Related
This is a patched radio ROM that can be used to remove the Operator SIM lock and CID lock from HTC Hermes based telephones.
It can be used in all HTC Hermes devices, the only restriction is that the device must have bootloader version 1.04
Warning:
If you run this upgrade on any other device than HTC Hermes, you will most probably render it DEAD!
Disclaimer:
This is free to use but at your own risk, I take no responsiblity for any conflict, fault, or damage caused to your phone by this unlocking procedure. It may invalidate your warranty.
Full caution is advised.
Website:
http://pof.eslack.org/hermes-unlocker/
Install Instructions:
Enter bootloader mode on your Phone. To do this, simultaneously hold side OK and POWER buttons together and reset with stylus.
[You should see SPL-1.04 on the top of the tri-color screen, if you see SPL-1.06 you'll need to downgrade the bootloader]
Connect your phone to your computer using the USB lead.
Run the MaUpgradeUt_noID.exe program – this will reflash your phone with a patched radio ROM required to unlock.
Wait patiently.
Once the MaUpgradeUt_noID.exe upgrade completes, it will end up saying "Upgrade Error 114", but the patched radio ROM will be flashed anyway, dont worry about that error!
Soft reset with stylus (Device will not be hard reset and no data will be lost)
Allow your phone to reboot. Once it has, connect to your PC using Activesync, and copy the HERM_Unlock_v2a.exe program onto your phone. Alternatively, copy it to an SD card and insert into your phone.
Run HERM_Unlock_v2a.exe on your phone. Wait about 1 minute.
You should see a "SUCCESS!" message from HERM_Unlock_v2a.exe, after that soft reset your phone.
Process is (hopefully) complete!
If the phone requests unlock code when you put a locked SIM, the code is: 22051978.
Frequently Asked Questions:
Q - How do I know my bootloader version?
A - When you are on the tri-color screen check the number after SPL-X.XX
Q - How do I downgrade to bootloader 1.04?
A - See this comment. I'm working on an altnative method for all devices, but it's not ready yet.
Q - What is the CID and how do I check which one I have?
A - See this comment.
Donations:
I spent some time and money developing this free unlocker, there's no need to pay me for that, but donations are always appreciated. You can find a paypal button to donate on the unlocker website.
Thanks to:
buzz_lightyear, itsme, vijay555, arc, Asukal, machinagod - for the wise advice and support
everyone else in xda-developers.com
History:
v2a [14-11-2006] - bugfix release, thanks to all who reported the problems!
(hopefully) fixed bug where unlock code has to be entered manually
(hopefully) fixed bug where SuperCID was not kept after rom upgrades in some cases
v2 [12-11-2006] - updated to patched radio 1.16
unlocking software provided (HERM_Unlock_v2.exe): thanks buzz for the source of UNI_Unlock_v1 ;-)
SuperCID is now kept after rom upgrades
v1 [05-11-2006] - patched radio 1.13
unlock manually
Notes:
- v2a makes SuperCID sticky after ROM upgrades, those who used v1 or v2 and are still running the patched radio only need to run HERM_Unlock_v2a.exe on the device to keep SuperCID forever.
Download:
HTC_Hermes_SIM_Unlock_v2a.zip
Enjoy!
Sweet
First to say thank you from everybody.
Hi
I´ve finaly unlocked my german MDA Vario II with your patched ROM and it works !!!
Thank you pof, you´ve done a very hard job perfectly !
Scorpio16v
scorpio16v said:
Hi
I´ve finaly unlocked my german MDA Vario II with your patched ROM and it works !!!
Click to expand...
Click to collapse
Glad to hear it worked
Just want to add my thanks and congratulations. Superb work.
Totallytechie
will this working on softbank X01HT?
Great job!!
Dear POF
first of all congratulation you finish your great job
just short term.
Now I could my X01HT from SOFTBANK JP SIM network
unlocked successfully.
please keep it up your engineering skill.
best regards,
Dear jarodcn
As I mentioned above I succeed to unlock my X01HT perfectory
by using master POF's solution.
1. down grade bootloader 1.06 to 1.04.
2. then provide POF's method as described in this thread.
all procedures clearly mentioned in his former thread and comment.
Great to see that it is finaly done !
You did an amazing work there! As my device is already unlocked I cannot test, but I am pretty sure that it works flawlessly ;-)
Will this work on T-mobile Vario II
Or is it for HTC devices/ Roms only?
