Develop Bugs

Zte bluebelt (zte n61) rom dump + factory images !

Hi !
Well i hope someone can cook up one wince 6.1 english rom or better. If possible i even know way to write it.
ROM DUMP
----------
http://www.hack3r2k.com/BELT/Part00.img
http://www.hack3r2k.com/BELT/Part01.img
http://www.hack3r2k.com/BELT/Part02.img
http://www.hack3r2k.com/BELT/Part03.img
FACT FILES
-----------
http://www.hack3r2k.com/BELT/partition.mbn
http://www.hack3r2k.com/BELT/amsshd.mbn
http://www.hack3r2k.com/BELT/amss.mbn
http://www.hack3r2k.com/BELT/appsboothd.mbn
http://www.hack3r2k.com/BELT/appsboot.mbn
http://www.hack3r2k.com/BELT/FLASH.bin
MEMORY INFO
-------------
Name : Share Memory - smem.bin
------------------------------
Base : 07F00000 - Length : 00100000 - Info : 0
Name : Amss Memory - amss.bin
------------------------------
Base : 05E00000 - Length : 02200000 - Info : 0
Name : Pmem - pmem.bin
------------------------------
Base : 05300000 - Length : 00B00000 - Info : 0
Name : Msg Output - MsgOutput.bin
------------------------------
Base : 052E0000 - Length : 00020000 - Info : 0
Name : Eboot Memory - eboot.bin
------------------------------
Base : 00000000 - Length : 00100000 - Info : 0
Name : EBI Memory - ebi.bin
------------------------------
Base : 00000000 - Length : 07FFFFFC - Info : 1
Name : MDSP RAM A region - mdsp_rama.bin
------------------------------
Base : B1000000 - Length : 00008000 - Info : 1
Name : MDSP RAM B region - mdsp_ramb.bin
------------------------------
Base : B1200000 - Length : 00008000 - Info : 1
Name : MDSP RAM C region - mdsp_ramc.bin
------------------------------
Base : B1400000 - Length : 0000C000 - Info : 1
Name : MDSP Register region - mdsp_regs.bin
------------------------------
Base : B1C00000 - Length : 00000028 - Info : 1
Name : ADSP RAM A region - adsp_rama.bin
------------------------------
Base : AC000000 - Length : 00080000 - Info : 1
Name : ADSP RAM B region - adsp_ramb.bin
------------------------------
Base : AC200000 - Length : 00080000 - Info : 1
Name : ADSP RAM C region - adsp_ramc.bin
------------------------------
Base : AC400000 - Length : 00080000 - Info : 1
Name : ADSP RAM I region - adsp_rami.bin
------------------------------
Base : AC800000 - Length : 00080000 - Info : 1
Name : CMM Script - load.cmm
------------------------------
Base : 05E9B9E0 - Length : 00000468 - Info : 2
PARTIONS DUMP FROM MEMORY
-------------------------------
http://www.hack3r2k.com/BELT/MEM_REG.rar (INCLUDES ALL LISTED PARTITIONS ABOVE + NV AREA DUMP
USEFULL COMBOS
-----------------
1. BOOTLOADER MODE (UP VOLUME KEY + DOWN VOLUME KEY + POWER)
2. FTM MODE - PROGRAMMING (DOWN VOLUME KEY + POWER)
WELL I HOPE ANYONE WILL GET INTERESTED REALLY WANT TO SEE ENGLISH ON MY BLUE CRAP
Br

Upgrade
Do you know about de upgrade to B13? It can be downloaded foorm pocketpt.net
/roms/BLUEBELT/Bluebelt_upgrade_B13.zip

ZTE BlueBelt Englsih ROM Needed Urgently, Please can anyone share it with me?
thanx in advance

how to flash N61(write rom to N61)?thanks

Announcement
Soon I'll be doing a firmware for Bluebelt/Bluebelt2 in English. Now I am collecting money to buy this phone. When the handset will be purchased and test firmware will be ready, I'll let you know here: http://forum.xda-developers.com/showthread.php?t=744571

