Hello.
I'm a new Telstra Diamond owner. I want to learn everything about this phone and dump ROM's to contribute to the community.
I'm kinda new to the scene but I've done a fair amount of research and how I'm stuck. I thought I'd summarise what I think I know about the Diamond for the benefit of those who read this thread - and to confirm my own understanding.
- I've managed to use regeditSTG to allow unsigned code to run. I've then used imgfstools/pdocread to dump the ROM from the OS.
I've extracted the following partitions:
Code:
210.50M (0xd280000) DSK1:
| 3.12M (0x31f000) Part00
| 4.38M (0x460000) Part01
| 109.63M (0x6da0000) Part02
| 93.38M (0x5d60000) Part03
3.75G (0xf0000000) DSK7:
| 3.75G (0xf0000000) PART00
Now, my understanding is that these are:
Code:
DSK1
Part00 - image update kernel partition (XIP), used while image updates
Part01 - regular kernel partition (XIP), used for normal OS boot
Part02 - imgfs
Part03 - user filesystem
DSK7
Part00 - extended rom
Is that right?
I then tried to dump the SPL with the following:
pmemdump.exe 0xa8000000 524288 SPLdumped.nb
This worked, but I'm not sure if it's really the SPL...
So, I entered the bootloader mode and ran mtty. I ran checkimage and got the CRC checksums:
Code:
Cmd>checkimage
SPL CRC checksum = 0x6F634BF9
Fixed new dwPSImageSize = 0x60C0000
CE CRC checksum = 0x9C5FBF7F
Fixed new dwPSImageSize = 0x60C0000
ExtROM CRC checksum = 0x0
[\CODE]
However, none of the PartXX images I dumped earlier matches any of the CRC's... So, now I'm confused. Is the CRC a regular CRC32? Am I able to verify my ROM images?
Further, I tried to dump rom using rbmc, but it doesn't look like it works. It just freezes after the following:
[CODE]
GetExtRomData+(): *pszPathName=c:\temp\Mem.nb, dwStartAddress=57600000, dwLength=8847FAC0
:F=c:\temp\Mem.nb
:A=57600000
:L=8847FAC0
:rbmc=
HTCS
[\CODE]
I'm assuming it's supposed to dump the rom to screen for me to extract later... I've also tried different start addresses and different lengths to no avail.
I did however notice that my seclevel is FF
[CODE]
Cmd>task 32
No card inserted
SD read fail!
Level = FF
[\CODE]
I'm assuming this is why I'm not able to run rbmc properly.
SO - is there any way I can change my seclevel to 0 without flashing over the rom that I want to extract? I really want to extract the IPL, SPL, and ROM properly before I do anything permanent on my Diamond.
Thanks for any replies.
/dev/null0
Code:
GetExtRomData+(): *pszPathName=c:\temp\Mem.nb, dwStartAddress=57600000, dwLength=8847FAC0
:F=c:\temp\Mem.nb
:A=57600000
:L=8847FAC0
:rbmc=
HTCS
[\CODE]
I'm assuming it's supposed to dump the rom to screen for me to extract later... I've also tried different start addresses and different lengths to no avail.
I did however notice that my seclevel is FF
[/QUOTE]
For sure not. Either your seclevel is 00 or 01. It is stored in HTC partition,
in regioninfo section.
Also rbmc does only read memory, but not nand. So you will not be able to dump radio for example due to MPU.
[QUOTE]
SO - is there any way I can change my seclevel to 0 without flashing over the rom that I want to extract?
[/QUOTE]
In order to obtain a sec unlocked device, you need to patch the radio. No need to change the rom at all.
Once you're sec unlocked, you can dump whole nand (including os) by using pdump command.
[QUOTE]
I really want to extract the IPL, SPL, and ROM properly before I do anything permanent on my Diamond.
[/QUOTE]
First try to dump spl using rbmc. The crc32 isn't standard crc32, but xilinx crc32. After that, flash mfg spl and patch radio to get sec unlock. Then you can restore old spl and radio to the device.
The only way to dump radio and os without patching anything is using jtag.
Cya,
Viper BJK
Click to expand...
Click to collapse
Hi Viper, Thanks for replying.