Should work on all Hermes, definately works on Vario II with Dopod Rom.
mikeycollins13 said:
Or is it for HTC devices/ Roms only?
Click to expand...
Click to collapse
You can belive, it works with the MDA Vario II. It should work with all devices of the "HERMES" class.
God job! and how to downgrade bootloader
Hello pof,
I can downgrade bootloader from 1.06 to 1.04 without Radio patch.
Using files:
1) HERMIMG_IPL1.01_SPL1.04_ONLY.nbh ( Special thanks to pof.)
Get this file from xda-forum ftp-site.
ftp://xda:[email protected]/Hermes/Technical/unlocker-reversed.zip
2) EnterBL.exe, GetDeviceData.exe, ROMUpgradeUt.exe, RUU.dll, RUUUI.dll
Get these files from any Shipped_Complete_Updates.
( Run Updates and getting files from temporary folder.)
3) All files in the same folder.
How to:
1) Conect Hermes to your PC
2) Run M3100v3cUnlock.exe without key-file ( no need payment.)
3) When key-file required, close the M3100v3cUnlock window.
4) Run ROMUpgradeUt.exe
Caution:
It's only bootloader downgrade. When anybody get error with
Free SIM unlocker and bootloader 1.06, you can try this method
before unlocking.
riki0081 from Japan.
Hi,
tried to unlock my T-Mobile Vario II from UK, but the unlock code was wrong...further after I run MaUpgradeUt_noID.exe another error than the one described appeared (forgot which one it was)...can anyone help? Did I do something wrong?
Confirm this solution.
http://forum.xda-developers.com/showthread.php?t=281617
I can downgrade bootloader from 1.06 to 1.04 without Radio patch.
Using files:
1) HERMIMG_IPL1.01_SPL1.04_ONLY.nbh ( Special thanks to pof.)
Get this file from xda-forum ftp-site.
ftp://xda:[email protected]
2) EnterBL.exe, GetDeviceData.exe, ROMUpgradeUt.exe, RUU.dll, RUUUI.dll
Get these files from any Shipped_Complete_Updates.
( Run Updates and getting files from temporary folder.)
3) All files in the same folder.
How to:
1) Conect Hermes to your PC
2) Run M3100v3cUnlock.exe without key-file ( no need payment.)
3) When key-file required, close the M3100v3cUnlock window.
4) Run ROMUpgradeUt.exe
Caution:
It's only bootloader downgrade. When anybody get error with
Free SIM unlocker and bootloader 1.06, you can try this method
before unlocking.
riki0081 from Japan.
Click to expand...
Click to collapse
I succeeded with first solution for downgrading bootloader 1.06 to 1.04
but worry about sim lock , so I use this solution to unlock sim lock and succeed.
thanks POF for your kindness.
Damn pof .. this is crazy .. YOU ROCK!!!
Why is the unlocker tied to the RadioROM upgrade? Anyway you can make the unlocker available by itself?
Vodafone Spain
Hi All
Thanks POF for your hard work here. Question: I have an original Vodafone Spain 1605, I haven't made any Rom/Radio Update, how should I proceed?
My HTC info:
Rom Version: 1.20.164.3
Radio Version: 1.03.06.00
Protocol Version: 32.34.7010.01W
I don't understand if I need to update my Radio version first or just follow your process.
Thanks very mcuh
Excellent - congratulations!
Nice work pof! Hermes=OWN3D!
I am flashing right now and will post results. I am on Dutch T-Mobile Vario II with original shipped ROM (Dutch)
I am getting exited
Does this mean that if we keep this patched radio then we always are going to have an Super CID device ?? That basically means replacing the included Radio.nbf with this patched one on any ROM package Or am I missing something ?
Also is this a stable ROM. My VARIO II has/had 1.05.02 ?
Please help me!
I screwed my MDA Vario II. I used HTC universal sim unlocker and I haven’t got radio. I know I was a craze.
No GSM, no cid and no imei. The pda is working good.
I vas very happy when I find this site :
http://wiki.xda-developers.com/index.php?pagename=Hermes_UpgradeProblems.
I made this:
USB>
USB>password 0000000000000000
HTCSPass1.CMˆËHTCEUSB>set 1e1
USB>erase a0040000 c80000
HTCST ÚČŇHTCEUSB>erase a0cc0000 c80000
HTCST ÚČŇHTCEUSB>erase a1940000 640000
HTCST ÚČŇHTCEUSB>set 1e 0
USB>
The radio doesn’t work , no GSM, no cid and no imei. The pda is working good.