Samsung Diagnostic Codes

Since i can't post directly to development Forums, i post it here. So please move the post!
I reflected the Samsung Diagnostic App and wrote a programm that creates on a bruteforce basis almost all of the diagnostic codes available.
The source code contains 175 codes, my program was able to create 150.
I can't really create the missing 25 codes, because the input you enter into the diagnostig app, is hashed and then compared, so there is no way (for me) to reverse this hashing.
Please notice: I know some of these codes aren't working but i post them anyway for completeness.
g_FTAMain : 15, 71671835, 56#805353, 716717#15
g_QUALCOMM_TEST : *09#
g_SIMPLE_FUNCTION_TEST : *#05#
g_TouchDelta_80 : *#80#
g_IMEI_NUMBER : *#06#, 57*69*4#0
g_BATT_TEST : *#2*#, 57*69*580
g_TMOServiceMenu : *74*#
g_SMDINFO : *#03#
g_LCDTEST : *#0*#, 57*69*380
g_VIEWHISTORYNW : *#07#
g_QWERTYTEST : *#1*#, 57*69*480
g_BRIGHTNESS_TEST : *#3*#, 57*69*680
g_VPHONE772 : *#772#, 521*86376
g_VPHONE779 : *#779#, 63679*149, 87*809841
g_VPHONE770 : *#770#, 521*86356
g_VPHONE777 : *#777#, 63679*129, 87*809821
g_RILNETLOG : *#638#, 517794#67, 87*808431
g_VPHONE775 : *#775#, 63679*109, 87*809801
g_SR_TEST : *#780#, 521*86456
g_LIGHTTEST : *#12*#, 5*239715#
g_VPHONE773 : *#773#, 405505##8, 521*86386
g_VT_DUMP : *#938#, 517797#67
g_BTLOGDUMP : *#232#, 517790#07
g_RILDUMP : *#745#, 87*809501
g_VPHONE774 : *#774#, 521*86396
g_WIFI_FACTORY_TEST : *#526#, 43985#490, 84#*42#65, 87*807311
g_VPHONE771 : *#771#, 521*86366, 820#611#7
g_VPHONE778 : *#778#, 63679*139, 820#611*7, 87*809831
g_VPHONE776 : *#776#, 63679*119, 87*809811
g_Enable_Testbed : *12358#, 177523034, 7#6850676, 910594*46
g_DEBUGMODE1 : *#0011#, 1#8877754, 472667011
g_LIGHTSENSORTEST : *#0589#, 75#573125, 7#6*32986
g_AUDIOTEST : *#0673#, 6*9495#11, 7#6*33826
g_ILLUMINATIONTEST : *#0843#, 7#6*35526
g_MultiTouch : *#0987#, 75#577105, 7#6*36966
g_TouchFirmare_2663 : *#2663#, 7#6*53726
g_GPSTEST : *#1575#, 7#6*42846
g_AUDIOTEST2 : *#0289#, 472669791, 75#570125
g_FMRADIORX : *#0368#, 18#10#77#, 7#6*30776, 82854#120
g_RRCVERSION : *#0599#, 75#573225
g_DebugOption : *#7450#
g_SOUNDTEST : *#0675#, 6*9495#31, 7#6*33846
g_MOUSETEST : *#121*#, 4726790*1, 75#580*#5
g_MOUSECAL : *#123*#, 4726792*1
g_PHONEDUMP : *#2454#, 7#6*51636
g_HWversionFTA : *#2222#, 1#8899864, 472689121, 4#71746#5
g_BANDSELECTION : *#2263#, 472689531
g_TouchDelta_2665 : *#2665#, 7#6*53746
g_NAVIKEY_TEST : *#2486#, 7#6*51956
g_RTC : *#0782#, 7#6*34916
g_DEBUGDUMP : *#9900#, #9803999
g_ERRORREPCAB_INSTALL : *#9907#, 4316#9456, 8421*4606
g_BATTERYINFO : *#0228#, 472669181
g_DEVICETEST : *#0842#, 7#6*35516
g_CAMERAUPDATE : *#2470#
g_TouchDelta_2664 : *#2664#, 7#6*53736
g_SWversionEx : *#1234#, 1#8889984, 39473*#9*, 472679241
g_MOUSECAL06 : *#126*#, 4726795*1
g_MICROUSB_TEST : *#1793#, 614921**9
g_PHONELOOPBACKTEST : *#0283#, 472669731
g_USBPATHCHANGE : *#7284#
g_CAMERADISABLE : *#2480#
g_RILNETLOG_OFF : *#6380#
g_ERROR_REPORT_VERIFY : *#7452#
g_VPHONE_DISABLED : *#77*0#, 954312475
g_SWversionFTA : *#1111#, 1#8888754, 472678011
g_NETLOCK_NETWORK : *#6955#, 4248*#4#3, 7#6*96646
g_UARTCHANGER : *#9090#
