use for rewrite ESN and flash ROMs. good luck.
rename it to .rar, its a winrar file.
MOD EDIT - Removed file. PM me if you disagree and provide me with more history/evidence
Leave it. He has 1 post and the SPL hasn't been cracked yet. Probably a scam.
I have re-opened this thread.
@ ls1024 - Feel free to modify first post again and provide more info including what you showed me in PM
Rick
Thanks Spartan for looking at this. Hopefully once he posts more info it will be what we Imagio users are desperate for, or a step in that direction.
Narcotichobo said:
The linked thread reads as following:
Only 6975's with spl already unlocked can be flashed, before you flash please make sure your spl is unlocked.
Currently all chinese phones come unlocked.
To confirm, go into the three color screen (hold down the volume button and the device on button), spl should be 0.40.0000
After flashing check to see if the radio number is 2.05ESNWVL
The operation below is identical to the 6875 (TP2), if you have a problem refer to posts on 6875 (TP2) ESN post
Use any version of CDMA Work Shop
On the terminal page, commands section
27 97 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
After you press send the MEID should be cleared
Afterward you can write whatever ESN
When you finish you can flash any radio and won't lose the ESN
Reference: Tutorial on writing the 6875
http://www.diypda.com/viewthread.php?tid=92838&extra=page=1
Alright, I don't know how to do any of that stuff, but i'm 95% sure on the translation so I hope that helps someone who does know what they are doing!
Also there seems to be an attachment to the post in that thread but i can't access it because I am not a forum member, and registration requires an invitation number.
Click to expand...
Click to collapse
The 0.40 SPL comes on the Chinese version of the Imagio and it allows writing of the ESN and flashing.
All being chatted in this thread:
http://www.forum.ppcgeeks.com/showthread.php?t=97542
Cmonex is working on the HSPL ATM and I do believe it will be based off of the 0.40 SPL
Americanmetal said:
The 0.40 SPL comes on the Chinese version of the Imagio and it allows writing of the ESN and flashing.
All being chatted in this thread:
http://www.forum.ppcgeeks.com/showthread.php?t=97542
Cmonex is working on the HSPL ATM and I do believe it will be based off of the 0.40 SPL
Click to expand...
Click to collapse
Woot I got quoted here.
\/
||
||
\/
And this helps us .38 how?
I think I read this over at PPCG but no instructions on how to do it on a .38 SPL so basically this is for the .40 Imagio only correct?
I posted both modified radios for TP2 and Imagio on PPCG and also a utility to write MEID/ESN (all 3 files from diypda china)
narcotichobo said:
Woot I got quoted here.
Click to expand...
Click to collapse
I had to get this thread unlocked rofl
Still, how can we upgrade to .40? That's what's holding us from at least changing radios to chinese ones hehehe
ls1024 said:
use for rewrite ESN and flash ROMs. good luck.
rename it to .rar, its a winrar file.
MOD EDIT - Removed file. PM me if you disagree and provide me with more history/evidence
Click to expand...
Click to collapse
i have pm...tks.
Ignore this
Here is a couple of files I got from chinese DIYPDA forum. One is a modified radio and the other one a program to simplify the esn repair.
Click to expand...
Click to collapse
Here is the modified radio and DFS, a program that does let you change MEID and/or ESN for when we can do it. Only .40 can change to this radio
Code:
http://www.mediafire.com/?bxjnytljdid
http://www.mediafire.com/?zmtjymhzcjf
we upgrade to 0.40? is the focus of
At least if we can do the .40 upgrade then we can also upgrade to an HSPL that allows unsigned ROMs. Has anybody had any luck with .40? I would like .40 on my phone... And also a way to go back to .38 if possible!
Well, easiest way to go .40 is to buy an Imagio that's .40 already.
taobao(dot)com as specified by our friends at diypda(dot)com has them for 3150 = $461 usd. The question is... If we get this phone and we flash the Imagio shipped rom, will it flash .38 spl or leave it at .40 spl?
It will replace to .38 ,
u must delete SPL from the ruu_signed.nbh
m4f1050 said:
Well, easiest way to go .40 is to buy an Imagio that's .40 already.
taobao(dot)com as specified by our friends at diypda(dot)com has them for 3150 = $461 usd. The question is... If we get this phone and we flash the Imagio shipped rom, will it flash .38 spl or leave it at .40 spl?
Click to expand...
Click to collapse
Hmmm, well, at least the .40 can flash it after you remove .38 spl (will be unsigned afterwards) so how do you remove it? I've cooked ROMs with kitchens before but I have no clue how to remove the SPL from the .nbh
htcRIE_0.5.0.12
m4f1050 said:
Hmmm, well, at least the .40 can flash it after you remove .38 spl (will be unsigned afterwards) so how do you remove it? I've cooked ROMs with kitchens before but I have no clue how to remove the SPL from the .nbh
Click to expand...
