Better Mobile App

Disadvantages in downgrading to bootloader 1.04?

Are there any downsides to downgrading to bootloader v1.04?
Does v1.06 have anything extra that v1.04 doesn't?
I have an X01HT (v1.06)
Is it possible that future ROM upgrades could be tied to the bootloader version?
Thanks

tle said:
Are there any downsides to downgrading to bootloader v1.04?
Click to expand...
Click to collapse
Bootloader 1.06 enforces CID checking, bootloader 1.04 doesn't.
Bootloader 1.06 doesn't have 'rtask' command, bootloader 1.04 does.
rtask command allows you to do some "interesting" things, for example enter radio bootloader, and GSM AT command interface, where you can type AT commands to the phone from bootloader. Read the wiki Hermes bootloader page for more info.
tle said:
Does v1.06 have anything extra that v1.04 doesn't? I have an X01HT (v1.06)
Click to expand...
Click to collapse
No, it has less things... rtask command removed
The "extra" thing is that your CID is checked when flashing a ROM, so you can't flash ROMs that are made for other Hermes devices such as HTC TyTN or Cingular 8525 on your X01HT.
tle said:
Is it possible that future ROM upgrades could be tied to the bootloader version?
Click to expand...
Click to collapse
it is possible, but unlikely to happen, shouldn't worry you too much now.

Thanks for the quick reply, pof.
I guess that if a ROM were to be tied to bootloader v1.06 then someone would have to make a bootloader only upgrade... Do you foresee and potential issues there. (excluding copyright issues?
Thanks

tle said:
I guess that if a ROM were to be tied to bootloader v1.06 then someone would have to make a bootloader only upgrade... Do you foresee and potential issues there. (excluding copyright issues?
Click to expand...
Click to collapse
No issues at all, and no "bootloader only upgrade" needed... if you are on 1.04 you just have to flash any ROM containing bootloader 1.06 to have bootloader 1.06 on your device. Then you could do the 'tied-to-1.06' upgrade.
But at the moment 1.06 and 1.04 are very similar, the only difference I've noticed is 'rtask' command and CID checking. rtask command also allows you to go radio bootloader and flash the 'extracted radio rom upgrades' (using rwdata), so you can't do a radio-only upgrade in 1.06 at the moment.
Anyway... I am investigating the way to provide an alternative method to go from 1.06 to 1.04 without copyright issues (as with the previous method from imei-check). Now I can jump from WinCE to IPL at physical address 0x0000000 and then the IPL reads the SPL from flash and executes it correctly.
The next step is to load the nb file for SPL 1.04 and place it in RAM at 0x3000000, and instead of jumping to IPL jump to SPL when this is done it will be possible to downgrade the bootlodaer for those of you on 1.06

Sounds like you are close to a solution. I read in a another thread that you said you are not a WINCE programmer, but you seems like you have a good grasp of low level programming. Best of luck!

I'm getting a lot of help from some friends, i wouldn't have reached this without their help, and I like to learn new things
What we're doing is modifying gnuharet to remove the linux-loading part and add very few changes in the ARM9 assembly part, if you're interested see the file src/wince/asmstuff.S.

pof said:
rtask command allows you to do some "interesting" things, for example enter radio bootloader, and GSM AT command interface, where you can type AT commands to the phone from bootloader.
Click to expand...
Click to collapse
I guess it should be possible to do in wince by directly calling a rilgsm ioctl
(should work on universal, the equivalent code runs the phone in Linux).
devspecific code=54
http://wiki.xda-developers.com/index.php?pagename=rilgsm.dll

cr2, yes it is possible... this is what my unlocker does to do the [email protected] commands and uses almost the same code as buzz used on the universal.
EDIT: I read you too fast, I'm using RIL_DevSpecific commands to send the [email protected], but didn't read the code=54. Have to try this, thanks for pointing it out!

