Database Develop

Extracting the CID and Coutry code out of a nbh and matching to the device

When looking at RUU_signed.nbh extracted out of RUU_BlackStone_HTC_WWE_EastEurope_1.14.479.3_Radio_52.49a.25.26_1.09.25.14_Ship
I find at
00 00 00 00 40h BLAC10000
00 00 00 1e 0hh HTC__032
00 00 00 20 00h 1.14.479.3
00 00 00 21 10h USA
It looks like the ModelID, CID, Rom Version and the Country code.
How can I find out what those values are of my device so that I can match a shipped rom with it ??

Model ID should be under the battery.
Have you tried using ATCommander to query the CID with the:
[email protected]? command?
Ta
Dave

MDAIIIUser said:
When looking at RUU_signed.nbh extracted out of RUU_BlackStone_HTC_WWE_EastEurope_1.14.479.3_Radio_52.49a.25.26_1.09.25.14_Ship
I find at
00 00 00 00 40h BLAC10000
00 00 00 1e 0hh HTC__032
00 00 00 20 00h 1.14.479.3
00 00 00 21 10h USA
It looks like the ModelID, CID, Rom Version and the Country code.
How can I find out what those values are of my device so that I can match a shipped rom with it ??
Click to expand...
Click to collapse
could perhaps help cmonex, when she has gained enough...

DaveShaw said:
Model ID should be under the battery.
Have you tried using ATCommander to query the CID with the:
[email protected]? command?
Ta
Dave
Click to expand...
Click to collapse
No I did the old approach based on the blueangel.
Here flashing software gave you a getdevicedata.exe so I had a look at an extracted HD_ship.exe and found RUUGetInfo.exe.
So I put it on my device, ran it and sorted my windows dir by date.
I found:
RUUImei.txt ---- > contains the IMEI of my device
RUUInfo.txt-----> Gives me the same info the rom version under Divice info

here is how
gd day
here is how
put your phone into boot loader model by pressing power and volume down till 3 color s screen comes.
in active sync right click the mouse and go into connection settings and move the v from allow us connection
connect your phone and run mtty software
http://rapidshare.com/files/173474965/mtty_0513.zip.html
after your install it just go in and chose usb instead of com port
when its open press one time enter and you can see answer back cmd>
then key in cmd2
u can see the details
gd luck

he means "info 2" for CID.
but DaveShaw is right too.
anyway. it won't flash that way without hardspl.

MDAIIIUser said:
00 00 00 00 40h BLAC10000
00 00 00 1e 0hh HTC__032
00 00 00 20 00h 1.14.479.3
00 00 00 21 10h USA
Click to expand...
Click to collapse
What if I change cid in that nbh file? To match cid of my device. Will I be able to flash that rom?

lipa47 said:
What if I change cid in that nbh file? To match cid of my device. Will I be able to flash that rom?
Click to expand...
Click to collapse
Unless you can sign the NBH file with the Private Key of the Carrier (or whoevers signs them), you won't have much luck.
The HardSPL is patched so it doesn't check the signature on the file.
Ta
Dave

Now that is cool
Here is a working link
http://wiki.xda-developers.com/uploads/mtty.exe
So do we know the other codes for the rest of the stuff I found in the nbh ??

May I know that the CID will be changed or not if the hardspl is install? As I know, HTC will check the CID if it is taken for repair, and they will not repair if the CID is not valid.

CID will not be changed. Hard-spl only bypasses checking CID, signature, overwriting spl etc.

It means that there is a CID stored in the phone and also in the ROM file so that the SPL will check between them during ROM upgrade. If it is that case, is there any means to change the CID & country code stored in the phone?

Yes it is but is not available for HD at the moment.
Anyway hard-spl is bit better method because you can flash custom roms, radios only etc.
If you only change cid you can only flash HTC signed roms.

Determine CID from mtty 'info 2' output
Hi guys,
If you consider this useful keep it if not delete it ...
When issued the 'info 2' command, I got:
Cmd>info 2
Card inserted
SD clk rate 19MHz
Cmd5 CMD_TIMEOUT
SD clk rate 144KHZ
SD 2.0 HC card
SD Clk rate 24 MHz
SD Init OK
-- The
Card inserted
...
SD Init OK
-- was repeated 2 more time.
HTCSHTC__032ðúÔ•HTCE
Cmd>
Then it was not clear for me which was the CID. But http://wiki.xda-developers.com/index.php?pagename=Hermes_BootLoader was quite useful. It is stated "Returns "HTCS" + CID + (4-byte checksum) + "HTCE"" so I presume the CID is 'HTC__032'. HTCS/HTCE (Start/End) seems to be only control strings.
As written on the mentioned page 'info 4' would have shorter output and still providing the CID.
Thanks for the good doc.

