Better Mobile App

Determine Bootloader Version

Is there a way to determine my bootloader version? I see "info 1" on the bootloader FAQ, but it returns nothing.
I have a Softbank X01HT with the JASJAM_telstra_1.31.305.2_1.31.305.103_1.20.31.10_ship burned to it. I thought the CID was stored in the ROM flash so I upgraded from the previous JASJAM ROM. Now I cant downgrade apparently. I have a 1.06 Bootloader right?
Here is some additional info:
----
USB>info 2
HTCSSuperCIDHTCE
USB>checkimage
IPL CRC checksum = 0x4A75448F
SPL CRC checksum = 0x3BF03635
CE CRC checksum = 0x964CDB85
ExtROM CRC checksum = 0xC80B05D
Radio Image CRC checksum = 0xB1B0E47C
----
IPL-1.01
SPL-1.04
Thanks

jokinawa said:
Is there a way to determine my bootloader version? I see "info 1" on the bootloader FAQ, but it returns nothing.
Click to expand...
Click to collapse
info "0" and "1" do not seem to work in the Hermes, "info 7" will give you your answer:
Code:
HTC Integrated Re-Flash Utility, Common Base Version : 1.50a
Device Name: H, [b]Bootloader Version : 1.04[/b]
Built at: May 26 2006 20:17:35
Copyright (c) 1998-2006 High Tech Computer Corporation
[...]
jokinawa said:
Here is some additional info:
----
USB>info 2
HTCSSuperCIDHTCE
Click to expand...
Click to collapse
Your device is SuperCID, you should be able to flash ANY rom. Can you paste the output of "task 32"? It shows the security level.
Did you use v3 of imei-check unlocker?

pof said:
info "0" and "1" do not seem to work in the Hermes, "info 7" will give you your answer:
Code:
HTC Integrated Re-Flash Utility, Common Base Version : 1.50a
Device Name: H, [b]Bootloader Version : 1.04[/b]
Built at: May 26 2006 20:17:35
Copyright (c) 1998-2006 High Tech Computer Corporation
[...]
Your device is SuperCID, you should be able to flash ANY rom. Can you paste the output of "task 32"? It shows the security level.
Did you use v3 of imei-check unlocker?
Click to expand...
Click to collapse
Here is the info.
USB>info 7
HTC Integrated Re-Flash Utility, Common Base Version : 1.50a
Device Name: H, Bootloader Version : 1.04
Built at: May 26 2006 20:17:35
Copyright (c) 1998-2006 High Tech Computer Corporation
CPU ID=0x41129200
Main CPLD version=0x5
Upper CPLD version=0x4
Main Board version=0x6
USB>task 32
Level = 0
I used the only unlocker at the time for the X01HT.
Whats weird is it says I have Bootloader 1.04 but I cant change from:
JASJAM_telstra_1.31.305.2_1.31.305.103_1.20.31.10_ship (supposed to be BL 1.06)
down to
JASJAM_WWE_1.20.305.3_1.20.305.104_1.07.03.10_ship
I was trying to downgrade to the 1.20 JASJAM to install EXT_ROM from Softbank.
When I couldn't downgrade I ran the IMEI-Check unlocker again. Maybe that changed my bootloader back down?
I will try to burn the Dopod ROM. That one has worked before.
Thank you for the help.

Really weird because your device has Seclevel=0 and SuperCID, this is a developer device able to flash any ROM without restrictions.
Did you use v3 of imei-check unlocker?? Probably they changed this on v3...

V3 Unlocker
Yes,
I used this ZIP:
M3100v3Unlock.zip
which contained this file:
M3100v3cUnlock.exe
Any other commands before I disconnect and flash? I hope flashing a ROM wont mess up my CID and Sec lvl.

Flashing rom will not touch CID and Seclevel.
This is new from v3 unlocker, they didn't do this before. CID stayed the same and SecLevel=FF (unpriviledged).

jokinawa said:
Yes,
I used this ZIP:
M3100v3Unlock.zip
Click to expand...
Click to collapse
What a pity you didn't log the process as has been told here.

