I do not plan to "make 10 helpful posts", but i have question for "[HOWTO] GT-I9100 Free SIM Unlock via nv_data.bin by Odia" ( http: //forum.xda-developers.com/showthread.php?t=1064978 ). If moderator thinks, that the question deserves to be in its right place, please move it.
5. If the hash is 7D 3E 17 CF CD 81 6C AC D4 E0 25 FA A6 50 04 FD D1 7D 51 F8 ignore it since that is 00000000
6. Put the hash into the BF exe for example:-
ighashgpu.exe /h:EF63BF26E2382917D96850CCF9632458EE6E6C77 /t:sha1 /c:d /max:8 /min:8 /salt:0000000000000000
and wait for it to finish, do that for each hash which is not zeros, the Found password: [50681318] is the code.
Click to expand...
Click to collapse
I don't understand how sha1 of 506813180000000000000000 is EF63BF26E2382917D96850CCF9632458EE6E6C77
or how sha1 of 000000000000000000000000 is 7D 3E 17 CF CD 81 6C AC D4 E0 25 FA A6 50 04 FD D1 7D 51 F8.
if i do
echo -n "0000000000000000000000000"|sha1sum
i get 8e17426f851a81f65e3626c12d5ba83132207f6f
and
echo -n "506813180000000000000000"|sha1sum
d9d4ec51debfaba4e603003e594705b81a22e2ca
can somebody explain?
Thanks
explanation
I had the same question today, finally found the solution. Similar to you, I have misinterpreted salt parameter in the quoted command example:
ighashgpu.exe /h:EF63BF26E2382917D96850CCF9632458EE6E6C77 /t:sha1 /c:d /max:8 /min:8 /salt:0000000000000000
Salt is not 16 zero digits, but 8 zero bytes (represented as hexadecimal). Try it yourself, note the e parameter of echo (enable interpretation of backslash escapes):
echo -ne "00000000\0\0\0\0\0\0\0\0"|sha1sum
7d3e17cfcd816cacd4e025faa65004fdd17d51f8 -
Related
Hi 2 All!
Please, can you help me in solving with the following problem.
I have download file bootloader.exe to my hp ipaq 1930 and I run it.
Now I see hp logo on white font and some numbers (bootloader version?) 1.07 and under it 1.07
Certainly, hard reset and removing the battery for 2-3 days didn't help. As I was said I need only to run update from big pc. I have another 1930, alive. I made rom-image to sd card using mtyy
Flashing with the card with rom-image didn't help to my injuried 1930
I contacted hp and they said to me that
the rom version for hp1940 1.00.03 is compatible. Then I ran the update, before that changing in the *.nbf file 1940 to 1930 and started flashing. It went to 75% and stoped saying Update error.
Then I was said to fullfill sd card with one symbol (Z). Then I made again a rom-image and I copied all hex values above code Z into a new file. I founf 2 entering starting from FE 03 00 EA and deleted the values above. Then I copied from 1940 nbf the following information^
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
00000000 68 70 20 69 50 41 51 20 68 31 39 34 30 00 00 31 hp iPAQ h1940..1
00000010 2E 31 30 2E 32 30 20 45 4E 47 00 00 00 00 0F F6 .10.20 ENG.....?
00000020 71 77 00 00 0C 01
and in the dress from E1-21 wrote checksum value in 32 bit and length of the file in the addresses from 22-25. Then I copied the file into the folder from 1940 with the name=the name of the *.nbf file in the folder. I started update. It began and stoped on 50% saying "Update eroor"
Are there any ideas? Thanks a lot.
Or perhaps somebody has firmware for 1930/35? Thanks a lot
Maybe these people could help you, they must have the image if they are offering the service.
http://www.ipaqrepair.co.uk/ipaqpart447.html
Thanks. Here is the *.nbf file for 1930. http://www.megaupload.com/?d=HROH0ZOO It must have the same nema, as it is in the folder, where 1940 utiilty unpack it's files.
