Related
Hello,
I try to update my Blue Angel to new 1.40 ROM from post “New Rom Qtec BA_WWE_14000_147_11200_Ship” I download type II ROM and converted to type I, then I change with tool xda3nbftool.exe nbf files to my setings:
xda3nbftool -x ms_.nbf ms_.nba 0x20040522
xda3nbftool -x nk.nbf nk.nba 0x20040521
xda3nbftool -x radio_.nbf radio_.nba 0x20040523
xda3nbftool -sd PH20B -sl WWE -so T-MOB009 ms_.nba
xda3nbftool -sd PH20B -sl WWE -so T-MOB009 nk.nba
xda3nbftool -sd PH20B -sl WWE -so T-MOB009 radio_.nba
xda3nbftool -c -u NK.nba
xda3nbftool -c -u ms_.nba
xda3nbftool -c -u Radio_.nba
xda3nbftool -x ms_.nba ms_.nbf 0x20040522
xda3nbftool -x nk.nba nk.nbf 0x20040521
xda3nbftool -x radio_.nba radio_.nbf 0x20040523
del *.nba
and I miss some warning message, then I run BaUpgradeUt.exe and update ROM successfully.
But when I restart after update I see:
No GSM
D 1.40.00 WWE
My Device Information is:
ROM version: 1.40.00 WWE
ROM date: 03/10/05
Radio version: [empty]
Protocol version: [empty]
ExtROM version: [empty]
Now I can't load any kind of ROM, always I see message:
ERROR 120: COUNTRY ID ERROR : No-No-42-42-42 (last three numbers change)
I already changed the RUU.conf ([CHECKCEID_TYPE]=1) - but before MDA switch to “USB 2.05” no COUNTRY ID ERROR and then setup making one more checking and display COUNTRY ID ERROR.
I try all of ROMS from ftp.xda-developers.com – 8( always error.
DeviceData.txt before wrong update:
PH20B 0 B WWE G T-MOB009 1.06.00 0 0 1.06.135 1.00.00 00.00
now my DeviceData.txt is as in attachment for this message
(I can connect with ActiveSync and run GetDeviceData.exe).
PH20B 0 B WWE 1.40.00 0 0
Please help me, I’m going crazy and spend on that problem last 48 hours, read and try everything on forum, wiki.
Go to the thread http://forum.xda-developers.com/viewtopic.php?t=16953
It is the Wiki: Help me! And yes I have read getting started
There are nice people who will help you surely!
mariusz said:
.... I download type II ROM and converted to type I, then I change with tool xda3nbftool.exe nbf ....
Click to expand...
Click to collapse
1. How did you convert a type II to a type I...?
2. Upgrading a type II to a device that does not allow it will give you the Country Code error.
Have you tried to reinstall your ORIGINAL ship ROM...? This should work. See the FAQ link in my sig for more prob solving (red one).
HappyGoat said:
mariusz said:
.... I download type II ROM and converted to type I, then I change with tool xda3nbftool.exe nbf ....
Click to expand...
Click to collapse
1. How did you convert a type II to a type I...?
2. Upgrading a type II to a device that does not allow it will give you the Country Code error.
Have you tried to reinstall your ORIGINAL ship ROM...? This should work. See the FAQ link in my sig for more prob solving (red one).
Click to expand...
Click to collapse
1. I don't convert type II to type I. I download converted type I from:
http://forum.xda-developers.com/viewtopic.php?t=20770
2. YES 8)
3. I don't know my ORIGINAL ship ROM. 8(
4. I read all of the FAQ at your link - nothing help, I can't find my qtek with T-MOB009.
I have now wrong DeviceData.txt and I think is the main problem. Can't set nbf files to settings from my DeviceData.txt file. 8(
You took a tpye I CE Rom and Type II radio and Ext Rom.
Flashed your device and got stuck, no point explain how or why you did it, lets move on.
1) Radio rom, go to wiki, download the radio 1.12 and the tools, fix it with fix.bat, run the upgrade.
This should give you 1.40 rom and radio 1.12
2) extended rom. You now need to get any extneded rom on your device so that you can then unlock it and copy the 1.40 one over.
So following the wiki getting started download the I-mate 1.62, extract and remove all *.nbf BUT the ms_.nbf, fix the file, run the upgrade.
This will now put a 1.22.162 EXt rom on your 1.40 rom with radio 1.12. Sorry you will have to live with the i-mate splash screens, you can fix that in another thread.
Now unlock, unhide that (also on wiki) delete all and replace it with the extracted 1.40 Ext Rom out of wiki (were else) avalible Extended roms. Lock and hide, hard reset and you should be up and running.
Oh Yes and please if it says extract or download what ever files please do it so that you dont get a version problem.
Have fun
MDAIIIUser said:
...
1) Radio rom, go to wiki, download the radio 1.12 and the tools, fix it with fix.bat, run the upgrade.
This should give you 1.40 rom and radio 1.12
Click to expand...
Click to collapse
U la laaaa...
I can't update radio ROM as in step by step instruction at wiki becouse I ALWAYS STOP on ID COUNTRY ERROR.
My DEVICEDATA.TXT is wrong. I don't have in this file some versions numbers and somthing like T-MOB009.
8(
If you know how I have set fix.bat for my DeviceData.txt please send more details.
DeviceData.txt :
PH20B 0 B WWE E 1.40.00 0 0
so try the Country Code error hack, its for type II but it might work on type I, You have a type I rom so the file is called HTCRUU.conf
http://wiki.xda-developers.com/index.php?pagename=BA_FAQ_Upgrade_Errors
What happens if you try to flash the I-mate 162 with out the fix.bat, its a clean Type I install and you don't have a Operator code to check against, its also a wwe rom.
