Database Info

MTTY (How to fix a bad ROM flash!)

Hi,
I didn't see any post about using MTTY on Kaiser.
If I did a bad ROM flash with my previous device (HTC Universal), I could always fix this by clearing the FAT table with MTTY.
Believe me... if you flash and it stops ad 85% you will be very happy if you can use this tool!
Reason I started this thread is to help out people who are having such a problem with there Kaiser!
This is the correct procedure to get you out of trouble
1. Stop ActiveSync, by Task Manager (press Ctrl + Alt + Delete)
kill two processes rapimgr.exe and wcescomm.exe
2. put your device into the cradle
3. Run mtty and Choose WCEUSBSH001 in 'PORT' (if it doesn't show then you didn't stop all active sync processes above!)
4. type "set 16 0" without the quotes to tell bootloader to boot the OS after reset. (for some devices it can also be "set 14 0")
5. type "task 8" to get your device formatted
6. type "task 0" to ask your device reboot
7. take the device out of the cradle, and manually reset it if it does not do that already.
Incase of an emergency it could be very helpfull I think!
Thank you all for providing the input in this thread so I could make this small user manual!
Happy flashing!
Leo

Well... seems like nobody bricked his device yet!
That's cool....

I've read in many places about people using MTTY on thier Kaiser to get it to boot after a bad flash, but I can't remeber where. And I don't know where they got their info from.

I could attach MTTY here but I'm a bit scared if I do is that people going to blame me if they brick there device!
That's why I'm asking someone has experience with it.
It could be usefull for a lot of people.
DaveShaw said:
I've read in many places about people using MTTY on thier Kaiser to get it to boot after a bad flash, but I can't remeber where. And I don't know where they got their info from.
Click to expand...
Click to collapse

You supply a ROM that people can use to Brick thier devices (if they don't Hard SPL).
I suppose that's why they invented Big Red Font's and disclaimers.
If you do decide to post it, I'd get _Alex_ or Mike to add it to the Sticky.
P.S. I have yet to expirence it myself.

Hahaha... yes you are right
Ok I will attache MTTY.
Thanks,
DaveShaw said:
You supply a ROM that people can use to Brick thier devices (if they don't Hard SPL).
I suppose that's why they invented Big Red Font's and disclaimers.
If you do decide to post it, I'd get _Alex_ or Mike to add it to the Sticky.
P.S. I have yet to expirence it myself.
Click to expand...
Click to collapse

MTTY (How to fix a bad ROM flash?)
Is this thread can help you ?
http://forum.xda-developers.com/showthread.php?t=370169
I can't find the original post that talk about the procedure to unbrick kayser with
MTTY.

Hi !
I used it once.
The "info 2" works as designed ;-)
greetz

A clear procedure would be nice so you can unbrick your device easy using MTTY.
Thanks,
tyoine said:
Is this thread can help you ?
http://forum.xda-developers.com/showthread.php?t=370169
I can't find the original post that talk about the procedure to unbrick kayser with
MTTY.
Click to expand...
Click to collapse

Thanks for confirmation!
flushbeer said:
Hi !
I used it once.
The "info 2" works as designed ;-)
greetz
Click to expand...
Click to collapse

If you have a bad flash....that's no reason to worry.
I haven't had to use MTTY to recover.
In most cases, if there's no issues with the Rom itself...you can pop out the battery and re-flash the same ROM from BootLoader Mode. This will also work if for some reason your computer crashes or loses power & restart during the FLASH.
If the Rom has issues.....the flash will not complete and the device will be stuck in BootLoader Mode. At this point,you must FLASH a FACTORY ROM!!
Pop the battery off 1st, power up the device, device will power up in BootLoader Mode, connect to pc & FLASH your devices FACTORY ROM. This will restore your device back to it's original out the box settings.
The above only works if the device has been put through the Hard SPL or SuperCID process.
I personally have never tried to flash a cooked ROM without unlocking any of my devices. From what I've read what others have experienced...the flash would just fail and they're stuck in BootLoader Mode.
Myself ... I've experienced bad flashes, bad cooked roms that I've cooked, lost power to a pc & had my pc crash during a flash. Listed above is how I've recovered. There is life after Bootloader Mode.
The only time you have to worry is if your device does not power up at all
As a public chef...it's your responsibility to set the parameters of your ROM! Meaning, Radio, HardSPL, program conflicts, etc.
You are not ultimately responsible if someone bricks their phone but if they pushed the issue, you could be hit with some form of liabilty because you failed on providing a simple Disclaimer that sets the expectation.
I hope I've been helpful.....

That's clear
Thank you,
Leo

Okay, MTTY is a very useful tool & can help save your butt on many occasions.
A few of those occasions include:
1. Bad flash or installation of HardSPL
2. Bad Flash of a ROM.
There are several other problems that can arise & be mended with the use of MTTY. The most common use is for recovery of any flash process resulting in an RUUBNH error.
For most of these error you want to use MTTY to reboot the low level CE of your device to flush out any bad blocks.
Use of MTTY to recover from these errors is usually simple. The basic outline of how to use MTTY to resolve these errors is as follows:
1. Right click on the quicklaunch activesync icon on the lower left quadrant of your pc. (You can also just open up the A/S program)
2. Select Connection Settings.
3. Uncheck the box labeled "Allow USB Connections" & then Click "OK".
4. Open MTTY & select "USB from the Port options drop down menu.
5. Select RTS/CTS from the Flow Control Settings & click "OK"
6. Pay attention, because for a brief mmoment MTTY wil report whether or not it could establish a port connection to USB. If you are successful, a Command window will open.
7. Hit the "Enter" key on your PC twice. You should then see a command prompt that looks like this "cmd>".
8. At the command prompt (cmd>) you should enter the command "boot".
This will reboot the device & report back about any errors or bad or erased blocks.
9. If your device was just hung, it should be fine after the reboot. If it returns to Boot Loader however, it means there was a problem with bad blocks.
10. If errors were reported & you end up back at the Boot Loader screen, then repeat the "Boot" Comand at the (cmd>) prompt.
It can sometimes take two or three boots to fully recover from RUUNBH errors, so if at first you don't succeed keep trying & remember to keep notes about any errors reported in the MTTY info window.
Other Information: MTTY needs to have full access to the USB port. Some anti-spyware, anti-virus & firewall programs can prevent MTTY from gaining the port access it needs. McCaffee in particular should be temporarily disabled & some firewall programs may also need to be disabled.

