Goal: S-off HOX+ (TEGRA3) - HTC One X+
Hey guys, as i said above, i want to get the HOX+ S-off'd (and maybe the HOX if it's not already, not checked) if anyone has idea's and so on, run through on this thread lets get this ball rolling!!
Moderator Warning
Keep discussions speisifc to the goal of getting S-off on the device. All other discussions will be deleted.
IHTC One X+ Infos will be adapted to this as soon as possible.
Names for the devices are:
Model ID: PM35110
Model Name: S728e
aka One X+
Model ID: PJ46100 aka
Model Name: S720e
aka One X
So as the title says, we're facing the problem of not having S-OFF yet, although the One X (S720e) has been released nine months ago. The One X+ is newer but since it has the same processor family, it's accountable to this project. It's possible to unlock the bootloader via HTCdev but it doesn't gives us S-OFF. The Unlock via HTCdev gives us only partially control over Bootloader and Recovery. Since it's release date, some great Devs including Xmoo, Football, Mike1986 and more tried to disable the security check. Unfortunatly without a solution for the masses. Also the One X+ (S728e) is relatively new on the market, so THIS is maybe the first thread in the world regarding S-OFF on the S728e Unlike on other HTC phones, on which hardware solutions like the XTC-Clip, or software solutions like revolutionary or any similar software did the job, on the One X they're not going to work. At the moment the only known method is the official HTC's way.
Ways to set the devices S-OFF
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
--------------DIAG + JAVCARD Route--------------
Infos I could gather. At the moment these infos are only valid for the S720e:
monx® said:
Basically u need adb/android SDK before proceed.
[WITH ROOT ACCESS]
[+] Dump/copy boot.img
Code:
Command prompt :
> adb shell
> su
> dd if=/dev/block/mmcblk0p4 of=/sdcard/boot.img
More partition/img availabe to dump. Will update later.
[WITHOUT ROOT ACCESS]
Currently only /system is usable
1) Android SDK (just need adb)
2) Download busybox
3) Command prompt :
> adb push busybox /data/local/busybox
> adb shell
> cd /sdcard/
> chmod 755 /data/local/busybox
> /data/local/busybox tar cvf sysdump.tar /system
4) Ignore tar: error exit delayed from previous errors'. Is done correctly.
----------------------------------------------------------------------
Just finished dumped my semi-virgin One X system partition from SEA WWE stock ROM .
The file would be OneX_SEA_WWE_1.26.707.2_SYSTEM_DUMP.zip 558.3 MB
Click to expand...
Click to collapse
Radio (The Radiomodule on S720e is an Intel X-Gold 626 chip [XMM6260]) location (xmoo's post Radio) Documentation of the Radio chip and direct download:
xmoo; said:
Mike found out Radio is probably: \system\etc\QUO_6260.fls.clean
7.96MB
Commands located in QUO_6260.fls.clean
CALIB_NVM
DYNAMIC_NVM
STATIC_NVM
SEC_DATA
PSI_RAM
If I could believe the following:
Found the same commands in a datasheet: "MSM3000Qualcomm, Inc.MOBILE STATION MODEM"
http://www.datasheetarchive.com/MSM3000-datasheet.html
So guess we got the Radio located!
Click to expand...
Click to collapse
Possible Hboot location (blubber's post Hboot):
blubber; said:
xmoo; said:
How do you know this?
/EBT does not excist on my phone.
mmcblk0p2 -> /dev/block/platform/sdhci-tegra.3/by-name/WDM
mmcblk0p16 -> /dev/block/platform/sdhci-tegra.3/by-name/DUM
mmcblk0p17 -> /dev/block/platform/sdhci-tegra.3/by-name/MSC
mmcblk0p20 -> /dev/block/platform/sdhci-tegra.3/by-name/PDT
Click to expand...
Click to collapse
of course it does not exist as i have written a few times before!
it is not accessible with a stock kernel!
i know it is there:
Code:
130|[email protected]:/ # hexdump -C /dev/block/mmcblk0|grep EBT
000000e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
and the EBT partition does contain the bootloader!
Click to expand...
Click to collapse
CID Check needs to be bypassed (xmoo's post CID check)
xmoo said:
Guys, the diag files have "CIDNUM: 11111111" in it.
Can't change it cause the file gets corrupted.
So only way to boot it up is by passing the CID check.
This is were the Smartcard or Goldcard comes in.
We tried the one from http://psas.revskills.de/?q=goldcard with no success.
I remember for some devices you had to change 00 to 11, or something like that.
Maybe this has to be done for this device aswell. Also I remember something that SDHC cards were not supported, or they are... been a long time ago.
So your help is need.
Create a goldcard which works.
Remember to test it like this: http://forum.xda-developers.com/show....php?t=1714056
Thank you.
Click to expand...
Click to collapse
Partiton list (Football's post Partition list)
Football said:
After intensive digging in some stuff I have found this. This is whole partition list for One X with all addresses and lengths of partitions...
Code:
[partition]
name=BCT
id=2
start_location=0x00
size=0x400000
[partition]
name=PT
id=3
start_location=0x400000
size=0x200000
[partition]
name=EBT
id=4
type=bootloader
start_location=0x600000
size=0x400000
[partition]
name=DIA
id=5
type=bootloader
start_location=0xA00000
size=0x400000
[partition] (Board Information)
name=BIF
id=6
start_location=0xE00000
size=0x200000
[partition]
name=GP1
id=7
start_location=0x1000000
size=0x200000
### WLAN firmware ###
[partition]
name=WLN
id=8
start_location=0x1200000
size=0x600000
#filename=wlan.img
### WLAN Data + MFG Data ###
[partition]
name=WDM
id=9
start_location=0x1800000
size=0x200000
filename=WDM.img
### Radio Calibration Data ###
[partition]
name=RCA
id=10
filesystem_type=ext3
start_location=0x1A00000
size=0x600000
### Linux Kernel OS ###
[partition]
name=LNX
id=11
start_location=0x2000000
size=0x800000
filename=boot.img
### Recovery ###
[partition]
name=SOS
id=12
start_location=0x2800000
size=0x800000
filename=recovery.img
### PG1FS ###
[partition]
name=PG1
id=13
start_location=0x3000000
size=0x1000000
### PG2FS ###
[partition]
name=PG2
id=14
start_location=0x4000000
size=0x1000000
### PG3FS ###
[partition]
name=PG3
id=15
start_location=0x5000000
size=0x1000000
### Software Info ###
[partition]
name=SIF
id=16
start_location=0x6000000
size=0x400000
filename=SIF.img
### Splash1 ###
[partition]
name=SP1
id=17
start_location=0x6400000
size=0x400000
### Reserve1 ###
[partition]
name=RV1
id=18
start_location=0x6800000
size=0x1C00000
### System ###
[partition]
name=APP
id=19
filesystem_type=ext3
start_location=0x8400000
size=0x50000000
filename=system.img
### Cache ###
[partition]
name=CAC
id=20
filesystem_type=ext3
start_location=0x58400000
size=0x14000000
### Internal SD ###
[partition]
name=ISD
id=21
start_location=0x6C400000
size=0x650000000
### Userdata ###
[partition]
name=UDA
id=22
filesystem_type=ext3
start_location=0x6BC400000
size=0x89400000
filename=userdata.img
### Memory dump ###
[partition]
name=DUM
id=23
start_location=0x745800000
size=0x200000
### MISC Partition ###
[partition]
name=MSC
id=24
start_location=0x745A00000
size=0x200000
### Radio File System ###
[partition]
name=RFS
id=25
start_location=0x745C00000
size=0x600000
### Develop Log ###
[partition]
name=DLG
id=26
start_location=0x746200000
size=0x1600000
### PDATA for MASD ###
[partition]
name=PDT
id=27
start_location=0x747800000
size=0x200000
[partition]
name=GPT
id=28
type=GPT
start_location=0x747A00000
#size=0xFFFFFFFFFFFFFFFF
size=0x200000
Click to expand...
Click to collapse
Mike1986's Partition Info (mike1986's post One X Partition Info)
mike1986. said:
This thread's content might brick your device.
This is not a ROM thread, so I'm not going to answer again and again and again the same questions over and over and over again.
You can't read - quit this thread now. You can read but you can't understand more or less simple things - quit as well.
You can read and you understand things, but you are too lazy to read the whole thread before asking the question - watch this first. And quit.
This is what we know so far:
Some conclusions:
1. It's very nice to see that finally someone separated "internal sd card" from userdata partition. So it's no longer linked to /data/media, as it used to be on Asus Transformer, Transformer Prime, Galaxy Nexus etc. but it's a separate partition now - mmcblk0p14. Basically the biggest benefit from that is that now formatting userdata partition will no longer erase virtual sd card content.