La laaaa
MDAIIIUser said:
so try the Country Code error hack, its for type II but it might work on type I, You have a type I rom so the file is called HTCRUU.conf
http://wiki.xda-developers.com/index.php?pagename=BA_FAQ_Upgrade_Errors
What happens if you try to flash the I-mate 162 with out the fix.bat, its a clean Type I install and you don't have a Operator code to check against, its also a wwe rom.
La laaaa
Click to expand...
Click to collapse
1. Hack dosen't work.
2. When trying I-mate 162:
ERROR 120: COUNTRY ID ERROR: NO-No-12-12-12
8(
Hmmmm....ok, I think the problem is T-MOB009. Are you sure that was your original config? Was your operating system German to start out with (G)?
Here's an idea (perhaps):
Try the Type II Ship ROM (1.40) complete, but with country code hack.
You probably have tried that already, not sure.
Last alternative I can think of, is to put PDA in bootloader mode, and use mtty.exe to remove everything from your PDA.
See also itsme website for such rapi tools: http://www.xs4all.nl/~itsme/projects/xda/tools.html
I have never tried this procedure, so not sure if it will work for ya.
Perhaps my Boss MDAIIIUser has another great idea...he's good at this stuff...so await his reply.
HappyGoat said:
Hmmmm....ok, I think the problem is T-MOB009. Are you sure that was your original config? Was your operating system German to start out with (G)?
Here's an idea (perhaps):
Try the Type II Ship ROM (1.40) complete, but with country code hack.
You probably have tried that already, not sure.
Last alternative I can think of, is to put PDA in bootloader mode, and use mtty.exe to remove everything from your PDA.
See also itsme website for such rapi tools: http://www.xs4all.nl/~itsme/projects/xda/tools.html
I have never tried this procedure, so not sure if it will work for ya.
Perhaps my Boss MDAIIIUser has another great idea...he's good at this stuff...so await his reply.
Click to expand...
Click to collapse
1. Yes, I'm sure T-MOB009 is my ORYGINAL setting - 8)
2. Yes, I try type II with hack - it dosen't work.
3. Could you send more detail instruction how remove everythink from PDA using mtty.exe (link or description step by step)?! - now i have this tool but I don't know how I can I use it.
...and I waiting for replay from Boss and Master of Raster MDAIIUser.
Please confirm that you can connect to your device with acticve sync.
Thus that you are able to browse your documents on your device form your pc.
Next check your dont have that pc issue that is in the wiki getting startted last section of the thread.
I am going to tell you the same as what is in that thread so read it. before I tell you.
@ HappyGoat ,
I must be sick I turned very Green <Grin>,
so can't be your boss no more, will never get that respect now will I? (don't answer )
MDAIIIUser said:
Please confirm that you can connect to your device with acticve sync.
Thus that you are able to browse your documents on your device form your pc.
Next check your dont have that pc issue that is in the wiki getting startted last section of the thread.
I am going to tell you the same as what is in that thread so read it. before I tell you.
@ HappyGoat ,
I must be sick I turned very Green <Grin>,
so can't be your boss no more, will never get that respect now will I? (don't answer )
Click to expand...
Click to collapse
1. Yes I can connect via ActiveSync and browse file from desktop PC.
2. I don't know what are you asking for ?! PC issue, last section... hmm...
If you are asking for:
http://wiki.xda-developers.com/index.php?pagename=BA_GettingStarted
but I can't find anythink about pc issue at last section, please send it here.
Ok the thead started here.
http://forum.xda-developers.com/viewtopic.php?p=112036#112036
The porblem was that the guy could not get his radio to flash which is some what the same as you at the moment, his solution was to move to an other pc.
Anyway there are a few steps that I think you should try.
On the i-mate 162, did you use the upgrade tools from the extracted ship.exe and did you run the fix.bat.
PH20B 0 B WWE G T-MOB009 1.06.00 0 0 1.06.135 1.00.00 00.00
Click to expand...
Click to collapse
Were did the "G" come from should be "E" ?
Hrmm... I would attack this as follows (don't actually expect this to work, you've probably already even tried it, this is just the first thing I'd try).
Download this rom:
ftp://xda:[email protected]_139_10600_SHIP/Xda_IIs_v131139_upgrade.exe
Then do this, since we know that this method works with that rom:
Edit the RUU.conf file
Add the following line
[CHECKCEID_TYPE]=1
Save changes
Now run BaUpgradeUt.exe
It will say that it will upgrade to this version.
However when the device enters bootloader mode the upgrade util gives a country error. (Don't panic)
Simply restart BaUpgradeUt.exe while the device is still in it's cradle.
Now it will install without a country error.
I hope that this trick works with other BA devices and not only with the XDA IIs.
Hopefully it will install. I'm betting that the bad upgrade messed up your country code, so instead of getting the country code it expects (as you enter with xda3nbftool) it receives something else, or null characters. I'm hoping a rom change can fix this.
Hi Mariusz
Have You suceeded, if no and You have mda3 bought thru era
i can send You my version of rom which is working well without problem on my era mda3
its 1.40 rom 1.12 radio and 110 extrom
i've upgraded it from original era 1.20 rom
rgds
lukasz
TheLastOne said:
Hrmm... I would attack this as follows (don't actually expect this to work, you've probably already even tried it, this is just the first thing I'd try).
