Hi everybody,
is there a way to dump an spl to a CID-LOCKED device like my NIKI using MTTY ?
I've seen many guides dealing with MTTY and commands like "task" or "rtask" but as far as my Touch Dual is almost bricked and it shows only three COM devices on XP and it doesn't accept prompts like the ones above.
Can you please help me?
Many thanks
FrankenKaiser.exe with mtty can help you
不晓得你看不看得明白
要是你会中文多好啊
希望能帮到你
~ 7:32:25 GDP cmonex can you help me fix my phone now?
~ 7:32:35 cmonex GDP ok can you download mtty? i need to have the result of these commands:
~ 7:32:36 cmonex GDP info 2
~ 7:32:38 cmonex GDP and
~ 7:32:39 cmonex GDP info 3
~ 7:32:44 cmonex GDP ah nvm
~ 7:32:50 cmonex GDP i see you did task 2a too
~ 7:32:54 GDP cmonex mtty?yes,I have
~ 7:32:56 cmonex GDP no problem but it'll take more time to unbrick
~ 7:33:06 cmonex GDP do you know the radio version you haw?
~ 7:33:08 cmonex GDP had*
~ 7:33:31 GDP cmonex radio version,yes,I known,let me see
~ 7:33:38 GDP cmonex just wait
~ 7:34:33 GDP cmonex 1.65.29.22
~ 7:35:19 GDP cmonex it's my last full rom radio version
~ 7:37:00 GDP cmonex but I can't use mtty to command info 2 and info 3
~ 7:37:10 GDP cmonex it's brick
~ 7:49:41 cmonex GDP yes i said forget the mtty
~ 7:49:44 cmonex GDP give me one sec
~ 7:49:45 GDP cmonex FrankenKaiser be able to use?
~ 7:49:58 cmonex GDP i'll make you customized frankenkaise
~ 7:50:03 cmonex GDP r
~ 7:50:08 GDP cmonex thanks
~ 7:51:45 cmonex GDP so you have 1.65.29.22
~ 7:51:51 cmonex GDP lets confirm this first though
~ 7:52:36 cmonex GDP did you install the moto drivers for it yet?
~ 7:52:44 GDP cmonex yes
~ 7:52:46 cmonex GDP ok
~ 7:52:49 cmonex GDP connect phone to pc
~ 7:53:00 cmonex GDP device manager will show which COM port it is on
~ 7:53:10 GDP cmonex com
~ 7:53:12 GDP cmonex com4
~ 7:53:13 cmonex GDP use this COM port in mtty or in puttyy
~ 7:53:17 cmonex GDP ok, connect to COM4
~ 7:53:31 GDP cmonex ok
~ 7:53:38 cmonex GDP enter command: ?
~ 7:53:44 cmonex GDP (question mark)
~ 7:53:51 cmonex GDP tell me what it says
~ 7:54:08 GDP cmonex Invalid command:?
~ 7:54:13 cmonex GDP okay
~ 7:54:16 cmonex GDP now enter:
~ 7:54:22 cmonex GDP radata 90000000 1
~ 7:54:25 cmonex GDP it will stop responding
~ 7:54:31 cmonex GDP now close mtty
~ 7:54:38 cmonex GDP did you install qpst yet?
~ 7:54:45 GDP cmonex yes
~ 7:54:47 cmonex GDP ok
~ 7:54:58 cmonex GDP it should see phone on COM4 in download mode after the radata
~ 7:55:22 GDP cmonex radata 90000000 1 is OK
~ 7:55:50 GDP cmonex software download?
~ 7:56:18 cmonex GDP qpst has a config app
~ 7:56:38 cmonex GDP open that one
~ 7:56:43 GDP cmonex I have config com4
~ 7:56:45 cmonex GDP it should see phone on COM4
~ 7:56:48 cmonex GDP ok?
~ 7:56:51 GDP cmonex ok
~ 7:56:54 cmonex GDP good
~ 7:56:56 cmonex GDP close the config app
~ 7:56:59 cmonex GDP go to memory debug app
~ 7:57:03 cmonex GDP dump SMI region
~ 7:57:28 GDP cmonex get regions?
