by toenailed
7:25 am in Software development, Windows Mobile by toenailed
i’veĀ made this application 3 years ago, that dumps the FAT IMAGE to a file of any Drive in HIMALAYA WM5 including the MSFLASH, TrueFFS, SD drive etc…
12:18 am in Software development by buzz_lightyear
The Scoter Kitchen team is proud to release the first release of the kitchen.
This kitchen incorporates all the tools used by Oki and the rest of the team to decode, modify, and rebuild ROMs. It includes a help system that is meant to be clear to new users, and useful to old pros. Of course, this is only the first release, and thus will have bugs, and areas in need of improvement.
This Kitchen is based on Bepe’s WM5 Kitchen, and many of his tools.
Special thanks to Mamaich, itsme, machinagod, gmap, buzzlightyear, and many others.
Oki started the initiative, and we in the team are grateful for allowing us the privilege of contributing.
There are also many additional tools not directly used for general ROM analyzing that can be found throughout. The kitchen is designed to be sleek and clear for the new user, while still containing all relevant tools for every part of the build process. This post is one of many across multiple forums. We are opening up development to all, and ask for volunteer translators. We will coordinate through forums primarily, but later plan on PM’s, e-mail, etc. to effectively coordinate further development of the Scoter Kitchen.
In addition, the kitchen is designed to extract most HTC ROMs, but it has it’s limitations in the tools included, and the outlined process which are in the help files. Again, this will become better implemented through the help of the community. Now though this Kitchen is designed primarily for the Scoter, we intend to make this kitchen the primary hub for all PDA customization across all WM5 platforms. This post will be posted on many forums, and since the team members communicate primarily w/ English, we ask that those respond to this thread in English, or at least include an English translation.
12:13 am in Software development by buzz_lightyear
>Dear friends,
make sure, that you will not miss another GREAT Task Manager v2.7 release by DotFred!
It is the greatest tool that i’ve seen.
Even it’s name says, that it is a TaskManager, it does much more than that.
It will tell you exactly, what is running on your PPC.
Here are some features:
- manage running processes and applications
- manage services, with an option to start/stop them
- manage devices
- CPU usage
- manage Windows, display/hide/activate/disable/close/highlight/find them
- notification database management
- ping tools
- IPconfig
- netstat
- and a great RegEditor
- Allows to show only wanted tabs
- Allows to switch tabs by selectable hardware button
see more details on thread page…
THANX DotFred for this wonderful tool
12:11 am in Mobile Security, Software development by buzz_lightyear
Universal SIM Unlock is finally released
and you don’t have to pay a single cent for it.
Unlike some other companies, who are asking horrible money for just few bytes,
you can get it for free here at buzzdev.
More than that, with other solutions, you must send your expensive device to them,
which is quite dangerous itself and you also loose all your data on the device.
Just go ahead and get your free unlocker. Read included ReadMe.txt carefully and you are done in few minutes.
The whole operation is safe, it doesn’t wipe data and configuration of your device.
It also makes your device SuperCID.
MANY THANXS to:
mamaich
for his great finding, which makes this come true.
Everyone please praise mamaich!
itsme
for his wonderfull scripts and efforts put into researching
arc
for providing very special tools and interesting stuff
vijay555
for his constant support on anything
and for being my spokesman :o))
machinagod
for providing usefull stuff and info
mwang
for donating Universal device to me and other support
and all of you guys for being patient :o)))
buzz
Download: UNIVERSAL SIM Unlock v1.0
Read: Forum discussion
11:49 pm in Software development by buzz_lightyear
Full on -> D0
State in which the device is
on and running. It is receiving full power from the system and is
delivering full functionality to the user.
Low on -> D1
State
in which the device is fully functional at a lower power or performance
state than D0. D1 is applicable when the device is being used, but
where peak performance is unnecessary and power is at a premium.
Standby -> D2
State
in which the device is partially powered with automatic wakeup on
request. A device in state D2 is effectively standing by.