don't work damn
this is my pda
RUUNBH
KAIS 130
SPL-1.93.0000
CPLD-8
USB
this is mtty
cmd
Command error !!!
Cmd>boot
Command error !!!
Cmd>

this rom RUU_Kaiser_ATT_WWE_1.51.502.0_Radio_sign_22.45.88.07_1.27.11.31_Internal.exe start, but at 1% kaiser reboot...

anyone know how much htc customer care ???

pedro_se_rooot said:
anyone know how much htc customer care ???
Click to expand...
Click to collapse
When I sent mine in to look at a problem with connecting via 3G, I was quoted:
a) I'm responsible for shipping to the centre in Texas, US. (Don't know if there might be one closer to you).
b) There would be a charge of USD$28 for diagnosing the problem and producing an estimate to fix. They would call me with the estimate.
c) If I agreed to the fix, the $28 charge would be waived and I would be charged the estimated amount.
d) If I decided against the repair, I would be charged the $28 fee.
e) They would also charge for shipping the unit back to me, typically, about USD$50 for North America.
In my particular case, however, they have repaired the phone and shipped it back -- apparently at no cost to me, other than getting it down there. I guess they figured it was a 'in warranty' problem.
/drt

Hi there,
Is your device dead or still responding?
Can you come into bootloader?
Did you follow this step before you connected your device and opened MTTY?
It's very important you do!
1) Kill activesync processes: Ctrl+Shift+Esc in Windows to bring up Task Manager. Kill wcescomm.exe and WCESMgr.exe (by selecting the task on the processes tab, and clicking the End Process button below)
Please tell me?
pedro_se_rooot said:
don't work damn
this is my pda
RUUNBH
KAIS 130
SPL-1.93.0000
CPLD-8
USB
this is mtty
cmd
Command error !!!
Cmd>boot
Command error !!!
Cmd>
Click to expand...
Click to collapse

the device iss not dead (i think) but with Mtty work only info and task 8.
i've follow all the step and killed active sync.

EUREKAAAAAAA
i've follow this guide
2. Stop ActiveSync, by Task Manager (press Ctrl + Alt + Delete)
kill two processes rapimgr.exe and wcescomm.exe
3. put your device into the cradle
4. Run mtty (from downloaded) Choose WCEUSBSH001
5. type "set 14 0" without the quotes to tell bootloader to boot the OS after reset.
6. type "task 28" to get your device formatted
7. type "task 0" to ask your device reboot
8. take the device out of the cradle, and manually reset it if it does not do that already.

