Related
Hello Everyone,
There is a very excellent forum topic for Linux on the Universal (http://forum.xda-developers.com/showthread.php?t=251584). I was wondering if we could start a similar one for the Blue Angel. I recently installed Opie II (Qtopia) on my Blue Angel from http://www.linuxtogo.org/~htcpxa/ and it looks good, I was just wondering what the status was.
Thank you,
Tim
Hmmm, this looks interesting.
So from my reading of the Universal thread and the scant txt files I have found do I take it you copy the Haret and image files to the root of your sd card and then run haret?
Looks easy... too easy!
Steve
I have tried to start linux with different linux images on my blue angel but without success.
Maybe linux couldn't run with windows mobile 6 pro on blueangel ?
harat cans start but X-Windows (and Opie ...) freezes. Does anyone have the same experiences ?
Which files do I need to copy to the SD card? There is a .rar.gz file, do I need to extract that file in my computer? Thanks.
i haved used some images from here:
http://www.angstrom-distribution.org/unstable/autobuild/htcblueangel/
zImage-2.6.21-hh20-r6-htcblueangel.bin
and it works.
But there is no wifi driver loaded.
My question is how can i insert/load wifi driver to this image ?
http://www.algepop.net/users/alge/angstrom-ba/images/htcblueangel/
it works.
But linux seems slower as windows mobile.
knopper said:
But linux seems slower as windows mobile.
Click to expand...
Click to collapse
linux is only the kernel. GPE seems to be slower than wince.
Try qtopia, it writes directly to the framebuffer, so it is the
fastest linux phone GUI.
Linux PC needed
Any way to install Linux on the BA without a Linux PC? I'd like to try Linux but I only have a Windows Vista PC
Problem with Qtopia not Recognizing SIM
Hello Everyone,
I loaded Qtopia on my BA and it works pretty good, but it doesn't recognize the SIM card and it says "No Modem Connection" and "No VoIP Connection." Any idea how to fix this?
Thanks,
Tim
kowloon_chan said:
Which files do I need to copy to the SD card? There is a .rar.gz file, do I need to extract that file in my computer? Thanks.
Click to expand...
Click to collapse
Follow the instructions here:
http://www.handhelds.org/moin/moin.cgi/BlueAngelHowtoInstallLinux
But get the files from here:
http://www.linuxtogo.org/~htcpxa/
i will try Qtopia ...
tim273 said:
Hello Everyone,
I loaded Qtopia on my BA and it works pretty good, but it doesn't recognize the SIM card and it says "No Modem Connection" and "No VoIP Connection." Any idea how to fix this?
Thanks,
Tim
Click to expand...
Click to collapse
The same happens to me, but phone works OK for this build whith GPE "http://www.algepop.net/users/alge/an.../htcblueangel/"
Log as root and start "Phone" app (is gomunicator).
I tried Qtopia (http://www.linuxtogo.org/~htcpxa/) and GPE. GPE seems more intuitive for me.
Hi, there!
I already tried everthing to get my phone workin but still get no success
I think there is a problem with my audio cause it mostly even plays no sound
i already tried booting with haret while playing a sound or maybe its a wm6 problem?
maybe anyone knows?!
greets
newest gpe based soft doesn't allow calling. Starting gomunicator it says 'cannot open connection to phone module in /dev/ttyS0: permission denied'.
I've been trying and searching for the correct /dev/ttySx, but none of them seem to work.
Anyone using a working gpe setup, where gomunicator works?
Can you let me know where to set what config option?
Thanks!
bkortleven said:
newest gpe based soft doesn't allow calling. Starting gomunicator it says 'cannot open connection to phone module in /dev/ttyS0: permission denied'.
I've been trying and searching for the correct /dev/ttySx, but none of them seem to work.
Anyone using a working gpe setup, where gomunicator works?
Can you let me know where to set what config option?
Thanks!
Click to expand...
Click to collapse
/dev/ttyS0 is correct for the GSM
You need to apply some patches and changes that you can see at http://www.handhelds.org/moin/moin.cgi/BlueAngelHowtoInstallLinux , section "Some setup hints"
See below ...
The phone speaker will be silent during calls until you set the mixer settings of "Output Mux" to "Mixer", either via alsamixer or by using a proper /etc/asound.state file (eg. http://www.algepop.net/users/alge/angstrom-ba/asound.state).
Even with a correct /etc/asound.state file you have to restore that state before running the phone application (tested with gomunicator):
/etc/init.d/alsa-state start
It seems that after a suspend/resume cycle the mixer value needs to be set again.
If you dont run gpe as root (by creating a user on the first startup), you have no access to the serial device /dev/ttyS0. fix this by adding group "dialout" to addgroups line of /etc/gpe/gpe-login.conf so that it contains:
addgroups audio,video,dialout
Please, let us to know if it works for you.
I'm considering to prepare an installation with the Albrecht's patches ( http://www.algepop.net/users/alge/angstrom-ba/images/htcblueangel/ ) and put it on some server. It's the BA Linux that worked better for me.
Searching posts, it seems that cr2 and goxboxlive has more experience on this port.
Hi,
I just upload a new version with phone support + some tools. Phone support is still in developpement ( phone call/receive works, but only sms receive works ) GPRS is working too. Just change your current GPRS profile password and DNS.
I'll try to upload later an image like it is done on HTC Unviersal with an autoinstall.
http://linuxtogo.org/~htcpxa/htcblueangel/Qtopia.
Notice that actually this works fine on Blueangel Board ID 5.
To remember what is your board id please look here http://wiki.xda-developers.com/index.php?pagename=BlueangelBoardIDs or just start linux image and look at cat /proc/cpuinfo.
And to finish Qtopia is faster than Windows Mobile
Good luck
Fabrice
Hi Fabrice.
I tested your build. It's really great and fast, thanks!
I have some questions: when I make/receive calls I can ear the other part but I need to cry to the microphone if I want that the other part ears me. You noticed something similar?
Also I don't know how to suspend/resume with this version. With algepop's GPE it worked (sometimes) for me.
My board id is 0x5
Greets.
Ángel
aperles said:
I have some questions: when I make/receive calls I can ear the other part but I need to cry to the microphone if I want that the other part ears me.
Click to expand...
Click to collapse
I think qtopia is not sending some AT command to the phone which adjusts the mic gain.
aperles said:
Hi Fabrice.
I tested your build. It's really great and fast, thanks!
I have some questions: when I make/receive calls I can ear the other part but I need to cry to the microphone if I want that the other part ears me. You noticed something similar?
Also I don't know how to suspend/resume with this version. With algepop's GPE it worked (sometimes) for me.
My board id is 0x5
Greets.
Ángel
Click to expand...
Click to collapse
Yes, microphone need some attention, need to look at it. Have to look like cr2 say around AT command.
For your suspend issue it is because Qtopia is set to shutdown alone after some seconds by default, just look in Settings-> LIgh icon -> battery and set greater value.
Actually i don't know why power button as no effect for suspend. Anyway it works to power on device after suspend just press it and be carefull to check if your backlight settings are ok ( i do this mistake many times ).
In next version i just add support for messenging system and try to look at power button too.
regards
Fabrice
I'd love to try Qtopia on my BA, but I'm running Vista on my laptop...not Linux...is there any other way to do this from Windows?
Hi hackers,
Version 2.1 of DeployProvXML is here, and should be more robust than the previous version:
1: The CustClear.provxml file is now copied both using the filesystem DLL (like v1) and using XML provisioning (hopefully works aroudn the HTC update blocking filesystem access.
2: The CustClear.provxml file is now self-chaining. Really, this time - so long as you run the program *once*, you can even change the included CustClear.provxml, re-deploy, and run Connection Setup; your new version will then be copied to \Windows. (Re-run CS to actually process your new version). No more need to re-run DeployProvXML after each use of Connection Setup!
3. The program now contains more diagnostics. It sets a registry value at launch (using ComRegRW.DLL), changes that registry value (using provxml) when deploying the file, and changes it again when the deployed file is processed by Connection Setup (as part of the CustClear.provxml). It also checks that the value is as expected avter deploying.
REQUEST:
Anybody who has an interop-unlocked HTC phone with the latest official HTC update (meaning you can't use TouchXplorer anymore), please run this app, then run Connection Setup, then use a registry editor to check the key HKCU\Software\DeployProvXML. It should have a value, LastOperation. Please include the data in the value (or the fact that it doesn't exist) with your reports. Thank you!
Description:
Another handy little utility for people with HTC phones, this app simply copies a CustClear.provxml file from its install directory to \Windows, then exits. The idea is to make sure that you're never without at least a basic file that can be used by Connection Setup to unlock your phone. New in v2, every time you run Connection Setup, the file will automatically restore itself to the Windows directory. This ensures you'll never accidentally get caught with a locked phone after an upgrade or something!
