in Prophet, if you try to connect with usb terminal when you are in flash mode, all commands are disbled like "d2s" "task 32" ... etc
the only Avaiable command is "password";
So you must type password than the password to allow all te Low Level Command
If anyone know this password please share!
This is very important.
thanks
FraAnt
You can run or flash the USPL (see sticky) and set a MAC address of your own choice.
Connect with MTTY and at the command prompt type:
emapiWlanMac 01 02 03 04 05 06 (the six two-digit numbers are the hexadecimal MAC byte values and should be replaced by anything you like)
Confirmed and working. Thanks jockyw!
Hi jockyw2001,
yesterday i tried nearly the whole day to change my mac address on my x1. first i made a hardspl for x1. the new bootloader is working.
After that, i connected via mtty. I tried some commands like emapiTest, emapiWlanMac and some other what i found at xda-dev. I only go "command error" in mtty.
Then i flashed the latest rom (R2A) and tried it again with mtty. Same bad results.
There is a posting at xda-dev: NOTE: To use rbmc you need to
authenticate with proper password .... otherwise bootloader returns "Command error !!!" or "Command is Locked!". (if you're using Hard-SPL, this is unlocked, and any address can be read with 2.30.Olipro)
Do i make the same authenticate with the X1 HardSpl that i am able to work with any commands?
Best regards
strohrum
omg
Spoofing was never easier!
Today I'll try to flash another rom that I have but when I run SPV-Services It doesnt found a page in the internet!!- connection to the internet is normal
check your firewall, turn it off if you can
I doesn't use it!
Open Microsoft Active Sync, click File -> Connection Settings -> where it says this computer is conected to: usaully is automatic change to internet
I make so ,and I downloaded new one from karhoe's website but the same problem!! Can you try to run SPV-services?? or can your send me your one by the ICQ??? I make SuperCID when I flash previous rom but now I can't!
Oh....when I try http://www.spv-developers.com it also doesn't work!! Maybe trouble in this?
If I SuperCID my phone when I flash the previous rom, can I skip this step for the next roms?
spv-developers is not always online...
Hey recently happened to me the same with svp however If you SuperCID your phone before you'll be able to skip this step but to be sure that your phone have SuperCID check it with TeraTermPro, I guess you know the steps if not they are:
1.Disable usb connection of the ActiveSync(Uncheck allow usb connections).
2.Unplug usb cable.
3.Turn your phone off.
4.Press the camera button and plug the usb cable(You'll see thw white screen and seconds later the three color screen.
5.Run TeraTermPro.
6.Select Serial and in port: USB then ok
7.Type: info 2
and if in the end of the list you see supercid htc or something like that it's done!!
Close TeraTermPro and just run any ROM you want and voilaa!!
Hope this be useful for you.
However if you don't see your phone superCID tell me and I'll tell you how to do it without svp services. By the way if you dont see you supercid your phone to get back to the phone OS just remove the battery and turn it on.
See ya from Mexico!
Hey check my post http://forum.xda-developers.com/showthread.php?t=412139 Hope you reach SuperCID your phone!!
See ya from Mexico
Tera Term says:GetDeviceInfo=0x00000002
+ SD Controller init
- SD Controller init
+StorageInit
***** user area size = 0x3B880000 Bytes
HTCSSuperCID ' HTCE
as I know it means that device already SuperCIDed!?
Please help!
First SPVServices cannot connect to the remote site.
Then, I tried the alternative using Unlock_SuperCID_Your_SPV_C500_550_600.rar. Followed every step exactly. When I run Lokiwiz.bat, here is the output from the MSDOS window:
....
--------------------
U. Unlock
L. Lock
C. CID Unlock (SuperCID)
Q. Quit
--------------------
Type the letter and press Enter: C
CID unlocking mobile... DO NOT DISCONNECT UNTIL THE PHONE REBOOTS!
ERROR: Unable to open WinCE file '\windows' - Returned by WSARecv or WSARecvFrom
to indicate the remote party has initiated a graceful shutdown sequence.
opening: lock_backup.bin: No such file or directory
This exe file was created with the evaluation version of Perl2Exe.
For more information visit http://www.indigostar.com
(The full version does not display this message with a 2 second delay.)
...
Then, I just try invoking pdocread manually, regardless of what command line argument I put, or no argument at all, the response is always the same " ERROR: Unable to open WinCE file '\windows' - Returned by WSARecv or WSARecvFrom to indicate the remote party has initiated a graceful shutdown sequence."
From ActiveSync, I do see \windows, but as a directory, not a file. Anyone got any inside or suggestions?
