Develop Bugs

Extract or Dump the MS Emulator Images

Hi there,
i'm searching for a solution how to dump the MS Emulator Images!
i found something here:
http://forum.xda-developers.com/showthread.php?t=307968
but ImfgsTools didn have the -emu option anymore!! And i cant find the RC1 to download..
is there an other way to dump the Files??

ok i found some more infos...
i've found itsutils ...
this is the output of "pdocread.exe -l"
89.82M (0x59d3000) MSFlash
| 1.81M (0x1d0000) Part00
| 87.95M (0x57f3000) Part01
31.50M (0x1f7f000) RAMFMD
| 31.50M (0x1f7ec00) Part00
STRG handles:
handle f7f74fde 31.50M (0x1f7ec00)
handle f7fc09f2 87.95M (0x57f3000)
handle 97fc0832 1.81M (0x1d0000)
disk f7f74fde
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk f7fc09f2
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 97fc0832
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
but i cant dump the part01
"pdocread.exe -w -d MSFlash -p Part01 0 0x57f3000 test.raw"
CopyTFFSToFile(0x0, 0x57f3000, test.raw)
ERROR: ITReadDisk : read 00000000 bytes - Falscher Parameter.
without -w there comes following message:
ERROR: ITReadDisk : read 00000000 bytes - Ein an das System angeschlossenes Gerõ
t funktioniert nicht. (Device on System isn't responding)

Try this version:
http://rapidshare.com/files/104293714/imgfstools.rar

i am triing to port RC2.1 version to full english
using this guide
http://forum.xda-developers.com/showthread.php?t=307968
Do you have an other rom base for Wm6 or Wm6.1?

Samsung i900 Omnia rom backup help

Hi to all the Samsung experts, I currently have a Samsung i900 and am looking for a way to extract my rom and create a flashable format. I have used pdocread to extract 3 .raw files but am not sure how to proceed from here. Can anyone advise? Thanks.

Hoping that the i780 istruction can be used for the omnia, the relevant posts are here..
http://forum.xda-developers.com/showpost.php?p=2237280&postcount=10
http://forum.xda-developers.com/showthread.php?t=393490

Thanks, I have read those threads, problem is you apparently need a flashable .bin to start with which in this case I do not so am looking for a way to use the .raw files only. Do you know if that is possible?

efjay said:
Thanks, I have read those threads, problem is you apparently need a flashable .bin to start with which in this case I do not so am looking for a way to use the .raw files only. Do you know if that is possible?
Click to expand...
Click to collapse
No you don't need the bins, you can start from the raw files.
Just look at the famusc kitchen and read the included instructions.

Ok here is a way to dump the nb file and then dump its contents.I have already done that, including xip
Use itsutils and following command in dos window :
psdread -1 0 0xDISKSIZE os.nb
Then use imgfs tools or tazio tools to dump, and further processing.
We need now how to flash back the custom os.nb to omnia
still searching for sd card flashing combinations

@The Solutor: I have read the famusc kitchen docs and it explicity states you need an existing .bin PDA rom. However there are a few commands in there that may be worth checking out.
@hdubli: I will try the command you suggested later today. What are the tazio tools? And dont Samsung phones use .bin files to flash rather than .nb?

You don't need the bin.
Here step by step:
- Downlad and install the kitchen
- Copy Part02.raw into the kitchen folder
- Open cmd and type: ImgfsToDump Part02.raw (This will create dump folder)
- Execute RecreateBin.exe
You got your bin file!!!!

mievalt said:
You don't need the bin.
Here step by step:
- Downlad and install the kitchen
- Copy Part02.raw into the kitchen folder
- Open cmd and type: ImgfsToDump Part02.raw (This will create dump folder)
- Execute RecreateBin.exe
You got your bin file!!!!
Click to expand...
Click to collapse
Do you mean RecreateBin.bat? There is no RecreateBin.exe and looking at the contents of the .bat file I dont think it will work as it makes reference to i780 files which I dont have and most likely wont work with the Omnia.
imgfsfromdump imgfs_raw_data.bin new_imgfs.bin
del imgfs_raw_data.bin
ren new_imgfs.bin imgfs_raw_data.bin
make_imgfs i780.nb0.payload.body -nosplit
merge i780.nb0.payload.header i780.nb0.payload.body i780.nb0.payload
nbmerge -data 2048 -extra 8 i780.nb0 -conservative

yes it is the .bat file sorry.
I780 should just be name of the files that you get at the end...
I can't say if it works you just have to give it a try...
But that would be the way we do it with our i780 roms...
Try and report. You should get a i780.bin file.... otherwise it should stop with an error.