Copy it where the 1940 romupdateutility unpacked it's files. Then run again the utility
Alva said:
Thanks. Here is the *.nbf file for 1930. http://www.megaupload.com/?d=HROH0ZOO It must have the same nema, as it is in the folder, where 1940 utiilty unpack it's files.
Copy it where the 1940 romupdateutility unpacked it's files. Then run again the utility
Click to expand...
Click to collapse
hello could you please re-upload file?
Rom? where is the rom for 1930? please help me
Hello everyone.
With the development of the New ROM, I decided to describe this and that.
-How to Prepare files and packages.
-How to create stable SYS and OEM.
-XIP Porting (Kernel) - if it succeeds.
-Build/Mod. BLDR/BOOT Section
-Change PagePool
-Etc
Small introduction:
Subject shows the structure of folding and unfolding ROM.
Everything described here are doing at your own risk.
I do not answer with any damage to the device.
Please read carefully and proceed with caution.
Topic applies only Toshiba devices Tsunagi: TG01
Execute Image System:
This step tutorial will be further developed.
Once, I'll add this feature in my kitchen.
Add OEM Apps:
OEM - This package is derived from the *. cab file.
It must include:
- The *. dsm guid the value of the name,
- The *. RGU with the same value in the name, it must be in Unicode encoding.
It must also be free, the last line in the content of the text.
- Application *. exe, *. dll, or library
- A shortcut to the program / library - if it is needed. It is not mandatory.
- Content may be more developed (in the files / programs)
Such a package can be easily added to the root of the OEM.
If, of course, is properly filed
Dependence of the Application, the memory devices.:
How can you distinguish the memory which will hit your application / library?
This differs from the rule:
- Module - that is, a file that looks like a directory goes to RAM.
- File - normal-looking, *. exe or *. dll file, going to Storage memory
Porting XIP (Kernel) and insert this file to Image System:
[TUT][UTIL]Remote Porting XIP
Working good in my kitchen for Toshiba TG01
XPR to LZX Compression:
Open the file os.nb.payload in HEX Editor. Find this Lines:
Code:
F8 AC 2C 9D E3 D4 2B 4D BD 30 91 6E D8 4F 31 DC ř¬,ťăÔ+M˝0‘nŘO1Ü
01 00 00 00 01 00 00 00 01 00 00 00 34 00 00 00 ............4...
08 00 00 00 00 02 00 00 00 10 00 00 58 50 52 00 ............XPR.
And change to:
Code:
F8 AC 2C 9D E3 D4 2B 4D BD 30 91 6E D8 4F 31 DC ř¬,ťăÔ+M˝0‘nŘO1Ü
01 00 00 00 01 00 00 00 01 00 00 00 34 00 00 00 ............4...
08 00 00 00 00 02 00 00 00 10 00 00 58 50 52 00 ............LZX.
Save this file. Get this library -> cecompr_nt.dll, then insert to TOOLS folder from your Kitchen ROM.
Download cecompr.dll and overwrite it in your XIP. Build XIP, build ROM, see results. Now Image System takes less memory.
Small Support
Changes PagePool:
Use PagePool Changer
Porting/build BLDR/BOOT and insert this file to Image System:
[UTIL][UPG] buildbldr
Build Image System:
This function, have a my Kitchen.
Ultra Kitchen Edition - ROM Builder for Toshiba TG01
Modyfications SYS Directory
Remove TimeBomb:
Open file *.rgu from location ->SYS/Shell/, and remove two keys from this registry:
Code:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Shell\DeviceBeta]
"Today"="Beta"
"Expiry"="Expires: %02d/%02d/%04d"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Shell\DeviceBeta]
"About"="- BETA"
Now, Go to location -> SYS/Shell/, open file form module shell32.exe/S000 in HexEditor.
Search string 02 EB 7D 3E, and in both instances 7D change to BB.
from:
Code:
02 EB 7D 3E
to:
Code:
02 EB BB 3E
Remember, this sequence occurs twice
Thanks for Camelio
good idea, may be i'll try to understand something and build an italian version too, even if we are quit lucky with our tg01 'cause it's no brand at all.