Sleep -> D3
State
in which the device is partially powered with device-initiated wakeup
if available. A device in state D3 is sleeping but capable of raising
the System Power State on its own. It consumes only enough power to be
able to do so; which must be less than or equal to the amount of power
used in state D2.
Off -> D4
State in
which the device has no power. A device in state D4 should not be
consuming any significant power. Some peripheral busses require static
terminations that intrinsically use non-zero power when a device is
physically connected to the bus; a device on such a bus can still
support D4.
11:08 pm in Mobile Security, Software development by buzz_lightyear
Hi all,
here’s how to change memory config on WM2k5.
The dump shown in the picture is a HIMALAYA SD card OS ROM dump, so offsets are referring to SD dump including header.
NOT to a nbf or nba or any other file.
Use the standard ways to obtain such dump.
If you don’t know, how to do it, you’d better quit reading this… :o)
Highlighted in blue is “Program memory“, red is “Storage Memory“.
The values are in hex/little endian.
8:17 am in Mobile Security, Software development by buzz_lightyear
You know… Sometimes there is a situation, when someone needs to grab, fast and invisible, a ROM dump off of a device at some exhibition…
Well i wrote this bad and nasty tool to do the dirty work… :o)
all you need is a SD card and this tool.
- rename ‘grab_it_xx.exe’ to ‘autorun.exe’
- create folder ’2577′ on your (empty) SD/MMC/Mini-SD card
- copy ‘autorun.exe’ to this folder
That’s it for the “setup” :o)
Now every time, when you insert this card into PPC it will grab the ROM image and save it into root of the card as ‘dump.bin’.
It will show you a tiny red progress bar at the very bottom of the screen.
Once done, it will beep the default sound.
Message boxes are only shown in case of error.
IMPORTANT NOTE (thanx MDAIIIuser)
YOU MUST NOT put it back into another device after you grabbed the ROM dump!!!
YOU MUST LOCK THE SD CARD FIRST!!!!!
or read the SD with card reader on your desktop PC.
Otherwise, you will rewrite the dump with your own ROM!!!!
This ROM dump file can be then further processed and converted to flashable formats.
it is a real spy tool :o))) i mean 007 kind of… :o)))))
Now there are few new versions.
They are for grabing different amount of ROM.
Please note, that you will need a card which is bigger than the ROM size.
32MB dump -> fits onto 64MB card
64MB dump -> fits onto 128MB card
128MB dump -> fits onto 256MB card
THANX for pieces of mamaich’s code…
Enjoy
buzz
If you are wondering, how it works, grab_it source code is available as well.
12:53 pm in Mobile Security, Software development by buzz_lightyear
Usage:
r [[register] [[=] [hex_value]]]
Display(r0-r15)/Set registers(r9-r11 only) value(s).
When no register is given, all the registers' content are displayed.
When only a register name is given, the content of that register is
displayed.
If the optional value is also given, the register's content is set to
the new value.
'=' sign is always ignored.Usage:
m{bhw} [StartAddr [Count [Filler]]]
Display/Set memory content.
StartAddr can be either a hex_address or a register name
When StartAddr is not given, memory display continues from the
previous address.
When Count is not given, previous Count is used for memory display
Count is initially set to 20 (hex).
If Filler is specified, the memory area is filled with Filler.
** Panic: Internal error (memory display help)
Memory will be displayed/counted as wordsUsage:
l [path_name [startAddr offset ["cp"]]]
Download BIN file across from serial/USB port.
Startaddr offset(MSB bit is a sign bit): Start address offset of every packet in bin file.
When 'cp' is given, it will just compare data of file with ROM image.
When path_name is not given, the file to be downloaded is determined
by ppfs on the host.
Otherwise, path_name on the host is downloaded regardless the ppfs setting.
The file must be in the format of BIN (preprocessed SRE).
The code is auto-launched once downloaded.