~ 7:58:43 cmonex GDP yes, get SMI region
~ 7:59:01 GDP cmonex just waiting,it working now
~ 7:59:08 cmonex GDP ok
~ 8:02:12 GDP cmonex smi.bin?
~ 8:09:09 GDP cmonex well,three files
~ 8:09:32 GDP cmonex ebi.bin,smi.bin and load.cmm
~ 8:10:30 GDP cmonex so now I can close memory debug app?
~ 8:10:45 cmonex GDP yes
~ 8:10:48 cmonex GDP i need smi.bin
~ 8:10:57 cmonex GDP rar it up and upload somewhere
~ 8:11:30 GDP cmonex e-mail?
~ 8:13:17 GDP cmonex 249KB with rar
~ 8:14:56 GDP cmonex I was sent smi to you with e-mail
~ 8:20:36 cmonex GDP please upload
~ 8:20:39 cmonex GDP rapidshare.com ?
~ 8:20:49 GDP cmonex do you received e-mail?
~ 8:21:44 GDP cmonex no,I'm sent to your msn e-mail
~ 8:22:44 GDP cmonex
~ 8:24:04 GDP cmonex OK?
~ 8:26:20 cmonex GDP ok let me check
~ 8:26:30 GDP cmonex
~ 8:29:30 cmonex GDP wow weird stuff !! hehe
~ 8:29:39 cmonex GDP someone changed a word as DUMMY
~ 8:29:54 GDP cmonex success?
~ 8:30:30 cmonex GDP looks like you can use a custom frankenkais i did a while ago
~ 8:30:31 GDP cmonex or it's wrong?
~ 8:30:33 cmonex GDP download:
~ 8:30:40 cmonex GDP http://hpcmonex.net/htc/kais/FrankenKaiser-1652229test.zip
~ 8:30:56 GDP cmonex thanks
~ 8:30:59 cmonex GDP just use it as you'd use normal frankenkaiser
~ 8:31:17 cmonex GDP you should reset the device
~ 8:31:32 GDP cmonex OK
~ 8:31:38 cmonex GDP make sure to have jocky's SSPL.nb file to load it with frankenkaiser
~ 8:31:47 cmonex GDP so reset, and do the steps as in his thread
~ 8:31:55 cmonex GDP let me know if all ok
~ 8:32:37 GDP cmonex SSPL.nb?I have not SSPL.nb
~ 8:35:08 GDP cmonex I only found a sspl.exe in xda forum
~ 8:36:42 cmonex GDP ok wait
~ 8:37:19 cmonex GDP files are in 1st post of http://forum.xda-developers.com/showthread.php?t=393337
~ 8:37:30 cmonex GDP but make sure you use the custom frankenkaiser i sent you!
~ 8:37:33 GDP cmonex so I use the custom frankenkaiser or nomal?
~ 8:37:35 cmonex GDP ok wait wait
~ 8:37:39 cmonex GDP yu have niki
~ 8:37:43 cmonex GDP dont use kaiser sspl
~ 8:37:46 cmonex GDP i'll give you niki sspl
~ 8:38:09 GDP cmonex thanks
~ 8:42:10 cmonex GDP http://hpcmonex.net/htc/niki/ssplniki.zip
~ 8:42:35 GDP cmonex OK,download success
~ 8:43:48 GDP cmonex so I need to use custom frankenkaiser or nomal?
~ 8:51:25 cmonex GDP custom!!
~ 8:51:29 cmonex GDP FrankenKaiser-1652229test.zip
~ 8:51:50 GDP cmonex OK,so I use it now?
~ 8:53:05 cmonex GDP yes, with niki sspl.nb
~ 8:53:25 cmonex GDP its basically 2 steps, in 1st part you secu unlock, in 2nd part you load niki sspl.nb and unbrick
~ 8:54:10 GDP cmonex unbrick with secu unlock?very good
~ 8:54:58 GDP cmonex let me try to do
~ 8:58:58 GDP cmonex it tips can not find cygwin1.dll
~ 8:59:47 cmonex GDP ok get it from original frankenkais package
~ 8:59:53 cmonex GDP just make sure to use the exe made by me
~ 8:59:55 GDP cmonex ok
~ 9:00:04 GDP cmonex i found the dll
~ 9:05:51 GDP cmonex is it OK?
