OK, well... I'd like to introduce Hard-SPL; available in 3 flavours:
SPL 2.10 based on 2.02 will be released shortly at £5 per person... only kidding... it's free, and out now, but do consider a donation
1) 2.10 - Hard-SPL-V7 - see Changelog for further details
(at the bottom)
2) 1.10 - Olipro SPL - based on 1.04 and unlocked - use for rtask commands.
View attachment Hard-SPL.zip
3) 1.01 - Olipro MFG - based on 1.01, and really for testing only.
View attachment Spl-Olipro-MFG.zip
TO FLASH THE NEW Hard-SPL, Select Force-SPL, you should only choose otherwise when recovering your device from an old Hard-SPL version!
RUU now forces SSPL every time... do not use this RUU for anything else.
For older CustomRUU users; pick the 1.40 option, autodetect will not work... or download and use the new CustomRUU
1.01 is provided as SSPL and SPL; SPL is intended for flashing, SSPL is intended to be loaded by SSPL, neither of these are packaged as an NBH since if you intend to play with it, you should know how to make your own package for it.
Bad Blocks SPL Available! - Hard-SPL-V6.zip - fixed RUU bug for those using 1.11/1.13/1.30
Code:
[b]CURRENT FEATURES[/b]
-SuperCID
-no file signing required
-no password required to authenticate with bootloader
-bad NAND can be recovered with "task 2a"
-bad NAND can be recovered by flashing an OS
-SPL protected from all HTC retail SPLs being flashed by accident (to bypass, use SSPL)
-IPL protected from all flashes; protection against bogus NBH's
-bad NAND can again be checked for with "info 8"
-version displays 2.10.Olipro
-no longer tries to read bad NAND - should fix whitescreen issue
[b]ChangeLog[/b]
[b]Hard-SPL-2.10[/b]
-based on a newer SPL base; bugfixes.
-IPL flashing disabled to prevent bogus NBHs bricking your device.
[b]Hard-SPL-1.40[/b]
-repairs a bug that affected SPL being replaced by retail ones.
[b]Hard-SPL-1.35[/b]
-addresses an issue for those with Real Bad Blocks to prevent whitescreens.
[b]Hard-SPL-1.30[/b]
- removed password for wdata commands and rbmc etc.
- activated "task 2a" to allow recovering bad blocks as well as flashing valid OS.
- Disabled SPL flashing; this SPL protects you from writing over it by accident.
- Bad Blocks "info 8" command works now allowing you to check for bad blocks.
[b]Hard-SPL-1.13[/b]
- Patched NAND check; bad NAND ignored, valid OS can be flashed to recover bad blocks.
[b]Hard-SPL-1.11[/b]
- Flashing Radio BL 0108 now supported
- Downgrading SPL no longer allowed.
- rtask command removed.
- new RUU interface required to flash ROM files.
[b]Hard-SPL-1.10[/b]
-Initial release; SuperCID and no signing required
-Compatible only with Radio BL 0107
-has rtask commands for accessing radio facilities.
Looking for other SPL Files? scroll back up! they're at the top underneath each version heading!
please remember that 1.35 and 1.40 are the same as 1.30, so when using CustomRUU, either select that, or download the NEW customRUU and overwrite.
Olipro said:
ROM's not available yet; I'm sending them to pof for testing before anybody is allowed to flash this... there's still a chance you could brick your phone
Click to expand...
Click to collapse
great stuff... i'll report in a while
Damn... a lot of people are sure gonna like this! How about doing 1.01MFG too so we can still flash os.nb in < 5 mins with lnb?
Sleuth255 said:
Damn... a lot of people are sure gonna like this! How about doing 1.01MFG too so we can still flash os.nb in < 5 mins with lnb?
Click to expand...
Click to collapse
if someone sent me it as a .nb then certainly... a proper nb... unsigned.
Current Status: Pof has successfully flashed his device, unsigned ROM seems to be flashing fine, if all is well, then I'll get a package ready within the next 10 minutes.
man it works!! That's the safest thing to put on an hermes
Thanks Olipro
Fantastic work! This will definitely be a big help to everyone.
not to sound stupid or anything, but what does this enable your phone to do exactly??
