Develop Bugs

Possibility to execute download mode programmatically on Omnia 7?

Us T-Mobile users cannot flash Roms at the minute because the download mode button combo has been disabled.
Maybe there is a way to do this programatically or use a resistor accross certain USB pins like the Galaxy S method.
What's your opinion on this?
Sent from my OMNIA7 using Board Express

Yesterday I wasted some time playing around with the USB diagnostic port (enable in the Diagnosis app, it's the third USB mode option). Both PSAS and QPST can connect to and mess with the phone, so I think if someone knows his way around, the phone can be kicked into Download Mode.
(I only managed to crash the phone in many different ways, but I was really just monkeying around.)

If this can be done it would be great as this is the first phone I have owned where I cannot flash firmware myself.
Might be worth while seeing if everyone with a tmobile uk branded omnia 7 has this issue?
FYI I have included my firmware versions etc so we can try and collate a list of working/non working ones to see what the differences are if any.
os version 7.0.7004.0
firmware revision number 2424.10.10.6
hardware revision number 3.15.0.4
radio software version 2424.10.10.6
radio hardware version 0.0.0.800
bootloader version 4.10.1.9
chip soc version 0.36.2.0

KarmaXXK said:
Yesterday I wasted some time playing around with the USB diagnostic port (enable in the Diagnosis app, it's the third USB mode option). Both PSAS and QPST can connect to and mess with the phone, so I think if someone knows his way around, the phone can be kicked into Download Mode.
(I only managed to crash the phone in many different ways, but I was really just monkeying around.)
Click to expand...
Click to collapse
Yes, I tried the *#7284# code and changed the USB Path Control to "Modem, USB Diag" and my phone was recognised by the ROM Downloader but the phone was not in download mode.
I have stumbled upon something which may be what we are looking for though, after reverse engineering the Samsung Diagnosis app I notice there are codes to access 'Operator Specific' Admin areas in the app. Take a look at the attached image.
Now as you can see, the values listed cannot be typed into the Diagnosis app as there is a formula to decipher them. I have the formula but cannot get it to work.
Code:
Private Overloads Function GetHashCode(ByVal str As String) As UInteger
Dim num As UInteger = 0
For i As Integer = 0 To str.Length - 1
[B]num = ((num << 5) + num) + str(i)[/B]
Next
Return num
End Function
Now the bit highlighted in bold is the bit I cant get to work.
It gives the following error:
Operator '+' is not defined for types 'UInteger' and 'Char'.
Once someone can help to get this working, reversing the formula should in theory show us the correct *#000# code combination for each area.

Fingers crossed you can crack it!

lyriquidperfection said:
Yes, I tried the *#7284# code and changed the USB Path Control to "Modem, USB Diag" and my phone was recognised by the ROM Downloader but the phone was not in download mode.
I have stumbled upon something which may be what we are looking for though, after reverse engineering the Samsung Diagnosis app I notice there are codes to access 'Operator Specific' Admin areas in the app. Take a look at the attached image.
Now as you can see, the values listed cannot be typed into the Diagnosis app as there is a formula to decipher them. I have the formula but cannot get it to work.
Code:
Private Overloads Function GetHashCode(ByVal str As String) As UInteger
Dim num As UInteger = 0
For i As Integer = 0 To str.Length - 1
[B]num = ((num << 5) + num) + str(i)[/B]
Next
Return num
End Function
Now the bit highlighted in bold is the bit I cant get to work.
It gives the following error:
Operator '+' is not defined for types 'UInteger' and 'Char'.
Once someone can help to get this working, reversing the formula should in theory show us the correct *#000# code combination for each area.
Click to expand...
Click to collapse
I worked on this few days ago, I couldn't reverse the hash function but we had some brilliant ideas how to do it (see the stackoverflow thread about it http://stackoverflow.com/questions/4523553/reversing-a-hash-function)
but I used brute force and extracted some 60 diagnosis codes that you can find here http://www.martani.net/2010/12/windows-7-hacks-all-diagnosis-codes-you.html
and here http://www.martani.net/2010/12/windows-7-hacks-all-diagnosis-codes-you_26.html

This is great stuff martani if there is any way to decipher these ones, they may be worth looking at:
g_ADMIN_GENERIC = 3370684588
g_ADMIN_TMOBILE = 469486183
g_ADMIN_VODAFONE = 474092301
These ones indeed look very interesting and may offer a way to enable ADC or even the Download Mode some people like me have been looking for.

lyriquidperfection said:
This is great stuff martani if there is any way to decipher these ones, they may be worth looking at:
g_ADMIN_GENERIC = 3370684588
g_ADMIN_TMOBILE = 469486183
g_ADMIN_VODAFONE = 474092301
These ones indeed look very interesting and may offer a way to enable ADC or even the Download Mode some people like me have been looking for.
Click to expand...
Click to collapse
Actually the code is a little misleading, if you see closely, the enum HashCodeTable is used nowhere.
The app waits for user input, after each "tap" on a number it calls the function ParseDial() that hashes the input with GetHashCode then calls the function GetEnumFromList() on this hashed value.
In GetEnumFromList, there is no use of HashCodeTable and even the codes you provided are not hard-coded in this function. I am not sure why they are there but as far as I can tell, to access these parts of the diagnosis app, you need another method than dialing a code it seems

martani said:
Actually the code is a little misleading, if you see closely, the enum HashCodeTable is used nowhere.
The app waits for user input, after each "tap" on a number it calls the function ParseDial() that hashes the input with GetHashCode then calls the function GetEnumFromList() on this hashed value.
In GetEnumFromList, there is no use of HashCodeTable and even the codes you provided are not hard-coded in this function. I am not sure why they are there but as far as I can tell, to access these parts of the diagnosis app, you need another method than dialing a code it seems
Click to expand...
Click to collapse
Damn it! Looks like we are back to square one!
Have you seen also on the Samsung Galaxy S the Download mode is disabled on some devices, but some users made a jig where you bridge 2 pins with a certain resistor and it knocks the phone into download mode. Maybe this would work on the Omnia 7 also????

I am hoping for a software based fix rather than hacking together something.