Auto-launched is disabled after downloading.Usage: h [command] [full] Helps on command. When no command is given, output a list of normal commands. If "full" option used, display all commands(need password enable). But if one command is given, It will show the command usage method.
Usage:
s StartAddr Count Pattern...
Search Memory for pattern.
StartAddr can be either a hex_address or a register name
The starting address MUST be in valid unmapped space.
The monitor does not validate this address.
Count and StartAddr defines a search region
Patterns can be hex numbers or double quoted strings
A hex number with less than three digits is considered a byte
A hex number with less than fice digits but greater than two digits
is consider a half-word
Otherwise a hex number must contain less than 9 digits and is considered
a word
Up to 8 Patterns can be given in the command line
They are concatenated as a single search pattern.Usage: ew Addr Addr:hex memory address
Usage: ppdl [startAddr offset["cp"]] Startaddr offset(MSB bit is a sign bit):: Start address offset of every packet in bin file. If [cp] is not given: Download the BIN file that assigned by PPSH command line. If [cp] is given: for comparing image difference between download file and data of flash ROM. If parameter is given but not 'cp': Show message when downloading. This download is via parallel port
Usage: map Display virtual address mapping table
Usage: cp reg# OPC_2 CRm [value] Access coprocessor(cp15 only) registers
Usage: lnb nb-file [StartAddr [Length [SkipOffset ["cp"]]]] Download nb file to ROM. StartAddr : Start address for downloading(default=80000000). Length : Length for downloading(default=FFFFFFFF). SkipOffset : SkipOffset for downloading(default=00040000). cp : Compare image with file data only.
Usage: d2s [StartAddr [Len [Type [Append[SkipStartAddr SkipLen]]]]] Backup memory to storage. StartAddr : Start address for backup(0xA0040000). Len : Length of memory will be backup. And if not given value, it will be Total ROM size on board - ((StartAddress & 0x0FFFFFFF) - (ROM base address(0) & 0x0FFFFFFF)). Type : Which storage(cf/sd) type will be selected(cf). Append : Backup methods(a/). SkipStartAddr : Start address of skip area(0x0). SkipLen : Skip length(0x0). Skip area must be less than or equal to one block size of flash. Skip area must not over two blocks, must inside one block. Nand flash: Skip area size need be page boundary. Nor flash: Skip area size need be DWORD boundary.
Usage: s2d Restore memory from storage.
Usage: stress count(Hex) for stress test write six kind of patterns to flash each count count indicates how many loop times do you want to run count inputed is considered as heximal, not decimal.
Usage: shmsg [Row [Col ["String"]]] Show texts on display. Row(hex) : 0 - 17(11). Col(hex) : 0 - 12(C). Text String : The string which will be show on display.
Usage: set [Type [Value]] Set control flags. Type(hex) : Control function types. Value(hex) : Setting values for types. If value is not given, default is 0. Type 0(Echo on/off): 1(on) and 0(off). Type 1(Operation mode): 1(auto) and 0(user). Type 2(Back color on/off): 1(on) and 0(off). Type 3(Inverse on/off): 1(on) and 0(off). Type 4(Front color value): 16 bits data Type 5(Background color value): 16 bits data Type 6(Set color of screen): Fill color to whole screen one time. Type 8(COMM queue flag): 0(TX_RX disable),1(RX enable),2(TX enable) and 3(TX_RX enable). Current flag settings:
Usage: task [Type [Value [Value1]]] Type,Value and Value1 are both DWORD(hex). Value and Value1 are ignore in some case. Type(hex) 0: Do hardware clear boot. Type(hex) 7: Do flash ROM lock/unlock and [value]: 1(lock) and 0(unlock). Type(hex) 28: Format DOC.
Usage: rbmc [FileName [StartAddr [Len]]] Read back the memory content from the specified address to the host and save the data to specified file name. FileName : Full file path for save data of memory(default=c:tempMem.nb). StartAddr : Start address of memory(default(hex)=A0000000). Len : How many bytes will be read. And if not given value, it will be Total ROM size on board - ((StartAddress & 0x0FFFFFFF) - (ROM base address(0) & 0x0FFFFFFF)).
