DB2010 CID49 with SEFP, [CID49 mod for SE Flash Plugin] Options

[den_po]

this is a small, tiny new year gift =)
the attached archive contains:
/SEFP - place all files from this folder into the same folders in the far\plugins\sefp.
*_dcu.49r.ssw - breakin-loader - you should flash this file as main BEFORE using far_manager with any flasher that can flash cid49 (phone_xs, davinci client).
/REST - files for firmware restoring. you should flash one of these files (according your phone's firmware version) with far AFTER using far_manager.

check your phone's firmware version BEFORE flashing *_dcu.ssw.
if it does not work, just reflash main.

here is the "brown" version. it's for FS only, but it work without flashing of breaking-loaders. thanks to afghanjohnny for the loaders


db2020 pack: http://forums.se-nse.net/index.php?s=&...st&p=148288
db2012 pack: http://forums.se-nse.net/index.php?s=&...st&p=152644 (not tested)


- v4 alpha
w300/w810/z550 partial support added. now only FS works, because this phones (at least w810) has an other flash chip type.

- v3.3
use only with sefp v0.10.0.51 (http://sephone.nm.ru/tools/)
now with any erom
w550: breakin-loader from version 3.0

- v3.2
ssw's recalculated
added w550. attention! do not try to use v3.2 with w550 until i check the cause of death phones. use v3.0 instead, flash w550_r2e_dcu.49r.ssw using davinci client, not phonexs/phonexc.

- v2
now FS works

- v1
first version. only FLASH, k750


minifaq:
- please don't wait for db2020 support
- if sefp or some flasher doesn't recognize your phone, reinsert battery and try again
- if sefp says "Error while readCID", install plugin properlу (http://sephone.nm.ru/tools/SEFP010044.zip and then http://sephone.nm.ru/tools/sefp010051.rar over it)
- if sefp says "<BIldr> can be used with Service Cable ONLY", you should patch sefp.dll (sefp0.10.0.51patch.exe inside db2010cid49_*.rar)
- if sefp hangs on "Sending RAW file: cid49run: sent 1 byte(s)", and sefp.log contains
0010 << 42 49 4E 4E 00 80 00 00 48 04 00 00 01 80 00 00
0001 << 52
Waiting for loader hello:
Wait for 89 answer:
0005 >> TIMED OUT!
0005 >> TIMED OUT!
install last cid49addon (db2010cid49_*.rar)
- write rest file only using sefp
- if your phone starts when you trying sefp, you forgot to flash brekin loader (ssw)
- a phone would not work after flashing brekin until you flash rest or main

This post has been edited by den_po: 2007-08-23 11:34

Attached File(s)

 db2010cid49brown.rar.zip ( 376.65K ) Number of downloads: 5715
 db2010cid49_3_3.rar.zip ( 390.16K ) Number of downloads: 8438
 db2010cid49_4_alpha.rar.zip ( 549.08K ) Number of downloads: 37222
 mkrest.rar ( 1.44K ) Number of downloads: 843
 k310_p3k_dcu.49R.rar ( 25.48K ) Number of downloads: 400

 

[Vizzpv]

Thanks a lot and Happy New year !

[afghanjohnny]

Glad to see that someone has picked up the flag with the breakin method again.

I have too litte time to work on it myself this time. Wouldn't it be better 2 work with the PhoneXS team which isn't dead in it's developing? just a thought.

This post has been edited by afghanjohnny: 2007-01-01 12:39

[den_po]

i can work on both sides =)
but what i like in sefp, it's powerful, extensible and very handy instrument

[kondronaute]

i can work on both sides =)
but what i like in sefp, it's powerful, extensible and very handy instrument

yes FAR is wonderfull
thanks i 'll test and tell u

[afghanjohnny]

i can work on both sides =)
but what i like in sefp, it's powerful, extensible and very handy instrument

Yes I agree, but not very user-friendly for the average user

Which header did you use btw, I have a small 9 block CID49 header lying around if you want to use that to make up the binary?

Did you use hendrix code or did you compile it yourself? Im very happy and interested that the USB was initialized correctly.

This post has been edited by afghanjohnny: 2007-01-01 12:41

[jagheterfredrik]

Yup, extremely nice! This is really something.

