Hey guys,
A few people contacted me recently to ask me if I could work on new Lg devices (namely gm730/gm750) to cook custom roms and/or adapt my lg kitchen. As you may imagine, working on new devices is not an easy thing, especially when you don't own one . It's also very time consuming and that's a resource that I really tend to lack these days.
Anyways, it's not my first experience in "blind cooking", so if enough people are interested, I'll do what I can to help you.
But of course, I need people who are not afraid of bricking their device (it's not likely to happen, but we never know, and this time, I can't test myself) to experiment a few things. I'll also need answers to a few questions, so that I understand what can be done exactly.
My plans are to work on the experimental part and publish a light rom if possible (it seems that many people would like a device crapware free ). When (/if) it's done, I'll upgrade the kitchen and release it so that you can all cook roms.
Donators: oktay555, eselcuker
FAQ: see post 2
FAQ:
* What is the flash procedure ? Does it use an emergency mode ? Can it flash dz files ?
Homero2 says that lgmdp seems to work (although he didn't manage to cook a rom that can boot).
* Are GM730/GM730e/GM730f roms compatible ? If no, does it brick the device, or does it simply refuse to flash the file ?
* What about GM735 ?
* And GM750 ?
GM750 and GM730 are not totally the same, as the GM750 has a flashlight (which means that at least 1 driver should be different). I think an unified rom won't be possible.
* Can I flash a WM6.5 GM730 rom (officially named v20) on any GM730(e/f) ?
As far as I know, when you flash a gm730 wm6.5 rom, you can't go back to wm6.1 rom. Don't know why though.
* Anything else I need to know ?
I have a GM730f from Telstra in Australia
Hi Spocky,
I have a GM730f from Telstra here in Australia - I originally purchased via ebay as I was taken with the form factor and the microUSB and I'm a fan of WM not iPhones.
I have already created 4 x default RAW files from the device as per itsutils and I'm more than happy to help
I am currently in discussion with LG locally about the WM 6.5 upgrade - although it appears that this is being provided by LG from their own AU website, this would appear to have been "delayed" by needing "approval" from Telstra (carrier) before release. Or at least that's what I have been told 2 weeks ago - even though I have already recieved and email from LG advising me that it was ready.....
I have expressed some *dis-satisfaction* with LG's upgrade process and I'm questioning why it could not simply be in the form of a simplt download ROM Update, run locally across existing ActiveSync connection - we'll see what get's released?
See - "lg gm730f 6.5 techagility" in google for my results so far
Any more news and I'll post here?
Cheers,
Dave
sure GM730 != GM750
GM750 have a flashlight on behind and micro-SD position are different
Thanks for the info, I updated the faq.
@David Caddick : could you tell me the name of the rom that was downloaded by lg's updater ? (it should be somewhere in your document & settings" folder).
LG's BS Updater....
Hi Spocky,
That's what I'm getting at - this thing is crap...
There is nothing except this in the %ProgramData% folder - but do bear in mind that I have run this from a Windows 7 x64, but I appear to be getting the same thing from an XP Pro?
Directory of C:\ProgramData\LGMOBILEAX
13/12/2009 01:56 PM <DIR> .
13/12/2009 01:56 PM <DIR> ..
28/07/2009 07:30 AM 47,048 B2BLGMLauncher.exe
19/01/2010 10:06 PM <DIR> B2B_Client
19/01/2010 10:12 PM <DIR> B2C_Client
13/12/2009 01:56 PM <DIR> image
13/12/2009 01:56 PM <DIR> Language
15/01/2010 05:24 AM 59,328 LGMLauncher.exe
2 File(s) 106,376 bytes
Directory of C:\ProgramData\LGMOBILEAX\B2B_Client
19/01/2010 10:06 PM <DIR> .
19/01/2010 10:06 PM <DIR> ..
24/06/2009 07:28 AM 210,888 B2BAppUninstall.exe
15/01/2010 05:10 AM 939,968 B2BCheckApp.exe
04/05/2006 08:33 AM 53,248 CommonDL.dll
19/11/2009 08:28 AM 90,112 LGMobileDL.dll
06/10/2009 07:12 AM 24,576 LGMobileDLRapi.dll
15/01/2010 05:08 AM 499,712 LGMUpgradeDL.dll
19/01/2010 10:06 PM <DIR> LiveUpdateAgent
24/06/2009 02:40 AM 571 RA.kdz
24/06/2009 02:40 AM 49,228 RC.kdz
8 File(s) 1,868,303 bytes
Directory of C:\ProgramData\LGMOBILEAX\B2B_Client\LiveUpdateAgent
19/01/2010 10:06 PM <DIR> .
19/01/2010 10:06 PM <DIR> ..
02/01/2010 07:54 AM 124,880 B2BFileUpdateAgent.exe
1 File(s) 124,880 bytes
Directory of C:\ProgramData\LGMOBILEAX\B2C_Client
19/01/2010 10:12 PM <DIR> .
19/01/2010 10:12 PM <DIR> ..
04/11/2009 04:57 AM 206,792 B2CAppUninstall.exe
15/06/2009 07:21 AM 182,208 B2CNotiAgent.exe
19/11/2009 08:28 AM 90,112 LGMobileDL.dll
06/10/2009 07:12 AM 24,576 LGMobileDLRapi.dll
15/01/2010 05:08 AM 499,712 LGMUpgradeDL.dll
15/01/2010 05:24 AM 1,038,272 LGUserCSTool.exe
24/06/2009 02:40 AM 571 RA.kdz
24/06/2009 02:40 AM 49,228 RC.kdz
8 File(s) 2,091,471 bytes
Directory of C:\ProgramData\LGMOBILEAX\image
13/12/2009 01:56 PM <DIR> .
13/12/2009 01:56 PM <DIR> ..
19/01/2010 10:12 PM 76 dot.gif
19/01/2010 10:12 PM 483 footer.gif
19/01/2010 10:12 PM 67 header_bg.gif
19/01/2010 10:12 PM 1,799 header_logo.gif
19/01/2010 10:12 PM 699 icon_information.gif
19/01/2010 10:12 PM 709 icon_question.gif
19/01/2010 10:12 PM 724 icon_stop.gif
19/01/2010 10:12 PM 10,263 main.jpg
19/01/2010 10:12 PM 2,214 process_line.gif
19/01/2010 10:12 PM 5,753 write_phone_error.gif
10 File(s) 22,787 bytes
Directory of C:\ProgramData\LGMOBILEAX\Language
13/12/2009 01:56 PM <DIR> .