Download this rom:
ftp://xda:[email protected]_139_10600_SHIP/Xda_IIs_v131139_upgrade.exe
Then do this, since we know that this method works with that rom:
Edit the RUU.conf file
Add the following line
[CHECKCEID_TYPE]=1
Save changes
Now run BaUpgradeUt.exe
It will say that it will upgrade to this version.
However when the device enters bootloader mode the upgrade util gives a country error. (Don't panic)
Simply restart BaUpgradeUt.exe while the device is still in it's cradle.
Now it will install without a country error.
I hope that this trick works with other BA devices and not only with the XDA IIs.
Hopefully it will install. I'm betting that the bad upgrade messed up your country code, so instead of getting the country code it expects (as you enter with xda3nbftool) it receives something else, or null characters. I'm hoping a rom change can fix this.
Click to expand...
Click to collapse
Dosen't work... 8( I add [CHECKCEID_TYPE]=1 and run it one more after recive coutry id error.
My log file HTCRUU.log :
23:57:25:802 [msg] : Config Info : [667685],[1],[0].
23:57:30:409 [msg] : Current Not in CE Mode or in CE Mode but ActiveSync Not Connected.
23:57:34:835 [msg] : Current in BL Mode. Open Port : [\\.\WCEUSBSH001] OK.
23:57:36:988 [msg] : Get Device Backup ID.
23:57:36:988 [msg] : Device BL VER : [2.05 ] [].
23:57:36:988 [msg] : Device ID Is Incompatible.
23:57:36:988 [msg] : START UnInitialization !
23:57:36:988 [msg] : END UnInitialization !
23:57:37:008 [msg] : IsBL. BL : [1]
Now my sytuaition change some:
1. After change PC I try to install qtek ship 1.40 and update hold for 30min with no meesage.
2. Now My CE don't start only program mode (Serial/USB 2.05), hard reset don't help. ONLY PROGRAM MODE START.
lukjod said:
Hi Mariusz
Have You suceeded, if no and You have mda3 bought thru era
i can send You my version of rom which is working well without problem on my era mda3
its 1.40 rom 1.12 radio and 110 extrom
i've upgraded it from original era 1.20 rom
rgds
lukasz
Click to expand...
Click to collapse
Oooo, No I'm still in truble... If you can please put your ROM on FTP and send link. 8(((
Wait for any solution... 8(
8( still at same point... only bootloader, and always Country ID error...
Pleaseee, help... 8(
I am lost, Thelastone tells you to install the o2 rom, you say that you have installed the qtec.
So what have you done?
What rom are you trying?
MDAIIIUser said:
I am lost, Thelastone tells you to install the o2 rom, you say that you have installed the qtec.
So what have you done?
What rom are you trying?
Click to expand...
Click to collapse
I try everything from XDA-dev ftp, with all known hacks and without... still only COUNTRY ID ERROOR.
I try backup to SD card but it is impossible:
Add record error... 8(
I can't find any image file to send it to SD by ntrw.exe, try send .nbf files from shipped ROMs but after insert card into MDA III and restart, ROM restore from SD don’t start.
Hi all ,
at this day , it don't exist any official rom of the S300+ (trinity branded by SFR in France) and so , i can't dump the splashscreen .....
is exist a way to do that in my trinity ? (i have of course this rom inside)
cause soon ,this evening i hope , we will able to create his own extrom so with the splashscreen of the S300+ , i can create a FULL rom for anybody
Thanks for your answers positive or negative
I look at the Wiki and don't see anything about that ...
perhaps a cool french guy could create these not me i am too lazy for that but NO lazy to make the else things to do
you have to patch an SPL to allow you to rbmc at any address, i did this on hermes, not on trinity, but I guess should be very similar:
search for this hex string on the SPL: 0532A0E30E3883E3
Replace it for 0532A0E30000A0E1
Make sure the string is found only once, and load the resulting SPL.nb with SSPL.
Then you can do:
Code:
Cmd> task 32
Level = 0
Cmd> set 1e 1
Cmd> rbmc splash1.nb 500e0000 40000
Cmd> rbmc splash2.nb 50140000 40000
ok Pof ,
search for this hex string on the SPL: 0532A0E30E3883E3
can you give me some help about that ? i don't know where i have to begin
Use an hex editor
lol , that was not exactly what i mean
OK, I don't put links to anything so you make a bit of reading / research yourself... and is faster for me to write
Download HardSPL for trinity, use nbhextract to get SPL.nb from the NBH file.
By default the SPL will only allow you to "dump" a small region of the NAND flash chip, you want to dump the splash screen, so we have to patch it. To patch it, take any hex editor of your choice (radare, winhex...) and find this hexadecimal string: "0532A0E30E3883E3", then replace it for "0532A0E30000A0E1".
Now you have to load this SPL on your device using SSPL (read the SSPL readme.txt file, advanced instructions), you have to pass it as a parameter so you have two options: either create a .lnk file or use itsutils:
Code:
pput.exe patchedSPL.nb
pput.exe SSPL-TRIN.exe
prun.exe SSPL-TRIN.exe patchedSPL.nb
After prun, you have to quickly press the bootloader buttons, and you'll see the tri-color screen with your patched SPL
Disable activesync from now on
Connect to bootloader and issue the following commands:
Code:
Cmd> task 32
Level = 0
Cmd> set 1e 1
Cmd> rbmc splash1.nb 500e0000 40000
Cmd> rbmc splash2.nb 50140000 40000
mtty is very fishy with rbmc, so probably you will see no output, if this is the case you have 3 options:
Use unix command 'cu' (inside uucp tools), it works fine with rbmc.