Please help me
Please can a expert check this!?
I found this with the search option.... can someone check this....
Its written for the Tytn and not for the Vario II, i'm not sure but i thought that the english Vario II has a 1.06 bootloader!! Then you are stuck, beacause the file who degrade your bootloader to 1.04 isnt availleble anymore. Maybe one of the guys here can share it with you?!
======================================================
- Take the battery out of your TyTN and leave it out several minutes
- Disable USB-connection in Active-Sync
- Reboot your Computer
- Replace the battery and put your TyTN in the bootloader
- Try to load the ROM found here:
ftp://xda:[email protected]/RUU120_172125_Qtek_WWE_R11400_Shipping.exe
- Keep trying till you get just past the erasing part, then you will get an error-message and are asked to reset your device with the stylus
- Reset your phone and put it back in the bootloader mode
- Install any Hermes ROM you like, no matter what CID if you have bootloader 1.04
lacika said:
The radio doesn’t work , no GSM, no cid and no imei. The pda is working good.
Click to expand...
Click to collapse
Can you attach a USB monitor capture of what happens when you try to:
a) flash a rom
b) flash a radio rom
Do both things starting from bootloader and with activesync disabled.
Same Problem
I have the same problem
My PDA keeps comming back in the bootloader screen.
When 1 try to update (its a unlockes pda), the upload stops at 1%
Is there a way to erease the PDA ?
Thanks
pimmmm said:
I have the same problem
Click to expand...
Click to collapse
I have the same questions.
Can't do anyithing if you don't attach a USB capture of the process. See this page for instructions: common upgrade problems
smarty77 said:
I found this with the search option.... can someone check this....
Its written for the Tytn and not for the Vario II, i'm not sure but i thought that the english Vario II has a 1.06 bootloader!! Then you are stuck, beacause the file who degrade your bootloader to 1.04 isnt availleble anymore. Maybe one of the guys here can share it with you?!
======================================================
Click to expand...
Click to collapse
HI!
Thank You for your answer. I made yours tip, but not was good.
First I to try smarty77 tip. I used RUU120_172125_Qtek_WWE_R11400_Shipping. Its function. After I’d like rom upgrade. This doesn’t was good (invalid vendor).
Second I to try clearing with mtty.exe.
The situation same, the phone doesn’t work.
Sorry my bad English.
pof said:
Can you attach a USB monitor capture of what happens when you try to:
a) flash a rom
b) flash a radio rom
Do both things starting from bootloader and with activesync disabled.
Click to expand...
Click to collapse
HI!
Thank You for your answer. I made yours tip, but not was good.
First I to try smarty77 tip. I used RUU120_172125_Qtek_WWE_R11400_Shipping. Its function. After I’d like rom upgrade. This doesn’t was good (invalid vendor).
Second I to try clearing with mtty.exe.
The situation same, the phone doesn’t work.
Sorry my bad English.
Just seen your capture but it's not good.. you made a "basic" capture which shows nothing important, please repeat the process again, but this time read point 6:
In the upper part there are two tabs: basic and complete. Click on "Complete".
I cannot help unless I have a complete capture to see the problem.
pof said:
Just seen your capture but it's not good.. you made a "basic" capture which shows nothing important, please repeat the process again, but this time read point 6:
In the upper part there are two tabs: basic and complete. Click on "Complete".
I cannot help unless I have a complete capture to see the problem.
Click to expand...
Click to collapse
HI POF!
Thank you four your help.
It is a new captured files.
Please help me. You are a last chance, for my phones.
Lacika
@lacika:
When checking the seclevel (task 32 bootloader command) your phone replies:
Code:
CID: Wait interpreter timeout.
Level=FF
After that when checking the CID with 'info 2' your phone replies:
Code:
HTCS...?\0.?f..|HTCE
This should be something like T-MOB001 if you have a Vario II from UK, so the CID is screwed.
I can see from the output of 'info 3' that you're running bootloader 1.06.