Click to collapse
I'll give it a test drive to see how it works. Link here: http://forum.xda-developers.com/showthread.php?t=377514
I tested program, it does work, I managed to remove SPL from the Verizon .nbh but Whitestone is not on the list of selected phones, not sure what that list/dropdown menu is for, is that for signing the ROM?
Imagio ROM Test
I have an Imagio, I am willing to use as Genie Pig if anyone can point me to promising ROM to test out. I'm willing to chance bricking the phone. It has been replaced by a new phone from Verizon.
Related
Hi,
I intend to flash a cooked ROM (ITsPapa20748) to my Herald. From reading some sticky posts here I learned that at first I have to install a hacked bootloader - so I downloaded HardSpl_WM6.rar
My procedure was as follows:
1. install canonyang, ASerg_Policies and Disable_Security (in this order)
2. softreset
3. start RUU
My mobile then enters bootloader mode and ends up with error message "Error [270]: Update Error" (progress bar freezes at 3pct)
My config is as follows:
PC: is running WindowsXP (with SP2), ActiveSync v4.5 is in Guest Mode
Mobile: Model-Nr. Hera100
ROM version 4.17.402.102 GER
IPL 4.17.0001
SPL 4.17.0000
I had to UNcheck the start/system/advanced_networking-box in order to establish USB-connection.
After spending some hours going through existing threads I'm pretty sure that this is a common situation. But I didn't find any hint that helped me to flash successfully.
So any comments and suggestions are welcome.
thx!
1aladdin1
it works now
sorry for posting too early - now it worked.
I basically performed the same steps as listed in my previous post. Two differences:
1. softreset between installation of canonyang/aserpolicy/disable_security
2. while performing the RUU I had FILEMON running (a great tool from mark russinovich)
Finally I don't know, which step was the decisive one - bot anyhow it works now.
Hope this helps other guys in a similar situation.
please guys help me
my htc touch p3452 is dead becoz i flash but something is wrong and then it was dead now it will on on bootloder mode(red,green,blue) here is my detail please tell ,me what to do
it show..
IPL 3.07.0002
SPL 3.07.0000
DEVICE ID= ELF010050
CID= DOPOD001
45 4C 46 30 31 30 30 35 30 00 00 00 00 00 00 00 ELF010050.......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
44 4F 50 4F 44 30 30 31 00 00 00 00 00 00 00 00 DOPOD001........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..............
i also tryed to flash "DID-ELF010050_CID-DOPOD001_ROM-2.20.721.2B" but is not flashed it gave "error 270 update error" something please tell me where is the problem and how to solve please guys
Wwwwwweeeellllllll....YOU HAVE AN ELF, NOT A HERALD. Seriously, if you tried to HardSPL your Elf with the Herald HardSPL...I don't even know. These are the Herald forums, NOT the Elf forums, as such, more than likely no one that frequents here will know what to do to help you.
After fighting versus the Tattoo for 2 hours I have finally flashed the device successfully.
Since there is not a proper thread containing the exact procedure for this device I'm going to explain it a little bit in detail, specially based on this device different things that doesn't have other android phones:
1. First we need to find a micro SD, normally this device comes with a 2gb Sandisk micro SD, this will be fine.
2. We need to format the microSD to FAT32, so remember to save your files before going on.
3. After the format, we need to create a GoldCard with this SD Card. Basically this is a "transformation procedure". You can find the method here: http://forum.xda-developers.com/showthread.php?t=572683 but I'm going to explain it based on Tattoo
Creating the Gold Card:
4. We need the android-sdk tools, we can find them here: http://developer.android.com/sdk/index.html download them, and unzip in a folder maybe in C:\androidtools
5. Go the the Command line (Start->Execute->write cmd and OK), and there you should find where you unzip the android-sdk tools, example cd c:\androidtools\tools
6. Run this command "adb shell cat /sys/class/mmc_host/mmc1/mmc1:*/cid" if you had the microSD in the drive you will find a long number like:
532600bd227d9c0347329407514d5402
7. Go to this page to reverse it: http://hexrev.soaa.me/ and copy the code reversed:
In our example it will be: 00544d5107943247039c7d22bd002653
8. Go to this page to generate your GoldCard image: http://psas.revskills.de/?q=goldcard
And put your reversed number and you email. You will receive an email with a file called "goldcard.img"
9. Now you need an Hex editor like HXD. Download it from: http://download.cnet.com/HxD-Hex-Editor/3000-2352_4-10891068.html?tag=mncol
10. Exactly the same as the instructions I pasted above:
11. Install and launch HxD Hex Editor program. (make sure you use "Run as Administrator" under Vista and win 7)
12. Go to Extra tab > Open Disk. Under Physical disk, select Removable Disk (Must be your SD card), uncheck “Open as Readonly), click OK. (BEWARE, MUST BE UNDER PHYSICAL DISK NOT LOGICAL DISK, THIS MISTAKE MADE ME BIG PROBLEMS)
13. Go to Extra again, Open Disk Image, open up goldcard.img which you’ve saved/unzipped earlier.
Now, you should have two tabs, one is your removable disk, the other is goldcard.img. Press OK when prompted for “Sector Size” 512 (Hard disks/Floppy disks), click OK.