2. It seems that NFC and WLAN deep settings are stored on separate partitions: mmcblk0p1 (wlan) and ? (NFC).
3. There is a 5th PHYSICAL core, but it's invisible to the system. Android only sees the 4 main cores. The 5th companion core is not controlled by Android. Tegra 3 architecture itself handles the load balancing between the main cores and the companion core. (Thanks to Diamondback)
4. There is no radio.img in current RUUs.
Download firmware for HTC One X (PJ4610000)
Firmware from 1.28.401.9 RUU
--- MD5 checksum: 83375DF988C86E92417AA8949012A1C2 *PJ46IMG.zip ---
Supported devices:
--- CID's added by users requests are marked with green color ---
cidnum: HTC__001
cidnum: HTC__E11
cidnum: HTC__203
cidnum: HTC__Y13
cidnum: HTC__102
cidnum: HTC__405
cidnum: HTC__304
cidnum: HTC__032
cidnum: HTC__J15
cidnum: HTC__A07
cidnum: HTC__016
cidnum: HTC__M27
Why it's better then full RUU:
1. It doesn't contain stock recovery
2. It doesn't contain stock, non rooted system
3. It doesn't contain secured boot.img
4. It wont wipe your data partition
5. It's much smaller
PJ46IMG.zip content: [UPDATE: 25.03.2012]
android-info.txt - updated [20.04.2012]
bct.img - updated [25.03.2012]
rcdata.img - updated [20.04.2012]
How to flash:
1. Check your CID using fastboot getvar cid and MID using fastboot getvar mid
2a. If your CID and MID are supported by default, navigate to point 3.
2b. If your CID or MID is not supported by default, do this: (you do it at your own risk)
2c. Open PJ46IMG.zip (don't extract it)
2d. Open android-info.txt in text editor
2e. Add your cidnum: or modelid: to the list, save file and close archive
3. Place PJ46IMG.zip on your SD card
4. Boot your device holding power button + vol down button
5. Follow instructions on the screen
Additional information:
1. Flash above firmware at your own risk!
2. It's recommended to flash it before flashing custom ROM based on proper RUU!
3. Unlocking via htcdev.com will change your CID number into "none".
4. RUU variants:
x.xx.61.x - Orange UK (United Kingdom)
x.xx.75.x - Orange ES (Spain)
x.xx.110.x - T-Mobile UK (United Kingdom)
x.xx.111.x - T-Mobile DE (Germany)
x.xx.112.x - T-Mobile AT (Austria)
x.xx.114.x - T-Mobile NL (Netherlands)
x.xx.118.x - T-Mobile PL (Poland)
x.xx.161.x - Vodafone UK (United Kingdom)
x.xx.166.x - Vodafone CH-DE (Switzerland - Germany)
x.xx.163.x - Vodafone FR (France)
x.xx.169.x - Vodafone AT (Austria)
x.xx.206.x - O2 UK (United Kingdom)
x.xx.207.x - O2 DE (Germany)
x.xx.401.x - World Wide English
x.xx.707.x - Asia WWE (World Wide English)
x.xx.720.x - Asia India
x.xx.771.x - Hutchison 3G UK (United Kingdom)
x.xx.862.x - Voda-Hutch AU (Australia)
x.xx.980.x - Optus AU (Australia)
x.xx.1400.x - HTC China
Please post here your findings, thoughts or experience with after flashing images listed above.
Click to expand...
Click to collapse
Mike1986's addition (mike1986's post Addition)
mike1986 said:
Something more:
/system/etc/Flash_Loader.conf
boot_port_name=/dev/ttyACMX0
fw_download_port_name=/dev/ttyACMX0
baudrate=921600
BootTimeOut=3000
CommTimeOut=1000
eep_normal_mode=m
file_name=/data/modem_work/QUO_6260.fls
#file_name=QUO_6260.fls
#file_name=XMM6260_SIC.fls
#log_fname=/dev/null
log_fname=/data/modem_work/Flash_Loader.log
Click to expand...
Click to collapse
also
\system\bin\poweron_modem_fls.sh
Line 55: /system/bin/InjectionTool -i ${backup_dir}/QUO_6260.fls.clean -o ${Injected_dir}/QUO_6260.fls -n ${work_dir} -s ${sec_dir}
Line 55: /system/bin/InjectionTool -i ${backup_dir}/QUO_6260.fls.clean -o ${Injected_dir}/QUO_6260.fls -n ${work_dir} -s ${sec_dir}
Click to expand...
Click to collapse
and
\system\bin\poweron_modem_hboot.sh
Line 50: /system/bin/InjectionTool -i ${backup_dir}/QUO_6260.fls.clean -o ${Injected_dir}/QUO_6260.fls -n ${work_dir} -s ${sec_dir}
Line 50: /system/bin/InjectionTool -i ${backup_dir}/QUO_6260.fls.clean -o ${Injected_dir}/QUO_6260.fls -n ${work_dir} -s ${sec_dir}
Click to expand...
Click to collapse
And from flash_loader.log
Start downloading item 'CODE:../HW/XMM6260_V2_USB-HSIC_FLASHLESS_EDE_1.0/MODEM_DEBUG/QUO_6260.fls'' from file '/data/modem_work/QUO_6260.fls
Click to expand...
Click to collapse
Click to expand...
Click to collapse
This is how HTC does it:
My attempt (tried also on locked bootloader with the same output)
Things you'll need for this trick:
- USB OTG-Y-Cable. You can also build your own with this guide : How to make external powered OTG Cable
- USB SD Cardreader
- MicroSD Javacard (if you can bypass cid check, the Javacard is not needed) Xmoo said this one is used by HTC: GO-Trust® Secure microSD Java. It costs 980 US Dollars together with the SDK. Also, even if you have the Javacard you have to build the Application environment.
- 5V+ Power supply (Standard wall charger)
- PJ46DIAG.zip= clean S58 Data program specificly for the S720E/S728e. The correct DIAG has tot have a size of 964kb or 941kb and must contain the string "clean s58..." which can be checked with hexedit or any similar hex editor.
The procedure:
1. Put PJ46DIAG.zip on the Secure MicroSD Javacard
2. Plug it into the USB SD Cardreader
3. Plug the Cardreader into the female end of USB OTG-Y-Cable
4. Plug the OTG-Y-Cable into the USB port of the phone
5. Plug the cable onto the power supply
6. Reboot into bootloader
7. Once in Bootloader the file will be load by the phone and you'll land in S58 Menu. Clean S58 Data and you've successfully set your device S-Off
And here's the problem with this method. 1. A Javacard is really hard to get. I've never saw one, no one I know has ever saw one 2. The Diag file can't be leaked. The ones I've attached here are useless as Xmoo said and maybe proved. I have attached them though. So anyone interested and willing to help can investigate them.
As we know, the Diag file's for the One X can't be leaked. They're spread to choosen HTC-Repair centres, so a leak will easily be traced back. This would bring the affected people in some serious trouble. But this is interesting. These guys over on pdacentre use the official method. It's suspicious, kind of. For now, this is the only know method. It cost's around 2000 rubel (65€ | 85$) + shipping depending on your location. Of course this isn't an appropriate solution. Another thing; Why do we need a Javacard? Well, because the DIAG files will only work on devices with SuperCID (11111111) not on normal CID (HTC__XXX). So another way is to bypass the CID check.
Rough diagram of a Javacard
Copyright © 2011 GOTrust Technology Inc., All rights reserved.
TOOLBOX
The DIAG files I've linke don't have any function except from superwipe. They're only meant to be used as a test file to check if we can load such DIAG files.:
Goal: S-off HOX+ and maybe the HOX (TEGRA3)
Obtaining HTC One X Diag File to Manage S-OFF!!
[S-OFF]Development
ENG Hboot 0.03
PJ46DIAG_4
DIAG files of older HTC devices
NVflashdrivers
Radio Documentation
TEGRA 3 Documentation. PM me for password.
Click to expand...
Click to collapse
How do I know that I have the correct DIAG file? ;
The clean DIAG has a size of 964kb or 941kb. Or look at the image above. If your DIAG is called like them it could be the correct one also. But to be really sure, do the following;
Download any HEXeditor you can get. Open the DIAG file with the HEXeditor and search for keywords like "clean", "s58", . If you find these two strings in the DIAG file, it could be the correct one. We'd appreciate it if you could upload the file.
"clean s58"
Known and working DIAG files for the One X
What's already been done:
xmoo; said:
13-04-2012 XDA.CN releases pictures showing someone succesfully has S-OFF'd his device. Tool is for sale here: http://item.taobao.com/item.htm?id=10824156715
17-04-2012 Thread made.
17-04-2012 We have found someone with a S-OFF device, and a newer HBOOT than the one from XDA.CN. Trying to get access to the HBOOT.
18-04-2012 OTA 1.28 brings HBOOT 0.94.
18-04-2012 New member with a S-OFF device is willing to help.
19-04-2012 HBOOT 0.43 S-OFF rfs.img received and uploaded.
19-04-2012 RFS.img is not the correct file, searching continues...
19-04-2012 Radio located, click here
26-04-2012 HBOOT probably located here
15-05-2012 NVFlash app + APX Drivers added
12-06-2012 Tegra 3 Manual added, see here!
16-06-2012 HBOOT 1.11 from the test-keys uploaded here!
16-06-2012 Huge development, read more about it!
18-06-2012 Need to find a way to by-pass CID check.
19-06-2012 Football Partition list for One X with all addresses and lengths of partitions which can be found here.
27-06-2012 Huhge thread clean-up and update.
04-07-2012 Had the chance to play with a S-OFF device, read more about it here! ENG HBOOT which is used in test, is located here.
09-07-2012 Javacard with DIAG will work, but won't be a good solution cause no one got a legit Javacard and the DIAG files can't be leaked!
14-07-2012 Video added which shows the Javacard with DIAG method. Video can be found here.
14-07-2012 The ENG HBOOT 0.03 that Football uploaded lost it's sign. I re-uploaded it and re-checked the file and it should be good now. You can find the new .zip here.