JTAG? Awesome I've got some hardware experience, and I opened my Diamond but I wasn't able to identify the JTAG port. I've done a quick search and found that you've been able to identify the JTAG port - but it wasn't working for some reason. Are you able to reply with the location and information (or PM me if you want to restrict who gets the info) I'd appreciate it.
Back to my original questions:
First try to dump spl using rbmc
Click to expand...
Click to collapse
Cool - but, I haven't been able to get rbmc working at all for me. Am I giving it an invalid address (I've tried several) or is there something else at play here?
The crc32 isn't standard crc32, but xilinx crc32.
Click to expand...
Click to collapse
Sweet! Now all I need is the algorithm or an executable to perform the xilinx crc. I'm going to search now, but do you know of any? I looked at QMAT but I didn't notice it mentioning anything about this. BTW. Nice tool - I've just donated €15 for your efforts.
Looking forward to your reply!
/dev/null0
devnull0 said:
Hi Viper, Thanks for replying.
JTAG? Awesome I've got some hardware experience, and I opened my Diamond but I wasn't able to identify the JTAG port. I've done a quick search and found that you've been able to identify the JTAG port - but it wasn't working for some reason. Are you able to reply with the location and information (or PM me if you want to restrict who gets the info) I'd appreciate it.
Back to my original questions:
Cool - but, I haven't been able to get rbmc working at all for me. Am I giving it an invalid address (I've tried several) or is there something else at play here?
Sweet! Now all I need is the algorithm or an executable to perform the xilinx crc. I'm going to search now, but do you know of any? I looked at QMAT but I didn't notice it mentioning anything about this. BTW. Nice tool - I've just donated €15 for your efforts.
Looking forward to your reply!
/dev/null0
Click to expand...
Click to collapse
Well QMAT supports calculation of xilinx crc32. See "Generate Hashes".
Thanks for your donation, I really appreciate that.
About the Jtag : I never said it wouldn't work. I just haven't had a chance to get a bricked device to test. Jtag pinouts should not be made public, as otherwise we will no longer have a chance to use it on newer devices. Just contact me via [email protected], if you think you can handle that. I'll be glad to help.
Rbmc is a bit tricky. Your parameters I think are correct,except the length. That one is way too much. Use QMAT AT Command Tool (HTC) and have a look at the file called "bytelog" in the program directory.
You can clearly see the results there.
Cya,
Viper BJK
Related
The attached utility will allow to extract .NB0 OS image from ASUS P525 "galaxy.cap" complete rom update packages, and also to update CRC on modified NB0 ROM image, to pass the flasher validity check and flash the modified ROM. Also it will allow to unpack compressed kernel partition.
The application dynamically linked to Visual C runtime libraries. They used by myriads of applications, and most likely you already have them on your system installed. If you are not (on a clean PC for example) and P525ROMTool complains about lack of needed libraries,- download and install this - http://www.microsoft.com/downloads/details.aspx?familyid=32BC1BEE-A3F9-4C13-9C99-220B62A191EE
For you technical people, the utility source is included too. You can see the basic layout, and that ASUS used Adler32 algorithm to calculate the checksum on ROMs (with slight modification that base sum was initialized to zero instead of one).
The basic procedure for cooking your own custom P525 rom is:
1) P525ROMTool -d galaxy.cap
This will extract the ROMGalaxy.NB0 OS-only image. For custom ROMs I recommend working with NB0 OS images only - no danger of corrupting bootloader & IPL this way.
2) prepare_imgfs ROMGalaxy.NB0 -nosplit
3) DelFile / AddFile
Iam not sure if you can truly fully rebuild the ROM and not to break anything (ROM tools were made for HTC platform, not for ASUS). So I recommend using DelFile/AddFile method at least for the start.
There are a lot of different ROM editing tools around, but I can not give you exact directions what is better and in which conditions - ASUS ROM cooking is less charted area then for HTCs.
I assume you know what you actually need to change on file basis for your ROM customization. If you dont know what I am talking about, this is not for you (read disclaimer at the end of the post, and think over it).
4) make_imgfs ROMGalaxy.NB0 -nosplit
5) P525ROMTool -s ROMGalaxy.NB0
it will ask about changed checksum. Enter "y" to update it. You can run P525"ROMTool -s ROMGalaxy.NB0" again to be sure that checksum was updated properly - it should'nt ask to change it second time.