I have a Samsung Omnia German version and would like to get the english version. Anybody know where to find the WWE ROM and CID unlock or what i need to install it?

any luck
Any luck on cooking a samsung i900 Rom

JesperRas said:
I have a Samsung Omnia German version and would like to get the english version. Anybody know where to find the WWE ROM and CID unlock or what i need to install it?
Click to expand...
Click to collapse
What does ur version read?
My one read i900XXHE4. I am also looking for way to upgrade to i900DXHG4

anyone manage to extract the rom?
or is there anyway i could extract those dll in the roms?
would like to try reverse it see if can extract the data for the accelerometer

Link
Here is the Link
For the update

any body can backup the rom G2 and previous and let us flash it? i sooo want the old rom back.. G4 fully sucked with too many issues on it..

What is the build info on G4?
I can dump the rom but you will have my serial #

silencer22 said:
anyone manage to extract the rom?
or is there anyway i could extract those dll in the roms?
would like to try reverse it see if can extract the data for the accelerometer
Click to expand...
Click to collapse
it looks like a .bin file and oddly enough executing it changed all my Atom .nb0 files to 'open with' USDL4...
Do kitchen tools exist or Perhaps somebody could be commisioned to make tools for us, I'd be up for that!

whats the go on creating a flashable rom? i tried to flash chinese G8 rom and i regretted it.. now i cant flash it back to WWE G4 rom. =( anyone here able to make flashable rom or F8 or G2 WWE roms? pls pls pls..

I tried to back up my i900 Omnia ROM and get this:
C:\12>pdocread -l
128.46M (0x8076000) DSK1:
| 1.47M (0x179000) Part00
| 2.58M (0x295800) Part01
| 124.40M (0x7c66800) Part02
90.44M (0x5a70000) DSK2:
| 90.43M (0x5a6f000) Part00
0.00 (0x0) DSK5:
| 0.00 (0x0) PART00
15.00G (0x3c0000000) DSK3:
| 15.00G (0x3bffffc00) Part00
STRG handles:
handle 6698a06e 15.00G (0x3bffffc00)
handle a698a026
handle c6cc2472 90.43M (0x5a6f000)
handle 06e0479a124.40M (0x7c66800)
handle 26e04776 2.58M (0x295800)
handle 26e0472e 1.47M (0x179000)
disk 6698a06e
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk a698a026
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk c6cc2472
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 06e0479a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 26e04776
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 26e0472e
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
C:\12>psdread -1 0 0xDISKSIZE os.nb
remote disk 1 has 65772 sectors of 2048 bytes - 128.46Mbyte
SerialNr: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
CopySDCardToFile(remote, 1, 0x0, 0xd, os.nb)
ERROR: ITReadSDCard - The parameter is incorrect.
C:\12>pdocread -w -d FLASHDR -p Part00 0 0x179000 Part00.raw
ERROR: ITTFFSGetInfo - The device is not ready for use.
WARNING: using default 512 bytes for sectorsize
CopyTFFSToFile(0x0, 0x179000, Part00.raw)
ERROR: ITReadDisk: outbuf==NULL
- The device is not ready for use.
Any thoughts?

I am improving :
C:\12>psdread -1 0 0x8076000 i900XHHG4.nb
remote disk 1 has 65772 sectors of 2048 bytes - 128.46Mbyt
SerialNr: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
CopySDCardToFile(remote, 1, 0x0, 0x8076000, i900XHHG4.nb)
but I am waiting more than 30 min and no activity. How long does it take to copy 128MB?

Mio P360&P560 ROM CEimage [BETA Official] / Boot Menu / [HOW TO] dump a ROM, by ansar