Imagio 040 SPL

use for rewrite ESN and flash ROMs. good luck.
rename it to .rar, its a winrar file.
MOD EDIT - Removed file. PM me if you disagree and provide me with more history/evidence

Leave it. He has 1 post and the SPL hasn't been cracked yet. Probably a scam.

I have re-opened this thread.
@ ls1024 - Feel free to modify first post again and provide more info including what you showed me in PM
Rick

Thanks Spartan for looking at this. Hopefully once he posts more info it will be what we Imagio users are desperate for, or a step in that direction.

Narcotichobo said:
The linked thread reads as following:
Only 6975's with spl already unlocked can be flashed, before you flash please make sure your spl is unlocked.
Currently all chinese phones come unlocked.
To confirm, go into the three color screen (hold down the volume button and the device on button), spl should be 0.40.0000
After flashing check to see if the radio number is 2.05ESNWVL
The operation below is identical to the 6875 (TP2), if you have a problem refer to posts on 6875 (TP2) ESN post
Use any version of CDMA Work Shop
On the terminal page, commands section
27 97 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
After you press send the MEID should be cleared
Afterward you can write whatever ESN
When you finish you can flash any radio and won't lose the ESN
Reference: Tutorial on writing the 6875
http://www.diypda.com/viewthread.php?tid=92838&extra=page=1
Alright, I don't know how to do any of that stuff, but i'm 95% sure on the translation so I hope that helps someone who does know what they are doing!
Also there seems to be an attachment to the post in that thread but i can't access it because I am not a forum member, and registration requires an invitation number.
Click to expand...
Click to collapse
The 0.40 SPL comes on the Chinese version of the Imagio and it allows writing of the ESN and flashing.
All being chatted in this thread:
http://www.forum.ppcgeeks.com/showthread.php?t=97542
Cmonex is working on the HSPL ATM and I do believe it will be based off of the 0.40 SPL

Americanmetal said:
The 0.40 SPL comes on the Chinese version of the Imagio and it allows writing of the ESN and flashing.
All being chatted in this thread:
http://www.forum.ppcgeeks.com/showthread.php?t=97542
Cmonex is working on the HSPL ATM and I do believe it will be based off of the 0.40 SPL
Click to expand...
Click to collapse
Woot I got quoted here.

\/
||
||
\/

And this helps us .38 how?
I think I read this over at PPCG but no instructions on how to do it on a .38 SPL so basically this is for the .40 Imagio only correct?
I posted both modified radios for TP2 and Imagio on PPCG and also a utility to write MEID/ESN (all 3 files from diypda china)

narcotichobo said:
Woot I got quoted here.
Click to expand...
Click to collapse
I had to get this thread unlocked rofl

Still, how can we upgrade to .40? That's what's holding us from at least changing radios to chinese ones hehehe

ls1024 said:
use for rewrite ESN and flash ROMs. good luck.
rename it to .rar, its a winrar file.
MOD EDIT - Removed file. PM me if you disagree and provide me with more history/evidence
Click to expand...
Click to collapse
i have pm...tks.

Ignore this
Here is a couple of files I got from chinese DIYPDA forum. One is a modified radio and the other one a program to simplify the esn repair.
Click to expand...
Click to collapse
Here is the modified radio and DFS, a program that does let you change MEID and/or ESN for when we can do it. Only .40 can change to this radio
Code:
http://www.mediafire.com/?bxjnytljdid
http://www.mediafire.com/?zmtjymhzcjf

we upgrade to 0.40? is the focus of

At least if we can do the .40 upgrade then we can also upgrade to an HSPL that allows unsigned ROMs. Has anybody had any luck with .40? I would like .40 on my phone... And also a way to go back to .38 if possible!

Well, easiest way to go .40 is to buy an Imagio that's .40 already.
taobao(dot)com as specified by our friends at diypda(dot)com has them for 3150 = $461 usd. The question is... If we get this phone and we flash the Imagio shipped rom, will it flash .38 spl or leave it at .40 spl?

