Related
Hi all!
Manual for recovery bricked FLAME
Symptoms: the device didn't switch on after experiments with an upgrade. Reacted only to power unit connection at the inserted battery - the orange led lights up. At this situation to bring the device back to life, only a flash bootloader (eboot.nb0) by means of interface JTAG is needed and possible.
1. Hardware preparation.
Please disassemble the FLAME and extract board. The detailed instruction
You should make a simple JTAG - cable.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Max lenght this cable is 20-25sm. My variant:
Alsoit is posible to produce some contacts, for example (see foto)
2. Software preparation.
To be required in addition:
1. Micro-SD card and cardreader.
2. Program SDFormatter, download here or here
3. FlameRecoveryTools from Medush, download
4. Diskimage.nb0 - any for FLAME. I extract it from official update
Well, now at all of us it is ready. We begin...
1. Extract FlameRecoveryTools on c:\
2. Run c:\FlameRecoveryTools\giveio_setup.exe (It driver for JTAG-cable). Please make sure that driver is installed and started.
3. Attach JTAG-cable to LPT-port your PC and FLAME board.
4. Plug power cable to FLAME board (or USB-cable from PC).
IMPORTANT! Do not press the button-indicator of the inserted accumulator!!!!
5. Open cmd-window. (Start-Run-cmd)
6. Go to c:\FlameRecoveryTools\JFlash_MM\
7. Run Start.bat
If everything is OK, a flash process will start and you should see:
If you see:
Please carefully check up correctness and reliability of all connections, a cause of error may be ONLY in it. Don't try to find missing file or any other program mistakes.
Ok, flash process is finished, verification successful, eboot.nbo has been flashed.
Unplug all, assemble your FLAME, plug AC-cable and turn on power.
Device is starting with error ERR-003A. (FOTO)
If you see message "battery is too low" - please wait for some time...and press reset again ))))
Ok.
8. Put micro-SD card in to your cardreader and run SDFormatter. Select "Full format".
9. Copy the following files to card: diskimage.nb0, eboot.nb0 (for example from my FlameRecoveryTools) end empty files-passwords rerr003a.kez and 1xdtgklo.kez.
10. Put card into device and start upgrade (press and hold soft-buttons (- and -) and press reset.
11. Finish!.
Insert the accumulator into place and turn on FLAME.
Enjoy the working device!
If my article has helped you, you can donate me:
WebMoney WMID 205584530674
WebMoney USD - Z177840443105
WebMoney Euro - E685734257524
PayPal: use recipient name "[email protected]"
I'm sorry for my bad English...
hello and thank you for this procedure. do you think, that is a possibility to create a JTAG for HP 2790b device? I have damaged bootloader (flash process did not well) and device is brick. I flashed it a lot of time, but now it is really dead. thanx for any info.
sinmae said:
hello and thank you for this procedure. do you think, that is a possibility to create a JTAG for HP 2790b device? I have damaged bootloader (flash process did not well) and device is brick. I flashed it a lot of time, but now it is really dead. thanx for any info.
Click to expand...
Click to collapse
Throught JTAG you can recovery any device. If you don't find scheme of contacts JTAG for your device in the Internet, you will have to make everything by yourself. HP has very individual scheme of contacts JTAG. That is why there is the only way - to bring your device (or you can by the same one but spoiled) to a good service center to unsold processor, find contacts JTAG and sold processor back. of cource they should do it with the guaranty of device safety.
Further is easier -knowing the contacts, you can sold contacts for JTAG and flash the device. I can help you with software. Wright a private message, I'll give you my e-mail.
Good Luck and never give up!
Help me i need JTAG for O2 Stealth
thanks Yudgin for your flame recovery manual !
could you please tell me how you could extract the bootloader for flame from the upgrade utility provided by O2
also i have a dead stealth --> could you share your insight as to what might the JTAG pin structure for this model
i have highlighted my thoughts in red --> i think these are active pins
oki, so I must lift the procesor. I have proper tools for that but not enough time for that. I report back when I found it, I guess there is more users who need JTAG for 27xx series. bye.
Yudgin said:
to bring your device (or you can by the same one but spoiled) to a good service center to unsold processor, find contacts JTAG and sold processor back.
Click to expand...
Click to collapse
Does anyone have the Flame JTAG Pin identification on the mainboard?
nuttapung said:
Help me i need JTAG for O2 Stealth
Click to expand...