Help Needed!
Hi pof,
I (stupid guy!) upgraded from ME_DT_WWE_1182553_106_10303_Ship to Cingular 1.34.502.1 (1.06) and now I cannot downgrade (using for example Cingular_1.30.502.1 (1.04)...why?
I tried every unlocking process, every step you write here, but no way! Always ID ERROR (294)...whyyy????
I cannot understand...I think a downgrade to 1.04 could save me...
Please, help me...

Yes, downgrade will help you. Just downgrade to a full rom matching the CID on your device, or wait until a free solution to downgrade bootloader.

pof said:
Yes, downgrade will help you. Just downgrade to a full rom matching the CID on your device, or wait until a free solution to downgrade bootloader.
Click to expand...
Click to collapse
Just to be sure: I flashed my Dutch TyTn (QTEK_E11) to Cing 1.34 WWE (CWS_001).
Now my CID still is QTEK_E11 or is it changed to CWS_001?
If is still is QTEK_E11 then I can go back to the Dutch HTC 1.18.254.2, can I?
And from there I can SuperCID my device?

flashing radiorom from bootloader

pof, whats the address i need to flash a radiorom from bootloader mode?
I collected those from the wiki, but its missing the info for the radiorom.
First Splash:
lnb finalsplash.nb 500e0000
Second splash screen (SubSplash):
lnb finalsplash.nb 50140000
Extrom:
lnb ExtROM.nb 57500000
OS:
lnb OS.nb
ok after enormous searching i've found this:
lnb radio_.nbf 0x80000000
the address is correct, but the file has to be GSM.nb extracted from NBH file, not a .nbf which includes also the NBF header.
And AFAIK no one tried to flash radio using this method yet, you'll be the first if you do it and if it doesn't work you can brick your phone.
If you do it, please report the results
Click to expand...
Click to collapse
okay i have tried it.. it does not brick the phone, but it also doesnt change anything.. radio version remains the same even though it flashes it properly.
USB>lnb gsm.nb 80000000
:F=gsm.nb
:A=80000000
:O=00000000
:L=FFFFFFFF
start NB image download
S
Load ADDR: 80000000 Length: D80000
H***************************************
****************************************
*****************************Code entry point at 0x80D60000
Click to expand...
Click to collapse
i have updated the wiki with this
USB> task 32
USB> lnb gsm.nb 80000000
USB> task 8,
this seems to flash the radio but the radio version reported by the os remains the same. so this is not working properly
Click to expand...
Click to collapse
http://wiki.xda-developers.com/index.php?pagename=Hermes_BootloaderMFG

dutty said:
pof, whats the address i need to flash a radiorom from bootloader mode?
I collected those from the wiki, but its missing the info for the radiorom.
First Splash:
lnb finalsplash.nb 500e0000
Second splash screen (SubSplash):
lnb finalsplash.nb 50140000
Extrom:
lnb ExtROM.nb 57500000
OS:
lnb OS.nb
ok after enormous searching i've found this:
okay i have tried it.. it does not brick the phone, but it also doesnt change anything.. radio version remains the same even though it flashes it properly.
i have updated the wiki with this
http://wiki.xda-developers.com/index.php?pagename=Hermes_BootloaderMFG
Click to expand...
Click to collapse
are you sure it's actually writing a new radio? try flashing a Non-GPS one when you have a GPS (or vice versa) and testing [email protected]

Olipro said:
are you sure it's actually writing a new radio? try flashing a Non-GPS one when you have a GPS (or vice versa) and testing [email protected]
Click to expand...
Click to collapse
yep.. it is downloading and writing the blocks..at least thats what the mtty output tells me... i've tried flashing a non-gps radio and it still reports the gps radio and startgps works.. weird..
the thing for me is i've flashed the 108radio boot loader which prevents me from flashing only radioroms.. so i've tried doing this from the bl..
i think the only possibility that is left for the 108rbl is to create a full os image using typhoonnbf decode (including splashscreens, os and everything else) and then flash this image.

