now shure that the so called 'big storage' is located between address:
023c0190 : 03f40190 (about 27 MB)
I've also determined that every 256 kB (+40000h), this 'virtual disk' include something similar to a 'sector header' conform to:
f0 f0 f0 f0 00 00 00 00 96 f2 e7 10 db d3 00 fc
Click to expand...
Click to collapse
this string is present at address:
02400140h, 02440140h, 02480140h, 02480140h .../...
03f00140h, 03f40140h
For checking the validity of my theory, I've copied about 15 MB of different files, before making a backup of my Qtek S100. It's confirm that the data are occupying this space.
Because, I'm normaly working on a french OS version, I need all accentuated; and diacritic characters to answer my mail. So my purpose is now to 'reverse engeneer' the Anansky method to include this very usefull 'big storage' on a french based OS.
So, I've merged all content of my original v1.11 French OS UpGrade from address 00000000h to 023c0100h... This personaly cooked OS is working, and all is in french... but 'no-big-storage' available unfortunately.
So, in the next step, I've tried to undestand, how 'virtual storage' is working under Qtek S100. Back to my original OS, with small 7 MB storage. On the hexadecimal point of view, nothing more than, with the Anansky backup version, except that the virtual disk is smaller... Everything is in order, according to my theory...
But because the 'big storage' is not even visible, my conculsion is simple: "the solution is in the 'registry', but I've not yet been able to go through the mystery:
HKEY_LOCAL_MACHINE\System\StorageManager\Profiles\VDisk
"Name"="Extended_ROM"
"Folder"="Extended_ROM"
.../...
[HKEY_LOCAL_MACHINE\Drivers\Active\43]
"Hnd"=dword:0068e3f0
"Name"="DSK8:"
"Key"="Drivers\\VDisk"
"ClientInfo"=dword:00000000
.../...
[HKEY_LOCAL_MACHINE\Drivers\VDisk]
"Key"="Drivers\\VDisk"
"WindowBase"=dword:a2c00000
"Size"=dword:01300000
"Folder"="Extended_ROM"
"DisableInt"=dword:00000000
"OnBoard"=dword:00000001
"Dll"="VDISK.DLL"
"Index"=dword:00000008
"Prefix"="DSK"
"Profile"="VDisk"
.../...
[HKEY_LOCAL_MACHINE\Drivers\BuiltIn\FlshDrv]
"FolderName"="Storage"
Click to expand...
Click to collapse
Close to all references in the registry seem to be dedicated to the Extended_ROM (about 19 MB) that can become visible, but not writable... until yet.
I've found only one reference to the 'Storage' folder (about 7 MB on my QTek), but I don't understand how the OS know it's type, size, location, etc. Another thing is shure: the registry is not directely visible in the backup. I suppose that this file is compressed in ROM, and decompress to Ram for working (all modification disapear in case of har reset).
Lost of questions... :?:
Regards,
Thierry
To easy patch any ROM... folow this link ;-)
http://forum.xda-developers.com/viewtopic.php?t=22582
I am not sure it's in the registry as I did a byte compare of my backed up ROM (which was the 1.11 NA 850MHz from i-mate) to Anansky's (1.11 WWE) and found that the there were two sets of bytes that were different (changed?) in the bootloader area as well as the CE ROM, and of course, the 27MB chunk of data for the Extended ROM.
I think the bootloader may have something to do with the way the memory is set up.
The bytes that were different were in both places were B8 01 vs 80 00. 1B8h=440 and 80h=128, if that means anything. There were no other changes in the Radio or CE ROM areas, which leads me to believe that the 27MB area is just formatted differently (perhaps the start of the 7MB area was pulled back to the beginning of the Extended ROM area).
The only remaining change was near the end where it has the "PM10x" designation," but I doubt that has anything to do with the BigStorage area since I used his bytes and tried my bytes with no difference.
If you feel bold enough, you can mess with these two bytes (try a value in between) to see if it enlarges the 7MB storage space, corrupts it, makes it writable, etc.
pigot,
If you're willing to try this...
After you've injected your French ROM into the NB1 file, use a hex editor and change the following bytes:
On or around 00007E32h, change B8 01 to 80 00.
Do the same at 0211E32Eh, change B8 01 to 80 00.