g_SUWON3G_CAB_INSTALL : *#9909#, 4316#9476, 8421*4626
g_INTEGRITY : *#2580#
g_ERROR_REPORT_ON : *#7451#
g_NETLOG_LOG_START : *#9905#, 4316#9436
g_UARTPATH : *#9910#
g_YSSHINTEST : *#9999#, 9*190*03*
g_RILNETLOG_ON : *#6381#, 18#16#90#, 7#6*90906
g_POWERONATTACH : *#7298#, 3604494*2
g_SELF_DIAGNOSTIC_MODE : *#7353#, 18#17#62#
g_PILEDUMP : *#9901#, 8421*46*6
g_GUMITEST3G_CAB_INSTALL : *#9908#, 4316#9466, 8421*4616
g_NETLOCK_SERVICE : *#7755#, 8832#9601
g_VPHONE_ENABLED : *#77*1#, 954312485
g_DEBUG_RIL_DUMP : *#9906#, 166026#0, 4316#9446
g_BATTERYMONITOR : *#9911#, 8421*47*6
g_CONNECTION_SETTING : *#9920#
g_VERIFYCOMPARE : *#9990#, 9*190*0**
g_Disable_Testbed : #12358#, 170523034
g_VersionScript : 19104#2*, *#99732#
g_BLUETOOTH_LOG_ENABLE : 20652619, 61709134
g_BT_SSPDEbugModeDisable : 20652639, 61709154, 1#2066816, 92#351307
g_CELOG_LOG_DISABLE : 20654609, 6*670#817
g_OMADMCLIENT_LOG_DISABLE : 20653609, 9448**0*8
g_OMADMCLIENT_LOG_ENABLE : 20653619
g_BLUETOOTH_LOG_DISABLE : 20652609, 61709124
g_BT_SSPDEbugModeEnable : 20652629, 61709144, 1#2066806
g_CELOG_LOG_ENABLE : 20654619, 6*670#827
g_TOTALCALLTIME : 2934331*
g_ERASE_IMEIITEM : 35190728, 76247243, 81689*06#, 908*#7725
g_IMEI_ADJUST : 35190738, 76247253, 81689*07#, 908*#7735
g_RESET_CUSTOM : 35180948, 76237463, 81688*28#
g_RESET_FACTORY : 35190718, 76247233, 81689*05#, 908*#7715
g_BLUETOOTH_RF_TEST : 3##65*88
g_BLUETOOTH_AUDIO_TEST : 3##65*98
g_AutoSimSetting : 40*047#3, *#94765#
g_PVKKey : 40*549#3, 6#137011, *#99785#, 2069393#3, 505214014, 974495169
g_RESET_FACTORY_WITHDEFAULTLANGUAGE : 76264513
g_NONSLEEPCALL_ON : *#069*1#, 4372903*4, 45*973*82
g_LEDTEST : *#14789#, 318379752
g_NONSLEEPCALL_OFF : *#069*0#, 45*973*72
g_DMSessionInit : *#15428#, 318386142, 9*#85#581
g_NETLOCK_SUBSET : *#78255#, 2067240#3
g_CAMERAUPDATESVC : *#32589#, 318557752
g_LAUNCH_UAEDIT : *#92782#, 974425139
g_CIPHERING : *#32489#, 24#59#547, 318556752
g_LOGDUMPMGR : *#33284#, 318564702
g_PdaBuildTime : *#99820#, 777551390
g_SR_DISABLED : *#780*0#, 4926#99*5, 81*255280
g_SR_ENABLED : *#780*1#, 81*255290
g_VersionTime : *#99821#, 62421*4*6
g_DIS_LOCK_SUB_NW : 17#991#3*
g_PVKFileName : 18*357#25, 6#13702##
g_EN_LOCK_SUB_NW : 193582504
g_EN_LOCK_CORP : 1*0273411
g_EN_LOCK_SVC : 1*0278411, 61491#442
g_GPSTESTTOOL : 1#8865#55
g_DIS_LOCK_NW : 20789802*, 863164*71
g_SellOutSMS : 2615#0922, 5530*6100
g_TFlashUnPairing : 30334*733, 3*87*9122
g_FILE_SYSTEM_TEST : 36*4601*9, 982676614
g_DIS_LOCK_SVC : 38025*93#, 44*7#2049
g_GPSTESTXTRA : 400#40*18
g_GPSTESTTOOL2 : 400#40*08
g_SerialNumber : 5317*0648
g_EN_LOCK_NW : 5494477*3, 71204*91#
g_EN_LOCK_SIM : 5494585*3, 587*9*7#*
g_SERVERURL : 553378683
g_SLIDECOUNT : 584644021
g_SellOutSMSTestMode : 597#*224#
g_APPSLAUNCHER : 5**6244*3, 9372799#5
g_SLOGSERIAL_M2 : 66#6757#1
g_TESTMODE : 718071#49
g_AutoReceive_Enable : 7160*5088
g_RESET_SERVICE : 72673#00#
g_ReactivateSellOutSMS : 74201#086
g_AUDIOGAINCONTROL : 7#16#1#47
g_AUDIOCODEC : 7#16#1#37
g_ADMIN_GENERIC : 838*5448*
g_SLOGSERIAL_ALL_ON : 8644*3081
g_VT_MANUALSETTING : 8802*7*5#, 972#6#115
g_WIFI_TEST : 9304554#5
g_DISLOCK_SIM : 98217*243
g_DMTESTMENU : 9#7357764
regards,
Flow