dutty said:
yep.. it is downloading and writing the blocks..at least thats what the mtty output tells me... i've tried flashing a non-gps radio and it still reports the gps radio and startgps works.. weird..
the thing for me is i've flashed the 108radio boot loader which prevents me from flashing only radioroms.. so i've tried doing this from the bl..
i think the only possibility that is left for the 108rbl is to create a full os image using typhoonnbf decode (including splashscreens, os and everything else) and then flash this image.
Click to expand...
Click to collapse
no, not weird... it's just not flashing; now here's a thought; is it possible to rtask, authenticate with the radio then exit out of rtask mode again... perhaps it protects the memory address till you do this

Olipro said:
no, not weird... it's just not flashing; now here's a thought; is it possible to rtask, authenticate with the radio then exit out of rtask mode again... perhaps it protects the memory address till you do this
Click to expand...
Click to collapse
yeah, not weird
btw.. i've also tried to do a radio rom upgrade from an official provider.. tmobile germany released a radiorom only upgrade.. but i couldnt use that to downgrade too..
how do you mean? authenticate? simply entering the radioloader and exiting?
i.e.
rtask a
retuoR
another thought.. what would happen if we just "rerase" the region of the radiorom and then try to reflash.. have to admit i lack the balls to try it
edit: tried the rtask a , rversion, retuoR and then flashing.. but it didn't work

okay.. the last and maybe the best idea is this:
since we can dump parts of the rom using the bootloader how about dumping a radiobootloader < 108 and then "lnb" it into a 109 device..
http://forum.xda-developers.com/showpost.php?p=1092471&postcount=1
i have tried this:
USB> task 32
USB> set 1e 1
USB> rbmc spl 50020000 40000
Click to expand...
Click to collapse
but it doesnt seem to work..
Code:
USB>rbmc spl 50020000 40000
GetExtRomData+(): *pszPathName=spl, dwStartAddress=50020000, dwLength=40000
:F=spl
:A=50020000
:L=00040000
:rbmc=
how can i recieve the file? i have enabled automatic downloads in mtty.. pof?

The radio code is actually flashed into the Qualcomm chipset under the control of the radio bootloader. that's why nbf radio flashing can only be done with bl1.04. In subsequent bootloaders, the required radio bl commands aren't available.
I believe the chipset itself may be mapped into the addresses you mention, but the flashing method is different thus the reason why nothing happens.

Sleuth255 said:
The radio code is actually flashed into the Qualcomm chipset under the control of the radio bootloader. that's why nbf radio flashing can only be done with bl1.04. In subsequent bootloaders, the required radio bl commands aren't available.
I believe the chipset itself may be mapped into the addresses you mention, but the flashing method is different thus the reason why nothing happens.
Click to expand...
Click to collapse
interesting..
but if we're using 1.01mfg and flashing into the mapped/virtual memory area we might be able to overwrite the 1.08 radio bootloader..
according to http://wiki.xda-developers.com/index.php?pagename=HermesMemoryMap
the radiobootloader sits right behind the radio at 0x80100000
i would give it a try but i dont know how i can dump files from the bootloader onto my pc.. rbmc seems to send the file, but mtty doesnt know how to recieve it. i guess i'll have to use usbmonitor?

Or is the bootloader itself in the Qualcomm chipset as well? All the normal bootloader does is transfer control (in bl1.04 with rtask 4 in subsequent bl's using a mechanism that is only revealed during the nbh flashing process) to the radio bootloader. Then data flows....

Sleuth255 said:
Or is the bootloader itself in the Qualcomm chipset as well? All the normal bootloader does is transfer control (in bl1.04 with rtask 4 in subsequent bl's using a mechanism that is only revealed during the nbh flashing process) to the radio bootloader. Then data flows....
Click to expand...
Click to collapse
i don't know. but i know that we need to find a way to deal with rb 108 as it will be packed into any radio rom thats released.
there must be a way to dump and flash it using the bootloader as it gets flashed when updating a radiorom using lnb or maupgrade.
unfortunately i really don't know how to deal with the remote dump command, even with usbmonitor the output is useless, as mtty only recieves a couple of bytes then stops. after terminating the connection and restarting mtty it recieves a couple more bytes and so on and so on..