6) Flash ROMGalaxy.NB0 via bootloader (copy it to SD card root, press "camera" fully, press reset).
Techincally, you can make the .cap file to flash via "autorun" loader, hovewer, I must warn you that .cap file will flash not only OS image, but also the IPL+bootloader. If something goes wrong, bootloader can be corrupted and device will be bricked.
If you flash ROMGalaxy.NB0, it will not flash over bootloader+IPL, so its a lot safer - if something goes wrong, you still must be able to flash emergency rom via bootloader.
Take note that any activity that involves the ROM updating is dangerous. Even if you understand everything, there is some risk. If you have only basic understanding of ROM mechanics, risk increases tenfold - you better consider before screwing up perfectly working and expensive device.
You have been warned.
Ingvarr, thanks a million time. I love yr WM5 Storage and I think I will love this tool also. I will start building my rom based on Sorg's build 6 since it does provide some very useful tools for us.
Ingvarr thank you for your cool tools.
But when I DIY my ROM, I can't make make_imgfs.exe work correctly. It returns some symbols I can't understand.
Even I run make_imgfs.exe just after finish running prepare_imgfs.exe, it returns the err.
Could you help me with this?
make_imgfs ROMGalaxy.NB0 -nosplit
NOT "nk.nba"
It writes the modified filesystem back in the original image, so it should remain the same. You dont want to mix the ASUS and HTC ROMs and then flash it to your device, trust me
I recommend you to read HTC ROM Tools instructions and forum threads and be sure you've got right how it works, before you screw something up
sir,
Bad news,it can't work with CHS ROM (ROMgalaxy.nb0) checksum error!~~~
Does it correctly verify the checksum on original ROM?
I will try to look over it, maybe I've missed something.
Btw, if you can, write down what does writes on screen _exactly_, down to the point of failure (including error message).
Ingvarr said:
Does it correctly verify the checksum on original ROM?
I will try to look over it, maybe I've missed something.
Btw, if you can, write down what does writes on screen _exactly_, down to the point of failure (including error message).
Click to expand...
Click to collapse
i have tried it too.
i updated the checksum in sorgs rom, and then i found, that the checksum from ur SW is diffrent with the original Checksum in sorgs ROM
harlemyin said:
i have tried it too.
i updated the checksum in sorgs rom, and then i found, that the checksum from ur SW is diffrent with the original Checksum in sorgs ROM
Click to expand...
Click to collapse
You mean, it claims that checksum is wrong even when you have not modified NB0 yet?
I may look over this NB0, can you host it somewhere? But better not at rapidshare, Iam already topped my limit
Ingvarr said:
You mean, it claims that checksum is wrong even when you have not modified NB0 yet?
I may look over this NB0, can you host it somewhere? But better not at rapidshare, Iam already topped my limit
Click to expand...
Click to collapse
yes
and it happens by official P525_V3320_WWE2nd too
checksum in official P525_V3320_WWE2nd is 79AB7436
ur SW changed it to EF722461----not modified NB0
u can download official P525_V3320_WWE2nd with www.asus.com or
ftp://dlsvr02.asus.com/pub/ASUS/IA/P525/P525_V3320_WWE2nd.zip
Thats odd, because I've just checked it with WWE 3.32 and at least checksum calculation defenitely works ok...
This roms are in .CAP package. Have you actually extracted .NB0 from .CAP?
I have uploaded version 1.01 - it has additional sanity checks to make sure that you try to run it on NB0 with structure it expects.
Try it on WWE 3.32 and write what the original checksum and calculated checksums will be.
sorry
our mistake
i tested ur SW with a *.nb0, which extracted with xda3nbftool.exe------*.nb0 with ipl and bootloader.
and now i find, that *.nb0 should be and must be extracted with ur P525ROMTool -d galaxy.cap,------that means *.nb0 without ipl and bootloader
everything is fine, when *.nb0 is extracted with ur P525ROMTool
i think creazy2000 just made the same mistake like me.
o
thanks a lot.
Thanks. The tool works perfectly on my P525.
Ingvarr said:
Thats odd, because I've just checked it with WWE 3.32 and at least checksum calculation defenitely works ok...
This roms are in .CAP package. Have you actually extracted .NB0 from .CAP?