FAQ.
What is S-OFF?
S-OFF stands for Security-OFF
S-OFF means that the NAND portion of the device is unlocked and can be written to. The default setting for HTC’s devices is S-ON, which means that neither can you access certain areas of the system nor can you guarantee a permanent root. Furthermore, signature check for firmware images is also ensured by the S-ON flag.
What has already been done?
-Tried flashing DIAG file, but with no success. File needs SuperCID.
-Tried flashing ENG HBOOT as zip file, but with no success. File needs SuperCID.
-Tried flashing modified DIAG file, but with no success. File needs SuperCID.
-Tried flashing modified HBOOT as zip file, but with no success. Signature check failed.
-Tried creating a Goldcard, but won't work. The Goldcare is for Qualcomm devices.
-Root while phone is LOCKED, won't work. Only will work on the Qualcomm One X and One XL.
-Ask the Chineese guy with the S-OFF tool. Won't share, cause he needs his money.
-Tried flashing files over recovery, but with no success.
-Tried flashing TETS and MFG ROMs, but with no success. Phone needs S-OFF because the ROMS are not sighned.
-Tried changing CID, but won't work. Only will work on the Qualcomm One X and One XL.
-Tried commands over ADB, but with no success.
-Tried XTC clip, won't work.
How Do I Know If My Device Is S-ON Or S-OFF?
That is easy to verify. Simply boot into HBOOT (bootloader) on your device, and the text on top will show the flag status as either S-OFF or S-ON. A full root generally means S-OFF.
S-OFF – What And Why?
HTC have installed a sort of security check whose level is determined by S-OFF/S-ON. Essentially, this security level is a flag stored on the device’s radio that checks signature images for any firmware before it is allowed to be written to system memory. This hinders using any custom ROMs, splash images, recovery etc., and also restricts access to the NAND flash memory. However, when security level is set to S-OFF, the signature check is bypassed, allowing a user to upload custom firmware images, unsigned boot, recovery, splash and HBOOT images, as well as official firmware that has been modified, this enabling maximum customization of your HTC Android device.
Furthermore, S-OFF also reduces restrictions on accessing the NAND flash memory on the device, allowing all partitions (including /system) to be mounted in write mode while the operating system is booted.
Where is it located?
Don't know yet, here are the partitions.
How can I flash through SD?
Tutorial added here!
What HBOOT status have we seen so far?
ENDEAVORU PVT SHIP S-ON RL
ENDEAVORU PVT SHIP S-OFF RL
ENDEAVORU PVT ENG S-OFF RL
ENDEAVORU XE ENG S-OFF RH
ENDEAVORU PVT MFG RH
ENDEAVORU XE SHIP S-OFF RH
ENDEAVORU UNKNOWN ENG S-OFF RH
Partition list for One X with all addresses and lengths of partitions
Football share the full list which can be found here.
How does HTC do it?
They do it with a smartcard/javacard/goldcard (What ever you want to call it) in combination with the DIAG file. Proof is in the attachment.
Click to expand...
Click to collapse
--------------Alternative APX MODE Route--------------
xmoo said:
Hey guys,
Please stop PM'ing me about APX Mode. I get like 10 PM's a day.
How to get in
Nobody really knows. The most common way has been pressing volume up and down together while device is off and then plugin USB while connected to a computer.
How to get out
When your device is in APX Mode, HTC fixes it in repair. Someone here on XDA PM'd me with this video and said it should work: http://www.youtube.com/watch?v=rsnl_LIgzt0
I have not tried it myself, so just give it a try and share with the rest.
All the other discussions about APX can be done here, please stop pm'ing me.
Thank you!
Click to expand...
Click to collapse
Alright Folks! TripNRaVer has made something rudimentary, awesome, fascinating...words can't describe....Work!! Here You go, APX DRIVERS FOR THE ONE X
TripNRaVeR said:
For those of you that are in APX Mode or want to mess with APX here is the modified driver for the One X.
Now you have acces to the device again through USB.
Todo:
- Plug the usb cable in hox
- Goto device manager
- Search for APX or Unknown device or whatever it is listed
- Choose update driver
- Choose manually select driver
- Select the folder where you extracted the zip file
- Install drivers
Use nvflash to gain acces to the device again.
Download:
http://tripndroid.bindroidroms.com/TripNDroid-HOX-APX-Driver.zip
Nvflash:
- Use nvflash binary to gain acces to the device
- Including flash.cfg for endeavoru to use with nvflash.exe
- Including a bct file
http://tripndroid.bindroidroms.com/tripndroid_nvflash.zip
Click to expand...
Click to collapse
PLEASE read on the threads I've linked, before you start discussion. People really did some great development.
My HOX Will be S-OFF soon, got acces to a Java white card to S-OFF in seconds..
Sent from my HTC One X using xda app-developers app
bobcoenen said:
My HOX Will be S-OFF soon, got acces to a Java white card to S-OFF in seconds..
Sent from my HTC One X using xda app-developers app
Click to expand...
Click to collapse
Well, do you have the correct diag file? And do you have HTC's private key to sign the Javacard? You have to be more specific otherwise your post isn't helping us in ANY way...I accidentally hit the thx button, don't be smug.
Yes my friend has the diag file, his HOX is already S-OFF. I will try to post a screenshot next week when mine is done. I'm not trying to be smug
Sent from my HTC One X using xda app-developers app
---------- Post added at 07:50 PM ---------- Previous post was at 07:46 PM ----------
The S-OFF process is done with a y-cable with a card reader an usb charger on the other end. For what i understood the java card is very rare.
Sent from my HTC One X using xda app-developers app
matt95 said:
well, i've been on HTC since i passed on Android and every HTC device has got S-OFFed 2 or 3 months later from the day one... i don't think this will happen unfortunately, i really believed in this but now is time to be realist.
Click to expand...
Click to collapse
You know that there's NO hard-, software which isn't vulnearable or which hasn't got an exploit, don't you? No need to be pessimistic or realistic if we keep staying constructive and productive, somehow this will be done call me a dreamer, but... let's just try to give our best, ok? This would be fine. I just think the One X hasn't got the attention it has actually deserved. Its release date was too close to the release of the gs3. HTC's great devs are mostly familiar with Qualcomm processors. Never before they've worked with a Tegra 3 processor. The available Tegra 3 devices (Asus TFXXX[T]) don't have the problem with S-Off/On, it's enough for them to be unlocked. So none of the devs who managed bootloader unlock on this Tegra devices faced this problem. This and many other avoidable reasons caused the lack of development and it's surely one of the reasons why we didn't got s-off yet.
I have just cleaned the thread up NO MORE off topic!
Sent from my HTC One X+ using xda app-developers app
i never said this post :/
ppcd9220 said:
I've succeded in overwriting the CID. Just used count= parameter for DD command. (Block size=512b).
I've replaced my CID with another one. disconnected, connected, performed test readout. The CID string is changed.
Unfortunately it looks like it is back-uped somewhere and checked at start-up.
Because after rebooting my CID is back.
Tested 2 times. After changing - I can read it. After reboot it is back to original one.
Does anyone have any other ideas of changing CID and/or S-ON/OFF ?
Click to expand...
Click to collapse
Link to original Thread.
I posted him to ask him how he did it. It was a week ago and he didn't answered until now. My idea was to do this and try to load PJ46DIAG.zip without rebooting. As you know, if you have superCID you don't need a Javacard. Even if I don't have the correct DIAG, at least we'd have a way to load the DIAG until the correct one is out...somehow...
S-OFF via hboot upgrade
TRY AT YOUR OWN RISK. NOT VERIFIED.
I found is an article HERE for S-OFF via HBOOT upgrade. I don't have a CID HTC_621 (taiwan) so I can't try it. Neither I can verify its reliability.
I briefly translate it into english:
My One X (CID HTC_621, hboot 0.94 or 0.95 can't remember the exact version) hboot has to be upgraded to flash Android 4.1.1 so I did a manual upgrade of hboot to 1.31. At the end of the upgrade, I discovered by chance that my One X is now S-OFF. I did a trial by flashing new ROM without flashing boot.img and it works.
So, this S-OFF is done via manual hboot upgrade (for HTC_621) to 1.31. Do not attempt on other CID One X.
Below is the step-by-step procedures:
1. Download RUU for Asia_Taiwan (2.17.709.2 or 2.18.709.x) and Endeavoru_CustomRUU. Make sure One X is locked, go into fastboot and connect to USB. Unzip the Endeavoru_CustomRUU to somewhere. Rename the Official RUU zip to "rom.zip" and put inside the folder of the unzipped Endeavoru_CustomRUU. Run ARUWizard.exe.
2. Make sure the following is run in Windows XP. You will stuck under Windows 7. Make sure all HTC drivers are installed.
3. Download JBFW here and Asia_Taiwan 3.14 OTA here. Unzip the JBFW and the OTA package. Copy the firmware.zip (from OTA package) and the Unlock_code.bin (obtained from htcdev.com) into the JBFW folder.
4. Go into fastboot usb mode, run JBFWFlasher.bat. It will say to put the Unlock_code.bin and custom boot file into the folder (this was done in Step 3 above), and warn this is for certain CID only. I ignore this and click NEXT NEXT NEXT until it is done.
These are the steps I used to obtain (unexpectedly) S-OFF. This is what I want to share and hope you guys get S-OFF soon.