Then you try to flash the 1.18.255.3 ROM from HTC, which has CID "QTEK_001", you won't be able to flash this image in your device with bootloader 1.06, even if the CID was not screwed you will always get an error (you need bootloader 1.04 to bypass CID checking, and you are in 1.06), the error you're getting from bootloader is:
Code:
CID not allow (255)
As you said you can use the PDA (WinCE boots) what I suggest is buying imei-check unlocker (you need activesync working too for running the imei-check unlocker), because it will downgrade your bootloader to 1.04 and patch your radio... probably it can fix your device, at least it will downgrade your bootloader to 1.04. If after running the unlocker your device doesn't work I suggest that you try to flash a radio ROM, you can find them here:
http://wiki.xda-developers.com/index.php?pagename=Hermes_ExtractedRadioRoms
Let me know how it goes
pof said:
As you said you can use the PDA (WinCE boots) what I suggest is buying imei-check unlocker (you need activesync working too for running the imei-check unlocker), because it will downgrade your bootloader to 1.04 and patch your radio... probably it can fix your device, at least it will downgrade your bootloader to 1.04.
Click to expand...
Click to collapse
Err... I forgot that your IMEI is also screewed, probably imei-check unlocker will not work on your Hermes even if you provide them the right IMEI, because it will not be able to read the IMEI from your phone (will get the wait interpreter timeout too...). anyway... it costs 20GBP, give it a try!
pof said:
@lacika:
As you said you can use the PDA (WinCE boots) what I suggest is buying imei-check unlocker (you need activesync working too for running the imei-check unlocker), because it will downgrade your bootloader to 1.04 and patch your radio... probably it can fix your device, at least it will downgrade your bootloader to 1.04. If after running the unlocker your device doesn't work I suggest that you try to flash a radio ROM, you can find them here:
http://wiki.xda-developers.com/index.php?pagename=Hermes_ExtractedRadioRoms
Let me know how it goes
Click to expand...
Click to collapse
Hi and thanks!
I’ve got one question. I use imei-check unlocker after I’ll got 1.04 bootloader?
Lacika
I tried that with my device before it got sent to service, I brought imei-check unlocker but as my imei was also corrupt it will not work, so I would not waste GDP 20 if you have corrupt imei.
They will not refund either becuase its your problem the imei is corrupt.
lacika said:
I use imei-check unlocker after I’ll got 1.04 bootloader?
Click to expand...
Click to collapse
No, imei-check unlocker will downgrade your bootloader, BUT as shark1 says, it will not work because your IMEI is corrupted and it will not be able to read it.
I guess the best would be to send the unit to the repair centre then...
pof said:
@lacika:
As you said you can use the PDA (WinCE boots) what I suggest is buying imei-check unlocker (you need activesync working too for running the imei-check unlocker), because it will downgrade your bootloader to 1.04 and patch your radio... probably it can fix your device, at least it will downgrade your bootloader to 1.04. If after running the unlocker your device doesn't work I suggest that you try to flash a radio ROM, you can find them here:
http://wiki.xda-developers.com/index.php?pagename=Hermes_ExtractedRadioRoms
Let me know how it goes
Click to expand...
Click to collapse
Hi!
I’ve got a new problem.
I used a M3100v3cUnlock.exe program. This doesen’t read my imei number.
I don’t know how can I flash my bootloader.
Lacika
pof said:
No, imei-check unlocker will downgrade your bootloader, BUT as shark1 says, it will not work because your IMEI is corrupted and it will not be able to read it.
I guess the best would be to send the unit to the repair centre then...
Click to expand...
Click to collapse
I had the same problem! Send it to orange assistance.
lacika said:
I used a M3100v3cUnlock.exe program. This doesen’t read my imei number. I don’t know how can I flash my bootloader.
Click to expand...
Click to collapse
You can't, and your imei is screwed, the unlocker can't check it... so you should better send the unit to the repair centre as suggested.
pof said:
You can't, and your imei is screwed, the unlocker can't check it... so you should better send the unit to the repair centre as suggested.
Click to expand...
Click to collapse
HI!
I’ve got a last question.
It will a new procedure, program, with I can flashing my bootloader.
Lacika
So stuck i've tried every possible thing.
can anyone please tell me how to get rid of ipl/spl 2.21.0001 and downgrade it anyting may be 1.*.**
i bought t-mobile mda vario locked on any network thats y i need to cha*g* imei no.
step 1-- "can you please tell me which specfic rom should i use to downgrade it 1st"..
step 2---- then unlock it with lokiwiz03 or lokiwiz02b??
step 3---- use iwizard to cha*g* the imei... any way what is awizard for???
step 4---- and upgrade the rom in the end
and i have even paid money to unlcok it from imei-check but that never worked aswell i dont even know what they done coz its as same as it was before ipl/spl 2.21.0001
kingahmar said:
So stuck i've tried every possible thing.
can anyone please tell me how to get rid of ipl/spl 2.21.0001 and downgrade it anyting may be 1.*.**
i bought t-mobile mda vario locked on any network thats y i need to cha*g* imei no.
step 1-- "can you please tell me which specfic rom should i use to downgrade it 1st"..
step 2---- then unlock it with lokiwiz03 or lokiwiz02b??
step 3---- use iwizard to cha*g* the imei... any way what is awizard for???
step 4---- and upgrade the rom in the end
and i have even paid money to unlcok it from imei-check but that never worked aswell i dont even know what they done coz its as same as it was before ipl/spl 2.21.0001
Click to expand...
