Related
( Sorry for my english, i'm french)
I would like to thank all those which take part to make live this forum.
But I am lost a little.
I read the pages of the forum for a long time but I still put myself questions.
I just have upgrade my Himalaya to WM5 1.60cWWE.
I would like to know if it is the last version at present.
What are all the stages has to follow to benefit the maximum of the memory of my Himalaya with WM5?
My Device informations:
- RAM size 128 MB
- Flash size 32 MB
- Storage size 95.59 MB
I saw that certain people have a directory named Storage + a directory named Ramdisk. Why?
Can we install programs in Storage and Ramdisk?
I know that certain these question were already put but I want to be sure.
Thanks
could anyone who has a Hermes with NAND blocks they've corrupted please contact me; I've modified the SPL to ignore bad NAND blocks, although I have no idea if it actually works or not, so anyone who has bad blocks and has a way of getting my SPL onto their phone please contact me.
I've an hermes from a friend with bad blocks on NAND here... device is still usable, so I can install the SPL and try.
Also I have a unusable device with Bad Block, I have bootloader 1.06 (without KITL mode).
tedes
bad blocks, extROM can't installed automatically
Count me in....
I have bad blocks and I'm suspecting these are causing the extended rom can't installed automatically everytime I upgraded ROMs. When I unlocked and mounted, it shows nothing in this \extended_rom folder and it has only 0.6Mb capacity. Any clues?
abe505 said:
Count me in....
I have bad blocks and I'm suspecting these are causing the extended rom can't installed automatically everytime I upgraded ROMs. When I unlocked and mounted, it shows nothing in this \extended_rom folder and it has only 0.6Mb capacity. Any clues?
Click to expand...
Click to collapse
ExtROM is separate from OS ROM... God knows how you'd manage that.
Just curiosity...
Does any of you managed to clear these Bad Blocks marks using Olipro's miracleous SPL?
I hv dared to do..now I hv 13.4 MB of staorage out of which 6 MB is free..
Can any one help freeing some files from Windows...
Hi,
As I'm a curious electronics engineer type, I have a few questions regarding the IPL, SPL and CE kernel.
1. Am I correct in thinking that the IPL simply loads the SPL into RAM and starts executing it?
2. Is the SPL providing the low level flashing interface and the setup code necessary to load the kernel into RAM? Does it provide any low level interfaces for the CE kernel?
3. I note that the OS portion of my flash has three partitions, what are the first two small ones for?
I've had a search on the net and I can't find many detailed answers to these questions so I thought I'd ask them here. Any help is greatly appreciated.
sjbale said:
Hi,
3. I note that the OS portion of my flash has three partitions, what are the first two small ones for?
Click to expand...
Click to collapse
The first two contain the OS core in XIP format (although they still need to be copied to RAM before execution). One is the kernel for normal operation, the other is used when Windows Update flashes the ROM (it'll not overwrite anything, just add to the existing data). They can be dumped from a ROM upgrade file and edited with RomMaster and dumprom.
The third partition is an IMGFS file system. It contains all the other files needed to make your device work. It can be dumped from a ROM upgrade file and edited with the Imgfs Tools.
There is actually a forth partition in the partition table - the Storage area. This is a FAT partition. It is only in the partition table, but there is no additional data in the ROM packages. During a hard boot, the OS will format that partition.
Cheers
Daniel
Thanks for the reply. I didn't think that the CE kernel was loaded during the flashing process, I thought the SPL provided the flash interface?
Out of curiosity if am I correct in thinking that the only way to brick the device is to damage the IPL/SPL or bugger up the radio ROM so that the SPL can't return a CID. If the actual OS portion of the flash contains bad blocks will this still prevent future flashing?
sjbale said:
1. Am I correct in thinking that the IPL simply loads the SPL into RAM and starts executing it?
Click to expand...
Click to collapse
Not "only", it initializes the hardware (processor, sdram, etc...), setups the physical to virtual mapping table, reads SPL from NAND puts it into RAM and jumps into its address.
If you want it more in depth, disassemble the IPL.nb file with IDA Pro. Code entry point at 0x0000000. And consult the SC32442A processor manual while following its flow.
sjbale said:
2. Is the SPL providing the low level flashing interface and the setup code necessary to load the kernel into RAM?
Click to expand...
Click to collapse
Yes.
Again, IDA Pro is your friend In hermes the SPL expects to be executed from virtual address 0x8c080000 which is physical 0x30080000.
sjbale said:
am I correct in thinking that the only way to brick the device is to damage the IPL/SPL or bugger up the radio ROM so that the SPL can't return a CID.
Click to expand...