Chatty said:
What a pity you didn't log the process as has been told here.
Click to expand...
Click to collapse
Yep, Sorry I unlocked it as soon as I saw it avail because I cant read Japanese.

pof said:
Flashing rom will not touch CID and Seclevel.
This is new from v3 unlocker, they didn't do this before. CID stayed the same and SecLevel=FF (unpriviledged).
Click to expand...
Click to collapse
I can confirm this. I was using Bootloader 1.06 from the Cingular ROM. I did previosuly use IMEI-CHECK V2 unlocker before upgrading to the Cingular ROM. Couldn't downgrade to other ROMS.
Have now re-unlocked again using IMEI-CHECK V3 unlocker and now can downgrade as it has reverted me to 1.04 bootloader:
USB>info 7
HTC Integrated Re-Flash Utility, Common Base Version : 1.50a
Device Name: H, Bootloader Version : 1.04
Built at: May 26 2006 20:17:35
Copyright (c) 1998-2006 High Tech Computer Corporation
CPU ID=0x41129200
Main CPLD version=0x5
Upper CPLD version=0x4
Main Board version=0x5
USB>task 32
Level = 0
UPDATE: Radio from latest I-Mate ROM cannot be updated with bootloader 1.06 even if device us SUPERCID, have to use IMEI-CHECK to revert back to 1.04!

Thanks for posting confirmation.

Unlocking an x01ht
Hi, First post, new to the forum,
I just moved to Tokyo and am going out today to by the softbank x01ht (at ~170$us, the gadget freak in me wont let me get something else that is bilingual)
Anyway I'm willing and minimially capable of paying and completing the imei unlocking process. I've only ever done pc and laptop flashing before so I may need a bit of a walk through on how to get this dump file your looking for.
I just have one quetion - if I unlock to a cid of supercid and security level 0, I understand that I can change my ROM to a nice user friendly English speaking ROM but will my hermes still work on my network (softbank) even though I will be operating a rom from another network in a different country.
Also is there an original sim/operator free ROM uploaded anywhere or is there any ROM you would recommend for me an english speaker on a japanese (softbank) network.
Thanks for any help you can provide. I'll do my best not too mess up the imei unlocking process dump in return.
Cheers

rorycooney said:
Hi, First post, new to the forum,
I just moved to Tokyo and am going out today to by the softbank x01ht (at ~170$us, the gadget freak in me wont let me get something else that is bilingual)
Anyway I'm willing and minimially capable of paying and completing the imei unlocking process. I've only ever done pc and laptop flashing before so I may need a bit of a walk through on how to get this dump file your looking for.
I just have one quetion - if I unlock to a cid of supercid and security level 0, I understand that I can change my ROM to a nice user friendly English speaking ROM but will my hermes still work on my network (softbank) even though I will be operating a rom from another network in a different country.
Also is there an original sim/operator free ROM uploaded anywhere or is there any ROM you would recommend for me an english speaker on a japanese (softbank) network.
Thanks for any help you can provide. I'll do my best not too mess up the imei unlocking process dump in return.
Cheers
Click to expand...
Click to collapse
All of the ROMS will work for Softbank as I have tried pretty much all of them by now. All of the files you need should be on this forum/wiki or linked from here.
Here are the main ROM files.
http://wiki.xda-developers.com/index.php?pagename=Hermes_Upgrades
I have only done this for about a week so its not too difficult. Need help just make a thread after searching for the answer first.
Have Fun.

is there a bootloader guide sorry for being a bit stupid but when i press the buttons to get it into boot mode all that is displayed on the screen is some colored lines and herm200 ipl-1.00 herm200 spl-1.04 am i doing it wrong

That is bootloader mode. You have to connect via USB with MTTY to give it commands.
http://wiki.xda-developers.com/index.php?pagename=Hermes_BootLoader

jokinwa thank you ive been looking for that

Please help!!! Upgrade failed and become unusable.

Dear All,
I've tried to upgrade to ROM Hermes_1.18.416.1_1.18.416.101_1.14.00.10_WWE_Ship
and unluckly cable loosen and I reset the phone.
Since it's in the middle and can't success enter the Windows Mobile,
but the bootloader was updated to 1.06.
Now I can't flash any ROM either
HER_DopodAsia_1237074_1060010_WWE_SHIP or the new one.
The tools on "imei check" even can't recognize my phone.
Any one can help me on this issue, please?
Thanks in advance.

Try the steps here, let us know the results:
http://wiki.xda-developers.com/index.php?pagename=Hermes_UpgradeProblems
If you don't fix it with the proposed solutions attach USB Monitor capture in text format as explained in the bootom of the page.