13/12/2009 01:56 PM <DIR> ..
19/01/2010 10:12 PM 33,989 lang.opt
1 File(s) 33,989 bytes
Cheers,
Dave
Output from ITSUTILS for GM730
So just to carry on a bit
Output from itsutils:
pdocread -l gives...
449.63M (0x1c1a0000) DSK1:
| 1.62M (0x19f000) Part00
| 3.13M (0x320000) Part01
| 121.25M (0x7940000) Part02
| 323.63M (0x143a0000) Part03
3.79G (0xf2e00000) DSK2:
| 3.79G (0xf2a00000) Part00
STRG handles:
handle#0 efbc29ca 3.79G (0xf2a00000)
handle#1 0ff1f93a 323.63M (0x143a0000)
handle#2 4ff66b0e 121.25M (0x7940000)
handle#3 2ffb2026 3.13M (0x320000)
handle#4 cffb204a 1.62M (0x19f000)
disk efbc29ca
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 0ff1f93a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 4ff66b0e
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 2ffb2026
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk cffb204a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
You said in your blog that it's downloading a 107Mb file before flashing. I assume that this file is somewhere in this folder.
Then, just before flashing, this kdz file should be extracted to a .dz file. Perhaps it's removed and the end of the flash procedure.
I hope 4pda.ru people can tell us more (they seem to know how to get/extract/flash a dz file).
spocky12 said:
Perhaps it's removed and the end of the flash procedure.
Click to expand...
Click to collapse
You're right.
To extract dz need LG-utils http://www.assembla.com/spaces/ks36...eJe5afGb/download?filename=LG-Utils-0.4.2.zip and firmware kdz.
And there is one problem - had to sew a lot of phone. As a result, we have three dead phone. In all phones replaced mainboard. The research results show a definite trend - but it is not accurate. Whether the body dies from a large number of attempts to ask, either from a large number of firmware for a small period of time, for example, for a couple of hours - 15 attempts flashing.
Hello, am Homero of the forum clublgmobile.com.
We have done some local flash evidence for the GM750 (Layla) and, you remark that have achieved it.
We use the program LGMDP EURO, admits firmwares in format DZ and DZ decompressed (mbn, bin)
I cooked a ROM but it did not work, all the phone number LG you can recover after a brick, this is done with the B2C-Utill in Emergency Mode.
To cook used the kitchen of a Toshiba, but without resulted positives, since it am doing blindly
Spocky12, you thank a lot the effort that are doing, and you understand, since I am not owner of a GM750, have a Viewty and an ARENA.
spocky12
Hello! I'm from 4pda.ru. What do you need to help?
(Bonjour! Je suis de 4pda.ru. Comment peux-moi t'aider?)
@derspy: I don't know the reason why some phones were bricked, but I'm pretty cofident in the fact that they can resist a lot of flashes. I spent nights flashing my ks20 (up to 15 times). And I think made more than 1 flash per day for 15 monthes.
@Homero: can you confirm that lgmdp works to flash a dz file on gm750 (possibly gm730) ? Did you try to only extract a kdz and flash the resulting dz in lgmdp ? Did it work ? You also say that you can recover a "bricked" phone in emergency mode. That's a good news. Could you give us a download link for the driver that you used to connect the gm750 to lgmdp ? And the full procedure to go in emergency mode and flash ?
@rus-expert: Could you answer the questions from the faq please (2nd post) ? I need to know about devices rom compatibility (gm730/e/f/735) and the best procedure to flash a dz (seems that lgmdp still works on gm750, so I guess gm730 should work too) (I think the best procedure would be in emergency mode, so that we can recover from bad flashes and that it's not dependent on a driver in windows mobile.). I also read on 4pda that when you flash a wm6.5 official rom (v20), then you can't go back to wm6.1. Is that a problem of phone dectection in your flash tool ? Is the problem also visible in emergency mode ? Is that only that the phone is not recognised by windows anymore (driver problem) ?
I need answers to those questions so that
- I choose on which rom I'll base my work (to have the most recent one for the largest number of phones)
- we can use a standard procedure to flash the phones of the few people who will test experimental roms.
Thanks
spocky12 said:
@derspy: I don't know the reason why some phones were bricked, but I'm pretty cofident in the fact that they can resist a lot of flashes. I spent nights flashing my ks20 (up to 15 times). And I think made more than 1 flash per day for 15 monthes.
Click to expand...
Click to collapse
That is such a bad feature of the GM730.
lgmdp not working for gm730. Flashing DZ with lgmdp2, KDZ - LG-utils or KDZ_FW_UPD. 730 may flash in 730e or 730f, but the back is not flashing, as well as 730e to 730f and f to e.
Just after 20 flashing can not go back to 10, phone flashing ok, but does not work. When flashing firmware 20 something changes in the NAND (judging by the logs flasher).
flashing V10 firmware:
[00:10:56:053] : Pre Nand Download
[00:10:56:053] : >>Set Trusted Mode [DLOAD_NAND_SEC_MODE] sec_mode = 1 (1=trusted 0=NonTrusted)
[00:10:56:069] : >>NandFlashInitWithFile(PARTITION TBL)
[00:10:56:100] : >>INITIALIZING AMSS (RAM)
[00:10:56:100] : >>Get Parameters [DLOAD_LGE_SUB_GET_PARAM_CMD]
[00:10:56:100] : WM_COPYDATA ёЮЅГБц єёії 3 - GET PARAMS
[00:10:56:100] : >> AMSS RAM INIT
[00:10:56:100] : [ DLOAD_LGE_SUB_RAM_NEW_INIT ]
[00:10:56:116] : ZI REGION : 125820848 bytes
[00:10:56:116] : >>Dl_AsyncWrite()
[00:10:56:116] : >> AMSS FLASHING ...
flashing V20 firmware:
[22:14:23:281] : Pre Nand Download
[22:14:23:281] : >>Set Trusted Mode [DLOAD_NAND_SEC_MODE] sec_mode = 1 (1=trusted 0=NonTrusted)
[22:14:23:296] : >>NandFlashInitWithoutFile(PARTITION TBL)
[22:14:23:296] : >> Check BCPL Status ...