Mio P360&P560 ROM CEimage [BETA Official] / Boot Menu / [HOW TO] dump a ROM, by ansar
Hi,
Update on 3/10/2010 10:35 AM:
The following are the findings for the ROM image upgrade procedure, after an extensive testing:
1. The MS_IPL image has been identified.
2. It is not yet possible to dump the boot loader image due to the MS_IPL image placing on almost the same memory location.
3. Due to the above we cannot yet define the accepted by the boot loader ROM CE image layout.
4. The one way is to assume a layout and test it to see if it is accepted.
5. This way is completely safe.
6. It was identified the internal (final) layout of the ROM CE image by direct read access to the chip.
7. The result of this reading was 100% error free that denotes the possibility of error free writing directly to the chip.
8. This last writing (directly on the chip) it is not yet tested due to the possibility to damage the device.
9. The internal (final) ROM CE image noted at (6.) above is already in our hands but not tested yet.
10. This is the second way to the ROM upgrade procedure, but we do not know if it is safe as that of reading the chip.
Development will be continued on both ways, in order for the ROM upgrade to be finalized.
Thanks to pavlac and mumux for their extensive help and testing.
A. Screens of the official version
Pending ...
B. Download Links
Pending ...
C. Instructions to successfully flash the rom image
1. Make sure that P560 can be connected and synchronized with your PC / Laptop.
2. Use the procedure bellow to enter the boot loader menu.
3. Form the Uboot Menu select 0=WINCE Upgrade and press right key.
4. From WINCE Upgrade menu select 3=WINCE by USB and press right key.
5. From your PC run dnw5.0e.exe program.
6. Select USB port>Status and see if the USB info screen is displayed.
7. Select USB port>Transmit and open the provided file.
8. Wait for the process to finish, disconnect and slide bottom switch to OFF.
9. Wait one minute and slide bottom switch to ON in order to perform a hard reset.
End of Update
IMPORTANT UPDATE on 10/9/2010 16:35 PM:
Before issuing the relevant official ROMs derived from the partxx.raw files
it is very important for each distribution i.e. WWE, FRE, ELL etc to have the checksum of each ROM.
In order to achieve this, the owner of a specific build should perform as follows:
************************************************** **************
A. Evaluating the checksum:
1. Enter to uboot loader main menu as described bellow after this update.
2. On the main menu by pressing down the jostick navigate to [4=Memory Tools] and select it by pressing-in the joystick.
3. On the Memory Tools menu by pressing-in the joystick select [0=ROM CheckSUM], get it and write it on a media.
4. Select [2=Exit] in order to exit the Memory Tools and return to main menu.
************************************************** **************
B. Evaluating CPLD_32 and CPLD_64 user code:
5. On the main menu by pressing down the jostick navigate to [5=Other Tools] and select it by pressing-in the joystick.
6. On the Other Tools menu by pressing down the jostick navigate to [2=read CPLD_32 user code], get it and write it on a media.
7. On the Other Tools menu by pressing down the jostick navigate to [3=read CPLD_64 user code], get it and write it on a media.
************************************************** **************
C. Evaluating Nand Tools
8. On the Other Tools menu by pressing down the jostick navigate to [4=Nand Tools] and select it by pressing-in the joystick.
9. You can write down on a media what this screen is displaying.
a. Exit the uboot menu by sliding the bottom switch to power off.
************************************************** **************
Now if you have a WWE distribution you can post the above results in the form:
My Boot loader header: CHUD_350_UT_Rxx_yyyy_2G or CHUD_350_UT_Rxx_yyyy_512M or whatever.
WWE CheckSUM: 0x........ CPLD_32: 0x........ CPLD_64: 0x........
followed by the description of your Nand Tools menu.
************************************************** **************
Thanks for commenting and supporting.
************************************************** **************
************************************************** **************
Update on 7/9/2010:
The thread is updated due to final info on entry to uboot loader menu.
[HOW TO] dump your original ROM is added,see bellow.
The next step is the development of custom/official ROMs.
****************************************************************
There are at least two ways to enter the Boot Loader menu:
****************************************************************
A. First way.
1. Disconnect usb and power adaptor (all) cables from the device.
2. Turn the device to power off by sliding the bottom switch from ON to OFF position.
3. Press and HOLD the device top power button and then slide the switch from OFF to ON position.
Important note: KEEP holding top power button when sliding bottom power switch and release it when enter to bootloader.
****************************************************************
B. Second way.
1. Disconnect usb and power adaptor (all) cables from the device.
2. Turn the device to power off by sliding the bottom switch from ON to OFF position.
3. Hold JOYSTICK RIGHT + press and hold RIGHT BUTTON.
4. Slide bottom switch to ON
Important note: KEEP holding JOYSTICK RIGHT + RIGHT BUTTON when sliding bottom power switch and release it when enter to bootloader.
****************************************************************
[HOW TO] dump your ROM.
****************************************************************
This is how to dump your original ROM part00.raw, part01.raw and part02.raw files for future use.
These are guidelines and the addresses in blue from your own device must be used in the commands instead of those in the example.
1. Get the itsutils from here: http://forum.xda-developers.com/wiki/index.php?title=XdaUtils
... and unpack in your desire disc (C:\itsutils, D:\itsutils, etc.)
2. Connect your device to a PC/Laptop, sync and on your PC/Laptop run a command line or shortcut and issue the following commands:
2.1 First command:
C:\itsutils>pdocread -l
[Tap on yes, if asked to accept running the dll.]
*********************
On your screen you will see:
*********************
Copying C:\itsutils\itsutils.dll to WCE:\windows\itsutils.dll
80.00M (0x5000000) SMFLASH
| 1.25M (0x13f000) Part00
| 1.75M (0x1c0000) Part01
| 45.50M (0x2d80000) Part02
| 31.50M (0x1f80000) Part03
1.82G (0x74900000) DSK2:
| 1.82G (0x748ff000) Part00
3.69G (0xec400000) DSK1:
| 3.69G (0xec000000) Part00
STRG handles:
handle#0 839a5546 3.69G (0xec000000)
handle#1 23f61dd6 1.82G (0x748ff000)
handle#2 a3f5b99a 31.50M (0x1f80000)
handle#3 c3f5b11a 45.50M (0x2d80000)
handle#4 23f5b0f6 1.75M (0x1c0000)
handle#5 a3f61fda 1.25M (0x13f000)
disk 839a5546
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 23f61dd6
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk a3f5b99a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk c3f5b11a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 23f5b0f6
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk a3f61fda
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
C:\itsutils>
*****************
2.2 2nd command:
C:\itsutils>pdocread -w -d SMFLASH -b 0x800 -p Part00 0 0x13f000 Part00.raw
*********************
On your screen you will see:
*********************
CopyTFFSToFile(0x0, 0x13f000, Part00.raw)
C:\itsutils>
*****************
2.3 3rd command:
C:\itsutils>pdocread -w -d SMFLASH -b 0x800 -p Part01 0 0x1c0000 Part01.raw
*****************
On your screen you will see:
*****************
CopyTFFSToFile(0x0, 0x1c0000, Part01.raw)
C:\itsutils>
*****************
2.4 4rth command:
C:\itsutils>pdocread -w -d SMFLASH -b 0x800 -p Part02 0 0x2d80000 Part02.raw
*****************
On your screen you will see:
*****************
CopyTFFSToFile(0x0, 0x2d80000, Part02.raw)
C:\itsutils>
*****************
Now you can upload your partxx.raw files and post your link to them
in order for the official rom to be constructed for future use by you and all other users.
Many thanks to pavlac and all ROM uploading members for your testing and reporting.
Regards, ansar.