I have the same issue, and sent it to service, and now I have the phone back and they could not fix it, so got no radio or imei number, so none of the FAQ will work for me.
So I have an expensive paper weight.

Hi,
ME TOO!!
I recently had a power cut (yes, a lights off power cut!) that killed my PC half wat through installing the Cingular English CWS__001 1.34.502.1 09/21/06 ?? 1.16.00.00 32.53.7018.01H 14955.2.3.0 ROM onto my SPV 3100.
Now SPV 3100 will boot to the ROM I was running prior to the upgrade but I can't use the telephone. I'm also not able to rerun the upgrade as it got far enough through the process to upgrade my bootloader to 1.06 - therefor rendering me unable to load another ROM.
Before the crash I was using the Imate ROM as below and M3100 was sim unlocked and running on o2 3G
i-mate English CDL__001 1.20.305.3 07/21/06 1.20.305.104 1.07.03.10 32.41.7010.02H 14955.2.3.0 1.04
I have also tried imei without any joy.
the PDA part of my M3100 still works but the phone is dead. I have been told that if you can get the latest radio installed then you satnd a chance of the phone part working.
We need a hack to get bootloader 1.4 back on the phones.
Please help.
Thanks

My one now is a photo frame which one show "HTC" or "Windows Mobile",
at least your one is a PDA.
There are nothing in "info 2" and so nothing can be flash into it.
Is it possible to have something written CID and IMEI to phone in mtty
and let the flash rom success?

i am in the same situation like yhlee. Pof, i have reply your pm and ready to upload the result file to FTP. where should i upload to?
Thanks

oh i forgot to say, mine is even worst. as soon as i turn on the unit. it will go right into bootloader without press any button.

The USB Log is too large (around 2MB)
and can't upload, any suggestion?
Thanks.

rnc1688 said:
oh i forgot to say, mine is even worst. as soon as i turn on the unit. it will go right into bootloader without press any button.
Click to expand...
Click to collapse
This can be fixed by bootloader commands 'set 14 0' and 'task 8', will reboot your device and boot into OS again (but no GSM yet!)
yhlee said:
The USB Log is too large (around 2MB)
and can't upload, any suggestion?
Click to expand...
Click to collapse
Upload it to xda-developers ftp:
ftp://xdaupload:[email protected]/Uploads/Hermes/
USER: xdaupload
PASS: xda

POF, file have been uploaded, file name= rnc1688
Thanks

'set 14 0' and 'task 8' didn't work

@rnc1688: It starts the flashing process, but you get a "CID not allow (255)" error because your CID is corrupted and you are in bootloader 1.06.
Is not booting WM5 after "set 14 0" in mtty.exe? If it's not booting WM5 you'll not be able to flash bootloader 1.04 and bypass CID checking.

so i guess my unit is bricked now.

I've upload the file which named yhlee.txt.
However, I'm going to send the unit for service.
Hope they can fix.
Any way to make it show the bootloader screen on start-up
everytime?
"set 14 1" doesn't work after push the RESET button.
Thanks.

@yhlee: U're getting exactly the same error as rnc1688. Device in bootloader 1.06 which has corrupted CID, however you say you can go into OS, so it would be possible for you to downgrade the bootloader so it does not enforce CID checking.
yhlee said:
Any way to make it show the bootloader screen on start-up everytime? "set 14 1" doesn't work after push the RESET button.
Click to expand...
Click to collapse
Try "set 1e 1" and then "set 14 1", you'll boot stright into bootloader.
@rnc1688: If you want to go WM5 try this:
"set 1e 1" and then "set 14 0", you should be able to boot stright into OS.

no luck either

grrr!!!... command "set 14 [0|1]" is working fine in 1.04 here to switch boot into WM5 or boot in bootloader mode... probably different in 1.06??? I don't have a 1.06 now to test

Mine one is just showing "Windows Mobile" but stuck there,
but seems rnc1688 one is a PDA but my one is nothing.
I've sent to distributor for service.
Thanks you pof.

yhlee said:
I've sent to distributor for service.
Click to expand...
Click to collapse
Let me know when they fix it... i'm curious about if they will fix it with 1.06 or they will downgrade to 1.04 first.