Click to expand...
Click to collapse
TRY AT YOUR OWN RISK. Neither the author or me will be responsible for your device.
singcheng said:
TRY AT YOUR OWN RISK. NOT VERIFIED.
I found is an article HERE for S-OFF via HBOOT upgrade. I don't have a CID HTC_621 (taiwan) so I can't try it. Neither I can verify its reliability.
I briefly translate it into english:
TRY AT YOUR OWN RISK. Neither the author or me will be responsible for your device.
Click to expand...
Click to collapse
Read somewhere that the diag file can't be leaked because it will be traced back to the guy who leaked it. Now can we get it and make our own diag file based on it?
Drefsab said:
Several people have tried this and not had it work.
Click to expand...
Click to collapse
your welcome to discuss the methods here, but PLEASE either show the reasons why or at least link it for me please? I've been looking into this and got a couple of ideas....
hboot
Hey Guys!
Dunno if its worth much but I downloaded the ENG HBoot File you linked in the first post and opened it in a hex editor and poked a little bit around. I found this:
Code:
Settings memory area 10B 00 01 00 Disable patches 0A 00 01 00 Settings memory area 2 Settings memory area 2 first Settings memory area 2 second Settings memory area 2 third 0B 00 01 01 Settings memory area 3 Flash Code memory area 0B 00 01 02
Patch Code memory area 0B 00 01 03 Enable patches 0A 00 01 01 Final Integrity check 0B 00 01 FF%d: SD init
%d: SD init fail !!!%d:SD FAT32 init OK Checking key-card...Checking key-card...
%d: Not key-card !!!%d: Key-card DMCID.dat Open '%s' file success !!!
hFile = 0x%x, file_size = 0x%x
Read '%s' (%d != %d B)
[email protected]=0: Change CID to '%s'4: Change CID to '%s'Alloc data buffer failOpen '%s' file fail###[ End CDMA Cust Mode ]###
It looks like thats the part where it checks for a "key-card". Probably this Java Card??
Thats well known. With an ENG Bootloader you can do whatever you want including CID Changes.
hexdump of EBT Partition, where Hboot is possibly located. As Footbal said, on a stock kernel this partition is somehow hidden. Even on hboot 1.36.
Code:
[email protected]:/ $ su
[email protected]:/ # hexdump -C /dev/block/mmcblk0|grep EBT
[COLOR="Red"]000000e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|[/COLOR]
000000f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000010e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000010f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000020e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000020f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000030e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000030f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000040e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000040f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000050e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000050f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000060e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000060f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000070e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000070f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000080e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000080f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000090e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000090f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0000a0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0000a0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0000b0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0000b0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0000c0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0000c0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0000d0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0000d0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0000e0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0000e0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0000f0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0000f0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000100e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000100f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000110e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000110f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000120e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000120f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000130e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000130f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000140e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000140f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000150e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000150f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000160e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000160f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000170e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000170f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000180e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000180f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000190e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000190f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0001a0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0001a0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0001b0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0001b0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0001c0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0001c0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0001d0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0001d0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0001e0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0001e0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0001f0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0001f0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000200e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000200f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000210e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000210f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000220e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000220f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000230e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000230f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000240e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000240f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000250e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000250f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000260e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000260f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000270e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000270f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000280e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000280f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000290e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000290f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0002a0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0002a0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0002b0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0002b0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0002c0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0002c0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0002d0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0002d0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0002e0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0002e0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0002f0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0002f0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000300e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000300f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000310e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000310f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000320e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000320f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000330e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000330f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000340e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000340f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000350e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000350f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000360e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000360f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000370e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000370f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000380e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000380f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000390e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000390f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0003a0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0003a0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0003b0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0003b0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0003c0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0003c0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0003d0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0003d0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0003e0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0003e0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0003f0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0003f0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000400e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000400f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000410e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000410f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000420e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000420f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000430e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000430f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000440e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000440f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000450e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000450f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000460e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000460f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000470e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000470f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000480e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000480f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000490e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000490f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0004a0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0004a0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0004b0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0004b0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0004c0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0004c0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0004d0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0004d0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0004e0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0004e0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0004f0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0004f0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000500e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000500f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000510e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000510f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000520e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000520f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000530e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000530f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000540e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000540f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000550e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000550f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000560e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000560f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000570e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000570f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000580e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000580f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000590e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000590f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0005a0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0005a0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0005b0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0005b0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0005c0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0005c0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0005d0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0005d0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0005e0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0005e0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0005f0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0005f0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000600e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000600f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000610e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000610f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000620e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000620f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000630e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000630f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000640e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000640f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000650e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000650f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000660e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000660f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000670e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000670f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000680e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000680f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000690e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000690f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0006a0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0006a0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0006b0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0006b0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0006c0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0006c0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0006d0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0006d0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0006e0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0006e0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0006f0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
xxx....
blubbers said:
these are the partitions seen by the OS:
Code:
APP CAC DLG DUM ISD LNX MSC PDT PG1 PG2 PG3 RCA RFS RV1 SIF SOS SP1 UDA WDM WLN
none of these partitions contain the hboot!
these are the partition actually on the emmc:
Code:
APP BCT BIF CAC DIA DLG DUM EBT GP1 GPT ISD LNX MSC PDT PG1 PG2 PG3 PT RCA RFS RV1 SIF SOS SP1 UDA WDM WLN
so, you won't be able to access the hboot partition (on a s-off device neither) without a bit of work,
Click to expand...
Click to collapse
nitrous² said:
Thats well known. With an ENG Bootloader you can do whatever you want including CID Changes.
hexdump of EBT Partition, where Hboot is possibly located. As Footbal said, on a stock rom this partition is somehow hidden. Even on hboot 1.36.
Code:
0016b0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0016c0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0016c0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0016d0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0016d0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0016e0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0016e0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0016f0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0016f0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001700e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001700f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001710e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001710f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001720e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001720f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001730e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001730f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001740e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001740f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001750e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001750f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001760e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001760f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001770e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001770f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001780e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001780f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001790e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001790f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0017a0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0017a0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0017b0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0017b0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0017c0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0017c0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0017d0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0017d0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0017e0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0017e0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0017f0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0017f0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001800e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001800f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001810e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001810f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001820e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001820f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001830e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001830f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001840e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001840f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001850e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001850f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001860e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001860f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001870e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001870f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001880e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001880f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001890e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001890f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0018a0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0018a0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0018b0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0018b0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0018c0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0018c0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0018d0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0018d0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0018e0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0018e0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0018f0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0018f0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001900e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001900f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001910e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001910f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001920e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001920f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001930e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001930f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001940e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001940f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001950e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001950f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001960e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001960f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001970e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001970f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001980e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001980f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001990e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001990f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0019a0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0019a0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0019b0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0019b0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0019c0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0019c0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0019d0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0019d0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0019e0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0019e0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0019f0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0019f0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001a00e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001a00f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001a10e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001a10f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001a20e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001a20f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001a30e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001a30f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001a40e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001a40f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001a50e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001a50f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001a60e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001a60f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001a70e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001a70f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001a80e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001a80f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001a90e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001a90f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001aa0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001aa0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ab0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ab0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ac0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ac0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ad0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ad0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ae0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ae0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001af0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001af0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001b00e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001b00f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001b10e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001b10f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001b20e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001b20f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001b30e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001b30f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001b40e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001b40f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001b50e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001b50f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001b60e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001b60f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001b70e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001b70f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001b80e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001b80f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001b90e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001b90f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ba0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ba0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001bb0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001bb0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001bc0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001bc0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001bd0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001bd0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001be0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001be0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001bf0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001bf0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001c00e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001c00f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001c10e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001c10f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001c20e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001c20f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001c30e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001c30f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001c40e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001c40f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001c50e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001c50f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001c60e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001c60f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001c70e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001c70f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001c80e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001c80f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001c90e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001c90f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ca0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ca0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001cb0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001cb0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001cc0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001cc0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001cd0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001cd0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ce0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ce0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001cf0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001cf0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001d00e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001d00f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001d10e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001d10f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001d20e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001d20f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001d30e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001d30f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001d40e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001d40f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001d50e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001d50f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001d60e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001d60f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001d70e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001d70f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001d80e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001d80f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001d90e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001d90f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001da0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001da0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001db0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001db0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001dc0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001dc0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001dd0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001dd0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001de0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001de0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001df0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001df0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001e00e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001e00f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001e10e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001e10f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001e20e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001e20f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001e30e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001e30f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001e40e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001e40f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001e50e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001e50f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001e60e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001e60f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001e70e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001e70f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001e80e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001e80f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001e90e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001e90f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ea0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ea0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001eb0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001eb0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ec0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ec0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ed0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ed0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ee0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ee0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ef0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ef0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001f00e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001f00f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001f10e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001f10f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001f20e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001f20f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001f30e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001f30f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001f40e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001f40f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001f50e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001f50f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001f60e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001f60f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001f70e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001f70f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001f80e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001f80f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001f90e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001f90f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001fa0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001fa0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001fb0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001fb0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001fc0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001fc0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001fd0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001fd0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001fe0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001fe0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ff0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ff0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|e
Click to expand...
Click to collapse
Will the new hboot 1.39 be the same as well
Sent from my Nexus 7 using xda premium
RohinZaraki said:
Will the new hboot 1.39 be the same as well
Sent from my Nexus 7 using xda premium
Click to expand...