Hi, I want You to help to cook some rom for P560
Yes, I was able to enter Boot Loader Menu by your suggestion.
pavlac

pavlac said:
Hi, I want You to help to cook some rom for P560
Yes, I was able to enter Boot Loader Menu by your suggestion.
pavlac
Click to expand...
Click to collapse
Hi pavlac,
This is outstanding news for P560 and hope for P360 too!!
I will prepare the WWE WM6 5.2 17945 Build 17945.0.3.2 just for testing/archiving purposes.
This version will be used after flashing a WM6.1 / WM6.5 ROM and one wants to send the device for service.
In order to proceed it is very important to describe the screen (s) of the menu:
1. Describe exactly of what you see (or make a photo in .jpg format) of the main menu and
2. Describe each one of the submenus, if any, regarding ce image upgrade.
You can also send me a private info post by clicking on name above my avatar, if you like to do so.
Regards, ansar.

Mio P560 Boot Loader Main Menu & Submenus:

Hi pavlac,
Your contribution to P360/P560 ROM development is unparallel.
I will prepare the WWE WM6 CE OS 5.2.17945 Build 17945.0.3.2 first.
If your device has a different one, before flashing a new ROM you must dump your own ROM first.
For details see #1 post.
If you have any difficulty just let me know.
The ROM that will be prepared it will be flashed as a CE image, no change to UBOOT and MS_IPL, and so will be absolutely safe.
Stay tuned and Best Regards, ansar.

Hi ansar.
I have tried to get the bootloader mode on the p560, but no succes
Any other ideas ?

Taurus1ax said:
Hi ansar.
I have tried to get the bootloader mode on the p560, but no succes
Any other ideas ?
Click to expand...
Click to collapse
Hi,
Can you describe (exactly, not i did follow the instructions) in detail how did try to enter bootloader?
See also Important Note in #1 post.
Regards, ansar.

The method described in the first post doesn't work (for Mio P360). Holding the top power button and setting the bottom switch to "ON" does nothing other than booting into WM normally. I also tried the P350 method (holding the joystick "DOWN" and switching the PDA on) and it booted into WM safe mode.
Also, pavlac's screenshots in post #4 seem to be from Mio P350, not P360 (see the CHUB350_UT_R09_0911_2G header in the first attachment).
I'm also interested in backing up/upgrading P360's ROM if anyone can help I'd appreciate it!

Hi,
All Mio P350/P550 report OSCAR at main uboot screen.
Try a variation to press and HOLD the top [+] button and slide the bottom switch to OFF.
Keep holding down the top [+] and slide the bottom switch to ON.
Do not release top [+] up to enter uboot.
Regards, ansar.

None of these work
I have tried many variations of button pressing and nothing brings up the boot menu.
Anyway, thanks for your time, if I find anything I'll post it!

Hi.
I found something on polish pda forum. Try this:
Bottom switch OFF, hold JOYSTICK RIGHT + press and hold RIGHT BUTTON, keep holding both and then slide bottom switch to ON.
On my P560 it dosen't work, but I hope Yours will be OK.

pavlac said:
Hi.
I found something on polish pda forum. Try this:
Bottom switch OFF, hold JOYSTICK RIGHT + press and hold RIGHT BUTTON, keep holding both and then slide bottom switch to ON.
On my P560 it dosen't work, but I hope Yours will be OK.
Click to expand...
Click to collapse
OKAY that did it!
Different procedure for such similar devices is strange though...
And the boot screens are similar to those you have posted in the previous page, my header is CHUB350_UT_R12_1105_512M. I have a Greek ROM, if you are interested, I will back it up and post the link here (as long as the admins verify my account and let me post external links).
Regards!!