I got a correct message back from the service company, and they will not fix a bootloader 1.06 unless the original rom has been release with it, I was told that is HTC policy on this.

Couple of questions on CID rom and so on.

Hi, i done a fair amount of searching but to be honest there just to many posts about this to get a answer to be sure of.
If someone could spare a moment to help out i be grateful of there time.
1) How do it tell if my phone is CID locked ?.
I sure mine is a G4 model now, but i updated rom and so on, and all works ok there, but i am unsure if i used a locked rom update. So i am unsure, of course i dont wish to brick my phone like some have.
2) I live in England, UK, and like to know what are the newest roms and radio rom for my area.
Currently i have the following....
IPL 2.16.0001
SPL 2.16.0001
GSM 02.07.10
OS 2.16.9.1
Rom Version 2.16.9.1 WWE
Rom Date 2/6/06
Radio Version 02.07.10
Protocol 413.1.03
I read that radio roms do the phone side of things, and would like to update that as i get a few drops on calls, i use O2. What is the best one i can use, also can i use a radio rom from another area not just European ?
I like to test out WM6 but like others lead me to an error on CID locking (300 error code) hence i like to confirm i have a CID locked phone, but i was told when purchased it was fully unlocked.
Any help would be very greatful.

hjkl;' why no delete?

M3NF said:
Hi, i done a fair amount of searching but to be honest there just to many posts about this to get a answer to be sure of.
If someone could spare a moment to help out i be grateful of there time.
1) How do it tell if my phone is CID locked ?.
I sure mine is a G4 model now, but i updated rom and so on, and all works ok there, but i am unsure if i used a locked rom update. So i am unsure, of course i dont wish to brick my phone like some have.
2) I live in England, UK, and like to know what are the newest roms and radio rom for my area.
Currently i have the following....
IPL 2.16.0001
SPL 2.16.0001
GSM 02.07.10
OS 2.16.9.1
Rom Version 2.16.9.1 WWE
Rom Date 2/6/06
Radio Version 02.07.10
Protocol 413.1.03
I read that radio roms do the phone side of things, and would like to update that as i get a few drops on calls, i use O2. What is the best one i can use, also can i use a radio rom from another area not just European ?
I like to test out WM6 but like others lead me to an error on CID locking (300 error code) hence i like to confirm i have a CID locked phone, but i was told when purchased it was fully unlocked.
Any help would be very greatful.
Click to expand...
Click to collapse
Here is what you have to do:
- download any G4 rom from xda ftp
- unpack it
- replace the update tool from the WM6 one with the one from the G4 rom (when you will run it, it will be in italian)
- don`t worry about bricking your phone, it can only happen if you try to update your IPL/SPL and the WM6 ROM doesn`t include those upgrades.
(if your Wizard is CID-locked, after the upgrade, your OS will be the same one you had before the upgrade, if not, be happy) )

I can give a little help if you feel you can trust me.
Use a little program called pdocread.exe (by itsme) and read the bdk1 using the following command:
pdocread.exe -n 1 0 0x10000 [saved_filename] and then contact me via PM to send me the encrypted file so that i can read it and check the CID value. I must warn you that the resulting file will have your phone's IMEI in it.
For this program to work your phone must have RAPI and Unsigned Apps enabled
You could also use mtty.exe program to check the CID status by using the info 2 command
Code:
Cmd>info 2
GetDeviceInfo=0x00000002
+ SD Controller init
- SD Controller init
+StorageInit
***** user area size = 0x3D080000 Bytes
[B] [COLOR=Blue]HTCSSuperCID ' HTCE[/COLOR][/B] <------- CID status!!!
To be honest i'd prefer the first solution since i'm writing a Wizard service tool and as my phone is a full unlocked Qtek i need locked CID blocks to compare and understand a bit more about that zone.
cheers

Sent email with pdocread info. Here are my mtty results.
PHP:
Cmd>info 2
GetDeviceInfo=0x00000002
+ SD Controller init
- SD Controller init
+StorageInit
***** user area size = 0x3C8C0000 Bytes
HTCSWIZCNG01 »“4‚HTCE
Cmd>
I assume the "HTCSWIZCNG01" is just verifying what I already knew? That I am CID locked to cingular?