[harry23419]

this is a small, tiny new year gift =)
only flashmode is works now, but fs will come soon.

the attached archive contains:
/SEFP - place all files from this folder into the same folders in the far\plugins\sefp.
k750w800cid49_r2e_dcu.ssw - you should flash this file as main BEFORE using far_manager with any flasher that can flash cid49 (phone_xs, davinci client).
/REST - files for firmware restoring. you should flash one of these files (according your phone's firmware version) with far AFTER using far_manager.

check your phone's firmware version BEFORE flashing k750w800cid49_r2e_dcu.ssw.
if it not work, just reflash main.
select k750_w800_CID49 script when you start sefp.
k750w800cid49_r2e_dcu.ssw loader does not work with service cable, but i can compile sc version

don't try this with phones that have main firmware base address not equal 44020000 (w810)

will it be possible to use the base address of w810 in sepf soon?

[jagheterfredrik]

Why 0x44020492 ? What's happening there ?? It's in the middle of the config ?

[den_po]

Which header did you use btw, I have a small 9 block CID49 header lying around if you want to use that to make up the binary?

i use my own raw2ssw converter which automatically selects one of about 30 headers =) today i have found DB2010_49R header with 5 blocks =)

Did you use hendrix code or did you compile it yourself? Im very happy and interested that the USB was initialized correctly.

i did all by myself, except the [de]compression routines (aplib by jibz, x86 only, http://www.ibsensoftware.com/)
when the firmware starts, usb is already initialized by erom, just as serial port is initialized by bootrom (with baudrate 115200) when erom starts.
i just have disassembled loader and have found where it examines cable type

will it be possible to use the base address of w810 in sepf soon?

it's in my todo list =)

Why 0x44020492 ? What's happening there ?? It's in the middle of the config ?

flashloader checks superblock size. in my case the superblock contains other data than k750/w800 firmware, so my raw2ssw gets right checksum by bruteforcing its address

This post has been edited by den_po: 2007-01-01 15:12

[harry23419]

is the loader unlocked?
as you have stated it earlier that only hte flash part works nd not the fs.....fs needs loader unlocking...

even if it supports w810....the flashing would be done no doubt but finalization is not possible due to lack on fs support
as using gslide with w810 fw to finalize it dosent seem to work.....so i guess finalization would require phone xs.....

though brute forcing might work for fs

[jagheterfredrik]

I don't think you quite understand, this is a breakin.

[harry23419]

I don't think you quite understand, this is a breakin.

ya sorry...i was overexited about cid49 support...nd forgot that the main trial is to first break cid49....
srry again!

[afghanjohnny]

i did all by myself, except the [de]compression routines (aplib by jibz, x86 only, http://www.ibsensoftware.com/)
when the firmware starts, usb is already initialized by erom, just as serial port is initialized by bootrom (with baudrate 115200) when erom starts.
i just have disassembled loader and have found where it examines cable type

Very nicely done!

best regards
aj

[pasxal]

Worked fine for me,but the problem is that we must flash our phone again,why we dont attach to the firmware the ssw file?This could be easier.I think we can made a vkp patch that will be able to give us the oportunity to do that

This post has been edited by pasxal: 2007-01-01 16:12

[afghanjohnny]

Worked fine for me,but the problem is that we must flash our phone again,why we dont attach to the firmware the ssw file?This could be easier.I think we can made a vkp patch that will be able to give us the oportunity to do that

Well the whole breakin depends on that we flash a loader as firmware over the first blocks of the original firmware... After that when you turn on the phone, the loader can be booted by a command...

And to restore the original firm, we must flash over the "breakin" flashed loader.

This post has been edited by afghanjohnny: 2007-01-01 16:23

[den_po]

is the loader unlocked?
as you have stated it earlier that only hte flash part works nd not the fs.....fs needs loader unlocking...

now the only thing we need for fs, is to load flashloader (patched) and then fsloader (patched, may be cid36 loader) over it

[afghanjohnny]

now the only thing we need for fs, is to load flashloader (patched) and then fsloader (patched, may be cid36 loader) over it

Do you think we can load a brown explorer loader, they are unlocked by default and need no patching? I have uploaded some in the "What do you think about this thread?"

http://forums.se-nse.net/index.php?act=Att...ost&id=3508

http://forums.se-nse.net/index.php?act=Att...ost&id=3509

This post has been edited by afghanjohnny: 2007-01-01 17:28

[glook]

People,sorry for my english, because Im from Russia.
What about far plugin for w550i firmware r4cb020???

[afghanjohnny]

@den_po

Do you have header for brown CID49, because I thjink i just found one.

Edit: Sorry, the header was invalid.

This post has been edited by afghanjohnny: 2007-01-01 20:20