Usage: erase [StartAddr [Len]] Erase the contain of flash ROM. StartAddr : Start address of ROM(default(hex)=a0040000). Len : How many bytes will be erased(default(hex)=40000).
Usage: checksum [StartAddr [Len]] Return CRC checksum of memory. StartAddr : Start address of ROM(default(hex)=A0000000). Len : How many bytes will be calculated. default(hex) = ROM total size - ((dwStartAddress & 0x0FFFFFFF) - (ROM_BASE & 0x0FFFFFFF)) In user mode: Show 4 bytes of CRC checksum value on display of terminal. In auto mode: Send 4 bytes of CRC checksum value to terminal with data format.
Usage:
wdata [StartAddr [Len]]
Write data to memory(if write to ROM, need erase first).
StartAddr : Start address of memory(default(hex)=B00B0000).
Len : How many bytes will be written(default(hex)=40).
Length must not more than 0x20000 bytes(buffer limitation).
Write to RAM: 4 bytes(CRC checksum limitation).
1 byte(in user mode).
Write to ROM: 4 bytes(CRC checksum limitation).
2(16-bit)/4(32-bit) bytes(in user mode).
Write to ROM(16-bit data bus): 32 bytes(writebuffer mode).
Write to ROM(32-bit data bus): 64 bytes(writebuffer mode).
Length must be 4 bytes boundary(CRC checksum) if not in user mode.
After command execute, then send out the data to terminal.
Data format: HTCS(4 bytes)+DATA+checksum(4 bytes, if not in user mode)+HTCE(4 bytes).Usage: info [Type [Value]] Type(hex) 0: Get platform name(16 bytes) and [value](hex) is ignore. Type(hex) 1: Get bootloader version(16 bytes) and [value](hex) is ignore.
Usage: password [string] Enter the password string to enable full help and command functions.
Usage:
prouter [PortID1[Baud1[PortID2[Baud2]]]]
Port Router: Construct data path between two ports.
PortID1: PortID1 number(default=6).
Baud1: Baud rate1 select(default=5).
PortID2: PortID2 number(default=0).
Baud2: Baud rate2 select(default=5).
Port ID: 0(ACTIVE_PORT),1(PPSH_CABLE),2(PPSH_SERIAL2),3(PPSH_PAR1),4(USB_CABLE),
5(ON_BOARD_FFUART),6(ON_BOARD_BTUART),7(ON_BOARD_STUART) and 9(DPRAM_MEMORY).
Baud Rate: 1(9600),2(19200),3(38400),4(57600),5(115200),6(230400),7(460800) and 8(921600).Usage: rroute [UART Path1[Baud Rate1[UART Path2[Baud Rate2]]]] UART Router: Construct data path between Radio and Terminal. UART Path1: UART path1 number(default=1). UART Path2: UART path2 number(default=2). Baud Rate1: Baud rate1 select(default=5). Baud Rate2: Baud rate2 select(default=5). UART Path: 1(FFUART) and 2(STUART). Baud Rate: 1(9600),2(19200),3(38400),4(57600) and 5(115200).
Usage: rtask [Type [Value]] Type(hex) 0: Reset radio and [value](hex) is ignore. Type(hex) 1: Turn on radio, lease use type 3 and 4 instead. Type(hex) 2: Turn off radio and [value](hex) is ignore. Type(hex) 3: Run radio image and [value](hex) is ignore. Type(hex) 4: Run radio bootloader and [value](hex) is ignore. Type(hex) 5: GSM code Burn In (19200). Type(hex) 6: GSM code Burn In (115200). Type(hex) 7: Radio AT Command Debug. Type(hex) 8: GSM trace route.
To start connecting please log in first. You can also create an account.