Working for me too (mio P360),
french ROM, header is CHUB350_UT_R12_1105_512M too

My P560 dumped ROM
That's great that it works!
They say that devices with updated ROM have different combination than others devices, with older ROM.
Boot loader header: CHUB350_UT_R09_0911_2G
UT Checksum =0x419D4CD
OS Chksum=0x20D7507
CPLD_32 usercode=EF777E77
CPLD_64 usercode=***FAIL!***
Nand Tools = need soft reset
Code:
www_sukcesnet_com/~pavlac2/Mio_P560_CHUB350_UT_R09_0911_2G.zip
Sorry, but I don't know witch distribution I have. How to find out? I tried to search what WWE/ELL/FRE means but no success.

pavlac said:
That's great that it works!
They say that devices with updated ROM have different combination than others devices, with older ROM.
Click to expand...
Click to collapse
Hi,
The #1 post is updated, many Thanks for your contribution to this.
New Official/Custom ROMs are on the way.
Regards, ansar.

dump completed
Here is the dump
www_dot_nospaceleft_dot_com/raw.zip
Here is the logfile :
--------------------------------------------------------------------------
Code:
C:\itsutils>pdocread.exe -l
Copying C:\itsutils\itsutils.dll to WCE:\windows\itsutils.dll
80.00M (0x5000000) SMFLASH
| 1.25M (0x13f000) Part00
| 1.75M (0x1c0000) Part01
| 45.25M (0x2d40000) Part02
| 31.75M (0x1fc0000) Part03
396.00M (0x18c00000) DSK2:
| 396.00M (0x18bff000) Part00
14.94G (0x3bc000000) DSK1:
| 14.93G (0x3bbc00000) Part00
STRG handles:
handle#0 835ef906 14.93G (0x3bbc00000)
handle#1 43f61dd6 396.00M (0x18bff000)
handle#2 43f5b99a 31.75M (0x1fc0000)
handle#3 c3f5b11a 45.25M (0x2d40000)
handle#4 e3f5b0f6 1.75M (0x1c0000)
handle#5 e3f61fda 1.25M (0x13f000)
disk 835ef906
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 43f61dd6
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 43f5b99a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk c3f5b11a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk e3f5b0f6
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk e3f61fda
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
C:\itsutils>pdocread -w -d SMFLASH -b 0x800 -p Part00 0 0x13f000 Part00.raw
CopyTFFSToFile(0x0, 0x13f000, Part00.raw)
C:\itsutils>
C:\itsutils>pdocread -w -d SMFLASH -b 0x800 -p Part01 0 0x1c0000 Part01.raw
CopyTFFSToFile(0x0, 0x1c0000, Part01.raw)
C:\itsutils>
C:\itsutils>pdocread -w -d SMFLASH -b 0x800 -p Part02 0 0x2d40000 Part02.raw
CopyTFFSToFile(0x0, 0x2d40000, Part02.raw)
C:\itsutils>

mumux said:
Here is the dump
www_dot_nospaceleft_dot_com/raw.zip
Click to expand...
Click to collapse
Salut,
Merci pour la distribution Française!
Regards, ansar.

Here is the ELL ROM dump from Mio P360 :
Boot Header = CHUB350_UT_R12_1105_512M
UT Checksum = 0x41B9AAD
OS Checksum = 0xFB95D345
CPLD_32 User Code = 0000B5C9
CPLD_64 User Code = *** FAIL! *** (WTF?)
Code:
hxxp://rapidshare.com/files/418212081/Mio_P360_ELL_ROM_dump.zip.html
And the log file :
Code:
E:\= NEW =\= Mio P360 =\= ROM Development =\itsutilsbin-20091117>pdocread -l
Copying E:\= NEW =\= Mio P360 =\= ROM Development =\itsutilsbin-20091117\itsutils.dll to WCE:\windows\itsutils.dll
80.00M (0x5000000) SMFLASH
| 1.25M (0x13f000) Part00
| 1.75M (0x1c0000) Part01
| 44.25M (0x2c40000) Part02
| 32.75M (0x20c0000) Part03
396.00M (0x18c00000) DSK2:
| 396.00M (0x18bff000) Part00
1.86G (0x77580000) DSK1:
| 1.86G (0x7756fe00) Part00
STRG handles:
handle#0 23f68fd6 1.86G (0x7756fe00)
handle#1 23f61dd6 396.00M (0x18bff000)
handle#2 63f5b99a 32.75M (0x20c0000)
handle#3 e3f5b11a 44.25M (0x2c40000)
handle#4 03f5b0f6 1.75M (0x1c0000)
handle#5 c3f61fda 1.25M (0x13f000)
disk 23f68fd6
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 23f61dd6
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 63f5b99a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk e3f5b11a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 03f5b0f6
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk c3f61fda
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E:\= NEW =\= Mio P360 =\= ROM Development =\itsutilsbin-20091117>pdocread -w -d SMFLASH -b 0x800 -p Part00 0 0x13f000 Part00.raw
CopyTFFSToFile(0x0, 0x13f000, Part00.raw)
E:\= NEW =\= Mio P360 =\= ROM Development =\itsutilsbin-20091117>pdocread -w -d SMFLASH -b 0x800 -p Part01 0 0x1c0000 Part01.raw
CopyTFFSToFile(0x0, 0x1c0000, Part01.raw)
E:\= NEW =\= Mio P360 =\= ROM Development =\itsutilsbin-20091117>pdocread -w -d SMFLASH -b 0x800 -p Part02 0 0x2c40000 Part02.raw
CopyTFFSToFile(0x0, 0x2c40000, Part02.raw)
I would like to propose some additions to the guide on the first post :
1) For Mio P360, the navigation in the boot menu is done with the joystick, but the selection (ENTER) of each item is done with the right button, not by pressing the joystick.
2) The device must be connected to the computer and synchronized to WMDC/ActiveSync in order to dump the ROM.
3) There is a security prompt to accept the run of itsutils.dll by the device, it should be accepted.
4) The HEX addresses that the ROM parts reside on ARE NOT THE SAME in every device (maybe they are the same for same devices), so after the first command pdocread -l the addresses should be noted for use in the next steps.
For my device (Mio P360 ELL ROM), part02 of the ROM was in address 0x2c40000 and not 0x2d80000 as ansar's (this happens in mumux's device as well as I see).
So the commands must be :
pdocread -w -d SMFLASH -b 0x800 -p Partxx 0 <HEX address of Partxx as seen in the first command> Partxx.raw
Also I want to note that reading of CPLD_64 User Code FAILED (!!) and that when tried to enter the NAND Tools menu, my device froze and I had to soft reset it. Any answers why these happen could come handy.
Cheers