Click to collapse
@nuttapung, have you find JTAG for your Stealth? I think I just had mine bricked as well. Days after kept it off unused, I turned it on, M2D intiated but then suddenly it automatically did a hard reset by itself. Upon completion, it started that hard reset process again and again so I have to unplug the battery. And that was the end of it.
heeelpmeeee pleaseeeee
have you find JTAG for your Stealth? please send me an copy of this...please... and the eboot.nb0...thx my email is [email protected]
important:
Hi my friend, I want to know where is the second TCK pin in flame board? I destory the TCK which pointed by your photo!
Mine too. I destroyed the TDI contacts. Anyone has the alternate contact point?
I done all after eboot my Flame sticks with ERR-003A
Yudgin said:
Hi all!
I done all after eboot my Flame sticks with ERR-003A and does'nt start rom uploading
and again goes into the same Err-003a screen, I tried many diffrent SD cards and Various Files eg. Eboot, eboot Diskimage .diskimage rerr03 etc nothing works. after pressing _ and _ and reset the flame goes off and after a second againg it shows ERR-003A screen, Any suggestion please?
Thank you
Click to expand...
Click to collapse
Team,
This One-Click Root process will copy over the rooted-update.zip or unroot-update.zip file then reboot your phone. Follow the instructions in the CMD prompt that launches.
I have another thread for the I9000 only! It is for rooting 2.1 ans 2.2 JP2. I added this thread because I9000M users don't have a forum yet. This app will work will all released Galaxy S phones for 2.1 stock only!!
Credits:
LeshaK at Samdroid: for the original rooted-update.zip.
gunnarhafdal : for creating the Mac GUI for my app.
This has been tested on stock Android 2.1 Eclair only. If you rooted using another process you can use this process to unroot as long as you didnt load a rom that created links to busybox.
For the following models:
GT-I9000
Captivate SHG-I897
Vibrant SGH-959
GT-I9000M
Epic SPH-D700 (Untested but should work like other phones. Post with your results. This is harmless it will either work or it wont. It copies over 3 files to your existing build.)
Rooting adds the following to your system and unrooting removes them:
/system/xbin/busybox (version 1.17.1)
/system/xbin/su
/system/app/Superuser.apk (version 2.3.1)
and links /system/bin/su to /system/xbin/su
More will follow as they are released. PM me to add your Galaxy S Model.
Warning: I am not responsible for bricked phones, rooting can void your warranty....
PC Instructions:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Download the app: here, mirror.
Watch the video for the full procedure on The Unlockr.
Video/Procedure Link Click Here
Requirements: Install Link: Dot Net Framework version 4
Rooting Instructions:
1. Make sure your phone is on USB Debug mode: (MENU > Settings > Applications > Developement > USB debugging = Checked )
2. For Windows x86 and x64 systems make sure that the Samsung Drivers are installed. You can get them here.
3. Extract the contents of GalaxyS_Vibrant_One-Click_Root.rar to a folder.
4. Connect your phone to your PC via the USB cable and launch the file "T-Mobile Vibrant One-Click Root.exe" file.
5. Click the "One-Click Root" button. This will launch a command shell follow the instructions in the CMD window.
Mac Instructions:
Download the app: here, mirror.
It requires Mac OS X 10.5 or higher.
Root 2.2 button does not do anything right now.
Rooting Instructions:
1. Make sure your phone is on USB Debug mode: (MENU > Settings > Applications > Developement > USB debugging = Checked )
2. Connect the phone to your computer.
3. Eject both the internal and external SD card from your computer and turn off USB storage in the notification area.
4. Click one of the buttons depending on what you want to do.
5. After the phone has rebooted into recovery select "apply sdcard:update.zip" for I9000 and I9000M and choose "Reinstall Packages" for the US models using the volume keys and then press the home button for I9000 and I9000M and the power button on the right top side for US models to start the process.
=====================================================================
Done! You are rooted.
=====================================================================
Un-Rooting Instructions:
To Un-Root follow the same instructions except click on the Un-root button. If you rooted using another process you can use this process to un-root as long as you didnt load a rom that created links to busybox. I would suggest to restore you phone back to stock ROM before even needing to unroot and if you are on stock un-root all you want otherwise what is the point of un-rooting.