Hey Flow, thanks for this.
Does this apply to all samsung WP7 devices or is it specific to just one?
Just asking so I can move this to the most appropriate location.
Sorry for taking a while to get round to this as well.
Cheers

I don't have a focus to test this, but my guess is yes, this should apply for the focus too.
And maybe non WP7 Samsung Devices.

Flow WP7 said:
I reflected the Samsung Diagnostic App and wrote a programm that creates on a bruteforce basis almost all of the diagnostic codes available.
Click to expand...
Click to collapse
If you would have searched the forums, you would see that you didn't have to do that, because I already did that for you. I believe there are 174 codes and I found all of them.
Ciao,
Heathcliff74

Yeah tell me how the search works, did you look at the title of that thread?
Anyway if your needs are already satisfied, fine just ignore it. I invested some time to do that (not just copy paste) and my solution provides more then one code for some of the items.

Flow WP7 said:
Yeah tell me how the search works, did you look at the title of that thread?
Anyway if your needs are already satisfied, fine just ignore it. I invested some time to do that (not just copy paste) and my solution provides more then one code for some of the items.
Click to expand...
Click to collapse
Wow. No flame intended! It was just meant as a heads-up for the remaining codes you missed. I always appreciate hacking-efforts

1) Inject your own launch code (with your own passwords )
2) PROFIT!

Now, since i dont know about coding or how to understand to read this codes. I have to ask if, through this tool you could visualize the 3g/2g switch that some Omnia 7 have, and some dont in there setting?

thanks for this.Great,,,

ı have a questıon, whar r the numbers for after the (,) sign?

Alternative code for the same action.

[Q] Question about amss.bin

Hello people,
Are there any tools for viewing and editing the amss.bin?

HEX Editor...
IDA...
Brain.
Best Regards

adfree said:
HEX Editor...
IDA...
Brain.
Best Regards
Click to expand...
Click to collapse
with revskill i got this with amss.bin
#define UNLOADED_FILE 1
#include <idc.idc>
static main() {
MakeName(0x00079B70, "Memcmp");
MakeName(0x00062160, "Memcpy");
MakeName(0x0022E924, "Memcpy");
MakeName(0x0006216B, "Memcpy_Generic");
MakeName(0x0022E92F, "Memcpy_Generic");
MakeName(0x000621D0, "__rt_udiv");
MakeName(0x00079F8C, "__rt_udiv");
MakeName(0x00062334, "strlen");
MakeName(0x0007A2C4, "strlen");
MakeName(0x00070DB2, "diag_sp");
MakeName(0x00062298, "strcmp");
MakeName(0x0007A1D8, "strcmp");
MakeName(0x0007A360, "strncpy");
MakeName(0x00072502, "diag_pkt");
MakeName(0x00062F00, "__rt_div0");
MakeName(0x0007D324, "__rt_div0");
MakeName(0x00062F10, "__32__rt_raise");
MakeName(0x0007F1F8, "__32__rt_raise");
MakeName(0x00ACC3A8, "rex_int_lock_32");
MakeName(0x00072330, "subsys_getid");
MakeName(0x0007A548, "vsprintf");
MakeName(0x00062004, "MemClr");
MakeName(0x0022E7C8, "MemClr");
MakeName(0x000725CC, "diag_subsystem");
MakeName(0x0006EC72, "diag_hdlr");
MakeName(0x000726D2, "diag_hdlr");
MakeName(0x00083D86, "diag_hdlr");
MakeName(0x00085432, "diag_hdlr");
}
What about it ?