~ 9:10:25 GDP cmonex now I'm used frankenkaiser and open mtty,next what can I do?
~ 9:11:12 cmonex GDP which step are you at?
~ 9:11:46 cmonex GDP for that step,
~ 9:11:54 cmonex GDP you have to use different commands
~ 9:11:55 cmonex GDP these:
~ 9:11:56 GDP cmonex tips 6 was finish,http://forum.xda-developers.com/showthread.php?t=393337
~ 9:11:57 cmonex GDP mb 9DFFFC
~ 9:11:57 cmonex GDP mw 9DFFFC 1 31313131
~ 9:11:57 cmonex GDP mw 9E0000 1 31313131
~ 9:11:57 cmonex GDP mw 9E0024 1 00000000
~ 9:11:57 cmonex GDP mb 9DFFFC
~ 9:12:13 cmonex GDP please use these commands instead of the ones in thread
~ 9:12:30 GDP cmonex echo_on (the reply in MTTY should be "ECHO ON MODE" setboot 1
~ 9:12:47 GDP cmonex it's same as kaiser?
~ 9:13:19 cmonex GDP wait
~ 9:13:22 cmonex GDP did you use my commands?
~ 9:13:29 cmonex GDP for b and mw
~ 9:13:31 cmonex GDP mb
~ 9:13:45 GDP cmonex no,I don't command anything
~ 9:14:32 GDP cmonex echo_on and setboot 1,right?
~ 9:15:41 cmonex GDP yes
~ 9:15:50 cmonex GDP and then in 7th step, you MUST use my mb and mw commands
~ 9:16:14 GDP cmonex ok,let me try to use your commands
~ 9:16:19 cmonex GDP ok
~ 9:18:44 cmonex GDP looks good?
~ 9:19:31 GDP cmonex OK,but next what can I do?
~ 9:19:51 GDP cmonex I can't see tri-color screen
~ 9:23:11 GDP cmonex I command powerdown
~ 9:23:42 cmonex GDP go to 8a step.
~ 9:24:19 GDP cmonex OK,the next?
~ 9:25:16 cmonex GDP 8a, echo_on works???
~ 9:25:52 GDP cmonex if command powerdown,echo_on do not work
~ 9:26:27 cmonex GDP you need to reboot device
~ 9:26:30 cmonex GDP then echo_on
~ 9:26:53 GDP cmonex command powerdown to reboot?
~ 9:30:25 cmonex GDP you do powerdown
~ 9:30:29 cmonex GDP then remove battery
~ 9:30:31 cmonex GDP then reinstall it
~ 9:30:32 GDP cmonex OK
~ 9:30:34 cmonex GDP go to mtty again
~ 9:30:36 cmonex GDP echo_on
~ 9:30:46 GDP cmonex echo_on is working
~ 9:30:55 GDP cmonex but next
~ 9:32:20 GDP cmonex step 8b?
~ 9:33:30 GDP cmonex or step 9?but I don't have niki unbrick.nb
~ 9:33:55 cmonex GDP its the one i sent you! ssplniki.nb
~ 9:34:04 GDP cmonex thanks
~ 9:34:06 cmonex GDP
~ 9:34:27 GDP cmonex let me try to do
~ 9:34:48 cmonex GDP ok
~ 9:36:36 GDP cmonex frankenkaiser was not tips 7e 02 6a d3 7e,is it OK?
~ 9:38:41 cmonex GDP what did it show?
~ 9:38:48 cmonex GDP you still need to use custom one!!
~ 9:39:06 GDP cmonex yes,it's the custom one
~ 9:39:36 GDP cmonex let me try start at step 8a
~ 9:41:02 cmonex GDP ok
~ 9:41:18 GDP cmonex OK now
~ 9:42:25 GDP cmonex oh,yeah,I can see tri-color screen
~ 9:42:34 GDP cmonex (L)
~ 9:43:22 GDP cmonex so now I can flash HSPL?