Click to collapse
I'm not on hboot 1.39, but you could try it with following commands:
Code:
D:\fastboot>adb shell
[email protected]:/ # hexdump -C /dev/block/mmcblk0|grep EBT
nitrous² said:
I'm not on hboot 1.39, but you could try it with following commands:
Code:
D:\fastboot>adb shell
[email protected]:/ # hexdump -C /dev/block/mmcblk0|grep EBT
Click to expand...
Click to collapse
When my phone receives the JB update (stupid branding -.- ) I will root it and have a look, maybe I can find something
nitrous² said:
If there's someone with an s-off device, here's a command with that old htc devices can be set back to s-on. But there's no way I know how to set back to s-off as you may know
"fastboot oem writesecureflag 3"
You've been warned, only at your own risk!!!!
You've been warned, only at your own risk!!!!
You've been warned, only at your own risk!!!!
Click to expand...
Click to collapse
Is there a similar fastboot command we can try for S-Off ? I mean, there may be one.
RohinZaraki said:
Is there a similar fastboot command we can try for S-Off ? I mean, there may be one.
Click to expand...
Click to collapse
don't think so, they would have already tried it
i'm still poking and prodding my HOX+ for ideas plus doing research, not found anything that's not already been mentioned here...by the way people are welcome to make new threads in this section for development purposes....like porting FireFox OS and so on.
Related
[Q] What is "simlock.ta" file?
I found that file in a firmware when going to do a bundle with flashtool. What is this file for? Is it necessary? Will it lock my simcard or phone?
what is in there??
timotuithof said: what is in there?? Click to expand... Click to collapse If opened with notepad, it shows this: Code: // [SIMLOCK S1] 02 000007DA 013B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 05 0A 02 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 47 4F 50 5F 49 44 3D 22 34 34 36 36 22 3B 4F 50 5F 4E 41 4D 45 3D 22 43 75 73 74 6F 6D 69 7A 65 64 20 49 42 45 22 3B 43 44 41 5F 4E 52 3D 22 31 32 33 38 2D 33 37 36 30 22 3B 43 44 41 5F 52 45 56 3D 22 52 32 41 22 3B 00 00 00 09 00 07 30 30 31 30 31 2D 2A 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
_SpAiK_ said: I found that file in a firmware when going to do a bundle with flashtool. What is this file for? Is it necessary? Will it lock my simcard or phone? Click to expand... Click to collapse im not sure on this but i thibk its related to stk.apk after build
rendeiro2005 said: im not sure on this but i thibk its related to stk.apk after build Click to expand... Click to collapse As far as I now stk.apk is the Sim Toolkit, wich is an interface or something like that between the sim and the phone, isn't it? So I think it is necessary, don't you think that?
_SpAiK_ said: As far as I now stk.apk is the Sim Toolkit, wich is an interface or something like that between the sim and the phone, isn't it? So I think it is necessary, don't you think that? Click to expand... Click to collapse yes you`re right about sim toolkit but i always delete that but... when i made all those baseband that you can find on my sig i always include that file, but like i said...don`t really know what`s that for
Finally I flashed all the stuff. Anyway my problem isn't fixed, you can see it in this threat. Maybe you have an idea of what is happening.
i not really have idea but i mix my original rom whitch other simlock.ta file and my phone work fine. which my sim-card...
simlock.ta unlock simlock.ta, ta means TRIM AREA i guess... maybe someone could modify this file so we can have free unlock...
Delete this
_SpAiK_ said: If opened with notepad, it shows this: Code: // [SIMLOCK S1] 02 000007DA 013B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 05 0A 02 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 47 4F 50 5F 49 44 3D 22 34 34 36 36 22 3B 4F 50 5F 4E 41 4D 45 3D 22 43 75 73 74 6F 6D 69 7A 65 64 20 49 42 45 22 3B 43 44 41 5F 4E 52 3D 22 31 32 33 38 2D 33 37 36 30 22 3B 43 44 41 5F 52 45 56 3D 22 52 32 41 22 3B 00 00 00 09 00 07 30 30 31 30 31 2D 2A 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Click to expand... Click to collapse mine is: Code: // [SIMLOCK S1] 02 000007DA 013C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 05 0A 02 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 4F 50 5F 49 44 3D 22 31 30 35 22 3B 4F 50 5F 4E 41 4D 45 3D 22 43 75 73 74 6F 6D 69 7A 65 64 22 3B 43 44 41 5F 4E 52 3D 22 31 32 35 37 2D 35 34 39 39 22 3B 52 4F 4F 54 49 4E 47 5F 41 4C 4C 4F 57 45 44 3D 22 31 22 3B 00 00 00 09 00 07 30 30 31 30 31 2D 2A 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
plasmid09 said: mine is: Code: // [SIMLOCK S1] 02 000007DA 013C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 05 0A 02 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 4F 50 5F 49 44 3D 22 31 30 35 22 3B 4F 50 5F 4E 41 4D 45 3D 22 43 75 73 74 6F 6D 69 7A 65 64 22 3B 43 44 41 5F 4E 52 3D 22 31 32 35 37 2D 35 34 39 39 22 3B 52 4F 4F 54 49 4E 47 5F 41 4C 4C 4F 57 45 44 3D 22 31 22 3B 00 00 00 09 00 07 30 30 31 30 31 2D 2A 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Click to expand... Click to collapse it will be ��Ú<?����������������?����� ��� ���?����������������?����� ���������?�������������HOP?_ID="105";OP_NAM?E="Customized";C?DA_NR="1257-5499?";ROOTING_ALLOWE?D="1";��� �0010?1-*������������?��� ������������?������������ ��?����������������?������ ��������?���������������?� ��������������?����������������?���������������?������������ and second ��Ú<?����������������?����� ��Ú;?����������������?����� ��� ���?����������������?����� ���������?�������������GOP?_ID="4466";OP_NA?ME="Customized I?BE";CDA_NR="1238?-3760";CDA_REV="?R2A";��� �00101?-*�������������?�� �������������?����������� ���?����������������?����� ���������?���������������? ���������������?����������������?���������������?����������� i think is possible to reset code for writing unlock network code by this but im not sure someone look at it i got hardlocked lt26i and need to unlock network
On flashtool, try clicking "Exclude TA" and see how that goes.
Kill it with fire.
[Q] OTA update fails on stock firmware
I've been trying to figure out why my OTA update fails. I'm using stock 2.3.6 with kernel XWKK2 with XSA CSC. The update fails when the counter reaches16% after the first reboot and then boots back into the old system with a message saying that it failed and no trace of the ~200mb download that it performed. However, there is a file in /system/fota called "ssfback". It seems to contain the dates and times and some other info about the updates. Does anyone know what this file means? Code: $ hexdump -C ssfback 00000000 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000010 93 01 00 40 3e 01 00 80 44 41 54 41 05 00 00 00 |[email protected]>...DATA....| 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000030 00 00 00 00 00 00 00 00 44 4f 4e 45 00 00 00 00 |........DONE....| 00000040 55 55 55 55 00 00 00 00 00 90 e5 05 00 30 8a 00 |UUUU.........0..| 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000060 31 32 2d 30 36 30 33 2d 30 38 32 36 35 36 00 00 |12-0603-082656..| 00000070 31 32 2d 30 36 30 33 2d 30 38 32 37 31 36 00 00 |12-0603-082716..| 00000080 93 01 00 40 3e 01 00 80 44 41 54 41 05 00 00 00 |[email protected]>...DATA....| 00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 000000a0 00 00 00 00 00 00 00 00 44 4f 4e 45 00 00 00 00 |........DONE....| 000000b0 55 55 55 55 00 00 00 00 00 80 e5 05 00 20 8a 00 |UUUU......... ..| 000000c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 000000d0 31 32 2d 30 36 30 33 2d 30 38 34 37 32 36 00 00 |12-0603-084726..| 000000e0 31 32 2d 30 36 30 33 2d 30 38 34 37 34 36 00 00 |12-0603-084746..| 000000f0 93 01 00 40 3e 01 00 80 44 41 54 41 05 00 00 00 |[email protected]>...DATA....| 00000100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000110 00 00 00 00 00 00 00 00 44 4f 4e 45 00 00 00 00 |........DONE....| 00000120 55 55 55 55 00 00 00 00 00 80 e5 05 00 20 8a 00 |UUUU......... ..| 00000130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000140 31 32 2d 30 36 30 33 2d 32 32 33 34 32 39 00 00 |12-0603-223429..| 00000150 31 32 2d 30 36 30 33 2d 32 32 33 34 34 39 00 00 |12-0603-223449..| 00000160 93 01 00 40 3e 01 00 80 44 41 54 41 05 00 00 00 |[email protected]>...DATA....| 00000170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000180 00 00 00 00 00 00 00 00 44 4f 4e 45 00 00 00 00 |........DONE....| 00000190 55 55 55 55 00 00 00 00 00 80 e5 05 00 20 8a 00 |UUUU......... ..| 000001a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 000001b0 31 32 2d 30 36 30 34 2d 32 32 34 34 32 33 00 00 |12-0604-224423..| 000001c0 31 32 2d 30 36 30 34 2d 32 32 34 34 34 32 00 00 |12-0604-224442..| 000001d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000470