=====================================================================
Getting Started with Android After Rooting:
Flash Clockwork Custom Recovery On your phone:
Follow this URL to find fill information on ROM Manager:
http://forum.xda-developers.com/showthread.php?t=734164
Install ROM Manager from Market.
Launch ROM Manager and click on Backup ROM and save you android O/S stock rooted making getting back to stock un-rooted much easier..
this works on i9000m
Sent from my SGH-T959 using XDA App
OP Updated hope this answers some of your questions on what rooting does.
Updated App to include support for Mac. Also added additional information.
Upgraded Superuser to 2.3.1 and busybox to 1.17.1
i use the this to root a galaxy vibrant and installs wifi-teether and it went perfect, but used to root a galaxy captivate it went well (aparently) but when i try to install the wifi-teether it said "your phone is blocked to install aplications that are from out of android market (something like that), what im doing wrong??
radioman38 said:
i use the this to root a galaxy vibrant and installs wifi-teether and it went perfect, but used to root a galaxy captivate it went well (aparently) but when i try to install the wifi-teether it said "your phone is blocked to install aplications that are from out of android market (something like that), what im doing wrong??
Click to expand...
Click to collapse
Menu -> Settings -> Applications -> Unknown Sources [Check it]
Daneshm90, thanks for the tip, but, in my vibrant that comand is there, is the first one, but in the captivate its not there and i dont find it!!
does it work in I9000B??? the brazilian version???
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
[highlight]Mod Edit: No linking to external sites requiring registration.[/highlight]
World's First!!!Samsung I8700 Windows 7 Phone DIRECT UNLOCK
by NsPro team
Now all we need is a jailbreak.
more information here:
forum.gsmhosting.com/vbb/f452/sptbox-deluxe-9-9-7-released-1133092
i8700 usb cable unlock solution:
- ##634# and press call to enter Diagnosis Menu
- *#7284# and choose "Modem, USB Diag"
- Press OK to confirm device Reboot
- Plug USB cable and install drivers.
- Select i8700, select correct SAMSUNG Mobile Model Diagnostic Serial Port
- Select unlock and click Factory Mode.
- If after unlock procedure, phone still asks for code, dial 00000000
All Done.
Click to expand...
Click to collapse
download the program (Sptbox deluxe 9.9.7) here:
multiupload.com/HZ1531ZQRL
i just call ATT and tell them i travel worldwide (which i do) and need it unlocked to use overseas SIM. Usually 10 minutes later they call me with the unlock code free.
Just downloaded from multiupload.com/HZ1531ZQRL and MS Security essentials blocked it with a virus warning.
Does this unlock the MMS-locking by the carriers as well?
http://social.answers.microsoft.com...7/thread/7834506f-c60d-4eb6-b04a-9829131922ee
This wouldn't happen to work with the at&t focus, would it?
Thanks for sharing!
psynaut said:
Just downloaded from multiupload.com/HZ1531ZQRL and MS Security essentials blocked it with a virus warning.
Click to expand...
Click to collapse
Kaspersky too : packed.win32.black.a
But it seems not to be a problem :
The Packed.Win32.Black.a detection identifies files that are packed with a stolen version of the Themida software protection program.
Stolen versions of this program (which are usable with leaked licenses) can be used to hide malware. Identifying a file that has been packed by a stolen version is therefore a precautionary measure against potentially malicious files.
Poops weak
thx great job
it doesn' t work on ..there is an error ..
Does this not work on Windows 7? I am having the same "Smart card resource manager is not running" error as above.
I am on windows 7 too (x64) and got your error too.
You have to manually start the "Smart Card" service.
With that you can go one step further and get the following error
Error when listing readers !
SmartCard API error #801002E
Cannot find a smart card reader
don't know what to do next
Help appreciated !
desolateone1 said:
This wouldn't happen to work with the at&t focus, would it?
Click to expand...
Click to collapse
I second that question; I've been looking all over the net trying to find some way of unlocking my focus before I take my trip to Amsterdam. I know there are websites out there but they all seem shady. I'd hate to pay for service that wouldn't work. does someone know if this works on the Focus? Or worse case, a website that is I can trust to pay and unlock it for me?
yeh i get
Error when listing readers !
SmartCard API error #801002E
Cannot find a smart card reader
tried it on xp 32bit and win 7 64bit
desperate for an unlock, boo
Doesn't this tool need the SPTBox hardware?