I have uploaded version 1.01 - it has additional sanity checks to make sure that you try to run it on NB0 with structure it expects.
Try it on WWE 3.32 and write what the original checksum and calculated checksums will be.
Click to expand...
Click to collapse
I make a mistake, thanks!
harlemyin said:
sorry
our mistake
i tested ur SW with a *.nb0, which extracted with xda3nbftool.exe------*.nb0 with ipl and bootloader.
and now i find, that *.nb0 should be and must be extracted with ur P525ROMTool -d galaxy.cap,------that means *.nb0 without ipl and bootloader
everything is fine, when *.nb0 is extracted with ur P525ROMTool
i think creazy2000 just made the same mistake like me.
Click to expand...
Click to collapse
Oh, I know !
I make a mistake !
thanks
Is it a seperate tools that the imgfs? Need I find this tool to finish the whole things? Where can I find this tool?
P525_V3320_WWE2
I have P525_V3.29.0 WWE3
Can someone tell the difference between them it looks that the first one is newer but I am confused by the WWE which is newer
Thanks all
Night Runner said:
Is it a seperate tools that the imgfs? Need I find this tool to finish the whole things? Where can I find this tool?
Click to expand...
Click to collapse
Everything about complete process is in the first post. What is you dont understand from here?
jmfa59 said:
P525_V3320_WWE2
I have P525_V3.29.0 WWE3
Can someone tell the difference between them it looks that the first one is newer but I am confused by the WWE which is newer
Thanks all
Click to expand...
Click to collapse
WWE means "world wide english".
First is 3.32, therefore, its newer.
Ingvarr
Thanks Buddy,
can you explain WW2 and WWE3 it seems that the latter is newer but the version V3.29 is older or is ment for different country
i wrote a new tool that you can use to read the rom image, it can be found at:
http://nah6.com/~itsme/bkondisk.zip
Code:
usage:
first copy bkondisk.exe to \windows on your device, then:
prun bkondisk [targetdir]
will save all partitions on all volumes in files on [targetdir]
prun bkondisk -v0 -p1 [targetdir]
will save a specific partition on [targetdir]
prun bkondisk -v0 -b0 -n1 \firstblock.img
will save the specified blocks to \firstblock.img
prun bkondisk -i
will only list disk info in the logfile "\bkondisk.log"
-v0 or -v1 to specify the volume
-p0, -p1, etc to specify a partition
-b0 etc to specify a starting block ( ignoring partioning )
-n32 specifies to read 32 blocks starting at the above block.
note: you DON'T need to put quotes around directories with spaces in it.
when no path is specified, files will be created in the root.
Thanks! I've got a couple of questions... it extracted the following files:
bk_00_0000.img
bk_02_0005.img
bk_03_0025.img
bk_06_0001.img
bk_08_0175.img
What do these files refer to (which one is the ROM, etc). Also, is there a way to write these backups back to the phone? It would be a great way to try out test roms and get back to my original T-Mobile ROM if necessary.
bk_00_0000.img - IPL : ONBL1 + ONBL2
bk_02_0005.img - GSM + splash + gsmdata + simlock + serialnrs
bk_03_0025.img - OS
bk_06_0001.img - SPL
bk_08_0175.img - userfilesystem
Is there a way to write them back to the phone? or is that not possible...
is it possible to get a .nbh files out of these files?
My idea would be to "glue" the 4 files together (bk_00 to bk_06) in one file, rename the file to RUU_signed.nbh and exchange the RUU_signed.nbh created by the RUU.exe in \Profiles\[user]\Local Settings\Temp\pftxx.tmp with this one and then run on the RUU.exe with the modified .nbh
for example in DOS:
copy /b bk_00_0000.img+bk_02_0005.img+bk_03_0025.img+bk_06_0001.img RUU_signed.nbh
Is it that simple?
EDIT:
Ok this easy way doesn't work.
RUU says "Error 238 - File read"
Maybe some kind of checksum is missing....
Three questions for itsme
1. Could these files be used to create a nbf file to flash from the sd card as a backup?
2. Would it be possible to modify sim/cid lock?
3. Are these files in raw (dump) format that could be edited in hex editor?
P.S. Thanks to your other posts (works) that helped me figure out the whole sd card flashing thing for the Dash.
Maybe this helps a little bit to get ideas.