I managed to get a list with a lot of CID codes for different operators and will check your value (once i find the file ) but i also believe that your phone is indeed CID locked; sorry

Many thanks for the details, tried it last night but would not change, so i at least know i have a cid locked system now.
Maybe wiorth getting it unlocked, but to be honest it was more of a wanting to know if it was or was not, know i know that i happy with what i got. Maybe an offical update will work when its released.
Again cheers all for your help and advice.
Any further info still be greatful with details of first post about radio roms still if you can.

Thunder_PC said:
I assume the "HTCSWIZCNG01" is just verifying what I already knew? That I am CID locked to cingular?
Click to expand...
Click to collapse
Yep, that CID is indeed from Cingular. Check with the file attached i extracted from some file i can't recall exactly which and where i got it...
Thunder_PC said:
Sent email with pdocread info
Click to expand...
Click to collapse
Pls make new dump as it should be 64Kb (0x10000)

Hi, please someone can tell me , as i think, my 9100 is CID unlocked?:
Cmd>info 2
GetDeviceInfo=0x00000002
+ SD Controller init
- SD Controller init
+StorageInit
***** user area size = 0x1E880000 Bytes
HTCSWIZQTK01 µ…“HTCE
Cmd>
After do a CID unlock with awizard, rechecked and still showing the same.
but when i try to dump rom doing "r2sd all" in mtty1.42 it doesn´t allows me. In awizard done.
Cmd>r2sd all
***** user area size = 0x1E880000 Bytes
R2SDBackup() - Download type = 5
usTotalBlock = 1 sizeof(SDCARD_SIGNATRUE_TABLE)=512
You didn't get the proper security level to download a specific image
Cmd>
If it´s unloked, i supose, after reading forums, that i can change rom from WWE to last Spanish (2.18....)
IPL/SPL: 2.17.0001
GSM 02.07.10
OS 2.17.7.2
wait your answers. Thanks.

A quick search around the forum would have shown you that it's not possible to CID unlock a G4 device for free.
Yours is a G4 and if you compare with my values from post #4 you can see that yours isn't CID unlocked
cheers

Thanks.
i suposed that as wasn´t in CID list was unlocked. But i get it more clear.
So the only ways to change rom and language are, or pay or try it with the Solutuion found: how to flash any rom to CIDLOCKED DEVICE.

TOM_WILE said:
Thanks.
i suposed that as wasn´t in CID list was unlocked. But i get it more clear.
So the only ways to change rom and language are, or pay or try it with the Solutuion found: how to flash any rom to CIDLOCKED DEVICE.
Click to expand...
Click to collapse
Yep, either with ShellTool or with my Wizard Service Tool that allows to flash the OS binary partition
cheers

mestrini said:
Yep, either with ShellTool or with my Wizard Service Tool that allows to flash the OS binary partition
cheers
Click to expand...
Click to collapse
Hi again, it´s done.
I did it with "QTEK Rom 2.18.7.8 AKU2 ESN + Radio 02.47.11 Con CID Bloqueado by jossma". It works great, and in spanish. I have to "repair" a little problem with keyboard.
i´m happy. thanks for all. jejeje

sos.sos.sos
I have blocked SPV M3000
CID: WIZORGB8
Phone is CID LOCKED!
Which withdraw drinking

plz HELP ME !!!!!!!
hi everyone I know im posting in the wroge thread but this site is really huge, I need any help cuz i begin to hate my ppc and im stiil a student and cant buy another one cuz my father is really anoying, so i got an i-mate pda2 which i really love its design but the prob. is wm2003se there is no other roms i can find + i dont know how to get this cid unlocker and any rom just any , i will be pleased v.much for help i want the links where i can find a cid unlocker and a new rom which can run manila or wm5,6 plz helppp :'(

Can't boot my OS! - Green light and black screen

I flashed HardSPL 2.30olipro and it wont boot the OS when I reset, the screen stays black like its still off and the green light at the top stays on, I can still access the bootloader and use MTTY, I have tried flashing various ROMs and the "set 14 0" but nothing works, At the moment I have :
IPL-1.00
SPL-2.30.Olipro
Anyone have any ideas?

