Related
SoftBank's known 3G/HSDPA flat-rate packet data connection setting that has hacked from old X01HT ExtROM (user name: "open", password started from "oz...") will be unusable on end of March.
The user name of new setting (available at current ROM that released on end of Nov. 2006) has changed as "opensoftbank", and still no one hacked the password itself.
However, finally I found a way to create the connetcion, using some files dumped from current X01HT ROM.
To create SoftBank's connection that can be used continuously after Apr. 1 2007, you need ROM COOKING as follows, because at least the file WIFIwake.exe should be in the ROM to make the connection.
Step 1. Cook your ROM (add following 2 files in attached ZIP) and update device.
For general instruction of Hermes' ROM cooking, see the Wiki and related resouces.
addfile Out.xml
addfile WIFIwake.exe(A.xml and Initial.exe aren't needed)
Step 2. Install ConnSBM.CAB (included in ZIP)
The connection will be created, however password entry is still empty at this moment.
Step 3. The files are in ROM, so you need to set to "Menu -> Show All Files" on File Explorer to make ROM-attributed files visible (or, use similar option for 3rd party's file explorers, such as Resco or GSFinder+).
Step 4. Run WIFIwake.exe from \Windows folder.
The password will be created into the connection made by ConnSBM.CAB at Step 2.
To confirm whether success or not, check the connection "Internet > SoftBank", and click "Edit -> Next -> Next". If "****************" is shown at the Password field, the password has been successfully created.
If the password is not created, maybe WIFIwake.exe (non-ROM attributed) exists on \Windows. After running Initial.exe, WIFIwake.exe is copied onto storage from ROM. You need to delete it before retry, if you have run Initial.exe before install ConnSBM.CAB or lost setting.
BTW, I guess this way can be applied not only Hermes, but also Universal and/or any other HTC devices those can edit OS ROM (at least, I have successed on WM6 for Universal).
Enjoy AT YOUR OWN RISK !
Great work, a lot of japanese people was pursuing this for long time! Congratulations
Awesome, I had been doing this same thing for 3-4 days no and getting nowhere.
Mad props to you.
I have the Hermes and I'll be going to work as an engineer in Japan from April. I have installed the DoCoMo ROM for the moment (simply because out of the two ROMs, it's the one to have Bootloader 1.0.4, I have no trouble reading Japanese, and I need a Japanese input that's a bit more stable than Bagoj's IME).
However I'm wondering exactly what this thread would enable me to do... I'm planning on getting a subscription with either SoftBank or DoCoMo (whichever provides SIM cards/accepts to register a foreign phone).
If I get a SoftBank subscription, would this enable me to somehow cheat the subscription on getting more Internet for free? Or if that's wrong, what exactly would it enable me to get?
I haven't looked into the phone subscription system at the moment, but soon will. Whatever this thread exactly means could be a huge help in any choice I would have to make.
Many thanks for your help in advance,
Cheers,
Yannick
Hmm, I get the connection added but when I try to run the initial.exe from Windows is doesnt do anything. Using 3DES Custom.
@itamae
What Does The File intial.exe Do Exactly?
@jokinawa
How Is The Connection Created Without Running initial.exe?
Cheers
mousey_ said:
@itamae
What Does The File intial.exe Do Exactly?
@jokinawa
How Is The Connection Created Without Running initial.exe?
Cheers
Click to expand...
Click to collapse
I finally got the program to work. Funny thing is that I could nt cook a ROM with the initial.exe in it of it would not install. I was using the Rom Koch 0.99 release. So if I just copied the files over to a fresh install of a ROM it worked but I had to click initial.exe about 4-5 times before the "loading" graphic appeared.
I am assuming that it either installs a dll with the password encoded in it of he knows the password and didn't want it to become public. Initial.exe puts the connection password in the connection that ConnSBM.CAB creates.
Without the initial.exe running you have the connection with a blank password.