I have been searching here for nights - this is what I found so far:
1. I think it's similar to the Hermes - nobody found a way till now - the first step is to modify a signed .nbh, deleting works but not adding a file:
Hermes - how to dump ROM
Hermes - new custom ROMs
Hermes - ROM cooking and Bootloader MFG 1.01
aChef ROM Utils
2. This is the way Imei-Check is CID-unlocking - investigated by pof:
Reverse Engineering the Herems imei-check unlocker
Maybe there is another way like Zone-MR is doing it for the Star100/Qtek 8500
Star100 Unlock procedure but here you have still to decryt/encrypt the block in my understanding and therefore you have to find out the key
3. I didn't find anything about this so far, but I think the information is anywhere at XDA-Developers
EDIT: here (nl)itsme wrote:
.... but i am still busy, have not had the time to look at creating a tool to convert a memdump to a updater file.
Click to expand...
Click to collapse
so I hope he will find the time to create this tool
P.S: @itsme and @pof: I also want to thank you very much - you are heroes!!!
mar11974 said:
1. Could these files be used to create a nbf file to flash from the sd card as a backup?
2. Would it be possible to modify sim/cid lock?
3. Are these files in raw (dump) format that could be edited in hex editor?
P.S. Thanks to your other posts (works) that helped me figure out the whole sd card flashing thing for the Dash.
Click to expand...
Click to collapse
I got different files ...
After running the tool I got :
bk_0__0000.img (IPL? Is it same as bk_00_0000.img?)
bk_02_0005.img (GSM + splash + gsmdata + simlock + serialnrs)
bk_03_0025.img (OS)
bk_06_0001.img (SPL)
bk_08_0185.img (?????)
I did not get bk_08_0175.img, though.
Hints?
On the other hand, is it possible to extract files out of IMG files?
Thanks.
I have a rom dump Part02.raw for HTC VOX. I want to get a proper OS.nb from that file. I don`t have original rom which Part02.raw came from.
My phone is cid and sim unlocked.
I was trying many tools with no effect.
I was using tadzio tools (ImgfsTools 2.1rc2.zip), but this gave me a not proper (about 40~mb, when it should be more than 62~mb) OS.nb which can not be flashed to device (system is not booting after flashing).
When using mamaich imgfs tools (imgfs_tools_182.rar) I get a "proper" OS.nb. I`m abble to flash it ok and phone boots ok, system is starting ok, cold boot is restarting phone ok, system starts ok again. But none of customization is done during cold boot and is missing. I get a plain vanilla rom on device. Looks like none of mxip_*******.provxml files are parsed during cold boot.
That`s not what I want, I want to get a identical copy of dumped rom (Part02.raw)
Everywhere I look, I find a tutorials for ppc not for sp. So I used them, with no luck, and I can`t find any help in Vox forum.
Q: What I did wrong? Why I didn`t get a PROPER flash? Is XIP has something to do with it?
(Part02.raw is from Orange Polish rom for Vox, RUU with rom can NOT be found enywhere. A donator OS.nb I took from HTC_Vox_ARA_1.27.415.4_4.1.13.47_02.98.90. A donator OS.nb is much much bigger than Part02.raw)
Help please.
(I was trying to flash Part02.raw back to phone with pdocwrite.exe but this tool says that partition cannot be found, strange, cos pdocread.exe is reading partition fine and makes dump to Part02.raw ok, so I think that IMGFS partition is somehow locked for writing)
I have seen this question asked a few times but nobody has been able to propose a solution.
How do you dump the first Splash screen and the Radio from the original untouched device? For example, I want to dump my Rogers Diamond's splash because there are no shipped ROMs that have it, and I'd like to restore it for warranty purposes.
Normally you would use pdocread, but I am unsure of the exact location in the flash.
This page gives you info on how to do it:
http://www.xs4all.nl/~itsme/projects/xda/about-doc.html
Thus, this is how I did it on the Elfin but obviously it's not going to work on the Diamond (likely a different DOC Flash type):
Code:
pdocread -S BK1G -n 1 -b 0x40000 -G 0x40000 0x00000 0x30000 MainSplash.nb
pdocread -S BK1F -n 1 -b 0x80000 -G 0x80000 0x00000 0x280000 Radio.nb
have you seen this:
http://forum.xda-developers.com/showthread.php?t=455347
he says its the rogers canada rom that he has dumped
LOL did you see who wrote that post?
and I only dumped the operating system.
idrisito said:
have you seen this:
http://forum.xda-developers.com/showthread.php?t=455347
he says its the rogers canada rom that he has dumped
Click to expand...