Click to collapse
You have a G4 device you CANNOT downgrade to a 1.x rom.
You CANNOT flash your IPL/SPL if you try you will definately make your device an unrecoverable brick.
IPL/SPL has nothing to do with CID or SIM locking or unlocking. They are the bootloaders for your radio and OS.
You should never have to change your IMEI number. This is actually illegal in some places. The only reason your IMEI number would not work is if your phone was stolen and in turn reported stolen by the original purchaser. In which case the IMEI would be blacklisted so the criminal could not make use of the stolen phone and hopefully would get the idea that stealing phones is not a profitable venture.
If you paid for and used the IMEI Unlocker software correctly then your device is probably unlocked and you can try flashing G4 safe roms to the device.
If your phone is locked you have the means to unlock it if you paid for it from the website, if you didn't pay for it and got it from someone else it will not work as the algorithm is based on the IMEI # I believe.
Lastly CID unlock is not the same as SIM unlock. What are you trying to do and WHY do you need to do these things to your phone? You haven't made this clear and I don't think you understand what you need to do to get your phone working the way you want it to, if you keep progressing this way you will ruin your device. I suggest you stop and read the G4 forums.
Hi mate,
i've got exactly the same device, look at my signature how flashed WM6, there is no need to get rid of IPL/SPL 2.21.0001 or G4, even CID-unlocking is not necessary. The only limitation is that you can't change the splashscreen - i don't mind it anyways.
regards
IRM
Of course you can change the Splash Screens. I have a G4 Wizard and now have XDA Mobile 6 and added the Splash screens that are here:
http://forum.xda-developers.com/showthread.php?t=310954
but you need to use the Update Utility from Wizard Love, just swap the nk.nbf file.
You can also use the Update Utility from Wizard Love to change the Radio ROM.
Kind Regards
Darren
i used the imei unlocker ..i think it could make bricks
i unlocked my phone 8125 (g4) w/ 2.21.0001 2.21.0001 after that
it would never come out of boot mode
from just that i think it somehow screwed me
ipl 2.21.0001
spl 2.21 i was told this is a valid (G3) spl where it came from i don't know
can't find anything to fix it
i get a error invalid vendor id when i try to flash the stock at&t rom
nothing seems to work
looks like its simi unlocked but it finished to 100% and then rebooted
anyone know any threads tha discuss a mixed ipl / spl
thanks , i hope the wizard is bio degradable
No known recovery method for a mixed IPL/SPL in G4, it's a currently a brick.
Dear Friends,
Help needed!
I had G4 device and wanted to upgrade to WM6. I followed the steps
1-Downloaded Unlockwizard and run it as instructed.
2-Downloaded SPL/IPL 3.08 and upgraded.
3-System rebooted as normal.
4-Flashed latest WM6 ROM from (PDAVIET).
5-System hanged and then NO POWER, NO BOOTLOADER MODE.
Please help if it can be recovered.
Question ... you have use Unlockwizard? Have you SIM unlock or CID too?
Have you realy reboot after IPL/SPL 3.08 update?
I used lokowiz02b to unlock the device.
First did CID unlocking and then Unlocking, both went well.
I rebooted after IPL/SPL 3.08 and booted normal.
Are you sure it is a G4?
If so, congratulation that you have bricked your device, and you can't recover it by any easy way (In fact, the only way is to use JTAG connector, however only a few people is successful).
Blame yourself by not reading the stickies carefully.
this is why i ask the question ... unlock G4 realy??
you cant CID unlock a G4! only g3 is possible with lockwiz.
i like to know if an1 successfully CID unlock g4 with out paying. if their is a method that they can do, Why can't we do it? although we can flash any rom we like with the shelltool method it will be much better to do it CID unlock.
Just heard that the imei-check method unlocks CID in bootloader mode, which is a completely different approach to our current methods.
Links
Can someone provide me links for the imei-check and usb-monitor
I downloaded usb monitor from another thread but it turns out to be M$ visual pc for a reason.