I think the key here is to figure what goes on during nbh flashing since we know the radio bootloader can be changed then. This also holds the key to simple RUU flashing of cooked roms on the hermes btw. We have to get here too eventually if we ever want to package up a cool GPS enabled hermes rom that even Noobs can install Right now, hermes upgrading is a nightmare....

Sleuth255 said:
I think the key here is to figure what goes on during nbh flashing since we know the radio bootloader can be changed then. This also holds the key to simple RUU flashing of cooked roms on the hermes btw. We have to get here too eventually if we ever want to package up a cool GPS enabled hermes rom that even Noobs can install Right now, hermes upgrading is a nightmare....
Click to expand...
Click to collapse
i'll do a full ruu upgrade now and track the whole thing with usb monitor.. maybe something useful comes out of that

sorry i have been away for the last 2 days.
Radio can't be flashed with lnb, it must be flashed from radio bootloader using rwdata.
Now we can use Des SSPL to flash radios in NBH, so radio bootloader 0108 is not a problem anymore
I will provide a reimplemented flashing tool for hermes in a few days (need two more long nights to finish fixing minor bugs), it allows to dump the radio and do some "extra" stuff... at the moment it only works in linux, but I'm sure some of you will be able to port it to windoze

yep... the holy grail of nbh flashing is possible Des "got 'er done"!

Free HTC Hermes SIM & CID Unlocker *New* version v3a

This is a patched radio ROM that can be used to remove the Operator SIM lock and CID lock from HTC Hermes based telephones. This new version also includes HardSPL patched bootloader to show always as SuperCID and allow to flash unsigned code.
It can be used in all HTC Hermes devices, no matter which bootloader version the device is running.
NOTE: For x01ht post April devices, see this thread.
Disclaimer:
This is free to use but at your own risk, I take no responsibility for any conflict, fault, or damage caused to your phone by this unlocking procedure. No warranties of any kind are given. Any commercial usage prohibited.
Website:
http://pof.eslack.org/hermes-unlocker/
Install Instructions:
Easy auto-install Instructions:
Unzip unlocker and run AUTO_Unlock_v3a.bat
If you don't want to install automatically, or for some reason the process doesn't work for you, read the file Instructions.txt.
Thanks to:
buzz_lightyear, itsme, vijay555, arc, Asukal, machinagod, esteve - for the wise advice and support
Des and Olipro - for SSPL and HardSPL, everybody praise them!
everyone else in xda-developers.com
History:
v3a [03-04-2007] - New RUU will make sure HardSPL-1.40 is installed before flashing the radio
Now the unlocking process is faster & safer
Fixed bug where IPL was downgraded to 1.00
v3 [11-02-2007] - Herm_Unlock_v3.exe now allows you to select SIM / CID unlock separately
Thanks to SSPL it can be used in all bootloader versions
Patched radio is now provided in NBH format
It keeps the current bootloader on phone (does not downgrade SPL).
v2a [14-11-2006] - bugfix release, thanks to all who reported the problems!
(hopefully) fixed bug where unlock code has to be entered manually
(hopefully) fixed bug where SuperCID was not kept after rom upgrades in some cases
v2 [12-11-2006] - updated to patched radio 1.16
unlocking software provided (HERM_Unlock_v2.exe): thanks buzz for the source of UNI_Unlock_v1 ;-)
SuperCID is now kept after rom upgrades
v1 [05-11-2006] - patched radio 1.13
unlock manually
Donations:
I spent some time and money developing this free unlocker, there's no need to pay me for that, but donations are always appreciated.
​
Download:
HTC_Hermes_SIM_CID_Unlock_v3a.zip​
Enjoy!