It will replace to .38 ,
u must delete SPL from the ruu_signed.nbh
m4f1050 said:
Well, easiest way to go .40 is to buy an Imagio that's .40 already.
taobao(dot)com as specified by our friends at diypda(dot)com has them for 3150 = $461 usd. The question is... If we get this phone and we flash the Imagio shipped rom, will it flash .38 spl or leave it at .40 spl?
Click to expand...
Click to collapse

Hmmm, well, at least the .40 can flash it after you remove .38 spl (will be unsigned afterwards) so how do you remove it? I've cooked ROMs with kitchens before but I have no clue how to remove the SPL from the .nbh

htcRIE_0.5.0.12
m4f1050 said:
Hmmm, well, at least the .40 can flash it after you remove .38 spl (will be unsigned afterwards) so how do you remove it? I've cooked ROMs with kitchens before but I have no clue how to remove the SPL from the .nbh
Click to expand...
Click to collapse

I'll give it a test drive to see how it works. Link here: http://forum.xda-developers.com/showthread.php?t=377514
I tested program, it does work, I managed to remove SPL from the Verizon .nbh but Whitestone is not on the list of selected phones, not sure what that list/dropdown menu is for, is that for signing the ROM?

Imagio ROM Test
I have an Imagio, I am willing to use as Genie Pig if anyone can point me to promising ROM to test out. I'm willing to chance bricking the phone. It has been replaced by a new phone from Verizon.​

[Q] imei and product code in nv_data.bin messed up!! need imei restore!!! help me!!!

Hi. I am a sgs user living in vietnam struggling to restore my imei.
Okay, you guys can blame me.
I removed my efs folder accidently without backup.
Here is what’s going on.
My phone works perfectly on any froyo roms but not on eclairs.
When I check my product code with sgs tools, I see “Not Active” instead of product code.
And, of course, I’ve got this so called generic imei.
I checked my nv_data.bin with Ultraedit and here is what it shows
00188000 ff ff ff ff 52 45 56 5f ….REV_
00188008 5f 00 00 00 00 00 47 58 _.....GX
00188010 53 4f 00 00 00 00 4e 6f SO….No
00188018 74 20 41 63 74 69 76 65 t Active
00188020 00 58 53 4f 00 00 00 00 .XSO….
I know it looks very abnormal…..
Is there anyone who has any ideas about imei and product code restore?
(In windows registry, my product code had been I9000HKAXSO before it went bad)
I really want to restore my imei so I can bring my phone over to Germany!!!

It's not possible without a backup.

send it to Samsung . They can fix it with a fee

thank you for your reply. i am going to give away my sgs to sammy service center.

Before you do that search the forum their are a large number of posts on the topic including some fixes .Longshot but worth a try .
jje

[Q] FF 00 00 00 00 but still locked?

I have got Nv_data.bin from my phone and opened it with Hex Workshop, and gone to 0x181468.
This is apparently supposed to be FF 01 ... when the phone is locked, and you change it to FF 00 00... ... but mine is already FF 00 00 00 00 46 46... but the phone is still locked (says emergency calls only with sim from different network.)
It is locked to orange UK FWIW.

check your IMEI number matches the number on the box / phone
theres a small chance it could of got corrupted with playing with the Nv_data.bin files

The IMEI under anroid settings is the same as printed on the phone. If you mean within the file then you will have to let me know how to find it?
I haven't done anything to the file yet except copy it.

?? what to do ??

What is reset customizations doing in Flashtool?

Hi everyone,
there is an option in flashtool to reset customizations. What exactly is it doing when I select it? What kind of customization will be reset?
Looking into source code didn't help me I wasn't able to figure it out. There some lines like this:
if (_bundle.hasResetStats()) {
logger.info("Resetting customizations");
resetStats();
So when selected, to resetStats:
public void resetStats() throws IOException, X10FlashException {
openTA(2);
sendTAUnit(_8a4unit);
closeTA();
ok, open TA, modify it this way:
_8a4unit = new TaEntry();
_8a4unit.setPartition("000008A4");
_8a4unit.addData("00 00 00 00 00 00 00 00 00 00 00 00 00 00");
_8a4unit.setSize("0E");
I don't get what TA exactly is. I don't know about TA-Entry or folder or whatever this is but for me it looks like they cleaning up everything there.
Can someone give me a simple noob explanation about this option?
Thanks!
Best,
Fresh

Androxyde said it is phone factory reset. Read it by yourself: http://forum.xda-developers.com/showthread.php?t=920746&page=198

but then it must be very bricking reset. Because from what I have read so far, TA is the part where IMEI and such stuff is stored. If this is true, cleaning this part up will brick phone from my thinking...