~ 9:44:16 cmonex GDP yes
~ 9:44:17 cmonex GDP
~ 9:44:24 cmonex GDP flash niki hardspl
~ 9:44:33 GDP cmonex OK,1.16 is OK?
~ 9:45:24 cmonex GDP yes
~ 9:46:09 GDP cmonex thanks very much
~ 9:47:36 GDP cmonex I have a question
~ 9:48:23 GDP cmonex can I flash a full rom with Splash,OS and radio?
~ 9:50:16 cmonex GDP only after you did hardspl.
~ 9:51:06 GDP cmonex and so I must not use task 2a to fix bad block,do you have another way?
~ 9:55:34 cmonex GDP try task 29 instead of 2a
~ 9:55:46 GDP cmonex thanks
~ 9:55:49 GDP cmonex I'm so sorry for waste your time today,can us be a friend?
~ 9:55:59 cmonex GDP no worries glad to help.
~ 9:56:48 GDP cmonex thanks,it's must too late,you must go to bed now
~ 9:58:19 cmonex GDP yes. sleeping now see you later
~ 9:58:30 GDP cmonex see you
~ 9:58:35 GDP cmonex
如果不行的话可以在这里回贴,
我将尽我所能的帮助你
我的NIKE是在MTTY中执行过task 2a之后又救回来的
Gongmengyang said:
~ 7:33:31 GDP cmonex radio version,yes,I known,let me see
~ 7:33:38 GDP cmonex just wait
~ 7:34:33 GDP cmonex 1.65.29.22
~ 7:35:19 GDP cmonex it's my last full rom radio version
Click to expand...
Click to collapse
In my case I can't even know my radio version...
No data at all on the screen...
sanric said:
In my case I can't even know my ...
No data at all on the screen...
Click to expand...
Click to collapse
radio version it`s not important
try it
i think you run task 2a?
yes, I've (sadly) done it
HI sanric, maybe this thread : http://forum.xda-developers.com/showthread.php?t=379318
I'm stuck in the FrankenKaiser section of the chat-tutorial above...
I can't see any "7e 02 6a d3 7e" output from Franken.
Moreover I cannot understand if I have to close QPST before running Frankenkaiser.
Here are the steps:
radata 90000000 1
close mtty
open qpst
find out that the phone is in dload mode
close qpst
FrankenKaiser-1652229test.exe /dev/com4 ssplniki.nb
(no numbers like the ones above)
Franken tells me to unplug the usb cable. I do it and after I can't do any mw or mb commands with mtty
Where am I wrong?
Related
I have in hand a SPV M3100 from orange and would like to backup the rom.
Can someone help me with this ?
I have done those command already, but don't know what to do after. This is new for me and would like to finalyse this has this rom is new.
pdocread -w -d FLASHDR -p Part00 0 0x31fc00 Part00.raw
pdocread -w -d FLASHDR -p Part01 0 0x2e0000 Part01.raw
pdocread -w -d FLASHDR -p Part02 0 0x32e0000 Part02_0.raw
pdocread -w -d FLASHDR -p Part02 0x2610000 0x800 Part02_1.raw
pdocread -w -d FLASHDR -p Part02 0x2610800 0xccf800 Part02_2.raw
Thanks in advance for the one who will help me....
>
Version d'Opérateur : 14.123.2.733
Version de ROM : 1.23.73.3
Version de Radio :1.06.00.00
Read Upgrading FAQs question #8:
http://wiki.xda-developers.com/index.php?pagename=Hermes_UpgradeFAQ
hi,
i got a german orange spv m3100 , is it possible to use a backup from a french spv m3100?