I always thought they give away the tool for free, but you need to buy their ~250$ hardware to actually be able to use the software.
250 dollars for this? muhahahahahhahahaha.....................what else?
ok but it affects our software or not
Old thread but here is my log!
First things first.
I DID NOT discover this vulnerablity ("daniel.wro" did here and "The_0ne" elaborated the process here ). So all credits to them. I am just writing this post with some screenshots and a video.
Note to the mods : Dear mods, I don't know if this post meets the standards of xda, but since it's not some cracking tutorial but mere exploitation of a poorly coded program, I assumed that it is eligible to be posted here. I hope it doesn't break the rules of this forum. If it did, please DO take it down.
Note to advanced users: Warning! This is a newbie guide. So you'll find the instructions provided here as childish and intimidating.
Sorry about that.
Now, having said that, for those who don't know what the B2B support tool is, it's a tool to allow LG's partners to download all mobile phones files (Service manuals, Flash Files, Softwares, Flashers, etc) from LG's servers.
You could get the client for free but requires 100$ to get access into the database. So, you could either pay and get yourself an account or use this workaround to get into the database without paying up.
This tutorial makes use of programming vulnerablity in the support tool while it communicates with the authentication server.
Prerequisites:
B2B support tool
Get it here
A network traffic monitoring tool (Fiddler/Wireshark/Etherreal/Charles,etc). I will be using Fiddler throughout this tutorial.
Get it here
Syntax view plugin for fiddler
Get it here
Once everything's installed you're ready to go
How it's done?
Step 1: Launch Fiddler (After installing syntax view plugin) and check if automatic breakpoints is disabled under the rules tab.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Step 2: Launch B2B support tool (Installs in C:\ProgramData\LGMOBILEAX by default in win8). Wait for the authentication panel to show up.
Step 3: Once you see the authentication panel, go to fiddler and enable automatic breakpoints before requests.
Step 4: Now go back to the support tool and enter any username and password and press ok.
Step 5: Back to fiddler again. You should see a red colored entry with hostname csmg.lgmobile.com. Select it. On the right pane, select break on response and choose syntax view. You should see something like this.
Step 6: If that's your case too, hit run to completion. Next you should see an entry with host name gsfs-eu.lge.com. Click break on response and should see a message stating user_check status='FAIL' in the syntax view. Now change 'FAIL' to 'OK' and select run to completion.
Run it to completion.
Step 7: You should see 6 more csm.lgmobiles.com requests. Run them all to completion.
Step 8: Once you've done it. The B2B tool's GUI should show up.
You're in!!!
But be careful. Everytime you encounter the hostname gsfs-eu.lge.com (or any authentication server requests), make sure to change FAIL to OK and you're good to go.
I've added a video showing every step involved when you want to download a file. There's nothing uber hacky or anything. It's just keeping your eyes open and making changes wherever necessary.
For video, click here
Note: I would recommend using a download manager with resume ability when downloading larger files. Sometimes, the authentication info might expire (the download can't be resumed). This doesn't mean the link has expired. Just repeat the whole process again till the step where you got the download link. After doing this, just hit resume and the download continues as usual. I don't know if it's related to expiration of cookies with authentication info. But doing this helped me with the downloads.
It's people like you who will kill the access to this for the rest of you guys.
If you guys can't RE your own applications, and seriously need tutorials like this, then you don't deserve to be able to access it.
I'm glad that you're all blocked from RND and PIN, because I can only imagine how fast that would get ruined.
Here, crack my login and you can have it: [email protected]
foil said:
It's people like you who will kill the access to this for the rest of you guys.
If you guys can't RE your own applications, and seriously need tutorials like this, then you don't deserve to be able to access it.
I'm glad that you're all blocked from RND and PIN, because I can only imagine how fast that would get ruined.
Here, crack my login and you can have it: [email protected]
Click to expand...
Click to collapse
so u can give us screens if thers a f180 v30 or a e975 v20 listed..... (and download if its possible..)
2nd Sky said:
so u can give us screens if thers a f180 v30 or a e975 v20 listed..... (and download if its possible..)
Click to expand...
Click to collapse
No, I'm afraid I won't do that.
I warned the entire community about the end of b2b access coming to a halt, due to the abuse that it received.
My login is still alive and active, and I invite you to crack the password, and you can have it if so - it's a full admin account, and can create subs.