**ALL** diagnostic codes for SAMSUNG devices
I reverse engineered the Diagnostic Menu Application. It contains a list of configuration "Titles" with corresponding hash-codes. I made a tool to reverse the hash-codes to dial-codes. The dial-codes may not be the same as some codes that were already known, but the dial-codes are absolutely correct for these menu. Differences are due to hash-collisions (same hash-code may have multiple possible dial-codes). I just used the shortest dial-codes for every menu.
The list of menu's is very long and I discovered that not all menu-codes were not actually implemented. I guess this list of codes is used for all Samsung devices (possibly also for Galaxy S and older Windows Mobile devices). So not all dial-codes may actually work on your device.
WARNING!! The menu's can configure low-level settings of your phone. And if you don't know what you're doing you may brick your device or maybe hard-reset the device and loose all your data and settings. Or you may faulty calibrate your sensors. Be very, very careful with experimenting!! I will not take any responsibility for damaging your device in any way.
I would personally be very interested if anyone finds a way to get the device in download-mode by using these menu's (I have a bad bootloader which does not let my Samsung Omnia 7 go into download-mode to flash it to a newer firmware).
By the way: the admin menu's are NOT implemented on the Omnia 7 :-(
This is the list with menu-titles, dial-codes and their hashcode:
Code:
FTAMain = 15 (0x686)
QUALCOMM TEST = *09# (0x17DB96)
TMOServiceMenu = *74*# (0x31710C2)
SMDINFO = *#03# (0x30C0953)
SIMPLE FUNCTION TEST = *#05# (0x30C0995)
IMEI NUMBER = *#06# (0x30C09B6)
VIEWHISTORYNW = *#07# (0x30C09D7)
LCDTEST = *#0*# (0x30C082A)
QWERTYTEST = *#1*# (0x30C0C6B)
BATT TEST = *#2*# (0x30C10AC)
BRIGHTNESS TEST = *#3*# (0x30C14ED)
TouchDelta 80 = *#80# (0x30C2AF8)
LIGHTTEST = *#12*# (0x648DBCDD)
BTLOGDUMP = *#232# (0x648E4E87)
WIFI FACTORY TEST = *#526# (0x648FEFED)
RILNETLOG = *#638# (0x649080D1)
RILDUMP = *#745# (0x64911110)
VPHONE770 = *#770# (0x64911D2E)
VPHONE771 = *#771# (0x64911D4F)
VPHONE772 = *#772# (0x64911D70)
VPHONE773 = *#773# (0x64911D91)
VPHONE774 = *#774# (0x64911DB2)
VPHONE775 = *#775# (0x64911DD3)
VPHONE776 = *#776# (0x64911DF4)
VPHONE777 = *#777# (0x64911E15)
VPHONE778 = *#778# (0x64911E36)
VPHONE779 = *#779# (0x64911E57)
SR TEST = *#780# (0x6491216F)
VT DUMP = *#938# (0x649225F4)
Disable Testbed = #12358# (0xFC28BE89)
Enable Testbed = *12358# (0x170067D0)
DEBUGMODE1 = *#0011# (0xF63246F2)
BATTERYINFO = *#0228# (0xF63364DC)
PHONELOOPBACKTEST = *#0283# (0xF6337DBD)
AUDIOTEST2 = *#0289# (0xF6337E83)
FMRADIORX = *#0368# (0xF6340241)
LIGHTSENSORTEST = *#0589# (0xF63523A6)
RRCVERSION = *#0599# (0xF63527E7)
AUDIOTEST = *#0673# (0xF635AB00)
SOUNDTEST = *#0675# (0xF635AB42)
RTC = *#0782# (0xF6363B81)
DEVICETEST = *#0842# (0xF636B6DE)
ILLUMINATIONTEST = *#0843# (0xF636B6FF)
MultiTouch = *#0987# (0xF63754E8)
SWversionFTA = *#1111# (0xF644EBD4)
MOUSETEST = *#121*# (0xF645774E)
SWversionEx = *#1234# (0xF645811A)
MOUSECAL = *#123*# (0xF6457FD0)
MOUSECAL06 = *#126*# (0xF6458C93)
GPSTEST = *#1575# (0xF6473762)
MICROUSB TEST = *#1793# (0xF6485864)
HWversionFTA = *#2222# (0xF6579518)
BANDSELECTION = *#2263# (0xF657A63D)
PHONEDUMP = *#2454# (0xF658BADF)
CAMERAUPDATE = *#2470# (0xF658C2DD)
CAMERADISABLE = *#2480# (0xF658C71E)
NAVIKEY TEST = *#2486# (0xF658C7E4)
INTEGRITY = *#2580# (0xF659537F)
TouchFirmare 2663 = *#2663# (0xF659D7C1)
TouchDelta 2664 = *#2664# (0xF659D7E2)
TouchDelta 2665 = *#2665# (0xF659D803)
RILNETLOG OFF = *#6380# (0xF6A09CC1)
RILNETLOG ON = *#6381# (0xF6A09CE2)
NETLOCK NETWORK = *#6955# (0xF6A3DAE9)
USBPATHCHANGE = *#7284# (0xF6B22965)
POWERONATTACH = *#7298# (0xF6B22E2A)
SELF DIAGNOSTIC MODE = *#7353# (0xF6B2A8E2)
DebugOption = *#7450# (0xF6B334E0)
ERROR REPORT ON = *#7451# (0xF6B33501)
ERROR REPORT VERIFY = *#7452# (0xF6B33522)
NETLOCK SERVICE = *#7755# (0xF6B4DAA8)
VPHONE DISABLED = *#77*0# (0xF6B4AB38)
VPHONE ENABLED = *#77*1# (0xF6B4AB59)
UARTCHANGER = *#9090# (0xF6D54562)
DEBUGDUMP = *#9900# (0xF6DA0E82)
PILEDUMP = *#9901# (0xF6DA0EA3)
NETLOG LOG START = *#9905# (0xF6DA0F27)
DEBUG RIL DUMP = *#9906# (0xF6DA0F48)
ERRORREPCAB INSTALL = *#9907# (0xF6DA0F69)
GUMITEST3G CAB INSTALL = *#9908# (0xF6DA0F8A)
SUWON3G CAB INSTALL = *#9909# (0xF6DA0FAB)
UARTPATH = *#9910# (0xF6DA12C3)
BATTERYMONITOR = *#9911# (0xF6DA12E4)
CONNECTION SETTING = *#9920# (0xF6DA1704)
VERIFYCOMPARE = *#9990# (0xF6DA34CB)
YSSHINTEST = *#9999# (0xF6DA35F4)
VersionScript = 19104#2* (0xD21FC43E)
BLUETOOTH LOG DISABLE = 20652609 (0x1598F3DE)
BLUETOOTH LOG ENABLE = 20652619 (0x1598F3FF)
BT SSPDEbugModeEnable = 20652629 (0x1598F420)
BT SSPDEbugModeDisable = 20652639 (0x1598F441)
OMADMCLIENT LOG DISABLE = 20653609 (0x1599803F)
OMADMCLIENT LOG ENABLE = 20653619 (0x15998060)
CELOG LOG DISABLE = 20654609 (0x159A0CA0)
CELOG LOG ENABLE = 20654619 (0x159A0CC1)
TOTALCALLTIME = 2934331* (0xC35403F3)
RESET CUSTOM = 35180948 (0x77496B66)
RESET FACTORY = 35190718 (0x775B7B02)
ERASE IMEIITEM = 35190728 (0x775B7B23)
IMEI ADJUST = 35190738 (0x775B7B44)
BLUETOOTH RF TEST = 3##65*88 (0xECE73A9E)
BLUETOOTH AUDIO TEST = 3##65*98 (0xECE73ABF)
AutoSimSetting = 40*047#3 (0xD1C556DF)
PVKKey = 40*549#3 (0xD21FD9E6)
RESET FACTORY WITHDEFAULTLANGUAGE = 76264513 (0x777E1362)
NONSLEEPCALL OFF = *#069*0# (0xBCEBFF49)
NONSLEEPCALL ON = *#069*1# (0xBCEBFF6A)
LEDTEST = *#14789# (0xBF1C1ADD)
DMSessionInit = *#15428# (0xBF2C7494)
CIPHERING = *#32489# (0xC3A095FA)
CAMERAUPDATESVC = *#32589# (0xC3A1225B)
LOGDUMPMGR = *#33284# (0xC3B19514)
SR DISABLED = *#780*0# (0xCD5F5D49)
SR ENABLED = *#780*1# (0xCD5F5D6A)
NETLOCK SUBSET = *#78255# (0xCD60A57B)
LAUNCH UAEDIT = *#92782# (0xD1A12DFC)
PdaBuildTime = *#99820# (0xD2204C1C)
VersionTime = *#99821# (0xD2204C3D)
WIFI TEST = 0373385#6 (0xECE73BA6)
EN LOCK NW = 074578132 (0xBBF27D35)
GCFTESTMODE ENTER = 086#58023 (0x1807BAE3)
FILE SYSTEM TEST = 089559715 (0x28F3F681)
AUDIOGAINCONTROL = 08#766104 (0x902D68E3)
DIS LOCK SUB NW = 17#991#3* (0x1D45A6AE)
PVKFileName = 18*357#25 (0x161B193C)
EN LOCK SUB NW = 193582504 (0xBC073A15)
GPSTESTTOOL = 1#8865#55 (0xF61EC09C)
EN LOCK CORP = 1*0273411 (0xF62C007D)
EN LOCK SVC = 1*0278411 (0xF62EBE62)
DIS LOCK NW = 20789802* (0x1D30E9CE)
SellOutSMS = 2615#0922 (0xD04CA8DE)
TFlashUnPairing = 30334*733 (0x51B892C4)
DIS LOCK SVC = 38025*93# (0xCA957BDB)
GPSTESTTOOL2 = 400#40*08 (0xB9F6D60D)
GPSTESTXTRA = 400#40*18 (0xB9F6D62E)
SerialNumber = 5317*0648 (0x6E256D8C)
EN LOCK SIM = 5494585*3 (0xBC051995)
SERVERURL = 553378683 (0xD8389060)
SLIDECOUNT = 584644021 (0xF0BF3052)
SellOutSMSTestMode = 597#*224# (0x96E7B26D)
APPSLAUNCHER = 5**6244*3 (0x33B0B76)
SLOGSERIAL M2 = 66#6757#1 (0x7050E07C)
AutoReceive Enable = 7160*5088 (0xEF2C5E0D)
TESTMODE = 718071#49 (0x8A09ACC8)
RESET SERVICE = 72673#00# (0xEC5B4BEF)
ReactivateSellOutSMS = 74201#086 (0x807DB65F)
AUDIOCODEC = 7#16#1#37 (0x902D68C2)
ADMIN GENERIC = 838*5448* (0xC8E890AC)
SLOGSERIAL ALL ON = 8644*3081 (0x705107AC)
VT MANUALSETTING = 8802*7*5# (0x104384B5)
DISLOCK SIM = 98217*243 (0x1D43862E)
DMTESTMENU = 9#7357764 (0x414D9633)
SLOGSERIAL ALL OFF = #22#6214# (0x7050E03A)
SLOGSERIAL M1 = #22#6215# (0x7050E05B)
SLOGSERIAL M3 = #22#6217# (0x7050E09D)
SLOGSERIAL M4 = #22#6218# (0x7050E0BE)
SLOGSERIAL M5 = #22#6219# (0x7050E0DF)
ADMIN VODAFONE = #75471648 (0x1C42130D)
DisableSellOutSMS = *4587*676 (0x903477AF)
BLUETOOTH SEARCH TEST = *#232333# (0xECE73AE0)
RANDOM BT MAC = *#232336# (0xECE73B43)
BLUETOOTH MAC VIEWER = *#232337# (0xECE73B64)
WIFI MAC VIEWER = *#232338# (0xECE73B85)
PRECONFIGURATION = *#638738# (0x213EF313)
SELF DIAGNOSTIC MODE DISABLE = *#7353*0# (0x6E008D7C)
SLOGSERIAL M6 = *#745*06# (0x7050E100)
DIS LOCK CORP = 00*2*2#524 (0xCA92BDF6)
ADMIN TMOBILE = 0612824763 (0x1BFBCA67)
AutoReceive Disable = 09925572#3 (0xD4B8217D)
SWversionIn = 1309653522 (0xECB23FC4)
GPSTTFFTESTTOOL = 154*068271 (0xF61EBC7C)
SellOutSMSProductionMode = 1#3341#5#0 (0x96D7C68A)
LOCK STATUS INFO = 28##**23*0 (0x7D8C72E3)
SWversionNewIn = 32456464#7 (0xFD58D7FC)