Click to collapse
dsixda said:
LOL did you see who wrote that post?
and I only dumped the operating system.
Click to expand...
Click to collapse
oh shi*!
i had a similar problemwith my dumped O2 UK ROM, never could find a solution.
but i was lucky i found a splash screen from a QVGA device that had the same screen so i just resized it to VGA, cant tell the difference.
may be you could find a similar solution
Radio can be extracted with QMAT if you have an unlocked device ... that's where I came unstuck ...
http://forum.revskills.de/viewtopic.php?f=10&t=56
Bump...
If anybody knows how to dump the splash screen would be greatly appreciated!
Q: What about the animated one right after the splash? Can that be saved as well?
isnt the animated one kept in the in the windows folder? i think so
yes indeed, the animated ones is kept in the \windows folder
For Rogers branded phones they are called startUp480x640.gif and shutDown480x640.gif respectively, and can be activited or deactivated through the registry (under HLKM\Software\HTC\HTCAnimation)
D0MZE said:
Bump...
If anybody knows how to dump the splash screen would be greatly appreciated!
Q: What about the animated one right after the splash? Can that be saved as well?
Click to expand...
Click to collapse
Code:
pmemdump 0xae000000 0x0100000 MainSplash.nb
Worked for me, Factory Rogers Diamond.
See this thread: post number 47
Hi guys.
I have a rooted DZ thas is acting up on me and i have decided to send it in for repairs.
Somehow i managed to lose my part7backup file. Am I out of luck or is there any way to return it to stock?
my carrier is Tele2 but they sell all their phones unbranded and unlocked if that is of any help.
Thank you in advance
PS. Im sorry for my bad english.
chriva said:
Hi guys.
I have a rooted DZ thas is acting up on me and i have decided to send it in for repairs.
Somehow i managed to lose my part7backup file. Am I out of luck or is there any way to return it to stock?
my carrier is Tele2 but they sell all their phones unbranded and unlocked if that is of any help.
Thank you in advance
PS. Im sorry for my bad english.
Click to expand...
Click to collapse
Search for the HTC RUU's. That should get you back to stock.
Also, wrong forum. Should have posted in General/Q&A.
bogdan5844 said:
Search for the HTC RUU's. That should get you back to stock.
Also, wrong forum. Should have posted in General/Q&A.
Click to expand...
Click to collapse
Thanks =)
Unfortunantly that did not work. i managed to restore my system and hboot to default, but i rooted my phone using the gfree method. that piece of software also change cid and som other stuff efter making a backup. somehow i managed to forget where i put that file.
You are not screwed without it.
You'll just have to use gfree to restore it back to the way it was.
First you need your original CID, which you can find with
Code:
dd if=/dev/block/mmcblk0p17 bs=1 count=8 2>/dev/null; echo
then you use gfree to restore s-on and your cid
Code:
./gfree -s on -c ORIG_CID
-Nipqer
Thanks
Thank you! Your an angel
Lets cross fingers and hope that ive done everything right before sending it in for repairs =)
Nipqer said:
You are not screwed without it.
You'll just have to use gfree to restore it back to the way it was.
First you need your original CID, which you can find with
Code:
dd if=/dev/block/mmcblk0p17 bs=1 count=8 2>/dev/null; echo
then you use gfree to restore s-on and your cid
Code:
./gfree -s on -c ORIG_CID
-Nipqer
Click to expand...
Click to collapse
Strange :S
All problems went away after doing a stock restore.
It had strange rebooting problems and sometimes it would not even enter hboot. The only way to get it runing was by pushing vol up + power and enter the msm debugmode, ripp the battery and then let it start normally.
Yes i tried ripping the battery before starting it again but the only thing that workes whas as i said.
Send it in?