Files
Seeing as how none of these files are in the ROM itself is there any way you can post a list of file to help us re-create the process?
Well done !!!
Finally we'll be able to upgrade to XDA Live of Crossbow without fearing to lose our flat rate !!
Alcibiade said:
Well done !!!
Finally we'll be able to upgrade to XDA Live of Crossbow without fearing to lose our flat rate !!
Click to expand...
Click to collapse
By the way anybody courageous and kind enough to cook it with the latest WM6 version and post the ROM ?
I am trying to do that but I am learning from scratch... and it will probably take me a huge amount of time
Actually the best would be to compile it with some utilities to be able to read Japanese fonts and input Japanese...
This is wonderful news indeed! Now we only need a way to cook Japanese fonts and stable input into new ROMs and life would be perfect...
Great!
Alcibiade said:
By the way anybody courageous and kind enough to cook it with the latest WM6 version and post the ROM ?
I am trying to do that but I am learning from scratch... and it will probably take me a huge amount of time
Actually the best would be to compile it with some utilities to be able to read Japanese fonts and input Japanese...
Click to expand...
Click to collapse
Every time I cooked the "addfiles" the initial.exe would not run properly and create the connection. If I cooked the other files minus the initial.exe and the cab it still wouldnt create the password. I could only get it to work by copying the files after flashing. Anybody get it to work in a cooked rom?
Alcibiade said:
By the way anybody courageous and kind enough to cook it with the latest WM6 version and post the ROM ?
I am trying to do that but I am learning from scratch... and it will probably take me a huge amount of time
Actually the best would be to compile it with some utilities to be able to read Japanese fonts and input Japanese...
Click to expand...
Click to collapse
mmmh cooked the latest LVSW and it s working great
Thanks, thanks thanks a lot for this itamae !!
Alcibiade said:
mmmh cooked the latest LVSW and it s working great
Thanks, thanks thanks a lot for this itamae !!
Click to expand...
Click to collapse
@^#)(!^@$ MMS Lite doesnt work
More EASY way has been found!!!
Another Japanese SoftBank user has found more easier way to add the new SB connection.
Now you DON'T need any ROM cooking. Please move to new thread.
http://forum.xda-developers.com/showthread.php?p=1172318
Alcibiade said:
By the way anybody courageous and kind enough to cook it with the latest WM6 version and post the ROM ?
I am trying to do that but I am learning from scratch... and it will probably take me a huge amount of time
Actually the best would be to compile it with some utilities to be able to read Japanese fonts and input Japanese...
Click to expand...
Click to collapse
posted here, OS also Japane,,どうだ!参ったか!
http://forum.xda-developers.com/showpost.php?p=1181259&postcount=48
I am not sure to understand the "cook" the ROM... are you talking about the OS part? The Radio or the Extended rom ?
Cheers
help
great to hear that u made it work. but still i cant get the softbank ap settings work
i got The connection created but however password entry is still empty .i tryed the way u have told. is there a easy way out. i use a o2 xda exec.
i would be really be happy if u could let me know
thanks
take care
suren
ysi said:
great to hear that u made it work. but still i cant get the softbank ap settings work
i got The connection created but however password entry is still empty .i tryed the way u have told. is there a easy way out. i use a o2 xda exec.
i would be really be happy if u could let me know
thanks
take care
suren
Click to expand...
Click to collapse
after copy Out.xml & WIFImake.exe to /windows folder, click on WIFImake.exe then the passwd will be inserted there!
thanks for the mail but still i did not
may be some thing wrong with my rom
thanks
I have a T-Mobile Ameo with WM6 (T-Mobile NL) and GPS Photo is not working (Cannot initialize GPS service). Fortunately my friend has an original HTC with english WM6 ROM and his GPS Photo is working properly.
Anyone knows how I can dump his ROM, extract the required files and add them to my Ameo? I googled, but didn´t find any clues yet.