Its the holy grail of hermes flashing! As long as there's no bad blocks in NAND, bricking due to corrupted CID can now be now be avoided.
Olipro said:
if someone sent me it as a .nb then certainly... a proper nb... unsigned.
Click to expand...
Click to collapse
only 1.01MFG I've ever seen is .nbs
koolhand79 said:
not to sound stupid or anything, but what does this enable your phone to do exactly??
Click to expand...
Click to collapse
Same features as SSPL, but flashed on the phone and with bootloader version 1.04 (hex edited to be shown as 1.10.Oli), that is:
Ability to bypass signature in NBH files (friendly for cooked roms)
Ability to access radio bootloader (no more corrupted CID bricks)
Shows itself as SuperCID when doing a rom upgrade (but it internally isn't)
Can be uninstalled by just reflashing a shipped SPL, so no warranty is lost
Sleuth255 said:
only 1.01MFG I've ever seen is .nbs
Click to expand...
Click to collapse
yeah, but it's just the .nb with the NBH headers on... I'm a lazy sod and was hoping someone had already made it an nb to save me the time
also... in a few seconds, a flash package for my SPL will be available!
When? When? When? Waiting... Yahooo. Good news to us all as cooking and flashing going to be as safe as possible.
Okay it is my time to sound like a moron.
Alright I get the general idea of what this does, not could someone point, no need to show the link, just mention where in the documentation I can find more real info on this.
Probably Des or Olipro can answer that:
Can we also patch the SPL to always write 0xFF on the "disastrous 517th byte" of each physical NAND page? (or not overwrite the existing value, whichever is better), this way even when the flashed OS.nb contains a value != than 0xFF on that byte, will not produce a bad block and this would make flashing cooked images _really_ fool proof.
For those willing to go deeply, read Des comment here.
pof said:
Same features as SSPL, but flashed on the phone and with bootloader version 1.04 (hex edited to be shown as 1.10.Oli), that is:
Ability to bypass signature in NBH files (friendly for cooked roms)
Ability to access radio bootloader (no more corrupted CID bricks)
Shows itself as SuperCID when doing a rom upgrade (but it internally isn't)
Can be uninstalled by just reflashing a shipped SPL, so no warranty is lost
Click to expand...
Click to collapse
Not that there's a heck of a lot of reason for doing it any more but does that mean we can now downgrade radio bl versions? Also will it help recover from bad bootloader flashes? I am constantly in awe of the brilliant people in this forum!
chymmylt said:
does that mean we can now downgrade radio bl versions?
Click to expand...
Click to collapse
No, if you have 0108, will keep 0108.
chymmylt said:
Also will it help recover from bad bootloader flashes?
Click to expand...
Click to collapse
No... a bad flash in bootloader means a bricked device, but this is not common on hermes, the most common is bad flash in radio which can only be fixed if the bootloader is 1.04 or the rom has KITL enabled.
pof said:
No, if you have 0108, will keep 0108.
No... a bad flash in bootloader means a bricked device, but this is not common on hermes, the most common is bad flash in radio which can only be fixed if the bootloader is 1.04 or the rom has KITL enabled.
Click to expand...
Click to collapse
that means you've overwritten the bootloader I have made... so obviously not.
however, the bootloader does have built-in recovery functions (HTC's work) and generally you need to be doing something funky to bugger the SPL up.
pof said:
No, if you have 0108, will keep 0108.
No... a bad flash in bootloader means a bricked device, but this is not common on hermes, the most common is bad flash in radio which can only be fixed if the bootloader is 1.04 or the rom has KITL enabled.
Click to expand...
Click to collapse
Still very exciting! Y'all da man! (Men?)
Thanks again!
For those with 1.01MFG or 1.04 SuperCID, will this new BL give any new benefits? I understand those with 1.09 will benefit, but, is it worth flashing if I already have 1.01MFG on the device?
with this will i be able to upgrade and downgrade to any radio i want regardless of nbh or nbf, since no one is answering me in the thread i created about this. lol
Related
Are there any downsides to downgrading to bootloader v1.04?