14. Click on goldcard.img tab. Go to Edit tab > Select All, edit tab again > copy.
15. Click on the “removable disk” tab. Select offset (line) 00000000 till offset (line) 00000170 (including the 00000170 line), click on Edit tab and then Paste Write.
16. Click on File > Save. now you can exit the program.
------------
17. Now with the gold card created (the microSD transformed) we must reboot the HTC Tattoo. When we press the "reboot" button we must press nearly at the same time the POWER OFF and VOLUME DOWN buttons at the SAME TIME!!!! He will enter a new menu called HBOOT
18. We press back button to go to fastboot USB mode
19. Now we have to start the flashing utility for example: http://rapidshare.com/files/292517090/RUU_Click_HTC_WWE_1.67.405.6_WWE_release_signed_NoDriver.exe
This is done the 19th Decembre 2009, but maybe on the future there will be newer flash releases so this file will be replaced for the newer one.
19.1 If we get either Error 170 or 171 in the flashing process follow this other guide to solve this issue: http://forum.xda-developers.com/showthread.php?t=646663
20. The Flash will start we must wait, its better to do this process with 100% battery left
21. After 10 minutes, the flash will be done, and the HTC will reboot automatically with the Flashing done and everything OK!
-----------------------
Latest Official WWE Flashes for HTC Tattoo:
19.12.2009: http://rapidshare.com/files/292517090/RUU_Click_HTC_WWE_1.67.405.6_WWE_release_signed_NoDriver.exe
This is for all brand of HTC Tattoo? or only Orange?
can get root?
I have successfully flashed my tattoo with your tutorial but still can't use my Wind (italian) sim. At every roboot it ask me the unlock code, says "network succesful unlocked" and after it continue to say "unlocking sim card", but it never stops!!
The data of my phone are those:
HBOOT-0.52.0001
MICROP-0203
RADIO-3.35.07.20
What can I do??
Tony2k do you have your simlock unlock code? Or did you just flash your rom hoping for the simlock to go away?
I have bought the unlock code but the problem it's that I can enter another code, like 12345678, and have always the message "network unlocked successful" and after it continue to say "unlocking sim card", exactly like with code that I have bought.
Well Tony I am sorry but I cant help you here. I dont know whats wrong. I know that you have few trials to enter the simlock unlock code and that after exceeding these attempts you will have to remove the simlock via USB cable (I dont know which software to use). What you can try is using a turbo sim that you can get off ebay. I dont give you my word that it will work, but I have seen one or two people saying that it worked with the tattoo locked to orange uk. If ever you decide to try using the turbo sim, let me know if it bypasses the simlock on the tattoo.
Good luck man.
Great work MiSSigNNo.... u managed to carry out this impossible work as of now with success....
i have few questions to ask you. what made you flash your tattoo???
what advantage do you have at present over the previous ROM???
have u got into superuser mode with this procedure???
i am sure we all would like to know answers for these from you.... please be kind enough to reply to my post....
Manuvaidya:
1. To remove simlock successfully on orange uk htc tattoo, you are forced to flash the rom
2. If you were on orange uk, you will have an android with all the software that orange removed and it will be debranded. And knowing that it can be flashed this will encourage ppl to cook roms.
3. Unfortunately there is no way yet to get root access on the tattoo
Hope this helps you out mate
manuvaidya said:
Great work MiSSigNNo.... u managed to carry out this impossible work as of now with success....
i have few questions to ask you. what made you flash your tattoo???
what advantage do you have at present over the previous ROM???
have u got into superuser mode with this procedure???
i am sure we all would like to know answers for these from you.... please be kind enough to reply to my post....
Click to expand...
Click to collapse
No advantages actually, simply I hate much the mobile-branded roms. Also I tried my sim before I flashed to enter the unlock code and nothing happened, but after, I tried and then it asked me for the unlock code and I could manage to make it successfully.
I don't have the root-superuser mode. I'm sure there are plenty of opportunities with that, but we must look forward on finding the method to make it.
By the way In my "experience" with past branded-roms, they used to be slower since they had plenty of ****ty apps of the brand to make you spend money, and waste unnecesarily memory from the device, this is why the first two things I do everytime I buy an HTC is to flash to default rom and unlock them Since it was more difficult than other times with WM I decided to make this mini-guide, to help others make it easier.
Hi Guys,
I got to the last stage of this walkthrough and when i run the exe for the ROM i get an error 170 on the USB cable. Do you have any ideas what this could be?