Heathcliff74 said:
I reverse engineered the Diagnostic Menu Application. It contains a list of configuration "Titles" with corresponding hash-codes. I made a tool to reverse the hash-codes to dial-codes. The dial-codes may not be the same as some codes that were already known, but the dial-codes are absolutely correct for these menu. Differences are due to hash-collisions (same hash-code may have multiple possible dial-codes). I just used the shortest dial-codes for every menu.
Click to expand...
Click to collapse
Can you share how did you reverse the hash function? I worked on this some time ago but finally just brute forced it to extract the keys.

I would also like to know how he reversed the hash codes! I tried for hours and had no luck!

Haha.. Well, I first tried to calculate the original dial-codes, but that seems to work only for dialcodes shorter than 8 digits (5 bits per digit, 32 bits hash-code = 32 / 5 = 7 digits + 1 digit for the extra add):
Code:
uint hash = 0; // enter hash here
string DialCode = "";
while (hash > 0)
{
uint digit = (hash % 33) + 33;
if (digit > hash)
hash = 0;
else
hash = (hash - digit) / 33;
DialCode = Convert.ToChar(digit) + DialCode;
}
return DialCode;
But this does not work for long dial-codes. So after that I just made a little program to brute-force it. I copied the enum with menu-titles and hash-codes to my project. Then I used reflection to populate a sortedlist. Then I started to brute-force and check all dialcodes for their hashcode and see if it exists in the list. If it exists, I add it to a textbox and remove the item from the list. That's it. So it is not really reversed, but my program took about an hour to get dial-codes for all the hashcodes in the enum.
Code:
SortedList<uint, string> hashCodes = new SortedList<uint, string>();
int l = typeof(HashCodeTable).GetEnumNames().Length;
string[] menunames = typeof(HashCodeTable).GetEnumNames();
for (int i = 0; i < l; i++)
{
try
{
hashCodes.Add(Convert.ToUInt32(Enum.Parse(typeof(HashCodeTable), menunames[i])), menunames[i].Substring(2).Replace('_', ' '));
}
catch { }
}
char[] chars = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '#', '*' };
for (int length = 1; length <= 20; length++)
{
ushort[] digits = new ushort[length];
for (int i = 0; i < length; i++) digits[i] = 0;
while (true)
{
// calc hash
uint hashCode = 0;
for (int i = 0; i < length; i++)
{
hashCode = ((hashCode << 5) + hashCode) + chars[digits[i]];
}
if (hashCodes.ContainsKey(hashCode))
{
int m = hashCodes.IndexOfKey(hashCode);
string str = "";
for (int j = 0; j < length; j++)
str = str + chars[digits[j]];
textBox1.Text = textBox1.Text + hashCodes.Values[m] + " = " + str + " (0x" + hashCode.ToString("X") + ")" + Environment.NewLine;
hashCodes.RemoveAt(m);
}
// increase
digits[length - 1]++;
for (int k = length - 1; k >= 0; k--)
{
if (digits[k] >= 12)
{
if (k == 0)
break;
else
{
digits[k] -= 12;
digits[k - 1]++;
}
}
}
if ((digits[0] >= 12) || (hashCodes.Count == 0)) break;
}
if (hashCodes.Count == 0) break;
}

Excellent stuff! Thank you for this very interesting code snippit!

WP7 diag codes
martani said:
Actually the code is a little misleading, if you see closely, the enum HashCodeTable is used nowhere.
Click to expand...
Click to collapse
This is because the compiler optimized out the switch statement and compiled the constants into the IL code for the hash codes.
Within the main switch statement where keypad entries are evaluated there are ~112 codes and I've reversed all of them. Writing hash algorithms is not straightforward and it's quite a simple one, since my app captured 2-3-4 variants of keycodes for the same hash value.
Regarding the most interesting entries at the top of the enum the ADMIN_ entries...those hash values are not handled by the application, maybe Samsung has another diag app or a different app which is using the same method.
The other thing I can think of is there are APIs in the diag app which one is sending the hash of a keycode to the given driver...I tried that but the ADMIN stuff did not worked that way either :-((
If anyone is interested I can post the resolved codes, but not sure if I can post it in the forum or not ;-)

Regsitry entry to enable SLDR mode
I found this definition in B44C7A84-5068-4b43-A1E5-F870A80F6FF8.rgu:
[HKEY_LOCAL_MACHINE\Drivers\BuiltIn\UsbFn]
...
"OsMode"=dword:0 ; 0 for Main OS, 1 for SLDR
....
Is the download mode == SLDR mode?
Since maybe we can set this entry "somehow", and upon next reboot we will get into download mode so we can flash the device?
So the question is, what is SLDR mode? Secure Loader mode? I don't know this, a more pro in this area should help out ;-)
UPDATE
I was able to read the value (0) and write it back (0). Did not tried to write 1 there