Thanks for any info!
marco1958 said:
I have a T-Mobile Ameo with WM6 (T-Mobile NL) and GPS Photo is not working (Cannot initialize GPS service). Fortunately my friend has an original HTC with english WM6 ROM and his GPS Photo is working properly.
Anyone knows how I can dump his ROM, extract the required files and add them to my Ameo? I googled, but didn´t find any clues yet.
Thanks for any info!
Click to expand...
Click to collapse
It will work but you need to change a registry entry first. Somewhere in this forum has that entry. Try searching for it and see if you can find it.
Reading is hard. I wrote I got the message "Cannot Initliaze GPS service", which implies I changed the registry and could select mode 9, GPS photo.
marco1958 said:
Reading is hard. I wrote I got the message "Cannot Initliaze GPS service", which implies I changed the registry and could select mode 9, GPS photo.
Click to expand...
Click to collapse
Exactly the same case here, but with Irus WM6.1 Full version.
See my thread at http://forum.xda-developers.com/showthread.php?t=405016.
If you do have another unit that's working, you might be able to save yourself the trouble of messing with the ROM kitchen. On the unit that's working, go to /Windows and copy gpsid_HTC.dll to a storage card. Then put the card in the unit that's not working and copy gpsid_HTC.dll to \Windows there. Do a soft reset and it should work.
Or put this application on it http://www.geoterrestrial.com/ which is better than the built in system with its work arounds. As it now sports VGA support its worth trying on the Athena devices - Mike
mikealder said:
Or put this application on it http://www.geoterrestrial.com/ which is better than the built in system with its work arounds. As it now sports VGA support its worth trying on the Athena devices - Mike
Click to expand...
Click to collapse
Tried. It is not working. It does not initialize GPS nither.
Too bad, still no luck
jsp91470 said:
See my thread at http://forum.xda-developers.com/showthread.php?t=405016.
If you do have another unit that's working, you might be able to save yourself the trouble of messing with the ROM kitchen. On the unit that's working, go to /Windows and copy gpsid_HTC.dll to a storage card. Then put the card in the unit that's not working and copy gpsid_HTC.dll to \Windows there. Do a soft reset and it should work.
Click to expand...
Click to collapse
Tried that, also picked up the posted gpsid_HTC.dll, but it doesn't work. I guess it's not as simple as it looks. I'm not giving up yet. I'm still looking for a way to extract the ROM from the HTC Advantage of my friend. He's running 6.0 now and GPS Photo is still working. However, I don't want to endanger his device, so I'm still gathering info to build up confidence
marco1958 said:
Tried that, also picked up the posted gpsid_HTC.dll, but it doesn't work. I guess it's not as simple as it looks. I'm not giving up yet. I'm still looking for a way to extract the ROM from the HTC Advantage of my friend. He's running 6.0 now and GPS Photo is still working. However, I don't want to endanger his device, so I'm still gathering info to build up confidence
Click to expand...
Click to collapse
You can find original HTC 6.0 WM on Athena WIKI.
Anyone have any .nET experience? I have converted the microsoft mobile library c# files to vb and can access the gps without help from astro, etc. My question is this:
Where is my leak comming from!!?!?! After "activating" the gps object and waiting for a while, the ppc slows to almost unresponsive behavior.
thanks for any help folks.
Copy
CopyCounsler said:
Anyone have any .nET experience? I have converted the microsoft mobile library c# files to vb and can access the gps without help from astro, etc. My question is this:
Where is my leak comming from!!?!?! After "activating" the gps object and waiting for a while, the ppc slows to almost unresponsive behavior.
thanks for any help folks.
Copy
Click to expand...
Click to collapse
Although this probably isn't the appropriate place for this thread/topic, I do have some C#.net experience, so I will take a look later tonight at this after my class and after I reinstall the Windows Mobile 6 SDK
Update:
Ahhhh Shi-....
File or assembly name 'Microsoft.WindowsMobile.Utilities, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35', or one of its dependencies, was not found.
Click to expand...