Thanks
James
apie2004 said:
Hi Guys,
I got to the last stage of this walkthrough and when i run the exe for the ROM i get an error 170 on the USB cable. Do you have any ideas what this could be?
Thanks
James
Click to expand...
Click to collapse
You didn't make the goldcard correctly. start from the beginning on the goldcard creation. to know if gold card is well created when entering hboot, press the unlock button (call button if i can remember) and there you will se a green message like "key is OK" if not well made there will be a message in red saying "key error" or something like that
Thanks for that guys, still no luck though . I think I might be doing something wrong so here are the results i get as i go along.
adb shell =035344535530324780010f90d4009868
reverse code=009800d4900f01804732305553445303
goldcard.img=
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 53 41 30 30 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 06 00 00 23 00 00 00 00 00 00 00 00 00 68 00 00 00 00 00 00 00 13 00 00 00 84 00 00 00 00 00 00 00 00 00 00 00 00 24 00 00 00 00 00 00 00 18 00 00 29 00 00 00 00 00 FA 00 00 BE 00 00 00 00 19 00 00 00 00 00 00 43 2B BA AA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 21 FF FF FF FF FF FF FF FF 00 00 00 00 53 41 30 30 00 00 00 EF 00 83 80 00 00 3B 00 00 52 00 00 71 00 00 00 00 00 00 04 00 00 09 00 00 38 00 00 00 00 B4 83 00 00 5E 00 00 00 00 00 00 00 07 00 00 00 00 D2 00 00 00 00 20 00 45 3B 00 00 00 81 00 00 00 00 00 DD 00 98 06 00 00 00 00 00 00 DE 00 00 00 00 00 3B 00 3C 00 82 53 5A 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
I keep getting the same results over and over again so I think I might be going wrong somewhere... Any more ideas?
I'm afraid I'm stuck near the very beginning.
When I navigate to the sdk tools folder and run the command, I get the following:
Code:
C:\android-sdk-windows\tools>adb shell cat /sys/class/mmc_host/mmc1/mmc1:*/cid
adb server is out of date. killing...
* daemon started successfully *
error: device not found
Is there something I'm doing wrong? I'm running Win 7 x64 and trying to flash a Vodafone branded HTC (build number is apparently "1.67.161.5 CL#74011 release-keys").
Edit: I did format the card to FAT32 like you said.
I found that you need the andriod drivers installed for adb shell to work, if you run SDK setup in the andriod sdk folder and install the driver component, then point the device in device manager towards the new downloaded folder, should be called usb_driver. Hope that helps
Well I tried opening SDK Setup but all that happened was a command prompt window just appeared and then disappeared almost instantly (with Windows then complaining that the program might not have installed correctly). I also tried running it as administrator but got the same result. And nothing happens when I try opening it with cmd.
apie2004 said:
Thanks for that guys, still no luck though . I think I might be doing something wrong so here are the results i get as i go along.
adb shell =035344535530324780010f90d4009868
reverse code=009800d4900f01804732305553445303
goldcard.img=
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 53 41 30 30 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 06 00 00 23 00 00 00 00 00 00 00 00 00 68 00 00 00 00 00 00 00 13 00 00 00 84 00 00 00 00 00 00 00 00 00 00 00 00 24 00 00 00 00 00 00 00 18 00 00 29 00 00 00 00 00 FA 00 00 BE 00 00 00 00 19 00 00 00 00 00 00 43 2B BA AA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 21 FF FF FF FF FF FF FF FF 00 00 00 00 53 41 30 30 00 00 00 EF 00 83 80 00 00 3B 00 00 52 00 00 71 00 00 00 00 00 00 04 00 00 09 00 00 38 00 00 00 00 B4 83 00 00 5E 00 00 00 00 00 00 00 07 00 00 00 00 D2 00 00 00 00 20 00 45 3B 00 00 00 81 00 00 00 00 00 DD 00 98 06 00 00 00 00 00 00 DE 00 00 00 00 00 3B 00 3C 00 82 53 5A 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
I keep getting the same results over and over again so I think I might be going wrong somewhere... Any more ideas?
Click to expand...
Click to collapse
I also tried a couple of other cards, one broke the card and hboot was really unresponsive. The first card did the same sort of thing, CID error or similar
Success!
I read through this guide about getting adb to work, replaced the current driver with the one linked to there and then also realised that you couldn't get adb to work while the phone was in 'Disk Drive' mode (what a n00b I am). The only way I could get into 'USB Debugging' was by choosing 'HTC Sync' on the phone (but not actually have HTC Sync open on my PC). Once I did that, adb worked properly.
I'm guessing my mistake was just not having the phone in 'USB Debugging', so the old driver would probably have worked as well but at this point I don't really care.