Leave Anansky's changes in the Extended ROM and Storage area as well as the end of the file unless you want to call your device a PM10x.
SD-Flash it and tell me if you have the 27MB of Storage free with your French OS.
You are in the good way :lol: ... Those bytes (hB8 + h01 to h80 + h00) are the key. But not always they are in the same site in all the ROM's.
Bye. 8)
Seems to work great for me over the last couple of minutes at least! Upgraded a 3 day old UK o2 qtek s100.
Thanks a million.
BTW - what software is stored in the extended rom that we lose?
Vijay
MKS said:
You are in the good way :lol: ... Those bytes (hB8 + h01 to h80 + h00) are the key. But not always they are in the same site in all the ROM's.
Bye. 8)
Click to expand...
Click to collapse
Well, the application developped by MKS is a great job. It works perfectly for me on a v1.11 Fr... The process is very simple, and really accessible to even 'medium range' users. Sounds pretty good, isn't it?
Omho, the 'anansky trial' is over, and the big winner is MKS.
Thanks alot,
Thierry
Hello,
I'm exeriencing some random lookups with my s620, i think because:
1) memory leaks on the apps I have to use
2) i used to install anything i found on the first week of use and thus bloated/corrupted something
an answer could be to do an hard reset.
i have also problems with my JVM and found a new version on a forum (here?) so my question is:
If I modify the contents of my phone (like /Windows) and remove, modify or corrupt some files, will an hard reset make my phone like on the first day
or...
hard reset is just cleaning user partition, if you modified/removed some files of Windows you are screwed ?
Thanks
It will wipe out any registry changes and everything else. Your phone will be reverted back to the same state as the day you bought it.
So at first boot, WM copies itself from firmware (write only) to work area (read write) ?
I have a small new phone operator that use special software to connect to their networks. Is it possible that they add this software/network preferences (not sure to find GPRS settings) "outside" the firmware and that my phone will revert to an unbranded HTC or is it more likely that they have a custom rom ?
Just to confirm: I install the new midlet manager, if it break everything I can ALWAYS revert by hard resetting ?
no most of windows is run directly from the rom
only chanable stuff like registry is in ram/flash you have write rights to
and yes you can always hardreset
Hi all, im new here in terms of posting but have been reading for a while now.
I have a Plam Treo 750 vodafone which is unlocked. I installed vodafone wm6 update on it a month ago... but since then i've stopped using the phone due to this:
I'm used to fast systems such as my linux desktop and i was really frustrated how the wm6 interface is slow. Even with few progs installed the phone gets very sluggish and hanging up calls even takes time.
Now here's my question:
Is there any way to speedup WM6 ? or install a custom WM6 that is faster ?
I tried Rest of the World wm6 ROM but it wouldn't install on my phone when i opened the installer it would say not compatible.
Would this speedup my phone ?
http://forum.xda-developers.com/showthread.php?t=345748
What should i do... i really love the phone and its features... but i just want wm6 to run faster so that the phone is usable.
thanks
blip said:
Hi all, im new here in terms of posting but have been reading for a while now.
I have a Plam Treo 750 vodafone which is unlocked. I installed vodafone wm6 update on it a month ago... but since then i've stopped using the phone due to this:
I'm used to fast systems such as my linux desktop and i was really frustrated how the wm6 interface is slow. Even with few progs installed the phone gets very sluggish and hanging up calls even takes time.
Now here's my question:
Is there any way to speedup WM6 ? or install a custom WM6 that is faster ?
I tried Rest of the World wm6 ROM but it wouldn't install on my phone when i opened the installer it would say not compatible.
Would this speedup my phone ?
http://forum.xda-developers.com/showthread.php?t=345748
What should i do... i really love the phone and its features... but i just want wm6 to run faster so that the phone is usable.
thanks
Click to expand...
Click to collapse
Got it right mate! Nice research!
can anyone please help me install "WM6 AKU0.7.0 WWE Cooked ROM Lite"...
http://forum.xda-developers.com/showthread.php?t=345748
I've never done something like this before and have no idea how to begin.. I can't find any guides only random text throughout the posts so i don't know what applies to me and what doesn't. I'm really worried about damaging my phone by doing something stupid.
My Phone:
750v from vodafone UK with vodafone wm6... but it was unlocked by previous owner... since i can use it on other phone providers in other countries. I have usb cable and 1Gig microSD.