Cannot update Radio from Hell 1.65.17.10 : [SOLVED] with FrankenKaiser

May 19th, 2008
With my new and revolutionary tool "FrankenKaiser" you can now finally jailbreak your locked to "Radio from Hell" Kaiser
======================================================
DISCLAIMER: This method involves erasing SPL & OS and requires correct data entry by the user. I will not take any responsibility for any malfunctions and or damages caused by using this method and software.
======================================================
Pay attention: this method will only work on a Kaiser device with radio version 1.65.17.10 (check your radio version in the boot splash screen!)
Note that you can not use copy & paste with MTTY, you must type the data exactly as written in the steps below. If in a step it is said to type a command always type them without the quotes.
Note that during the entire procedure you should uncheck "Allow usb connections" in Activesync.
I have tested the method on my own Kaiser, which was security locked and had original 1.65.17.10 installed. I'm on WinXP btw. GSLEON3 also succesfully unbricked his Kaiser with FrankenKaiser which had radio 1.64.08.21 installed. That should give you some confidence
So read very carefully and apply following instructions:
0) download and unzip the attached files on your PC in a single directory.
It contains all needed to jailbreak or unbrick your device, such as MTTY 1.42, my revolutionary FrankenKaiser program, screenshots to accompany this readme, the appropriate drivers to connect to the radio bootloader ("Drivers MotoQ"), and two softload SPLs (SPL1.56-KAIS-unbricker.nb and sspl-0.92-jumpspl-force-usb.nb)
1) Enter tricolor bootloader and make absolutely sure you have a HardSPL installed (either "olipof" or "1.1.JockyW"). If not you must first install a HardSPL.
2) Connect with MTTY (USB) and type "rtask a" followed by Enter, then type "radata 90000000 1" followed by enter (Note that this is not echoed to screen!!). In some rare cases after "radata 90000000 1" you may see "HTCSUN 0[=(HTCE". When that happens type "radata A0000000 2000"
Close MTTY and replug the USB cable. If you haven't installed them yet, your PC will now prompt you to install three drivers. Do a manual install of the MotoQ drivers. After the drivers are installed look them up in device manager and check which COM port is allocated to "Qualcomm diagnostics interface (COMxx)" => see screenshot "1. device manager search com.JPG" (on my PC it is COM4 but it may be anything else!).
If the driver is connected to COM10 or higher you should reallocate it to a COM port lower than COM10. Go in device manager and rightclick on "qualcomm diagnositcs interface 6000 (com18)". Enter properties -> Port Settings -> Advanced -> Change COM port number to an unused port number below COM10. If you have nothing free below COM10 disable a device which uses a COM and change to that COM port. Reboot your PC afterwards.
3) Remove and reinsert battery and enter tricolor bootloader, and connect with MTTY (USB)
hit enter and when the Cmd> prompt is shown type "task 2a" (this erases SPL, OS and Splash, we used to call that a "hard brick") => see screenshot "2. mtty-tricolor - task 2a.JPG"
After power cycling, the device will now enter the radio bootloader called oemsbl. Utterly the phone will look dead and the display is black, but it is still possible to connect with MTTY using the COM port as found in step 2. I indicate that in the next steps with MTTY (COMn) => see screenshot "3. mtty-com-connect.JPG". Also note that you never have to redo steps 1-3 again.
4) Remove and reinsert battery, switch on and connect with MTTY (COMn). Type "setboot", if you are connected correctly the reply should be "ARM9BootMode:0". If you see nothing check in device manager if the drivers are loaded. If you got the reply to "setboot" you can type "radata 90000000 1" which will put the phone in a special "dload mode". In some rare cases after "radata 90000000 1" you see "HTCSUN 0[=(HTCE" and the phone will not change state to dload mode. When that happens type "radata A0000000 2000" and this time nothing should be returned on screen and the phone changed to dload mode.
Again note that, like in step 2, nothing is echoed to screen!!
Close MTTY.
5) Replug USB cable !!
6) Run FrankenKaiser in a DOS box: FrankenKaiser-V1.9517.exe /dev/com9 SPL1.56-KAIS-unbricker.nb
(note substitute /dev/com9 by the com port indicated by diag driver in device manager, e.g. /dev/com4 on my PC)
You should see:
Code:
=== FrankenKaiser Unbricker for HTC Kaiser (c)2008 by jockyw2001
=== Jailbreaker for the 'Radio from Hell 1.65.17.10'
=== Donations happily accepted, paypal to [email][email protected][/email]
=== ATTENTION: only use this particular version with Kaiser:
=== radio version R1.65.17.10 - oemsbl HTC_BOOT V1.9517
SPL file read
Just be patient while I'm working ...
7e 02 6a d3 7e
Replug USB cable now!
Connect with MTTY and follow instructions !!!
If you don't see "7e 02 6a d3 7e" underneath the line "Just be patient while I'm working ...", you have either not replugged the usb cable, not installed the drivers correctly or type the wrong com port (/dev/comx) in the command line parameters.
=> see screenshot "4. dos box - frankenkaiser.JPG"
7) Run MTTY (COMn) and carefully enter following commands:
echo_on (the reply in MTTY should be "ECHO ON MODE")
setboot 1
=> see screenshot "5. mtty-echo_on setboot 1.JPG"
mb 9de8bc => dump HTC security area
mw 9de8bc 1 31313131 (replaces first half CID by SuperCID "1111")
mw 9de8c0 1 31313131 (replaces second half CID by SuperCID "1111")
mw 9de8e4 1 00000000 (Sets security flag to 0, sec unlocked)
mb 9de8bc => dump HTC security area again and check if CID and security flag are modified in memory
=> see screenshot "6. mtty-mb 9de8bc.JPG"
setinfo
powerdown
=> see screenshot "7. mtty- setinfo - powerdown.JPG"
Close MTTY
At this point your Kaiser is unjailed, security unlocked (and SIM unlocked) and SuperCID Now we need to prepare another run with FrankenKaiser to softload a SPL which will allow us to flash a HardSPL. In principle steps 1-7 need never to be done again.
8a) Unplug usb cable, remove and reinsert battery, replug usb cable and then power on. Connect with MTTY (COMn):
- type "echo_on". (the reply in MTTY should be "ECHO ON MODE". if you see that it means you never have to perform steps 1-7 again. If you don't, something went wrong in steps 1-7 or there is a connectivity problem)
- type "setboot 1" (you should see "ARM9BootMode:1").
- Close MTTY !!
8b) Unplug usb cable, remove and reinsert battery, replug usb cable and then power on. Connect with MTTY (COMn):
- type "echo_on". (you should see "ECHO ON MODE")
- type "dload" to put phone in dload mode.
- Close MTTY !!
9) Replug USB cable and then wait 10 seconds
10) Run FrankenKaiser in a DOS box: FrankenKaiser-V1.9517.exe /dev/com9 SPL1.56-KAIS-unbricker.nb
(note substitute /dev/com9 by the com port indicated by diag driver in device manager).
You should see the lines:
Just be patient while I'm working ...
7e 02 6a d3 7e
FrankenKaiser will prompt you to replug the usb cable. After you have done that you should wait about 10 seconds before proceeding with step 11.
11) Run MTTY (COMn)
- type "echo_on" (you should see "ECHO ON MODE", if not then there is a connectivity issue: close MTTY, unplug usb cable, wait 10 seconds, replug usb cable and repeat step 11.)
- type "setboot 0" (you should see "ARM9BootMode:0")
- type "cego" => tri-color screen should be visible and the reply in MTTY should be "Boot CE manually..." followed on the next line by "Done."
=> see screenshot "8. mtty-setboot 0 - cego.JPG"
If after "cego" you don't see a tri-color bootloader screen, then unplug usb cable and unplug and reinsert battery and try steps 8-11 again.
If still no tri-color screen, then repeat again but this time in step 10 run FrankenKaiser with the other SPL "sspl-0.92-jumpspl-force-usb.nb".
Close MTTY
12) Replug USB cable and flash HardSPL
13) Remove and reinsert battery, enter tricolor bootloader and flash Splash
14) Remove and reinsert battery, enter tricolor bootloader and flash OS
15) Remove and reinsert battery, enter tricolor bootloader and flash Radio
Note: at step 13 it's probably also possible to flash a full ROM update, I prefer to do it bits and pieces.
This I hope shows the power of FrankenKaiser: it manages to unjail, security unlock, SIM unlock and superCID a device which is basically in a bricked state w/o the need to flash a patched radio. Look forward to other FrankenKaiser tools such as a fast SPL loader and radio dumper.
Special versions of FrankenKaiser will be released for the new HTC models Diamond and Raphael and more