Anyway, I managed to follow the rest of your guide just fine, MiSSigNNo, and it worked! Though I think maybe you should rewrite point number 17 in your original post; from the way you worded it, I thought there was an actual reboot button, different from the power button. A better wording would be something like: "Switch the phone off. Press the Power button to switch it back on but immediately hold down the Volume Down button after pressing the Power button until the HBoot menu appears (at which point you can let go of Volume Down)"
Otherwise I have no complaints, and I cannot thank you enough for posting the guide. It's so nice to be able to get rid of network branding (even if it was only slight in the case of Vodafone), and have a newer version of the system!
Do you know where we can keep track of the WWE Flash releases? It'd be nice to stay up to date I guess.
Edit: lol silly me, wasn't actually checking the rest of the forum so didn't see the thread on WWE ROM links.
what brand of sd card did you use? It's just that i've read somewhere that sandisk (the one i have) doesnt work as a goldcard. Tried it with one that didnt have a brand on it and that didnt work either
I used a SanDisk (it's the 2GB card that came with the phone) so it can't be true that all SanDisk cards don't work. Not that I know much about these things.
Thanks for gruptnt,I finally figure out the reason is not eeprom.I think the wifi antena is loose when my phone droped from 1.7 meter a few days ago.So the people who have a familar wlan issue can try this method.And thanks gruptnt again for his kind help.Now the thread can be closed!
Hi,recently I have flashed my diamond to stock wm 6.1 ROM.When it finished,I found My WLAN is also finished.
The problem was just the same as the video below:
http://www.youtube.com/watch?v=G_jQc1JRGQI
I seach all of the froum and found a possible reason--I have erased my eeprom during the flashing.Solution for herme and trinity have been found.However,I can't locate the mac address of wlan and there is no working waln diamond to dump the eeprom.Sorry for my bad english ,hope some one can solve this problem.
Here is herme thread:
http://forum.xda-developers.com/showthread.php?t=322225
Here is trinity thread:
http://forum.xda-developers.com/showthread.php?t=490681
Hi,
very strange. Usually, it does not happen when flashing.
Which Diamond you flashed?
If it is a Dopod D900 from China, it does not have the WLAN chip at all, like all Dopod with WM6.x officially sold in China. So, even if you find out how to change EEPROM and add a mac-address it will not work. (btw, Dopod S900 also misses the front camera)
Which ROM you had before and which (stock) ROM you flashed?
How did you flash? With mtty?
Do you still have the same problem when changing back to previous ROM?
Good luck!
Huckleberry88 said:
Hi,
very strange. Usually, it does not happen when flashing.
Which Diamond you flashed?
If it is a Dopod D900 from China, it does not have the WLAN chip at all, like all Dopod with WM6.x officially sold in China. So, even if you find out how to change EEPROM and add a mac-address it will not work. (btw, Dopod S900 also misses the front camera)
Which ROM you had before and which (stock) ROM you flashed?
How did you flash? With mtty?
Do you still have the same problem when changing back to previous ROM?
Good luck!
Click to expand...
Click to collapse
I use HTC WCDMA version(DIAM100) and it has a WLAN chip and front camera.
I have always been using Donsalari TFL2.1ROM (just show in my signature) before.
Just a few days ago I flashed "RUU_Diamond_HTC_WWE-AFK_2.03.421.2_Radio_Signed_Diamond_52.51.25.26_1.09.25.23_Ship" which I download from HTC offical website using my own S/N.
Of coure I use mtty's task 29 command before flashing.However It failed first time.So I change my SPL from Olinex 1.93 to stock 1.93 .The I just run the exe file I downloaded tiwce to make it work(the first flashing is unsuccessful but it changde my SPL from stock 1.93 to 2.03,and the second time was succcessfull).After flashing,My WLAN dead as shown in the video in the first post.
Yes,I change it to previous ROM but no miracle happened.I also change different radio and SPL but it didn't work.
Finally,I search the entire thread and found it could be the eeprom problem,but I don't found any solution to diamond just like herme and trinity.
Lastly,Thank you for your kind help.
In that case, if you have the original ROM with spl and radio installed, then maybe best chance is to check with the HTC service to help you to sort it out.
As you mentioned the problem with the missing mac-address happened to some other phones but I never heard it happens to a Diamond before.
Good luck!
Huckleberry88 said:
Hi,
very strange. Usually, it does not happen when flashing.
Which Diamond you flashed?
If it is a Dopod D900 from China, it does not have the WLAN chip at all, like all Dopod with WM6.x officially sold in China. So, even if you find out how to change EEPROM and add a mac-address it will not work. (btw, Dopod S900 also misses the front camera)
Which ROM you had before and which (stock) ROM you flashed?
How did you flash? With mtty?
Do you still have the same problem when changing back to previous ROM?
Good luck!
Click to expand...
Click to collapse
Huckleberry88 said:
In that case, if you have the original ROM with spl and radio installed, then maybe best chance is to check with the HTC service to help you to sort it out.