@Tigrouzen, no segment found at 0x00079B70 etc
amss it's regular elf with a bunch of segments
Code:
Name : LOAD
Start : 0x001E7000
End : 0x001EE000
Length: 0x00007000
----------------------
Name : LOAD
Start : 0x001F0000
End : 0x001F1000
Length: 0x00001000
----------------------
Name : LOAD
Start : 0x001F2000
End : 0x005D8000
Length: 0x003E6000
----------------------
Name : LOAD
Start : 0x005D8000
End : 0x00CDB000
Length: 0x00703000
----------------------
Name : LOAD
Start : 0x00CDB000
End : 0x00D11000
Length: 0x00036000
----------------------
Name : LOAD
Start : 0x00D11000
End : 0x00DAF000
Length: 0x0009E000
----------------------
Name : LOAD
Start : 0x00DAF000
End : 0x00DB9000
Length: 0x0000A000
----------------------
Name : LOAD
Start : 0x00DB9000
End : 0x00E9B000
Length: 0x000E2000
----------------------
Name : LOAD
Start : 0x00E9C000
End : 0x01BF9000
Length: 0x00D5D000
----------------------
Name : LOAD
Start : 0x01BF9000
End : 0x01D05000
Length: 0x0010C000
----------------------
Name : LOAD
Start : 0x01FF0000
End : 0x01FF006C
Length: 0x0000006C
----------------------
Name : LOAD
Start : 0xB0000000
End : 0xB0010CE7
Length: 0x00010CE7
----------------------
Name : LOAD
Start : 0xB0040000
End : 0xB0057000
Length: 0x00017000
----------------------
Name : LOAD
Start : 0xB0100000
End : 0xB0107207
Length: 0x00007207
----------------------
Name : LOAD
Start : 0xB0140000
End : 0xB01401B8
Length: 0x000001B8
----------------------
Name : LOAD
Start : 0xB0200000
End : 0xB0208CF3
Length: 0x00008CF3
----------------------
Name : LOAD
Start : 0xB0240000
End : 0xB024028C
Length: 0x0000028C
----------------------
Name : LOAD
Start : 0xB0400000
End : 0xB040DBE8
Length: 0x0000DBE8
----------------------
Name : LOAD
Start : 0xB0600000
End : 0xB0602000
Length: 0x00002000
----------------------
Name : LOAD
Start : 0xB0602000
End : 0xB0604000
Length: 0x00002000
----------------------
Name : LOAD
Start : 0xF0000000
End : 0xF001F878
Length: 0x0001F878
----------------------
Name : LOAD
Start : 0xF0020000
End : 0xF0026000
Length: 0x00006000
load amss.bin with TriX, dump decoded stage (elf format) and analyze with disassembler (e.g. IDA)