Candlemass said:
Here is the ELL ROM dump from Mio P360 :
UT Checksum = 0x41B9AAD
OS Checksum = 0xFB95D345
CPLD_32 User Code = 0000B5C9
CPLD_64 User Code = *** FAIL! *** (WTF?)
Click to expand...
Click to collapse
Hi,
The #1 post is updated, please include your boot loader header i.e. CHUD_350_UT_Rxx_yyyy_512M.
It seems that CPLD_32 and CPLD_64 [Complex Programmable Logic Device] are used to distinguish
the logic capacity of the two-input NAND gates for each implementation [P360 or P560].
So do not worry about it, each device must access its own NAND memory size.
Thanks for the ELL P360 distribution and commenting and supporting.
Regards, ansar.

ansar.ath.gr said:
Hi,
The #1 post is updated, please include your boot loader header i.e. CHUD_350_UT_Rxx_yyyy_512M.
Click to expand...
Click to collapse
Ok done, I edited my post above.

Qualcomm Tools and S8500/S8530 and now S8600

If you switch to QC and install correct drivers you have access.
Tested successfully few Tools:
PSAS
QPST
QXDM
NV items are possible to backup.
Read/write NV also possible...
SPC is 000 000
Security Password seems FFFFFFFFFFFFFFFF
I tested in PSAS... other SP leads to restart.
But Memory access is blocked.
Download Mode uses only Samsung Driver, not QC...
Goal would be to access/dump memory via Bootloader...
Best Regards

Samsung locked down the Wave more so than there android offering due to the proprietary nature of Bada, to be honest i really dont know how to solve that issue? is there any other folk with Jtag boxes that might give us there two cents?

Maybe we should play with Qualcomm stuff. To log something like GPIO.
HWTP for instance, but shows at this time only for older models...
see Screenshot from EF81... you can save to Text file...
Other usefull Tool could be QXDM.
I was able once to log something from S8500, but I have forgotten how...
Best Regards

HWTP can make Text output... here only from EF81, but:
GPIO 13 LCD_BCKLT_PWM
GPIO 84 FUEL_GAUGE_TXD
and more...
As HWTP is based on QXDM, I think QXDM is able to do this also... for S8500.
Question is only how.
Best Regards
Edit 1.
I've changed in Settings.Ini from HWTP MSM Identifier to:
0x4015E0E
Now I have access to the menu...
But I think its not correct... as GPIO is handled in GPIONameList.ini
Attached is from S8500 too, but again, this could be crap.
WARNING: according to changes in this file phones' id can change.
Click to expand...
Click to collapse
Also Limit is 98... no idea how many GPIOs are in modern handset...