Does v1.06 have anything extra that v1.04 doesn't?
I have an X01HT (v1.06)
Is it possible that future ROM upgrades could be tied to the bootloader version?
Thanks
tle said:
Are there any downsides to downgrading to bootloader v1.04?
Click to expand...
Click to collapse
Bootloader 1.06 enforces CID checking, bootloader 1.04 doesn't.
Bootloader 1.06 doesn't have 'rtask' command, bootloader 1.04 does.
rtask command allows you to do some "interesting" things, for example enter radio bootloader, and GSM AT command interface, where you can type AT commands to the phone from bootloader. Read the wiki Hermes bootloader page for more info.
tle said:
Does v1.06 have anything extra that v1.04 doesn't? I have an X01HT (v1.06)
Click to expand...
Click to collapse
No, it has less things... rtask command removed
The "extra" thing is that your CID is checked when flashing a ROM, so you can't flash ROMs that are made for other Hermes devices such as HTC TyTN or Cingular 8525 on your X01HT.
tle said:
Is it possible that future ROM upgrades could be tied to the bootloader version?
Click to expand...
Click to collapse
it is possible, but unlikely to happen, shouldn't worry you too much now.
Thanks for the quick reply, pof.
I guess that if a ROM were to be tied to bootloader v1.06 then someone would have to make a bootloader only upgrade... Do you foresee and potential issues there. (excluding copyright issues?
Thanks
tle said:
I guess that if a ROM were to be tied to bootloader v1.06 then someone would have to make a bootloader only upgrade... Do you foresee and potential issues there. (excluding copyright issues?
Click to expand...
Click to collapse
No issues at all, and no "bootloader only upgrade" needed... if you are on 1.04 you just have to flash any ROM containing bootloader 1.06 to have bootloader 1.06 on your device. Then you could do the 'tied-to-1.06' upgrade.
But at the moment 1.06 and 1.04 are very similar, the only difference I've noticed is 'rtask' command and CID checking. rtask command also allows you to go radio bootloader and flash the 'extracted radio rom upgrades' (using rwdata), so you can't do a radio-only upgrade in 1.06 at the moment.
Anyway... I am investigating the way to provide an alternative method to go from 1.06 to 1.04 without copyright issues (as with the previous method from imei-check). Now I can jump from WinCE to IPL at physical address 0x0000000 and then the IPL reads the SPL from flash and executes it correctly.
The next step is to load the nb file for SPL 1.04 and place it in RAM at 0x3000000, and instead of jumping to IPL jump to SPL when this is done it will be possible to downgrade the bootlodaer for those of you on 1.06
Sounds like you are close to a solution. I read in a another thread that you said you are not a WINCE programmer, but you seems like you have a good grasp of low level programming. Best of luck!
I'm getting a lot of help from some friends, i wouldn't have reached this without their help, and I like to learn new things
What we're doing is modifying gnuharet to remove the linux-loading part and add very few changes in the ARM9 assembly part, if you're interested see the file src/wince/asmstuff.S.
pof said:
rtask command allows you to do some "interesting" things, for example enter radio bootloader, and GSM AT command interface, where you can type AT commands to the phone from bootloader.
Click to expand...
Click to collapse
I guess it should be possible to do in wince by directly calling a rilgsm ioctl
(should work on universal, the equivalent code runs the phone in Linux).
devspecific code=54
http://wiki.xda-developers.com/index.php?pagename=rilgsm.dll
cr2, yes it is possible... this is what my unlocker does to do the [email protected] commands and uses almost the same code as buzz used on the universal.
EDIT: I read you too fast, I'm using RIL_DevSpecific commands to send the [email protected], but didn't read the code=54. Have to try this, thanks for pointing it out!
Help Needed!
Hi pof,
I (stupid guy!) upgraded from ME_DT_WWE_1182553_106_10303_Ship to Cingular 1.34.502.1 (1.06) and now I cannot downgrade (using for example Cingular_1.30.502.1 (1.04)...why?