Use mtty and capture the output with usb monitor, then use unix command 'xxd' to create the binary files.
Try with putty (I never tested, but probably works).
The output of the two rbmc commands are your first and second splash screens.
Thanks a lot Pof , you are very kind to did this !!!
but i have no success yet but i continue ...
@pof
what do you mean with "Use mtty and capture the output with usb monitor"
i think i did the right things before rbmc but like you said : i see no results i look at the options in mtty and i don't see "usb monitor"
can you help me (again) please ?
Regards
edit : is is the good result of the prun command ? ERROR: CreateProcess failed with Errorcode = 0
- Une connexion existante a d¹ Ûtre fermÚe par l'h¶te distant. (an exist connexion was closed by the host)
extenue said:
what do you mean with "Use mtty and capture the output with usb monitor"
Click to expand...
Click to collapse
ftp://xda:[email protected]/Hermes/Tools_and_Programs/usb-monitor237.exe
Capture in "complete" tab, export as ANSI text file.
extenue said:
edit : is is the good result of the prun command ? ERROR: CreateProcess failed with Errorcode = 0
Click to expand...
Click to collapse
yes, it's normal cos the SSPL kills the OS.
ok ! i finally success in export as ANSI text file the two files
i have not unix at home (i have only windows) , so before i ask my friends to create the binary files , how can i be sure that my dump is correct ?
Thanx again
extenue said:
how can i be sure that my dump is correct ?
Click to expand...
Click to collapse
The dump should have 262144 bytes (size of a splash screen).
For getting GPS to work on Wings production models I believe it is necessary to also dump and reconstruct the radio ROM from a pre-prod model. We also need the radio dumped from a production model so that we can compare. The dump procedure is more complicated than dumping the OS and this is nothing for n00bs.
Requirements
- Qualcomm QPST software (search)
- QC diagnostics drivers (attached)
- HardSPL, only needed if you want to dump from a production model
Procedure
1. Restart in tri-color bootloader mode and start MTTY
2. Type: rtask a
3. Type: radata Note: What you type is not echoed on screen!!!! (after pressing enter ignore the error message "Parameter error")
4. Type: retuoR Note: What you type is not echoed on screen!!!!
5. Type: rtask c
After step 5. the device will enter QC diagnostics mode and it will install 3 new devices on your PC. Make sure you install the attached drivers. After driver installation look in device manager to find which COM port the QC diag driver uses.
6. Exit MTTY
7. Start "QPST Configuration" and check if the device is recognized and if it is in "download" mode
8. Start "QPST Memory Debug", click "Get Regions" and then "Save To"
9. Upload the dumped files on XDA Devs FTP server
Dump NV Items
The configuration of radio are stored as NV items. It is possible to dump these as foolows:
1. Restart in tri-color bootloader mode and start MTTY
2. Type: rtask c
3. Exit MTTY and start "QPST RF NV Item Manager" and select Read from Phone from the File menu followed by Write Only listed Items to .QCN file
4. Upload the dumped files on XDA Devs FTP server
Version numbers listed in Splash screen
Please note them down and post them here.
Note that this procedure cannot harm your device in any way.
Final note: once an official HTC RUU file is available for Wings we can flash the reconstructed OS and Radio to your device. A RUU will be available sooner or later.
Here is the link to Qualcomm QPST software 2.7.247
I tried everything you said above, and all went well (retuoR gave mean an invalid command, but I went further and everything was ok ).
I attached pictures of the task manager and QPST configuration.
The files you should have when you're done are : smi.bin ; ebi.bin ; load.cmm and whatever.qcn (this last file is the NV dump) . Is this correct Jockyw ? Will we have to reconstruct those to a .nbh file somehow?
Well done el_lo
Yes, with ebi.bin and smi.bin *and* an official RUU we can reconstruct a complete pre-prod ROM.
jockyw2001 said:
Well done el_lo
Yes, with ebi.bin and smi.bin *and* an official RUU we can reconstruct a complete pre-prod ROM.
Click to expand...
Click to collapse
An official RUU?
butzchan said:
An official RUU?
Click to expand...
Click to collapse
Yes
Can someone write down version numbers appearing in the splash screen please. Thx.
Mine: (pre-production with working GPS):
R 1.58.06.16
G 25.42.11.00H
D 0.91.00.00
In Bootloader I have:
WING200 MFG
SPL-0.91.1000
CPLD-7
After I have put it into bootloader and started MTTY, I type in:
rtask a
Then it seems to hang. It shows:
POWER OFF PMIC VREG_USB : SUCCESS!
C VREG_USB : SUCCESS!
But I cannot enter more strings now...
I just ignored rtask a and did all other things
It installed the drivers but I get the following screen:
http://forum.xda-developers.com/attachment.php?attachmentid=66378&stc=1&d=1200611892
Dumdidum said:
After I have put it into bootloader and started MTTY, I type in:
rtask a
Then it seems to hang. It shows:
POWER OFF PMIC VREG_USB : SUCCESS!
C VREG_USB : SUCCESS!
But I cannot enter more strings now...
Click to expand...
Click to collapse
Yes you can. You can type it, but you won't see what you type on screen!
Your screenshot is showing the device in QC Diag mode, but not in Dload mode.
Try again and follow my instructions.
Ok its now working... dumping in this moment...
you need the NV Items too?
Where can I upload it? which ftp-link?