The included Provxml has three parts. However, you can customize it however you like by opening the XAP file and editing the embedded provxml. The parts are:
1: Applies the registry settings to unlock the phone, including Interop-Unlock.
2: Applies a test value in the registry, at HKCU\Software\DeployProvXML. This value is harmless but can be used to test if the app is working.
3: Chain-copies itself from DeployProvXML's install folder into Windows again, replacing the copy that Connection Setup consumes.
Note that this program does not actaully apply the provxml, merely copies it to where Connection Setup expects to find it. It should close immediately after starting; this is not a bug. If you see a dialog box instead, something went wrong and you should report it below!
This program is only going to work on HTC phones, since it uses the HTC DLLs for provxml, file access, and registry. It is a 7.0 app but is compatible with Mango if you have Interop Unlock already.
XAP is in DeployProvxml\bin\debug. Source included for those interested.
Do you think a deployer for OMNIA 7 is possible ?
Maybe with a .dll of WP7 Root Tools ?
So users who didn´t prepare their device for our OnDevice provxml app under NoDo could also enable this feature...
contable said:
Do you think a deployer for OMNIA 7 is possible ?
Maybe with a .dll of WP7 Root Tools ?
So users who didn´t prepare their device for our OnDevice provxml app under NoDo could also enable this feature...
Click to expand...
Click to collapse
This has been solved I can finally test the app myself now. I changed the path to copy the provxml from the iso storage of the app instead of the provxml folder.
Interop.Services
Just read this http://translate.google.com/transla...oducing-windows-phone-7-5-native-programming/
Any joy?
Looks cool, but I'll need to investigate further. It has definitley been reproted that Homebrew apps without ID_CAP_INTEROPSERVICES don't work even in Mango. It sounds like this guy is maybe using a marketplace signed DLL, though? Not sure - the translation isn't great. He's working from an app that I've never explored, and that appears to be specific to the Japanese Mango phone.
how do we use it. will it permanently unlock when we update to official Mango?
Ttblondey said:
how do we use it. will it permanently unlock when we update to official Mango?
Click to expand...
Click to collapse
Install app in NoDo.
Run in once.
Upgrade to Mango.
Run the Connection Setup app (from Marketplace).
Hit "OK" in Connection Setup.
Your phone is now dev-unlocked and will not automatically relock. Additionally, you can now install Mango homebrew.
I suggest you then run DeployProXml again, since installing an update, even something like a HTC firmware update, may re-lock the phone. So long as you've run DeployProvXml since the last time you ran Connection Setup, though, you can unlock again.
If this helps, please hit Thanks!
piaqt said:
Just read this http://translate.google.com/transla...oducing-windows-phone-7-5-native-programming/
Any joy?
Click to expand...
Click to collapse
he does pretty much the same from what I read. You just use oem dll's and have some native functions to work with. f/e htc has file operations + regoperations + provxml, samsung has regoperations + provxml (trough which you can do regops). This manufacturer dll probably contains fileops as well, which is nice since there might also be a chance that there will be a working provxml method and with the fileops you can copy the provxml files to the desired location. In theory ofcourse.
Marvin_S said:
he does pretty much the same from what I read. You just use oem dll's and have some native functions to work with. f/e htc has file operations + regoperations + provxml, samsung has regoperations + provxml (trough which you can do regops). This manufacturer dll probably contains fileops as well, which is nice since there might also be a chance that there will be a working provxml method and with the fileops you can copy the provxml files to the desired location. In theory ofcourse.
Click to expand...
Click to collapse
There are two differences that are worth noting, though.
A) This is a phone that came with Mango. There was never any chance to unlock it for Mango homebrew. It blocks apps with ID_CAP_INTEROPSERVICES - something we had to work around with registry edits.
B) Related to A, he can call native code without having ID_CAP_INTEROPSERVICES. This isn't supposed to be possible at all. Makes me wonder if he's actually calling anything in the DLL or if he's just loading the COM object but not using it and calling that success.
GoodDayToDie said:
There are two differences that are worth noting, though.
A) This is a phone that came with Mango. There was never any chance to unlock it for Mango homebrew. It blocks apps with ID_CAP_INTEROPSERVICES - something we had to work around with registry edits.
B) Related to A, he can call native code without having ID_CAP_INTEROPSERVICES. This isn't supposed to be possible at all. Makes me wonder if he's actually calling anything in the DLL or if he's just loading the COM object but not using it and calling that success.
Click to expand...
Click to collapse
Ahh yeah your right. Yeah I realy wonder what the trick behind it is and if he manages to install it.
Something else I have not tried yet, but what happens if you deploy it without the id_cap and than run it. It will not work obviously, but what happens if you redeploy with the tag in? Will it still get rejected? Because the phone rejects the app I think.
Hey, the ZIP contains a folder, which, if I package into a XAP, fails on deployment. What's the best way to get this packaged into a usable XAP?
trying to figure out how to install this app.
@thesecondsfade:
Bottom line of the first post:
"XAP is in DeployProvxml\bin\debug. Source included for those interested."
I distribute most of my apps this way, unless the source is really big and the XAP alone is a significantly smaller download for some reason.
@Ttblondey:
Is your phone dev-unlocked?
Is your phone either pre-Mango, or interop-unlocked?
Do you have a XAP deployment program and the Zune software?
GoodDayToDie said:
@thesecondsfade:
Bottom line of the first post:
"XAP is in DeployProvxml\bin\debug. Source included for those interested."
I distribute most of my apps this way, unless the source is really big and the XAP alone is a significantly smaller download for some reason.
@Ttblondey:
Is your phone dev-unlocked?
Is your phone either pre-Mango, or interop-unlocked?
Do you have a XAP deployment program and the Zune software?
Click to expand...
Click to collapse
My TouchXplorer does not work anymore after updating to the official Mango, though my phone is still unlocked. This XAP will definitely helps if new firmware/updates come along to deploy Provxml to /windows.
I've installed it but how can I verify if this is being installed/copied to /windows?
GoingInside said:
My TouchXplorer does not work anymore after updating to the official Mango, though my phone is still unlocked. This XAP will definitely helps if new firmware/updates come along to deploy Provxml to /windows.
I've installed it but how can I verify if this is being installed/copied to /windows?
Click to expand...
Click to collapse
This app uses the same DLL as TouchXplorer, which means it doesn't work either (I wrote a number of apps using that DLL, including a backup tool, and none of them can see any files anymore). I'm not sure exactly what was changed, but yeah, they broke it. My hope is that Heathcliff74's WP7 Root Tools will restore file browsing on HTC soon.
As soon as I finish restoring my phone, I'll try writing a version of the app that uses ProvXML to copy the file, instead of ComFileRW.dll (which no longer works if you get the final HTC update). Using ProvXML is limited in some ways - you can't browse the filesystem, for example - but it works great for this type of operation.
i'm on force unlock from Ansar's thread with Pedbe way final mango.Been trying to use advancedconfig 1.3,1.4 battery meter it don't work anymore.Good thing I can sideload(that's important)
GoodDayToDie said:
This app uses the same DLL as TouchXplorer, which means it doesn't work either (I wrote a number of apps using that DLL, including a backup tool, and none of them can see any files anymore). I'm not sure exactly what was changed, but yeah, they broke it. My hope is that Heathcliff74's WP7 Root Tools will restore file browsing on HTC soon.
As soon as I finish restoring my phone, I'll try writing a version of the app that uses ProvXML to copy the file, instead of ComFileRW.dll (which no longer works if you get the final HTC update). Using ProvXML is limited in some ways - you can't browse the filesystem, for example - but it works great for this type of operation.
Click to expand...
Click to collapse
Ok, guess I'll have to wait for the experts (Heathcliff74 and you etc) to solve this HTC drive update issue. Thank you!
GoingInside said:
Ok, guess I'll have to wait for the experts (Heathcliff74 and you etc) to solve this HTC drive update issue. Thank you!
Click to expand...
Click to collapse
@GoingInside, and anybody else in the same boat (latest HTC update installed, filesystem browsing broken), please try the latest version (v2, now on the initial post)! After running the app once, run Connection Setup and hit OK. After you do that, use a Registry Editor to check for the presence of the following registry key: HKCU\Software\DeployProvXML.
Please report whether that key is present. If it is, that means the app is fully functional even with the latest update!