The installation notes of the rom say i need to install Hard-SPL then flash radio then flash OS. Now for Hard-SPL do i need to install it if my phone is unlocked because i read some confusing posts there... then what is a radio flash do i need to do that ? how does it affect radio...
then after that i need KaiserCustomRUU.exe to flash the rom... i only found a post about CustomRUU with "RUUWrapper.zip" is that the same thing... sorry but i'm really confused and need someone to guide me through the process for my first time if possible.
You are ready to go. Download the ROM from Chaimd on the 750 Upgrading thread, rename it to CHEEIMG.nbh (the ROM file name the 750 expects to see) and copy it to the root of your miniSD card.
Insert the miniSD card, hold down the bottom right button on the side while you do a reset and the bootloader will start. And away you go.
Make sure you backup (backup program is best) all your data - it starts you out with fresh device and default settings. ROM works perfectly - fast and lots of extra storage.
txzman said:
You are ready to go. Download the ROM from Chaimd on the 750 Upgrading thread, rename it to CHEEIMG.nbh (the ROM file name the 750 expects to see) and copy it to the root of your miniSD card.
Insert the miniSD card, hold down the bottom right button on the side while you do a reset and the bootloader will start. And away you go.
Make sure you backup (backup program is best) all your data - it starts you out with fresh device and default settings. ROM works perfectly - fast and lots of extra storage.
Click to expand...
Click to collapse
Thanks txzman for the info. But just to be sure i understand... you're saying i don't need to install Hard-SPL from:
http://forum.xda-developers.com/showthread.php?t=334100&page=1
Nor do i need to flash the radio ?
UPDATE:
ok i didn't install Hard-SPL or flash the radio.
I tried to install the rom straight away... i put the ROM on my memory card root and renamed it, then did the reset with sidebutton...and i got to the wierd colors screen and nothing happenes after that.
It says on the screen:
Palm Tr
IPL-0.20
Palm Tr
SPL-0.24.0000
In the end nothing happens... this method doesnt work. i tried using KaiserRUU.exe update method but also that doesn't work it gives me and "Error [260]: Connection" even though activesync is connected... please tell me what i can do to install this rom.
i posted the question in the thread for the cooked rom. i guess this is not the right place to ask thus no one is replying.
sd needs to be formatted fat32 - re-format card to fat32, re-copy cheeimg and try again. Google or search here for the available formatting apps.
INSTALL HARD-SPL FIRST....
i can't stress this enough...
blip said:
Thanks txzman for the info. But just to be sure i understand... you're saying i don't need to install Hard-SPL from:
http://forum.xda-developers.com/showthread.php?t=334100&page=1
Nor do i need to flash the radio ?
Click to expand...
Click to collapse
If your Palm Treo is unlocked, you still need to install Hard SPL but just run step 1 and ignore step 2 & 3. This will allow you to flash your Treo with ROM's other than your provider as well as modified/cooked ROM's like the one made by Chaimd.
As a tentative newcomer to the world of flashing ROMs, I've searched the forums but not found clarification on the following:
If I was to flash a cooked ROM onto a Windows Mobile device (say a Touch HD on the UK T-Mobile network), would the phone still have access to the settings/configuration it needs in order to access the T-Mobile network for data, SMS, etc without any further work or reconfiguration required on my part?
If so, where are those settings held such that they are unaffected by flashing?
If not, would I need to locate and back up the necessary settings prior to flashing? How is this generally done to ensure that no settings are missed?
Thanks in advance to those taking the time to reply.
most new roms have the major networks info built in.. so it should set your network up automatically both for SMS and phone usage.. about data connections.. I don't think it would be set up automatically unless the rom is already setup for a specific network.
Everything is affected by flashing. all your data and configuration will be erased thus you will have to setup the data connection again.
you can backup your data prior to flashing
you can find a backing up guide in my signature under the GUIDES thread
I see - thanks. I've noticed a few mentions of ExtROM - is this the part of the ROM where such settings are stored?
Also, when using a device such as the Touch HD which (unless I am mistaken) has no onboard storage, when a user installs a new program onto the device, where are the new files (DLLs etc) actually installed to? And where is the registry held so that it can be updated during installation (or when editing manually)?