Hey guys. I know this thread is about programmatically enter downloadmode, but I wanted to try the 301k resistor trick and I can confirm it works on Samsung Omnia 7.
I used this guide. If you're gonna do that too, then you should pay attention to these things:
- The guide refers to pin 4 and 5 being closest to the headphone socket. But on the omnia 7, the headphone and micro-usb sockets are the other way around if you compare it to the Galaxy S. The guide is for the Galaxy S, so you should really pay attention to which pins you solder the resistor(s). This is the best picture on how you should solder the resistor(s).
- Many micro-usb cables have no wire for pin 4. Some connectors don't even have a pin 4. You should first verify that your connector has all 5 pins. If you only have 4 wires, then you have to dismantle the connector and solder directly on the back of the connector.
I switched off my Omnia 7. I plugged in my jig and it went to downloadmode immediately.
It's late now, so I will see tomorrow what I will be going to flash on it. There quite a few roms and I'm not sure which one I should use. I have to figure that out first.
If anyone has questions about how to make a jig, just ask. I know how to make one now.

You should post pictures, how to make such a cable. Thanks

FromOuterSpace said:
You should post pictures, how to make such a cable. Thanks
Click to expand...
Click to collapse
The picture I linked to in my previous post look pretty clear to me. It shows what pins you have to use. The guide I linked to contain all the other necessary details. If you have any specific questions about something that is still not clear, you can ask me.

Tools for Logging processes, like WinComm, Portmon, QXDM...

Nice and easy Tool:
http://www.softsea.com/review/Portmon.html
Maybe someone saw/know the yellow Message "UPLOAD data to pc"...
How to catch Data if "Bluescreen" comes and "UPLOAD data to pc" message appears?
It seems this nuke my Portmon...
Any suggestions please?
Maybe I'm blind or these are not stored in Debug folder...
Best Regards
Edit 1.
Changed title.

If you have a Windows XP machine left, try this to watch the serial port:
ups, i can't post links here. Google for serialmon dot com .....
It's output is a little easier to use than portmons. In general, using a serial port monitor to watch the communication between wave and pc, seems to be very unstable business.

Now I'm closer...
Taken info from Samsung GT-S8500L Wave Training Manual SW.ppt...
If someone needs the Settings to attach handset correct, ask me... in this Thread.
Best Regards

Could you post the settings, found this earlier, but couldn't do anything with it.
Thanks

I'll try to describe "short" steps.
1.
You have to be sure that Debug Level Middle is on. Please read here:
http://forum.xda-developers.com/showpost.php?p=10616930&postcount=3
Level Mode High shows more events...
2.
If you have access to Internal menu:
*#7092463*#
Maybe set to High or go to Debug Settings... described in ...Manual SW.ppt...
site 15
3.
Start WinComm and now check site 16 on *.ppt manual. All settings are on Picture.
4.
On handset I have choose Debug Mode instead Kies... this thingie if you plug cable into Wave... maybe go to Settings and set to ask by connection instead Kies
5.
Be sure you choose the "second" Port. Now Wave have 2 COM Ports activated.
Second one is for incoming Data.
Hope this helps an little bit.
If problems ask again.
Then I'll try to make some Screenshots or maybe some other hints...
Best Regards

Ehm have you found that Wincomm2010.exe
Click to expand...
Click to collapse
2010 no, but 2009 like in this Picture is attached.
WinComm2009.zip
Best Regards

Handset
Under Settings->Connectivity->USB->Ask on connection
To have chance to set USB Debugging
Wincomm
I will try later maybe Open or Close for connect to the port.
Important is to choose second COM Port...
Also important to activate UE Awake in settings like on Picture.
As it seems initial AT command is mandatory AT+WINCOMM...
Best Regards
P.S.:
I'm using XP 32 Bit... no other OS tested by me.

so now you can upload fw files from the phone or what???

so now you can upload fw files from the phone or what???
Click to expand...
Click to collapse
Now you could see internal process like Key press, which files involved... etc...
Many high technical stuff. But this could help to understand more.
For me it is very usefull.
I will soon attach few Log examples... maybe then more clear.
Best Regards

i don't suppose that anything can be done if *#7092463*#
doesn't get me a menu?

http://forum.xda-developers.com/showpost.php?p=12798896&postcount=5
Please read deeper this post and follow Links.
As Internal menu is disabled if you flashed ever Rsrc2_S8500_xxx(Low).rc2
Or if you not use Multiloader, then Kies did for you.
This is internal stuff, you have to "unlock" few things before... so read my instruction prior posted.
Please. This is more for advanced users. This is NO must have for all users.
At your own risk.
Best Regards

It seems also good idea to set Trace Level to High... in Internal Menu.
Best Regards
Edit 1:
Seems difference between Firmwareversions...
On JE7 I can see logging if handset is "off" if battery charge Animation is on.
Then if you press ON you can see parts of Booting sequence...
On JL2 I see first something, if Wave is fully on...
Maybe in higher Build some things disabled/removed...

Code:
3539 2255.054 [B]KEY_EVENT_SIG[/B]: [B]Keycode[/B] = 0x8f, STATUS = 0x0.
3540 2255.054 [LCD C]: INFO - FIMD_Drv_Resume()
3541 2255.054 S6E63M0 : LDI_Pentile_Set_Change Pentile_Value =6c
3542 2255.054 S6E63M0 : LDI_PortInit +
6217 2255.055 P00.T11.D001.G-1.E-01:0000 EXCEPTION > [CPLog]: Sub 0014 2263.372 -1: BOOTMGR > _BmPacketReceiveCallback: Boot command is [0x6]
6218 2255.055 P00.T11.D001.G-1.E-01:0000 EXCEPTION > [CPLog]: Sub 0015 2263.372 -1: EXCEPTION > OemTapiNetworkRadioInfoInd: RSSI refresh as AP's awaken
6219 2255.056 P00.T11.D001.G-1.E-01:0000 EXCEPTION > [CPLog]: Sub 0016 2263.372 -1: EXCEPTION > OemTapiNetworkCellInfoInd: Refresh cell Info as AP's awaken
6220 2255.063 P00.T10.D103.G22.E054:B25B EXCEPTION > SmsSvcRegGetSellOutToBeSent: bToBeSent = [0].
6221 2255.069 P00.T10.D103.G22.E054:B269 EXCEPTION > SmsTapiEventHandler: unknown tapi event type.
[B]3543 2255.085 S6E63M0 : LDI_PortInit -
3544 2255.085 S6E63M0 : LDI_S6E63M0_Power_On +
3545 2255.095 S6E63M0 : LDI_S6E63M0_Power_On [hwrev > [COLOR="Red"]S8200[/COLOR]_UNIV_B7]
3546 2255.095 S6E63M0 : LDI_Pentile_Set_Change Pentile_Value =6c
3547 2255.219 S6E63M0 : LDI_S6E63M0_Power_On -
3548 2255.219 Display_LSI : disp_Main_Wakeup [/B]
3549 2255.219 [TSP] reset acq atchcalst=0, atchcalsthr=0
3550 2255.220 [TSP] clear garbage data : Success!! [read 0 times]
3551 2255.220 [TSP] TSP Wakeup...........!
I was wondering why S8200... but now its more clear.
http://forum.xda-developers.com/showpost.php?p=12797112&postcount=249
What we can do...
Collect Key Events...
Monitoring processes like start JAVA Midlets...
Then we can see infos about Heap size...
Code:
9301 433.174 P00.T10.D094.G52.E103:2D83 EXCEPTION > KJxMemoryAvailable: [B]available memory heap[/B] size is 131268608
9302 433.178 P00.T10.D300.G52.E103:2D83 EXCEPTION > KJxSvcIsFileSystemValid: return TRUE!
9303 433.178 P00.T10.D300.G52.E103:2D83 EXCEPTION > KJavaGetMidletAttributeBySuiteID suiteID = 5 is not found
9304 433.179 P00.T10.D094.G52.E103:2D83 EXCEPTION > KJxSvcIsMemoryFull fmQuotaStat.availableSize(943128576), APP_MEMORY_STATUS_MX_MEMORY_FULL_LIMIT(0)
9305 433.180 P00.T10.D094.G52.E103:2D83 EXCEPTION > KJxSvcIsMemoryFull KJx execute limit size = 16384
9306 433.180 P00.T10.D300.G52.E103:2D83 EXCEPTION > KJxSvcIsFileSystemValid: return TRUE!
Many more things...
Best Regards