PLease, please help! Thank you so much!!!
/dan
Hey,
Is there any possibility of performing a backup in Bootloader Mode if you can not enter myphone or spb?
-I have tried MTTY 1.42 following this thread
forum.xda-developers.com/showthread.php?t=246010
->MTTY recognizes the device but keeps telling me "Command Error"
Do I have to use other commands from the Universal?
h/?/help did not work out.
forum.xda-developers.com/showthread.php?t=540290
->gave me no hints.
-I have tried to use Terra Term Pro 2.3 following this thread
forum.xda-developers.com/showthread.php?t=261835 (third post)
-> it seems that TTP can not communicate with it as I am only able to choose COM 3 (no USB, all others tell me "cannot open com X").
If I go on using COM 3, i get connected but no response on "r2sd all"
Is there a way of accessing the phone via Linux?
Any help would be greatly appreciated
(Raph300, Energy 23554 Sense 2.5, Hard-SPL 1.90 OliNex)
In your active sync connection settings on your pc, you need to check 'allow usb connections'. Then set the com to usb. I'm guessing that's the problem (could be wrong, lol).
Farmer Ted said:
In your active sync connection settings on your pc, you need to check 'allow usb connections'. Then set the com to usb. I'm guessing that's the problem (could be wrong, lol).
Click to expand...
Click to collapse
Thanks, but the problem is that AS does not recognize the phone anymore. That is why I am trying to access it in bootloader mode. Or does it make sense to check allow usb connections when the phone is not attached and I would have to shut down AS prior using MMTY/TTP?
You need to change the AS settings so you can connect to the PC through USB when you're in bootloader mode. Just try it.
Farmer Ted said:
You need to change the AS settings so you can connect to the PC through USB when you're in bootloader mode. Just try it.
Click to expand...
Click to collapse
Ok, did not help.
No response from TerraTerm and MTTY does not even tell me "Command Error" anymore
Do I use the right commands?
TTP: "r2sd all"
MTTY: "d2s 70100000 04000000" / "d2s 74100000 00a00000"
Is there another way, another tool for me to try out?
How to access it using Linux?
Many Thanks
In this threat i gonna upload some patched frankenkaisers for different versions.
With "FrankenKaiser" you can unbrick "task 2a" bricks:
There is no SPL, Splash and OS present as "task 2a" formats the entire application area.
Before FrankenKaiser there was no method available to unbrick and therefore they were called "hard bricks"
With frankenkaiser you can also revive kaisers where you don't see anything on it but is detectable (after turning on your device) in windows as an other device:
you got stuck in the OEMSBL and you can only talk to your device with mtty.
Credits goes to Jocky Wilson who created the original frankenkaisers. (Paypal to [email protected])
I've only changed them to work with different versions.
These versions are created at forum user requests.
Method to dump your rom:
1. connect your bricked phone and power it on
2. connect with MTTY to diag port COM#: (look up # in device manager)
3. type "radata" followed by enter (you'll see a parameter error message)
4. type "GO2AMSS" followed by enter
5. your phone should now change to "QC download mode"
6. use "QPST Memory Debug" tool to dump smi.bin and ebi.bin
7. zip smi.bin and upload it to Rapidshare (or any fileshare service) and send me the link
oemsbl: V1.9309
Radio: V1.71.09.XX
Verified.
oemsbl: V1.9519
Radio: V1.70.19.XX
20110823: new version uploaded
oemsbl: V1.9529
Radio: V1.65.29.21
oemsbl: V1.9518
Radio: V1.70.18.xx
Frankenkaiser for other versions can be created in this thread
Excellent work massivekid, just what I needed to fix the 600+ bad blocks on my spare Kaiser! Thank you!
You da MAN!!!
Turns out I cannot use any of this because my laptop has NO COMM ports.
Unless I can find a USB to serial adapter and force a COMM port, I'm stuck.
You don't need a com port. If your phone is in OEMSBL then it will ask for a different driver. This driver will create a virtual com port on your computer thru USB.
First of all, thanks for creating frankenkaisers for different radio versions,
but I need some help, my radio is version V1.71.09.XX, I did all the steps to rescue the phone up to step 11, and when I connect the usb to computer, windows shows an error and wont recognize the usb connector, not allowing me to flash the hard spl through usb. would be absolutelly happy if you would help me solving this.
Do you see the tricolor screen?