[Q] MTK6582 repartition help
Hello @ all xda-developers user & team I have an MTK6582 based phone with internal store size of 0,98GB and phone store of 1,78GB internal it should be 2.5 GB is there a way to change the stor size like on the MTK6589?? i search for an easy way like the meteos-mtk6589-rom-edit app / tool but nothing... now i read about changing the ebr1 hex, but the example what i found is for mtk6589 and my ebr1 looks a little bit different... thats how is looks like 000001C0 00 00 83 00 00 00 00 E8 01 00 00 E0 15 00 00 00 000001D0 00 00 83 00 00 00 00 C8 17 00 00 F0 03 00 00 00 000001E0 00 00 83 00 00 00 00 B8 1B 00 00 00 20 00 00 00 000001F0 00 00 05 00 00 00 00 94 01 00 FF FF FF FF 55 AA if some one could help me I would be very happy greetings TO
theoverfiend said: Hello @ all xda-developers user & team I have an MTK6582 based phone with internal store size of 0,98GB and phone store of 1,78GB internal it should be 2.5 GB is there a way to change the stor size like on the MTK6589?? i search for an easy way like the meteos-mtk6589-rom-edit app / tool but nothing... now i read about changing the ebr1 hex, but the example what i found is for mtk6589 and my ebr1 looks a little bit different... thats how is looks like 000001C0 00 00 83 00 00 00 00 E8 01 00 00 E0 15 00 00 00 000001D0 00 00 83 00 00 00 00 C8 17 00 00 F0 03 00 00 00 000001E0 00 00 83 00 00 00 00 B8 1B 00 00 00 20 00 00 00 000001F0 00 00 05 00 00 00 00 94 01 00 FF FF FF FF 55 AA if some one could help me I would be very happy greetings TO Click to expand... Click to collapse Hello. I have a THL W100S. The processor is also MTK6582. I made a stupidity, trying to make repartition with meteos-mtk6589 and now my phone is dead I did not even install CWM Now I do not know if I can revive it. I tried with SP Flash Tool, but no reaction... Is there any solution to solve this problem? 1. Do a full backup of the current firmware in recovery 2. Install the application, run (on request Root rights answer - YES \ grant) 3. Choose the size of data partition (2.5GB or 2.77GB) 4. Select in the program restarts in recovery 5. Do wipe data 6. Restoring the backup firmware 7. Boot the system I set 2.77GB, can this be a problem, maybe it was better to choose 2.5GB? After point 5 phone has rebooted and then show only one. This - gifti.me/i/6ylSuEc.gif
theoverfiend said: Hello @ all xda-developers user & team I have an MTK6582 based phone with internal store size of 0,98GB and phone store of 1,78GB internal it should be 2.5 GB is there a way to change the stor size like on the MTK6589?? i search for an easy way like the meteos-mtk6589-rom-edit app / tool but nothing... now i read about changing the ebr1 hex, but the example what i found is for mtk6589 and my ebr1 looks a little bit different... thats how is looks like 000001C0 00 00 83 00 00 00 00 E8 01 00 00 E0 15 00 00 00 000001D0 00 00 83 00 00 00 00 C8 17 00 00 F0 03 00 00 00 000001E0 00 00 83 00 00 00 00 B8 1B 00 00 00 20 00 00 00 000001F0 00 00 05 00 00 00 00 94 01 00 FF FF FF FF 55 AA if some one could help me I would be very happy greetings TO Click to expand... Click to collapse I have the same problem. My phone is a W450 mtk6582. Many thanks
My phone is an Star W450 to... @hat3ck my first try was the meteos-mtk6589 but i have a cwm installed.. ... and the phone didn't boot at least I fix it by flash all options without preloader and it's like it was try to flash again. greetz TO
theoverfiend said: My phone is an Star W450 to... @hat3ck my first try was the meteos-mtk6589 but i have a cwm installed.. ... and the phone didn't boot at least I fix it by flash all options without preloader and it's like it was try to flash again. greetz TO Click to expand... Click to collapse Thanks for reply! I tried flashing, but nothing, maybe I don't have the need drivers? Can you make a screenshot of window manage without conected phone? Or how I can verify if my laptop sees the phone...
@hat3ck try this Tutorial 4 Driver install (under the red ATTENTION text) http://forum.xda-developers.com/showthread.php?t=2160490 p.s. whats your home country / language? Greetz TO
theoverfiend said: @hat3ck try this Tutorial 4 Driver install (under the red ATTENTION text) http://forum.xda-developers.com/showthread.php?t=2160490 p.s. whats your home country / language? Greetz TO Click to expand... Click to collapse Thanks, I will try now. Language Romanian, but I can understand and Russian.
okay i dont understand Romanian and Russian. it's like for me. :laugh: if you run Windows 8 it's a little bit tricky to install the drivers. Instructions for Win8: 1) Windows Key + X -> Start command prompt (administrator). 2) C: \ Windows \ System32 \ shutdown.exe / r / o 3) Select Troubleshooting 4) Advanced Options 5) Start Settings 6) Restart 7)Disable Driver Signature Enforcement. Greetz TO
theoverfiend said: Hello @ all xda-developers user & team I have an MTK6582 based phone with internal store size of 0,98GB and phone store of 1,78GB internal it should be 2.5 GB is there a way to change the stor size like on the MTK6589?? i search for an easy way like the meteos-mtk6589-rom-edit app / tool but nothing... now i read about changing the ebr1 hex, but the example what i found is for mtk6589 and my ebr1 looks a little bit different... thats how is looks like 000001C0 00 00 83 00 00 00 00 E8 01 00 00 E0 15 00 00 00 000001D0 00 00 83 00 00 00 00 C8 17 00 00 F0 03 00 00 00 000001E0 00 00 83 00 00 00 00 B8 1B 00 00 00 20 00 00 00 000001F0 00 00 05 00 00 00 00 94 01 00 FF FF FF FF 55 AA if some one could help me I would be very happy greetings TO Click to expand... Click to collapse Hi, you must modify EBR1 and EBR2 like this: 1. EBR1 from: 00 00 83 00 00 00 00 E9 01 00 00 E0 15 00 00 00 00 00 83 00 00 00 00 C9 17 00 00 F0 03 00 00 00 00 00 83 00 00 00 00 B9 1B 00 00 00 20 00 00 00 00 00 05 00 00 00 00 95 01 00 FF FF FF FF 55 AA to 00 00 83 00 00 00 00 E9 01 00 00 E0 15 00 00 00 00 00 83 00 00 00 00 C9 17 00 00 F0 03 00 00 00 00 00 83 00 00 00 00 B9 1B 00 00 00 50 00 00 00 00 00 05 00 00 00 00 95 01 00 FF FF FF FF 55 AA 2. EBR2 from: 00 00 83 00 00 00 00 24 3A 00 FF 46 C4 FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA to 00 00 83 00 00 00 00 24 6A 00 FF 46 C4 FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA Flash the files with SPFlashTool. Please make a backup before!! If something go wrong just reflash old EBR1 and EBR2. Thanks!
mircam said: Hi, you must modify EBR1 and EBR2 like this: 1. EBR1 from: 00 00 83 00 00 00 00 E9 01 00 00 E0 15 00 00 00 00 00 83 00 00 00 00 C9 17 00 00 F0 03 00 00 00 00 00 83 00 00 00 00 B9 1B 00 00 00 20 00 00 00 00 00 05 00 00 00 00 95 01 00 FF FF FF FF 55 AA to 00 00 83 00 00 00 00 E9 01 00 00 E0 15 00 00 00 00 00 83 00 00 00 00 C9 17 00 00 F0 03 00 00 00 00 00 83 00 00 00 00 B9 1B 00 00 00 50 00 00 00 00 00 05 00 00 00 00 95 01 00 FF FF FF FF 55 AA 2. EBR2 from: 00 00 83 00 00 00 00 24 3A 00 FF 46 C4 FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA to 00 00 83 00 00 00 00 24 6A 00 FF 46 C4 FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA Flash the files with SPFlashTool. Please make a backup before!! If something go wrong just reflash old EBR1 and EBR2. Thanks! Click to expand... Click to collapse so, is it successfull? can you report it and make a n00b tutorial here? thx a lot!
I have a Thl W100S but I can't root it a 100% ! Framaroot says success but after reboot no root access, other software don't root a 100% any suggestions guys? Its the 2nd day I have it latter I will try again, thanks in advance Sent from my W100 using XDA Premium 4 mobile app
matrix0807 said: so, is it successfull? can you report it and make a n00b tutorial here? thx a lot! Click to expand... Click to collapse Hi My ebr1 and ebr2 matches this. I will definintly try this and let you know the result. My phone is Symphony W128.
Can u root symphony w128 Sent from my Symphony W128 using xda premium
can you post edited files?