Theoretically you can use pdocwrite to rewrite the OS portion of the ROM, but I think no one has tried this on the hermes.
from what I understand, in order to dump our Niki/Touch Dual ROMs, instructions are similar to the Kaiser procedure, meaning :
1) download pdocread.exe from http://wiki.xda-developers.com/wiki/XdaUtils/pdocread.exe
2) open command prompt on your PC, then run : "pdocread.exe -l"
3) dump NAND partitions :
pdocread -w -d FLASHDR -b 0x800 -p Part00 0 0x31f000 Part00.raw
pdocread -w -d FLASHDR -b 0x800 -p Part01 0 0x380000 Part01.raw
pdocread -w -d FLASHDR -b 0x800 -p Part02 0 0x4560000 Part02.raw
pdocread -w -d FLASHDR -b 0x800 -p Part03 0 0x8660000 Part03.raw
However, when i try to run "pdocread.exe -l", i get the attached windows error pop-up... Anyone got this error also ?
What OS you use?
WinXP 32Bit, WinXP 64Bit or Vista32/64Bit?
NetrunnerAT said:
What OS you use?
WinXP 32Bit, WinXP 64Bit or Vista32/64Bit?
Click to expand...
Click to collapse
I'm using WinXP 32Bit, with admin privileges
mcoquet said:
I'm using WinXP 32Bit, with admin privileges
Click to expand...
Click to collapse
do you have the 16-bit subsystem installed? slimmed down editions of XP found on the internet usually have this removed
Midget_1990 said:
do you have the 16-bit subsystem installed? slimmed down editions of XP found on the internet usually have this removed
Click to expand...
Click to collapse
i have no idea, but this is a work computer, and I assume that my company does not get pirate copies of Windows
it would be good if i could solve this, i could then dump a french rom
please try a other WinXP Mashine ... for test! Try Windows95 Compatiblity Mode. Try to start with a other User!
For Frensh Rom -> netrunnerat.4shared.com possible i have it ... i have 1 OEM Frensh Roms in the moment (unbranded)!
companies don't use pirate versions
But they strip down the installer on their own very often.
i don't have another xp computer with me, but i'll try with a vista 32...
hello ppl m rutz from india have an HTC touch Dual aka p5500(india)
so i get to the pt .
i saw the new rom wm 6.1 like it so wanted to update mine .....
so as per the instruction
Code:
copy sspl-1.16-nike.exe to your device and run it (usb cable must be connected!)
- after a few seconds "USB" appears on the display
- unplug and replug the usb cable
this pajrt runs sucessfully ...i get a new splash screen showin (for test only . not for sale )
the next 2 steps
Code:
- you can now flash the uspl-1.16-nike.nbh by running ROMUpdateUtility.exe from flash-uspl-niki
- you can also flash the hardspl-1.16-nike.nbh by running ROMUpdateUtility.exe from flash-hardspl-nik
gives me some communication error....and the update is at stuck at 0%
ppl m new to WM .....plz let me know asp abt the updation process as m eger to use WM6.1....
thanx in advance
wrong!
if you start sspl you must in the bootloader! then you flash hardspl! dont reset or restart your device ... read the hardspl thread again ... begin @ the first post and read all sides!
can you dump your india rom first? i havent it and possible you need it in some days :->
dude m new to this tell me how to dump it ....willl dump it and upload it ......and plz gimme step by step instrution of installation ......plzzz help m ...i did not undersand a word ...can we talk on IM ...Yahoo or Hotmail....
[email protected]
[email protected]
we will help you doing it. please wait a few minutes ok?
To dump your Niki ROM follow the instructions:
1) READ and download pdocread.exe from http://wiki.xda-developers.com/wiki/...s/pdocread.exe
2) open command prompt on your PC, then run : "pdocread.exe -l"
3) dump NAND partitions :
pdocread -w -d FLASHDR -b 0x800 -p Part00 0 0x31f000 Part00.raw
pdocread -w -d FLASHDR -b 0x800 -p Part01 0 0x380000 Part01.raw
pdocread -w -d FLASHDR -b 0x800 -p Part02 0 0x4560000 Part02.raw
pdocread -w -d FLASHDR -b 0x800 -p Part03 0 0x8660000 Part03.raw
Hi,
I have a new UK/EU WWE Raphael:
ROM 1.90.401.1 WWE
Date 08/01/08
Radio 1.02.25.19
Protocol 52.33.25.17H
I would like to know how I can dump my ROM making a safe copy just in case of failures of ugrades.