Thanks for your great job with developement
Hey Nokser do you create wm6.1 rom for tg01?
Nokserze can you writa Polish version too?
here or in pdaclub forum, but I wont to understand anything, so it's more simple in our's language
Thanks for your job
Yes, of course
When you will to make this tourial? or you can write the tourial for stabil oem's now I want to make a rom but i can't create a stabil oem or a oem that's works... or you can tell me how i must put the oem.
Greats ALcAtRas
I give all my work in this, but first I must port WM6.5.5
Nokser, could we use the information you have gained about our device to port android?
Wm first, then we'll see Android
Nokser said:
Wm first, then we'll see Android
Click to expand...
Click to collapse
You think that is posible?There are a lot of people ho want that.
Everything is possible, but we shall see
Is this guide close to completion or has this been forgotten about?
I not forget.... I must gen. all options build structure ROM
Nokser said:
I not forget.... I must gen. all options build structure ROM
Click to expand...
Click to collapse
MAny of us are waiting for your light...
I know My friend
Small Update Thread
Nokser said:
Small Update Thread
Click to expand...
Click to collapse
Very good: I'm waiting for the next update impatiently. Do you know a good general tutorial, not device specific?
super_sonic said:
Very good: I'm waiting for the next update impatiently. Do you know a good general tutorial, not device specific?
Click to expand...
Click to collapse
You'll see ... if i end this tutorial
@Nokser:Can you help us to unlock t01a .It likes tg01 but it don't have code for unlocking .
Please...
Hi
I just changed some stuff like images in a kernel using Android Kernel Kitchen 0.3.1.
Now I wanna test my changes.
My questions is->
What are worst case scenarios possible?
I am ready to go for boot loops and etc. but are there any consequences that may cause real hard brick of my phone? (Like---> it will never start again! or you need to take it to service center for repair!)?
Jaskaran498 said:
Hi
I just changed some stuff like images in a kernel using Android Kernel Kitchen 0.3.1.
Now I wanna test my changes.
My questions is->
What are worst case scenarios possible?
I am ready to go for boot loops and etc. but are there any consequences that may cause real hard brick of my phone? (Like---> it will never start again! or you need to take it to service center for repair!)?
Click to expand...
Click to collapse
What you can expect are boot loops, inability to get even see the boot splash, non-working wifi/ USB / touch / camera/ anything that needs a driver, random reboots. Personal experience: yesterday I was playing with changing part of the initramfs without changing the whole boot.img. It turns out that I needed to update the header size and checksum. Without this, it would hang for some seconds and then reboot (or not start at all). This was all fixable from recovery.
What can happen if you are not careful is a brick because you flash the wrong partition. Otherwise, you can always enter recovery mode and flash the kernel (for the i9300, it is mmcblk0p5). If you are not sure, look for the magic ANDROID! header:
Code:
# dd bs=64 count=1 if=/dev/block/mmcblk0p5 2>/dev/null | hexdump -C
00000000 41 4e 44 52 4f 49 44 21 80 bc 44 00 00 80 00 40 |[email protected]|
00000010 2e 1e 05 00 00 00 00 41 00 00 00 00 00 00 f0 40 |[email protected]|
00000020 00 01 00 40 00 08 00 00 00 00 00 00 00 00 00 00 |[email protected]|
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000040
So, the absolute worst-case scenario is when you accidentally flash the wrong partition. If you picked your EFS partition and do not have a backup, then your IMEI and stuff are gone.
Note: be sure not to wipe your recovery partition (mmcblk0p6), that requires you restore the recovery using download mode (I have not experienced this yet).
Lekensteyn said:
What you can expect are boot loops, inability to get even see the boot splash, non-working wifi/ USB / touch / camera/ anything that needs a driver, random reboots. Personal experience: yesterday I was playing with changing part of the initramfs without changing the whole boot.img. It turns out that I needed to update the header size and checksum. Without this, it would hang for some seconds and then reboot (or not start at all). This was all fixable from recovery.