adfree said:
Code:
3539 2255.054 [B]KEY_EVENT_SIG[/B]: [B]Keycode[/B] = 0x8f, STATUS = 0x0.
3540 2255.054 [LCD C]: INFO - FIMD_Drv_Resume()
3541 2255.054 S6E63M0 : LDI_Pentile_Set_Change Pentile_Value =6c
3542 2255.054 S6E63M0 : LDI_PortInit +
6217 2255.055 P00.T11.D001.G-1.E-01:0000 EXCEPTION > [CPLog]: Sub 0014 2263.372 -1: BOOTMGR > _BmPacketReceiveCallback: Boot command is [0x6]
6218 2255.055 P00.T11.D001.G-1.E-01:0000 EXCEPTION > [CPLog]: Sub 0015 2263.372 -1: EXCEPTION > OemTapiNetworkRadioInfoInd: RSSI refresh as AP's awaken
6219 2255.056 P00.T11.D001.G-1.E-01:0000 EXCEPTION > [CPLog]: Sub 0016 2263.372 -1: EXCEPTION > OemTapiNetworkCellInfoInd: Refresh cell Info as AP's awaken
6220 2255.063 P00.T10.D103.G22.E054:B25B EXCEPTION > SmsSvcRegGetSellOutToBeSent: bToBeSent = [0].
6221 2255.069 P00.T10.D103.G22.E054:B269 EXCEPTION > SmsTapiEventHandler: unknown tapi event type.
[B]3543 2255.085 S6E63M0 : LDI_PortInit -
3544 2255.085 S6E63M0 : LDI_S6E63M0_Power_On +
3545 2255.095 S6E63M0 : LDI_S6E63M0_Power_On [hwrev > [COLOR="Red"]S8200[/COLOR]_UNIV_B7]
3546 2255.095 S6E63M0 : LDI_Pentile_Set_Change Pentile_Value =6c
3547 2255.219 S6E63M0 : LDI_S6E63M0_Power_On -
3548 2255.219 Display_LSI : disp_Main_Wakeup [/B]
3549 2255.219 [TSP] reset acq atchcalst=0, atchcalsthr=0
3550 2255.220 [TSP] clear garbage data : Success!! [read 0 times]
3551 2255.220 [TSP] TSP Wakeup...........!
I was wondering why S8200... but now its more clear.
http://forum.xda-developers.com/showpost.php?p=12797112&postcount=249
What we can do...
Collect Key Events...
Monitoring processes like start JAVA Midlets...
Then we can see infos about Heap size...
Code:
9301 433.174 P00.T10.D094.G52.E103:2D83 EXCEPTION > KJxMemoryAvailable: [B]available memory heap[/B] size is 131268608
9302 433.178 P00.T10.D300.G52.E103:2D83 EXCEPTION > KJxSvcIsFileSystemValid: return TRUE!
9303 433.178 P00.T10.D300.G52.E103:2D83 EXCEPTION > KJavaGetMidletAttributeBySuiteID suiteID = 5 is not found
9304 433.179 P00.T10.D094.G52.E103:2D83 EXCEPTION > KJxSvcIsMemoryFull fmQuotaStat.availableSize(943128576), APP_MEMORY_STATUS_MX_MEMORY_FULL_LIMIT(0)
9305 433.180 P00.T10.D094.G52.E103:2D83 EXCEPTION > KJxSvcIsMemoryFull KJx execute limit size = 16384
9306 433.180 P00.T10.D300.G52.E103:2D83 EXCEPTION > KJxSvcIsFileSystemValid: return TRUE!
Many more things...
Best Regards
Click to expand...
Click to collapse
Heap size can already be changed by accesing the jwc_properties.ini in the AppEx and the User>Exe folder.

astrotom said:
Heap size can already be changed by accesing the jwc_properties.ini in the AppEx and the User>Exe folder.
Click to expand...
Click to collapse
can you recommend a value for it??
give an example for the change??
thanks in advance

mylove90 said:
can you recommend a value for it??
give an example for the change??
thanks in advance
Click to expand...
Click to collapse
There are three jwc_properties.ini files. 1st one in Appex>SysDefault>Java>jwc_properties.ini, 2nd one in Exe>Java>jwc_properties.ini and 3rd one in SystemFS>User>Exe>Java>jwc_properties.ini. Use trix, TkFile explorer or Stune. Personally, I think the first ini file is fore the default java apps on the phone. I think the 2nd one is useless since I didnt see any java apps in that folder using stune. I think the 3rd file is for user installed java apps. I dont know since I am still in the process of modifying the whole bada firmware as far as possible and then I will later flash my phone with my custom firmware. Maybe you could help me tell which files are used for what? Ok, enough talk. Now here are settings for heap sizes that I used: (You can find heap settings at the end of each file)
## Limited MVM configuration
MAIN_MEMORY_CHUNK_SIZE = 82313216 # (78 * 1024 * 1024) + (500 * 1024), 78.5MB
JAVA_MAX_HEAP_SIZE = 65011712 # (62 * 1024 * 1024) + (0 * 1024), 62MB
JAVA_MIN_HEAP_SIZE = 10485760 # (10 * 1024 * 1024) + (0 * 1024), 10MB
MAX_ISOLATES = 4 # AMS Isolate + One application
The last setting, MAX_ISOLATES is the max number of java apps you can run simultaneously while paused. My setting allows 5 apps to run simultaneously. (Remember, Max_ISOLATES value should be one less than the desired value.) Earlier it wave could run only 3 apps.
I am surprised the Samsung provided low java heap sizes for such a good phone! Anyways enjoy!

Thanx astrotom
I'll try next days.
About WinComm... now I understand what this setting means...
I'll try to find combination to work with both, Qualcomm and WinComm.
To log also via QXDM...
Maybe BT is helpfull...
Best Regards

Uuupsi.
Not realized before. But now I have Modem Port connected with:
Upload data to pc
Hmm. But no idea how to catch Data now...
I've changed Port in WinComm...
Hmmmmmm, mabye 1 day in future.
Best Regards

I've played little bit with old SGH-U700...
It has also few similar things like Upload data to pc...
Via known code *#197328blabla... I can find Upload Funct.:
Enable Upload Funct
Disable Upload Funct
Enable Debug Mode in Low
If I try to enable... Can't enable as Dbg Lvl Low...
This U700 is damaged... (damn Touch keys)... maybe I can repair... maybe I can find out what Upload ... can do.
Best Regards
Edit.
I've set Debug Level to high, then also Enable Upload Funct is available...
But still no idea how to start Upload...

how to send AT commands to the phone? i have the first port of my phone as COM9 and the second one as COM10

bTerm - bada terminal application

http://code.google.com/p/badadroid/downloads/detail?name=bTerm_v0.13.zip&can=2&q=
sample bada terminal application. Connected device is detected automatically.
Available commands:
open - open the COM port
close - close the COM port
dump <address> <length> - dump NAND area
dumpram <address> <length> - dump RAM area
run <path_to_file> - execute the code from file
exit - terminate program
Keep in mind reading from invalid address cause Data Abort exception occurs.
Click to expand...
Click to collapse
Thank you very much b.kubica
As my brain is too small to try/understand all things.
Maybe others have tried?
Thanx in advance.
Best Regards

I am too stupid to read RAM...
http://forum.xda-developers.com/showthread.php?t=1093565
Maybe we can find in RAM uncompressed bada 2.0 stuff or for instance content of *.rbm files...
Maybe someone can please help me.
Thanx in advance.
Best Regards

bTerm works (for now) only in download mode. though implementation via AT command should be possible

Run executable
Hello, is run file implemented?
I tried to run programs on GT8500 (FW 1.2), and always get error like this:
>run Solitaires.exe
term_send: only sent 0 bytes of 8210
term_receive: ReadFile returned error!
OK - 0
>run LyricLegend.exe
term_send: only sent 0 bytes of 8209
term_receive: ReadFile returned error!
OK - 0
I needs a way for running console programs on device for unit testing. Is bTerm suitable for this task?