I only have a NoDo Backup (my phone came with nodo) - can I get the interop unlock trough dev unlocking the phone and then running our app?
nvm, I am now downgrading to NoDo and Will then update to the HTC RTM (the one that Comes via zune). As soon as I am there I will tell you if i had luck with it or not (I hope I can interopunlock on NoDo as the 3 apps sideloadlimit is crap)
Update 1: I am on NoDo and I started your app. It cloesd, i went to Connection Setup and ran it. Will check if the registry value is there as soon as some XAPs are deployed (first time that I can deploy more than 3 XAPs )
Update 2: Now going trough the Beta - RTM - HTC Update Update marathon. Will Report back as soon as I am on HTC's RTM
GoodDayToDie said:
@GoingInside, and anybody else in the same boat (latest HTC update installed, filesystem browsing broken), please try the latest version (v2, now on the initial post)! After running the app once, run Connection Setup and hit OK. After you do that, use a Registry Editor to check for the presence of the following registry key: HKCU\Software\DeployProvXML.
Please report whether that key is present. If it is, that means the app is fully functional even with the latest update!
Click to expand...
Click to collapse
Unfortunately, it seems that the new XAP (v2) doesn't work as well. Copy and deploy the latest DeployProvXML.xap (dated 5/10/2011) to my HTC trophy. After running Connection Setup, I can't find the registry key: HKCU\Software\DeployProvXML. I only found MICROSOFT under HKCU/Software/.
But please continue your research into this. THANKS!
HTC new drivers Mango Rom will not allow old system apps to get root access, like TouchXplorer does not work on 4.xx above roms.So these days i found a way to make my custom rom based on htc 5.10 rom work perfect with old system apps.
Step 1
get an old htc offical rom, like 1.xx, get a htc offical 4.0x rom.dump them.copy HTCFileUtility.dll and HTCRegUtility.dll from 1.xx rom dump, and HTCProvisionDrv.dll from 4.0x rom dump.(they are both in OEM\HTC_AppDrivers)
Step 2
use the three files(modules) copied above to replace your custom rom, if u are using 4.0x rom as your base skip step 3.
Step 3
replace the ApprovedlistDB.db(in OEM\CSConn_DB) by my uploaded one.
Step 4
use OSBuilder to relloc your modules, or relloc them by yourself(just like me, cause OSBuilder is hard for me to understand how to use it)
Step 5
package your custom rom, and flash it, then you will get a new rom that TouchXplorer and RegistryEditor(this works much faster than before) can work like charm
Step 6
thx DFT bring us HSPL & Julien Schapman bring us magic system tools!
remarkable,thx 4 sharing
Would be awesome if there was a way to restore the old versions in-place without re-flashing the whole phone. CAB maybe? I don't think you can overwrite ROM modules any other way. I've avoided installing the latest HTC updates because I've written a couple apps that rely on the File and Reg DLLs, but that also means I don't have things like the Connected Media app working.
GoodDayToDie said:
Would be awesome if there was a way to restore the old versions in-place without re-flashing the whole phone. CAB maybe? I don't think you can overwrite ROM modules any other way. I've avoided installing the latest HTC updates because I've written a couple apps that rely on the File and Reg DLLs, but that also means I don't have things like the Connected Media app working.
Click to expand...
Click to collapse
if you can put files in \windows folder, and change reg key under HKLM\Drivers\BuiltIn\, you can make it works without flash a rom.
cause we could get drivers from htc orginal update cabs then rename them to put into \windows folder and change reg key to make these drivers load, no need to replace.
Well, if you care about this at all, you're already interop-unlocked.
If you're interop-unlocked, then you can set registry values and move files (using provxml).
So... yes, this sounds pretty exciting. Having the official HTC updates but still being able to use TouchXplorer would be awesome.
So, would it just be a matter of copying the old files under new names to the Windows folder and changing the "Dll" value of "HKLM\Drivers\BuiltIn\HTCFileUtility" and such? Or would something need to be done with the DB as well? I'm not sure if that can be changed on a running device.
Tell me what needs to be done and I'll create a tool to do it.
GoodDayToDie said:
Well, if you care about this at all, you're already interop-unlocked.
If you're interop-unlocked, then you can set registry values and move files (using provxml).
So... yes, this sounds pretty exciting. Having the official HTC updates but still being able to use TouchXplorer would be awesome.
So, would it just be a matter of copying the old files under new names to the Windows folder and changing the "Dll" value of "HKLM\Drivers\BuiltIn\HTCFileUtility" and such? Or would something need to be done with the DB as well? I'm not sure if that can be changed on a running device.
Tell me what needs to be done and I'll create a tool to do it.
Click to expand...
Click to collapse
you are on the way, m8.
get drivers from htc update cab, then u'll get files not modules
Code:
[HKEY_LOCAL_MACHINE\Drivers\BuiltIn\HTCFileUtility]
"Dll"="HTCFileUtility_new.dll"
if you make new HTCFileUtility.dll work, you will have enough power to replace files.
then make your new reg drivers work.
Code:
[HKEY_LOCAL_MACHINE\Drivers\BuiltIn\HTCRegUtility]
"Dll"="HTCRegUtility_new.dll"
[HKEY_LOCAL_MACHINE\Drivers\BuiltIn\HTCProvisionDrv]
"Dll"="HTCProvisionDrv_new.dll"
thanks for sharing, waiting for this method for along time.
Thanks ted. I'll update my backup (so I can roll back to working version if I need to) and go hunt down those files.
I don't think I'll need to overwrite HTCProvisionDrv, the current version seems to work just fine. In fact, if it doesn't, there won't be any way to do the overwrite. It's just the registry and filesystem drivers that were broken.
Now I'm wondering what the other HTC drivers do. There's a specific one for Connection Setup and for HTC YouTube, plus drivers for "HTCBgService" (a way to run tasks in the background, I assume) and "HTCVersionUtility" (probably not useful, but maybe?). It would be interesting to examine the APIs of those.
For that matter, it would be interesting to examine the API of things like the provision driver. It appears to have full permissions, but the DMXMLCOM.DLL library used to interface with it has a fairly limited API (no way to get the result of a provxml query, for example). Talking directly to the driver may work better.
Anyhow, off to find the correct CAB!
Sounds pretty awesome! New drivers in Mango with support for old apps - cool! Really hoping for a tool to do this, i've never cooked my own ROM, I solely rely on the experts for this
Hi Ted (or anybody), do you knwo where I can get the pre-Mango HTC cabs? All the cabs I've been able to find are for the Mango HTC updates, and have the wrong versions of the files.
EDIT: Found some that might work. They aren't labeled but the datestamp is from January.
Pretty sure xboxmod has a thread with all the official cabs linked somewhere on xda.
Sent from my HD7 T9292 using XDA Windows Phone 7 App
Thanks. I'll see if the files I found work. They're old enough, and are supposedly from an official update, but it's hard to be sure. Their file sizes are different from the ones in the latest update, but not by much.
The real trick, of course, is seeing whether I can install my own drivers at all or not. I know I can place files and change registry values, we just have to see if the phone will use them.
ted973 said:
HTC new drivers Mango Rom will not allow old system apps to get root access, like TouchXplorer does not work on 4.xx above roms.So these days i found a way to make my custom rom based on htc 5.10 rom work perfect with old system apps.
...
Click to expand...
Click to collapse
Any chance you would release your custom ROM? Can you make one for Trophy, only one using 5.10 version are Ansar's, your's sounds nicer!
Well, I didn't find Xboxmod's cabs, so I'm using the ones linked in Heathcliff74's thread. Unfortunately all the reliable ones are pretty recent, so I don't think they'll work. Last resort I'll try pulling them off my phone's filesystem, but that gets weird with modules.
I've successfully broken TouchXplorer and Connection Setup, and then fixed them again. I think this constitutes progress. Next step: try some older drivers, and see if I can install them without breaking anything. If so, then I'll try updating my phone with the official HTC update, and see if it's still working. If so, I'll clean up the XAP a little and publish.
EDIT: Additional discovery: Connection Setup relies on HTCFileUtility.dll. Installing the broken FileUtility driver causes Connection Setup to complain that there's no database installed on the phone, and then quit. Now I *really* wonder what HTCConnectionSetUp.dll is used for. Also, I'm not gonna touch the Provision driver unless I have to; this testing takes long enough when every step requires a reboot. If I mess up the provision driver I'll probably need to restore the phone backup.
EDIT2: The new HTCConnectionSetUp.dll driver is several times the size of the old one, but it doesn't seem to change how Connection Setup works when I use it. In particular, it still processes CustClear.provxml.
EDIT3: Still not working, even with very old drivers (January). I have a few possible ideas as to why, but it looks like I may need to run this with drivers from my "working" phone instead of from a CAB.
OK, I haven't been able to get this working with any of the DLLs I've been able to pull from CABs, and the DLL modules on the filesystem can't be moved, renamed, or read (ERROR_ACCESS_DENIED when I try to read one using ComFileRW.dll).