Ok guys i extract certificate from Amss S8530 XEJL2, bootloader segments full info fsbl sbl...
Also i can dump complete NAND and find segment and algorith for RC1 too
This is appscompressed.bin algorythme
0x01ca7750 RIPEMD128+160+MD4
0x01ca7750 SEAL+MD4 key
appcomp hash :
SHA1 : EB55C6690ACAF40BB2F845313F58BFE9C3BC529D
SHA224 : AAC3E2B65CC9F33BB7EDDA3DEB541CA9E8919422CC179B4D2B49F39BAE008F00
SHA256 : 580D3DB21E41A9FE588AE544266040FABA8AF044E739971E77F2B1272323D0B6
SHA256-HTC : A44BC029D7F952750003D9695ED7B464E446D34EEF5BD9665487E4C2BF81F669
MD4 : B3BD8310FF2C4C05E2044FD491814792
MD5 : 7220779D1094C5F7789094DC75BA4E9E
CRC16 (0x1189) : F4EA
CRC30 (Block: 0x1000, Page: 0x200) : 0BD214AA
CRC30 (Block: 0x2000, Page: 0x400) : 0A28A17A
CRC32 (0xEDB88320) : 313F4EF2
CRC32 (0x04C11DB7) : 90B01704
CRC32 HTC (0xEDB88320) : B55B60A7
ECC Reed Solomon (parity 10) : 43702DA1FDAC4DB2023B
ECC BCH Micron 3 byte : 818144
ECC Hamming Toshiba (8 bit - 0x200 bytes) : C00FC3
ECC Hamming (8 bit - 0x200 bytes) : FF3CF3
ECC Hamming (16 bit - 0x200 bytes) : 3FCFFC
Amss algo :
0x0007fce0 CRC-16 norm
0x0007fee0 CRC-16 inv
0x0007f8e0 CRC-30
0x0007eb50 CRC30 Function
0x00b66194 CRC-32
0x00b66394 CRC32 Function
0x000800e0 CRC-32 Xilinx
0x0007eb58 CRC32 Xilinx Function
0x000800e4 CRC32 Xilinx Function
0x00c3c490 DES RAW Spbox
0x00c39381 RSA PKCS SHA1/RIPEND Digest
0x00c39390 MD2 S
0x00463548 SHA2 table
0x008fcc88 SHA2 table
0x00b6eb14 ZDeflate
0x0041a28c SHA1+MD4+MD5 init
0x008fcb08 SHA1+MD4+MD5 init
0x00c3d7f8 SHA1+MD4+MD5 init
0x0041a29c SHA1+MD4+MD5 key1
0x008fcb18 SHA1+MD4+MD5 key1
0x00c3d808 SHA1+MD4+MD5 key1
0x001a9844 SHA1+MD4+MD5 key2
0x0041ac1c SHA1+MD4+MD5 key2
0x008fcb1c SHA1+MD4+MD5 key2
0x001a9848 SHA1+MD4+MD5 key3
0x0041ac20 SHA1+MD4+MD5 key3
0x008fcb20 SHA1+MD4+MD5 key3
0x00463648 SHA2 init table
0x008fcd88 SHA2 init table
0x00c3d80c SHA2 init table
0x0046364c SHA2 init table
0x008fcd8c SHA2 init table
0x00c3d810 SHA2 init table
0x00419980 RIPEMD128+160+MD4
0x008fcaf8 RIPEMD128+160+MD4
0x00bdcca0 RIPEMD128+160+MD4
0x001a9844 MD5
0x0041ac1c MD5
0x008fcb1c MD5
0x00419980 SEAL+MD4 key
0x008fcaf8 SEAL+MD4 key
0x00bdcca0 SEAL+MD4 key
0x004fc7af HTC PUBLIC KEY
E9079DBB2452104990982132470BA20B7C795D1B4690B718B62FCD38D71D4E458FAF320374B89D5236C79BD57D2BA2D3508A4A605B0D48CB8CA5478BFE4D7D32AB0AE072BC367A9615F002D5023A617B422FEC1EF8DAD772D75E9C4F06EF624B864699A3F080D1B8E192B921D159852B2DC798F752B4F1FA529FF123D9963F73
0x00708134 Sober 128
0x00c3cd90 Sober 128 SBox
Possible algos little endian: 45
0x00315f6c AES te
Possible algos big endian: 1
Amss hash :
SHA1 : C59C5785E823E5E1CA9BE05DB6F55F8C8AC1BBA3
SHA224 : 5F50CED13C1204068E443919706B53D866271DAB1CFB5A9CB07A953CAE008F00
SHA256 : D86C7634FE07806D3B87701EC7F72F25DAAFAC7C40CA1D370C1ABA5840C091C0
SHA256-HTC : 120F70AECE78B8DCF69DCD79F020AB00AE17572123BA21274D6F6EE280774A09
MD4 : 7703DF5B1074392D4B91ECA23BAC9D92
MD5 : 22197F8AAD6A2CB4394E1B4E63EB843C
CRC16 (0x1189) : FAC5
CRC30 (Block: 0x1000, Page: 0x200) : 311AE4C7
CRC30 (Block: 0x2000, Page: 0x400) : 295DFC29
CRC32 (0xEDB88320) : 8DB21A34
CRC32 (0x04C11DB7) : 7B94B6A4
CRC32 HTC (0xEDB88320) : 08450BBC
ECC Reed Solomon (parity 10) : A04D69B134A126F3FD15
ECC BCH Micron 3 byte : 000000
ECC Hamming Toshiba (8 bit - 0x200 bytes) : FFFFFF
ECC Hamming (8 bit - 0x200 bytes) : FFFFFF
ECC Hamming (16 bit - 0x200 bytes) : FFFFFF
Amms certificat :
https://rapidshare.com/files/3061245812/1.cer

Well, the main idea was ..., to get some tools with which the amss.bin for bada v1.2 and v2 can be modified to work for the American/Australian version of the wave. Looks like there are some hardware differences and this file is containing information needed for the RF module.

Looks like there are some hardware differences and this file is containing information needed for the RF module
Click to expand...
Click to collapse
No idea if Hardware differences, but I'm pretty sure there are different Config/Calibration data...
Check out NV items... AMSS + NV items = Qualcomm related part...
http://www.samsunguniverse.com/forum/s8500-can-work-with-qualcomm-tools-t199.html
You could take an look on FCC documents for maybe Hardware check...
Best Regards

I think gambal refers to UMTS bands, Europe is different than in America.
UMTS bands in America are 850 - 1900
UMTS bands in Europe are 2100
bada 1.2 and above only works with Euro bands (these updates hasn't oficially released in America), so as we know the file "amss.bin" contains the parameters that define which bands to work, would be good to try to edit the information to compile a new "amss.bin" to work with American bands ..
Many Americans would be happy!