Click to collapse
Yes, you are correct. It is also possible that NAND blocks are marked as bad when incorrectly flashing service byte 517th, read more on Des comment here.
sjbale said:
If the actual OS portion of the flash contains bad blocks will this still prevent future flashing?
Click to expand...
Click to collapse
Depending on how many bad blocks. I've seen a hermes die completely during the 2nd flash on a NAND with a lot of marked bad blocks.
Okay, I think I understand. So once the 517th byte of a flash block it set to non 0xFF it's permanent and can't be restored? The next flash won't be able to write to that block? Hmmh, dangerous!
Now all I need to do is find the £300+ quid for an IDA pro license. I'd better get back to what I'm supposed to be doing, time to put my RF hat back on
Yes, that's right. We haven't found a method to restore yet, but sure it is possible to do it because the marked bad blocks are not real bad blocks.... probably the way to go is patching a SPL which will never flash service data bytes from data taken of a file. Des and Olipro know more on this matter, you should ask them if you really want to get involved on some development
BTW, you can use the IDA Demo version available for free download if you don't want to spend the money just for disassembling IPL & SPL.
And there are other free alternatives, I sometimes use radare which is very helpful too, but you should have a *nix system.
Hi all.
Not having a WM or Android device around, and wanting to create a gold card for my Mozart, I managed to put together a bit of software using some resources from the web and made an application that appears to do just this.
You basically just insert your SD card into the laptop card reader, run the app as admin, and click Read CID.
Note: IT MUST BE A LAPTOP CARD READER THAT IS NOT VIA A USB ROOT DEVICE - USB CARD READERS ARE NO GOOD
Requirements:
Well, at this stage just give it a go on as many laptops as you can find until it works, and post back what did and didn't work for you.
It seems about a 40% chance it will work, so try on a couple if it doesnt at first.
It will return it pre-reversed and ready for the Gold Card website - and the number works.
I have already successfully created a gold card using the number provided by the tool!
Download from here: http://rapidshare.com/files/452275274/GoldCardHelper.exe
Good Luck!
im ready to try on my htc 7 mozart so halla me back thanks
Hey otech. Fellow aussie here with Mozart on Telstra.
Will be happy to test.
Hi guys,
Some other testers have reported it does not work on 32bit windows.
If you have a laptop with x64, post again and I will pm you the link.
Cheers
Count me in. I've Win7Pro x64 and pretty interesting microSD
Happy to help
Hi otech
I meet the hardware and sotware requirements. I don't know if I will be able to help but by all means let me have the instructions and I will see what I can do.
Cheers
andrew-in-woking
Pls count me!
Thanks
I'd like to give it a try as well
I've got a macbook pro with bootcamp and parallels - I can check both
hidden_hunter said:
I've got a macbook pro with bootcamp and parallels - I can check both
Click to expand...
Click to collapse
Sorry for the delay all, I was hoping to have permission from the author of the code I modified, but he has'nt replied for over a week.
So instead, I placed a link to the source of the code (a freely viewable blog) on the application itself.
Basically this app extends the work he did by fixing a couple of little issues with his code, and modifying it to return the number needed for the goldcard website.
Let me know how it goes guys!
@OTech, no good here, Win7pro, 64 bit, Toshiba laptop with built in SD card reader. Used a 512 MB micro SD in a regular sd adapter, "no sd card found on a compatible device"
I've tried your and original code and it looks like NativeMethods.DeviceIoControl does not actually update SffdiskQueryDeviceProtocolData's instance leaving GUID in it empty => isSD returns false for actual SD card..
here's what original author commented on his tool:
"Works only with SD cards plugged into a reader attached directly to the pci bus, it doesn't work with usb readers, you need admin rights for the call, it needs to be compiled for x86 instead of AnyCPU, it's flaky..."
I was trying on my hp 2740p and apparently card reader isn't on pci bus. I gave it a shot on Win7x86 on Samsung Q35 (3 years old laptop) and it worked on it just as expected.
pedaah said:
@OTech, no good here, Win7pro, 64 bit, Toshiba laptop with built in SD card reader. Used a 512 MB micro SD in a regular sd adapter, "no sd card found on a compatible device"
Click to expand...
Click to collapse
This is crazy, I developed this on a toshiba with x64.
I also have another tester for whom it worked straight away.
nayato said:
here's what original author commented on his tool:
"Works only with SD cards plugged into a reader attached directly to the pci bus, it doesn't work with usb readers, you need admin rights for the call, it needs to be compiled for x86 instead of AnyCPU, it's flaky..."
I was trying on my hp 2740p and apparently card reader isn't on pci bus. I gave it a shot on Win7x86 on Samsung Q35 (3 years old laptop) and it worked on it just as expected.
Click to expand...
Click to collapse
Really?!
Thats bizarre if it worked and your reader isn't directly on pci. From what the original author wrote, the USB root device would receive the call instead of the reader.