I tried every unlocking process, every step you write here, but no way! Always ID ERROR (294)...whyyy????
I cannot understand...I think a downgrade to 1.04 could save me...
Please, help me...
Yes, downgrade will help you. Just downgrade to a full rom matching the CID on your device, or wait until a free solution to downgrade bootloader.
pof said:
Yes, downgrade will help you. Just downgrade to a full rom matching the CID on your device, or wait until a free solution to downgrade bootloader.
Click to expand...
Click to collapse
Just to be sure: I flashed my Dutch TyTn (QTEK_E11) to Cing 1.34 WWE (CWS_001).
Now my CID still is QTEK_E11 or is it changed to CWS_001?
If is still is QTEK_E11 then I can go back to the Dutch HTC 1.18.254.2, can I?
And from there I can SuperCID my device?
Regardless of CID lock, bootloader version, etc.
This tool allow to flash your Hermes ROM bypassing CID and signature(*) check.
For flashing ROM copy SSPL-HERM.exe to your device and run it. Standart bootloader prompt should appear on screen, check SPL version number: if it ends with ".ds" then everything is fine. (Re)attach usb cable and run firmware update utility.
In case if something goes wrong during flashing you should flash your device with ROM accepted by standard bootloader (and have another try if you wish).
(*) code must be formally signed i.e. contain properly-formated signatures on their places, however no checking are performed against them. Actualy unsigned code flashing was tested by flashing original signed nbh image with few bytes in header and extrom section modified, but patches were designed to accept any properly formatted crap as a valid signature.
If you feel yourself as an advanced user and going to do things more complex than described above - read readme.txt before doing them !
Sticky!
great tool thanks a lot!
but i already have spl 1.01.
that is pretty cool!
could you provide us with the sourcecode?
Do the boot loader limitations still exist using this method i.e. can radio boot loaders be overwritten using this method?
aadadams said:
Do the boot loader limitations still exist using this method i.e. can radio boot loaders be overwritten using this method?
Click to expand...
Click to collapse
YES, i will post instructions in wiki later.... radio bootloader 0108 is not a problem anymore, we can flash radios in NBH with this
dutty said:
could you provide us with the sourcecode?
Click to expand...
Click to collapse
Sorry but no. Reason is simple - util was done offhand so code is crap. It is definitely not in the style I used to code to and it would be shameful for me to release it to public. However main idea is clearly described in readme and code itself is small enough to disassemble for details.
Do the boot loader limitations still exist
Click to expand...
Click to collapse
Better to ask pof cause I don't know hermes speciefic details. This util in whole is 1.09 SPL modified to be SuperCID on any device and accept unsigned (wrong-signed to be more correct) code. If there are additional limitations - they can be removed too. But firstly they must be figured out.
So, if I want to flash the cingular 1008 radio, I can do so without worry? Now, should I flash the radio by using this program, or can I just flash it 'normally' and still be able to use this program to go to the Trinity radio if/when that works?
SSPL doesn't rely on bl versions in your rom. While you can run executable from Win CE with trustlevel=2 (by default on PPC) you can use this program.
can this be used to somehow overwrite the radio boot loader? (as in not just flashing any radio rom, but flash the radio boot loader to a pre 0108?)
funks said:
can this be used to somehow overwrite the radio boot loader? (as in not just flashing any radio rom, but flash the radio boot loader to a pre 0108?)
Click to expand...
Click to collapse
No, if your radio bootloader is 0108 it will keep 0108 and won't be downgraded, but you can use it to flash any radio rom in NBH format, so radio bootloader 0108 is not a limitation anymore.
Will this amazing tool be useful in my post December X01HT phone?I am not super CIDed or Unlocked at all.I just wanted to install english ROM in my phone.
Yes it will be useful, wait a few hours and I will publish hermes unlocker v3 which will work on your post dec-2nd X01HT phone and any other Hermes no matter which bootloader version
You are great pof!And thanks to Des ,too.Waiting for your excellent v3 release.
...good times.
Hi
Now, if it is possible to start bootloader from running OS, is it possible to implement such things like dumping ROM to the microsd ?