Click to collapse
I installed .NETCF 3.5 on my device (which covers all the lower .NETCF's files too), and it doesn't have this file. Did DCD remove this file/.NETCF from his ROM? Anyone know?
hope this helps...
Copy
CopyCounsler said:
hope this helps...
Copy
Click to expand...
Click to collapse
Where were these files on your device? I can't seem to locate the .NET CF 3.5 assemblies.
they aren't in my "core" -- try copying them to the folder you have the exe that you are building...
I use no2chem 5067.
Copy
EDIT: copying them to the folder on the ppc of course
Just an update for you, I'm messing with the GPS right now using Serial communications (System.IO.Ports.SerialPort).
The GPS runs on COM4 and gives off basic NMEA codes.
I'm trying to write a parser for mine.
ooh - that's a smart idea. Does it need priming or does it just "work"?
That's the only reason why I chose to use the GPS module stuff - I read that it turns on the necessary components properly. (xcept it leaks like a spigot running full blast)
after I write this other project up - I'll get to this serial port stuff and post any parsing I do as well.. Thanks for your help scrawnyb
Copy
http://csharp.simpleserial.com/ for some Serial Info
http://www.c-sharpcorner.com/UploadFile/scottlysle/ReadGPS09052007011539AM/ReadGPS.aspx <- this might help with the GPS
http://aprs.gids.nl/nmea/#gga <- this explains the NMEA codes
I'm still getting a lot of OutOfMemory exceptions...
Also, I'm trying to work on a Universal Remote software, but I'm getting no data from the IR port (COM1)... but I haven't done my research to see if I have to issue commands for it to 'listen' or what... idk.
scrawnyb said:
Also, I'm trying to work on a Universal Remote software, but I'm getting no data from the IR port (COM1)... but I haven't done my research to see if I have to issue commands for it to 'listen' or what... idk.
Click to expand...
Click to collapse
I think I read somewhere that the infrared isn't working right now...
Many users have asked me for some of the Rilphone.dll's of different radios. What I am attempting to do is to make one central location for all of the rilphone.dll's to be posted. Here is a couple that I already have on my machine. I will work at getting some others later on this evening.
If you are posting a rilphone.dll, please include the name of the device it comes from and the radio number it pertains to. Also, it would be really nice if users posting rilphone.dll's if they would just attach the zip file rather than linking to rapidshare, megaupload, 4shared or whatever. The files are small enough to just attach to your actual post.
If I have missed one that you require and you can't find it, please PM me and I will see what I can do.
Thanks for helping out in advance.
More Raph Rilphone.dll zip files
Thanks to Chainfire (Author of DriverWiz see post #15) I have created cabs of the different dll's I already have posted. These should work even if the nk.exe is not patched. Understand, that if it doesn't work, a HR might be in your future. Please test at your own risk.
Blackstone & Quartz Rilphone.dll Cabs
Thanks to Chainfire (Author of DriverWiz see post #15) I have created cabs of the different dll's I already have posted. These should work even if the nk.exe is not patched. Understand, that if it doesn't work, a HR might be in your future. Please test at your own risk.
Warning:
Please be warned that the X1_Rilphone_1_14_25_55.cab will freeze your device at the first boot screen. I am leaving it attached for others to play with and see if they can get it to work, but for now, it does not work with our devices.
Raphael Rilphone.dll Cabs
Thanks to Chainfire (Author of DriverWiz see post #15) I have created cabs of the different dll's I already have posted. These should work even if the nk.exe is not patched. Understand, that if it doesn't work, a HR might be in your future. Please test at your own risk.
- Requested Rilphone.dll's -
This will be for misc. requests. Just PM me and I will post the requested files. Thanks to everyone for the great responses. This forum just blows me away continuously with the great people we have here.
The attachments are just the dll's in zip format. The cab's will be with the other cab posts.
One more for the Blackstone
ok so i am not very familiar with this kind of file. when i unzip the folders you provide it shows the new folder as being empty taking up quite a bit of size.
how do i handle this file?