Well, it appears you can get to mtty...
Try Task 28 (this usually works when stuck in boot screen - not sure exactly where you are stuck)
or...
Try flashing a new ROM.

todd_jg said:
Well, it appears you can get to mtty...
Click to expand...
Click to collapse
Yea no problems getting into the bootloader and using MTTY
todd_jg said:
not sure exactly where you are stuck
Click to expand...
Click to collapse
I'm stuck as soon as I turn it on, blank screen like its still off and green light at the top is on the whole time, but not when i go to the bootloader.
Thanks for the help

My problem of noot being able to see any splashes and not being able to turn on for that matter is weird, Who knows a way that I can erase all of the phone totally except for the bits that cant be likle the SPL and IPL, Is there any way possible to flash someones dumped rom, and use the wlan fixing method to set yourself a new Mac adress etc.
In the memory map it says the Radio and bootloader are at "0x????????" does anyone know whats under the mysterious question marks?

deleted post

Korpse said:
My problem of noot being able to see any splashes and not being able to turn on for that matter is weird, Who knows a way that I can erase all of the phone totally except for the bits that cant be likle the SPL and IPL, Is there any way possible to flash someones dumped rom, and use the wlan fixing method to set yourself a new Mac adress etc.
In the memory map it says the Radio and bootloader are at "0x????????" does anyone know whats under the mysterious question marks?
Click to expand...
Click to collapse
Have you tried to reflash the HARDSPL?

binky11 said:
Have you tried to reflash the HARDSPL?
Click to expand...
Click to collapse
Thanks for helping me
It wont actually let me write over it because it has that protection on it to stop roms overwriting it with an older version, would it work (and be safe) to delete the SPL using the erase command then reset the hermes and write the SPL again?

Hi! i also got same problem, can still access bootloader and mtty only
Any solution that i can do? the mtty command " erase [StartAddr [Len]] " can it?
Cmd>task 28
Storage format start
Write Nand Success
dwBlockToWrite = 13
Storage start block: 610
Storage Total block: 326
Total Bad Block in CE: 0
NeedToEraseBlockStart: 623
NeedToEraseBlockEnd: 936
Storage format success
Cmd>checkimage
IPL CRC checksum = 0x856C952E
SPL CRC checksum = 0x738D6562
CE CRC checksum = 0x92C76E00
ExtROM CRC checksum = 0x2F8830F2
Radio Image CRC checksum = 0xB3F22A62
Thanks first.....

Korpse said:
Thanks for helping me
It wont actually let me write over it because it has that protection on it to stop roms overwriting it with an older version, would it work (and be safe) to delete the SPL using the erase command then reset the hermes and write the SPL again?
Click to expand...
Click to collapse
The SPL area is touchy. If you were to erase the Bootloader, I am not sure you would ever be able to flash anything, since it uses bootloader commands to do it. Check the MrVanx downgrade guides. There are instructions for overwriting the latest HardSPL. It is a two step process, first using SSPL. Give it a shot.

Im having to same problem,
IPL 1.04
SPL 2.30 Olipro
Cmd>task 28
Storage format start
Write Nand Success
dwBlockToWrite = 13
Storage start block: 462
Storage Total block: 474
Total Bad Block in CE: 0
NeedToEraseBlockStart: 475
Storage format success
Cmd>checkimage
IPL CRC checksum = 0xC1AC9D2F
SPL CRC checksum = 0x327DEB48
CE CRC checksum = 0x4E705577
ExtROM CRC checksum = 0x85083D45
Radio Image CRC checksum = Checksum: Wait interpreter timeout
0x0
Cmd>
when I try to reflash any rom I get an error, usually hangs around 12%

Hey guys,
Anyone got a resolution to this problem yet?
Heres whats happening:
When I turn on the device I get the green led light but nothing shows on the screen at all, I can still access the boot loader the normal way.
- Tried Task 28
- Can flash any ROM but doesn't fix issue at all
- Happened after i updated to HardSPL 2.30, but cant downgrade because I need access to the OS to use SSPL.
Thank you for any help

Same problem.
Hi,
don't know if this will work for you, but it did for me. the difference is that mine wasn't hardspl.
I had the same problem when i was trying to upgrade to WM6 a friends JasJam (i had a USB connection problem). i tried alot of flashing, and the only one that seemed to work for me was the Official I-Mate ROM i got from this thread:
http://forum.xda-developers.com/showthread.php?t=348436
and flashed it after going into the bootloader.
after flashing this, i loaded the hardspl v7 from this one.
http://forum.xda-developers.com/showthread.php?t=296722
and after that, flashing any ROM works perfectly.
Hope this helps.