RealGred said:
I needs a way for running console programs on device for unit testing. Is bTerm suitable for this task?
Click to expand...
Click to collapse
Damn. No! It is not. And no, it is not possible in any other way.

http://code.google.com/p/badadroid/downloads/detail?name=bTerm_v0.15.zip&can=2&q=
New Version v0.15
Thank you.
Still unsolved problem because toooo small brain... which area to enter for RAM?
Best Regards

both 0x40000000 and 0x20000000 are valid start addresses

Any idea how to patch apps_compressed.bin of S8500BUKI1 to try this on bada 2.0
I know how to decyrept and encyrept with wave remaker
Also i have a little knowledge in using hex-editior
I can flash back XXJEE bootloader for its security hole
I just need address and data to write
Best Regards

follow these posts
http://forum.xda-developers.com/showpost.php?p=17872425&postcount=383
http://forum.xda-developers.com/showpost.php?p=17876128&postcount=385

I have only bada_term.fota from v0.11
Results...
In v0.13
Code:
>dumpram 20000000 100000
dumping 1.0 MB at 0x20000000: 14%
Error receiving packet (8192 bytes at 0x20026000). Received 0 bytes only.
>dumpram 40000000 100000
dumping 1.0 MB at 0x40000000: 16%
Error receiving packet (8192 bytes at 0x4002A000). Received 0 bytes only.
>dumpram 41000000 100000
dumping 1.0 MB at 0x41000000: 16%
Error receiving packet (8192 bytes at 0x4102A000). Received 0 bytes only.
>dumpram 42000000 100000
dumping 1.0 MB at 0x42000000: 16%
Error receiving packet (8192 bytes at 0x4202A000). Received 0 bytes only.
>dumpram 43000000 100000
dumping 1.0 MB at 0x43000000: 16%
Error receiving packet (8192 bytes at 0x4302A000). Received 0 bytes only.
>dumpram 44000000 100000
dumping 1.0 MB at 0x44000000: 16%
Error receiving packet (8192 bytes at 0x4402A000). Received 0 bytes only.
I can't read more then 177 KB...
I can see such text like:
is_dirty
is_syncing
.
.
.
With v0.15 seems no successfully connection possible.
close report success, but check false and commands also...
Code:
>open
COM5 port opened with success
>check
Phone response FAIL
My PC is XP powered.
Firmware is JE7... old T-Mobile bada 1.x...
Thanx.
Best Regards

u need to compile fota from sources - it is frequently updated so there is no sense to put assembled one in badadroid downloads

u need to compile fota from sources
Click to expand...
Click to collapse
Sorry, I'm an user. Not an Coder or user with Coding skills.
So my head explode before compiling something successfully.
There is enough space to upload FOTA + corresponding bTerm Version.
Maybe FOTA here as attachment.
Please.
Thanx.
Best Regards

fair enough
http://badadroid.googlecode.com/files/bada_term.zip

>open
COM5 port opened with success
>check
Phone response OK
Click to expand...
Click to collapse
Thank you very much, now v0.15 works on my XP with the new FOTA.
First success
Code:
>dumpram 20000000 8000000
dumping 128.0 MB at 0x20000000: 100%
Seems the 128 MB unit as bigger range interrupt...
I'll try now at 0x40000000
Best Regards
Edit 1.
Result:
Code:
>dumpram 40000000 10000000
dumping 256.0 MB at 0x40000000: 59%
Connection failed!
Abandoning dump with total received 0x0997C000 bytes.
Size is now around 157 MB...
Anyway...
I have some files for study.
Big thanx.

maybe I set to small timer intervals. I will increase it in next release
btw, u can start now dump from 0x4997C000 and then combine it with previous one

b.kubica said:
maybe I set to small timer intervals. I will increase it in next release
btw, u can start now dump from 0x4997C000 and then combine it with previous one
Click to expand...
Click to collapse
Working on S8530 ?

yes if you have correct fota assembled

b.kubica said:
yes if you have correct fota assembled
Click to expand...
Click to collapse
Its seem's my Xp have some PATH problem cant find COM says COM0, tested in another comp Win7 worked, Thank you.

its not path problem - looks like you have not installed samsung drivers
could you check something for me? connect phone in download mode, open regedit and go to HKLM\HARDWARE\DEVICEMAP\SERIALCOMM and send me all values stored in this key

b.kubica said:
its not path problem - looks like you have not installed samsung drivers
could you check something for me? connect phone in download mode, open regedit and go to HKLM\HARDWARE\DEVICEMAP\SERIALCOMM and send me all values stored in this key
Click to expand...
Click to collapse
Reinstalled driver properly now works but check fail
Compiled bada_term.asm on BADA2.01
Flashin bada_term.fota
DLMODE
i tried also CHARGING 0 same
; FOTA_SHADOWING equ 1
CHARGING_CONTROL equ 1
include 'S8530JPKA1.inc'
include 'macros.inc'
include 'vars.inc'
include 'functions.inc'
Maybe i need other firmeware ?
Im on original Orange firmware bada 1.2

[Q] Wave 3 restart problem

Hi, my Wave 3 closes when I do random stuff, for example watching a video, sending messages, etc. and when I open it battery level is low. But when It's on charge it dosen't restarts. Anyone have any idea why is this happening? I use S4 style TurkoCWF rom. Thanks.

Phenomen.B said:
Hi, my Wave 3 closes when I do random stuff, for example watching a video, sending messages, etc. and when I open it battery level is low. But when It's on charge it dosen't restarts. Anyone have any idea why is this happening? I use S4 style TurkoCWF rom. Thanks.
Click to expand...
Click to collapse
i have the same problem

*#33284*#
Set Debug Level to:
High
Now Chance Blue Screen gives more info...
1 way is RDX Tool...
Or take picture with Cam...
or Copy and Paste...
Best Regards
---------- Post added at 03:31 PM ---------- Previous post was at 02:44 PM ----------
what blue screen? I dont get no blue screen, only keeps restarting till i put it on charge. Thanks
Click to expand...
Click to collapse
No idea, you enter this Code into your S8600?
Code:
*#33284*#
Yes or no?
RDX Tool is this...
http://forum.xda-developers.com/showpost.php?p=39658811&postcount=23
Sorry, my fault. Forgotten to insert Link.
If S8600 is in Debug Level High... Then Power down for instance should show you Blue Screen...
Now you know what Blue Screen means...
If "luck", this could help by some kind of Errors... to create Messages from handset...
Example... forgotten why or when, but it was my S8600...
Code:
Type : Unofficial Version
Number : 1096
Builder : superuser
Host : S1-AGENT05
Date : 2011/10/26
Time : 17:26:52
Size : 55050240 bytes
CheckSum : 0x0d3edb3f
View :

S/W version:S8600+XX+KJC
Modem:KYRZ213006_05A
SHP:VPP R5 2.1.1
Build Host:S1-AGENT05
BuildAt:2011/10/26 17:26:52
App Debug Level : 0
Data Abort!Page Translation Fa
ult for (0x743f5abc) Read Acce
ss Detection
<Callstack information>
PC = 00EB9E14 _printf_str
LR = 00EBA779 _printf_cs_commo
n
<Mocha Task Callstack>
_printf_cs_common
__printf
_printf_char_common
_printf_fp_hex_real
__MemPartitionGetNextUserAlloc
Ptr
_snprintf
0x002C7972+Dolfin.so
0x00256F6C+Dolfin.so
0x002C7972+Dolfin.so
0x00256F6C+Dolfin.so
OemBmShutdown
BootDestroy
Best Regards

It only shows "Upload data to PC" and that's all. And yes, I used the code u gaved me. Thanks
When I use camera flash it crashes all the times...