This would be a great break through and it would possible to grab new OS (like x-bow)
scorpio16v said:
Hi Now, if it is possible to start bootloader from running OS, is it possible to implement such things like dumping ROM to the microsd ?
Click to expand...
Click to collapse
If this feature is implemented in spl but locked somehow then yes. If it is not implemented then in theory "yes" but in practice it would be simplier to write direct flash reader running from os than implementing that reader in bootloader.
Des, thanks for this tool!!!
Only one question, is there any tool to transform from .NB extracted ROM to .NBH signed (with anything) format?
And now onto heavy learning of ROM cooking, to start getting some worthwhile Hermes ROM updates, hopefully either AKU3.5 or Crossbow if possible...
In the last month, so much has changed for the Hermes, which is a much welcomed change though!
Thanks Des & Pof (as always) for all you massive efforts.
Brilliant work mate, I salute you! Bring on the homebrew cooking .
just to dispel the myth;
SPL 1.01MFG Flashing via mtty is NOT faster than using the RUU; HTC do not deliberately slow down the process, that's just bloody stupid; the reason it can take longer is if you include a Radio ROM, because flashing a radio takes sodding ages, but can people please learn that using a proper NBH is a smarter and safer way to flash their Hermes.
I second that. this myth appeared because 1.01MFG was the first bootloader that allowed us to flash unsigned, but it didn't allow to flash a radio. So there was the general "feeling" that signature checking was slowing down the process, but it was not: the slowness is caused by flashing the radio.
True, but from strictly a ROM cooker perspective, its not faster. It takes time to build/run the RUU & when you're testing cooked roms, its just far easier to fire up the sspl 1.01MFG and lnb the new os.nb directly.
I understand safety to be the presence of BL v1.10.Oli at location 50020000.
Consequently, I keep this version flashed and test out cooked ideas (currently I'm working on the ATI video issue so I've been flashing a lot of test roms) using your 1.01MFG sspl bootloader.
Expanding on this, I believe that production cooked ROMs should include your 1.10.Oli SPL bootloader from a safety perspective based on my understanding that the BL is flashed first in the RUU under the control of the 1.09Des SSPL loader. This will guarantee a safety net should something go wrong during the OS and/or Radio flashing portion of the process. I would also imagine that this is why you state that RUU flashing is safer too.
Maybe this should be SOP whenever a new production ROM is released by Operators too: Repackage everything into a sspl that also loads 1.10.Oli. Of course, when HTC takes their inevitable next steps in this "spy vs. spy" battle, all this may be invalidated...
Here's an interesting thought: Your bootloader advancements have actually helped Operators since using this technique should result in far fewer bricks being returned for new devices. Now the question is this: does this cost HTC I wonder? Or to put it differently: who sucks up the cost of a bricked Hermes that is replaced in warranty. Whomever this is is very happy with you Olipro and likely to offer you a job as a top developer . Conversely, whomever sucks up the cost is gonna put a contract out on you....
JK: The fact is this: both have a contract on you b/c you've invalidated CID
When I run the RUU, I'll open the Windows Media Player to play the MP3 files, and the update process will be finished in 2-3 minutes.
I guess my major question is this:
At what time during the RUU flashing process is the bootloader flashed? If its the first thing to be flashed then my points above are valid. If not, then everybody who flashes needs to insure that they have 1.10.Oli in flash before stripping the bl out of any ROM they wish to flash. Perhaps we could begin to go through production ROMs and designate those that have had this done with another column on the Wiki.
Sleuth255 said:
At what time during the RUU flashing process is the bootloader flashed?
Click to expand...
Click to collapse
In the order it is placed on the NBH file, generally IPL & SPL are the first.
Sleuth255 said:
If its the first thing to be flashed then my points above are valid.
Click to expand...