Did you disconnect and reconnect the usb cable again and do you see USB on the tricolor screen?
if no usb is seen, redo steps 7-10 again (after pulling your battery) but this time in step 9 run FrankenKaiser with the other SPL "sspl-0.92-jumpspl-force-usb.nb".
this will force usb detection.
i redid steps 7-10 at least 10 times already, tri-color screen shows up with the first spl and gives problem when connecting the usb, when I try the 0.92 spl the screen stays black (I tried connecting the usb even with it staying black and the same error message showed up)
*During the whole step by step the only difference I saw between my results and the screenshots was the oesmbl version on screenshot 7, where instead of a "2" there was a "1"
And did you tried the "sspl-0.92-jumpspl-force-usb.nb" at step 9?
If you enter mtty and type ? or h what is the output of the command?
if you see a lot of commands, then your device is security unlocked.
the "sspl-0.92-jumpspl-force-usb.nb" file is to force USB connection so you can connect with usb.
If that doesn't work, try with the original spl and after cego, pull the usb cord quickly and if the tricolor appears, try to connect the usb again.
after typing "h"
Available monitor commands are:
? [command]
h [command]
mb [StartAddr [Count [Filler]]]
mh [StartAddr [Count [Filler]]]
mw [StartAddr [Count [Filler]]]
setboot [0/1/2/3]
setatcmd [0:SIO/1:UART/2:USB/3PRAM]
setsmdloop [0:disable/1:enable]
setmpatch [0x1: CPU Freq/0x2: acoustic/0x4: simdoor/0x8: RTC]
setiot [0isable/1:Enable]
eraseall [erase all setting flags]
setdiag [0:USB/1:UART/2PRAM/3:SIO]
partition
checksum
format
setinfo
readadc
cego
setgpio
getgpio
gpio
version
powerdown
platformid
radata
showexplog [n]
usbdppulldown [n]
usbdmpulldown [n]
usbdppullup [n]
usbdmpullup [n]
Headsetpullhigh [n]
rfid
wpmic [PM_VREG] [0/1]
the "sspl-0.92-jumpspl-force-usb.nb" gives only blackscreen on the phone, no tri-color.
I`ll try the first spl and take out the usb quickly.
Same result after pulling usb quickly after doing the command "cego"
Tried the same with sspl-0.92 and the blackscreen apears the same way, and the error message on windows is the same:
(translation might no be exact because my windows is in portuguese)
"One of the usb devices connected to this computer had a problem and windows can not recognize it. to get help click on this message.
After clicking it shows a windows with a root usb hub, 4 usb doors being one of them the one where the phone is connected with a red X before it.
Ps.: I`m not exactly sure, and I don`t know if this might influence on anything, but if I remember right, when first unlocking my phone, the JumpSPL1.56-KAIS.exe wasn`t effective, I needed using one of the other 2 jumpspl available on that thread.
With "sspl-0.92-jumpspl-force-usb.nb", you can also try after cego to press and hold camera to enter tricolor bootloader mode
Also you can try this spl: SPL3.56-patch-nostuckinSPL-FORCEUSB.nb at step 9?
Just unzip it in your folder and use it.
when using the sspl0.92 it wont go out of the blackscreen (even holding camera button), and the same error message is shown on usb
when using the new spl3.56 the usually blinking green led stay orange after the cego command and the screen stay black, tried holding the camera button, to no effect in either "spls".
Same usb error on three spls...
The error states that the device is halted and is not handling usb functions anymore. The one that has the tricolor screen, should work, but some devices are not detecting the usb correctly. Therefore the usb force spl are created.
I'll try to find out how we can overcome this...
thank for your attention and taking your time to help me, hope you can find a solution, surelly you will help many kaiser owners that got many "bad blocks" in memory...
(shouldn`t ever have tried to put android on nand...)
keep me informed on any kind of progress and let me help you on testing.
Ok, try this one:
Remove and reinsert battery, then hold the send button and power on. Connect with MTTY (COMn) and this time enter "dload" to put phone in dload mode Continue with step 9.
Try SPL1.56-KAIS-unbricker.nb then or sspl-0.92-jumpspl-force-usb.nb
tried it, no letters under the: "Just be patient while I'm working ..."
believe the phone hunged up, will try again.
(also tried using the send button whenever turning the phone on in the steps 7 through 10, nothing different happened, I believe the jumpspl can only be loaded while in setboot 1 I`m thinking about trying to use "cego" without typing setboot 0 before...)
Phone will absolutelly lock if I dont enter setboot 1 in the step before typing dload,
frankenkaiser isn`t able to access it (no letters under te message to wait) and it locks after the frankenkaiser attempt (wont accept mtty commands), removing battery returns to "normal" (as in dead kaiser).