What can happen if you are not careful is a brick because you flash the wrong partition. Otherwise, you can always enter recovery mode and flash the kernel (for the i9300, it is mmcblk0p5). If you are not sure, look for the magic ANDROID! header:
Code:
# dd bs=64 count=1 if=/dev/block/mmcblk0p5 2>/dev/null | hexdump -C
00000000 41 4e 44 52 4f 49 44 21 80 bc 44 00 00 80 00 40 |[email protected]|
00000010 2e 1e 05 00 00 00 00 41 00 00 00 00 00 00 f0 40 |[email protected]|
00000020 00 01 00 40 00 08 00 00 00 00 00 00 00 00 00 00 |[email protected]|
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000040
So, the absolute worst-case scenario is when you accidentally flash the wrong partition. If you picked your EFS partition and do not have a backup, then your IMEI and stuff are gone.
Note: be sure not to wipe your recovery partition (mmcblk0p6), that requires you restore the recovery using download mode (I have not experienced this yet).
Click to expand...
Click to collapse
Kk, thanks.
But what do i do if it does not start at all like u said (what i want is that it should at least be able start in recovery or download if possible).
Since its my first time messing with kernel, i am total n00b then
If it cannot proceed to the "normal" boot, then get into recovery by holding Volume Up + Power + Home for ten seconds while booting (I usually do that when I see the Samsung logo end release when it has restarted, showing the logo again (about ten seconds).
From there, use Install from zip (if you have a "update zip" that contains boot.img and some metadata) or (what I do) use adb push to put the image in /tmp/. Then use dd to write the boot image. Example (I use Linux):
Code:
laptop$ adb push boot-new.img /tmp/boot.img
laptop$ adb shell
# cat /tmp/boot.img > /dev/block/mmcblk0p5
Just in case of hardware failure, I also verify the md5sum:
Code:
laptop$ md5sum boot-new.img
laptop$ du -b boot-new.img # determine file size, say 1234
(android) # dd if=/dev/block/mmcblk0p5 bs=1234 count=1 | md5sum
The two outputs must match, otherwise something went wrong (unlikely, but still).
Lekensteyn said:
If it cannot proceed to the "normal" boot, then get into recovery by holding Volume Up + Power + Home for ten seconds while booting (I usually do that when I see the Samsung logo end release when it has restarted, showing the logo again (about ten seconds).
From there, use Install from zip (if you have a "update zip" that contains boot.img and some metadata) or (what I do) use adb push to put the image in /tmp/. Then use dd to write the boot image. Example (I use Linux):
Code:
laptop$ adb push boot-new.img /tmp/boot.img
laptop$ adb shell
# cat /tmp/boot.img > /dev/block/mmcblk0p5
Just in case of hardware failure, I also verify the md5sum:
Code:
laptop$ md5sum boot-new.img
laptop$ du -b boot-new.img # determine file size, say 1234
(android) # dd if=/dev/block/mmcblk0p5 bs=1234 count=1 | md5sum
The two outputs must match, otherwise something went wrong (unlikely, but still).
Click to expand...
Click to collapse
I know all this but what i m saying is that can there be conditions where neither i will be able to boot recovery nor download (even by volume+power+home method)?
Unless you do really stupid things like overwriting /dev/block/mmcblk0 or other partitions on http://cleanimport.xda/index.php?threads/2362743/, you will be safe.
Jaskaran498 said:
I know all this but what i m saying is that can there be conditions where neither i will be able to boot recovery nor download (even by volume+power+home method)?
Click to expand...
Click to collapse
Recovery has it's own kernel. It doesn't use the one you're modifying
-----------------------
Sent via tapatalk.
I do NOT reply to support queries over PM. Please keep support queries to the Q&A section, so that others may benefit
I have problem when i try to unpack boot.img from CM10.1.3 Stable version for I9100G.
I tried many time but It say can't find kernel or ramdisk.
Any body help me please?
Anybody help me please???????????????????????