[22:14:23:328] : >> BCPL On ...
[22:14:23:328] : BCPE ...
[22:14:23:328] : >> BCPL Unlocked ...
[22:14:23:328] : >> Check BCPL Status ...
[22:14:23:359] : >> BCPL Off ...
[22:14:23:359] : _NandDownload(QCSBL HEADER)
[22:14:23:359] : 1, 1
[22:14:23:359] : >>NandFlashInitWithoutFile(QCSBL HEADER)
[22:14:23:359] : >>NandFlashWrite QCSBL HEADER
[22:14:23:375] : WM_COPYDATA ёЮЅГБц єёії 3 - FINALIZE
[22:14:23:406] : _NandDownload(QCSBL)
[22:14:23:406] : 1, 1
[22:14:23:406] : >>NandFlashInitWithoutFile(QCSBL)
[22:14:23:406] : >>NandFlashWrite QCSBL
[22:14:23:625] : WM_COPYDATA ёЮЅГБц єёії 3 - FINALIZE
[22:14:23:656] : _NandDownload(OEMSBL)
[22:14:23:656] : 1, 1
[22:14:23:656] : >>NandFlashInitWithoutFile(OEMSBL HEADER)
[22:14:23:656] : >>NandFlashWrite OEMSBL
[22:14:24:718] : WM_COPYDATA ёЮЅГБц єёії 3 - FINALIZE
[22:14:24:765] : _NandDownload(OEMSBL)
[22:14:24:765] : 1, 1
[22:14:24:765] : >>NandFlashInitWithoutFile(OEMSBL HEADER)
[22:14:24:765] : >>NandFlashWrite OEMSBL
[22:14:25:812] : WM_COPYDATA ёЮЅГБц єёії 3 - FINALIZE
[22:14:25:859] : >>INITIALIZING AMSS (RAM)
[22:14:25:859] : >>Get Parameters [DLOAD_LGE_SUB_GET_PARAM_CMD]
[22:14:25:859] : WM_COPYDATA ёЮЅГБц єёії 3 - GET PARAMS
[22:14:25:875] : >> AMSS RAM INIT
[22:14:25:875] : [ DLOAD_LGE_SUB_RAM_NEW_INIT ]
[22:14:25:875] : ZI REGION : 125820848 bytes
[22:14:25:875] : >>Dl_AsyncWrite()
[22:14:25:875] : >> AMSS FLASHING ...
20 firmware unpacking dz-de .... consists of many parts flash.bin (flash.bin_00 and so on) and assembled from these parts flash.bin not unpacked in your last kitchen.
Firmware from GM735 normal and properly unpacked as well as 730 based on WM 6.1
Ok, we've broken some GM750 and when I recovered, it is good for LG
The LGMDP works. is the official program of technical maintenance. but it only works with DZ or BIN, KDZ format is no problem.
The method I do is replace the file FLASH.bin by cooking.
This is the structure of a firmware BIN
amss.mbn
amsshd.mbn
apps.mbn
appsboot.mbn
appsboothd.mbn
FLASH.bin
fwua.mbn
oemsbl.mbn
oemsblhd.mbn
partition.mbn
qcsbl.mbn
qcsblhd_cfgdata.mbn
Here you will find a manual in Spanish, my problem is I do not speak English and I use Google to translate, but I fear that translate an entire manual does not do well and this would be unreadable
http://www.clublgmobile.com/foro/(ku990)-firmware-y-hacks/flasheo-normal-y-de-emergencia-7241/
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
The image belongs to a Flash for the KU990 but Layla is similar.
This is the basic method, but if all LG brick can be placed in a state of well Emergency_Download and retrieval.
I remain at your disposal for anything you need, in clublgmobile.com have a few users who are willing to brick their phones, I have learned and know to recover a smooth brick
PD:
I have lots of experience with the Viewty an ARENA, but with Win. I am a rookie.
EDIT:
MSFLSH50 I was looking for FLASH.bin, what I found in two different positions.
0x121A8F> MSFLSH500
0x4D32F3> MSFLSH50
EDIT 2:
Service Manual GM750
Read from page 156, explains the methods and tools needed flash
I have a new LG GM750 in German and would like to change it to English. Does any of you have the way to change the ROM to a customize one or perhaps an orginal one from UK for example. I will appreciate your comments, [email protected]
Flasher for .KDZ KDZ_FW_UPD (requires official B2C Client http://csmg.lgmobile.com:9002/client/app/B2CAppSetup.exe )
LGMDP2 with dll, driver and manual http://www.mediafire.com/?gmkyw31zmky
LG GM730 Service Manual http://www.mediafire.com/?j3mkmmlzmqt
There has to be a way to make gm730 work with lgmdp :
- As Homero2 said, gm750 works with it and it's almost the same phone.
- the gm730 service manual shows that it's the tool used by support service.
Homero2, could you please give us the link to the driver used by those who tried to flash your rom on lpmdp ?
Dear spocky12,
First of all thanks a lot for your effort on this subject.
I will share all we (Turkish GM735 users) know about EIGEN (GM730-GM730E-GM730F-GM735) and LAYLA (GM750) tonight. We coluld find most of things from Russian (4pda.ru) and Spanish (clublgmobile.com) forums and its so good to see that dear friends here.
*************************************************************************************************************************
I saw that there are a few methods for flashing Eigen and Layla.
One of is the same as KS20's flashing tool LGDMP.
The new version of LGDMP (1.6) supports GM730 and GM750. But I couln't flash my GM735 with LGDMP. The program could see my device and connect but couln't open "select image" or "download" page (however we see that "LGMDP is service tool" as written in GM730 service manual). But saw that GM750 can be flashed by LGDMP (http://4pda.ru/forum/index.php?showtopic=153281&st=0#entry3830967).