I closed the old version thread, it is still available here.
FREQUENTLY ASKED QUESTIONS
Q: Will this void my warranty?
A: If you select the option to "CID unlock" most probably yes. Don't select it if you just want to remove the SIM-Lock, it will be CID unlocked anyway by HardSPL but will keep your original CID if you flash any other SPL on it.
Q: After unlocking my phone my Radio and SPL versions are downgraded. Can I upgrade them?
A: Yes, you can upgrade to a newer radio and newer SPL/HardSPL version. The phone will not be locked again.
Q: Will this work on Post Dec-2nd SoftBank X01HT phones?
A: Hopefully yes, but your OS ROM includes software SIMLock protection (the annoying USIM screen), you can flash a non-softbank OS rom after unlocking it or read the thread for other options if you want to keep the SoftBank ROM.
Q: Will this work on Post April (white) SoftBank X01HT phones?
Yes if you have not let the SoftBank ExtROM install, otherwise your radio bootloader has been upgraded to 0182 and it is not possible to flash a radio or remove the SIMLock.
Q: Will this work if my bootloader version is SPL-1.09?
A: Yes.
Q: Will this downgrade my bootloader to 1.04?
A: No, it will upgrade it to Hard-SPL 1.40 which is better. You can use Custom RUU to flash any ROM on it.
Q: Will this work if my radio bootloader is HTC_BOOT 0108?
A: Yes.
Q: Will it downgrade HTC_BOOT 0108 to 0107?
A: No, if you have 0108 it will keep 0108.
Q: Do I need to run the new version if I already used the older version previously?
A: No, your phone is already unlocked, no need to run unlocker again.
Q: After finishing the process it still asks for unlock code, what should I do?
A: Make sure you have radio version 1.16 and run Herm_Unlock_v3.exe on your phone and select unlock option. If entering any unlock code fails, please repeat the unlocking process again (you did something wrong the first time).

I would like to thank you for all the owner of Hermes which is not unlocked.Good work,pof!

Hi Pof,
download link for the local ftp pointed to older 2a version. Typo, I guess.

pof You gave necessary unlock v3?
see "HTC_Hermes_SIM_CID_Unlock_v3.zip" ftp://xda:[email protected]/Hermes/Tools_and_Programs/HTC_Hermes_SIM_Unlock_v2a.zip

It just had been corrected.I guess pof had not finished uploading just now.
Please see ftp://ftp.xda-developers.com/Hermes/Tools_and_Programs/HTC_Hermes_SIM_CID_Unlock_v3.zip

Yes guys sorry for the wrong download link, it has now been fixed

Pof that was amazing.. i'm really impressed Thank You!

thanks pof for your great worked..superb..i have waiting for a long time ago for this new solution..

Hi
Thanks to POF. what a conincident. i have test the first unlocker on the same day as pof posted and today again just had one piece and tested it. every thing went ok.
Br

Incredible! Pof, would you mind sharing on how you succeeded? I was very interested in the approach directly jumping into bootloader and so on. So explaining the other developers what and how you did is appreciated
Ok, explaining should happen here. But I'm still very thirsty for information. :-D
.wysiwyg { background-attachment: scroll; background-repeat: repeat; background-position: 0% 0%; background-color: #ffffcc; background-image: none; color: #000000; font-family: Verdana, "Lucida Grande", Arial, Arial; font-style: normal; font-variant: normal; font-weight: 400; font-size: 10pt; line-height: normal } p { margin: 0px; }

@Chatty: I used SSPL by Des to flash self signed nbh containing patched radio and 1.04 spl. see here for details:
http://forum.xda-developers.com/showthread.php?t=293651

Fantastic work again pof, big thanks to everyone involved!

Help!!Please
I use v3 to unlock my phone,and super CIDed it too.Everything goes well until I used SSPL tools to get into bootloader and use MTTY to give command below.
USB>task 32
Level = 0
USB>lnbs spl-1.01.nbs 50020000
:F=spl-1.01.nbs
:A=50020000
:O=00000000
:L=FFFFFFFF
start NB image download
Of course in the same directery I have ...1.01.nbh . But it just stoped there.And never completed.I disconnectd the USB cable and plug it again,I can type some commands,too.And there is reply.
What should I do?