I'm going to try that but I'm not sure if it will work.
I am already running:
IPL-1.00
SPL-2.30.Olipro
so it will not let me override it with HardSPLv7

Not sure if I can be of much help but I had the exact same problem after a flash, then just booted into the bootloader and loaded a ROM from my MiniSD card (CRCs Rom) and that seemed to fix my problem. I also have HardSPL 2.30 installed

try
cmd>set 16 0
Hope it works, normally when i get stuck in the bootloader its what i do, soft reset, plug it to usb run mty and do that comand. after it says write nand soft reset the device, it should load the os with no problems ^^

I have the same problem too. I ran the hermes unlocker v3a and after 100% it won't boot, but the green light turns on at the top. I can get into bootloader and MMTY. IPL 1.01 and SPL 1.4 Olipro
I'm a total noob so please somebody help!

Model No. says H instead of HERM200

He Guys,
Just my luck I have bought an HTC Tytn with the original Dutch rom and sim unlocked second hand.
I wanted to put a new Dutch rom from HTC on it but I keep on getting the ERROR [244] : INVALID MODEL ID but what I don`t understand is I have used the original Dutch rom from HTC. So I checked the device information and under the tab identity it says;
Model No.: H
Platform: PocketPC
IMEI: xxxxxxxxxxxxxxxxxxx
Shouldn’t the Model No. be HERM200?
Has anyone any suggestions in how I can solve this problem so I can flash any rom I wish.
I have tried al the cid unlock programs I could find and in bootloader it says;
H
IPL-1.01
H
SPL-1.40.Olipro
Thanks in advanced.

Use RAR to unpack the Original Dutch ROM.
Take the NBH file that you get when you unpack the ROM.
Put it in a folder with CUSTOM_RUU from Olipro.
Run CUSTOM_RUU and it will load up the ROM from the NBH file, bypassing the CID check. Should work

Thanks for the reply,
I have tried what you suggested but I still get ERROR [244] : INVALID MODEL ID I have also read these posts http://forum.xda-developers.com/showthread.php?t=322231&highlight=CUSTOM_RUU+from+Olipro and http://forum.xda-developers.com/showthread.php?t=322119&highlight=CUSTOM_RUU+from+Olipro and http://forum.xda-developers.com/showthread.php?t=309707&highlight=CUSTOM_RUU+from+Olipro and tried these suggestions but every time I get the error message. The radio update process was the same for me it will go to 7% and then give the message ERROR [244] : INVALID MODEL ID.
I have also tried the HTC_Hermes_SIM_CID_Unlock_v3a and Hard-SPL-V7 but still get the error message.
I hope I’m doing something wrong if not then I hope you have a new suggestion.
Thanks in advance.

Please set your device in BOOTLOADER MODE and post here your IPL / SPL versions.

Junner2003 said:
Please set your device in BOOTLOADER MODE and post here your IPL / SPL versions.
Click to expand...
Click to collapse
Did you read first post?

VivaErBetis said:
Did you read first post?
Click to expand...
Click to collapse
Ups, missed the bottom - thought it is the signature already! Sorry, haven't had my coffee yet!
Well, looks like the device is CID unlocked!
How about trying to flash an entire cooked ROM?

i would suggest the following:
flash a cooked rom (any)
see if that makes any difference to your model id
then try and flash the native dutch rom
good luck

Hi Guys,
As you suggested I tried a cooked rom the Hermes_WM6_vanilla still get the same error message when I put my device manually in boot loader it shows;
H
IPL-1.01
H
SPL-1.40.Olipro
But as soon as I try an official or cooked rom it shows;
H
IPL-SSPL by des
H
SPL-1.09.ds
I’m now trying Schaps_WM6Pro_WWE_4.00_Full_Beta3.exe and choose for auto detect and it said 1.40 Olipro and in boot loader it shows;
H
IPL-1.01
H
SPL-1.40.Olipro
And after 1% I got the ERROR [244] : INVALID MODEL ID message again.
I think my options are getting slim.

Your ModelID is stored on NAND and can be edited quite trivially (mostly).
how it got corrupted I don't know, however, the important question is; can you get into the OS?

He Olipro,
The device it zelf works perfect I can go anywhere I want even in the OS.
Just lead the way.