Remaining 3 screenshots attached and thumbnailed.
EDIT:
The attached Readme substitutes the one supplied with FrankenKaiser-V1.9517.zip

Might I be the first to say, Job well Done.
Edit:
I do have a question though. My phone is "Security Unlocked" thanks to you. However, I for the life of me cant get SPL1.1 JockyW with AT support flashed to my device no matter what I try. Is it possible to change SPL with this new Krankenkaiser software. Right now I have 1.0.Olipof SPL. Sorry, this might be the wrong thread. Just looking for a solution.

Thanks for the hard work. Seems like a daunting task to get it unlocked, but at least we have a method! Off to try it out!
Thanks again,
J

Wow. Good job man. Congratulations.

Well done brother

Thanks for your epic effort, will try when I get home.
Btw, read through your post twice and am confused with battery removal/reinsertion. First mention is remove and reinsert in same step, then later is reinsert without previous mention of remove. Lastly, reinsert. and again. and again. I'm really paranoid about digging myself a deeper hole...could you please clarify?

thanks for such a awesome tool and for your efforts.
p.s. i already security unlocked myself using ur tools so i fear no radio

P1Tater said:
Might I be the first to say, Job well Done.
Edit:
I do have a question though. My phone is "Security Unlocked" thanks to you. However, I for the life of me cant get SPL1.1 JockyW with AT support flashed to my device no matter what I try. Is it possible to change SPL with this new Krankenkaiser software. Right now I have 1.0.Olipof SPL. Sorry, this might be the wrong thread. Just looking for a solution.
Click to expand...
Click to collapse
if my 2 cents count i had to downgrade to wm6 to get it to work for me ...
haven't tried frankenkaiser so i don't know if that will do the trick.

thesire said:
if my 2 cents count i had to downgrade to wm6 to get it to work for me ...
haven't tried frankenkaiser so i don't know if that will do the trick.
Click to expand...
Click to collapse
I will give it a shot. I'll know more in a few.

well done!
seems like this is the ultimate tool for the Kaiser!

Good job
Many thanks, now i have radio 1.65.14.06

You are a genius!!!
I was really worried about all of the mtty commands, but your instructions were clearly written and easy to follow.
Thank you!
.....
NO MORE RADIO FROM HELL!!!!!!! WHOOOHOOOOO!!!!!!!!

Just to be absolutely sure...
You say 'Only works on Kaiser devices'. Might be a stupid question but having been burned once I make sure before I do anything now.
This WILL work on a Tilt right? Not just a Kaiser?

now I got a windows problem. When trying to manually install these drivers, windows find some random newer drivers on my system that possibly might not be the same drivers as the MotoQ. I think I gotta uninstall these drivers and choose the motoQ drivers. How do I do this?

dwsco said:
You say 'Only works on Kaiser devices'. Might be a stupid question but having been burned once I make sure before I do anything now.
This WILL work on a Tilt right? Not just a Kaiser?
Click to expand...
Click to collapse
Please read the Wiki ... Kaiser is a Tilt!!!
If you dont know this ... do not use this tool!

i get to the CEGO step, and my screen is not coming back on.. i followed instructions.. i had 1.1.JockyW spl on my device prior to flashing..
Code:
C:\FrankenKaiser-V1[1].9517>FrankenKaiser-V1.9517.exe /dev/com5 SPL1.56-KAIS-unbricker.nb
=== FrankenKaiser Unbricker for HTC Kaiser (c)2008 by jockyw2001
=== Jailbreaker for the 'Radio from Hell 1.65.17.10'
=== Donations happily accepted, paypal to [EMAIL="[email protected]"][email protected][/EMAIL]
=== ATTENTION: only use this particular version with Kaiser:
=== radio version R1.65.17.10 - oemsbl HTC_BOOT V1.9517
SPL file read
Just be patient while I'm working ...
7e 02 6a d3 7e
Replug USB cable now!
Connect with MTTY and follow instructions !!!
Code:
C:\FrankenKaiser-V1[1].9517>FrankenKaiser-V1.9517.exe /dev/com5 SPL1.56-KAIS-unbricker.nb
=== FrankenKaiser Unbricker for HTC Kaiser (c)2008 by jockyw2001
=== Jailbreaker for the 'Radio from Hell 1.65.17.10'
=== Donations happily accepted, paypal to [EMAIL="[email protected]"][email protected][/EMAIL]
=== ATTENTION: only use this particular version with Kaiser:
=== radio version R1.65.17.10 - oemsbl HTC_BOOT V1.9517
SPL file read
Just be patient while I'm working ...
Replug USB cable now!
Connect with MTTY and follow instructions !!!
Code:
echo_on
ECHO ON MODE
setboot 0
ARM9BootMode:0
cego
Boot CE manually...
Done.
i can also still communicate via mtty

NetrunnerAT said:
Please read the Wiki ... Kaiser is a Tilt!!!
If you dont know this ... do not use this tool!
Click to expand...
Click to collapse
As I said in my original post. I know a kaiser is a Tilt and visa versa... but I also know that doing something like this process is very device specific. I have read the Wiki and everything else and if you check up on any of my other posts you will know I'm not the kind of person that asks inane or pointless questions. If the devices were IDENTICAL and there were no differences, there wouldn't be a Tilt specific Wiki, and they wouldn't have different names.
I'm not looking for hand holding or walk throughs, just askling a simple question. As you imply by your "if you don't know this, don't use this tool" comment, this is not something to be approached lightly and without full knowledge of the possible repercussions.
I don't believe my question was unreasonable, and I don't believe I'm going to take the type of answer you have provided as a valid one either. What you're saying is similar to saying hey, it's a Ford Mustang so of course you can use any Ford Mustang Cam, and if you don't know that you shouldn't be trying to change the cam... obviously wrong and obviously very unhelpful.
I don't believe verifying a tools proper use is being ignorant... just careful.
'nuf said.

