For those wondering what's de difference between each radio version, I've compiled a table with all radio ROMs available for the Hermes from the info I could extract from the decoded radios.
Here comes an explanation of each field, some things are just my guess and others are unknown to me:
Radio: Shipped Radio version as shown on splash screen or device information under WM5.
Protocol: If it ends in W means it's WEDGE (WCDMA and GSM/GPRS/EDGE), if it ends in H means HEDGE (HSDPA/WCDMA and GSM/GPRS/EDGE).
KMRX: M6275B-KMRX version (don't ask me what is this!)... seems to be part of the protocol string.
HTC_BOOT: HTC Radio Bootloader version.
QC_BOOT: Qualcomm bootloader version.
DATE1: First date string found (1 time) - this is most probably the radio build date.
DATE2: Second date string found (6 times) - this seems to be the common base between radio's build date.
JNAND: QUALCOMM JNAND Version and build date of JNAND.ELF for MSM6275 SURF and FFA
I have the feeling that HTC_BOOT V1.0108 will be a pain in the ass
If someone can bring more information, it is welcome
Some more information
RADIO VERSION
The Qualcomm MSM6275 chipset is found on Hermes, Trinity and Breeze devices.
If radio version ends in "1" it means GPS is enabled in this radio, if it ends in "0" it means is disabled. Example:
Radio 1.21.31.10 ==> GPS is disabled
Radio 1.22.01.01 ==> GPS is enabled
To see NMEA data you can use the command "[email protected]" in GSM AT Command interpreter. To stop receiving NMEA data use "[email protected]". It is possible to flash a GPS enabled radio from Trinity on Hermes, but Hermes hardware seems to lack either the antenna or the RF amplifier (or both) and it is not possible to use the MSM6275 as internal GPS on Hermes. See related thread for more info on this.
--------------
HTC_BOOT
This is the radio bootloader, do not confuse with normal bootloader (SPL).
Until now there are three radio bootloader versions found inside hermes radio (GSM.nb): 1.0106, 1.0107 and 1.0108
The last 4 digits of the radio bootloader version is returned by radio bootloader command "rversion".
These are the known differences between them:
1.0106 -- still has command 'rrbmc' to read back the memory content
1.0107 -- command 'rrbmc' does not work anymore, but it has been replaced by command 'rdpram' with the same syntax.
1.0108 -- this was first seen in Softbank X01HT post december 2nd devices (radio 1.14) and is also included in some trinity radios. The peculiarities of this radio bootloader version are explained here:
If you have a radio with HTC_BOOT 1.0108 on your device, you can't use extracted radio ROMs: This means you will not be able to flash radios in NBF format with MaUpgrade_NoID.exe anymore, you'll allways need to flash them in signed NBH format (ie: full ROM upgrade).
If you have a radio with HTC_BOOT 1.0108 on your device and flash a full ROM upgrade in NBH format, the radio will not be flashed unless your SPL version is 1.09.
If you have a radio with HTC_BOOT 1.0108 on your device and flash a full ROM upgrade in NBH format with SPL-1.09 on your device, your radio will be changed to the radio contained in the NBH file, HOWEVER the radio bootloader will stay the same HTC_BOOT 1.0108.
The same, explained in other words:
If you have a radio with HTC_BOOT 1.0108 (for example softbank x01ht 1.14 radio) and want to flash radio 1.21.31.10 on your device:
Upgrade your SPL to version 1.09, either by flashing a full rom containing SPL 1.09 or by flashing only this SPL with MFG bootloader.
Flash a full ROM containing 1.21.31.10 (or your desired) radio version, for example jasjam 1.31 rom. This will put radio 1.21.31.10 on your device, but HTC_BOOT will be 1.0108 even if the radio 1.21.31.10 has HTC_BOOT 1.0107.
Flash MFG bootloader again and flash extrom and OS "manually" from MFG.
Results after this:
Radio 1.21 will be back on your device, but HTC_BOOT 0108 will stay instead of being the original HTC_BOOT found on radio 1.21 (HTC_BOOT 0107). This means you will not be able to flash radios in NBF format with MaUpgrade_NoID.exe anymore, you'll allways need to flash them in signed NBH format.
--------------
Recommendation:
Don't flash any HTC_BOOT 0108 radio on your deivce if you plan to test Trinity's GPS enabled radios on Hermes, because you'll loose the ability to flash radios in NBF.