...would be good to try to edit the information to compile a new "amss.bin" to work with American bands ...
Click to expand...
Click to collapse
But you are really sure that not NV items differ?
Maybe easier to compare NV items...
Best Regards

You mean to compare amss NV items from a 1.0 American firmware and another 1.2 European firmware?
I was import to a .Qcn file a list of NV items of my mobile (bada 1.0 american), i will compare with another one of 1.2.
It's posible to create more NV items if is necesary?

sorry for double post.
i've compared NV items of my phone, first with a 1.0 american firmware then with a 1.2 European firmware..
EDIT: thought that there were no differences because the file size was identical, but looking more attentively i find some, i will continue researching,

You tried QPST or which Tool?
And are sure there are no differences?
I have 2x S8500... with QPST difference 10 NV items + one S8500 has 10 more
Content not checked... too lazy at this time.
Best Regards
Edit 1.
File Summary:
Phone Model: 19 [QSC6270/QSC6240], Configuration Name: default, Total NV Item Count: 305
Click to expand...
Click to collapse
File Summary:
Phone Model: 19 [QSC6270/QSC6240], Configuration Name: default, Total NV Item Count: 319
Click to expand...
Click to collapse
And these are only the "official" NV items... and not the hidden one...
Example...
Code:
NV item: [B]2608[/B] [NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I], index 0
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 0: 12 3d fc ff 9c 3c fc ff 26 3c fc ff b0 3b fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 1: 34 3b fc ff af 3a fc ff 2a 3a fc ff a6 39 fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 2: 22 39 fc ff 9f 38 fc ff 0c 38 fc ff 65 37 fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 3: be 36 fc ff 18 36 fc ff 73 35 fc ff ce 34 fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 4: 2a 34 fc ff 87 33 fc ff e5 32 fc ff 43 32 fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 5: a2 31 fc ff 01 31 fc ff 61 30 fc ff c2 2f fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 6: 23 2f fc ff 85 2e fc ff 85 2e fc ff 85 2e fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 7: 85 2e fc ff 85 2e fc ff 85 2e fc ff 85 2e fc ff

sorry for my english, I mean to say that i find some differences..
between 2 firmwares, I find 40 differents NV items using "RF NV items Manager" program.
Example:
European 1.2 Firm:
Code:
NV item: 5059 [NV_WCDMA_2100_TX_LIN_MASTER_0_ENH_I], index 0
NV item: 5061 [NV_WCDMA_900_TX_PDM_LIN_0_ENH_I], index 0
American 1.0 Firm:
Code:
NV item: 5064 [NV_WCDMA_1900_TX_PDM_LIN_0_ENH_I], index 0
NV item: 5060 [NV_WCDMA_800_TX_PDM_LIN_0_ENH_I], index 0
(it's look like these items manage the umts network)
This are 2 items of 40 that I find.. So, I imported all 40 1.0 American Firmware Nv Items to the 1.2 Euro Firmwared Phone, (using previous modified .QCN file) then, i restart the device, but nothing happen, still no find UMTS network... But i want believe that we are close to find the solution
If I use PSAS to Display the new added NV items, these appear as "inactive item" and those already on the phone appears lile "bad parameter"
not know what else I can try...

Even if NV items count is different. Dump of NV area will be always the same in size. Area in oneNAND reserved for NV data is constant, and in most it's just empty space, filled with zeros.

Is it possible to dump whole NV items list using QPST? Can you guys do that and send dumps to me?
If not please search for following NV items and send me values you get (if you get any)
Int id 556
Int id 5
Int id 7
Int id 1403
String id 254
String id 387
String id 388
String id 256
String id 197
I want to prove some theory just taken from Bada kernel and need few different values to compare. These should contain Timezone, Locale and SimBlock settings. (If these NV items are even available)
Please send me PMs with dumps if you get any. Thanks in advance.

Tell me when you are ready "amms.bin" to "bada 2.0" so I can put it on my phone. I'm from Argentina. Thank you very much!

Rebellos said:
Int id 556
Int id 5
Int id 7
Int id 1403
Click to expand...
Click to collapse
With "PSAS" display "Inactive Item", and with "RV NV item manager" i don't these id's..
@adfree
Hey, if I wrote in phone (with "RV NV item manager") some NV items, is not take any effect... does exist another step to "activate" these items or some? maybe in Stune have to add any parameter? or maybe the "QPST Service program" tool..
I have fear of breaking the handset really... I just wan't to calibrate the UMTS bands, need these:
WCDMA_II_PCS_1900
WCDMA_V_850

http://forum.xda-developers.com/showpost.php?p=12436452&postcount=1
Other way to access NV items.
Now you can backup with sTune for instance... folders:
Code:
[B]NV
nvm[/B]
EXTREME Caution!
Some IDs are protected... so you can maybe write/activate, but not easily remove change = brick...
Best Regards

a little question..
there is a firmware of S8530 which has bada 1.2 and 850/900/2100Mhz 3g bands capable... there are firmwares prepared for Brazil and Australia.
it's posible to flash that amss.bin in a S8500 with bada 1.2?
I tried this, but the bootloader says "error erase amms"

amss.bin in a S8500 with bada 1.2?
Click to expand...
Click to collapse
If I remember correct, then yes...
Maybe not all combinations...
BUT check Multiloader ... adresses are different...
So you have to edit...
Later more.
Maybe give Link to this S8530 Firmware, so I can take an look or try for you...
Best Regards

Help me to Unlock Huawei E5372s-32 Modem..