Okay, so I was got as far as the end of step 2, just loaded the drivers (my computer loaded them as the BenQ drivers as well, don’t know what that’s about) and then had a power outage (apparently a bird landed on something it wasn’t supposed to and knocked power out for about 5 minutes, how very Alaska right?) Anyway, now I’m stuck cause the screen remains black. The power comes on and the computer shows the device connecting, but I can’t do anything. So I don’t know how screwed I am or not, but I don’t know where to go from here. So if anyone has the time or desire to help me out I’m online @ scotchua2000 for AIM and [email protected] for MSN, and of course I’ll be monitoring any posting on here. Thanks.
***sucessfully unlocked***

Qualcuno che parla italiano? ho un problema, ho eseguito la procedura ma mi si è bloccato. ora non si accende lo schermo resta la luce verde..... il pc riconosce che è collegato (vede i driver qualcomm).. aiuto...

SPV-Services

Today I'll try to flash another rom that I have but when I run SPV-Services It doesnt found a page in the internet!!- connection to the internet is normal

check your firewall, turn it off if you can

I doesn't use it!

Open Microsoft Active Sync, click File -> Connection Settings -> where it says this computer is conected to: usaully is automatic change to internet

I make so ,and I downloaded new one from karhoe's website but the same problem!! Can you try to run SPV-services?? or can your send me your one by the ICQ??? I make SuperCID when I flash previous rom but now I can't!

Oh....when I try http://www.spv-developers.com it also doesn't work!! Maybe trouble in this?

If I SuperCID my phone when I flash the previous rom, can I skip this step for the next roms?

spv-developers is not always online...

Hey recently happened to me the same with svp however If you SuperCID your phone before you'll be able to skip this step but to be sure that your phone have SuperCID check it with TeraTermPro, I guess you know the steps if not they are:
1.Disable usb connection of the ActiveSync(Uncheck allow usb connections).
2.Unplug usb cable.
3.Turn your phone off.
4.Press the camera button and plug the usb cable(You'll see thw white screen and seconds later the three color screen.
5.Run TeraTermPro.
6.Select Serial and in port: USB then ok
7.Type: info 2
and if in the end of the list you see supercid htc or something like that it's done!!
Close TeraTermPro and just run any ROM you want and voilaa!!
Hope this be useful for you.
However if you don't see your phone superCID tell me and I'll tell you how to do it without svp services. By the way if you dont see you supercid your phone to get back to the phone OS just remove the battery and turn it on.
See ya from Mexico!

Hey check my post http://forum.xda-developers.com/showthread.php?t=412139 Hope you reach SuperCID your phone!!
See ya from Mexico

Tera Term says:GetDeviceInfo=0x00000002
+ SD Controller init
- SD Controller init
+StorageInit
***** user area size = 0x3B880000 Bytes
HTCSSuperCID ' HTCE
as I know it means that device already SuperCIDed!?

Please help!
First SPVServices cannot connect to the remote site.
Then, I tried the alternative using Unlock_SuperCID_Your_SPV_C500_550_600.rar. Followed every step exactly. When I run Lokiwiz.bat, here is the output from the MSDOS window:
....
--------------------
U. Unlock
L. Lock
C. CID Unlock (SuperCID)
Q. Quit
--------------------
Type the letter and press Enter: C
CID unlocking mobile... DO NOT DISCONNECT UNTIL THE PHONE REBOOTS!
ERROR: Unable to open WinCE file '\windows' - Returned by WSARecv or WSARecvFrom
to indicate the remote party has initiated a graceful shutdown sequence.
opening: lock_backup.bin: No such file or directory
This exe file was created with the evaluation version of Perl2Exe.
For more information visit http://www.indigostar.com
(The full version does not display this message with a 2 second delay.)
...
Then, I just try invoking pdocread manually, regardless of what command line argument I put, or no argument at all, the response is always the same " ERROR: Unable to open WinCE file '\windows' - Returned by WSARecv or WSARecvFrom to indicate the remote party has initiated a graceful shutdown sequence."
From ActiveSync, I do see \windows, but as a directory, not a file. Anyone got any inside or suggestions?
PLease, please help! Thank you so much!!!
/dan

[HELP!] My NAND is faulty. What can I do?

Hi there! This was my experience with Android:
http://forum.xda-developers.com/showthread.php?t=792004
I had a couple problems when I was with WM. Sleep of death and so on.
Changed SD card and it seemed to be working fine.
Now, I need my phone so switched back to WM.
Install wizard went fine. But now it doesn't boot
Linux Kernel keep saying me "block xxx bad" where xxx is a number (578, 543 and 643).
What can I do?
Pleeease help! =(
Thanks a lot!

hi
same thing nappened on my polaris 200. 2 bad blocks on nand. android works fine. task 28 helps (format nand). is there a solution to skip bad sectors?

ion_plugged said:
same thing nappened on my polaris 200. 2 bad blocks on nand. android works fine. task 28 helps (format nand). is there a solution to skip bad sectors?
Click to expand...
Click to collapse
Android works, too. But it doesn't take too much to hang and start with those force-closes errors.
I did task 29. I don't know if it's the same.