Sent from my HTC Vision using XDA App
If its working fine I see no reason to send it in, maybe check which emmc chip you have first to help you decide (there is a bad batch of chips that are somewhat more prone to breaking)
Otherwise maybe try running a custom rom again and seeing if it decides to work now
-Nipqer
It works just fine. The question is why. I dont see why a custom rom would kill the phone just by moving it. Sometimes it worked fine, one day later it would die by picking it up from the table, retracting the keyboard etc. Ive checked the battery terminals and even tried another battery.
Its on its third day with stock rom. No problems so far :S
Sent from my HTC Vision using XDA App
Hi there,
My phone's (HTC vision from Orange) wifi & bt doesn't work anymore (says error and unable to load wifi driver) since 5 days at least.
After trying some roms (cyanogenmod 6 & 7, HTC stock rom, Orange stock rom)
and trying to find someone with the same problem without success, i have finaly given up and am going to send it back for warranty
but....
I lost my partition7 backup
thank to Nipqer, I have retrieved my original CID
but the ship seems to be stuck in S-OFF mode
I have done the gfree -s on command without success
even if the program seem to work properly, well at least I haven't read errors
here are the followings logs :
Code:
# ./gfree -s on
./gfree -s on
--secu_flag on set
Section header entry size: 40
Number of section headers: 44
Total section header table size: 1760
Section header file offset: 0x000138b4 (80052)
Section index for section name string table: 41
String table offset: 0x000136fb (79611)
Searching for .modinfo section...
- Section[16]: .modinfo
-- offset: 0x00000a14 (2580)
-- size: 0x000000cc (204)
Kernel release: 2.6.32.21-g132894e
New .modinfo section size: 204
Attempting to power cycle eMMC... OK.
Write protect was successfully disabled.
Searching for mmc_blk_issue_rq symbol...
- Address: c02adc44, type: t, name: mmc_blk_issue_rq, module: N/A
Kernel map base: 0xc02ad000
Kernel memory mapped to 0x40002000
Searching for brq filter...
- Address: 0xc02adc44 + 0x34c
- ***WARNING***: Found fuzzy match for brq filter, but conditional branch isn't
. (0xea000012)
Backing up current partition 7 and patching it...
Backing up partition /dev/block/mmcblk0p7 to /sdcard/part7backup-1326505037.bin
...
patching secu_flag: 1
Done.
# reboot bootloader
reboot bootloader
c:\android-sdk-windows\platform-tools>
Can someone explain the warning to me ?
Bootloader's phone display actually :
Code:
VISION PVT SHIP S-OFF
HBOOT-0.85.0010
RADIO-26.04.02.17_M2
eMMC-boot
Dec 27 2010,22:19:17
I used CyanogenMod's tutorial for rooting my vision
Everything was fine during the process (didn't fix my wifi & bt problems)
Can someone share me a part7backup ... or explain me what's going wrong (so I can find a way to fix the S-ON) please ?
thank you.
Aalaesar.
First off, don't ever share your part7backup. It is unique to your phone and contains your IMEI and other personal data.
Aalaesar, I think your problem is your radio version. From memory gfree requires a 26.03.xx.xx radio or lower. You should be able to easily downgrade with a radio from the official radio thread.
Also, if you didn't manage to change back to S-ON, you most probably don't have your original CID instead of SuperCID, so make sure you change that back.
-Nipqer
Thank you for the advice Nipqer.
Dowgrading the radio did the trick
I'm back in S-on.
Thank again.
Nipqer said:
If its working fine I see no reason to send it in, maybe check which emmc chip you have first to help you decide (there is a bad batch of chips that are somewhat more prone to breaking)
Otherwise maybe try running a custom rom again and seeing if it decides to work now
-Nipqer
Click to expand...
Click to collapse
I have M4G2DE, correct me if I´m wrong, but that means trouble, right?
I´ve read that I could dd the hboot before sending it in to make sure they wont find out that I have flashed custom roms, rooted etc. Is it a safe way to make sure they replace my mb under warranty?
It began again. this time with stock ROM :/
I´m sorry for my stupidity, This is my first Android phone so there is still much to learn
Thank you in advance
The M4G2DE does not mean trouble, just that there is a somewhat increased chance your phone will die.
If your phone is back to SHIP S-ON status, they shouldn't be able to know you rooted it.
I don't know if there's a way to be sure that they'll swap the mb, short of maybe bricking it nice and proper.
If you have an eng hboot I can give you a command to brick the phone (so long as your emmc is still working)
-Nipqer