qvik123 said:
Help!!Please
I use v3 to unlock my phone,and super CIDed it too.Everything goes well until I used SSPL tools to get into bootloader and use MTTY to give command below.
USB>task 32
Level = 0
USB>lnbs spl-1.01.nbs 50020000
:F=spl-1.01.nbs
:A=50020000
:O=00000000
:L=FFFFFFFF
start NB image download
Of course in the same directery I have ...1.01.nbh . But it just stoped there.And never completed.I disconnectd the USB cable and plug it again,I can type some commands,too.And there is reply.
What should I do?
Click to expand...
Click to collapse
You must be in normal bootloader 1.04 to do this. Not in 1.09 from the SSPL-tool.

qvik123 said:
But it just stoped there.And never completed.I disconnectd the USB cable and plug it again,I can type some commands,too.And there is reply.
What should I do?
Click to expand...
Click to collapse
Have you tried recovery way clearly stated in documentation
In case if something goes wrong during flashing you should flash your device with ROM accepted by standard bootloader (and have another try if you wish).
Click to expand...
Click to collapse
?

Thank you.I did not recognize that.That means,since I have super CID,I can flash any shipped complete ROM with a 1.04 SPL and then flash to 1.01MFG in order to flash seperate OS roms,am I right?

Hi Pof it works also on my orange m3100 that is brick on boot mode 1.06 ? Or i have still wait the orang001 rom ? Thanks

Des said:
Have you tried recovery way clearly stated in documentation ?
Click to expand...
Click to collapse
I think that is the problem is as scorpio16v said I did not have the proper SPL version.But luckily I managed to reboot my device and WM5 started to load.Now I am going to downgrade to SPL 1.04.Thank you.

qvik123 said:
Thank you.I did not recognize that.That means,since I have super CID,I can flash any shipped complete ROM with a 1.04 SPL and then flash to 1.01MFG in order to flash seperate OS roms,am I right?
Click to expand...
Click to collapse
yes you can go this way if you want to, or you can load 1.01MFG with SSPL without flashing it, or you can create nbh rom signed with anything and flash it with SSPL. Read doc it rulez.

Hard-SPL, Or How to Not Brick Your PDA Ever Again And Fix Bad Blocks!

OK, well... I'd like to introduce Hard-SPL; available in 3 flavours:
SPL 2.10 based on 2.02 will be released shortly at £5 per person... only kidding... it's free, and out now, but do consider a donation
1) 2.10 - Hard-SPL-V7 - see Changelog for further details
(at the bottom)
2) 1.10 - Olipro SPL - based on 1.04 and unlocked - use for rtask commands.
View attachment Hard-SPL.zip
3) 1.01 - Olipro MFG - based on 1.01, and really for testing only.
View attachment Spl-Olipro-MFG.zip
TO FLASH THE NEW Hard-SPL, Select Force-SPL, you should only choose otherwise when recovering your device from an old Hard-SPL version!
RUU now forces SSPL every time... do not use this RUU for anything else.
For older CustomRUU users; pick the 1.40 option, autodetect will not work... or download and use the new CustomRUU
1.01 is provided as SSPL and SPL; SPL is intended for flashing, SSPL is intended to be loaded by SSPL, neither of these are packaged as an NBH since if you intend to play with it, you should know how to make your own package for it.
Bad Blocks SPL Available! - Hard-SPL-V6.zip - fixed RUU bug for those using 1.11/1.13/1.30
Code:
[b]CURRENT FEATURES[/b]
-SuperCID
-no file signing required
-no password required to authenticate with bootloader
-bad NAND can be recovered with "task 2a"
-bad NAND can be recovered by flashing an OS
-SPL protected from all HTC retail SPLs being flashed by accident (to bypass, use SSPL)
-IPL protected from all flashes; protection against bogus NBH's
-bad NAND can again be checked for with "info 8"
-version displays 2.10.Olipro
-no longer tries to read bad NAND - should fix whitescreen issue
[b]ChangeLog[/b]
[b]Hard-SPL-2.10[/b]
-based on a newer SPL base; bugfixes.
-IPL flashing disabled to prevent bogus NBHs bricking your device.
[b]Hard-SPL-1.40[/b]
-repairs a bug that affected SPL being replaced by retail ones.
[b]Hard-SPL-1.35[/b]
-addresses an issue for those with Real Bad Blocks to prevent whitescreens.
[b]Hard-SPL-1.30[/b]
- removed password for wdata commands and rbmc etc.
- activated "task 2a" to allow recovering bad blocks as well as flashing valid OS.
- Disabled SPL flashing; this SPL protects you from writing over it by accident.
- Bad Blocks "info 8" command works now allowing you to check for bad blocks.
[b]Hard-SPL-1.13[/b]
- Patched NAND check; bad NAND ignored, valid OS can be flashed to recover bad blocks.
[b]Hard-SPL-1.11[/b]
- Flashing Radio BL 0108 now supported
- Downgrading SPL no longer allowed.
- rtask command removed.
- new RUU interface required to flash ROM files.
[b]Hard-SPL-1.10[/b]
-Initial release; SuperCID and no signing required
-Compatible only with Radio BL 0107
-has rtask commands for accessing radio facilities.
Looking for other SPL Files? scroll back up! they're at the top underneath each version heading!
please remember that 1.35 and 1.40 are the same as 1.30, so when using CustomRUU, either select that, or download the NEW customRUU and overwrite.