One of is at @derspy 's post (KDZ_FW_UPD)
Another method (LGDP2); (I tried but get an error "monitor")
http://hotfile.com/dl/25756373/0e5137e/GM730_LGDP2_method.rar.html
And another one is LG_Utils (@derspy said that it works on GM730)
http://hotfile.com/links/25894919/cbc9369/LG_Utils.rar
You may know but I share links about GM730 - 750
http://4pda.ru/forum/index.php?showtopic=140987
http://4pda.ru/forum/index.php?showtopic=143311
http://4pda.ru/forum/index.php?showtopic=153281&st=0#entry3830967
http://4pda.ru/forum/index.php?showtopic=152617&st=0&#entry3812972
http://www.clublgmobile.com/foro/(gm750)-tutoriales-manuales/drivers-y-manual-servicio/
And last, one of our friend try to flash his device (GM735) with this (http://www.mediafire.com/?o3rq54yennj) tool (I think this tool is for Incite). He could flash this rom http://www.mediafire.com/?whoa2nymywl (ROM_5.2.21815_Build_21815.5.0.50_WWE custom wm6.5 for GM730) but his device didn't open. He took the device to service and learnt that they will change the main-board under warranty (service couln't understand "illegal use").
Sorry about poor English...
This is the latest firmware for Spain
Layla_GM750_DZ_VF_Spain_V10f_NOV
This is the LGMDP 1.6
LGMDP_EURO_Ver_1_6_Build_2_4.rar - 1.83MB
This is the driver
LGSPUSBDriver_Eng_Ver_2.0.zip
Sorry the previous driver is invalid for flash, is this another, but the program LGMDP alone it detects in Emergency Mode
http://csmg.lgmobile.com:9002/swdata/USBSW/GSM/EG/LGUSBModemDriver_WHQL_ML_Ver_4.9.6_All_091203.zip
thanks for your support spocky12. we are waiting... (LG GM735)
Related
Hi!
I need your help!
I have an Airis T620 PPC, the official patch from the manufacturer's site for WM5 bricked my PPC.
The AirisT620 is a MIO P550 clone, and I've downloaded the WM5 ROM for Mio P550 (MioP550 - Osc260A R05_P09.nb0) and I've intalled it succesfully on my AIRIS.
BUT, I'd like to dump the WM5 of my friend's AIRIS to a *.nb0 file to upload to my PPC. I've downloaded itsutilsbin-20070705.zip and created a RAW image.
Here's the list of the Parts:
C:\itsutils>pdocread -l
127.00M (0x7f00000) SMFLASH
| 1.12M (0x11fc00) Part00
| 1.88M (0x1e0000) Part01
| 26.63M (0x1aa0000) Part02
| 97.38M (0x6160000) Part03
976.50M (0x3d080000) DSK1:
| 976.38M (0x3d061600) Part00
STRG handles:
handle 63d1c926976.38M (0x3d061600)
handle a3f5081e 97.38M (0x6160000)
handle a3f5012a 26.63M (0x1aa0000)
handle 23f50106 1.88M (0x1e0000)
handle c3f74f2a 1.12M (0x11fc00)
disk 63d1c926
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk a3f5081e
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk a3f5012a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 23f50106
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk c3f74f2a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
I used this to create the RAW image:
Pdocread -w -d SMFLASH -p Part02 0x0 0x1aa0000 Part02.raw
If I try to make an *.nb0 directly I get the following error message:
C:\itsutils>pdocread 0 0x1aa0000 asd.nb0
CopyTFFSToFile(0x0, 0x1aa0000, asd.nb0)
ERROR: ITReadDisk : read 00000000 bytes - A device attached to the system is not
functioning.
How can I convert the raw to nb0, or how can I dump the ROM directly to nb0?
Thank you for your help!
Hi again!
I tried several methods during the weekend. All failed somewhere.
First I tried to dump the OS to hex.
C:\itsutils>pdocread -h 0xc3f0518e 0x0 0x1aa0000 OS.nb
The error message was:
CopyTFFSToFile(0x0, 0x1aa0000, OS.nb)
ERROR: ITReadDisk : read 00000000 bytes - A device attached to the system is not functioning.
the itsutils.log said:
ERROR: DeviceIoControl(FL_IOCTL_READ_SECTORS) - A device attached to the system is not functioning.
than I tried:
C:\itsutils>pdocread.exe -n 2 0x0 0x1aa0000 OS.nba
error:
ERROR: ITTFFSGetInfo - A device attached to the system is not functioning.
WARNING: using default 512 bytes for sectorsize
CopyTFFSToFile(0x0, 0x1aa0000, OS.nba)
ERROR: ITReadDisk: outbuf==NULL
- A device attached to the system is not functioning.
after that I tried using bkondisk, and bksamsungflash:
C:\itsutils>prun bkondisk -i
in the bkondisk.log:
ERROR: kioctl(FLASH, init1) - The network request is not supported.
error initializing flash
bksamsungflash gives the same error in its log
And my last try was:
C:\itsutils>Pdocwrite -w -d SMFLASH -p Part02 Part02.raw 0x0 0x1aa0000
CopyFileToTFFS(Part02.raw:0, 0, 01aa0000)
and the last error message was:
ERROR: ITWriteDisk - The media is write protected.
How can I acquire the D-O-C password for my PDA?
Anyone has any ideas how to step further?
P.S.
The policies in HKLM\Security\Policies\Policies\00001001 is set to dword '1'
And I think my PPC is missing the IOCTL Api, how can I install it on my PPC?
Is it more simple using SPB backup.. say backup a good version of the system (without PIM) and flash over?
Hi myc!
Yes, I am using SPB backup to backup my personal files, but in this case I need to acquire the operating system of my PDA, witch can't be done with SPB backup.
Hi! (For borisbme Szia!)
Here I summarize my experiences with T620.
NOTE: with flashing you can easily have an expensive paperweight. I'm not an experienced rom cooker, with the below things you will risk that you make your device a brick. Try this at your own risk!
First take a look at the MioP550 - Osc260A R05_P09.nb0 file. The header structure seems to be rather straightforward.
0x00: "Pocket_PC_2005" \x00 \x00 \x00
0x10: 4 bytes : offset of the 1st section
4 bytes : length of the 1st section
4 bytes : checksum
4*'\x00'
0x20: "MS_IPL" som '\x00's
0x30: 4 bytes : offset of the 2nd section
4 bytes : length of the 2nd section
4 bytes : checksum
4*'\x00'
0x40: "OS_IMAGE" some '\x00's
0x50: 4 bytes : offset of the 3nd section
4 bytes : length of the 3nd section
4 bytes : checksum
4*'\x00'
0x60: "UBOOT" some '\x00's
I believe the 1st secion is the update loader , the 2nd is the actual update in MSFLSH50 format (-acer type) and the 3rd is UBOOT update.