There are 2 trinity GPS enabled radios:
- 1.29 with HTC_BOOT 0108
- 1.22 with HTC_BOOT 0107
If you want to test, flash the 1.22, otherwise when you flash a new full hermes ROM in NBH you will keep the HTC_BOOT 0108 and will never be able to flash a Trinity radio on Hermes again.
Uau! pof, this is a very interesting info. Did you translate it to the wiki?
Not yet, I'm still doing research on the radio and will be using this post to add my findings. When I think it's complete then will probably write the wiki page.
To pof:
Must a radio version 1.14 of X01HT be 1.0108? How can we check it?
So we can only upgrade the radio rom by a full rom only (ex: jasjam 1.31 rom). If we do it, whether it has other effect on our devices? I think we still can flash other full rom after do it, isn't it?
Thank you for your kindly reply first!
kamiru said:
Must a radio version 1.14 of X01HT be 1.0108? How can we check it?
Click to expand...
Click to collapse
All softbank X01HT post 2006-12-02 with ROM version 1.33.761.4 have:
- radio 1.14 with HTC_BOOT 1.0108 (radio bootloader)
- SPL-1.09 (normal bootloader)
You can't check it because you need to access the radio bootloader for that, but the command to do this (rtask a) has been removed in SPL-1.09.
If you downgrade the SPL to 1.04, you can see it using radio bootloader command "rversion":
Code:
USB>[B]rtask a[/B]
[COLOR="SeaGreen"]Enter Radio Bootloader[/COLOR]
[B][COLOR="DimGray"]rversion[/COLOR][/B]
[COLOR="SeaGreen"]0108[/COLOR]
kamiru said:
So we can only upgrade the radio rom by a full rom only (ex: jasjam 1.31 rom).
Click to expand...
Click to collapse
Yes, and after having unlocked your phone with imei-check unlocker latest version (v4b). Otherwise you will not be able to flash other full rom because SPL-1.09 will check your CID and give you the "invalid vender id" error all the time.
kamiru said:
If we do it, whether it has other effect on our devices? I think we still can flash other full rom after do it, isn't it?
Click to expand...
Click to collapse
You loose softbank warranty after doing it, that's the only downside.
flash without radio
I gues when the new HTC firmware comes out, it will most likely have a radio with HTC_BOOT 1.0108.
so is it then possible the extract everything from it and flash it without the radio part.
this way we can allways chose witch radio we want to have, including the gps enabled radio. Or else it will be impossible to flash the gps enabled radio in the future, or am I wrong?
trion said:
I gues when the new HTC firmware comes out, it will most likely have a radio with HTC_BOOT 1.0108.
Click to expand...
Click to collapse
I guess that too, as new trinity ROMs are coming out with that version.
trion said:
so is it then possible the extract everything from it and flash it without the radio part.
Click to expand...
Click to collapse
Yes, using the 1.01 MFG bootloader.
trion said:
this way we can allways chose witch radio we want to have, including the gps enabled radio. Or else it will be impossible to flash the gps enabled radio in the future, or am I wrong?
Click to expand...
Click to collapse
You're right.
There is a new Radio-Rom in FTP-Uploads (1.27.0.0).Can anyone confirm, that is has 1.0107 ?
It has 0107, it's safe
Code:
USB>[B]rtask a[/B]
[COLOR="SeaGreen"]Enter Radio Bootloader[/COLOR]
[B][COLOR="DimGray"]rversion[/COLOR][/B]
[COLOR="SeaGreen"]0108[/COLOR]
Dear pof,
After I checked my device, I found it is 0108 version. But I think my device does not be hacked by imei-check unlocker latest version (v4b), since I used it before v4b release.
So whether I can upgrade to a full rom? After I upgrade it, whether I need to purchase the imei-check unlocker?? thank you for your kindly reply again.
@kamiru: If your device is SuperCID you can upgrade the radio in NBH format with bootloader 1.09, either by flashing a full rom or the 1.27 shipped radio we have now. If it's not SuperCID you'll need to purchase the imei-check unlocker.
Need SPL-1.09...
I used the HERMES Bootloader 1.01 MFG to check the HTC_boot on my x01ht, and it's 1.08.