QXDM Logging work... with S8500.
Code:
MSG Factory Test Mode/High
15:31:24.222 QMochaBattery_fuel_gauge.c 01512
[B]Fuel Gauge[/B] SOC I2C Read Sucess, reg 0x4
Best Regards

Maybe soon we have more skilled QC users with S8600.
Welcome.
Best Regards

have you got FTM program for FTM mode ?
https://rapidshare.com/files/3344313793/qpst_ftm_eval_6.10_818.rar

QPST I found 2.7.368
QXDM 3.12.714
Both untested with S8600...
have you got FTM program for FTM mode ?
Click to expand...
Click to collapse
I think this is older stuff, removed from QPST... since 2006 or something like this.
Thanx.
Best Regards

QPST saved my little Bu..
I've lost all my NV items and was not able to restore Full dump via JTAG...
But step by step my S8500 is now alive again.
I can confirm, that all NV items are restoreable, which I have backuped via QPST.
Around 306...
Maybe it depend if full erased like my handset... if writeprotected or something like this...
Best Regards

What will happen with network lock if i change imei to all zeros with this tools? Is it calculated in real time and it depends from imei or it is just in some protected part of phone? Is any other way for unlocking with this tools?
Adfree I know that you don't support unlocking, but I have my phone more than 12 months, I don't have warranty any more and i want to start using custom firmwares and to learn something new. Unlocking is to expensive for me.
Please help me if you can, i would be very grateful, off course i'm respecting your work and your attitude very much and i will delete my post immediately if you want.
Many thanks.

hi adfree,
i have a problem with my phone, Kies doesnt recognize my phone's firmware and says my device is not supported for firmware upgrades even i have the official Bada 1.2 firmware for Philippines.
My previous firmware is S8500XXKL6 Bada 2.0 but since there's a lot of bugs on this firmware, ive switched back to the official Bada 1.2 firmware from Ph.
First, ive flashed to DXKE1 full firmware (CSC is Open Asia) then i flashed to DXKF1 with a CSC of XTC (one of the CSC for Philippines).
Ive checked my Product Code but my product code in Kies registry is S8500BAAKOR.
What's wrong with my phone that's why Kies doesnt recognized my firmware? Is that because of the wrong Product Code?
Can i modify the product code in Kies registry in change KOR to XTC?
Pls advise.
Thanks

Can i answer please ?
Thank you
Go to this topic : http://forum.xda-developers.com/showthread.php?t=1333956&highlight=hack
It is Adfree Tutorial so don't worry
Best Regards

Please, can someone confirm.
How to set S8600 to work in Qualcomm Mode?
Thanx in advance.
Sorry, I can't try self... no S8600.
Best Regards

According to this...
http://forum.xda-developers.com/showpost.php?p=24208953&postcount=56
I was able to set my S8500 to Test Mode...
No idea yet. For what it is...
Simple... WinComm shows:
Code:
__OemNvGetStringModem: ModemNv Item id is 10071, return GT-S8600HKAXEF
__OemNvGetIntModem: ModemNv Item id is 10072, return 65535
So I have used RevSkills to set NV item 2758 to 01...
Before it was 00
Maybe 02 is also Mode? No idea yet.
But first succes for me. Now my S8500 can work again with Kies.
If I used faked S8600 apps_compressed...
Before my F. Kies not connected on 2 PCs if I have changed my apps_compressed...
Best Regards

At the moment I am playing with Jet S8000...
Here it is possible to access EFS via QPST...
Best Regards

About S8600...
I have NOT found way or Code to set S8600 in Qualcomm Mode...
Maybe someone else have an idea...
Thanx in advance.
Best Regards
Edit 1.
http://forum.xda-developers.com/showpost.php?p=30900694&postcount=222
QPST Build 378 ...

Found for S8600... later more...
Best Regards
Edit 1.
Code:
*#8720#
AP USB / CP USB.
:good:
Taken from here:
http://www.mysamsungwave.com/index.php?topic=85.0
Now I was able to backup NV items...

In "alternate Mode" EFS Explorer shows all folders on S8600...
Also short tested QXDM... but with old Version...
Best Regards

Related with adfree post in other thread about bluetooth in S8530 investigation I come to this one I have installed QXDM and tested. I have just ubuntu; QXDM tested in WinXP over VirtualBox
Steps in S8500:
-*#8720# to activate "Qualcomm mode" (again to return to normal mode)
-Qualcomm drivers from this thread (Files.rar attachment)
-Looking for NV items related with bluetooth, found this
http://forum.xda-developers.com/showthread.php?p=33233244&highlight=bluetooth#post33233244
2839^"Bluetooth Active"^"Factory*"
2840^"Bluetooth Visible"^"Factory*"
2841^"Bluetooth SAP Enable"^"Factory*
4525^"Bluetooth Disabled"^"Debug*"
But they seem not active in S8500: QXDM Read button says "NV Status Error Received: Item Inactive". BlueTooth logs shows no info, not even mac address.
So Bluetooth in S8500 seem just managed by bcm4329 chip.
Maybe with QXDM we can get some "other processor logs" related with Bluetooth operations, but I am not very confident about that