===================================================================
DC - Unlocker 2 Client 1.00.1361
Detecting modem :
selection :
manufacturer - Huawei modems
model - Auto detect (recommended)
Found Applications port COM3
Found modem : E5372
Model : Huawei E5372 / MegaFon MR100-3
IMEI : 864578010634715
Serial NR. : N7GBY14725005690
Firmware : 21.290.19.00.401
Compile date / time : Mar 05 2015 19:14:46
Hardware ver. : CL1E5372SM
Dashboard version : WEBUI_17.100.08.00.401
SIM Lock status : Locked (Card lock)
Wrong codes entered : 10 (unlock attempts left : 0)
===================================================================

Help needed in updating

Piles heup me update Android 11
Fur hp Huawei y9 prem piess heup me tolong sya update ka sistem hp sya ni
System
--------------------------------------------------------
Android Version : 10
Version Name : Q
Released Date : September 04, 2019
Code Name : Android 10
API Level : 29
Security Patch Level : 2020-08-01
Bootloader : unknown
Build Number : STK-L22 10.0.0.270(C636E4R6P1)
Baseband : 21C20B388S000C000,21C20B388S000C000
Java VM : 2.1.0
Kernel : 4.14.116
Language : Melayu (ms_MY)
OpenGL ES : 3.2
Root Management Apps : No Apps Detected
SELinux : Unable to determine
Google Play Services : 22.26.15 (100408-461192076)
Vulkan : Supported (1.1)
Treble : Supported
Seamless Updates : Not Supported

Huawei y9 prem said:
Piles heup me update Android 11
Fur hp Huawei y9 prem piess heup me tolong sya update ka sistem hp sya ni
System
--------------------------------------------------------
Android Version : 10
Version Name : Q
Released Date : September 04, 2019
Code Name : Android 10
API Level : 29
Security Patch Level : 2020-08-01
Bootloader : unknown
Build Number : STK-L22 10.0.0.270(C636E4R6P1)
Baseband : 21C20B388S000C000,21C20B388S000C000
Java VM : 2.1.0
Kernel : 4.14.116
Language : Melayu (ms_MY)
OpenGL ES : 3.2
Root Management Apps : No Apps Detected
SELinux : Unable to determine
Google Play Services : 22.26.15 (100408-461192076)
Vulkan : Supported (1.1)
Treble : Supported
Seamless Updates : Not Supported
Click to expand...
Click to collapse
Not an MTCx device. Search forums and contact reseller of device

Huawei y9 prem said:
Piles heup me update Android 11
Fur hp Huawei y9 prem piess heup me tolong sya update ka sistem hp sya ni
System
--------------------------------------------------------
Android Version : 10
Version Name : Q
Released Date : September 04, 2019
Code Name : Android 10
API Level : 29
Security Patch Level : 2020-08-01
Bootloader : unknown
Build Number : STK-L22 10.0.0.270(C636E4R6P1)
Baseband : 21C20B388S000C000,21C20B388S000C000
Java VM : 2.1.0
Kernel : 4.14.116
Language : Melayu (ms_MY)
OpenGL ES : 3.2
Root Management Apps : No Apps Detected
SELinux : Unable to determine
Google Play Services : 22.26.15 (100408-461192076)
Vulkan : Supported (1.1)
Treble : Supported
Seamless Updates : Not Supported
Click to expand...
Click to collapse
Additional to that: English please!

Huawei y9 prem said:
Piles heup me update Android 11
Fur hp Huawei y9 prem piess heup me tolong sya update ka sistem hp sya ni
System
--------------------------------------------------------
Android Version : 10
Version Name : Q
Released Date : September 04, 2019
Code Name : Android 10
API Level : 29
Security Patch Level : 2020-08-01
Bootloader : unknown
Build Number : STK-L22 10.0.0.270(C636E4R6P1)
Baseband : 21C20B388S000C000,21C20B388S000C000
Java VM : 2.1.0
Kernel : 4.14.116
Language : Melayu (ms_MY)
OpenGL ES : 3.2
Root Management Apps : No Apps Detected
SELinux : Unable to determine
Google Play Services : 22.26.15 (100408-461192076)
Vulkan : Supported (1.1)
Treble : Supported
Seamless Updates : Not Supported
Click to expand...
Click to collapse
hmmm.... Are you just kidding?
What you posted here is just a phone, not any sort of Android car stereo.
Your text is even not readable.
The attached device info shows clearly that we are talking about a phone. Tell the mods where you want to get moved to. As it is no radio, nothing to analyze here.