So it produced a CID for you? Did it work? Was it 128bit?
Original app from jo0ls worked on Samsung Q35 with 32bit, neither of tools worked on 2740p with 64bit. Here's what I got:
\\.\PhysicalDrive1 G:\
--------------------
Raw CID Bytes: 7B-00-56-5A-3B-02-10-20-20-44-53-55-56-53-1C-00
--------------------
Manufacturer ID: 1c
OEM ID: SV
Product Name: USD
Product Revision: 1.0
Product Serial Number: 023b5a56
Manufacture Date: 11/2007
--------------------
Raw CSD Bytes: 00-40-96-9F-FF-B7-6D-CA-83-59-5F-32-00-2F-00-00
--------------------
CSD Version 2 bit value: CSD Version 1.0
Data Read Access Time 1 (TAAC): 20ms
Data Read Access Time 2 (NSAC): 0
Max Data Transfer Rate: 25Mbit/s
Card Command Classes: 010111110101
Max Read Data Block Length: 9
Partial Blocks For Read Allowed: True
Write Block Misalignment: False
Read Block Misalignment: False
DSR Implemented: False
Device Size: 3881
Max Read Current @ VDD Min: 35mA
Max Read Current @ VDD Max: 45mA
Max Write Current @ VDD Min: 35mA
Max Write Current @ VDD Max: 45mA
Device Size Multiplier: 15
Erase Single Block Enable: True
Erase Sector Size: 128
Write Protect Group Size: 32
Write Protect Group Enable: True
Write Speed Factor: 32
Max Write Data Block Length: 2^9
Partial Blocks For Write Allowed: False
File Format Group: False
Copy Flag (OTP): False
Permanent Write Protection: False
Temporary Write Protection: False
File Format: 0
Awesome, glad to see it actually working on 32bit - there's hope yet.
So what do you think?
Drivers play a big part? Jo0ls seemed to elude to drivers being an issue.
Now I've successfully used this CID and made a gold card. I don't know what might be the cause here. Both readers have MS-issued drivers, the one in 2740p is dated as Jun 2006th - SDA Standard Compliant SD Host Controller. As both of drivers are generic I somewhat doubt that it's driver's fault but again - apparently they're different (x86 vs x64). I also believe that x64 version of Windows has more tight security (e.g. no way to just install unsigned driver without some tweakery) - maybe that has something to do with our issues.
Anyhow, thanks for your work and heads up on approach! I actually couldn't get my SD's CID using WinMo device so this is a relief for me
Wow, thank you very much. I've been having trouble with the CID. The WMPhone method seems to have been giving me a wrong number :S
It didnt work on any HP/Compaq SD card readers they all seem to have usb versions built in. worked great on an Acer Win7 32bit though!
Great news guys, so I guess what we can take from this is that it's just totally luck as to whether the thing will work for you, and to try as many laptops as you can until you find one that works.
Given both you guys had success on 32bit systems, I will remove that requirement and emphasise the luck factor
Thanks for your detailed feedback too, most appreciated.
I had some problems with this HTC HD2 with the phone turning itself off every now and then. So gave it a hard reset, and I tried flashing it with a official ROM that I downloaded from the HTC website (serial number entered). During this ROM flash something obviously went wrong...
This is a standard non-branded phone which only had official software on it.
Now I can only startup at boot-screen, also when I try to flash it with an official ROM I get an ERROR [244] INVALID MODEL ID (See attached image). My guess is that it tries to compare the MODEL ID in the software with the MODEL ID on the phone. As you can see on the attached image, the top line where the model Id used to be has been replaced with some strange characters.
I even tried flashing it with HSPL4 because I thought this would ignore the MODEL ID and enable a new ROM flash, but with a similar MODEL ID ERROR as a result...
How can I make this phone work again and/or flash it with some ROM get it started again?
Please help me out...
A few days ago I would have been sympathetic and said I've seen this several times, but never seen it solved
BUT
Then this thread happened....
http://forum.xda-developers.com/showthread.php?t=1182215
Read that, follow the advised mtty instructions and please post results.
That looks promising... Thanks for pointing this out to me.
I will try that tomorrow morning and will post the results.
Thanks again, I was about to give up on my baby but hope is gloring again
Well... I guess I killed it with the suggestion you gave me...
I followed the list of MTTY commands and after the last command it went black and I cannot get the HD2 back in boot-mode again. The screen is black and stays black...