If I understand correctly, the installed ROM cannot be changed unless you replace it completely by flashing. So if the ROM contains the operating system (including the registry) then how is it possible to edit this?
clockworktangerine said:
I see - thanks. I've noticed a few mentions of ExtROM - is this the part of the ROM where such settings are stored?
Also, when using a device such as the Touch HD which (unless I am mistaken) has no onboard storage, when a user installs a new program onto the device, where are the new files (DLLs etc) actually installed to? And where is the registry held so that it can be updated during installation (or when editing manually)?
If I understand correctly, the installed ROM cannot be changed unless you replace it completely by flashing. So if the ROM contains the operating system (including the registry) then how is it possible to edit this?
Click to expand...
Click to collapse
The Touch HD actually has 512 MB of ROM memory (on-board memory)...
As far as the ExtRom, this is a part of memory that most device carriers use to put their "junk" in. These are normally either hidden, or otherwise not accessible by normal means. Anyways, the settings (as nir36 pointed out) are in the ROM itself, so whether you have an Extrom or not is irrelevant as far as network settings.
Just to put it in simple terms, flashing a device means completely wiping out everything you have in there... kinda like formatting a hard-drive. The only thing that is left is the bootloader, which is not located in the rom memory, so this doesn't get wiped out with an OS flash.
Lastly, the registry is part of the OS. Therefore, when you wipe out your OS by flashing, the registry goes bye bye as well...
Hope this helps some...
egzthunder1 said:
The Touch HD actually has 512 MB of ROM memory (on-board memory)...
As far as the ExtRom, this is a part of memory that most device carriers use to put their "junk" in. These are normally either hidden, or otherwise not accessible by normal means. Anyways, the settings (as nir36 pointed out) are in the ROM itself, so whether you have an Extrom or not is irrelevant as far as network settings.
Just to put it in simple terms, flashing a device means completely wiping out everything you have in there... kinda like formatting a hard-drive. The only thing that is left is the bootloader, which is not located in the rom memory, so this doesn't get wiped out with an OS flash.
Lastly, the registry is part of the OS. Therefore, when you wipe out your OS by flashing, the registry goes bye bye as well...
Hope this helps some...
Click to expand...
Click to collapse
Thanks for this reply
I understand that the ROM is on-board memory and that a flash replaces all of it, including the OS.
What I don't understand is how registry edit tools (e.g. Resco) work. Since the registry is part of the OS and resides in the ROM, how can the registry be edited, i.e. written to, so that the changes are still there even when the phone is turned off and back on?
(I am presuming that the registry editing tools don't do any kind of flash operation.)
ok, first of all, registry settings are not saved on the ROM but on the internal storage.
the ROM files CAN be replaced but only "apparently" not "really".. that is, when you flash a rom, the files from the rom will stay on the device whether you replace them or not.. but if you copy over them, the device will read from the new files WHILE still keeping the other rom files (since they can not be deleted).
the touch HD has 512megs of ROM memory and 256megs of RAM memory..
nir36 said:
ok, first of all, registry settings are not saved on the ROM but on the internal storage.
the ROM files CAN be replaced but only "apparently" not "really".. that is, when you flash a rom, the files from the rom will stay on the device whether you replace them or not.. but if you copy over them, the device will read from the new files WHILE still keeping the other rom files (since they can not be deleted).
the touch HD has 512megs of ROM memory and 256megs of RAM memory..
Click to expand...
Click to collapse
Alright I'm getting closer to fully understanding! Here's a couple of statements and follow-up questions, please correct me where I'm wrong.
Statement:
So when copying over a file that is in the ROM, the original file remains in the ROM but the system somehow knows to read from the replacement file, which is held elsewhere on the device.
Question:
How does it know when a ROM file has been replaced, and where to look for the replacement file?
Statement:
If the replacement file is installed to the device, but cannot itself be in the ROM, then presumably it must be in the RAM. If so, then I would expect that turning the phone off or removing the battery would clear the RAM, causing the replacement file to be lost, effectively resetting the changes.
Question:
Is this the case or is there some internal battery which keeps the RAM alive, and only an explicit hard reset can clear the RAM?
Please can anyone help with my follow up questions?