Hi! I was out for exams at University.
Last thing I tried was doing task 2a at MTTY.
I know, BIG BIG mistake. Polaris is dead since then.
I'm living now with a Siemens [email protected] LOL.
Is there any new with this? Is there any procedure I can do to bring it back?
I don't have enough money to send it to service

Seems the polaris gets to an end because of hardware reasons.
i have the first bad block as well.. dont know.. i cant get wifi to work atm i hope its working after wimo flash again.
As far as i know after your 2A the device is dead.
I think repair would be more than buying a new device.
Maby you can try your luck on a wildfire. Here in germany was a action, offering it for 100€ and many people bought more thanh one device to set it on ebay.

Moved of: HTC Polaris: Touch Cruise > Touch Cruise ROM Development
To: HTC Polaris: Touch Cruise > Touch Cruise General
Please put your questions to: Touch Cruise General

dertester123 said:
As far as i know after your 2A the device is dead.
Click to expand...
Click to collapse
There is a patched version of frankenkaiser for the polaris to recover from a task 2a.

dertester123 said:
Seems the polaris gets to an end because of hardware reasons.
i have the first bad block as well.. dont know.. i cant get wifi to work atm i hope its working after wimo flash again.
As far as i know after your 2A the device is dead.
I think repair would be more than buying a new device.
Maby you can try your luck on a wildfire. Here in germany was a action, offering it for 100€ and many people bought more thanh one device to set it on ebay.
Click to expand...
Click to collapse
I read somewhere that bad blocks are common, even if the device is brand new. The point is that it seems there are certain blocks that cause bad functionality if they're damaged. :/
Buying a new phone isn't a solution for me, since I don't have enough money for that.
mmelo76 said:
Moved of: HTC Polaris: Touch Cruise > Touch Cruise ROM Development
To: HTC Polaris: Touch Cruise > Touch Cruise General
Please put your questions to: Touch Cruise General
Click to expand...
Click to collapse
You're right, wrong forum.
Thanks for moving!
meknb said:
There is a patched version of frankenkaiser for the polaris to recover from a task 2a.
Click to expand...
Click to collapse
I tried the patched version made by jpg001. But it gets stuck in
Code:
Just be patient while I'm working ...
7e 4e 7e
I'll give a try again tonight with every FrankenKaiser version possible.
I really need my Polaris back

Those numbers don't look right
Code:
Just be patient while I'm working ...
7e 4e 7e
are the motoq drivers installed ?are using the right port ? don't try another frankenkaiser version as they will flash the kaiser spl which won't work you need a copy of a original spl.nb.

meknb said:
Those numbers don't look right
Code:
Just be patient while I'm working ...
7e 4e 7e
are the motoq drivers installed ?are using the right port ? don't try another frankenkaiser version as they will flash the kaiser spl which won't work you need a copy of a original spl.nb.
Click to expand...
Click to collapse
That happens in step 10.
MotoQ drivers installed works with mtty, QPST and the step 7 of the guide.
I'll try downloading new ones tonight

The drivers seem fine if you can connect with mtty ect.What is your SECU_FLAG "security unlocked" in mtty try setinfo 8,the button combo for 8b is keep your finger on the green send button and the power button,that will boot into oemsbl on a security unlocked polaris.

meknb said:
The drivers seem fine if you can connect with mtty ect.What is your SECU_FLAG "security unlocked" in mtty try setinfo 8,the button combo for 8b is keep your finger on the green send button and the power button,that will boot into oemsbl on a security unlocked polaris.
Click to expand...
Click to collapse
Thanks A LOT for your response.
I'm not at home right now. Tonight I'll post the results, but as far as I remember, every field was blank.

Faulty nand
Well i am here after a task 2a. android and wm wont flash, redio did not change and i formated the nand. i have moto q drivers and i am connected to mtty but i don't have a workuing frakin kaiser for polari (some dll mising and corrupted archives) and i don't have an original spl. from where can i take one?

meknb said:
The drivers seem fine if you can connect with mtty ect.What is your SECU_FLAG "security unlocked" in mtty try setinfo 8,the button combo for 8b is keep your finger on the green send button and the power button,that will boot into oemsbl on a security unlocked polaris.
Click to expand...
Click to collapse
Ok, this is my output:
Code:
SetHTCRegionInfo: block=0, CID=, PID=, IMEI=, SECU_FLAG=0
oemsbl 1
Later I'll screenshot every step. Maybe I'm doing something wrong.
ion_plugged said:
Well i am here after a task 2a. android and wm wont flash, redio did not change and i formated the nand. i have moto q drivers and i am connected to mtty but i don't have a workuing frakin kaiser for polari (some dll mising and corrupted archives) and i don't have an original spl. from where can i take one?
Click to expand...
Click to collapse
Here you are:
CYGWIN1.DLL: http://www.mediafire.com/?l7m92ix5cdknmum
And for SPL, you should extract it by using "NBHEXTRACT" (search this forums for it), and run it with your stock ROM. It will give you the original SPL file.
Regards!