As you mentioned the problem with the missing mac-address happened to some other phones but I never heard it happens to a Diamond before.
Good luck!
Click to expand...
Click to collapse
Thank you guy,I think I will live with it cause I do not use wlan very often.And Diamond is old enough nowdays.If microsoft publish a chiense version of windows phone 7,I'll consider to buy one to replace my diamond.
jent.le said:
Hi,recently I have flashed my diamond to stock wm 6.1 ROM.When it finished,I found My WLAN is also finished.
The problem was just the same as the video below:
http://www.youtube.com/watch?v=G_jQc1JRGQI
I seach all of the froum and found a possible reason--I have erased my eeprom during the flashing.Solution for herme and trinity have been found.However,I can't locate the mac address of wlan and there is no working waln diamond to dump the eeprom.Sorry for my bad english ,hope some one can solve this problem.
Here is herme thread:
http://forum.xda-developers.com/showthread.php?t=322225
Here is trinity thread:
http://forum.xda-developers.com/showthread.php?t=490681
Click to expand...
Click to collapse
U can see at this
http://forum.xda-developers.com/showthread.php?t=597195
Note :
i have another diamond with wlan problem (can't go on) but when i have disassembly diamond the cable of antenna wlan were disconnected on mainboard
i have reconnect and now wlan is ok
; said:
U can see at this
http://forum.xda-developers.com/showthread.php?t=597195
Note :
i have another diamond with wlan problem (can't go on) but when i have disassembly diamond the cable of antenna wlan were disconnected on mainboard
i have reconnect and now wlan is ok
Click to expand...
Click to collapse
Thank you dude.I see your work on trinity,but i don't see the thread above.Thank very much for your kind help.I will try it later,and I will post the result.Thanks again,gtuptnt.
gruptnt said:
U can see at this
http://forum.xda-developers.com/showthread.php?t=597195
Note :
i have another diamond with wlan problem (can't go on) but when i have disassembly diamond the cable of antenna wlan were disconnected on mainboard
i have reconnect and now wlan is ok
Click to expand...
Click to collapse
Hi,dude.I try your method,but no luck.Since I am at school,I can not find my mac address in router log file.I have used 56 48 65 48 22 00 which I find in supersport's video.
I use mtty's info 8,and find BLOCK 951 (0x3B7) is bad block ,however,it does exist when I use task 29 before flashing.
After using task 37 ff in mtty I got:
AA0EFF80: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 | ................
AA0EFF90: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 | ................
AA0EFFA0: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 | ................
AA0EFFB0: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 | ................
AA0EFFC0: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 | ................
AA0EFFD0: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 | ................
AA0EFFE0: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 | ................
AA0EFFF0: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 | ................
Click to expand...
Click to collapse
And no signature in the end.Any idea?
I AM NEW HERE.
I use MTTY to change diamond's macadress.
enter"emapiWlanMac 00 00 00 00 00 00"
but it returns "command error!!!".
it said that different SPL have different commands.
my spl is spl1.93
someone may tell a right commond having the same effect of "emapiWlanMac 00 00 00 00 00 00".
thanks.
CYHTCY said:
I AM NEW HERE.
I use MTTY to change diamond's macadress.
enter"emapiWlanMac 00 00 00 00 00 00"
but it returns "command error!!!".
it said that different SPL have different commands.
my spl is spl1.93
someone may tell a right commond having the same effect of "emapiWlanMac 00 00 00 00 00 00".
thanks.
Click to expand...
Click to collapse
Why do you want to change it?
Hey guys, Curiosity got the better of me and I did some research into unlocking the bootloader when it says no.
I remember from the Xperia U forums that XperianPro was looking at this and got people to back up there ta partition and view it in notepad++, this is shown in a hexadecimal format which is difficult to edit.
I took a new approach and decided to use the adb command
Code:
dd if=/dev/block/mmcblk0p1 of=/mnt/sdcard/ta.img
to get a .img of the ta partition which is loaded to mmcblk0p1 (on the T anyway)
when I opened this in notepad++ I found a whole lot more of human readable stuff in the ta partition.
I did find
Code:
ROOTING_ALLOWED="0"
As I recall. from XperianPros thread they did see this, and AFAIK some tried changing it to 1 and it caused a hard brick. but from using my method I think I found something else that will lead to the solution.