Click to collapse
Yes they are: the HardSPL is flashed but the process continues with the current bootloader on device... but after the flashing process ends (or fails) HardSPL is there, which lets you recover the bad flash because even if radio is b0rken the device is seen as SuperCID. Only those with radio bootloader 0108 will need to flash a hardSPL based on 1.09 to be able to recover, the rest will be fine with the one based in 1.04.
pof said:
HardSPL is there, which lets you recover the bad flash because even if radio is b0rken the device is seen as SuperCID. Only those with radio bootloader 0108 will need to flash a hardSPL based on 1.09 to be able to recover, the rest will be fine with the one based in 1.04.
Click to expand...
Click to collapse
But there isn't a 1.09 hardSPl yet, no?
VivaErBetis said:
But there isn't a 1.09 hardSPl yet, no?
Click to expand...
Click to collapse
no, but if someone manages to bork their radio AND can't get into the OS, then something can be done.
Olipro said:
no, but if someone manages to bork their radio AND can't get into the OS, then something can be done.
Click to expand...
Click to collapse
I happen to be in this exact situation. Have bootloader 1.09 and a corrupt radio (which is why I tried to reflash and ended up with a brick). Any ideas?
/politby
politby said:
I happen to be in this exact situation. Have bootloader 1.09 and a corrupt radio (which is why I tried to reflash and ended up with a brick). Any ideas?
/politby
Click to expand...
Click to collapse
no... not quite; you need a Hard-SPL bootloader first; or, you need to be able to boot Windows.
Olipro said:
no... not quite; you need a Hard-SPL bootloader first; or, you need to be able to boot Windows.
Click to expand...
Click to collapse
that's what I thought. Any forecast on when (if) you'll have one available?
politby said:
that's what I thought. Any forecast on when (if) you'll have one available?
Click to expand...
Click to collapse
no... I mean you either need to have flashed on a Hard-SPL before you buggered it up, or you need to be able to still get into Windows after buggering it
Olipro said:
no, but if someone manages to bork their radio AND can't get into the OS, then something can be done.
Click to expand...
Click to collapse
But, will you publish a 1.09 Hard SPL? I will be a good protection measure for those who got the radio bootloader 0108 (like me ).
VivaErBetis said:
But, will you publish a 1.09 Hard SPL? I will be a good protection measure for those who got the radio bootloader 0108 (like me ).
Click to expand...
Click to collapse
well, if you flash 1.04 and bugger up your radio, then of course I'll send you it to flash on, but since it's essentially Des's work, I'm leaving it to him to make his own formal release .
Olipro said:
well, if you flash 1.04 and bugger up your radio, then of course I'll send you it to flash on, but since it's essentially Des's work, I'm leaving it to him to make his own formal release .
Click to expand...
Click to collapse
Ok. Fortunately I don't need it ***yet***. Thanks Olipro.
BTW: I got your 1.10 version installed and it works very well. Thanks.
The new AKU3.3 htc rom installs SPL-1.11 on your hermes.
This SPL has "Common Base Version : 1.51d" and some of the bootloader commands have changed, this is now more similar to Trinity bootloader.
The prompt is now shown as "Cmd>" instead of "USB>".
New commands:
getdevinfo - shows "Get CID Ok" and modelID encapsulated in HTCS + HTCE.
ResetDevice - resets the device
progress - shows a progress bar
wdata - now flashes NBH files (instead of wdatah)
password - now takes "BsaD5Se0A" as static password (info 3 and old method still works)
There's not much to worry as if you flash it on your device, it can be easily downgraded using SSPL.
It probably has other things we don't know yet, so if you find anything interesting about it, please post it here
Some new notes:
- The new RUU compatible with SPL-1.11 does a 'task 28' after flashing a NBH file, even if the NBH file doesn't contain OS. This hard-resets the device every time you use this RUU with 1.11 SPL.
- 'shmsg' command no longer exists.
pof said:
Some new notes:
- The new RUU compatible with SPL-1.11 does a 'task 28' after flashing a NBH file, even if the NBH file doesn't contain OS. This hard-resets the device every time you use this RUU with 1.11 SPL.
- 'shmsg' command no longer exists.
Click to expand...
Click to collapse
Okay then the best SPL is the 1.09, with this we can upgrade the radio and still keep all our settings.
Thanx for the info!