Sorry for double-posting. I'm acting like a total noob. I am.
This is what I did:
Notes:
- I usually get some error after typing the first command.
- CYGWIN1.DLL used is the same as I posted before. Got it from the Internet.
4) Connect MTTY COM4.
Type "setboot".
Type "radata 90000000 1". Nothing is echoed to screen.
Close MTTY.
5) Replug USB cable.
(I called FrankenKaiser.exe as fkaiser, for faster typing)
6) Run FrankenKaiser in a DOS box: fkaiser.exe /dev/com4 SSPL.nb.
Got "7e 02 6a d3 7e"
Replug USB cable.
7) Run MTTY and type:
Code:
echo_on
setboot 1
mb 9debbc
mw 9debbc 1 31313131
mw 9debc0 1 31313131
mw 9debe4 1 00000000
mb 9debbc
(as I did this many many times, nothing is changed).
Code:
setinfo
powerdown
Close MTTY
8a) Unplug usb cable, remove and reinsert battery, replug usb cable.
Connect with MTTY:
Code:
echo_on
setboot 1
Close MTTY.
Uploaded with ImageShack.us
8b) Unplug usb cable, remove and reinsert battery, replug usb cable.
Connect with MTTY:
Code:
echo_on
dload
Close MTTY.
Right before "dload" command, I'm pressing Send (green button) and power button all togheter.
9) Replug USB cable and then wait 10 seconds.
10) Run FrankenKaiser in a DOS box: FKaiser.exe /dev/com4 SSPL2.nb
NOTE: My SSPL2.nb was extracted from HERE (XDA FTP) with NBHExtract.exe.
Get "7e 4e 7e", not "7e 02 6a d3 7e"
11) Replug USB cable, wait 10 seconds.
Run MTTY:
Code:
echo_on
setboot 0
cego
Pressing camera button right before typing "cego".
MTTY doesn't show anything. Typed 3 times "echo_on", and nothing. Tried anyway to proceed, but unsuccessfully .
Here is the link of the extracted SPL from the original ROM, and the extracted SMI.BIN from QPST, if it helps for something.
Original SPL: http://www.mediafire.com/?pt4958k9isw77k2
SMI.BIN: http://www.mediafire.com/?bmupdccl78sicu0

Your phone is security unlocked so you wont need to run the mb mw commands in step 7 again that's just for security unlocking, its just step 10 where it's failing you could try setboot 1 before dload ie
Code:
echo_on
setboot 1
dload
Do you know which radio version you have?

meknb said:
Your phone is security unlocked so you wont need to run the mb mw commands in step 7 again that's just for security unlocking, its just step 10 where it's failing you could try setboot 1 before dload ie
Code:
echo_on
setboot 1
dload
Do you know which radio version you have?
Click to expand...
Click to collapse
Thank you very much for your response.
As MTTY says, my radio version is 1.59.46. It should work with FrankenKaiser.
Maybe the SSPL2.nb I'm using is not the correct one.
I'll try right now
EDIT: I tried with setboot, without doing all the steps, but FrankenKaiser keeps me throwing "7e 4e 7e".

The only other thing i can think of is try booting with the power button and the end key "red one" i cant remember what mode that boots.If you have qpst you can check what mode your phone is in once you find out its in dload mode run frankenkaiser.
The original spl's are all here

meknb said:
The only other thing i can think of is try booting with the power button and the end key "red one" i cant remember what mode that boots.If you have qpst you can check what mode your phone is in once you find out its in dload mode run frankenkaiser.
The original spl's are all here
Click to expand...
Click to collapse
You're right, thanks. I'll check with QPST which mode is my phone in.
By now, I tried the following combinations:
Power + Camera + Send
Power + Camera + End
Camera + Reset press
And still "No phone". I'll let you know any news
EDIT: Tried every combination possible, still nothing.
When i enter "dload", any command written on mtty won't response. And QPST still saying "No Phone".
I know the device is security unlocked because if I write "h" I get this command list:
Code:
For a help screen, use command ? or h
Available monitor commands are:
? [command]
h [command]
mb [StartAddr [Count [Filler]]]
mh [StartAddr [Count [Filler]]]
mw [StartAddr [Count [Filler]]]
setboot [0/1/2/3]
setatcmd [0:SIO/1:UART/2:USB/3:DPRAM]
setsmdloop [0:disable/1:enable]
setmpatch [0x1: CPU Freq/0x2: acoustic/0x4: simdoor/0x8: RTC]
setiot [0:Disable/1:Enable]
eraseall [erase all setting flags]
setdiag [0:USB/1:UART/2:DPRAM/3:SIO]
partition
checksum
format
setinfo
readadc
cego
setgpio
getgpio
gpio
version
powerdown
platformid
radata
showexplog [n]
usbdppulldown [n]
usbdmpulldown [n]
usbdppullup [n]
usbdmpullup [n]
Headsetpullhigh [n]
rfid
wpmic [PM_VREG] [0/1]

Have you checked the port's on qpst under add new port untick show serial and usb/qc diagnostic ports.I've just checked on mine if i power on with my finger on the end key it say *download* in qpst.

Frankenkaisers for different radio versions

In this threat i gonna upload some patched frankenkaisers for different versions.
With "FrankenKaiser" you can unbrick "task 2a" bricks:
There is no SPL, Splash and OS present as "task 2a" formats the entire application area.
Before FrankenKaiser there was no method available to unbrick and therefore they were called "hard bricks"
With frankenkaiser you can also revive kaisers where you don't see anything on it but is detectable (after turning on your device) in windows as an other device:
you got stuck in the OEMSBL and you can only talk to your device with mtty.
Credits goes to Jocky Wilson who created the original frankenkaisers. (Paypal to [email protected])
I've only changed them to work with different versions.
These versions are created at forum user requests.
Method to dump your rom:
1. connect your bricked phone and power it on
2. connect with MTTY to diag port COM#: (look up # in device manager)
3. type "radata" followed by enter (you'll see a parameter error message)
4. type "GO2AMSS" followed by enter
5. your phone should now change to "QC download mode"
6. use "QPST Memory Debug" tool to dump smi.bin and ebi.bin
7. zip smi.bin and upload it to Rapidshare (or any fileshare service) and send me the link
oemsbl: V1.9309
Radio: V1.71.09.XX
Verified.

oemsbl: V1.9519
Radio: V1.70.19.XX
20110823: new version uploaded

oemsbl: V1.9529
Radio: V1.65.29.21

oemsbl: V1.9518
Radio: V1.70.18.xx

Frankenkaiser for other versions can be created in this thread

Excellent work massivekid, just what I needed to fix the 600+ bad blocks on my spare Kaiser! Thank you!
You da MAN!!!