Olipro said:
ROM's not available yet; I'm sending them to pof for testing before anybody is allowed to flash this... there's still a chance you could brick your phone
Click to expand...
Click to collapse
great stuff... i'll report in a while

Damn... a lot of people are sure gonna like this! How about doing 1.01MFG too so we can still flash os.nb in < 5 mins with lnb?

Sleuth255 said:
Damn... a lot of people are sure gonna like this! How about doing 1.01MFG too so we can still flash os.nb in < 5 mins with lnb?
Click to expand...
Click to collapse
if someone sent me it as a .nb then certainly... a proper nb... unsigned.
Current Status: Pof has successfully flashed his device, unsigned ROM seems to be flashing fine, if all is well, then I'll get a package ready within the next 10 minutes.

man it works!! That's the safest thing to put on an hermes
Thanks Olipro

Fantastic work! This will definitely be a big help to everyone.

not to sound stupid or anything, but what does this enable your phone to do exactly??

Its the holy grail of hermes flashing! As long as there's no bad blocks in NAND, bricking due to corrupted CID can now be now be avoided.

Olipro said:
if someone sent me it as a .nb then certainly... a proper nb... unsigned.
Click to expand...
Click to collapse
only 1.01MFG I've ever seen is .nbs

koolhand79 said:
not to sound stupid or anything, but what does this enable your phone to do exactly??
Click to expand...
Click to collapse
Same features as SSPL, but flashed on the phone and with bootloader version 1.04 (hex edited to be shown as 1.10.Oli), that is:
Ability to bypass signature in NBH files (friendly for cooked roms)
Ability to access radio bootloader (no more corrupted CID bricks)
Shows itself as SuperCID when doing a rom upgrade (but it internally isn't)
Can be uninstalled by just reflashing a shipped SPL, so no warranty is lost

Sleuth255 said:
only 1.01MFG I've ever seen is .nbs
Click to expand...
Click to collapse
yeah, but it's just the .nb with the NBH headers on... I'm a lazy sod and was hoping someone had already made it an nb to save me the time
also... in a few seconds, a flash package for my SPL will be available!

When? When? When? Waiting... Yahooo. Good news to us all as cooking and flashing going to be as safe as possible.

Okay it is my time to sound like a moron.
Alright I get the general idea of what this does, not could someone point, no need to show the link, just mention where in the documentation I can find more real info on this.