No, the best is 1.11 with a hacked RUU that doesn't send the 'task 28' , so you can update the radio in 10 min instead of 20
pof said:
No, the best is 1.11 with a hacked RUU that doesn't send the 'task 28' , so you can update the radio in 10 min instead of 20
Click to expand...
Click to collapse
You mean the ModifiedRUUUpdater-V2.rar from the Wiki?
Regards,
Primoz
Pc78 said:
You mean the ModifiedRUUUpdater-V2.rar from the Wiki?
Click to expand...
Click to collapse
No, this RUU is only compatible with SPL <=1.09.
I mean the RUU found in RUUInside.exe on the new AKU 3.3 rom from HTC.
Olipro integrated both old & new RUUs, making it compatible with all bootloader versions on Custom RUU V3, but it has yet to be modified to avoid the 'task 28' command after flashing a NBH. We still have to check if this will have any impact when flashing OS and not formating NAND after.
I'm planning to implement support for 1.11 on HERMflasher too.
pof said:
No, the best is 1.11 with a hacked RUU that doesn't send the 'task 28' , so you can update the radio in 10 min instead of 20
Click to expand...
Click to collapse
We'll, if there's no negatives with this method then that's got to be the way forward. How come 1.11 can flash twice as quickly? Is it just optimisation?
pof said:
Some new notes:
- The new RUU compatible with SPL-1.11 does a 'task 28' after flashing a NBH file, even if the NBH file doesn't contain OS. This hard-resets the device every time you use this RUU with 1.11 SPL.
- 'shmsg' command no longer exists.
Click to expand...
Click to collapse
As I assume this mean that avter ONLY Radio ROM upgrade follows a hard reset...so the settings and the APPS on the device is gone? I have installed the Hard-SPL 1.11Oli and now I want to upgrade the OS ROM only...that means I need a new RUU or the one with SSPL will be ok?
Regards,
Primoz
randomelements said:
How come 1.11 can flash twice as quickly? Is it just optimisation?
Click to expand...
Click to collapse
No idea
Pc78 said:
As I assume this mean that after ONLY Radio ROM upgrade follows a hard reset...
Click to expand...
Click to collapse
Yes... but it's the newer RUU version which does it, so it's easy to avoid it.
Pc78 said:
I have installed the Hard-SPL 1.11Oli and now I want to upgrade the OS ROM only...that means I need a new RUU or the one with SSPL will be ok?
Click to expand...
Click to collapse
The one pushing SSPL is OK if you start upgrade from OS with activesync enabled.
Tried Oli's 1.11 bootloader today and it is really fester. Radio flashes in less than 5 min! Also, you can flash any radio to radio-bootloader 0108 phones...
It is true that task 28 is executed after any flash, even if you only flash the splash screen. Needs to be fixed.
Zgembo said:
Tried Oli's 1.11 bootloader today and it is really fester. Radio flashes in less than 5 min! Also, you can flash any radio to radio-bootloader 0108 phones...
It is true that task 28 is executed after any flash, even if you only flash the splash screen. Needs to be fixed.
Click to expand...
Click to collapse
it is, I've patched the RUU and pof will test it... hopefully it works fine but it might cause issues if you are flashing a proper OS ROM, so I might have to implement a checker in my RUU in case 2 versions of RUU are needed.
Zgembo said:
Tried Oli's 1.11 bootloader today and it is really fester. Radio flashes in less than 5 min! Also, you can flash any radio to radio-bootloader 0108 phones...
It is true that task 28 is executed after any flash, even if you only flash the splash screen. Needs to be fixed.
Click to expand...
Click to collapse
Yes, very quick flashing but the hard reset issue is really a bad thing
Does SPL-1.11 restore/change the "boot screen", I'm stuck with the "Bring back the ROM archive" on my boot screen and I hate it, SPL-1.10 Oli didn't bring back the standard boot screen..
Zulee said:
Does SPL-1.11 restore/change the "boot screen", I'm stuck with the "Bring back the ROM archive" on my boot screen and I hate it, SPL-1.10 Oli didn't bring back the standard boot screen..
Click to expand...