FatalCharade said:
ok so i am not very familiar with this kind of file. when i unzip the folders you provide it shows the new folder as being empty taking up quite a bit of size.
how do i handle this file?
Click to expand...
Click to collapse
The DLLs in the ZIP have hidden and system attributes, make windows explorer is set to show both.
Before the standard questions get asked here's links that explain :
Rilphone.dll ?
How to Install ?
k got it thanks.
Hey these were posted around the forum and in the radio thread. Credit goes to the persons who made them...sorry dont know who..actually.
About installing, stuff like this should always be installed with a signed CAB and DLL that injects its (your) own certificate into the privileged execution store. You don't need a patched nk.exe for that, and it works like a charm. I use this trick for all my 'system hacking' needs, and I know many other do too. I would advise against copying the file and renaming the registry as installation method - it's not proper. I'd be very surprised if this doesn't work for rilphone like Da_G said - I've never had this not work and I've replaced quite a few important system files on running systems.
Perhaps I should write a guide on this, as I see a whole lot of people fail at replacing system DLL's in various topics just because they don't do it right.
Chainfire said:
About installing, stuff like this should always be installed with a signed CAB and DLL that injects its (your) own certificate into the privileged execution store. You don't need a patched nk.exe for that, and it works like a charm. I use this trick for all my 'system hacking' needs, and I know many other do too. I would advise against copying the file and renaming the registry as installation method - it's not proper. I'd be very surprised if this doesn't work for rilphone like Da_G said - I've never had this not work and I've replaced quite a few important system files on running systems.
Perhaps I should write a guide on this, as I see a whole lot of people fail at replacing system DLL's in various topics just because they don't do it right.
Click to expand...
Click to collapse
Would you be so kind as to check my work? I have it signed and certificate stored in priveledged execution. I just want to make sure I've done it correctly. If it's wrong, then I've been doing it wrong for quite a while now.
Edit:
The cabs were not the correct way of doing things so I removed them.
Yeah you come ask me in chat and ignore me when I answer
Chainfire said:
Yeah you come ask me in chat and ignore me when I answer
Click to expand...
Click to collapse
I'm sorry. I never saw you reply. I just figured you were busy.
Right, here's how to do it properly:
http://forum.xda-developers.com/showthread.php?t=495145
Not sure if it will work for rilphone, but it's pretty likely
Chainfire said:
Right, here's how to do it properly:
http://forum.xda-developers.com/showthread.php?t=495145
Not sure if it will work for rilphone, but it's pretty likely
Click to expand...
Click to collapse
Worked perfect. Nicely done. And I rated it 5 stars.
P1Tater said:
Worked perfect. Nicely done. And I rated it 5 stars.
Click to expand...
Click to collapse
Your cab works perfect to.
I wanted to be sure so i also commited the trick of monx.
Afterwards i have implemented your cab and the rilphone is fully working.
In the beginning i was not able to fix this before i had the trick of monx. I was trying and trying. But now this combination wheter it was your cab or monx his certificate trick. I did it, so i'm happy now
hivesnl said:
Your cab works perfect to.
I wanted to be sure so i also commited the trick of monx.
Afterwards i have implemented your cab and the rilphone is fully working.
In the beginning i was not able to fix this before i had the trick of monx. I was trying and trying. But now this combination wheter it was your cab or monx his certificate trick. I did it, so i'm happy now
Click to expand...
Click to collapse
These cab's should work without the hex edit of the nbh. They should also work with a rom that does not have the nk.exe patched. Either way, I'm glad it worked for you.
thanks P1tater! cabs worked perfect my friend
Hi all; I am new (here that is) but am fully capable microsoft certified & mvp coder.
Who is or want's to be or can help working on magldr compatible wp7 Kitchen and initial live-activated dwi rom?