Let's not touch the IPL and UBOOT section for a while ;-)
Based on the above information you can split the image into 3 parts and change the OS_IMAGE part.
I noticed that the checksum is for verification purpose but it does not prevent the flashing of an image with wrong checksum. I learned that because I changed the checksum to FFFFFFF to see how flashing reacts, but after a few "Bad checksum, press any key" messages I accidentally flashed my T620 with the above P550 ROM :-(
Let's look at the OS_IMAGE part.
If you want quick dump, you can try prepare_imgfs "saved OS_IMAGE file" -n -acer and view_imgfs , but you can further decompose the file.
I wrote it's "-acer" type, because it has 512 bytes sectors padded with 8 extra bytes. If you remove the padding then you have a clean MSFLSH50 file you can manipute with msflshtool.
Here I can see some difference between the P550 and T620. The 1st sector is the MBR and the partition sizes are different for the 2 device. The 2nd sector is still MSFLSH50 header, I don't know the structure, so would not change that. My assumption was, that it the file sizes are the same, it would not hurt to replace parts ;-)
One can go further with the P550 partition sizes and change T620 dumps to fit into it.
With the following little python script you can split the OS_IMAGE into parts. Do not comment the code , I not a skillful coder;-)
Code:
from binascii import hexlify
from struct import unpack
parts = (("part00",0x8FE),("part01",0xF00),("filler",0x200),("part02",0xD500))
infile = open("OS_IMAGE.dat","rb")
## MBR
mbr=open("mbr.dat","wb")
data = infile.read(520)
mbr.write(data)
mbr.close()
## HDR
hdr=open("hdr.dat","wb")
data = infile.read(520)
hdr.write(data)
hdr.close()
for (part,size) in parts:
print "Extract part ",part
ofile = open(part+".dat","wb")
for i in range(0,size):
data = infile.read(512)
marker = infile.read(8)
ofile.write(data)
ofile.close()
print "Extract rest"
ofile = open("rest.dat","wb")
while True:
data = infile.read(512)
if len(data) == 0:
break
marker = infile.read(8)
ofile.write(data)
ofile.close()
part00 corresponds to the "pdocread" dumped part00 ( I guess it's the bootloder)
part01 corresponds to the "pdocread" dumped part01 ( I guess it's the kernel partition)
part02 corresponds to the "pdocread" dumped part02 ( It is the IMGFS OS image )
With the following little python script you can combine back the parts into a "new" OS_IMAGE you can use to replace the corresponding part in the ".nb0"
Code:
from binascii import hexlify
from binascii import unhexlify
from struct import unpack
from struct import pack
parts = (("part00",0x2,0x8FE,"fdfffbff"),("part01",0x900,0xF00,"fdfffbff"),("filler",0x0,0x200,"fffffbff"),("part02",0x1800,0xD500,"fffffbff"))
outfile = open("NEW.dat","wb")
## MBR
mbr=open("mbr.dat","rb")
data = mbr.read(520)
outfile.write(data)
mbr.close()
## HDR
hdr=open("hdr.dat","rb")
data = hdr.read(520)
outfile.write(data)
hdr.close()
for (part,start,size,mark) in parts:
print "Combine part ",part,start,size
ifile = open(part+".dat","rb")
for i in range(0,size):
data = ifile.read(512)
if data == '':
print "Less data"
data = '\xff'*512
if(data == '\xff'*512):
marker = unhexlify('ffffffffffffffff')
else:
marker = pack("<L",start+i)+unhexlify(mark)
outfile.write(data)
outfile.write(marker)
ifile.close()
print "Combine rest"
ifile = open("rest.dat","rb")
while True:
data = ifile.read(512)
if len(data) == 0:
break
marker = unhexlify("ffffffffffffffff")
outfile.write(data)
outfile.write(marker)
ifile.close()
outfile.close()
The part00 and part01 is smaller in case of T620 with 0x100*512 bytes compared to P550. Add some '\FF\s to have the same size.
The part02 is bigger in case of T620, but the end of it is full of zeroes. Remove some zeroes to have the same size.
If you bring T620 dumped files to same size, you can replace those parts, combine back to OS_IMAGE and replace that part in the .nb0
The part02 can be fully edited with imgfs tools.
The part00 and part01 has SRPX signature, so you can use SRPX2XIP and then xipport or dumprom to check the content.
The .nb0 got this way can be flashed using DNW.
The next step would be the cooking ;-)
With imgfs tools you can easily remove/add packages. The unfortunate thing is that if you change AKU level then you might have to modify the 2 XIP parts as well. I have no experience with that (so far).
Also for porting WM6 it would be really good the have the pdocread dump of the P560 partitions ;-)
Hope this helps a little bit for proceeding with T620/P550 cooking/porting.
NOTE: with flashing you can easily have an expensive paperweight. I'm not an experienced rom cooker, with the above things you risk that you make your device a brick. Try this at your own risk!
Wowww!!
This post is really Interresant !
I have a mio p550, and i have an mio p560 dump !
Anyone can help me how to port the mio p560 rom to my p550 rom ??
great thanks !!!
Airis T620 Raw files
Hi,
I've dumped my ROM, and now I have the raw files. Can anyone tell me how to convert them back into a usable ROM? Thanks in advance.
Hi guys,
I just tried out the HTC Touch Pro, aka Raphael today.
it is seemly blazing fast as compare to HTC Diamond/Victor...
I have also found out it has a newer radio as compare to the 1.00.25.3 that we are having on Diamond.
Here are some photos, i will add in the snapshots later of the os later...
here's the link to the dump for part00.raw to part02.raw:
http://www.fs2you.com/files/a58787a1-4e64-11dd-a84e-00142218fc6e/
Guys, thanks for the mirrors. Hope the dump is useful one way or another.
Once i have the pre-release version of the rom, i will upload it. but might takes weeks to months before i can get my hands on it.
http://www.filefactory.com/file/062f...M (00to02).zip
http://www.zshare.net/download/15042237a31e9b75/
http://www.mediafire.com/?yybn0wtzgtm
what's the OS build in this one?