Thanks
1. yeah.. it stays.. dunno how the reading is done tho
2. when a rom is replaced all those files which you replaced are erased. flashing a rom is like performing a format, nothing is kept and the OS is reinstalled.
3. flash memory is not like computer ram.. it uses capacitors to reserve data.. and it takes years before it is erased
Ah so it's Flash memory, right!
So the internal Flash memory is used both as a RAM workspace and for storage space for stuff installed to the device...apps etc.
Thanks Nir!
[REF] Easiest way to SIM unlock your Elf/Elfin even if it's "MCC+MNC = None"
First of all, sorry for my bad english...
Here goes the best way I found to unlock all Elf/Elfin, even those with the deadly "MCC+MNC=None" (wich is my elfin).
I saw some people say that when flashed with "Elf_Elfin_2.11.0.0_MFG_ModuleBuild" the phone it's not SIM locked anymore, but after reflashing with another rom it got locked again.
I tried that myself and it was true, I flashed "Elf_Elfin_2.11.0.0_MFG_ModuleBuild", then flashed other rom (with only the OS part) over it and bam, was locked again.
So the locking part should be in the OS. After looking over the system files, I found two files (SIMLock.exe and SIMLock.exe.0416.MUI [my OS was BR Portuguese]) and thought "here is the locking problem" (because "Elf_Elfin_2.11.0.0_MFG_ModuleBuild" don't have those files in the system folder!). Then I deleted those files and it wasn't SIM locked anymore... but it didn't find any networks.
So I serached a little more (google is your best friend in times like this) an discovered that the file rilgsm.dll is responsible for the network... It starts and calls SIMLock.exe, if SIMLock.exe returns a valid SIMcard, then rilgsm.dll starts the network service.
So that's the diference between "Elf_Elfin_2.11.0.0_MFG_ModuleBuild" and the other roms, its rilgsm.dll don't have the part that calls to SIMLock.exe, it just starts the network service based on the SIM card you have inserted.
So I just took that dll from that test rom and copied over another rom and it worked like a charm!
Enough talking, here's what you gotta do to SIM unlock your Elf/Elfin (no matter what rom you have):
You will need this file (unlocked "rilgsm.dll")
- Extract the file you just downloaded to a temporary folder.
- Turn on your mobile WITHOUT the SIM Card.
- Connect your Elf to your PC (activesync).
- Find the files "rilgsm.dll", "SIMLock.exe" and "SIMLock.exe.0***.MUI" (the *** depends on the language of your OS) on the windows folder of your mobile and make a bakup of them (in case you want to SIM lock it again).
- Copy the extracted "rilgsm.dll" over the one on the windows folder (say yes when it asks to replace the file).
- Delete both "SIMLock.exe" and "SIMLock.exe.0***.MUI".
- Turn off your mobile.
- Insert any SIM Card (that didn't work before) and turn your mobile on again and enjoy your newly unlocked ELFin!
If you intend to flash some other rom, just copy the dll again and it's ready to go.
Hope this helps.
Great find!!!
For Rogers users who are using the regular stock ROM, it is probably a good idea for them to use the regular free unlocking method because rilgsm.dll is responsible for Rogers Name Display. Other than that, I hope it works well for everyone else!!!
Anyone else tried this?
yes, I have, did not work. phone does not have simlock.exe or simlock.exe.xxxx.mui on windows folder, and just replacing rilgsm.dll does not affect carrier lock. when inserting sim card from other operators, it still asks for subsidy code.
Tested phone is:
ELF010050
BSTAR502
IPL: 2.24.0002
SPL: 2.26.0000pof
99HEH077-00
Operator Tim Brazil
ps.: I tried as well when phone was with stock rom, and was the same thing.
br
Good idea!!
I haven't tried your procedure but I also know that OS contained in "unbricker rom" (test only rom) do SIM unlocking, so I believe this will work . I will try it soon in my free time. Thanks!!!
I'll try to reflash my elfin tomorrow and do some other tests with it, to see if there are any problems with some specific roms.
My elfin:
ELF010050
BSTAR502
IPL 2.24.0002
SPL 2.24.0000
99HEH077-00
Claro Brazil
I'll post something more tomorrow.
Sorry for the lack of testing before posting (newbie yet).
i would feel better by patching or replacing the simlock.exe file instead of changing the dll.
zerostuff, why don't you add a poll to this thread to see if it works for most people?