I either need the right CAB, the special sauce to make it work with the wrong CAB, or a way to extract those modules as files. I suspect it's at least partially a "special sauce" situation - the errors I get when I try using different drivers are not the same as the errors I get with the official update that breaks third-party apps trying to use those drivers.
I would *REALLY* appreciate some assistance with this. It has the potential to provide an easier interop-unlock (if the official update doesn't reset the driver DLL paths) and even if that doesn't work, it would be a big step forward for HTC homebrew. However, I know nothing about ROM assembly - not even how to extract a file from a shipped ROM. I'm trying to learn, but if somebody wants to point me in the right direction that would be a big help.
EDIT: I managed to extract the ROM module (took some doing; HTCRIE will crash at the drop of a hat if you aren't careful). I can't rebuild the file though - recmod doesn't seem to like it.
if you can use Provxml i have some way to replace module in \Windows dir
1.
<wap-provisioningdoc>
<characteristic type="Registry">
<characteristic type="HKLM\System\Explorer\Shell Folders">
<parm name="My Ringtones" value="\Windows" datatype="string" />
</characteristic>
</characteristic>
</wap-provisioningdoc>
Click to expand...
Click to collapse
copy this to notepad and save as File.Provxml file
2.Install DiagProvXMLv0.91
3.Use Chevron Ringtone Installer to copy .Provxml to your phone
4.Run DiagProvXML and go to " File Operations" tab , select Copy (to isoStore)
in Source Path use
\My Documents\My Ringtones\
Click to expand...
Click to collapse
and Source File use
File.Provxml
Click to expand...
Click to collapse
,,
Press (+) to save ,,
and now go to provxml tab and Press Publish (disk icon) ,,
go to iso store tab and Hold press at File and select Excute ,,
restart your phone and now you can use Chevron Ringtone installer to Add File you need to \Windows\ (sure as module , and defaultcert.dat for cab sender)
Best Regard
PPJD
@peeks20: Thanks (sort of) but your method is both overly complicated and doesn't solve the actual problem. If you're already interop-unlocked (and you have to be, to use DiagProvXML), then it's trivial to write a small app that just uses DMXMLCOM.dll to process whatever provxml commands you want. That includes copying files to the Windows directory.
The problem is that I'm not sure what file to copy, and I'm not sure it'll work even if I have the right file (I've tried multiple official files from various update CABs, and none of them have worked). There's probably either a version-matching function that's getting in the way, or a database somewhere that needs to register the new drivers (beyind just changing the path in the Dll value in the registry). Heck, maybe it's both. The point is, it doesn't work.
Now, if there's something about deploying the files using the Chevron ringtone installer instead of using pvroxml that will make all the difference, that would be cool. I really doubt it, though. The files copy just fine, and can be accessed and opened. They jut don't actually work. I get the same errors as if I point the Dll path in the registry to completely bogus paths ("Dll"="ThisFileDoesNotExist.dll").
GoodDayToDie said:
@peeks20: Thanks (sort of) but your method is both overly complicated and doesn't solve the actual problem. If you're already interop-unlocked (and you have to be, to use DiagProvXML), then it's trivial to write a small app that just uses DMXMLCOM.dll to process whatever provxml commands you want. That includes copying files to the Windows directory.
The problem is that I'm not sure what file to copy, and I'm not sure it'll work even if I have the right file (I've tried multiple official files from various update CABs, and none of them have worked). There's probably either a version-matching function that's getting in the way, or a database somewhere that needs to register the new drivers (beyind just changing the path in the Dll value in the registry). Heck, maybe it's both. The point is, it doesn't work.
Now, if there's something about deploying the files using the Chevron ringtone installer instead of using pvroxml that will make all the difference, that would be cool. I really doubt it, though. The files copy just fine, and can be accessed and opened. They jut don't actually work. I get the same errors as if I point the Dll path in the registry to completely bogus paths ("Dll"="ThisFileDoesNotExist.dll").
Click to expand...
Click to collapse
i uploaded HTC Appdrivers from Mozart 1.32 & 4.06 update cabs, maybe you can continue your test
Thanks, I'll give them a try. However, I've got to ask - what is Approvedlist.db, and if you have to modify it for a custom ROM, would I also need to modify it for this app? I can't shake the feeling that there's more to installing a driver than just changing a registry value.
GoodDayToDie said:
Thanks, I'll give them a try. However, I've got to ask - what is Approvedlist.db, and if you have to modify it for a custom ROM, would I also need to modify it for this app? I can't shake the feeling that there's more to installing a driver than just changing a registry value.
Click to expand...
Click to collapse
hard for me to explain this in english, this file decides which Registry keys allow apps to change.its format changed in 5.xx rom, so RegistryEditor v1.2.0.0 didn't work on these roms, we need to use old version HTCRegUtility & HTCProvisionDrv and old format ApprovedlistDB.db to make htc apps and 3rd Registry tools works perfect, that's why you need to replace ApprovedlistDB.db.
In the past, Windows has had editions for consumers that did not include Remote Desktop enabled. Usually there was a patch to enable it. Recently it has been proved how there is almost no difference between Windows 8 and Windows RT and that RT is just a port of Windows 8. So what about all the system files? They can be changed just like x86 Windows. So what about enabling Remote Desktop, so we don't need a ARM remote app that we need to unlock Windows for, and we can use what comes with Windows. In the past we modified the termsrv.dll file and changed some registry settings. I've included the Windows 8 and the Windows RT versions of termsrv.dll so that maybe some clever ones might try and crack a solution to enabling it on Windows RT.
sionicion said:
In the past, Windows has had editions for consumers that did not include Remote Desktop enabled. Usually there was a patch to enable it. Recently it has been proved how there is almost no difference between Windows 8 and Windows RT and that RT is just a port of Windows 8. So what about all the system files? They can be changed just like x86 Windows. So what about enabling Remote Desktop, so we don't need a ARM remote app that we need to unlock Windows for, and we can use what comes with Windows. In the past we modified the termsrv.dll file and changed some registry settings. I've included the Windows 8 and the Windows RT versions of termsrv.dll so that maybe some clever ones might try and crack a solution to enabling it on Windows RT.
Click to expand...
Click to collapse
termsrv is a system service and how can we use a modified termsrv.dll before we use the Jailbreak tool?maybe we can edit termsrv.dll in the memory.
We can't, I suspect. Even after jailbreaking, the lack of a signature on a system file may be a problem. It's worth a shot, though.
termsrv.dll -should- be a usermode library that would be editable after the jailbreak.
I am able to take ownership of the file and replace it. But it won't use the termsrv.dll from my windows 8… I'm almost positive it is because the dll is different depending on architecture. But it should be as easily replaceable as any system file on windows 8, am I right? I don't see why it wouldn't but I could be wrong.
Yeah, pretty much. You definitely won't be able to use the Win8 version (x86 machine code, ARM processor, not gonna fly...) but a modified version of the Windows RT version might work. Bear in mind that since modifying the DLL will invalidate the signature, this won't work if the signature validation is enforced (i.e. you'll have to jailbreak).
Should be possible using the Remote Debugging Tools or, even better, cdb. Put it in a .cmd file in autorun and voila
clrokr said:
Should be possible using the Remote Debugging Tools or, even better, cdb. Put it in a .cmd file in autorun and voila
Click to expand...
Click to collapse
Please!! Remote desktop would be awesome enabled on the Surface RT, if someone could work on it I know a lot of people would be very grateful!
I've already posted a method that should enable RDP here: http://forum.xda-developers.com/showpost.php?p=36386089&postcount=211 - no need to patch DLL, and would work on an a locked device. But you'll have to manually edit binary registry value, instead of using a provided tool.
I have not tested RDP, but after using this method I was able to recover an option of joining device to Active Directory domain (it was blocked by the similar policies).
mamaich said:
I've already posted a method that should enable RDP here: http://forum.xda-developers.com/showpost.php?p=36386089&postcount=211 - no need to patch DLL, and would work on an a locked device. But you'll have to manually edit binary registry value, instead of using a provided tool.
I have not tested RDP, but after using this method I was able to recover an option of joining device to Active Directory domain (it was blocked by the similar policies).
Click to expand...
Click to collapse
Can you share how you managed to get the rt joined to a domain?
mamaich said:
I've already posted a method that should enable RDP here: http://forum.xda-developers.com/showpost.php?p=36386089&postcount=211 - no need to patch DLL, and would work on an a locked device. But you'll have to manually edit binary registry value, instead of using a provided tool.
I have not tested RDP, but after using this method I was able to recover an option of joining device to Active Directory domain (it was blocked by the similar policies).
Click to expand...
Click to collapse
Wouldn't both methods work though? Your method works by enabling features from other editions by telling Windows that's what edition it is running. It disables it when the Software Protection service restores it to the original template according to the edition. By patching the DLL file, you could trigger Remote Desktop to work without it needing to check in with the kernel policies.