This is the feedback I got in MTTY:
info 8
--- 2K bytes sector version ---
DEVICE NAME=hynix_h8BES0UQ0MCP
DEVICE ID=0xBC
DEVICE MAKER ID=0xAD
PAGE SIZE=0x800
TOTAL PAGE SIZE=0x840
BLOCK COUNT=0x1000
BLOCK PAGE=0x40
Checking block information
BLOCK 0 (0x0) is reversed block
BLOCK 1 (0x1) is reversed block
BLOCK 2 (0x2) is reversed block
BLOCK 3 (0x3) is reversed block
BLOCK 10 (0xA) is reversed block
BLOCK 11 (0xB) is reversed block
BLOCK 12 (0xC) is reversed block
BLOCK 13 (0xD) is reversed block
BLOCK 14 (0xE) is reversed block
BLOCK 15 (0xF) is reversed block
BLOCK 28 (0x1C) is reversed block
BLOCK 29 (0x1D) is reversed block
BLOCK 30 (0x1E) is reversed block
BLOCK 31 (0x1F) is reversed block
BLOCK 715 (0x2CB) is bad block
BLOCK 717 (0x2CD) is bad block
BLOCK 921 (0x399) is bad block
BLOCK 1960 (0x7A8) is bad block
BLOCK 3091 (0xC13) is bad block
OS NOT FOUND !!!
Cmd>task 2a
Format ALL start
backup SPL OK
backup MISC configuration OK
SPL start start block=497, total block of CE=3599
erase_page - error bad status: 0xB791D500
ERASE block 1960 FAIL !!!
Write 0xFF start page=0x7C40, total page=0x383C0
SPL check fail, actual:0x6B6D738E, expected:0x30353638
Wrong image, flash rejected
format ALL, restore SPL failed, addr=0x50000000
Format ALL end
Cmd>task 29
Format BINFS start
Fill RSVD information for block 497 to 530
CE start start block=530, total block=3566
erase_page - error bad status: 0xB791D500
ERASE block 1960 FAIL !!!
TAG NOT FOUND !!! NOT CLEAR STORAGE !!!
read_page - error bad status 0: 0x00E03030
read_page - error bad status 0: 0x00E02030
read_page - error bad status 0: 0x00E01030
read_page - error bad status 0: 0x00E00030
c, Read block ERROR on page ID 0x7DC0
Format BINFS end
Cmd>task 8
Anybody any suggestions from here? Or should I start looking for a shovel?
For me looks rather like a shovel
Seems your NAND which keeps ROM and especially its reserved, special addresses which keep extremely important code (ie. BOOT and SPL procedures) are unrecoverable and completely destroyed.
Search for the threads about bad NAND blocks, but seeing the addresses and number of bad and reversed blocks I wouldn't expect too much... sincere sympathy
Ahh that's a shame.
The advice then is what I would normally give for corrupted deviceID ..... I've never seen it fixed except that one thread, and JTAG / new mainboard are the only solutions.
My condolences. Feel free to hate me, if it helps.
Ah, well... It was worth the try...
I don't blame anybody for my bricked HD2. It is more the opposite; I have great respect for people who unselfishly take the time to help me out with things I know nothing about .
From what I understood is buying a new motherboard almost as expensive as buying a new phone; ergo no option... The phone itself is fine, everything works, only the NAND needs to be recovered.
If there is somebody in the Netherlands (preferably NH) who has - and knows his way with - JTAG, and who is willing to help me resurrect my HTC HD2, please let me know!
He... Al those experts on board here... And nobody has a JTAG for a HTC HD2?
Come on guys... Help me out here...
yesterday i was just trying to flash a new rom (CrossbowHD2 v0.8.2) like always. but the process stock at 78% and i couldn't do anything except disconnecting the usb cable and using task29.
after that, i tried all roms but i couldn't flash any of them. so i tried to use stock rom. but after that, same thing that happened to you, happened to me
and i tried everything i could do, search a lot but no success
so this way, i lost my clean and beautiful friend after about two years...
just really sad
I have solved the problem that way.
I have exactly the MTTY characters with a hex editor as a Platform Model ID:ß¾ÿ»ÿÿ÷ÿÿÿwÿÿÿ÷ÿß÷?ÿ·÷÷ßÿÿßúÿ¿outputs, purely written in a" RUU_signed.nbh "?
Ich habe mit einem Hexeditor exakt die Zeichen die MTTY als Platform Model ID:ß¾ÿ»ÿÿ÷ÿÿÿwÿÿÿ÷ÿß÷?ÿ·÷÷ßÿÿßúÿ¿ ausgibt, in ein "RUU_signed.nbh" reingeschrieben
Cmd>info 0
Platform Model ID:ß¾ÿ»ÿÿ÷ÿÿÿwÿÿÿ÷ÿß÷?ÿ·÷÷ßÿÿßúÿ¿
look at pocketpc.ch/htc-hd2-rom-upgrade/136153-hd2-id-244-fehler-kommt-nur-bootlader.
Post 10-12