Turns out I cannot use any of this because my laptop has NO COMM ports.
Unless I can find a USB to serial adapter and force a COMM port, I'm stuck.

You don't need a com port. If your phone is in OEMSBL then it will ask for a different driver. This driver will create a virtual com port on your computer thru USB.

First of all, thanks for creating frankenkaisers for different radio versions,
but I need some help, my radio is version V1.71.09.XX, I did all the steps to rescue the phone up to step 11, and when I connect the usb to computer, windows shows an error and wont recognize the usb connector, not allowing me to flash the hard spl through usb. would be absolutelly happy if you would help me solving this.

Do you see the tricolor screen?
Did you disconnect and reconnect the usb cable again and do you see USB on the tricolor screen?
if no usb is seen, redo steps 7-10 again (after pulling your battery) but this time in step 9 run FrankenKaiser with the other SPL "sspl-0.92-jumpspl-force-usb.nb".
this will force usb detection.

i redid steps 7-10 at least 10 times already, tri-color screen shows up with the first spl and gives problem when connecting the usb, when I try the 0.92 spl the screen stays black (I tried connecting the usb even with it staying black and the same error message showed up)
*During the whole step by step the only difference I saw between my results and the screenshots was the oesmbl version on screenshot 7, where instead of a "2" there was a "1"

And did you tried the "sspl-0.92-jumpspl-force-usb.nb" at step 9?

If you enter mtty and type ? or h what is the output of the command?
if you see a lot of commands, then your device is security unlocked.
the "sspl-0.92-jumpspl-force-usb.nb" file is to force USB connection so you can connect with usb.
If that doesn't work, try with the original spl and after cego, pull the usb cord quickly and if the tricolor appears, try to connect the usb again.

after typing "h"
Available monitor commands are:
? [command]
h [command]
mb [StartAddr [Count [Filler]]]
mh [StartAddr [Count [Filler]]]
mw [StartAddr [Count [Filler]]]
setboot [0/1/2/3]
setatcmd [0:SIO/1:UART/2:USB/3PRAM]
setsmdloop [0:disable/1:enable]
setmpatch [0x1: CPU Freq/0x2: acoustic/0x4: simdoor/0x8: RTC]
setiot [0isable/1:Enable]
eraseall [erase all setting flags]
setdiag [0:USB/1:UART/2PRAM/3:SIO]
partition
checksum
format
setinfo
readadc
cego
setgpio
getgpio
gpio
version
powerdown
platformid
radata
showexplog [n]
usbdppulldown [n]
usbdmpulldown [n]
usbdppullup [n]
usbdmpullup [n]
Headsetpullhigh [n]
rfid
wpmic [PM_VREG] [0/1]
the "sspl-0.92-jumpspl-force-usb.nb" gives only blackscreen on the phone, no tri-color.
I`ll try the first spl and take out the usb quickly.
Same result after pulling usb quickly after doing the command "cego"
Tried the same with sspl-0.92 and the blackscreen apears the same way, and the error message on windows is the same:
(translation might no be exact because my windows is in portuguese)
"One of the usb devices connected to this computer had a problem and windows can not recognize it. to get help click on this message.
After clicking it shows a windows with a root usb hub, 4 usb doors being one of them the one where the phone is connected with a red X before it.
Ps.: I`m not exactly sure, and I don`t know if this might influence on anything, but if I remember right, when first unlocking my phone, the JumpSPL1.56-KAIS.exe wasn`t effective, I needed using one of the other 2 jumpspl available on that thread.

With "sspl-0.92-jumpspl-force-usb.nb", you can also try after cego to press and hold camera to enter tricolor bootloader mode
Also you can try this spl: SPL3.56-patch-nostuckinSPL-FORCEUSB.nb at step 9?
Just unzip it in your folder and use it.

when using the sspl0.92 it wont go out of the blackscreen (even holding camera button), and the same error message is shown on usb
when using the new spl3.56 the usually blinking green led stay orange after the cego command and the screen stay black, tried holding the camera button, to no effect in either "spls".
Same usb error on three spls...

The error states that the device is halted and is not handling usb functions anymore. The one that has the tricolor screen, should work, but some devices are not detecting the usb correctly. Therefore the usb force spl are created.
I'll try to find out how we can overcome this...

thank for your attention and taking your time to help me, hope you can find a solution, surelly you will help many kaiser owners that got many "bad blocks" in memory...
(shouldn`t ever have tried to put android on nand...)
keep me informed on any kind of progress and let me help you on testing.

Ok, try this one:
Remove and reinsert battery, then hold the send button and power on. Connect with MTTY (COMn) and this time enter "dload" to put phone in dload mode Continue with step 9.
Try SPL1.56-KAIS-unbricker.nb then or sspl-0.92-jumpspl-force-usb.nb

tried it, no letters under the: "Just be patient while I'm working ..."
believe the phone hunged up, will try again.
(also tried using the send button whenever turning the phone on in the steps 7 through 10, nothing different happened, I believe the jumpspl can only be loaded while in setboot 1 I`m thinking about trying to use "cego" without typing setboot 0 before...)
Phone will absolutelly lock if I dont enter setboot 1 in the step before typing dload,
frankenkaiser isn`t able to access it (no letters under te message to wait) and it locks after the frankenkaiser attempt (wont accept mtty commands), removing battery returns to "normal" (as in dead kaiser).