So now I need to go back to SPL 1.09 but where's the file? I only have the spl-1.04.nb and spl-1.01.nbs from the .zip.
Mike
you have to flash your devicewith a complete rom to get the version 1.09 on it.
sorry
ok so if i purchase the imei-check unlocker, does that give me SuperCID even though my device is not sim locked?
what does the imei-check actually do?
Considering that a full rom update will flash the HTC radio bootloader, can an older full rom update downgrade and replace the HTC radio bootloader to an older version?
or is there some sort of dependency that the radio bootloader can only be flushed up a version.
Where to download 1.29 with HTC_BOOT 0108?
Thanks
Superenchi said:
now I need to go back to SPL 1.09 but where's the file?
Click to expand...
Click to collapse
here.
apokryphus said:
you have to flash your devicewith a complete rom to get the version 1.09 on it?
Click to expand...
Click to collapse
No, use SPL-1.01 MFG to flash SPL-1.09 only.
walshieau said:
ok so if i purchase the imei-check unlocker, does that give me SuperCID even though my device is not sim locked?
what does the imei-check actually do?
Click to expand...
Click to collapse
Not sure, ask their support team
funks said:
Considering that a full rom update will flash the HTC radio bootloader, can an older full rom update downgrade and replace the HTC radio bootloader to an older version?
Click to expand...
Click to collapse
No, once HTC_BOOT 0108 is flashed on your device there is no known way to downgrade it, at the moment it will stick forever.
funks said:
is there some sort of dependency that the radio bootloader can only be flushed up a version.
Click to expand...
Click to collapse
0107 can be downgraded to 0106, but 0108 can't.
hokkeung said:
Where to download 1.29 with HTC_BOOT 0108?
Click to expand...
Click to collapse
here.
Dear POF,
Sorry to my poor English first. So,as you say,if HTC-bootloader upgrade to 1.08,I can still flashed other rom and radio with running full rom method?What I can not do is I can't downgrade the Radio Bootloader?Is that what you mean?Thanks for your help!!!
pof said:
here.
No, use SPL-1.01 MFG to flash SPL-1.09 only.
Click to expand...
Click to collapse
Sorry my fault, didn´t noticed that you´ve extracted it already till now i thought there were only 1.01.nbs and 1.04.nb as extractet bootloader-files.
Related
Please help!
I have upgraded raido 1.29.00.11 form "Experimental", now I can't change radio to any version.....
How can I do?
Thanks
You've Probably Flashed Radio Bootloader 108 On To Your Device.
This Means That You Will Not Be Able To Flash Just A Radio Rom Any More. You'll Have To Flash A Whole Rom Just To Upgrade The Radio. There Are Notices About 108 All Over The Forum
mousey_ said:
You've Probably Flashed Radio Bootloader 108 On To Your Device.
This Means That You Will Not Be Able To Flash Just A Radio Rom Any More. You'll Have To Flash A Whole Rom Just To Upgrade The Radio. There Are Notices About 108 All Over The Forum
Click to expand...
Click to collapse
Thanks for your information.
I already fixed this issue. ^^
piao said:
Thanks for your information.
I already fixed this issue. ^^
Click to expand...
Click to collapse
If you accidentally flashed your Radio Bootloader, how did you go back to the previous version.
My guess is that you were already SuperCID and you had to load a complete older ROM to get back. Am I correct?
wpbear said:
If you accidentally flashed your Radio Bootloader, how did you go back to the previous version.
My guess is that you were already SuperCID and you had to load a complete older ROM to get back. Am I correct?
Click to expand...
Click to collapse
Yes, I had SuperCID.
My method was upgrade to latest ROM (Include SPL-1.09) and twice successive flash.
First, SPL will upgrade 1.09, but radio still 1.29.00.11
Second, Radio will upgrade 1.34.00.10
not quite. Your radio bootloader is not downgraded. You can no longer flash radio in nbf with bl 1.04. You must flash in nbh using bl1.09. Then you can downgrade bootloader to 1.01MFG and flash os/extrom of your choice.
Sleuth255 said:
not quite. Your radio bootloader is not downgraded. You can no longer flash radio in nbf with bl 1.04. You must flash in nbh using bl1.09. Then you can downgrade bootloader to 1.01MFG and flash os/extrom of your choice.
Click to expand...