I mean unless you have a way to modify these policies without all the extra occuring, it would work. But Bitlocker and the Software Protection service getting involved...it just sounds like a lot of extra work for something much bigger in the end, and I know there must be an easier way to force Remote Desktop to work without listening to these policies because it has been done in the past.
mamaich said:
I've already posted a method that should enable RDP here: http://forum.xda-developers.com/showpost.php?p=36386089&postcount=211 - no need to patch DLL, and would work on an a locked device. But you'll have to manually edit binary registry value, instead of using a provided tool.
I have not tested RDP, but after using this method I was able to recover an option of joining device to Active Directory domain (it was blocked by the similar policies).
Click to expand...
Click to collapse
I tried to enable one of the Remote Desktop vars last night, allowRemoteConnections I think it was called, but I didn't get anything from it.
mamaich said:
I've already posted a method that should enable RDP here: http://forum.xda-developers.com/showpost.php?p=36386089&postcount=211 - no need to patch DLL, and would work on an a locked device. But you'll have to manually edit binary registry value, instead of using a provided tool.
I have not tested RDP, but after using this method I was able to recover an option of joining device to Active Directory domain (it was blocked by the similar policies).
Click to expand...
Click to collapse
Again, please if you were able to join an RT to the domain. Please let me know what you did. Would love to not get prompted to log in into PowerShell.
apatcas said:
Again, please if you were able to join an RT to the domain. Please let me know what you did. Would love to not get prompted to log in into PowerShell.
Click to expand...
Click to collapse
As I've already wrote - use this method: http://forum.xda-developers.com/showpost.php?p=36386089&postcount=211
1. Edit registry:
Code:
HKEY_LOCAL_MACHINE\SYSTEM\Setup
SetupType=1
CmdLine="cmd.exe"
and reboot. You will enter the setup mode. You would not see the mouse cursor in this mode, and you'll need a hardware keyboard.
2. Open this reg_binary value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions\ProductPolicy. Look for unicode string "WorkstationService-DomainJoinEnabled", it is near offset 0x4000. Look at this screenshot:
http://imageshack.us/photo/my-images/526/35796208.png/
Select the "00" byte that follows the zero byte after the 64 (64 00 == unicode "d" letter) as you see on the screenshot. Overwrite it with 01. Be careful not to insert a byte, you need to overwrite the existing byte!
3. Rename sppsvc.exe to anything else so that it would not run on boot and reset ProductPolicy ("ren sppsvc.exe sppsvc.bak")
4. Reboot. Now the option to join the domain would be available.
I have not tried to add workstation to domain myself - try that and post here. After adding to domain you may try to rename sppsvc.bak back to sppsvc.exe as otherwise you'll get the "unactivated" Windows RT. I think that this would only remove the add to domain UI, but the RT would be still domain-joined.
I've tried to edit the remote desktop settings keys - this unblocked the corresponding options in the computer settings, but I was unable to connect. Maybe this is due to absence of RDP code in terminal server service - I don't see anyone listening port 3398 though TermServer service is running.
mamaich said:
As I've already wrote - use this method: http://forum.xda-developers.com/showpost.php?p=36386089&postcount=211
1. Edit registry:
Code:
HKEY_LOCAL_MACHINE\SYSTEM\Setup
SetupType=1
CmdLine="cmd.exe"
and reboot. You will enter the setup mode. You would not see the mouse cursor in this mode, and you'll need a hardware keyboard.
2. Open this reg_binary value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions\ProductPolicy. Look for unicode string "WorkstationService-DomainJoinEnabled", it is near offset 0x4000. Look at this screenshot:
http://imageshack.us/photo/my-images/526/35796208.png/
Select the "00" byte that follows the zero byte after the 64 (64 00 == unicode "d" letter) as you see on the screenshot. Overwrite it with 01. Be careful not to insert a byte, you need to overwrite the existing byte!
3. Rename sppsvc.exe to anything else so that it would not run on boot and reset ProductPolicy ("ren sppsvc.exe sppsvc.bak")
4. Reboot. Now the option to join the domain would be available.
I have not tried to add workstation to domain myself - try that and post here. After adding to domain you may try to rename sppsvc.bak back to sppsvc.exe as otherwise you'll get the "unactivated" Windows RT. I think that this would only remove the add to domain UI, but the RT would be still domain-joined.
I've tried to edit the remote desktop settings keys - this unblocked the corresponding options in the computer settings, but I was unable to connect. Maybe this is due to absence of RDP code in terminal server service - I don't see anyone listening port 3398 though TermServer service is running.
Click to expand...
Click to collapse
Joined... Nice find.
apatcas said:
Joined... Nice find.
Click to expand...
Click to collapse
Have it remained domain-joined after restoring the original sppsvc.exe?
You have to return it back, otherwise you'll be annoyed with the activation reminders.
mamaich said:
Have it remained domain-joined after restoring the original sppsvc.exe?
You have to return it back, otherwise you'll be annoyed with the activation reminders.
Click to expand...
Click to collapse
We could possibly patch sppsvc to not check, then start the service up after jailbreaking it.
I'm honestly not sure if this would be considered piracy or not, though.
Edit: I used the program to set every value to 1 in setup mode (The latest jailbreak tool works in setup mode), and I didn't see any change for anything dealing with RDP.
Edit 2: Perhaps I shouldn't have set 'Disable' to 1. Regardless, I set it to 0 and the options popped up, but I can't get anything to go. As mamaich stated, I'm not seeing anything listening on port 3389. netstat -a -b on a desktop with it enabled says it's opened by CryptSvc, but I'm not seeing anything with CryptSvc that's not there on the tablet. That could just be netstat guessing which service running under svchost is actually running it, too.
netham45 said:
We could possibly patch sppsvc to not check, then start the service up after jailbreaking it.
I'm honestly not sure if this would be considered piracy or not, though.
Edit: I used the program to set every value to 1 in setup mode (The latest jailbreak tool works in setup mode), and I didn't see any change for anything dealing with RDP.
Edit 2: Perhaps I shouldn't have set 'Disable' to 1. Regardless, I set it to 0 and the options popped up, but I can't get anything to go. As mamaich stated, I'm not seeing anything listening on port 3389. netstat -a -b on a desktop with it enabled says it's opened by CryptSvc, but I'm not seeing anything with CryptSvc that's not there on the tablet. That could just be netstat guessing which service running under svchost is actually running it, too.
Click to expand...
Click to collapse
I think we must hack the dll file.But I find when I edit a byte in the dll,the service was not able to start.
apatcas said:
Joined... Nice find.
Click to expand...
Click to collapse
So is it true? that your device stays domain-joined after you restore sppsvc.exe?
@ Netham45, you could try to open up W81x86 termsrv.dll and go to these hex locations to find out what functions needed patching.
Hashes
File: W81x86\termsrv.dll
CRC-32: 202cd912
MD4: a879d39b8fbcd968b525af05a66aaf2c
MD5: 7a8e1158291cf4c8d8474a2091b9bf6d
SHA-1: e10028b074d24605e05b5e0bafd42f6a93ac01ad
1550F-15520
17428
A1B29
Then go into WinRT termsrv.dll, jump to those functions by name (because offsets will be different between x86 and RT) and Jmp or Nop as needed for WinRT. Afterwords it could be added via CDB / KD on-the-fly.
I was posting some questions in the "Rooted Jeep Cherokee '14 Uconnect" thread but I've started this new thread for the 17.xx versions because the methods (if we are able to identify them) aren't the same as the 16.33.29 and earlier firmwares...
I am still trying to crack into that unit with the 17.11.07 software. I have a D-Link USB Ethernet but its a HW revision D and I believe I would need a B if we can get ethernet enabled at all.
Also, if we can get Ethernet enabled we will still need to get SSH password or key.
devmihkel said:
For good or for bad NOT everything appears correct, except the running 17.x version... As of now neither the "commercial jailbreak" supports new versions (well yes they were using exactly the same file to start with Also 16.51.x or newer appears to be no go: uconnect-8-4-8-4an-update
EDIT: haven't got 17.09.07 to try, but on 17.11.07 manifest.lua has changed and the last block/ search keyword is "ota_update" instead. Otherwise all the same, image valid after the edit and script.sh gets fired - at least on 16.33.29 that is @HanJ67 Did you actually try to mount installer.iso after the edit and checked /etc/manifest.lua for the end result before?
Click to expand...
Click to collapse
devmihkel said:
Yeah, 2nd attempt is much better as last lua block is correctly terminated and your script might actually run, but unfortunately no successful 17.x runs have been reported so far SWF scripts are not involved in update/jail-breaking run, these ones become relevant only once you are in (and need to enable some app or wifi or navi features etc). Afaik 17.x blocks ethernet dongle usage as well, but let's see if even the USB driver/link gets activated at all?