Ok I have the smi.bin , ebi.bin and load.cmm
But cannot get the NV-File...
did exactly what you said:
1. Restart in tri-color bootloader mode and start MTTY
2. Type: rtask c
3. Exit MTTY and start "QPST RF NV Item Manager" and select Read from Phone from the File menu followed by Write Only listed Items to .QCN file
but while starting "Read from File" I get:
http://forum.xda-developers.com/attachment.php?attachmentid=66379&stc=1&d=1200614645
My fault... I had to choose the com-port in the settings first...
So I got all the files you want...
I have upload it here:
ftp://xda:[email protected]/Uploads/Wings/HTC_Wings_Preproduction_radio_Dump_dumdidum.zip
I hope you can do something good with it. I love the GPS on my Wings But the preproduction ROM is very unstable, so I'de love to get a stable ROM with GPS-Support. Although I fear that they have deactivated something on hardware, cause the producive wings are getting GPS data, just no fix... perhaps no antenna?
Dumdidum said:
My fault... I had to choose the com-port in the settings first...
So I got all the files you want...
I have upload it here:
ftp://xda:[email protected]/Uploads/Wings/HTC_Wings_Preproduction_radio_Dump_dumdidum.zip
I hope you can do something good with it. I love the GPS on my Wings But the preproduction ROM is very unstable, so I'de love to get a stable ROM with GPS-Support. Although I fear that they have deactivated something on hardware, cause the producive wings are getting GPS data, just no fix... perhaps no antenna?
Click to expand...
Click to collapse
Well done
Yes, I share your fears but let's see we can proof it using the "reconstruct pre-prod software" approach
Anyone with a prod model care to take a note of the version strings in the splash screen please? Please note them down and post them here.
Production
R 1.58.17.02
G 25.62.30.03H
D 1.31.00.00
But here's someone with different version... http://www.htcwiki.com/thread/1104370/HTC+S730+rom?t=anon
moneytoo said:
http://www.htcwiki.com/thread/1104370/HTC+S730+rom?t=anon
Click to expand...
Click to collapse
Thx for that link.
So we have:
GPS/3G Enabled S730:
R 1.58.06.16
G 25.42.11.00H
D 0.91.00.00
Production S730:
R 1.58.17.02
G 25.62.30.03H
D 1.31.408.0
and
R 1.58.17.02
G 25.62.30.03H
D 1.31.00.00
Someone should now dump radio rom of a prod model!
jockyw2001 said:
For getting GPS to work on Wings production models I believe it is necessary to also dump and reconstruct the radio ROM from a pre-prod model. We also need the radio dumped from a production model so that we can compare. The dump procedure is more complicated than dumping the OS and this is nothing for n00bs.
Procedure
1. Restart in tri-color bootloader mode and start MTTY
2. Type: rtask a
3. Type: radata Note: What you type is not echoed on screen!!!! (after pressing enter ignore the error message "Parameter error")
4. Type: retuoR Note: What you type is not echoed on screen!!!!
5. Type: rtask c
After step 5. the device will enter QC diagnostics mode and it will install 3 new devices on your PC. Make sure you install the attached drivers. After driver installation look in device manager to find which COM port the QC diag driver uses.
6. Exit MTTY
7. Start "QPST Configuration" and check if the device is recognized and if it is in "download" mode
8. Start "QPST Memory Debug", click "Get Regions" and then "Save To"
9. Upload the dumped files on XDA Devs FTP server
Dump NV Items
The configuration of radio are stored as NV items. It is possible to dump these as foolows:
1. Restart in tri-color bootloader mode and start MTTY
2. Type: rtask c
3. Exit MTTY and start "QPST RF NV Item Manager" and select Read from Phone from the File menu followed by Write Only listed Items to .QCN file
4. Upload the dumped files on XDA Devs FTP server
Click to expand...
Click to collapse
Hi, mate.
First of all, congratulations for the finding
I'm taking a chance for the procedure in Kaiser device, and love to know what are the steps after the dump process to get the NB file...
For what i understand, i need to dump files from the first process (9 steps) and after this dump the config files too (4 steps), am i right?
many thanks...
jcespi2005 said:
For what i understand, i need to dump files from the first process (9 steps) and after this dump the config files too (4 steps), am i right?
Click to expand...
Click to collapse
Compare smi.bin and ebi.bin with the radio.nb you flashed originally, that will give you the memory layout vs. the rom (.nb) layout. With that you can reconstruct a radio.nb from any radio dump.
Good luck!
I've uploaded the radio from a production model here : Radio Production Model
Here is the info from the production model in question :
R1.58.17.02
G25.62.30.03h
D1.31.00.00
Excellent, so now we only need an official RUU to sort it all out.
Maybe we won't need it to reconstruct the radio, I'm not yet sure about that one.
--- Foreword ---
This guide is designed for those who find it hard to (or are too lazy to) search the forum for information on how to dump a ROM. This is specifically for the X1.
Some common sense and knowledge of computers and pocket pc's is required. I followed below steps myself to dump a ROM and dumping it worked flawlessly.
Update: The ROM I dumped has been tested and reported working perfectly!
EDIT: For those looking only for a stock ROm to dump with: Rapidshare
--- Special thanks to ---
Fards - Much of the below tutorial.
hungarian - The registry fix in step 2.
[email protected] - UK generic ROM link.
Itje - Kovskykitchen.
And the guys who made XDA Utils!
--- Guide ---
1) Download and preparation of files
A good preparation makes it much easier, download the following files:
XDA Tools/Utils
X1 (Kovsky) Kitchen
Stock UK ROM
Sdkcerts.cab
Fdcsoft Taskmanager
- Extract Kovskykitchen to C:\KovskyKitchen and in Vista make sure that buildos+package_tools is able to run as administrator.