1st goal here to make a kitchen then for hello_world just rebuild leo70 with live activated. Maybe get together here and setup proper dedicated irc. This may not be normal way to go about but I am not interested in social netiquette distractions. Just want to work on this and get it done. I have been using dumps (both my own and this: http://forum.xda-developers.com/showthread.php?t=915978 ) along with jtag, and everything at my disposal.
I am doing this now with progress already made and have been working on this since prior to leo70 public release.
if interested or have news or info please post here or pm me- thanks.
G-ThGraf said:
Could we make a WP7 ROM with Chevronwp7 and all tweaks i cooked in?
Click to expand...
Click to collapse
I am hoping to and trying to and will make a kitchen and then this so soon: YES!
leo70 said:
Anyone made any moves on .rgu to .provxml to enable service mode on leo70?
REGEDIT4
[HKEY_LOCAL_MACHINE\System\BootLauncher]
"Default"="ServiceApp.exe"
or:
REGEDIT4
[HKEY_LOCAL_MACHINE\Drivers\USB\FunctionDrivers\TFTP]
"DeviceName"="USBFNS3:"
"USB_MaxPower"=dword:32
"bcdDevice"=dword:00000000
"Product"="Generic Serial"
"idProduct"=dword:00000629
"Manufacturer"="Generic Manufacturer"
"idVendor"=dword:0000045e
"IClass"="{CC5195AC-BA49-48a0-BE17-DF6D1B0173DD}"
"Flags"=dword:00000002
"Prefix"="FTP"
"Dll"="tftp.dll"
Anyone use trivial ftp for FUU? anyone called these DLLs or used/moded these keys?
also: per Da_G partition layout and comments for wp7 hard spl: for FFU/RUU: is it serial or usb/kitl/ethernet?
I think injecting a certificate into leo70 and rebuilding dump up will then allow an ffu to be flashed; debugging this then leads to a lot; hspl, kitchen, new roms.
Click to expand...
Click to collapse
Where is all the action/info !?
I wish you all the luck to make this a wonderful experience. Hope people with relevant knowledge and skills join you for this cause.
first there need to be some tools to be made , like Reloc , rebuild imgfs , maybe a platformbuilder like bepe did.
after that you could make a kitchen.
Da_G have posted some interesting information in WP7 Development & Hacking section
http://forum.xda-developers.com/showthread.php?t=649914
maybe this would also help to understand the structure of the (our DFT) rom.
Sounds good guys. Potentially integration of the android set up could be good bypassing the need to copy partitions across etc.
Wow ... good luck my friend
-------------------------------------
Sent via the XDA apptalk leo android
The imgfs rebuild with all modify is possible with tools here http://forum.xda-developers.com/showthread.php?t=685272
But a this time i don't find way to rebuild flash.store.bin (part04.bin = os.nb) content bin's:
LOGO
BLDR
NK
SLDR1
SLDR2
IMGFS
USER
...
Maybe the DFT wait to give the tool for community ??
;p
Good luck seems an excellent idea
netdrg said:
The imgfs rebuild with all modify is possible with tools here http://forum.xda-developers.com/showthread.php?t=685272
But a this time i don't find way to rebuild flash.store.bin (part04.bin = os.nb) content bin's:
LOGO
BLDR
NK
SLDR1
SLDR2
IMGFS
USER
...
Maybe the DFT wait to give the tool for community ??
;p
Click to expand...
Click to collapse
HazzBazz said:
Sounds good guys. Potentially integration of the android set up could be good bypassing the need to copy partitions across etc.
Click to expand...
Click to collapse
sandman01 said:
Da_G have posted some interesting information in WP7 Development & Hacking section
http://forum.xda-developers.com/showthread.php?t=649914
maybe this would also help to understand the structure of the (our DFT) rom.
Click to expand...
Click to collapse
ceesheim said:
first there need to be some tools to be made , like Reloc , rebuild imgfs , maybe a platformbuilder like bepe did.
after that you could make a kitchen.
Click to expand...