Phenomen.B said:
It only shows "Upload data to PC" and that's all. And yes, I used the code u gaved me. Thanks
When I use camera flash it crashes all the times...
Click to expand...
Click to collapse
yep. that happend to me to..
when want to use flash, just it restarts..

Upload data to PC
Click to expand...
Click to collapse
Simple start Tool RDX from here...
http://forum.xda-developers.com/showpost.php?p=39658811&postcount=23
It autodetect Wave...
But if RDX nothing detect in Upload data to PC...
RDX find something and shows something like on Screenshot?
Best Regards

Here:
Code:
Type : Unofficial Version
Number : 1117
Builder : dpi
Host : DELL44
Date : 2013/01/14
Time : 16:54:24
Size : 55050240 bytes
CheckSum : 0x0d284432
View :

S/W version:S8600+FR+MA2
Modem:KYRZ213006_05A
SHP:VPP R5 2.1.1
Build Host:DELL44
BuildAt:2013/01/14 16:54:24
App Debug Level : 0
Data Abort!Page Translation Fa
ult for (0x74543390) Read Acce
ss Detection
<Callstack information>
PC = 00EBAD60 _printf_str
LR = 00EBB6C5 _printf_cs_commo
n
<Mocha Task Callstack>
_printf_cs_common
__printf
_printf_char_common
_printf_fp_hex_real
__MemPartitionGetNextUserAlloc
Ptr
_snprintf
OemBmShutdown
BootDestroy
_WmCallEHFunction
__WmEventHandlerProc
__WmProcessEventInternal
rex_task_free
OemOsLeaveCriticalSection
OsLeaveCriticalSection
WmProcessEvent
OemOsLeaveCriticalSection
OsLeaveCriticalSection
OemOsReleaseMutex
WmExitEventHandler
__BootTimerCallback
__WmProcessTimerEvent
__WmProcessEventInternal
OsReceiveMessageInternal
__WmReceiveEventInternal
WmMainLoop
MochaTask
rex_thread_init
__thread_stub
Pager Stat: Total Page(4864),
Total RAM page(3584), Total Di
sk Page(1280). One Page Size(6
5536)B
Pager Stat: Used RAM page(coun
t :1295, 5180 KB), Used Disk P
age(count :0, 0KB)
Pager Stat: Free Page(count :3
569, 228416 KB)
< Heap 0 of Process(0) Informa
tion Print Start >
MemPrintStat: Total heap size
= 266,338,304 (Bytes)
MemPrintStat: Allocated size
= 50,159,616 (Bytes)
MemPrintStat: Available size
= 195,092,480 (Bytes)
MemPrintStat: Peak allocated s
ize = 77,725,696 (Bytes)
__MemPoolPrtAllocInfo: freeMax
Size = 195092480
__MemPoolPrtAllocInfo : Huge A
llocated Chunks more then (163
8400)Bytes
"RsrcBitmap.c":line(105) allo
cated (2070016) Bytes
"RsrcBitmap.c":line(105) allo
cated (2070016) Bytes
"..\..\..\..\ShpBrowser\Dolfi
n\Platform\Abstract\BAL\Src\Co
mmon\SFBalFontTTF.cpp":line(19
7) allocated (3505536) Bytes
__MemPoolPrtAllocInfo : Please
Check above chunks
< Kernel Heap(cache+no cache)
of Information Print Start >
MemPrintStat: Total heap size
= 83,886,080 (Bytes)
MemPrintStat: Allocated size
= 9,928,704 (Bytes) (11%)
MemPrintStat: Available size
= 43,016,192 (Bytes)
MemPrintStat: Peak allocated s
ize = 14,360,576 (Bytes) (17%)
MemPrintStat: Fragmentation le
vel = 18 (%)
< Kernel Heap(cache+no cache)
of Information Print Start >
MemPrintStat: Total heap size
= 83,886,080 (Bytes)
MemPrintStat: Allocated size
= 21,078,016 (Bytes) (25%)
MemPrintStat: Available size
= 43,016,192 (Bytes)
MemPrintStat: Peak allocated s
ize = 25,591,808 (Bytes) (30%)
MemPrintStat: Fragmentation le
vel = 18 (%)
< Kernel Heap 3 of Information
Print Start > (0)
MemPrintStat: Total heap size
= 10,354,688 (Bytes)
MemPrintStat: Allocated size
= 3,722,072 (Bytes) (35%)
MemPrintStat: Free size = 6,6
32,616 (Bytes) (64%)
MemPrintStat: Peak allocated s
ize = 4,619,988 (Bytes) (44%)
MemPrintStat: Fragmentation le
vel = 0 (%)
< Heap 4 of Process(0) Informa
tion Print Start >
MemPrintStat: Total heap size
= 134,217,728 (Bytes)
MemPrintStat: Allocated size
= 15,826,944 (Bytes)
MemPrintStat: Available size
= 117,112,832 (Bytes)
MemPrintStat: Peak allocated s
ize = 15,826,944 (Bytes)
< Heap 6 of Process(0) Informa
tion Print Start >
MemPrintStat: Total heap size
= 125,829,120 (Bytes)
MemPrintStat: Allocated size
= 8,290,304 (Bytes)
MemPrintStat: Available size
= 117,317,632 (Bytes)
MemPrintStat: Peak allocated s
ize = 8,290,304 (Bytes)
Thanks for your time

Code:
Type : Unofficial Version
Number : 1117
Builder : dpi
Host : DELL44
Date : 2013/01/14
Time : 16:54:24
Size : 55050240 bytes
CheckSum : 0x0d284432
View :

S/W version:[B]S8600+FR+MA2[/B]
Modem:KYRZ213006_05A
SHP:VPP R5 2.1.1
Build Host:DELL44
BuildAt:2013/01/14 16:54:24
@Galaxy3HELL
You use also same Firmware?
S8600+FR+MA2
I use S4 style TurkoCWF rom.
Click to expand...
Click to collapse
The custom Version?
@Phenomen.B
We should short wait for answer from Galaxy3HELL...
If both used same Firmware, then maybe Firmware issue...
Solution 1. in theory.
If your Firmware long runs without Errors... then flash again.
So you have clean Version...
Like "Format C:"...
Bad is, you have to Backup before... as you loose all your SMS, Pics etc.
Test 1.1 would be Stockfirmware... unmodified...
XXKJC for instance...
Clean Fullfimware... with Bootfiles...
So it could be easier to find out if Hardware damage... or really only Software issue...
Best Regards

I flashed again but problems are the same.
And I have no full official firmware...