Click to expand...
Click to collapse
Do you have a 16.33.29 version I can try this on? I'm wondering if it will get me far enough to execute the "manifest.lua HD_Update" hack you and @HanJ67 were discussing.
I've used the 17.43.01, then finally found a 17.11.07 and had no luck there either.
In my latest attempts on the 17.11.07, I was able to hex edit the "ifs-cmc.bin" on the UPD and replaced the SSH-RSA key with my own. I think this bin will be flashed to the MMC during an update.
That SWDL.UPD got past the initial check and rebooted into update mode, but then it fails the second ISO check and loops. I had to use an unmodified image to finish the update and get back up and running.
I keep reading about making changes only after the 2048 Byte mark in the older versions with the "S" at 0x80. Is this still relevant
in later ISO/UPD images and to the second ISO check?
Right now, I'm looking to find a way to disable that check so that my modified .bin will be written to disk? I think this route would work to also modifying and getting WiFi enabled after a flash of the edited image.
If I had I 16.33.29 or similar older UPD version to attempt the HD_UPDATE hack in the Manifest.lua file I would give that a shot to be thorough.
Do You have an idea how to connect by USB2LAN adapter to uConnect ?
Do You know if there is an UART pins on the mainboard ?
itsJRod said:
I was posting some questions in the "Rooted Jeep Cherokee '14 Uconnect" thread but I've started this new thread for the 17.xx versions because the methods (if we are able to identify them) aren't the same as the 16.33.29 and earlier firmwares...
I am still trying to crack into that unit with the 17.11.07 software. I have a D-Link USB Ethernet but its a HW revision D and I believe I would need a B if we can get ethernet enabled at all.
Also, if we can get Ethernet enabled we will still need to get SSH password or key.
Do you have a 16.33.29 version I can try this on? I'm wondering if it will get me far enough to execute the "manifest.lua HD_Update" hack you and @HanJ67 were discussing.
I've used the 17.43.01, then finally found a 17.11.07 and had no luck there either.
In my latest attempts on the 17.11.07, I was able to hex edit the "ifs-cmc.bin" on the UPD and replaced the SSH-RSA key with my own. I think this bin will be flashed to the MMC during an update.
That SWDL.UPD got past the initial check and rebooted into update mode, but then it fails the second ISO check and loops. I had to use an unmodified image to finish the update and get back up and running.
I keep reading about making changes only after the 2048 Byte mark in the older versions with the "S" at 0x80. Is this still relevant
in later ISO/UPD images and to the second ISO check?
Right now, I'm looking to find a way to disable that check so that my modified .bin will be written to disk? I think this route would work to also modifying and getting WiFi enabled after a flash of the edited image.
If I had I 16.33.29 or similar older UPD version to attempt the HD_UPDATE hack in the Manifest.lua file I would give that a shot to be thorough.
Click to expand...
Click to collapse
Hello, any news about it?
hi,
can you explain how to change SSH key in "ifs-cmc.bin" file?
thanks a lot
itsJRod said:
I was posting some questions in the "Rooted Jeep Cherokee '14 Uconnect" thread but I've started this new thread for the 17.xx versions because the methods (if we are able to identify them) aren't the same as the 16.33.29 and earlier firmwares...
I am still trying to crack into that unit with the 17.11.07 software. I have a D-Link USB Ethernet but its a HW revision D and I believe I would need a B if we can get ethernet enabled at all.
Also, if we can get Ethernet enabled we will still need to get SSH password or key.
Do you have a 16.33.29 version I can try this on? I'm wondering if it will get me far enough to execute the "manifest.lua HD_Update" hack you and @HanJ67 were discussing.
I've used the 17.43.01, then finally found a 17.11.07 and had no luck there either.
In my latest attempts on the 17.11.07, I was able to hex edit the "ifs-cmc.bin" on the UPD and replaced the SSH-RSA key with my own. I think this bin will be flashed to the MMC during an update.
That SWDL.UPD got past the initial check and rebooted into update mode, but then it fails the second ISO check and loops. I had to use an unmodified image to finish the update and get back up and running.
I keep reading about making changes only after the 2048 Byte mark in the older versions with the "S" at 0x80. Is this still relevant
in later ISO/UPD images and to the second ISO check?
Right now, I'm looking to find a way to disable that check so that my modified .bin will be written to disk? I think this route would work to also modifying and getting WiFi enabled after a flash of the edited image.
If I had I 16.33.29 or similar older UPD version to attempt the HD_UPDATE hack in the Manifest.lua file I would give that a shot to be thorough.
Click to expand...
Click to collapse
sofro1988 said:
Hello, any news about it?
Click to expand...
Click to collapse
I have not had had much time to work on this.
I actually had an idea last week that brought me back to this. I plan to use a custom flash drive to present an unmodified ISO for verification, then swap nand to an identical image that has been he's edited to enable usb Ethernet and add a custom key for ssh access.
I thought to stack a NAND on top of the original on a is flash drive, then breakout the Chip Enable pin to a switch. I've seen this done for with guys modifying game consoles to be able to run modified firmware.
Once the 2nd NAND is in place I will restore an image of the original nand containing the unmodified update, then hex edit the required portions to allow access after updating.
If this method works, I should be able to pass the verification with the original nand chip, then switch it (hopefully there's a big enough window to do this by hand) then present the modified nand before it begins the flash procedure.
Hopefully someone more intimately familiar with the update scripts can verify I'm not missing anything in the process
Tajadela said:
hi,
can you explain how to change SSH key in "ifs-cmc.bin" file?
thanks a lot
Click to expand...
Click to collapse
I used a hex editor to find the Ssh RSA key and replace it. This passed the initial check to reboot into update mode, but wouldn't pass the full check in update mode. I'm hoping my attempt below will pass that check and still update with the modifications.
itsJRod said:
I used a hex editor to find the Ssh RSA key and replace it. This passed the initial check to reboot into update mode, but wouldn't pass the full check in update mode. I'm hoping my attempt below will pass that check and still update with the modifications.
Click to expand...
Click to collapse
thanks for answer.
I saw an ssh key with the hex editor, but I would like to see exactly what you have replaced.
if it's not too much trouble, it would be interesting to see with some screenshots the changes you've made.
So we could work on two fronts. The idea of the double nand is good, but not very simple to make ...
Just thinking out loud here, when you say it passes the initial check, does it then give you any confirmation of that or any message on the screen before rebooting to upgrade mode?
Sent from my CLT-L09 using Tapatalk
SquithyX said:
Just thinking out loud here, when you say it passes the initial check, does it then give you any confirmation of that or any message on the screen before rebooting to upgrade mode?
Sent from my CLT-L09 using Tapatalk
Click to expand...