I just got my new Samsung T705 but it didn't work with my carrier WIND which uses AWS frequencies, do you know if there is away to unlock these bands on the Tab S T705
Hakams said:
I just got my new Samsung T705 but it didn't work with my carrier WIND which uses AWS frequencies, do you know if there is away to unlock these bands on the Tab S T705
Click to expand...
Click to collapse
i have been trying to discover if we can unlock the american lte frequencies through software only & ran across a thread online which allows u to enable/disable individual bands...i will see if i can hunt down the original post as i wouldnt want to claim the fame if it works for u but try this
!. dial *#0011# which will take u to service mode
2. press the 3-dot menu button then hit back (NOT the hard button)...do this again & u will end up at the main menu
3. choose selection [2] ue setting & information, then [1] setting, followed by [1] protocol , next [2] nas, after that [1] network control
4. finally pick [4] band selection & this will bring u to the page where u want to be...just remember that an asterick means its selected
always use "3 dot menu-back" & NOT the physical buttton...dont forget to press the '"apply band configuration" when you're done & then "menu-end"
THEDEVIOUS1 said:
i have been trying to discover if we can unlock the american lte frequencies through software only & ran across a thread online which allows u to enable/disable individual bands...i will see if i can hunt down the original post as i wouldnt want to claim the fame if it works for u but try this
!. dial *#0011# which will take u to service mode
2. press the 3-dot menu button then hit back (NOT the hard button)...do this again & u will end up at the main menu
3. choose selection [2] ue setting & information, then [1] setting, followed by [1] protocol , next [2] nas, after that [1] network control
4. finally pick [4] band selection & this will bring u to the page where u want to be...just remember that an asterick means its selected
always use "3 dot menu-back" & NOT the physical buttton...dont forget to press the '"apply band configuration" when you're done & then "menu-end"
Click to expand...
Click to collapse
Thank for this very useful information, WIND uses AWS, with bands 1700/2100, I selected those frequency when I was in the menu and made sure to press apply band configuration, i restarted the device, but still not registering on WIND network. however now for the first time I see the network signal strength full. Did I miss anything?
Hakams said:
Thank for this very useful information, WIND uses AWS, with bands 1700/2100, I selected those frequency when I was in the menu and made sure to press apply band configuration, i restarted the device, but still not registering on WIND network. however now for the first time I see the network signal strength full. Did I miss anything?
Click to expand...
Click to collapse
The only other thing i can think of would be in "settings-connections-more networks-mobile networks" and choosing network operators which will bring up a list of all available service in the area....it will take about 30 seconds to find them so be patient. U can also try the network mode option in the same menu...the last thing i would suggest is to remove then re-insert the sim and/or try a known working one
preferred_network_mode
Any idea where the list of device available network modes are kept? I remember seeing it (possibly xml or db) somewhere in /system (a very long time ago).
I wish to try and add all available options to a Synapse control and write the preferred (selected ) network mode to:
/data/data/com.android.providers.settings/databases > global > preferred_network_mode xx
Basically require a number that represents each type of network mode for our device. ie
Anyone have any insight ?
Cheers,
UITA
Deleted
Deleted
jack_ssl said:
Still LTE Option Not Showing Help Me :laugh:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Click to expand...
Click to collapse
Sometimes changing your ROM CSC to that of your carrier locale will give more options in settings (providing they are available). Don't forget changing CSC will factory reset device.
Deleted
jack_ssl said:
You Said , I Need To Reset My Device ... Then I Am Able To Get / View LTE Option On The Mobile Network Mode ... Corrrect ?
Click to expand...
Click to collapse
Read again, particularly the first line
Please Help Me
UpInTheAir said:
Read again, particularly the first line
Click to expand...
Click to collapse
Deleted
jack_ssl said:
I Can't Understand . Please Explain ...
Click to expand...
Click to collapse
If you ROM allows, sometimes changing your ROM CSC to that of your carrier locale will give more options in settings
You can Google for suitable CSC
If you change CSC, it will factory reset your device.
UpInTheAir said:
If you ROM allows, sometimes changing your ROM CSC to that of your carrier locale will give more options in settings
You can Google for suitable CSC
If you change CSC, it will factory reset your device.
Click to expand...
Click to collapse
Thanks ....
http://forum.xda-developers.com/showthread.php?t=3036751
Could be of some use??