Click to collapse
So he can change radio or not?
He can change. But he must start with a specific Bootloader and flash a full RUU in nbh. Then he must put on BL1.01MFG and flash seperate os.nb and extrom to change to the os build he wants. The "radio only" upgrades flash in nbf and will not work any more.
Sleuth255 said:
He can change. But he must start with a specific Bootloader and flash a full RUU in nbh. Then he must put on BL1.01MFG and flash seperate os.nb and extrom to change to the os build he wants. The "radio only" upgrades flash in nbf and will not work any more.
Click to expand...
Click to collapse
ok thanks, i'm iterresting for radio upgrade only (after bigggg mistake Flashed HTC_BOOT 1.08).
SO no issue for me now:-(
The key here is that Bl1.09 and radio bl 1.0108 work together. 1.09 will not allow the radio to upgrade unless flashed in NBH. Radio bl 1.0108 will not permit upgrades unless initiated from bl 1.09. If superCID is enabled then bl 1.09 will permit any operator's rom, flashed in nbh, to upgrade the radio.
I really need to flowchart this for the wiki... I barely understand this myself...
but why, after restoring all, bootloader 1.01mfg etc. it is still impossible to flash radio rom only?
i can´t get it.
Actuality, I used this ROM "RUU_Hermes_HTC_WWE_2.05.255.1_6275_1.34.00.10 _108 _Test.exe".
After flashed, I don't change SPL to 1.01 MFG or 1.04, just re-flashed it again.
The radio will be change 1.34.00.10.
apokryphus said:
but why, after restoring all, bootloader 1.01mfg etc. it is still impossible to flash radio rom only?
i can´t get it.
Click to expand...
Click to collapse
Device BL 1.09 acts as the "key" for Radio BL 1.0108. By flashing to Device BL 1.01, or any other, you have broken the "key" and now can't access the radio rom...basically.
Ninja1
apokryphus said:
but why, after restoring all, bootloader 1.01mfg etc. it is still impossible to flash radio rom only?
i can´t get it.
Click to expand...
Click to collapse
radio bl 1.0108 won't allow upgrade to occur unless initiated by bl1.09. bl1.09 won't allow radio flashing in nbf (which is what all extracted radio rom only files use)
Hi all
I had a SuperCID Voda v1605 and I stupidly upgraded to the Test 2.05 ROM via EXE and lost SuperCID. Now I can't get SuperCID back even with IMEICheck v4! I do have IPL-1.01 and SPL-1.04 now though.
MTTY info 2 gives Level = FF. No SuperCID there.
Any help or ideas? Really need to unlock the Ext ROM & CID..
Q1: what did you use to SuperCID before AKU 3.3? HERM_Unlock (which version?) or imei-check (which version?) ??
Q2: Have you payed imei-check and don't get SuperCID after running their v4 unlocker?
pof said:
Q1: what did you use to SuperCID before AKU 3.3? HERM_Unlock (which version?) or imei-check (which version?) ??
Q2: Have you payed imei-check and don't get SuperCID after running their v4 unlocker?
Click to expand...
Click to collapse
I used IMEI Check v4 to get the original SuperCID from the Vodafone ROM 1.20. And I paid for the IMEI file for my device. This worked perfectly in the pre-AKU 3.3 days.
I just found IMEI Check v3c and gave that a shot but it failed saying that HTCBoot 0108 isn't supported. v4 gave no errors and claims 'success'.
I really do appreciate input here! Let me know if you need more details or tests done. Thanks!
imei-check unlocker v3 did not make SuperCID stick after rom/radio upgrades, you have to run it again after flashing a rom or radio to get SuperCID again, it also doesn't work with HTC_BOOT 0108.
imei-check unlocker v4 I don't know what it does, but I read from some SoftBank x01ht users with HTC_BOOT 0108 that they are getting SuperCID after running it.
I suggest you to try this:
1. Flash full AKU 2.3 rom with 1.09 bootloader (HTC 1.35 for example).
2. Run imei-check unlocker v4 with the .unl file for your imei.
3. Run HERM_Unlock_v2a.exe on your phone to "hopefully" make SuperCID sticky.
4. Flash a full AKU 3.3 rom again and check your CID.
so your saying that you have Radio bootloader 108 and got SuperCID by using the imei-check unlocker???