I found a Signature Value section
Code:
<SignatureValue>Uf7ztzGcQiKz5ivqLEG0Emxhh/9L0C0doeq1HlJIIamuyLiU8kmHxfxytPlzCVYC68jz0WWdRVsL
jaN62bvED6ZmUDETiUQa/mlytNFv2n8Ffv7ihXMay9uebxnme77JzThpWOrSXGP1odiMhvgft3xq
k9tAZKqAzChvy8LYruPXVB8dL1hl0wN3MrPrD4Dd+1WvTeXiTPJMmbftzLYy+HOaJw5oKmamHJRb
U6ejjC4eBgORvdmMddekkSd5JMMZ4ki6CBWU8SPK7eAebxUUXs1vT19gzjEIxiVt3fRnw680D4Fv
5zNB7Wy++y1dcqYyBEPEq9jVGwamcintj/fI9A==</SignatureValue>
I believe this is the signature of the file and changing the value of rooting allowed to 1 would obviously change the signature of the file, and I don't think they recalculated a signature in the other thread. from what I can gather from my ta.img is that it uses a sha1 key verification method (I think)
Sooooo.... Any help or insight would be great
I'm going to keep looking at this for the next few days and see what I find.
I don't think this has been covered regarding looking into an unofficial unlock, If it has then I must have missed it haha, and I'm probably barking mad. I also wanted to keep this separate from the bounty thread as that's about a bounty
If I remember correctly, however I may be wrong, but that signature is an SHA hashed version of the unlock code provided by Sony. Not sure which version of SHA, also may be salted. But do check/find out more, I may be wrong.
Sent from my LT30p using xda app-developers app
Thanks for looking into this for us people not allowed to unlock our bootloaders!
I believe if u crack this the bounty would rightfully be yours? I certainly would gladly give you my donation if you crack it.
Good luck
Very intresting thread. I hope this is the right way to unlock bootloader even for those who can't.
DS-1 said:
Very intresting thread. I hope this is the right way to unlock bootloader even for those who can't.
Click to expand...
Click to collapse
No.
This has been tried before and it results in a hard brick.
Simply changing a value from 0 to 1 is way to simple.
gregbradley said:
No.
This has been tried before and it results in a hard brick.
Simply changing a value from 0 to 1 is way to simple.
Click to expand...
Click to collapse
that's why I think this Signature Value has something to do with it
matt4321 said:
that's why I think this Signature Value has something to do with it
Click to expand...
Click to collapse
Well, best of luck with that
On the one hand, bear in mind that kexec is being developed (on and off development, really). I'd suggest that you get your unlock code from Sony, and the original one for the ta you got unlocked and start finding out what the various hashes of it are, might be you end up with one that matches that section, then hash your code with the same way, then do some magic the ta area
Just a thought.
Sent from my LT30p using xda app-developers app
Maybe simlock.ta, could be helpful.
There were some cases, when rooting allowed changed to yes after update.
It probably flashes only with the right values or what?
Simlock.ta in HEX -
Code:
// [SIMLOCK S1]
02
000007DA 0146 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 02 00 05 0A 02 00 00 00 0A 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 47 4F 50
5F 49 44 3D 22 31 38 37 22 3B 4F 50 5F 4E 41 4D
45 3D 22 4F 72 61 6E 67 65 20 50 4C 22 3B 43 44
41 5F 4E 52 3D 22 31 32 36 38 2D 33 31 36 34 22
3B 52 4F 4F 54 49 4E 47 5F 41 4C 4C 4F 57 45 44
3D 22 30 22 3B 00 00 00 09 00 07 30 30 31 30 31
2D 2A 00 00 00 00 00 0B 00 07 32 36 30 30 33 2D
2A 00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00
00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00
Simlock.ta in ASCII -
Code:
// [SIMLOCK S1]
02
(symbol)2010 (+)326(symbols) something...GOP_ID="187";OP_NAME="Orange PL";CDA_NR="1268-3164";ROOTING_ALLOWED="0";00101-* 26003-*...something
Just some idea.
is it reliable?
Looks promising. But [email protected] said this is too risky. Unless someone is willing to make a sacrifice for it. But come to think of it it had sone potential for bootloaders not allowed for unlocking.
Sent from my LT29i using XDA Premium 4 mobile app
I'm down to use my prototype Xperia T LT30a as a guinea pig for this experiment, but obviously only if some advancement is made to the current theory (Signature verification relationship, etc.). If the dev is somewhat confident/comfortable, then so am I. I have my Xperia L as a backup unit if my T gets destroyed.
LaZiODROID said:
I'm down to use my prototype Xperia T LT30a as a guinea pig for this experiment, but obviously only if some advancement is made to the current theory (Signature verification relationship, etc.). If the dev is somewhat confident/comfortable, then so am I. I have my Xperia L as a backup unit if my T gets destroyed.
Click to expand...
Click to collapse
this is good, I'm still looking into the relationship between unlock keys, signature value and other things
Ok. I just tested one thing. The same way, I can relock bootloader, I can also reunlock bootloader, using the unlocking number from Sony in hex format.
Anyone tested to get the number from Sony site and flash it with preset.ta?
This is preset.ta for reunlocking - replace ** with hex symbols of your unlocking number
Code:
// [ReUnlock bootloader]
02
000008B2 0010 ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** **
This is simlock.ta, which can be theoretically renamed to preset.ta and flashed, but who knows what happens.