- Extract the XDA tools to an easy to access folder, for instance c:\Xdatools
2) Preparing your phone:
Before your X1 will allow the dumping to be done, the following Sdkcerts.cab file must be installed.
- Copy Sdkcerts.cab to your phone or storage card and install it to the device.
Also, your phone must accept changes that pdocread makes. You can do this with the regedit function of the FdcSoft Taskmanager.
- Set the following registry keys to "1":
* HKLM\Security\Policies\Policies "00001001"
* HKLM\Security\Policies\Policies "0000101a"
- Connect your phone to your pc with activesync.
3) pdocread
- Open up a command line and navigate to the folder where you extracted the XDAtools.
- Enter the following command: "pdocread.exe -l"
You'll get something like this:
| 3.12M (0x31f000) Part00
| 3.50M (0x380000) Part01
| 69.38M (0x4560000) Part02
| 134.38M (0x8660000) Part03
The bits in brackets are the important ones as you need to use what it says on YOUR device in the next step.
4) Extraction
Run the following commands one at a time. Replace the codes (.e.g 0x31f000) with the codes you get in step 3.
Extracting these files can take some time, do not disconnect your device until the command line sais it's done.
pdocread -w -d FLASHDR -b 0x800 -p Part00 0 0x31f000 Part00.raw
pdocread -w -d FLASHDR -b 0x800 -p Part01 0 0x380000 Part01.raw
pdocread -w -d FLASHDR -b 0x800 -p Part02 0 0x4560000 Part02.raw
pdocread -w -d FLASHDR -b 0x800 -p Part03 0 0x8660000 Part03.raw
The files will end up in the XDAtools folder.
5) Kovksy kitchen
- Open your Kovskykitchen folder.
- Copy your 4 raw files to the "baserom" folder.
- From the stock UK ROM extract the RUU_signed.nbh to Baserom folder as well.
There are decent walkthroughs for cooking roms, this kitchen is built on the Kaiser Kitchen.
If you want more info, search for "kaiser kitchen" on XDA.
- Start kovskykitchen.cmd
- Select (e) extract a rom, then (b) and let it work through.
When it's finshed it'll go back to the main menu.
- Now select (c) cook a rom, then (b)
It'll start up the buildOS + Package tools program.
- Select the buildos tab.
- Select "load rom" and navigate to your kovskykitchen folder.
- Press ok.
After a couple of seconds the green "go" arrow will light up press it.
It'll do lots and may come back with an imgfs error, but this doesn't seem to matter.
- When it's done close the window.
Back in the CMD window it'll be waiting for a keypress.
When pressed a lot of files will be processed.
Finally it'll popup with some info for the HTC rom tool.
- Click BUILD!
- Select Kovsky from the dropdown box.
- Press the 3 little dots ... next to the box that says OS.
- Select the OS-NEW.nb in the main kovsky kitchen folder.
Press BUILD! at the bottom, and give the file a sensible name, RUU_signed.nbh if you want to flash it from windows, Kovsimg.nbh if you want to flash it from microSD card.
- Close the htc_rom_tool when it's done.
It'll popup a hexeditor to change the Pagepool.
An error might occur that it can't find the nbh file.
- Close the hexeditor.
The command line will clean up the temporary files and allows you to flash your ROM.
If you just want to back up the rom of your device then close this window.
Enjoy!
Thanks for taking the time to piece this together. It's much appreciated. I'm going to try to dump my rom later. Would love to learn how to cook eventually
great! please mod make it sticky
Nice thread, i was just searching about dumping my original rom. Thnx m8
i have sticky this thread
i hope this helps
Mod Edit:- De Stuck as part of the X1 Cleanup Program, a reference has been made in The X1 Referance Thread
liamhere said:
i hope this helps
Click to expand...
Click to collapse
Thanks! I just hope this answers this question - being asked so much!
Thnx Angelusz, i just tried my own rom and it works ^^!
Great guide, so if anybody wants a Dutch T-mobile rom. I can suply it
great tut man just did it worked fine;d
Anybody dumped Stock Austrian T-Mobile Rom??
Has anybody dumped an Austrian T-Mobile Stock Rom??
Does anybody know where i can get this?
If i dump my Rom by myself will there also be the actual installed Applications (e.g. Inesoft, Google Maps, Tf3D for Xperia,...) in the dumped Rom-File?
Thanks!
Thank you, great guide!
wursta said:
Has anybody dumped an Austrian T-Mobile Stock Rom??
Does anybody know where i can get this?
If i dump my Rom by myself will there also be the actual installed Applications (e.g. Inesoft, Google Maps, Tf3D for Xperia,...) in the dumped Rom-File?
Thanks!
Click to expand...
Click to collapse
Yes, this will dump the ROM as it is right now. So it will still automatically install the programs just like it did when you first booted it.
Dump Original Stock ROM-Hard SPL needed?
Hello,
Do i have to apply the Hard SPL "Hack" to my Device at first, bevore i try to Dump my Original ROM?
Thank's in Advice!
wursta said:
Hello,
Do i have to apply the Hard SPL "Hack" to my Device at first, bevore i try to Dump my Original ROM?
Thank's in Advice!
Click to expand...
Click to collapse
No you can back-up without hard spl,hard spl is needed when you want to install a new rom like Itjes.
jo3n said:
No you can back-up without hard spl,hard spl is needed when you want to install a new rom like Itjes.
Click to expand...