Thanks.
Take a look here. Just a reminder : pls use search button I'm here as a friend, but get ready to be flamed by others/mods.
Thx,
I searched, but didn't came out anything useful :-(
huh????
the link the guy gave has step by step instructions?
1. First of all is to Dump the ROM from your device.
Here are the proces (thanks to RezzZ)...
HTC Touch Pro DUMP:
Open a reg editor (dooFred TaskManager, TotalCommander or PHM Registry...) on your Touch Pro
Change:
HKLM\Security\Policies\Policies
valuename '00001001'was set to dword:2, change it to dword:1
After this change you need to soft reset your device.
Download itsutilsbin (http://www.xs4all.nl/~itsme/projects/xda/tools.html)
Extract the zip file and copy itsutils.dll to \windows on the Touch Pro (don't do it using ActiveSync, instead copy the file first to SD, and using TotalCommander or Resco Explorer copy from SD to \Windows).
Run (copy paste):
“pdocread.exe -l” (it’s the letter L not a 1)
you get something like:
Code:
457.75M (0x1c9c0000) DSK1:
| 3.12M (0x31f000) Part00
| 4.50M (0x480000) Part01
| 126.50M (0x7e80000) Part02
| 323.63M (0x143a0000) Part03
7.61G (0x1e6e80000) DSK7:
| 7.60G (0x1e6a80000) Part00
.....
Now run:
“pdocread -w -d DSK1: -b 0x800 -p Part00 0 0x31f000 Part00.raw”
“pdocread -w -d DSK1: -b 0x800 -p Part01 0 0x480000 Part01.raw”
“pdocread -w -d DSK1: -b 0x800 -p Part02 0 0x7e80000 Part02.raw”
“pdocread -w -d DSK1: -b 0x800 -p Part03 0 0x143a0000 Part03.raw”
notice the part before Part0X.raw is the same as you got with pdocread.exe –l, same for the name of the disk.
dumping part02 and 03 wil take some time. be patient.
After dumping the ROM you'll have 4 RAW files. Move in one folder the Part01.raw that contains the XIP and Part02.RAW that contains the IMGFS, both needed for the reconstruction process.
2. Download the WWE BaseROM to use in the reconstruction process here http://rapidshare.com/files/138980371/RUU_Raphael_HTC_WWE_1.90.405.1_Radio_Signed_Raphae l_CRC_52.33.25.17_1.02.25.19_Ship.exe
3. Download the Raphael Kitchen v0.61 here, that allows to reconstruct the ROM from the dump. The Raphael Kitchen allows to cook a ROM from a dumped one and from base NBH shipped one. You need to put the NBH file from the step before in the BaseROM folder (the Shipped ROM is a huge EXE file, and you'll need WinRAR to extract the content), and put the RAW files too.
Then execute the RAPHAELKITCHEN.CMD and choose the next options from the menu it this order:
e, b (for dumped ROM),space key, c, a, press BuildOS Play icon and wait to finish, Close BuildOS, close PagePool Changer and press space to go back to main mene. As a result of this process you will have a RUU_Signed.NBH file you can flash on to your Touch Pro to go back using the F option from main menu.
Click to expand...
Click to collapse
if your having any problems with any of this i would post in that thread, i followed the instructions step by step and managed to do it farily easily, try and post what problems and im sure some one will help you (cant promise it would be me as im busy next week but will have a look if you at least try )
thanks to jcespi2005 and hang.tuah for their awesome contributions
Hi all!
It is possible to downgrade the P6500 from WM6.1 to WM6?
If i have one device with W6.0, can i extract the ROM from it ?
Anyone have a WM6 original shipped french (1.10.406.63) ROM?
Thanks in advance!
Any ideas?
pls
Amokh said:
Any ideas?
pls
Click to expand...