S8600XXKJC_OXA.rar
Try Google...
Maybe you can download from here:
http://uploaded.net/file/qfls8t4d
Not tested by me... I mean exact this Link.
Here you can see, what files inside... + folder Bootfiles...
http://chomikuj.pl/krzak208/Samsung+Wawe3+(S8600)/XXKJC
Best Regards

Yes, i was using Turko FRMA2, but because of problem i flashed full firmware XXKJC and problem still active :victory:

okidoki...
XXKJC is not "latest"...
It is older...
Only good thing about XXKJC is, it is Full with all files + Boot...
Nearly all other available Firmware are only Update... without FFS and full SHP...
So update from XXKJC to XXLD1...
Maybe then more luck...
Best Regards

link for that software?

To find XXLD1 for S8600, please use Google...
Samfirmware/Sammobile...
But when It's on charge it dosen't restarts.
Click to expand...
Click to collapse
Same for you Galaxy3HELL
If USB or Charger attached?
Maybe this means some problems with Power... no constant Energy...
Remove battery... check contacts etc...
Is S8600 flying from... Any kind of scratches...
Check Label for Waterdamage...
Best Regards

adfree said:
If USB or Charger attached?
Click to expand...
Click to collapse
Same with both, it dosen't matter if USB or charger, it will not restart if one of those 2 is attached.

Hmm...
Phenomen.B said:
Same with both, it dosen't matter if USB or charger, it will not restart if one of those 2 is attached.
Click to expand...
Click to collapse
Then, I think that might be a battery problem, bro.
[ JUST A WHIRL : Try cleaning the contacts with a dry cloth, just as a last try. If possible, if anyone else you know has a wave 3, try checking it with his/her wave's battery. ]

TheBasterd said:
Then, I think that might be a battery problem, bro.
[ JUST A WHIRL : Try cleaning the contacts with a dry cloth, just as a last try. If possible, if anyone else you know has a wave 3, try checking it with his/her wave's battery. ]
Click to expand...
Click to collapse
Yup, it's a battery problem. Tommorow i'll go and buy new one. Thanks all for ur help.

Phenomen.B said:
Yup, it's a battery problem. Tommorow i'll go and buy new one. Thanks all for ur help.
Click to expand...
Click to collapse
@Phenomen.B please post you result with new battery. If it solve the problem, i will buy one to :good: Waiting for you answer :laugh:

did you buy new battery and did it solve you problem? :fingers-crossed:

yes it is battery problem :laugh:
i sold phone for 40$, and guy which buy it changed battery and said that it is working fine now

UFS not detected!

hi friends i am not aware waht to do for this error,
i have a htc desire d616h,
when i was flashing the stock rom, the phone went completly dead, dosent even show charging symbol,
so i use a latest version for sp tool and did a test, and i have updated the test results aswell below, i tried with all the stock rom available on the internet, still no progress,
when i download only the preloader download result is ok,
but when i try to download all the other img files i get 5906 error,
and i saw a video on you-tube, which suggested to solder grnd port and the test port, i wouls like to know if it works,
or any suggestions PLS let me know..
thanks in advance
TEST RESULTS:
============ Memory Detection Report ===========
Internal RAM:
External RAM:
Type = DRAM
Size = 0x40000000 (1024MB/8192Mb)
NAND Flash:
ERROR: NAND Flash was not detected!
EMMC:
EMMC_PART_BOOT1 Size = 0x0000000000200000(2MB)
EMMC_PART_BOOT2 Size = 0x0000000000200000(2MB)
EMMC_PART_RPMB Size = 0x0000000000200000(2MB)
EMMC_PART_GP1 Size = 0x0000000000000000(0MB)
EMMC_PART_GP2 Size = 0x0000000000000000(0MB)
EMMC_PART_GP3 Size = 0x0000000000000000(0MB)
EMMC_PART_GP4 Size = 0x0000000000000000(0MB)
EMMC_PART_USER Size = 0x00000000e7000000(3696MB)
UFS:
ERROR: UFS was not detected!
============ RAM Test ============
Data Bus Test:
[D0]
[D1]
[D2]
[D3]
[D4]
[D5]
[D6]
[D7]
[D8]
[D9]
[D10]
[D11]
[D12]
[D13]
[D14]
[D15]
[D16]
[D17]
[D18]
[D19]
[D20]
[D21]
[D22]
[D23]
[D24]
[D25]
[D26]
[D27]
[D28]
[D29]
[D30]
[D31]
OK!!
Address Bus Test:
[A1]
[A2]
[A3]
[A4]
[A5]
[A6]
[A7]
[A8]
[A9]
[A10]
[A11]
[A12]
[A13]
[A14]
[A15]
[A16]
[A17]
[A18]
[A19]
[A20]
[A21]
[A22]
[A23]
[A24]
[A25]
[A26]
[A27]
[A28]
[A29]
OK!!
RAM Pattern Test :
Writing ...
0x44332211,
0xA5A5A5A5,
0xA5A5A500,
0xA500A500,
0xA5000000,
0x00000000,
0xFFFF0000,
0xFFFFFFFF,
OK!!
Increment/Decrement Test:
Writing...
OK!!

ERROR: UFS was not detected
bala_1610 said:
hi friends i am not aware waht to do for this error,
i have a htc desire d616h,
when i was flashing the stock rom, the phone went completly dead, dosent even show charging symbol,
so i use a latest version for sp tool and did a test, and i have updated the test results aswell below, i tried with all the stock rom available on the internet, still no progress,
when i download only the preloader download result is ok,
but when i try to download all the other img files i get 5906 error,
and i saw a video on you-tube, which suggested to solder grnd port and the test port, i wouls like to know if it works,
or any suggestions PLS let me know..
thanks in advance
TEST RESULTS:
============ Memory Detection Report ===========
Internal RAM:
External RAM:
Type = DRAM
Size = 0x40000000 (1024MB/8192Mb)
NAND Flash:
ERROR: NAND Flash was not detected!
EMMC:
EMMC_PART_BOOT1 Size = 0x0000000000200000(2MB)
EMMC_PART_BOOT2 Size = 0x0000000000200000(2MB)
EMMC_PART_RPMB Size = 0x0000000000200000(2MB)
EMMC_PART_GP1 Size = 0x0000000000000000(0MB)
EMMC_PART_GP2 Size = 0x0000000000000000(0MB)
EMMC_PART_GP3 Size = 0x0000000000000000(0MB)
EMMC_PART_GP4 Size = 0x0000000000000000(0MB)
EMMC_PART_USER Size = 0x00000000e7000000(3696MB)
UFS:
ERROR: UFS was not detected!
============ RAM Test ============
Data Bus Test:
[D0]
[D1]
[D2]
[D3]
[D4]
[D5]
[D6]
[D7]
[D8]
[D9]
[D10]
[D11]
[D12]
[D13]
[D14]
[D15]
[D16]
[D17]
[D18]
[D19]
[D20]
[D21]
[D22]
[D23]
[D24]
[D25]
[D26]
[D27]
[D28]
[D29]
[D30]
[D31]
OK!!
Address Bus Test:
[A1]
[A2]
[A3]
[A4]
[A5]
[A6]
[A7]
[A8]
[A9]
[A10]
[A11]
[A12]
[A13]
[A14]
[A15]
[A16]
[A17]
[A18]
[A19]
[A20]
[A21]
[A22]
[A23]
[A24]
[A25]
[A26]
[A27]
[A28]
[A29]
OK!!
RAM Pattern Test :
Writing ...
0x44332211,
0xA5A5A5A5,
0xA5A5A500,
0xA500A500,
0xA5000000,
0x00000000,
0xFFFF0000,
0xFFFFFFFF,
OK!!
Increment/Decrement Test:
Writing...
OK!!
Click to expand...
Click to collapse
DID YOU FIND A SOLUTION FOR THIS?.. IM EXPERIENCING IT TOO
sdas

jurj000 said:
DID YOU FIND A SOLUTION FOR THIS?.. IM EXPERIENCING IT TOO
sdas
Click to expand...
Click to collapse
saME PROBLEM