Click to collapse
Cool.
we can at least discuss it all here maybe: put all relevant info together.
I agree with u ceesheim, with tools required etc.
What about 7/CE platform builder though, modify, plus existing tools for imgfs etc? I was thinking also: for now anyway: just disassembling dwi.exe and figuring out all of the other partxx of this build which gets around non-wp7-spl. its a great hack and bears with it some interesting methods which may lead to other things.
I am really just exploring all options for now; any ideas, thoughts, discoveries? To be honest I am only reverse enginerring it all and have not yet tried to rebuild flash.store.bin (part04.bin = os.nb). Was going to try a few os.nb in there and just see response of magldr etc. Been lazy last few days lol.
But point is seems FUU/RUU and then Cotulla,DFT,Bepe' DWI give us two different paths to explore here!
What are exact known problems & current states on that: trying to do dump to (re)-build+flash?
I think that is where I will work - figure out other partxx.bin and magldr and disassemble dwi.exe to make flasher.
Thoughts?
ceesheim said:
this is used to dump it :
http://forum.xda-developers.com/showthread.php?t=884239
I think it was part 4 you had to rename to .nb and then open in this rom tool.
Click to expand...
Click to collapse
netdrg said:
i use the tools here http://forum.xda-developers.com/showthread.php?t=685272
For make this dump
Click to expand...
Click to collapse
ceesheim said:
only different is that the tools from da_g are command line .
the link I posted is more noob prove
I just tested it , rename part4.bin to part4.nb
then open romtools and click open ,go to the location where you stored part4.nb and click it and hit the button open
Click to expand...
Click to collapse
Yep, thanks guys.
I use them all depending on what I am doing. Da_G great: use all these tools 4 imgfs, xip, uldr, xph, etc and yeah - can get same for part04.nb to rie. What been discovered/worked out for other partxx.bin of 'myname' ? emul' wp7 spl etc opened, explored? Anyone know overall kitchen progress thus far? Hope wp7 kitchen ppl can get together more so and get this done!
leo70 said:
Ok.........
Anyone looked at rgu for serviceapp.exe or got anything on this? calls to DLL for Trivial FTP for FUU? Also: questions if any wouldnt mind:
anyway to tweak dwi.exe just like daf.exe and use switches like |ro| and other switches and set part layout size etc? originally thought could force magldr to convert-extract by putting other partxx.bins on part(0) user then do userdata dump to .img but layout! and prob it just dump in original .bin anyway? not quite sure how dwi places converts- containers, fs, etc?
What IS known about magldr, partxx.bin(s), dwi.exe?
Yeah, im being lazy, maybe too hopeful here on these ones, but worth asking. I will fully disassemble dwi.exe later on .
If problem with rebuild .nb/.nbh perhaps use another kitchen like zero or visual osbuilder with wm6 and just rename .nb to part04.bin to even see if it will load at all; debug this and watch this strap up; I might try this with stock os.nb made to fit to size. CRC?
it may fail totally but I want to see why and where/when/by what. ie: interaction with wp7 hd2 spl emulacrum and other parts+magldr. Will cotl' spl etc get wm6; should 'understand' wm6 os.nb?
Might lead to exploration of other partxx.bin from within wm6 or mtty. another thing is mtty. Mtty brings other ideas into play; if we know Cotulla and DFT layouts etc and truly understand magldr, partxx.bin, dwi.exe, and emulacrum spl, then we can go another way: that is all I am really saying here.
Especially considering how it is built and lack of tools/info on this ***particular*** wp7 build.
Click to expand...
Click to collapse
Ok.........
Anyone looked at rgu for serviceapp.exe or got anything on this? calls to DLL for Trivial FTP for FUU? Also: questions if any wouldnt mind:
anyway to tweak dwi.exe just like daf.exe and use switches like |ro| and other switches and set part layout size etc? originally thought could force magldr to convert-extract by putting other partxx.bins on part(0) user then do userdata dump to .img but layout! and prob it just dump in original .bin anyway? not quite sure how dwi places converts- containers, fs, etc?