C:\Diamond>pdocread.exe -l
457.50M (0x1c980000) DSK1:
| 3.12M (0x31f000) Part00
| 4.38M (0x460000) Part01
| 109.50M (0x6d80000) Part02
| 340.50M (0x15480000) Part03
STRG handles:
handle 6fdd38da340.50M (0x15480000)
handle afeac736109.50M (0x6d80000)
handle 4feac712 4.38M (0x460000)
handle efeac6ca 3.12M (0x31f000)
disk 6fdd38da
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk afeac736
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 4feac712
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk efeac6ca
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Dumped Completed. But I am not sure i can release this dump since there is HTC Debugs tools in them.
htctouchp said:
what's the OS build in this one?
Click to expand...
Click to collapse
wow, you are fast.
give me a minute here.
i am still dumping the rom.
i will attached the screenshots laters, with device info and windows version. btw, its not retail version.
a screenshot of the bottom edge (like the last screenshot above) but side by side would be great, just to compare the depth differneces. ROM and radio versions would be good too!
@ruffruff:
It'd be nice if you could post the dumps on mediafire.
I guess the radio should be compatible with the Diamond's since it's basically the same hardware; did anybody find out how to dump / flash radios on the diamond yet?
vlad69uk said:
a screenshot of the bottom edge (like the last screenshot above) but side by side would be great, just to compare the depth differneces. ROM and radio versions would be good too!
Click to expand...
Click to collapse
is this the one you are looking for?
btw, i apologised for my poor, lousy photo taking (taken with Nokia N82)
I must have one, is there possibility to buy raphael somewhere.
adwinp said:
@ruffruff:
It'd be nice if you could post the dumps on mediafire.
I guess the radio should be compatible with the Diamond's since it's basically the same hardware; did anybody find out how to dump / flash radios on the diamond yet?
Click to expand...
Click to collapse
hi adwinp,
mediafire will be out of the question as i am in a part of the world where mediafire seems to in-accessible to me. i will try to find a space to upload the parts.
but, is the rom useful in anyway? and which parts are the useful ones? sorry as i am no cooker, just learn to dump roms.
ruffruff said:
is this the one you are looking for?
btw, i apologised for my poor, lousy photo taking (taken with Nokia N82)
Click to expand...
Click to collapse
Perfect, that's just what i was looking for, thanks ruffruff
ruffruff said:
hi adwinp,
mediafire will be out of the question as i am in a part of the world where mediafire seems to in-accessible to me. i will try to find a space to upload the parts.
but, is the rom useful in anyway? and which parts are the useful ones? sorry as i am no cooker, just learn to dump roms.
Click to expand...
Click to collapse
Part00.raw, Part01.raw and Part02.raw
If you have an FTP I can mirror it for you.
hi ruffruff.. eagerly waiting for you to post the rom so we all can port to our devices
ruffruff said:
wow, you are fast.
give me a minute here.
i am still dumping the rom.
i will attached the screenshots laters, with device info and windows version. btw, its not retail version.
Click to expand...
Click to collapse
Love if you could post the radio, current one on Diamond is really poor.
adwinp said:
Part00.raw, Part01.raw and Part02.raw
If you have an FTP I can mirror it for you.
Click to expand...
Click to collapse
i am uploading the parts onto a fs2you.com
btw, i am uploading the entire thing ...
maybe i shouldn't. i will upload part 00 to part 02 as requested.
stay tuned but be patient as my connection ain't that fast.
fs2you is slow
If mediafire isn't available for you, I'd recommend filefactory, zshare or badongo.
You can compress with 7zip (lzma achieves better compression than rar, zip)
adwinp said:
fs2you is slow
If mediafire isn't available for you, I'd recommend filefactory, zshare or badongo.
You can compress with 7zip (lzma achieves better compression than rar, zip)
Click to expand...
Click to collapse
Hi bro,
I have uploaded the files to
http://www.fs2you.com/files/a58787a1-4e64-11dd-a84e-00142218fc6e/
I will try your recommendations when i get home.
but in the mean time, please bear with the speed on fs2you.com
one other thing is that, this is not a retail rom.
hopefully it will be useful for the cookers in the xda community.
or else, i will be making a fool of myself and going through meanless hassle to upload the rom
Thanks for the effort.
You are of course encouraged to post any updates.
^.^
ty so much ruffruff, looking forward for some great cooker to combine the advantage from this rom to our DIAMOND rom
If anyone manages to download this, plz upload it to mediafire, badongo, filefactory or zshare.
fs2you breaks the connection after a few Mb's.
adwinp said:
If anyone manages to download this, plz upload it to mediafire, badongo, filefactory or zshare.
fs2you breaks the connection after a few Mb's.
Click to expand...
Click to collapse
uploading to mediafire 22 minutes remaining
Hi to all the Samsung experts, I currently have a Samsung i900 and am looking for a way to extract my rom and create a flashable format. I have used pdocread to extract 3 .raw files but am not sure how to proceed from here. Can anyone advise? Thanks.
Hoping that the i780 istruction can be used for the omnia, the relevant posts are here..
http://forum.xda-developers.com/showpost.php?p=2237280&postcount=10
http://forum.xda-developers.com/showthread.php?t=393490
Thanks, I have read those threads, problem is you apparently need a flashable .bin to start with which in this case I do not so am looking for a way to use the .raw files only. Do you know if that is possible?
efjay said:
Thanks, I have read those threads, problem is you apparently need a flashable .bin to start with which in this case I do not so am looking for a way to use the .raw files only. Do you know if that is possible?
Click to expand...
Click to collapse
No you don't need the bins, you can start from the raw files.
Just look at the famusc kitchen and read the included instructions.
Ok here is a way to dump the nb file and then dump its contents.I have already done that, including xip
Use itsutils and following command in dos window :
psdread -1 0 0xDISKSIZE os.nb
Then use imgfs tools or tazio tools to dump, and further processing.
We need now how to flash back the custom os.nb to omnia
still searching for sd card flashing combinations
@The Solutor: I have read the famusc kitchen docs and it explicity states you need an existing .bin PDA rom. However there are a few commands in there that may be worth checking out.
