Branding: T-Mobile US
Subsidy Lock: LOCKED
Version: 1.1.4
Requires RSD Lite 4.5.7.
Requires SBF Recalc 1.2.9.1 to split.
http://rapidshare.co...stomer.zip.html
0
2 replies to this topic
#1 OFFLINE
gani
-
- Banned
-
- 1,940 posts
Total n00b - Banned for life
- Gender:Male
- Location:Germany
- Mobile:W810/W890/2xW595/S302/T650/K810/T707/Nokia 6220c
Posted 30 November 2009 - 11:05 PM
#2 OFFLINE
MikLSP
-
- Admins
-
- 13,980 posts
(/) SE-and-DROID [:]
- Gender:Male
- Location:Lancaster, UK
- Mobile:Xperia X10, W880i (silver), T610 (red), ///T68, CAR-100, VGC-V3S!
Posted 01 December 2009 - 02:44 PM
Thanks for that 
I haven't looked into the CLIQ at all, can it be rooted?
I haven't looked into the CLIQ at all, can it be rooted?
reference: A-Z of Trusted Traders; Leave Feedback; Market Rules
other links: Useful Corporate Contacts; 2.25GB FREE storage
#3 OFFLINE
gani
-
- Banned
-
- 1,940 posts
Total n00b - Banned for life
- Gender:Male
- Location:Germany
- Mobile:W810/W890/2xW595/S302/T650/K810/T707/Nokia 6220c
Posted 01 December 2009 - 08:50 PM
Asimple parser for the CG2. For now it can just extract the CG2 (let's not urge on repacking).
You need .NET 3.5 to run it.
How to use it:
A) Extract the CG2 from the firmware using the new SBF Recalc.
B) Extract the archive and put the CG2 into the same directory. Rename the CG2 to "CG2.smg"
C) Run the bat.
It will produce a pair of files:
*.mbn.header -> that is the header for the section
*.mbn -> that is the file binary
(there is one *.img file)
In the "*.mbn.header" files, there is on offset 0x2E4 the size of the "*.mbn" files (little endian).
"systemsec.mbn" is a yaffs2 image containing the system files. There is signature appended to it therefore if your yaffs2 extractor reports an error, open the file with hex editor, go to the end and search previous "FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF". Then delete everything after the end of the FFs + 0x40 bytes (40 is in HEX, 64 is in DEC). Then it should work flawlessly.
0x300 value is checksum. of the binary (calculated as inverted 32bit sum), 0x304 is checksum of the header.
Subsidy lock request removal will not work (As said in the previous post, more checksums need updating (amsssec.mbn; offset 0x578AFA). btw. it doesn't appear to be signed.
offset 0x300 - count all bytes in the binary and reverse it (32-bit sum)
offset 0x304 - count all bytes in the header, and put a single byte on the 0x304, so the 8-bit sum of the header is 0x00.
So these two checksums for amsssec.mbn must be updated.
You need .NET 3.5 to run it.
How to use it:
A) Extract the CG2 from the firmware using the new SBF Recalc.
B) Extract the archive and put the CG2 into the same directory. Rename the CG2 to "CG2.smg"
C) Run the bat.
It will produce a pair of files:
*.mbn.header -> that is the header for the section
*.mbn -> that is the file binary
(there is one *.img file)
In the "*.mbn.header" files, there is on offset 0x2E4 the size of the "*.mbn" files (little endian).
"systemsec.mbn" is a yaffs2 image containing the system files. There is signature appended to it therefore if your yaffs2 extractor reports an error, open the file with hex editor, go to the end and search previous "FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF". Then delete everything after the end of the FFs + 0x40 bytes (40 is in HEX, 64 is in DEC). Then it should work flawlessly.
0x300 value is checksum. of the binary (calculated as inverted 32bit sum), 0x304 is checksum of the header.
Subsidy lock request removal will not work (As said in the previous post, more checksums need updating (amsssec.mbn; offset 0x578AFA). btw. it doesn't appear to be signed.
offset 0x300 - count all bytes in the binary and reverse it (32-bit sum)
offset 0x304 - count all bytes in the header, and put a single byte on the 0x304, so the 8-bit sum of the header is 0x00.
So these two checksums for amsssec.mbn must be updated.
Attached Files
-
AndroidCG2Parser.rar 3.32K
16 downloads
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