Just an other question. I flash my v1605 with ROM2.05 exe file. Before this flash my phone have the South africa rom with SuperCID. Now my HTC_BOOT are 0108. Can i downgrade my radio to 1.27 ?
Thanks
This is what pof say.
If you have a radio with HTC_BOOT 1.0108 on your device, you can't use extracted radio ROMs: This means you will not be able to flash radios in NBF format with MaUpgrade_NoID.exe anymore, you'll allways need to flash them in signed NBH format (ie: full ROM upgrade).
If you have a radio with HTC_BOOT 1.0108 on your device and flash a full ROM upgrade in NBH format, the radio will not be flashed unless your SPL version is 1.09.
If you have a radio with HTC_BOOT 1.0108 on your device and flash a full ROM upgrade in NBH format with SPL-1.09 on your device, your radio will be changed to the radio contained in the NBH file, HOWEVER the radio bootloader will stay the same HTC_BOOT 1.0108.
Click to expand...
Click to collapse
If i understand is not possible to downgrade HTC_BOOT 0108
Yes, it is not possible to downgrade HTC_BOOT 108 but you can downgrade the radio as state above.
pof said:
imei-check unlocker v3 did not make SuperCID stick after rom/radio upgrades, you have to run it again after flashing a rom or radio to get SuperCID again, it also doesn't work with HTC_BOOT 0108.
imei-check unlocker v4 I don't know what it does, but I read from some SoftBank x01ht users with HTC_BOOT 0108 that they are getting SuperCID after running it.
I suggest you to try this:
1. Flash full AKU 2.3 rom with 1.09 bootloader (HTC 1.35 for example).
2. Run imei-check unlocker v4 with the .unl file for your imei.
3. Run HERM_Unlock_v2a.exe on your phone to "hopefully" make SuperCID sticky.
4. Flash a full AKU 3.3 rom again and check your CID.
Click to expand...
Click to collapse
I did try that. Twice now and it didn't work. I flashed HTC's 1.35 and didn't mess about. End result is still a locked CD. I suppose my only option is to wait for a HTC Radio bootloader downgrade from 0108?
I've been reading alot around here about upgrading roms. But I am still confused between these two things. Mine has the radio version of 1.16. But I have no idea what radio BL version it is.
I am afraid to upgrade without understanding this. Because from what I've read, I do not want radio BL of 1.08.
Could someone please explain this?
Hi
You'll find this info in the wiki:
http://wiki.xda-developers.com/index.php?pagename=Hermes_ExtractedRadioRoms
HTC Boot is the radio bootloader so you have 0107. Radios with 0108 are the ones to watch out for since flashing this means that you will no longer be able to flash radio (or other) updates on their own afterwards. HTC Boot is flashed when you flash a new radio rom. Additionally, to have any radio rom flashed successfully once you have HTCBoot 0108, your SPL (system bootloader) needs to be 1.09 otherwise the radio does not get flashed.
The latest HTCBoot0107 radio is 1.27
Regards
Nigel
veletron said:
Hi
You'll find this info in the wiki:
http://wiki.xda-developers.com/index.php?pagename=Hermes_ExtractedRadioRoms
HTC Boot is the radio bootloader so you have 0107. Radios with 0108 are the ones to watch out for since flashing this means that you will no longer be able to flash radio (or other) updates on their own afterwards. HTC Boot is flashed when you flash a new radio rom. Additionally, to have any radio rom flashed successfully once you have HTCBoot 0108, your SPL (system bootloader) needs to be 1.09 otherwise the radio does not get flashed.
The latest HTCBoot0107 radio is 1.27
Regards
Nigel
Click to expand...
Click to collapse
Isn't it possible though to do NBH/ROMupgradeUT radio only updates using SSPL with Radio BL 0107 or 0108?
Edit: I made Radio Only NBH/ROMupgradeUT 1.33.31.00 RBL 108. Using SSPL on device works fine to upgrade my radio. NBH Radio Upgrade Only 1.33.31.00 Run SSPL FIRST
I had radio bl 0108 before trying this so it works this way. There is no way to downgrade radio bl, but it really doesn't matter sine this method works to upgrade or downgrade radio rom.