Click to collapse
ok great work you guys especially Angelusz
But i have two questions
1.Do i have to do any thing else after i go through your guide to backup my rom, what i mean is do i have to cook my rom or i can flash it directly after backing up my rom when ever i want and do i have to remove the radio and stuff.
2.Do i have to hard spl every time i what to flash a new rom, like now i have a Orange UK rom in my x1, i want to try itjes rom and then i want to use generic uk rom
Thank you in Advance,
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Regards bmwkalyan.
Original T-Mobile Austria Stock ROM
Hello Guys,
I have Dumped the Rom of my SE Xperia X1i from T-Mobile Austria!
Maybe some of you Guys can test the Dump if it works fine?????
If you want to do so,please have a look at:
http://forum.xda-developers.com/showthread.php?t=465054
Thanks!!!!!
bmwkalyan said:
ok great work you guys especially Angelusz
But i have two questions
1.Do i have to do any thing else after i go through your guide to backup my rom, what i mean is do i have to cook my rom or i can flash it directly after backing up my rom when ever i want and do i have to remove the radio and stuff.
2.Do i have to hard spl every time i what to flash a new rom, like now i have a Orange UK rom in my x1, i want to try itjes rom and then i want to use generic uk rom
Thank you in Advance,
Regards bmwkalyan.
Click to expand...
Click to collapse
1) No, the guide includes cooking it into a working .nbh file. The .nbh file can then be flashed via Activesync or directly from a microSD - check this forum for guides.
2) No, hardSPL is needed only the first time you want to flash a ROM. It is however required to flash any ROM at all.
Angelusz said:
It is however required to flash any ROM at all.
Click to expand...
Click to collapse
I am sorry to ask you so many times but i am new to wm ,
1.What do you mean by this could you be more specific (It is however required to flash any ROM at all.)
2.One more thing, in general why do we need to remove the radio part, why can't we rip and use both the os and the radio parts, i am asking this because i read some in the forum that these needed to be separated and why.
3.I also read in the forum that after flashing the rom the person could not use the track pad any more and it was working only as a D-pad and the 4 lights ( i don't remember what they call them) around the cell which light up when a call or sms or something like that comes(hope you are getting what i am trying to say)
did you face any of these problems, will flashing a generic uk rom make my x1 stock like or am i going to loose any features, can i update my x1 with sony ericsson's update manager if there is a update.
4.I see that you are using itje's Touch-IT Xperience v2.1 are the lights and track pad working in itje's rom
Thank you Angelusz in Advance ,
Regards bmwkalyan.
bmwkalyan said:
I am sorry to ask you so many times but i am new to wm ,
1.What do you mean by this could you be more specific (It is however required to flash any ROM at all.)
2.One more thing, in general why do we need to remove the radio part, why can't we rip and use both the os and the radio parts, i am asking this because i read some in the forum that these needed to be separated and why.
3.I also read in the forum that after flashing the rom the person could not use the track pad any more and it was working only as a D-pad and the 4 lights ( i don't remember what they call them) around the cell which light up when a call or sms or something like that comes(hope you are getting what i am trying to say)
did you face any of these problems, will flashing a generic uk rom make my x1 stock like or am i going to loose any features, can i update my x1 with sony ericsson's update manager if there is a update.
4.I see that you are using itje's Touch-IT Xperience v2.1 are the lights and track pad working in itje's rom
Thank you Angelusz in Advance ,
Regards bmwkalyan.
Click to expand...
Click to collapse
That's alright. Do try and search for answers to your questions before you ask them. If you keep asking first, people with answers will get annoyed - for they have to answer every single new user's question, over and over.
1) I meant that to flash any ROM - generic or cooked - you need hardSPL flashed first.
2) The Radio and ROM are not stored in the same place on the phone itself. Flashing a ROM does not influence your radio. The ROM and radio do different things and in general you don't need to tinker with your radio. An updated radio can however improve reception with your phone. With the method described in this thread, you will dump only your ROM. I do not yet know how to dump/flash a radio.
3) If a feature stops working, the cause lies in the installed ROM. Generic ROM's will - if flashed properly - work as the default ROM your phone came with, as all drivers etc. are installed as normal. If a cook makes some mistakes while cooking the ROM, forgetting drivers or what ever else, some things might not work properly. So, if the ROM is good, everything will work as intended. If a ROM does not meet your expectations, you can always flash another one.
4) Yes, the d-pad and lights work perfectly. There's some other issues, but you had best keep track of the respective topic for more information on that.
Angelusz said:
1) I meant that to flash any ROM - generic or cooked - you need hardSPL flashed first.
Click to expand...
Click to collapse
ya i know how much annoying it is believe me , i my self was a moderator of a forum ( guess i must not mention the forum name here, but you can google for bmwkalyan) when i used to have a SE P1i but since i sold it i am not a moderator any more, the thing is i know how it feels, i am only asking the questions i could not understand reading the forum .
i am sorry to ask you again, i did not understand do i have to hard spl every time i need to flash a rom or only the first time
and i guess you forgot to answer this (can i update my x1 with sony ericsson's update manager if there is a update available) if so will the update, update my radio too.
Really man, i Thank You for taking your time to answer my questions, i really do.
Regards bmwkalyan.
1st thank you for taking the time in making this quick guide...
2nd I have been searching over and over for information in backing up my rom and unfortunately I run into a brick wall everytime as the information i get from pdocread doesnt look like anyone else's and this is why I cant do it..
3rd I am hoping that someone might be able to provide some insight...maybe it is something small that I am missing, so if anyone can help it will be greatly appreciated...
So I download all the tools in step 1...