Thank you for the idea dsixda.
I sent the .exes and .dlls to a friend of mine and asked asked him if he can find the locking part in those files (because i'm just a normal user and don't know anything about hex editing and stuf).
And I'm still testing some roms on my elfin to see if I can find a working and a non-working way to unlock it (so far, all the roms are working).
thinking of buying a htc elf
hi all im thinking of buying a htc elf but its locked to orange is it easy to unlock and get rid of the orange start up logo .
would you give me step by step guide on how to do it ?
thanks in advance
As you can see, some is easy to unlock others no solution yet...
@ zerostuff
elfin ELF010050 BSTAR502 from Vivo Brazil, had the simlock.exe and simlock0416.exe.mui . I replaced those files with and small clock app, and replaced rilgsm.dll , and did not worked (error 'unavailable file', and then hang) . So, I deleted the simlock.* , and phone got into menu, but no signal.
indeed, this is a way to go, but still need improvements.
@ chester-lad-2009
search board, there are many topics regarding that. this topic is not for that discussion.
br
zerostuff said:
- Delete both "SIMLock.exe" and "SIMLock.exe.0***.MUI".
Click to expand...
Click to collapse
hi, i use onyx 4.43 rom and when i try to delete a message tell me "could not delete. i try in windows and in my elfin too using total comander and sktools. how can delete this files?
I've try on my HTC Touch 3450 (PT) substitute the file and i can't! And i can't found these 2 files...
Using Total Commander
First we move the rilgsm.dll to windows folder, then delete the two files SIMLock.exe & SIMLock.exe.0***.mui, and ignore the Warning! Could not delete 1 file(s)...
Then reboot the ELFin and it´s done....loooooool... No need to put codes...
Just doing those steps, it´s done the SIM_Unlock
Strange??? i don´t know, but work´s
Note: Tested with One PT ELF and One ELFin BRS, worked fine!!!
Great post works like a charm!
i needed to use another explorer since my original rom dont let me move or copy windows folder file!
i used WinFileCE.exe to do the trick , but it worked !
1 more thing , is it possible to cook a rom with this files inside!? because if i hard reset the phone it relocks it self by this method!!
These two files they realy removed???
I cant' remove this two files because the cellphone is using them, how can i stop process's on Windows Mobile?
Using TC I was able to copy rilgsm.dll to \Windows. But simlock.* are a different story and I wasn't able to delete them.
Anyway, using this version of rilgsm causes the phone connection to die: it cannot be set on from Comm Manager. And then after some time, Comm Manager throws two or three errors.
It's an HTC Touch from Claro, Argentina. The ROM is http://forum.xda-developers.com/showthread.php?t=442391
Code:
Touch version : Elfin
Device ID : ELF010150
CID : BSTAR301
IPL : 2.24.0002
SPL : 3.07.cmonex
ROM Version : 3.07.720.03
ExtROM Version : None
Operator Version: None
AKU Version : 1.2.7
Page Pool : 12 MB
RAM Size : 128 MB
ROM Size : 256 MB
Model No. : ELF0100
Part Number : 99HEH129-00
MCC+MNC : Not found
Any information you guys want or some tests that could be run in the device, just tell me.
Cheers.
Not worked Efl 3450 ( 64/128)
The idea was great, but not worked with Efl 3450 ( 64/128)...
My device was patched (IPL 2.27/SPL 2.28 cmonex) and Rom ELVES ROM V5.0 - CE OS 5.2.2021.
No files found in windows dir "SIMLock.exe" and "SIMLock.exe.0***.MUI", so i just copy this file (unlocked "rilgsm.dll") to windows dir and i did a soft reset.
Result: deviced hanged.. new soft reset: boot ok, but no radio ( even trying to turning on manually), just wi-fi working..(nice to make calls from skype )
I don't have any clues about how to bypass simlock..
Any help will be appreciate.
Cheers
RILGSM.dll is not locked/unlocked
The thing is, that file controls GSM<-->PDA radio functions. As you took RILGSM from a "test" rom (is unlocked one)
When u sim unlock a device, it doesnt overwrite RILGSM with "unlocked" properties
The solution will be rewrite a RILGSM.dll file, and write a SIMLOCK.exe file with spoof properties to make think device is unlocked