Was repartitioning for MTK6582 successful? Sent from my NOA H42 using Tapatalk
Sargos76 said: I have a Thl W100S but I can't root it a 100% ! Framaroot says success but after reboot no root access, other software don't root a 100% any suggestions guys? Its the 2nd day I have it latter I will try again, thanks in advance Sent from my W100 using XDA Premium 4 mobile app Click to expand... Click to collapse Hi try kingroot this version rooted my mtk6582
[Q] help~~ who know this ext4 format
the file head is : Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 00000000 3A FF 26 ED 01 00 00 00 20 00 10 00 00 10 00 00 :&? 00000010 00 00 03 00 BF 07 00 00 00 00 00 00 00 00 00 00 ? 00000020 C1 CA 00 00 00 00 00 00 01 00 00 00 10 10 00 00 潦 The right should be: Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 00000000 3A FF 26 ED 01 00 00 00 1C 00 0C 00 00 10 00 00 :&? 00000010 00 00 03 00 C0 07 00 00 00 00 00 00 C1 CA 00 00 ? 潦 00000020 01 00 00 00 0C 10 00 00 00 00 00 00 00 00 00 00 simg2img can't work;
showjechar said: the file head is : Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 00000000 3A FF 26 ED 01 00 00 00 20 00 10 00 00 10 00 00 :&? 00000010 00 00 03 00 BF 07 00 00 00 00 00 00 00 00 00 00 ? 00000020 C1 CA 00 00 00 00 00 00 01 00 00 00 10 10 00 00 潦 The right should be: Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 00000000 3A FF 26 ED 01 00 00 00 1C 00 0C 00 00 10 00 00 :&? 00000010 00 00 03 00 C0 07 00 00 00 00 00 00 C1 CA 00 00 ? 潦 00000020 01 00 00 00 0C 10 00 00 00 00 00 00 00 00 00 00 simg2img can't work; Click to expand... Click to collapse hello ~
showjechar said: the file head is : Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 00000000 3A FF 26 ED 01 00 00 00 20 00 10 00 00 10 00 00 :&? 00000010 00 00 03 00 BF 07 00 00 00 00 00 00 00 00 00 00 ? 00000020 C1 CA 00 00 00 00 00 00 01 00 00 00 10 10 00 00 潦 The right should be: Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 00000000 3A FF 26 ED 01 00 00 00 1C 00 0C 00 00 10 00 00 :&? 00000010 00 00 03 00 C0 07 00 00 00 00 00 00 C1 CA 00 00 ? 潦 00000020 01 00 00 00 0C 10 00 00 00 00 00 00 00 00 00 00 simg2img can't work; Click to expand... Click to collapse sudo java -jar ./sgs2toext4.jar system.img system_ext4.img
Help me get Heart Rate data [OpenFit: Open source Gear Fit application]
Hello everyone, I am the developer of OpenFit a alternative to the Gear Fit Manager as it doesnt run officially on non-samsung roms. I have implemented various features (see the original post for feature list) and I am at the point where I want to attempt getting heart rate data. I am on CM and cannot use S Health. I was wondering for those who have used S Health with touchwiz, does the app show you heart rate? and pedometer etc? If it does I think I may be able to reverse engineer it, I just need the raw BT data. for this I would need someone who is able to run S Health and log BT data. In CM its under Settings>Developer Options>Enable Bluetooth HCI snoop log . This will capture all the BT traffic between the phone and gear fit. If anyone is able to do this, please comment below. I would like to reverse engineer this and have it able to sync with google fit, and other fitness apps. Requirements?: Stock Samsung Rom with S Health Root? Please check out my app and my progress of OpenFit. Download available: http://forum.xda-developers.com/gear-fit/themes-apps/openfit-source-gear-fit-application-t3005697 I am also thinking of releasing it on the Google play store. thoughts?
I have access to a galaxy s5 mini with stock rom,shealth, gearfit and adb. Might worth a try?
see PM for my log file from a samsung s5 mini
Perhaps this is something usefull? syncing GF steps with S-Health. It will synchronise to 185 steps, 0.13km, 6kcal (i am not lazy, its a development GF) Phone: 0000 0b ff 15 01 02 05 00 00 00 00 0f 00 00 00 86 GF: 0000 09 ff c3 01 02 5c 00 00 00 04 00 00 00 10 00 00 0010 00 ff 04 01 00 00 00 f0 39 cb 55 1a 00 00 00 5b 0020 8f 8a 41 c2 f5 68 3f 00 01 00 00 00 45 b5 c8 55 0030 23 00 00 00 00 00 2a 43 00 00 82 42 35 e6 02 00 0040 cd 7f cf 12 f1 49 02 00 d1 fb 01 00 11 98 02 00 0050 22 bf 02 00 01 01 00 00 00 cf 3b cb 55 10 27 00 0060 00 00 00 00 00 5c Phone: 0000 0b ff 62 01 01 02 ac 00 00 00 02 10 00 00 00 ff 0010 08 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 0020 00 ed a2 e1 21 4f 01 00 00 ff ff ff ff 00 00 00 0030 00 00 00 00 00 ff ff ff ff ff ff ff ff ff 00 00 0040 00 00 00 00 00 00 0a 00 00 00 02 00 00 00 c0 b7 0050 c8 55 00 00 00 00 0a 00 00 00 00 00 00 00 00 00 0060 3b 40 00 00 00 00 48 3c cb 55 00 00 00 00 aa 00 0070 00 00 00 00 00 00 00 40 5f 40 00 00 00 00 01 00 0080 00 00 46 b5 c8 55 10 27 00 00 00 00 00 00 45 b5 0090 c8 55 23 00 00 00 00 00 2a 43 00 00 82 42 35 e6 00a0 02 00 f1 49 02 00 d1 fb 01 00 11 98 02 00 22 bf 00b0 02 00 cd 7f cf 12 86 GF: 0000 02 0c 20 16 00 12 00 44 00 09 ff 1b 01 02 08 00 0010 00 00 03 00 00 00 10 00 00 00 5c
Thank you @thijsnl I will look at this data once I get home and have access to wireshark. Im hoping It contains good data
After looking trough the log, i found a message with the text, "HELLOCUP". Im wondering if this is some way to "authenticate" with the gear fit saying it is indeed a samsung phone. Im also seeing a pattern, or a Heart beart the app is sending to the gear fit, each with its number incrementing, shown below: 02050000000001000000 // seems to send the same command here lets call it getData command 02050000000002000000 // getData 02050000000003000000 // getData etc... Im wondering if this a way the App tells gear fit to perform an operation. @thijsnl was the data you sent me for heart rate or pedometer? or some other function? thanks!
Sorry, the HELLOCUP was actually a little app i wrote with the cups library. It shows up in 'App Connect'. The 4 packets i posted are for pedometer sync i believe.. I did like start bluetooth hci snoop, switch back to shealth, hit the sync button... Synced, en then adb pulled the hci log. Sent from my D5803 using XDA Free mobile app
I don't think I ever used the S Health feature, so I do not know what to expect on your behalf. One thing I would test, Is turning on exercise mode, like walking or running which dont seem to need the phone, but, and I know cycling/ hiking wants gps. All this data would be helpful to see what is going on. Is there a way to get Heart rate and pedometer displayed on the phone? If so, could you re-run these few more tests and capture the log as well?
Based on the log provided above, I was able to send the gear fit to what i think is a fitness sync, and got overwhelming amounts of data. Its a big mess and its going to be near impossible to parse 13384 bytes of information. Not looking forward to this. maybe i got some other information.
Haha, 13K to notice a heart rate value (Uint8? as >256 bpm would be insane) is finding a needle in a haystack. I checked the hexfile from the firmware update, and wingtip_in.bin showed up some test functions. Another post on xdadev showed an UART mode, which may can get handy to see dataflow, commands, etc when enabled. I will keep you updated
i just got some minor results. Somehow i set my Gf in kind of debug mode HIGH with uart to PDA mode? However i managed to install the Samsung Serial port driver for the CDC device connecting. It allows me to enter AT commands Not support AT OK At+help The AT Cmd is Error! AT+VERSNAME +CME Error:NA OK AT+VERSNAME? +CME Error:NA OK AT+VERSNAME=? +CME Error:NA OK AT+VERSNAME=1,1,0 +VERSNAME:1,MP 0.800 OK I see some AT commands showing up in wingtip_ex.bin (from the firmware). so i might be able to enable a higer debug mode. Mathijs
I'm also able to mount my GF as two partitions in windows and able to grab data, and log files from the GF [ 45.414] [ _MUX_SEND_] ^ 49208 1677969760 Sending... 18 bytes [ 45.417] [ BTU] ^ 49212 1685040424 Sended completed : 18 bytes. [ 45.420] [ BTU] ^ 49214 1685040424 pop OK. current size : 0 bytes [ 45.421] [ UI_Task] ^ 49217 268466020 [APP][StatusManager] SendData: 11 [ 45.423] [ UI_Task] ^ 49218 268466020 [APP][StatusDataExchanger] SendData, datatype = 11 [ 45.424] [ UI_Task] [CM]1[12:37:57]>>>> GetConnectionState state(11) (3) [ 45.424] [ UI_Task] ^ 49220 268466020 channel 4 sending 3 bytes. [ 45.426] [ _MUX_SEND_] ^ 49221 1677969760 Sending... 8 bytes [ 45.429] [ BTU] ^ 49224 1685040424 Sended completed : 8 bytes. [ 45.432] [ BTU] ^ 49227 1685040424 pop OK. current size : 0 bytes [ 45.434] [ UI_Task] ^ 49230 268466020 [APP][StatusManager] SendData: 4 [ 45.436] [ UI_Task] ^ 49231 268466020 [APP][StatusDataExchanger] SendData, datatype = 4 Perhaps this is usefull when debugging?
wow, I didn't know you had access to such low level info. Though it may be helpful to see what data is sends out when a sync request is being made. I am also thinking the reason I have 13k bytes was because I have history for yesterday exercise which was 1.5hr of using the running feature, and if it saves the heart rate, gps, for each minute or so I can see how this data adds up. But I'm still uncertain what that data is. Maybe its not even related to fitness, but I'm almost certain it is based on the first byte of the message which is '02'(HEX) and all the other commands related to fitness also start with '02'(HEX), which is why I assume its fitness data. What I will try to do is clear my history and have a very small sample set. no more than 1 minute of exercise, and see what data that returns. I'm hoping to see much less data, If i don't then these suspicions go out the door.