Hi,
Probably a bit of a newbie question but I can't find a definitive answer anywhere else on the forums. Where is the CID actually stored, is it part of the IPL, SPL or Radio ROM? If I perform and upgrade that replaces the Radio ROM but not the IPL/SPL will this change my CID? If I use the new Linux ROM flasher to dump the radio ROM is it possible to restore my CID at a later date.
The CID is stored on the security area found in radio. When the SPL checks the CID it queries the radio and is it who tells the SPL which is your current CID.
Modified bootloaders such as SSPL or Hard-SPL are patched to always show "SuperCID" when the CID is queried, but they don't "ask the radio" which is your real CID, they just return always "SuperCID" without asking the radio for the real CID.
People who has what we call a "corrupted CID" doesn't really mean their CID is corrupted, it means that when the SPL asks the RADIO which is the device's CID, the radio is not able to answer, so the bootloader shows a "F" meaning Failure and a crc32 checksum of this failure, it this case it is really the radio which is corrupted (and fails to answer) and not the CID. If the radio bootloader is not corrupted (which is not in most of the cases) you are able to flash a radio again and "recover your CID", which means the radio is recovered and returns the proper answer to bootloader again.
Now answering your questions:
sjbale said:
If I perform and upgrade that replaces the Radio ROM but not the IPL/SPL will this change my CID?
Click to expand...
Click to collapse
No, unless the radio is patched to do so... but even the patched radio, doesn't really change your CID, just "returns" a security level=0 which the SPL interprets as SuperCID.
That's why you see your devcice as SuperCID while running the patched radio, but if you flash another radio after, you go back to your normal CID.
sjbale said:
If I use the new Linux ROM flasher to dump the radio ROM is it possible to restore my CID at a later date.
Click to expand...
Click to collapse
No, HERMflasher is able to dump a radio with 'rrbmc' command, but the dumped radio is not useful for anything as not all parts are dumped with this command. I just did it because I wanted to see what was dumped, and learn a bit of C programming with it
Thanks for the info, so as things stand at the moment there is no way to dump a backup version of the IPL, SPL or Radio ROM. If I used the Hard-SPL to flash a ROM without the Radio portion is this likely to cause compatibility problems ie do the updated OS images require an updated radio?
sjbale said:
Thanks for the info, so as things stand at the moment there is no way to dump a backup version of the IPL, SPL or Radio ROM.
Click to expand...
Click to collapse
You can dump IPL and SPL using 'rbmc' command, but there's no need to dump them from a live device because you can extract all available versions from a shipped rom.
sjbale said:
If I used the Hard-SPL to flash a ROM without the Radio portion is this likely to cause compatibility problems ie do the updated OS images require an updated radio?
Click to expand...
Click to collapse
Depending on how much "outdated" radio and "updated" OS you have flashed, but generally you don't have to worry about that.
I hope someone provide me with some advice/pointers>
I've unpacked the latest Hermes Radio Rom (1.54.07.00) and then used NBHGEN to create a suitable unsigned ROM with a BREE100 header. I then copied the file to my micro-SD card as BREEIMG.NBH and used the Breeze variant of SSPL to flash the upgrade. All appeared to go well, the device went to the update screen and the progress indicated slowly went to 100% before announcing success.
However, on restart the OS still reports the radio as 1.38.00.10
Can anyone advise where my error is? Has anyone experienced this with a Hermes radio only SD card upgrade?
On further investigation the Breeze SSPL is reporting:
BREE100
IPL-SSPL by Des
BREE100
SPL-1.01
and rversion reports 108.
So is it just that the Breeze port of SSPL is just not current enough to allow radio upgrades now it has a 1.08 bootloader?
Ok from one of Prof's many helpful threads:
If you have a radio with HTC_BOOT 1.0108 on your device, you can't use extracted radio ROMs: This means you will not be able to flash radios in NBF format with MaUpgrade_NoID.exe anymore, you'll allways need to flash them in signed NBH format (ie: full ROM upgrade).
If you have a radio with HTC_BOOT 1.0108 on your device and flash a full ROM upgrade in NBH format, the radio will not be flashed unless your SPL version is 1.09.
If you have a radio with HTC_BOOT 1.0108 on your device and flash a full ROM upgrade in NBH format with SPL-1.09 on your device, your radio will be changed to the radio contained in the NBH file, HOWEVER the radio bootloader will stay the same HTC_BOOT 1.0108.
Click to expand...
Click to collapse