NV Status Error Received: Item Inactive
Click to expand...
Click to collapse
Caution!
QXDM shows you little overview about "standard" NV items...
OEMs like Samsung can do their own stuff...
But since 2001 I think, really Standard NV items are:
NV item 447 for Bluetooth address
and IMEI
NV item 550
This is also working for S8500 + S8530 and many other handsets in year 2013... Qualcomm based.
If you activate an inactive NV item. Then you could do bad things to your handset...
Because few items then brick your handset... Bootcycle for instance...
It is really hard to erase or change few NV items, because WRITE Protection and few other ugly Security thingies... remember IMEI...
You can backup few NV items with QPST... as QCN file... with Tool Software Download BACKUP
Result looks like this:
Code:
File Version: Major 2, Minor 0, Revision 0
File Summary:
Phone Model: 19 [QSC6270/QSC6240], Configuration Name: default, Total NV Item Count: 305
Phone Model 19 [QSC6270/QSC6240] Configurations:
Configuration Name: default
Mobile Properties:
ESN: 0xDEADD00D
Phone Model: 19 [QSC6270/QSC6240]
NV Major: 0
NV Minor: 0
SW Version: Q6270B-KPUBL-1.5.45072S
Client Name: QPST Software Download 2.7.0.348
Feature Mask:
Bit 9: F_PREFERRED_ROAMING_BIT
Bit 11: F_DIAG_ORIG_CALL_BIT
Bit 46: F_UI_SHOW_DROP_CALL_BIT
Bit 48: F_UI_PWR_KEY_ALT_BIT
Bit 81: F_DS_BIT
Bit 91: F_UI_PRL_VER_BIT
Bit 94: F_MULTIPLE_RINGER_TYPES_BIT
Bit 109: F_MC_TIMER_FIX_BIT
Bit 150: F_LPM_BIT
Bit 171: F_IS683A_PRL_BIT
Bit 200: F_NV_TWO_NAMS_RL_SMALL_BIT
Bit 206: F_ODIE_FONT_BIT
Bit 216: F_EVRC_BIT
Bit 269: F_TCXO_CLOCK_BIT
Bit 281: F_UART_POWERDOWN_BIT
Bit 283: F_FAST_WARMUP_BIT
Bit 296: F_SBI_BIT
Bit 300: F_EVRC_ADSP_BIT
Bit 301: F_VOCODER_MANAGER_BIT
Bit 335: F_AUTOBAUD_BIT
Bit 336: F_512KBYTE_RAM_BIT
Bit 340: F_UI_ANIMATE_CHARGE_BIT
Bit 341: F_NSOTASP_BIT
Bit 350: F_UI_DL_ROAM_MSG_BIT
Bit 358: F_MINIBROWSER_BIT
Bit 363: Unknown
Bit 367: Unknown
Bit 371: Unknown
Bit 375: Unknown
Bit 376: Unknown
Bit 377: Unknown
Bit 379: Unknown
Bit 380: Unknown
Bit 381: Unknown
Bit 387: Unknown
Bit 390: Unknown
Bit 391: Unknown
Bit 423: Unknown
Bit 424: Unknown
Total Set Bits: 39 of 432
Roaming Lists:
NV Items:
NV item: 10 [NV_PREF_MODE_I], index 0
NV_PREF_MODE_I 0: 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00
NV_PREF_MODE_I 1: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
NV_PREF_MODE_I 2: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
NV_PREF_MODE_I 3: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
NV_PREF_MODE_I 4: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
NV_PREF_MODE_I 5: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
NV_PREF_MODE_I 6: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
NV_PREF_MODE_I 7: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
NV item: 256 [NV_PRL_ENABLED_I], index 0
NV_PRL_ENABLED_I 0: 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00
NV_PRL_ENABLED_I 1: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
I have no idea, how good XP work in Virtual machine...
Its dangerous to have accident during read/write access to NV...
For instance I can only repair few mistakes with JTAG...
Best Regards

[DEV] Oem channel Id Modifier

Hi everydbody,
i'm working on a software to change oem and channel id for windows store (8.0, maybe 8.1...)
i've managed to see surface pick, or lenovo pick on my asus vivotab, but i don't know other oem channel ID.
in order o make a database, i need help !
could you go to: (win+R)
%localappdata%\Packages\WinStore_cw5n1h2txyewy\AC\Microsoft\Windows Store\Cache\0
and post in reply this file with your pc model in comment :
0-Channel-https∺∯∯next-services.apps.microsoft.com∯browse∯6.2.9200-1∯670∯Channel.dat
this file doesnt contain any personal data, juste channel and Oem ID
thanks!

feherneoh said:
09 AA 98 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Lenovo B560
Click to expand...
Click to collapse
Hi ferneoh
thank you, if you replace 09 AA 98 by 97 C5 98 for exemple you willhave access to samsung picks.... but i can't download from oem store for now...

My Surface RT only have file "0-Channel-https∺∯∯next-services.apps.microsoft.com∯browse∯6.2.9200-1∯670∯Channel∯Surface%20RT.dat"
ฺู™  0 0 0 0 1 0 9 8 9 4
That all from it.

That file is a binary data file. Opening it notepad doesnt represent the actual data (although it does attempt to parse it as plain text anyway).

I'd love to be able to use this to install Nokia's proprietary apps onto my Surface... please make this happen!

Anyone looked into this, yet?