Very few people post here these days, not even the mods seem to be around. If you want help with this, you're either going to have to be really patient (understatement, don't be surprised if you still don't have an answer in a week), or go ask in the CM discussion thread. Your question isn't exactly a 'Hlap mai fone borked ! Odin don't werk !' type query. There aren't many people who post to S2 forums anymore who can answer this type of question.
So you can either sit in this thread & not get the answers you're looking for, or you can be proactive & seek them out.
I tried to worked out with few boot images before. I dont know what is yours
can you upload it please.
If you have windows it will be easy for you to explore that image in hex editor
That what i know so far is. Open your image in hex editor and look for "error" phrase
and you will find several of that 'error' kernel error header error compression error
im my case it is last one before compressed file. You need to recognize magic of
compressed file it is just after 'error'
Ex.
for gzip is: 1F 8B 0B
for LZMA is: 5D 00 00 00 04 FF FF
you can look for that instead 'error' And then you need to cut of everything before
magic number. Make your file start of that magic number. If you do that you will be able to
decompress it. gunzip file.gz or unlzma file.lzma
or you can use your android to find archive in your boot.img
hexdump -C boot.img | grep '1f 0b 08'
and result is
000046b0 72 6f 72 00 1f 8b 08 00 00 00 00 00 02 03 ac bd |ror.............|
ant then you have hex address 46b0 witch is pointing on first byte of that line. Its 72
hex is not easy to count in your memory so we need to convert it to dec value
echo $((16#46b0))
result is
18096 but remember this addres is pointing on 72. We need address of next 4 byte 1f
so we need to count in a memory then. Addres of 1f is 18100
Its easy now. We need to extract archive from boot.img
dd if=boot.img of=archive.gz bs=18100 skip=1
And then decompress it. Thats not all it is just a clue i hope it will work out for you
I found a com port source to reset Samsung pattern .. but this seems not work on new Android Versions .. any expert help me to work this source with new Android Versions 4.x.x. .. what is new string to write to port for new Android version.
Code:
procedure TF_Main.BsendClick(Sender: TObject);
var
iPos: Integer;
result: string;
begin
if Port.Text='' then
begin
log1.Items.Add('First Select Port!');
exit;
end;
Log1.clear;
MainPort:= Port.text;
ComPort1.Port:='' + MainPort;
ComPort1.BaudRate:=br115200;
if ComPort1.Connected then
ComPort1.Close;
try
ComPort1.Open;
except
Log1.Items.Add('Port COM already open!');
ComPort1.Close;
exit;
end;
if ComPort1.Connected then
begin
Log1.Items.Add('try open Port.....');
end;
WritePort('41 54 45 30 0D 0A');
Application.ProcessMessages;
Sleep(550);
F_Main.ComPort1.ReadStr(result,200);
result:=StrToHex(result);
iPos:=Pos('4F4B',result);
if(iPos >0) then else
begin
Log1.items.Add('Phone no detected,check conection!');
exit;
end;
[B][COLOR="Red"]WritePort('41 54 2B 43 47 4D 4D 0D 0A');[/COLOR][/B]
Application.ProcessMessages;
sleep(100);
F_main.ComPort1.ReadStr(result, 200);
result:= StrToHex(result);
iPos := Pos ('0D0A', result);
if (iPos > 0) then
begin
Model:= hextostr(Copy(result, iPos + 4, length(result)-20));
Log1.Items.Add('Port open sucessfull');
Log1.items.add('[' + Model + ']');
end;
[B][COLOR="Red"]WritePort(' 41 54 2B 57 49 46 49 49 44 52 57 3D 31 2C 30 0D 0A ');[/COLOR][/B]
Application.ProcessMessages;
sleep(100);
F_main.ComPort1.ReadStr(result, 200);
result:= StrToHex(result);
iPos := Pos ('0D0A', result);
if (iPos > 0) then
begin
patternunlock:= hextostr(Copy(result, iPos + 4, length(result)-20));
Log1.items.add('[ Pattern Unlock DONE!!! :) ]');
end;
end;