Weird is, that each simlock.ta has different number of symbols.
HEX:
Code:
// [SIMLOCK S1]
02
000007DA 0141 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 02 00 05 0A 02 00 00 00 0A 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 4D 4F 50
5F 49 44 3D 22 38 32 34 32 22 3B 4F 50 5F 4E 41
4D 45 3D 22 43 75 73 74 6F 6D 69 7A 65 64 20 43
45 31 22 3B 43 44 41 5F 4E 52 3D 22 31 32 36 38
2D 33 31 39 34 22 3B 52 4F 4F 54 49 4E 47 5F 41
4C 4C 4F 57 45 44 3D 22 31 22 3B 00 00 00 09 00
07 30 30 31 30 31 2D 2A 00 00 00 00 00 00 00 00
00 00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00
00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00
ASCII:
Code:
something...OP_ID="8242";OP_NAME="Customized CE1";CDA_NR="1268-3194";ROOTING_ALLOWED="1";...something
I found that they use some of these algorithms: http://www.w3.org/TR/xmlsec-algorithms/ to make the ta secure.
So I'm thinking we try do it in reverse with an unlocked ta and key then we would know what to do in the correct order....? thoughts?
There are some from this signed info bit but there are a few more lurking around
Code:
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
</CanonicalizationMethod>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1">
</SignatureMethod>
<Reference URI="#node">
<Transforms>
<Transform Algorithm="http://www.octopus-drm.com/octopus/specs/cbs-1_0"></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1">
</DigestMethod>
<DigestValue>axQveCiPf9Q7wn958RRi5ohD130=</DigestValue>
</Reference>
</SignedInfo>
@peetr_
Yeah my simunlock.ta looks different, I'm confused between the connection (if any) of these.
I also have a different OP_ID="8242" to you, mine is 24, not sure of the significance of that.....
EDIT: It also seems they are using the W3 digital signature initiative: http://www.w3.org/PICS/DSig/RSA-SHA1_1_0.html
I guess that the signature is unbreakable. These signature things in TA has probably something to do with drm keys, and other similar things. System takes it from here.
I think the only way to get somewhere, is finding some workaround or hole, using sony way of changing things in TA partition. But maybe, some of these parts could be never changed. Who knows?
Well. Changing rooting status with preset.ta is nothing special. It is possible. You only need good nerves. And dump of whole 7DA adress from your TA.
I just changed 1 to 0.
Side effect is no mobile service. I guess you have to choose - unlocked bootloader without mobile service or locked bootloader with mobile service.
Changing 0 to 1 makes service available again.
As you can see, I tested it on already unlocked bootloader (locking it permanently). So I don't know if it works backwards. But I do not see any reason, why not.
You only need another tester. I did all I could.
And it would be good, if someone with unlockable bootloader dumps his 7DA before first unlock and compares it with 7DA after unlocking. Or compare with restored not unlocked TA.
And yes, with rooting allowed 0, fastboot and custom kernels are no longer working for me, even if I flash my unlocking number with preset.ta.
peetr_ said:
Well. Changing rooting status with preset.ta is nothing special. It is possible. You only need good nerves. And dump of whole 7DA adress from your TA.
I just changed 1 to 0.
Side effect is no mobile service. I guess you have to choose - unlocked bootloader without mobile service or locked bootloader with mobile service.
Changing 0 to 1 makes service available again.
As you can see, I tested it on already unlocked bootloader (locking it permanently). So I don't know if it works backwards. But I do not see any reason, why not.
You only need another tester. I did all I could.
And it would be good, if someone with unlockable bootloader dumps his 7DA before first unlock and compares it with 7DA after unlocking. Or compare with restored not unlocked TA.
And yes, with rooting allowed 0, fastboot and custom kernels are no longer working for me, even if I flash my unlocking number with preset.ta.
Click to expand...
Click to collapse
If changing it looses mobile service, would changing it to unlock and then restoring after bring back mobile service. Thoughts?
Sent from my LT30p using Tapatalk
Yes, but you will be locked again.
Btw. if nothing, you can at least root and test things this way. I think this procedure is not for everyone, but once you make your unlock and lock ftf, you can change your device's state very easily.
Comparison between 7DA before and after first unlock would be better, just to be sure.
But if you have your TA backed up, to change it back to previous state, I think there's nothing to break.
And one more thing. It looks to me that flashmode cannot be broken. Am I right? So you can always flash something.
peetr_ said:
And one more thing. It looks to me that flashmode cannot be broken. Am I right? So you can always flash something.
Click to expand...
Click to collapse
I seem to recall in the Xperia U forum that some bricks were made from tampering with the TA, if a bad/corrupt TA is flashed then you can't get into flashmode. That's what was established from the U forums