@hdubli: I will try the command you suggested later today. What are the tazio tools? And dont Samsung phones use .bin files to flash rather than .nb?
You don't need the bin.
Here step by step:
- Downlad and install the kitchen
- Copy Part02.raw into the kitchen folder
- Open cmd and type: ImgfsToDump Part02.raw (This will create dump folder)
- Execute RecreateBin.exe
You got your bin file!!!!
mievalt said:
You don't need the bin.
Here step by step:
- Downlad and install the kitchen
- Copy Part02.raw into the kitchen folder
- Open cmd and type: ImgfsToDump Part02.raw (This will create dump folder)
- Execute RecreateBin.exe
You got your bin file!!!!
Click to expand...
Click to collapse
Do you mean RecreateBin.bat? There is no RecreateBin.exe and looking at the contents of the .bat file I dont think it will work as it makes reference to i780 files which I dont have and most likely wont work with the Omnia.
imgfsfromdump imgfs_raw_data.bin new_imgfs.bin
del imgfs_raw_data.bin
ren new_imgfs.bin imgfs_raw_data.bin
make_imgfs i780.nb0.payload.body -nosplit
merge i780.nb0.payload.header i780.nb0.payload.body i780.nb0.payload
nbmerge -data 2048 -extra 8 i780.nb0 -conservative
yes it is the .bat file sorry.
I780 should just be name of the files that you get at the end...
I can't say if it works you just have to give it a try...
But that would be the way we do it with our i780 roms...
Try and report. You should get a i780.bin file.... otherwise it should stop with an error.
I have a Samsung Omnia German version and would like to get the english version. Anybody know where to find the WWE ROM and CID unlock or what i need to install it?
any luck
Any luck on cooking a samsung i900 Rom
JesperRas said:
I have a Samsung Omnia German version and would like to get the english version. Anybody know where to find the WWE ROM and CID unlock or what i need to install it?
Click to expand...
Click to collapse
What does ur version read?
My one read i900XXHE4. I am also looking for way to upgrade to i900DXHG4
anyone manage to extract the rom?
or is there anyway i could extract those dll in the roms?
would like to try reverse it see if can extract the data for the accelerometer
Link
Here is the Link
For the update
any body can backup the rom G2 and previous and let us flash it? i sooo want the old rom back.. G4 fully sucked with too many issues on it..
What is the build info on G4?
I can dump the rom but you will have my serial #
silencer22 said:
anyone manage to extract the rom?
or is there anyway i could extract those dll in the roms?
would like to try reverse it see if can extract the data for the accelerometer
Click to expand...
Click to collapse
it looks like a .bin file and oddly enough executing it changed all my Atom .nb0 files to 'open with' USDL4...
Do kitchen tools exist or Perhaps somebody could be commisioned to make tools for us, I'd be up for that!
whats the go on creating a flashable rom? i tried to flash chinese G8 rom and i regretted it.. now i cant flash it back to WWE G4 rom. =( anyone here able to make flashable rom or F8 or G2 WWE roms? pls pls pls..
I tried to back up my i900 Omnia ROM and get this:
C:\12>pdocread -l
128.46M (0x8076000) DSK1:
| 1.47M (0x179000) Part00
| 2.58M (0x295800) Part01
| 124.40M (0x7c66800) Part02
90.44M (0x5a70000) DSK2:
| 90.43M (0x5a6f000) Part00
0.00 (0x0) DSK5:
| 0.00 (0x0) PART00
15.00G (0x3c0000000) DSK3:
| 15.00G (0x3bffffc00) Part00
STRG handles:
handle 6698a06e 15.00G (0x3bffffc00)
handle a698a026
handle c6cc2472 90.43M (0x5a6f000)
handle 06e0479a124.40M (0x7c66800)
handle 26e04776 2.58M (0x295800)
handle 26e0472e 1.47M (0x179000)
disk 6698a06e
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk a698a026
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk c6cc2472
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 06e0479a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 26e04776
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 26e0472e
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
C:\12>psdread -1 0 0xDISKSIZE os.nb
remote disk 1 has 65772 sectors of 2048 bytes - 128.46Mbyte
SerialNr: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
CopySDCardToFile(remote, 1, 0x0, 0xd, os.nb)
ERROR: ITReadSDCard - The parameter is incorrect.
C:\12>pdocread -w -d FLASHDR -p Part00 0 0x179000 Part00.raw
ERROR: ITTFFSGetInfo - The device is not ready for use.
WARNING: using default 512 bytes for sectorsize
CopyTFFSToFile(0x0, 0x179000, Part00.raw)
ERROR: ITReadDisk: outbuf==NULL
- The device is not ready for use.
Any thoughts?
I am improving :
C:\12>psdread -1 0 0x8076000 i900XHHG4.nb
remote disk 1 has 65772 sectors of 2048 bytes - 128.46Mbyt
SerialNr: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
CopySDCardToFile(remote, 1, 0x0, 0x8076000, i900XHHG4.nb)
but I am waiting more than 30 min and no activity. How long does it take to copy 128MB?
Hi there,
My brother just purchased the LG Incite. I, coming from the Kaiser ROM Development, would love to cook for it, as it is rather sluggish out of the box. However, I am not very familiar with non-HTC devices. So, if anyone out there has an LG Incite and knows how to cook for it, I would like to make a kitchen for evveryone to cook for this phone
Can anyone help out?
Thanks
anyone?
I'm using the LG incite, but the official rom suck.
I really want to have customize rom for it.
And I know notthing about the kitchen
Hey guys!
I have an LG Incite. If you can show me /tell me how to do it, I can probably be of help to unlock the firmware. I really want a more user friendly phone
Oh yeah I forgot. I found out how to get windows 6.5. I just need to find a way to slipstream it into the incite.
any ideas?I don't mind bricking my phone. I hav a backup software.
rkrishnan2012 said:
Hey guys!
I have an LG Incite. If you can show me /tell me how to do it, I can probably be of help to unlock the firmware. I really want a more user friendly phone
Oh yeah I forgot. I found out how to get windows 6.5. I just need to find a way to slipstream it into the incite.
any ideas?I don't mind bricking my phone. I hav a backup software.
Click to expand...
Click to collapse
do you have a micro SD card?
yup
yes I do (2gb). Any ideas?
even i would like to help
YAY!