Click to collapse
I tried much the same thing -- the swdl.upd is another CDROM filesystem:
martinb$ file swdl.upd
swdl.upd: ISO 9660 CD-ROM filesystem data 'CDROM'
It contains three more .iso files : installer.iso, primary.iso, and secondary.iso
installer.iso is a CDROM image, but is not mountable on my linux system
primary.iso is a CDROM image, and has the usual /bin, /etc/, and /usr filesystem for an install
the /bin directory has one file - update_nand
the /etc directory has the usual mfgVersiontxt, nand_partion.txt, system_etfs_postinstall.txt, system_mmc_postinstall.txt and version.txt
the /usr/share directory is all the firmware for various components - EQ, HD_FIRMWARE, IFS, MMC_IFS_EXTENSION,OTA,SIERRA_WIRELESS,V850, and XM_FIRMWARE
What's interesting to me is that they did update the SIERRA_WIRELESS firmware -- and have done some housecleaning:
Code:
#---------------------------------
# sierra_wireless_disable_flowcontrol.file
# \d == 1 second delay
SAY " Send AT \n"
'' AT\r
OK \d
SAY "Disable flow control\n"
'' at+ifc=0,0\r
OK \d
SAY "Send SMS command CNMI\n"
'' at+cnmi=2,1,0,1,0\r
OK \d
SAY "Clear emergency number list\n"
'' AT!NVENUM=0\r
OK \d
SAY "Set emergency number to 911\n"
'' AT!NVENUM=1,"911"\r
OK \d
SAY "Save Setting\n"
'' at&w\r
OK \d
#---------------------------------
Also in the IFS directory, when you hexedit the ifs-cmc.bin file it reveals another little treat... an SSH root public key ( not as nice as a private key, but hey )
(Sorry about the formatting, this is cut/paste right out of the hex editor)
Code:
ssh-rsa [email protected]
2E..IwU.Q....njle8r9nrJ7h8atg4WfqswU0C0Rk/Ezs/sQs5ZA6ES82MQONjHBd7mw
uo8h0xfj3KeeSHMXCEBpmU26guNE4EqfvdioLFCDUxtvMYswlUZjsvd/NYz9lnUZg2hy
pwzFQjXgSzmHVrHjkKKvq7Rak/85vGZrJKxlvHnowA8JIl1tVNVQjPMNgDDJabaETtfw
LL1KlvAzI81cKOG/3IRn9lU6qyYqyG+zYoza0nN\..7/AtxdL481k81Go5c3NQTnkl2U
68lbu8CpnwrYCU098owLmxdI4kF5UOL4R61ItJuwz30JSESgT..!8RDgM6XEiHUpK9yW
vvRg+vbGWT/oQn0GQ== [email protected]
in /usr/share/MMC_IFS_EXTENSION/bin/cisco.sh and dlink.sh there's another good hint - what adapter you need for USB ethernet
Code:
#!/bin/sh
# Handle an Ethernet connection via the CISCO Linksys USB300M adapter
or
Code:
#!/bin/sh
# Handle an Ethernet connection via the D-Link DUB-E100 adapter
The static IP it brings up if no DHCP is offered is : 192.168.6.1
There's tons more in there -- like the V850 chip has access to the Sierra Wireless CDMA modem, but can configure it for voice calls through the car speakers:
"AT!AVSETPROFILE=8,1,1,0,5" ( embedded in the cmcioc.bin update file )
secondary.iso is a CDROM image and only has /etc/ and /usr
the /etc/ directory has speech_mmc_preinstall.txt and xlets_mmc1_preinstall.txt
the /usr/ directory has /usr/share/speech and /usr/share/xlets ( tons of information about sensors in the car, etc in xlets )
martinbogo1 said:
I tried much the same thing -- the swdl.upd is another CDROM filesystem:
martinb$ file swdl.upd
swdl.upd: ISO 9660 CD-ROM filesystem data 'CDROM'
It contains three more .iso files : installer.iso, primary.iso, and secondary.iso
installer.iso is a CDROM image, but is not mountable on my linux system
primary.iso is a CDROM image, and has the usual /bin, /etc/, and /usr filesystem for an install
the /bin directory has one file - update_nand
the /etc directory has the usual mfgVersiontxt, nand_partion.txt, system_etfs_postinstall.txt, system_mmc_postinstall.txt and version.txt
the /usr/share directory is all the firmware for various components - EQ, HD_FIRMWARE, IFS, MMC_IFS_EXTENSION,OTA,SIERRA_WIRELESS,V850, and XM_FIRMWARE
What's interesting to me is that they did update the SIERRA_WIRELESS firmware -- and have done some housecleaning:
Code:
#---------------------------------
# sierra_wireless_disable_flowcontrol.file
# \d == 1 second delay
SAY " Send AT \n"
'' AT\r
OK \d
SAY "Disable flow control\n"
'' at+ifc=0,0\r
OK \d
SAY "Send SMS command CNMI\n"
'' at+cnmi=2,1,0,1,0\r
OK \d
SAY "Clear emergency number list\n"
'' AT!NVENUM=0\r
OK \d
SAY "Set emergency number to 911\n"
'' AT!NVENUM=1,"911"\r
OK \d
SAY "Save Setting\n"
'' at&w\r
OK \d
#---------------------------------
Also in the IFS directory, when you hexedit the ifs-cmc.bin file it reveals another little treat... an SSH root public key ( not as nice as a private key, but hey )
(Sorry about the formatting, this is cut/paste right out of the hex editor)
Code:
ssh-rsa [email protected]
2E..IwU.Q....njle8r9nrJ7h8atg4WfqswU0C0Rk/Ezs/sQs5ZA6ES82MQONjHBd7mw
uo8h0xfj3KeeSHMXCEBpmU26guNE4EqfvdioLFCDUxtvMYswlUZjsvd/NYz9lnUZg2hy
pwzFQjXgSzmHVrHjkKKvq7Rak/85vGZrJKxlvHnowA8JIl1tVNVQjPMNgDDJabaETtfw
LL1KlvAzI81cKOG/3IRn9lU6qyYqyG+zYoza0nN\..7/AtxdL481k81Go5c3NQTnkl2U
68lbu8CpnwrYCU098owLmxdI4kF5UOL4R61ItJuwz30JSESgT..!8RDgM6XEiHUpK9yW
vvRg+vbGWT/oQn0GQ== [email protected]
in /usr/share/MMC_IFS_EXTENSION/bin/cisco.sh and dlink.sh there's another good hint - what adapter you need for USB ethernet
Code:
#!/bin/sh
# Handle an Ethernet connection via the CISCO Linksys USB300M adapter
or
Code:
#!/bin/sh
# Handle an Ethernet connection via the D-Link DUB-E100 adapter
The static IP it brings up if no DHCP is offered is : 192.168.6.1
There's tons more in there -- like the V850 chip has access to the Sierra Wireless CDMA modem, but can configure it for voice calls through the car speakers:
"AT!AVSETPROFILE=8,1,1,0,5" ( embedded in the cmcioc.bin update file )
secondary.iso is a CDROM image and only has /etc/ and /usr
the /etc/ directory has speech_mmc_preinstall.txt and xlets_mmc1_preinstall.txt
the /usr/ directory has /usr/share/speech and /usr/share/xlets ( tons of information about sensors in the car, etc in xlets )
Click to expand...
Click to collapse
Have you tried connecting to it?
Sent from my iPhone using Tapatalk
sofro1988 said:
Have you tried connecting to it?
Sent from my iPhone using Tapatalk
Click to expand...
Click to collapse
I managed to connect with the cisco adapter (usb / ethernet), but I don't know the root password. is the problem at the moment insurmountable ..
Using a cisco connector, I have gotten the ethernet to come up, but that's it. At the moment, there doesn't seem to be anything I can connect to.
@Tajadela - sounds like you at least were able to either SSH or telnet in to a port... I'm on software version 17.43.01 .. which are you on, and what year vehicle? ( Jeep Grand Cherokee, 2015, Uconnect 8.4AN with the 3G Sierra Aircard modem for Sprint )
martinbogo1 said:
Using a cisco connector, I have gotten the ethernet to come up, but that's it. At the moment, there doesn't seem to be anything I can connect to.
@Tajadela - sounds like you at least were able to either SSH or telnet in to a port... I'm on software version 17.43.01 .. which are you on, and what year vehicle? ( Jeep Grand Cherokee, 2015, Uconnect 8.4AN with the 3G Sierra Aircard modem for Sprint )
Click to expand...
Click to collapse
I connected in telnet on a uconnect 6.5 with firmware 15.xx.xx. You can connect to Uconnect with static IP it brings up if no DHCP is offered is: 192.168.6.1
itsJRod said:
I used a hex editor to find the Ssh RSA key and replace it. This passed the initial check to reboot into update mode, but wouldn't pass the full check in update mode. I'm hoping my attempt below will pass that check and still update with the modifications.
Click to expand...
Click to collapse
after rsa key replaced, do you have recalculate the checksum of UPD file?
have you replaced the first 64 bytes of the file?
thanks
@itsJRod, isn't it that you would like to explain the procedure to replace the RSA key in the swdl file? thank you
Hello,
have you made any progress? I am a bit lost. I put the EU uconnect MY15 to US dodge charger MY16 and Perf Pages were working fine even on 16.16.13, although after upgrade to 17.x (17.46.0.1 right now) I am meeting the problem of expired subscription (which is not possible to have on EU radio).
I am considering basically three solutions:
a) going back to US radio, but modify the language pack/nav/FM frequencies (it is doable, but I do not know how, although I can pay for it relatively less than time invested)
b) downgrade to 16.16.13 - I have no clue how to do it, I tried to put swdl.upd with swdl.iso as and installer.iso with no luck of course.
c) take xlets from KIM2/ of 16.16.13 to KIM23 of 17.46.0.1 secondary.iso - this is probably preferred way but I do not know how to make it to pass ISO validation.
Of course root on uconnect is extremely nice to have but I will be fully satisfied with Perf Pages working again.
Hello.
I'm hoping the community can help me out. I have a RAM 1500 with the RA4 (was running the 17.11.07 software that I got pushed to me OTS style a couple years ago. Since them problems, radio turn on delay, no GPS and cellular phone warning popup.
I was told to do the 18.45 update which I got from driveuconnect.com, but this has essentially bricked my radio with the "bolo update failed" error and it is looping continuously
I have tried many ways to modify the update software's manifest.lua script to try to get rid of the sierra wireless portion by manually editing, hex editing, etc but always get the "please insert the USB card" screen.