Click to collapse
yes it is..
amokh if you have one device with a rom you want and want to put it on the other device ... yes it can definitely be done...
you need Qmat
and a kaiser kitchen
what works for kaiser works for sedna...
read other post as well as all you need has already been discusssed in other forums on this site... just takes time to find it... everybody had to do it , me included, so happy hunting
ask questions if you need help
ill do what i can...ok
also hard spl your device if you dont want to turn it into an expensive brick!
Thank you gardee005 for your answer...
My first idea was to take a WM6 WWE and trying to translate/ cook it with french files extracted from an WM6.1 french original shipped rom...
I have find the mui files, witch contains the lang, but i dont succeed to add to the OS.nb...
Other idea was to dump the ROM from the device with WM6 french, for that i tried to use itsutils pdocread.exe, according pof`s instructions for dumping Kaiser ROM
but, i have obtain this:
C:\itsutils\build>pdocread.exe -l
210.63M FLASHDR
| 3.12M Part00
| 3.63M Part01
| 78.50M Part02
| 125.38M Part03
980.00M DSK1:
| 980.00M PART00
STRG handles: 474f0f92(980.00M) 87484922(125.38M) 074b3d82( 78.50M) c74b3d5e(3.63M) 874b3aaa( 3.12M)
I don't know, how to dump them, because i don't have obtained the hex addresses, to proceed dumping...
How to do it??
As far as i know, i have to obtain something like:
3.12M (0x31f000) Part00
| 3.50M (0x380000) Part01
| 69.38M (0x4560000) Part02
| 134.38M (0x8660000) Part03
according to pof`s instructions, and i need to dump it like this:
"pdocread -w -d FLASHDR -b 0x800 -p Part00 0 0x31f000 Part00.raw
pdocread -w -d FLASHDR -b 0x800 -p Part01 0 0x380000 Part01.raw
pdocread -w -d FLASHDR -b 0x800 -p Part02 0 0x4560000 Part02.raw
pdocread -w -d FLASHDR -b 0x800 -p Part03 0 0x8660000 Part03.raw"
i have also change :
"HKLM\Security\Policies\Policies
valuename '00001001' was set to dword:2 to dword:1"
and now, what`s next?
http://rapidshare.com/files/85341969/kaiserkitchen_01-20-08.rar.html
get this kitchen... and qmat...
with this kitchen you should be able to extract the ROM and put it in the other device... you have part01 and part02 and get any ROM (.nbh file)
open KAISERKITCHEN.CMD in the kitchen then press m and u will see
let me know if this works..
then for step 9 use qmat to rebuild flashable ROM...
also this is not the kaiser so things wont be exactly the same but all should work...
also the radios on WM6.1 and WM6 dont mix..so u gotta have WM6 complete rom before u flash only WM6 OS rom..
please dont send private messages...ok
thanks for the kitchen.
still unable to extract it...how can i obtain the dumped part01 and part02 files?
I suppose that it must be extracted from device...but how?
here is the menu:
Requires RUU_signed.nbh in BaseROM folder
(1a) Extract NBH Content from shipped ROM
(2a) Extract IMGFS from shipped ROM
(3a) Extract XIP from shipped ROM
Requires RUU_signed.nbh, dumped part01.raw and part02.raw in BaseROM folder
(1b) Extract NBH Content from cooked ROM
(2b) Extract IMGFS from cooked ROM
(3b) Extract XIP from cooked ROM
(4) Copy ROM XIP
(5) PKGTool
(6) Move OEM and SYS
(7) Delete Boot
(8a) BuildOS
(8b) BuildOS+Package_Tools-2.7
(9) Create Kaiser ROM
(10) HTC ROM Tool
(11) Clean Up Temp files
(12) PagePool Changer
none of them cannot extract from device...or i`m doing something wrong?
now i`m confused...
u said you you got Part01 and part02 in your previous post...
but, i have obtain this:
C:\itsutils\build>pdocread.exe -l
210.63M FLASHDR
| 3.12M Part00
| 3.63M Part01
| 78.50M Part02
| 125.38M Part03
is this true .. that you got this ?
search in the kaiser threads ... im like you ..i dont know much! just gotta try and fail many times and search and search ...
but did you get part01 and part01 while you device was connected by activsync ?? You said you did... and if you got them then ur just there..
the kitchen i gave you is for use when you have part01 , 02 and ***.nbh.