Click to collapse
the SPL is the bootloader... not the bootscreen, flash your own splash screen from whatever ROM you like, it's nothing to do with me.
Olipro said:
the SPL is the bootloader... not the bootscreen, flash your own splash screen from whatever ROM you like, it's nothing to do with me.
Click to expand...
Click to collapse
Sorry, I thought that the boot screen could be changed by flashing a bootloader that did in fact contain a boot screen (I thought that some did and some didn't implement boot screens)..
Hello.
Is there ANYWAY to get this spl 1.11 WITHOUT having to do this flash? I did it and STILL can't get the actual rom I want flashed to work. It keeps saying something about it not being able to open the utility or something. And not only that, on top of that, the device won't read any of my sd nor sdhc micro cards. I even tried formatting my 8gb which had a tom tom navi program on it for install and lost all of that info for nothing. Please help.
You can't use an sdhc card to flash an os. You need a 2gb or less sd card. Once an os is on it may be able to read the sdhc card through the software but we couldn't get sdhc cards (or if we could they were too expensive) when the Hermes was released so they didn't bother allowing the bootloader to recognise this.... Unfortunately you wiped tomtom needlessly...
You can put back on though.
You also need Hard SPL ver7 to flash from the sd card.
Cheers...
Hi,
Probably a bit of a newbie question but I can't find a definitive answer anywhere else on the forums. Where is the CID actually stored, is it part of the IPL, SPL or Radio ROM? If I perform and upgrade that replaces the Radio ROM but not the IPL/SPL will this change my CID? If I use the new Linux ROM flasher to dump the radio ROM is it possible to restore my CID at a later date.
The CID is stored on the security area found in radio. When the SPL checks the CID it queries the radio and is it who tells the SPL which is your current CID.
Modified bootloaders such as SSPL or Hard-SPL are patched to always show "SuperCID" when the CID is queried, but they don't "ask the radio" which is your real CID, they just return always "SuperCID" without asking the radio for the real CID.
People who has what we call a "corrupted CID" doesn't really mean their CID is corrupted, it means that when the SPL asks the RADIO which is the device's CID, the radio is not able to answer, so the bootloader shows a "F" meaning Failure and a crc32 checksum of this failure, it this case it is really the radio which is corrupted (and fails to answer) and not the CID. If the radio bootloader is not corrupted (which is not in most of the cases) you are able to flash a radio again and "recover your CID", which means the radio is recovered and returns the proper answer to bootloader again.
Now answering your questions:
sjbale said:
If I perform and upgrade that replaces the Radio ROM but not the IPL/SPL will this change my CID?
Click to expand...
Click to collapse
No, unless the radio is patched to do so... but even the patched radio, doesn't really change your CID, just "returns" a security level=0 which the SPL interprets as SuperCID.
That's why you see your devcice as SuperCID while running the patched radio, but if you flash another radio after, you go back to your normal CID.
sjbale said:
If I use the new Linux ROM flasher to dump the radio ROM is it possible to restore my CID at a later date.
Click to expand...
Click to collapse
No, HERMflasher is able to dump a radio with 'rrbmc' command, but the dumped radio is not useful for anything as not all parts are dumped with this command. I just did it because I wanted to see what was dumped, and learn a bit of C programming with it
Thanks for the info, so as things stand at the moment there is no way to dump a backup version of the IPL, SPL or Radio ROM. If I used the Hard-SPL to flash a ROM without the Radio portion is this likely to cause compatibility problems ie do the updated OS images require an updated radio?
sjbale said:
Thanks for the info, so as things stand at the moment there is no way to dump a backup version of the IPL, SPL or Radio ROM.
Click to expand...
Click to collapse
You can dump IPL and SPL using 'rbmc' command, but there's no need to dump them from a live device because you can extract all available versions from a shipped rom.
sjbale said:
If I used the Hard-SPL to flash a ROM without the Radio portion is this likely to cause compatibility problems ie do the updated OS images require an updated radio?
Click to expand...
Click to collapse
Depending on how much "outdated" radio and "updated" OS you have flashed, but generally you don't have to worry about that.