@thijsnl in the data set you sent me, was the only data sync'd 185 steps, 0.13km, 6kcal or was there more data? This will help me try to decipher the raw packets.
This is what snhealth showed up. I got a brilliant idea yesterday while running.. I can access the fit data files inside the gear fit. I think they must be quite the same when syncing, so if i can pass you these files and the bt hci log while syncing, there may be better chancesnto get the right data out.. Weel keep you updated Sent from my D5803 using XDA Free mobile app
Here is some more data attached from my GF A log file, and some other health related files i guess. Good luck Clear is that the GF uses embOS from SEGGER (RTOS) and that the embUSB support is built in (for mass storage device and terminal) EDIT: hehe.. too much private information in the files .
Awesome. I'll take a look tomorrow. Can't wait Sent from my SCH-I545 using XDA Free mobile app
jareddlc said: Awesome. I'll take a look tomorrow. Can't wait Sent from my SCH-I545 using XDA Free mobile app Click to expand... Click to collapse I did some quick lookup on pedo_info.dat. There seem to be a kind of pattern, at offset 38d, every 20 bytes: Code: [[email protected]]$ ./stats 38 01 00 00 00 B8 C2 C5 55 07 00 00 00 F6 28 94 40 1F 85 6B 3E 02 00 00 00 C0 C9 C5 55 5F 00 00 00 1F 85 8D 42 3E 0A 57 40 03 00 00 00 18 CC C5 55 07 00 00 00 66 66 AE 40 00 00 80 3E 04 00 00 00 70 CE C5 55 5A 00 00 00 47 61 84 42 3D 0A 47 40 05 00 00 00 C8 D0 C5 55 08 00 00 00 8F C2 ED 40 9A 99 99 3E 06 00 00 00 80 DC C5 55 51 00 00 00 B8 1E 73 42 66 66 36 40 07 00 00 00 D8 DE C5 55 09 00 00 00 8F C2 B5 40 0A D7 A3 3E 08 00 00 00 38 E8 C5 55 4C 00 00 00 CD CC 76 42 1F 85 3B 40 09 00 00 00 90 EA C5 55 40 00 00 00 14 AE 4C 42 0A D7 13 40 0A 00 00 00 E8 EC C5 55 5A 02 00 00 12 2E E5 43 87 5C CF 41 0B 00 00 00 40 EF C5 55 86 02 00 00 AE 6E 00 44 D0 EB D9 41 0C 00 00 00 98 F1 C5 55 90 03 00 00 1C 15 33 44 CB 8F 18 42 0D 00 00 00 F0 F3 C5 55 6A 02 00 00 89 6B EB 43 65 D7 C7 41 0E 00 00 00 48 F6 C5 55 4D 00 00 00 D6 A3 5C 42 40 E1 4A 40 0F 00 00 00 A0 F8 C5 55 1F 01 00 00 B0 87 50 43 37 0A 3B 41 10 00 00 00 F8 FA C5 55 15 02 00 00 38 93 C6 43 06 29 B0 41 11 00 00 00 58 04 C6 55 24 00 00 00 F6 28 C6 41 5C 8F C2 3F 12 00 00 00 B0 06 C6 55 23 03 00 00 01 B0 02 44 00 00 03 42 13 00 00 00 08 09 C6 55 65 01 00 00 5B 4F 6A 43 98 99 69 41 14 00 00 00 60 0B C6 55 78 00 00 00 14 2E A3 42 29 5C 9F 40 the counter in the first byte and the C5 55 pattern in the middle... Regards, Mathijs
Ok, i decided to figure out how the StopWatchDB file works. Not that this information is very useful, but it is more predictable than others. So i start my stopwatch, and pressed the white button at 1s, then wait 2s, then wait 3 sec, wait 4sec, wait 5 sec, wait 6 and press stop. I made a picture of it, it is in Dutch, but you get the point. I analysed the code and see some repeating patterns, and even a number indicator: Code: 52 33 35 30 58 58 55 30 42 4F 41 32 00 00 00 01 00 00 00 33 05 00 00 01 00 00 00 31 0D 00 00 01 00 00 00 CB 18 00 00 01 00 00 00 D9 27 00 00 01 00 00 00 1C 3C 00 00 01 00 00 00 E2 18 00 00 01 00 00 00 82 1A 00 00 01 00 00 00 7C 1B 00 00 01 00 00 00 DB 1C 00 00 01 00 00 00 39 1E 00 00 01 00 00 00 DA 1F 00 00 01 00 00 00 BD 21 00 00 01 00 00 00 0B 23 00 00 01 00 00 00 E4 23 00 00 01 00 00 00 9B 24 00 00 01 00 00 00 6E 26 00 00 01 00 00 00 79 27 00 00 01 00 00 00 62 28 00 00 01 00 00 00 7E 29 00 00 01 00 00 00 89 2A 00 00 01 00 00 00 2A 2C 00 00 01 00 00 00 44 2D 00 00 01 00 00 00 2F 2E 00 00 01 00 00 00 3E 2F 00 00 01 00 00 00 45 30 00 00 01 00 00 00 5F 31 00 00 01 00 00 00 2E 34 00 00 01 00 00 00 00 36 00 00 01 00 00 00 D1 37 00 00 01 00 00 00 95 39 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 A2 52 00 00 01 00 00 00 05 00 00 00 Then i made a simple c program to decompile it: [[email protected] gf]$ ./stop DB Length: 831 Firmware: R350XXU0BOA2 Number of records: 5 Record 0: 00 00 01 00 00 00 33 05 Estimated time is 1331 Record 1: 00 00 01 00 00 00 31 0D Estimated time is 3377 Record 2: 00 00 01 00 00 00 CB 18 Estimated time is 6347 Record 3: 00 00 01 00 00 00 D9 27 Estimated time is 10201 Record 4: 00 00 01 00 00 00 1C 3C Estimated time is 15388 End time: 21154 Voila! 21.154 seconds. The quick n dirty code is: Code: #include <stdio.h> #include <stdlib.h> #include <fcntl.h> int main(int argc,char * argv[]) { int fd; unsigned char data[16*1024]; int x; int i; int a=13; int len=0; int numrec=0; int time=0; int endtime=0; if (argc>1) { a=atoi(argv[1]); } fd = open("stop5.dat",O_RDONLY); len = read(fd,data,1024*128); if (len == 0) { return 0; } numrec = data[len-4] + 256*data[len-3] + 256*256*data[len-2] + 256*256*256*data[len-1]; printf("DB Length: %d\n",len); printf("Firmware: %s\n",data); printf("Number of records: %d\n",numrec); for (i=0;i<numrec;i++) { printf("Record %d: ",i); for(x=0;x<8;x++) { printf("%02X ",data[a++]); } time = data[a-2] + data[a-1]*256; printf("Estimated time is %d",time); printf("\n"); if (data[a+2] != 0x01) { break; } } endtime = data[len-12] + 256 * data[len-11] + 256*256*data[len-10] + 256*256*256*data[len-9]; printf("End time: %d\n",endtime); return 0; } Lets see what other file's hide from us. @jareddlc: I think more data is coming over when sync: - sleep - heartbeat - pedometer - stopwatch - excercise
awesome work! I also got some hopefully promising data. I ran the running mode yesterday for about 1 minute, but I don't get things like GPS etc so alot of info is blank, with exception of heart rate. Here are my findings: My watch reported back with: should be: Monday Aug 17 8:34 pm, running, 01:02 time, 0.00 km,0 cal, avg speed, 0.0kmh, max speed, 0.0kmh, avg pace - --km, max pace, - --, avg heart 88bpm, max 93 bpm so i found most time stamps, and now im looking for 88 (58 in HEX) and 93 (5D in HEX) seems i found the "summary" report. Code: 5807D255 = Monday, August 17, 2015 9:10:00 AM A8000000AE070F439A99D140 1013D255 = Monday, August 17, 2015 10:00:00 AM : 1439830800 CC0000000AD71743703DE240 D025D255 = Monday, August 17, 2015 11:20:00 AM : 1439835600 0901000046E14743F7281441 E033D255 = Monday, August 17, 2015 12:20:00 PM : 1439839200 //... 10A9D255 = Monday, August 17, 2015 8:40:00 PM : 1439869200 39000000CCCC3042D7A300400901000000D89FDF3E4F01000000000000000000000000000000000000040000000C01000000 D7A7D255 = Monday, August 17, 2015 8:34:47 PM : 1439868887 3E00000000000000 5800000000000000 0153460000000000 0000000000000000 00000000 00 5D00000000000000 000000000001000000 = 88bpm : 58 HEX 93bpm : 5D HEX 45B5C855 = Your time zone: Monday, August 10, 2015 7:29:25 AM : 1439216965 2300000000002A430000824235E60200CD7FCF12F1490200D1FB01001198020022BF02000101000000 A5AAD255 = Monday, August 17, 2015 8:46:45 PM : 1439869605 1027000000000000