I have never extracted a ROM from a device.... i have cooked ROMs but always worked with english ROMs, so i know how to dump , edit and recompile a ROM for flashing...
Also make sure you give things enough time to run.... not just when they say Done... sometimes ther are still running and you will see a flashing _ when its finished...
Amokh said:
but, i have obtain this:
C:\itsutils\build>pdocread.exe -l
210.63M FLASHDR
| 3.12M Part00
| 3.63M Part01
| 78.50M Part02
| 125.38M Part03
980.00M DSK1:
| 980.00M PART00
STRG handles: 474f0f92(980.00M) 87484922(125.38M) 074b3d82( 78.50M) c74b3d5e(3.63M) 874b3aaa( 3.12M)
Click to expand...
Click to collapse
i have obtain the list of the partitions, and i was trying to dump them...
Amokh said:
I don't know, how to dump them, because i don't have obtained the hex addresses, to proceed dumping...
How to do it??
As far as i know, i have to obtain something like:
3.12M (0x31f000) Part00
| 3.50M (0x380000) Part01
| 69.38M (0x4560000) Part02
| 134.38M (0x8660000) Part03
Click to expand...
Click to collapse
it must obtain something like this, for having the "0x31f000, 0x380000...etc " adrreses for start the dumping procedure...
Amokh said:
according to pof`s instructions, i need to dump it like this:
"pdocread -w -d FLASHDR -b 0x800 -p Part00 0 0x31f000 Part00.raw
pdocread -w -d FLASHDR -b 0x800 -p Part01 0 0x380000 Part01.raw
pdocread -w -d FLASHDR -b 0x800 -p Part02 0 0x4560000 Part02.raw
pdocread -w -d FLASHDR -b 0x800 -p Part03 0 0x8660000 Part03.raw"
Click to expand...
Click to collapse
and just after that you get the part01 and part 02...
It`s almost 3 weeks, since i have started to work on this issue, and still no solution...it`s depressive already
i think since i have the part01 and part02, i will able to reconstruct it to a flashable ROM...the only issue is to get them...
have you ever change the language by cooking a ROM?
if i will start extracting the french language from WM6.1 ROM (shipped), and put it to an WM6 WWE (shipped or not) can you help me with some instructions?
It seems like the -l option doesn't quite work, it didn't show the addresses required for dumping, so I followed an other way to get the address described (wiki /index.php?pagename=Hermes_HowtoDumpRom) but also adding the -b 0x800 option (/showthread.php?t=334680).
So basically you are doing -l get the partition names, after one by one get the addresses like this:
pdocread.exe -w -d FLASHDR -b 0x800 -p Part00 -t
real nr of sectors: 1598 - 3.12Mbyte (0x31f000)
pdocread.exe -w -d FLASHDR -b 0x800 -p Part01 -t
real nr of sectors: 1856 - 3.63Mbyte (0x3a0000)
..
now to dump
pdocread.exe -w -d FLASHDR -b 0x800 -p part00 0 0x31f000 part00.raw
pdocread.exe -w -d FLASHDR -b 0x800 -p part01 0 0x3a0000 part01.raw
..
so ur on the way... let me know if its sucessful !!
sorry if i did not help much but i only know a little..
Success!!!
It`s working!!
After i have obtain the part01 and part02.raw,it was not so difficult...using the kaiserkitchen...and finally rebuild .nbh with Psas to a flashable file!
Now i will test it for a few days, to see how stable is...
Thank you gardee005 for the kitchen and for your help, it is very good feeling to cook...
good to hear.... whats Psas?
it not so difficult when you know how, did you use Qmat to rebuild the .nbh file or the kaiser tool? i never use the kaiser tool but qmat only so if u used it and it worked id like to know.
anyway nice to hear you succeded
Psas is the newer version of Qmat...
nice tool .. it has what u needed .. Hardware forensics>WinCE ROM util...
and you get part00 and offseto1x0031f00 etc.
then right click and you can dump..