Uconnect is obviously completely worthless to help me and the dealer wants me to pay them money to tell me what I already know. I know I can pay 300 and send my radio to infotainemnt.com to get it repaired, but I would like to solve this on my own is possible, because I would like to further modify the software to make it more custom and unique.
From my reading the 17x version keeps you from downgrading to a version that can be hacked easily.
Everything seems like it should be pretty straight forward as I have a lot of experience in programming and embedded devices.
It seems they are validating the ISOs using some mechanism, I believe I have tried all of tricks/methods
I have searched the code to see if I can find the iso MD5 or SHA256 hashes that ioc_check is probably using to figure out I changed somethign but nothing work.
I have even tried the swapping the flash drives after validation but it seems they are using the ISos they already copied to continue the process, I then end u getting some invalid errors or the update just crashes out
I got other updates from the link: http://www.mydrive.ch/
http://www.mydrive.ch/http://www.mydrive.ch/
username: [email protected]
Password: gasolio
Havent tried all of them yet, but pretty sure they wont work, due to the 17x security changes.
Any help would be appreciated grealty, I really dont want to shell out any cash for something a company told me to to and due to their screw up with bricking modems, this is now bricking my radio.
Thanks to all in advance !!!
djmjr77 said:
Hello.
I'm hoping the community can help me out. I have a RAM 1500 with the RA4 (was running the 17.11.07 software that I got pushed to me OTS style a couple years ago. Since them problems, radio turn on delay, no GPS and cellular phone warning popup.
I was told to do the 18.45 update which I got from driveuconnect.com, but this has essentially bricked my radio with the "bolo update failed" error and it is looping continuously
I have tried many ways to modify the update software's manifest.lua script to try to get rid of the sierra wireless portion by manually editing, hex editing, etc but always get the "please insert the USB card" screen.
Uconnect is obviously completely worthless to help me and the dealer wants me to pay them money to tell me what I already know. I know I can pay 300 and send my radio to infotainemnt.com to get it repaired, but I would like to solve this on my own is possible, because I would like to further modify the software to make it more custom and unique.
From my reading the 17x version keeps you from downgrading to a version that can be hacked easily.
Everything seems like it should be pretty straight forward as I have a lot of experience in programming and embedded devices.
It seems they are validating the ISOs using some mechanism, I believe I have tried all of tricks/methods
I have searched the code to see if I can find the iso MD5 or SHA256 hashes that ioc_check is probably using to figure out I changed somethign but nothing work.
I have even tried the swapping the flash drives after validation but it seems they are using the ISos they already copied to continue the process, I then end u getting some invalid errors or the update just crashes out
I got other updates from the link: http://www.mydrive.ch/
http://www.mydrive.ch/http://www.mydrive.ch/
username: [email protected]
Password: gasolio
Havent tried all of them yet, but pretty sure they wont work, due to the 17x security changes.
Any help would be appreciated grealty, I really dont want to shell out any cash for something a company told me to to and due to their screw up with bricking modems, this is now bricking my radio.
Thanks to all in advance !!!
Click to expand...
Click to collapse
Just to follow up for anyone who reads this in the future.
I was able to get my uconnect working again a few minutes ago.
As my previous post stated I got stuck in the "bolo update failed" loop.
I downloaded the UCONNECT_8.4AN_RA4_16.33.29_MY16.exe update from the url posted in my previous comment.
I did the S Byte HEX Mod to the swdl.iso file, loaded it and the swdl.upd file on a thumb drive. Used Hxd on windows. Followed the section in the Uconnect exploitation PDF:
https://www.google.com/url?sa=t&source=web&rct=j&url=http://illmatics.com/Remote%2520Car%2520Hacking.pdf&ved=2ahUKEwjZsOGNl5nyAhWhGVkFHZy2AnAQFnoECAcQAg&usg=AOvVaw0NAi3a1eh-IRd3n1VHv-ys
When I plugged it in, it started with the update process, after the first unit, the screen said the Uconnect had to restart, please wait..
And whalaa my radio worked again!!! It even says it has the 18.45 firmware on it.. go figure.. Navigation still does not work, but thats most likely because the sierra wireless card is bad.
I cannot say for sure the S Byte thing did anything, because I'm not messing with this anymore, almost had to buy a new radio.
I would say try it with out, then with it if it doesn't work.
This could also be a fluke with my particular unit, but at least its something else to try than pay 600+ dollars!!
Good luck to anyone else who goes through this mess!!!
djmjr77 said:
Just to follow up for anyone who reads this in the future.
I was able to get my uconnect working again a few minutes ago.
As my previous post stated I got stuck in the "bolo update failed" loop.
I downloaded the UCONNECT_8.4AN_RA4_16.33.29_MY16.exe update from the url posted in my previous comment.
I did the S Byte HEX Mod to the swdl.iso file, loaded it and the swdl.upd file on a thumb drive. Used Hxd on windows. Followed the section in the Uconnect exploitation PDF:
https://www.google.com/url?sa=t&source=web&rct=j&url=http://illmatics.com/Remote%2520Car%2520Hacking.pdf&ved=2ahUKEwjZsOGNl5nyAhWhGVkFHZy2AnAQFnoECAcQAg&usg=AOvVaw0NAi3a1eh-IRd3n1VHv-ys
When I plugged it in, it started with the update process, after the first unit, the screen said the Uconnect had to restart, please wait..
And whalaa my radio worked again!!! It even says it has the 18.45 firmware on it.. go figure.. Navigation still does not work, but thats most likely because the sierra wireless card is bad.
I cannot say for sure the S Byte thing did anything, because I'm not messing with this anymore, almost had to buy a new radio.
I would say try it with out, then with it if it doesn't work.
This could also be a fluke with my particular unit, but at least its something else to try than pay 600+ dollars!!
Good luck to anyone else who goes through this mess!!!
Click to expand...
Click to collapse
I created an account just to reply to this and All I have to say is you're literally an absolute life saver. I've been working on this every day for two weeks now, trying every trick people said, trying every USB, every format, every version and nothing ever worked from me. Uconnect support was absolutely no help and it was a lot of back-and-forth finger pointing and no you need to reach out to this person between them and the dealership. Dealership tried to charge me for a Proxy Alignment when I asked to just update my damn radio stuck in this loop.
I have a 2015 Jeep Cherokee 8.4AN VP4 NA Head Unit 68238619AJ. I was updating from 17.11.07 to 18.45.01 and got stuck at the step 11 1% and would get a failed sierra wireless every time and then got in that "bolo update failed" loop..Well to fix it just now all I did was download the UCONNECT_8.4AN_RA4_16.33.29_MY16.exe update from the url posted in the previous comment and quick format to FAT32 on a 16GB Micro Center USB extracted the files from 16.33.29 to the USB with 7ZIP, plugged in like normal and BOOM it ran the first step restarted and I had a working radio again showing update 18.45.01.
(So i'm assuming you don't have to do the S Byte thing I didn't even mess with it I just used the 16.33.29 to bypass step 11 since that version only has 14 steps and 18.45.01 was already preloaded from attempting before. My navigation still is the wrong address but I don't care about all that just thankful to have my radio back before my wife killed me for trying to update it by myself. )
I hope this helps someone else one day because it took some deep research and hours on hours of forum hoping to finally find the solution. <3
djmjr77 said:
Just to follow up for anyone who reads this in the future.
I was able to get my uconnect working again a few minutes ago.
As my previous post stated I got stuck in the "bolo update failed" loop.
I downloaded the UCONNECT_8.4AN_RA4_16.33.29_MY16.exe update from the url posted in my previous comment.
I did the S Byte HEX Mod to the swdl.iso file, loaded it and the swdl.upd file on a thumb drive. Used Hxd on windows. Followed the section in the Uconnect exploitation PDF:
https://www.google.com/url?sa=t&source=web&rct=j&url=http://illmatics.com/Remote%2520Car%2520Hacking.pdf&ved=2ahUKEwjZsOGNl5nyAhWhGVkFHZy2AnAQFnoECAcQAg&usg=AOvVaw0NAi3a1eh-IRd3n1VHv-ys
When I plugged it in, it started with the update process, after the first unit, the screen said the Uconnect had to restart, please wait..
And whalaa my radio worked again!!! It even says it has the 18.45 firmware on it.. go figure.. Navigation still does not work, but thats most likely because the sierra wireless card is bad.
I cannot say for sure the S Byte thing did anything, because I'm not messing with this anymore, almost had to buy a new radio.
I would say try it with out, then with it if it doesn't work.
This could also be a fluke with my particular unit, but at least its something else to try than pay 600+ dollars!!
Good luck to anyone else who goes through this mess!!!
Click to expand...
Click to collapse
Do you have another link to download the UCONNECT_8.4AN_RA4_16.33.29_MY16.exe files? I am trying to help a friend of mine they way this helped me. Thank you again for this!