SO...... now what?
can one of you manage to connect the incite to the computer and by using activesync, try to copy the windows folder and post it somehow on this forum?
PLEEEZE?
P.S., HEY! it's a fellow indian!
rkrishnan2012 said:
YAY!
SO...... now what?
can one of you manage to connect the incite to the computer and by using activesync, try to copy the windows folder and post it somehow on this forum?
PLEEEZE?
P.S., HEY! it's a fellow indian!
Click to expand...
Click to collapse
thank you for being so eager to help!
look here for what to do:
http://forum.xda-developers.com/showthread.php?t=238945
and post the dump.bin here
thanks again
yes waiting for the dump file
karim_31 said:
yes waiting for the dump file
Click to expand...
Click to collapse
i have 2 incites and still under 30 day warranty.
will using the grab_it - invisible ROM dumper cause or doing anything to the phone that will void the 30 day warranty?
Let me know and I will dump.
Sorry if this is a newb post.
redtaz said:
i have 2 incites and still under 30 day warranty.
will using the grab_it - invisible ROM dumper cause or doing anything to the phone that will void the 30 day warranty?
Let me know and I will dump.
Sorry if this is a newb post.
Click to expand...
Click to collapse
not at all!
mbarvian said:
not at all!
Click to expand...
Click to collapse
sweet. when i dump the rom where or who should i send the rom to?
redtaz said:
sweet. when i dump the rom where or who should i send the rom to?
Click to expand...
Click to collapse
put it in a zip file, upload it to mediafire.com and post the link here!
mbarvian said:
put it in a zip file, upload it to mediafire.com and post the link here!
Click to expand...
Click to collapse
one more thing...
which grab it should i download?
redtaz said:
one more thing...
which grab it should i download?
Click to expand...
Click to collapse
i would try this one:
http://forum.xda-developers.com/attachment.php?attachmentid=23564&d=1119937614
or if that doesn't work:
http://forum.xda-developers.com/attachment.php?attachmentid=23565&d=1119937589
make sure to follow the instructions, good luck!
thanks again
ahhhhhhhhhhh! we will have to wait till later today. I thought i had my micro sd card reader with me...
Question: If i save a copy of this rom dump, would i be able to use it to revert back to stock if another rom is flashed to it?
hey mbarvian,
can you assist in getting a grabber for 256? the rom size of the incite is 256K...
thanks!
redtaz said:
hey mbarvian,
can you assist in getting a grabber for 256? the rom size of the incite is 256K...
thanks!
Click to expand...
Click to collapse
actually, I just tried out grab_it, and I wouldn't recommend it. For a complete dump, please follow these steps:
Download the attachment, and install it on your device
Soft-reset
Download this file
Once it is finished, make a new folder on your C: drive named itsutils
Extract all the files to that folder
Plug in your device to your computer
Then click Start > Run, type in cmd.exe, then click then push Enter
Type in these commands:
Code:
cd C:\itsutils
Code:
pdocread -l
You should get something like this:
Code:
210.38M (0xd260000) FLASHDR
| 3.12M ([COLOR="DarkOrange"]w[/COLOR]) Part00
| 3.50M ([COLOR="Red"]x[/COLOR]) Part01
| 69.38M ([COLOR="Blue"]y[/COLOR]) Part02
| 134.38M ([COLOR="Lime"]z[/COLOR]) Part03
STRG handles:
handle e7489c1a134.38M (0x8660000)
handle 474960e6 69.38M (0x4560000)
handle c74b0fda 3.50M (0x380000)
handle 074b0eee 3.12M (0x31f000)
disk e7489c1a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 474960e6
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk c74b0fda
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 074b0eee
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
take note of the colored letters at the top. They will not show up like that, but I have just put them there as variables for when you type in these codes (replace w,x,y,z with what you see up there, basically ):
Code:
pdocread -w -d FLASHDR -b 0x800 -p Part00 0 [COLOR="DarkOrange"]w[/COLOR] Part00.raw
Code:
pdocread -w -d FLASHDR -b 0x800 -p Part01 0 [COLOR="Red"]x[/COLOR] Part01.raw
Code:
pdocread -w -d FLASHDR -b 0x800 -p Part02 0 [COLOR="Blue"]y[/COLOR] Part02.raw
Code:
pdocread -w -d FLASHDR -b 0x800 -p Part03 0 [COLOR="Lime"]z[/COLOR] Part03.raw
Please note that the bigger ones (Part02 and Part03) may take quite some time (15 minutes sometimes), but it is important that you do not close the Command Prompt window until they are all done!
After that, put Part00.raw, Part01.raw, Part02.raw, and Part03.raw in your itutils folder into a .zip file, upload them to mediafire.com, post the link here, and I'll take a look at them
thank you very much
if you do not understand all of it, please just ask me!
thanks
Will this cause anything to happen to the phone? (like erase the factory rom) or is it just a rom dump? Will i have to worry about the IMEI being a part of that dump?
I just DL the cab and app so let me know and i will proceed.
Thanks
hi guys a couple days ago, I wanted to edit my "init.rc" file, to add some improvements and some other useful services and I quickly
realized that the best method of doing it (for many reasons), was by editing my boot image, by extracting the ramdisk which contains this file and some other interesting files too.
In my quest for the best or most appropriate method to do it, I found many interesting posts and many tools and scripts,
recommendations, and so on... but more importantly were always the warnings about hazards of doing it, because are all due to
very specific to a device specific too.
(I am happy and thank you so mutch for that).
I finaly realized that for sure the best method to do it is using an hex editor.
Thankfully I'm familiar with hex editors, but until now not yet tried anything successful because I still have one question:
What I think I know so far:
- Please correct me if I'm wrong -
1-The file structure of the androids boot image file is not standardized but we have
some known addresses and headers (which is very helpfull).
2- From 0x00000000 to 0x00000800 Is the "boot.img" file header of android.
3- After that address, comes the kernel data.
4- The hex value "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1F 8B" Is the bigining of a gziped ramdisk data.
Here are my question:
1 - Can I just un-gzip + un-cpio, edit my file "init.rc" and re-cpio + re-gzip the ramdisk
(extracted from my hex editor in raw) and put it back in my "boot . img "?
Could someone help me understand better this?
Sorry about my english !