Changing Model ID
I have a similar problem in that my Model ID got corrupted during a radio upgrade. I now get the same error (244) and am stuck on SPL2.10 and can't downgrade to fix it. Can anyone tell us how to manually change the model ID in the NAND?
Much appreciated.

Dumping NAND
Ok, I'm a relative newbie so appologies before I get flamed. Thanks Olipro for giving me a clue.
I have now got spl 2.60 on my device but am unsure how to dump the NAND. I've worked out how to dump the 3 partitions from the device to dump the OS but am still unclear which part of the device is the NAND. I've read the Wiki on the memory map but am still not too sure.
Anyone able to give me simple instructions to dump the NAND and once I've done that where abouts is the ModelID stored? Do I do this using mtty?
Thanks in advance.

http://forum.xda-developers.com/showthread.php?t=322225

NAND Dump
Thanks Drummer for pointing me in the right direction.
Ive done this bit:
BTW, if you want to do a full backup of you FULL eeprom nand at any time, connect as before and type these commands:
plink HERMES > full.nb (hit ENTER twice)
task 32 (hit ENTER once and only once from now on after every command)
password 0000000000000000 - My device password is BsaD5SeoA which I used instead.
set 1e 1
rbmc me.txt 50000000 7fff800
watch your file grow to 128 MB.
It creates a full.nb file but it stays at 1k!!
** Note I have copied the bootloader file for spl 2.60 on my Hermes and ran that so I can now use that versino instead of the 2.10 thats on my device if that makes a difference and have tried with no joy with either version. Yes I know it says to use 2.30 but I can't work out how to get that on my device due to the ModelID error.

The Model number is contained within the herm1.nb file that was posted by BusStop in that thread. No need for complete NAND reflashing, only that section. You'll see it using a Hex Editor. You should write down your WiFi MAC addess, so you can edit it before flashing the file with the corrected Model number. Now you just have to figure out how to get SPL 1.01 MFG on your device...

Thanks Drummer. I did try flashing the herm1.nb file but of course as I do not have SPL 1.01 MFG it gievs an error. I'll keep trawling through the site and see if I can work out how to get SPL 1.01 onto my device. I'm not going to let this damn device beat me.
Ok so I worked out how to get the ModelID using getdevicedata. Used nbhtool to create a vaild nbh using the ModelID I'd just got and used the spl from 2.30 and it updated that fine.
Excellent.
However did the same with the MFG1.01 and flashed it and......
I now have a dead brick, no power and no response form usb. Time to get a replacement device.
Thanks for all the help I've had. I'm sure it should have worked.

1.) Remove battery
2.) Connect Hermes to charger or USB
3.) Insert the battery while Hermes is connected to charger
4.) Red light should turn Amber
5.) Soft Reset

Thanks for the advice Drummer however:
1.) Remove battery
2.) Connect Hermes to charger or USB
3.) Insert the battery while Hermes is connected to charger
4.) Red light should turn Amber - Nope red light goes out!

Mne shows HHHHHHH
Hi all, i've upgraded my radio and after my model id changed to H.
So, reading some posts i've used NBHTOOL.
1.I've decompiled an original Italian ROM
2.i've obtained a custom nbh selecting only OS and EXTROM and changing my Model number.
3. after that i've flashed the nbh resulting into a write error at 84% and a bricked htc.
Luckily i was able to reflash roms and i processed to second experiment.
I've made a custom rom with only the os, and it WORKED!
so my questions are:
1. can i use my htc even if my external rom isn't flashed (it cames from an old Schaps 4.0 succesful flash)
2. It is safe to proceed installing bootloader SPL using the nbhtool like i did with the os?
In that case i will be able to fix the model id problem by flashinh spl 1.01 and using the wireless fixing method you posted..
Thanks in advance for your reply!

Hi
From my understanding the Ext rom is mainly used for carriers to install there specific addons and customizations so it shouldn't be a problem.
As you can see I did flash spl 2.30 using this method and it worked fine ti was only when something whent wrong flashing 1.01 that my problem happened but I think that may be that I used an nbs file instead of an nb file from what I've read since.
Good luck.
Edit: Just noticed someone on this thread has managed it by going straight ot 2.60 http://forum.xda-developers.com/showthread.php?t=322225