Probably Des or Olipro can answer that:
Can we also patch the SPL to always write 0xFF on the "disastrous 517th byte" of each physical NAND page? (or not overwrite the existing value, whichever is better), this way even when the flashed OS.nb contains a value != than 0xFF on that byte, will not produce a bad block and this would make flashing cooked images _really_ fool proof.
For those willing to go deeply, read Des comment here.

pof said:
Same features as SSPL, but flashed on the phone and with bootloader version 1.04 (hex edited to be shown as 1.10.Oli), that is:
Ability to bypass signature in NBH files (friendly for cooked roms)
Ability to access radio bootloader (no more corrupted CID bricks)
Shows itself as SuperCID when doing a rom upgrade (but it internally isn't)
Can be uninstalled by just reflashing a shipped SPL, so no warranty is lost
Click to expand...
Click to collapse
Not that there's a heck of a lot of reason for doing it any more but does that mean we can now downgrade radio bl versions? Also will it help recover from bad bootloader flashes? I am constantly in awe of the brilliant people in this forum!

chymmylt said:
does that mean we can now downgrade radio bl versions?
Click to expand...
Click to collapse
No, if you have 0108, will keep 0108.
chymmylt said:
Also will it help recover from bad bootloader flashes?
Click to expand...
Click to collapse
No... a bad flash in bootloader means a bricked device, but this is not common on hermes, the most common is bad flash in radio which can only be fixed if the bootloader is 1.04 or the rom has KITL enabled.

pof said:
No, if you have 0108, will keep 0108.
No... a bad flash in bootloader means a bricked device, but this is not common on hermes, the most common is bad flash in radio which can only be fixed if the bootloader is 1.04 or the rom has KITL enabled.
Click to expand...
Click to collapse
that means you've overwritten the bootloader I have made... so obviously not.
however, the bootloader does have built-in recovery functions (HTC's work) and generally you need to be doing something funky to bugger the SPL up.

pof said:
No, if you have 0108, will keep 0108.
No... a bad flash in bootloader means a bricked device, but this is not common on hermes, the most common is bad flash in radio which can only be fixed if the bootloader is 1.04 or the rom has KITL enabled.
Click to expand...
Click to collapse
Still very exciting! Y'all da man! (Men?)
Thanks again!

For those with 1.01MFG or 1.04 SuperCID, will this new BL give any new benefits? I understand those with 1.09 will benefit, but, is it worth flashing if I already have 1.01MFG on the device?

with this will i be able to upgrade and downgrade to any radio i want regardless of nbh or nbf, since no one is answering me in the thread i created about this. lol

OOPS - stuck in MFG without superCID

I wanted to create my own splash screen so followed the instructions on the WIKI page. I had OLIs hard-SPL installed and thought that I didn't need to SuperCID first (clever huh?!). I flashed 1.01 MFG and everything was fine.
Tried to issue the "lnb" command and kept getting "command error". Finally realised that if I wasn't superCID (my CID is HTCST-MOB005¼ôàŠHTCE) I wasn't going to get far.
I decided to run Pof's CID unlocker to make me SuperCID thinking it would be okay as it used the 'soft' SPL. Oh Dear. The flash halted at step 0% flashed and now my Hermes won't get beyond the boot screen. I can't flash anything standard as I've got MFG installed and I can't flas a naked nb because I'm not SuperCID.
HELP! Please
So I can't

mmm... I guess you're stuck because you can't boot OS, right?... so, which radio bootloader version do u have? if it's 107 it's easy to fix

pof said:
mmm... I guess you're stuck because you can't boot OS, right?... so, which radio bootloader version do u have? if it's 107 it's easy to fix
Click to expand...
Click to collapse
Even, if he got bootloader 0108 it may be "easy" to fix with newer Oli's bootloader. no?

in mtty do:
set 14 0
task 8
does it boot wm again?
If so you can flash any sspl rom or somebody can point you to a sspl loader for bl1.01.oli & you can flash that to remove 1.01MFG. Sorry that I can't give you a link right here, but I'm mobile now & can't access cross-ref threads here easily.

Sleuth255 said:
in mtty do:
set 14 0
task 8
does it boot wm again?
If so you can flash any sspl rom or somebody can point you to a sspl loader for bl1.01.oli & you can flash that to remove 1.01MFG. Sorry that I can't give you a link right here, but I'm mobile now & can't access cross-ref threads here easily.
Click to expand...
Click to collapse
Star!!!!
Yup booted fine. Thanks a lot.