The registry entries in step 2 are both DWORD value "1" (I notice you say change to integer "1", is this the same as DWORD Value "1" Decimal, or is this where i am going wrong?
Now on step 3 when i type pdocread -l the information that I recieve is as follows and this is why I am unable to proceed further >>>
C:\itsutils\build>pdocread -l
459.88M FLASHDR
| 3.12M Part00
| 4.38M Part01
| 168.00M Part02
| 284.38M Part03
3.80G DSK7:
| 3.79G Part00
STRG handles: 8ffaef42( 3.79G) efe9177a(284.38M) effa1c4e(168.00M) effa1c2a(
4.38M) effa1976( 3.12M)
What am i doing wrong? can anyone see? If so please let me know.
Thank You
I've come across a ClicDiag bootloader. I believe it's a custom HBoot that runs the Diagnostics suite for the Clic. I had hoped this was an Engineering Bootloader, or a Ship S-OFF
To boot it, extract clicdiag.nbh from the .zip file bellow, and copy it to the root of your sdcard. Reboot into HBoot and it will shortly boot into the Diagnostics mode. The most usefull command is the "F/T1 Test" that enables the USB port to be used as a serial port (I believe, can't confirm this yet).
In F/T1 Test mode, if I plug my Tattoo to a Linux box, I get a ttyUSB device, but, so far, I haven't been able to talk to it yet. Maybe someone more familiar with minicom will be luckier ? Under Windows, it asks for Qualcomm CDMA drivers, but I haven't been able to set this up either.
To the best of my knowledge, this will not brick your Tattoo, but use with extreme care.
RUNNING CLICDIAG WILL RESET ALL YOUR TATTOO SETTINGS, you have been warned.
Report your findings
Download:
http://www.megaupload.com/?d=27NLIDXC
well done
dude this is progress!!
where did you get this?
i would try this out! if a had a tattoo...
@mainfram3: I need a goldcard or try normally?
Chusen,
Good question.. I have converted my SD to goldcard, so I don't know if you can boot it without one. But, if I recall correctly, the HBoot always checks for those files, even without a goldcard, so it may work (without one).
I tried but does not detect clicdiag.zip in a goldcard mode an normal mode
CLICDIAG.nbh No image file or wrong image
You have to extract it from the zip file and place the clicdiag.nbh in the root of the sdcard.
mainfram3 said:
You have to extract it from the zip file and place the clicdiag.nbh in the root of the sdcard.
Click to expand...
Click to collapse
no rename??ok jeje i try it
same result: no image or wrong image
thanks for you job
Chusen,
Can you try renaming it to CLICDIAG.nbh (clicdiag in uppercase). I just checked and that's how mine is named, maybe this makes a difference ?
I've tried in all caps, may be problem of my SD that is not properly check goldcard?
Yes, that's what I was about to suggest, maybe a goldcard is needed and yours is not setup properly
Apart from try to flash a WWE rom to a CID locked phone, I only know of one way to test the goldcard:
After booting into HBoot, hit the green button (send) for Simlock. If the goldcard is OK, it will react differently.
If the goldcard is OK it should end with something like this:
Code:
0: SD FAT32 init OK
0: Key-card
Wait for AMSS ready...
4: Unlock NV with SPC code
Pass/Fail/NoResponse: 0/0/0
Write PRL to Nam0 (0/0/0)
Write PRL to Nam1 (0/0/0)
4: Set Dynamic NV
Process done, reboot device?
<MENU> Reset Device
I tried in another SD and same result Why???
mainfram3 said:
Yes, that's what I was about to suggest, maybe a goldcard is needed and yours is not setup properly
Apart from try to flash a WWE rom to a CID locked phone, I only know of one way to test the goldcard:
After booting into HBoot, hit the green button (send) for Simlock. If the goldcard is OK, it will react differently.
If the goldcard is OK it should end with something like this:
Code:
0: SD FAT32 init OK
0: Key-card
Wait for AMSS ready...
4: Unlock NV with SPC code
Pass/Fail/NoResponse: 0/0/0
Write PRL to Nam0 (0/0/0)
Write PRL to Nam1 (0/0/0)
4: Set Dynamic NV
Process done, reboot device?
<MENU> Reset Device
Click to expand...
Click to collapse
This is ok
Here's the exact file I downloaded, just in case the one I uploaded in the first post is corrupted somehow. It's archived in .rar format.
http://www.megaupload.com/?d=27NLIDXC
ok downloading and trying..one question: have you a rooted tattoo?
worked!!!, i need some drivers.. sdk drivers???
ok sorry I did not read well, do not quite understand English, I can not help you, sorry
I think it might be interesting in the show menu puts secu_flag gsm info: enable
@mainfram3 I don't suppose you could let me know were you found this at? Or you could check to see if you can find one for the Eris it should be PB00DIAG.nbh or PB00****, any help would be great. Thanks pm me if you don't want that info public. Thanks
Now, we're cooking with gas!
So going to try this out. Hopefully we could get root via this or using this in conjuction with something else.
binny1007 said:
@mainfram3 I don't suppose you could let me know were you found this at? Or you could check to see if you can find one for the Eris it should be PB00DIAG.nbh or PB00****, any help would be great. Thanks pm me if you don't want that info public. Thanks
Click to expand...
Click to collapse
Hi.
I found it over a Chinese board. Had to login with bugmenot, to get to the files.
Here's the link:
http://www.hiapk.com/bbs/attachmentList.php
Dude, you found engineering Hboot !
I viewed nbh with notepad, it contains
0.47.2000 7225 SPL ?бENG ?б ?б ?бHBOOT-7225