Yeah, im being lazy, maybe too hopeful here on these (ffu/ruu) ones etc, but worth asking. These are what I will figure out/we need to. Also noted "wph" string in daf.exe for droid. interesting. so yes, bypass option seems real.
edit: going back to what I said above, replacing part04.bin COMPLETELY with equivalent size os.nb (rename back to part04.bin) and flashing with dwi.exe? there is a plethora of things that could be attempted this way. crc? size? errors? not sure, but there is that hd3/hd7 experimental leaked "hd2 wp7" rom that wouldn't flash to hd2 under normal spl. and a lot of other things here to do; I am just interested in this as it bypasses all normal known spl mechanisms completely! You can flash anything you want without checks etc. And then explore interaction with Cotulla' spl (wp7hd2LEO1000) and other partxx.bin etc. Thoughts?
As far as orthodox methodology goes, so, bepe_cotulla_dft made a complete new platform builder and bsp? thoughts on where to start without this?
Please note I am a windows (nt) kernel coder and getting my head around phone7, ie bsp/oal=hal (!) so please bear with me! Who is working on Transaction Safe exFAT? any progress towards cracking? what is Encryption used in TexFAT? Along with kernel/drivers (nt x86/x64) also have cryptography experience. Sorry for all the questions! umm, in summary:
I am also assuming other partxx.bin(s) of DFT release are SPL, OEM, OEM RO, etc.
***Anyone got up KITL and/or can debug this leo70 release? (please answer with instructions etc!).***
edit: with above factors being case, I will fully disassemble and reverse magldr, partxx.bin, cotulla wp7 hd2 spl, os.nb, dwi.exe later on . edit: am doing now. whilst reading architecture for windows 7 phone! Kitchen will be done, but ability to just flash and part layout initially required imho! I am going to take control of magldr, cotulla wp7 spl, dwi.exe first: doing this now .
Sorry to spread over few posts!
Ultimately thus, concluding, I think key here is to reverse engineer all (cotulla' wp7-hd2-spl emulacrum, magldr, os.nb, all other partxx.bins, dwi.exe) then create new open set of each these and new flasher: anyone explored this, disagree, agree?
This is what I am doing now .
Got IP address & can see what is being done.
i like your work
keep up what u doing and i hope to get it done so we can finally use wp7 unlocked and activated
thank you...
@Leo70
I'm a coocker (for windows mobile 6.X) so if you need some help i think i could help you. Just PM me if you need
Why don't you ask Cotulla? Reverse Engineering will be much more longer?
I think they are working on a new MGLDR so why do your own thing on your side?
Can you put a file in the installation process where we can put our Live ID Code?
If every one have the same market ID that will possibly be a problem in the future?
I'm not trying to teach you anything don't really now about dev stuff just wanted to share my thought and opinion.
looking forward to this kitchen....
ok, after 3 days of attempting to download RUU_Schubert_HTC_Europe_1.60.401.01_Radio_5.52.09.16_22.33a.50.10_Signed rom i had finally been successful so i thought i should try out swapping stuff to determine what each part**.bin represents.. started off with the basic os.nb swapping and tried flashing magldr to see the changes..
i hate to be the bearer of bad news but it seems partition size & info are hardcoded into DWI.exe so the file size change doesnt allow for a successful flashing..
so lets hope it will be more flexible when magldr 1.13 is released (which is going to be released "soon" as in no specific eta) otherwise this kitchen might just serve the purpose for building nb's/nbh's for other devices..
But im sure this issue is only present in magldr 1.12 dwi.exe as the wp7 rom wasnt released officially in xda, however only time will tell
Only time will tell, fingers crossed
this project sounds great. a already tweaked rom would be awesome and an pre activated rom even better.
keep up the work. maybe you should contact cotulla and ask him rather than reverse engineer everything. maybe he will help you and save you a lot of work.