21 replies to this topic

[hecatae]

that looks like the .mbn files from the TPT image

still reading on how to extract

[wbaw]

You want the last 4 too. A few of those files aren't in the original tpt update, but grab them anyway if you can.

[hecatae]

wbaw, on Mar 21 2011, 11:42, said:

You want the last 4 too. A few of those files aren't in the original tpt update, but grab them anyway if you can.

will do, still reading through the 198 page user guide

[wbaw]

hecatae, on Mar 21 2011, 12:05, said:

will do, still reading through the 198 page user guide

Great. Don't forget to post an easy to follow guide with links to the software. This could possibly be used to fix the problem with the new official 2.2 phones.

[hecatae]

going to use the below to see if I can retrieve what's needed

1. MBN-Resourcer = Qualcomm firmware resource viewer
2. QPST - Qualcomm Product Support Tools
3. QXDM - Qualcomm eXtensible Diagnostic Monitor
4. QC BS analizer - similar to mbn-resourcer, but other maintainers
5. BREW Resource editor - it's more for high level programming ...

Quote

FULL_SDRAM dump file with QPST Memory Debug contains AMSS

lets see if I can get that

Edited by hecatae, 21 March 2011 - 01:59 PM.

[fonix232]

Isn't the multi-image downloader a way to flash multiple devices at the same time?
Just asking, I'm not sure!

Also hecatae, can you please send me some DL links to your tools? Can't find most of them :S

[hecatae]

fonix232, on Mar 21 2011, 22:03, said:

Isn't the multi-image downloader a way to flash multiple devices at the same time?
Just asking, I'm not sure!

Also hecatae, can you please send me some DL links to your tools? Can't find most of them :S

sent you a message with everything I'm using, already got a successful memory dump

Edited by hecatae, 21 March 2011 - 10:12 PM.

[oh!dougal]

hecatae, on Mar 21 2011, 22:11, said:

... already got a successful memory dump

Is it straightforward enough for an 'ordinary user' to dump the Gen2 files safely? (And it would probably be a user without English as their first language)

[hecatae]

oh!dougal, on Mar 21 2011, 22:27, said:

Is it straightforward enough for an 'ordinary user' to dump the Gen2 files safely? (And it would probably be a user without English as their first language)

you'd have to boot the device in FTM mode and use QPST 2.7 build 348 to do a full Memory Debug dump, simply a case of choose the same com port as the DFU port is registered to

[hedgepigdaniel]

hecatae, on Mar 22 2011, 09:34, said:

you'd have to boot the device in FTM mode and use QPST 2.7 build 348 to do a full Memory Debug dump, simply a case of choose the same com port as the DFU port is registered to

So are you saying you have managed to extract all the internal memory from a blade? does that mean it will be possible to flash gen1/gen2 files between phones?

Also how do you boot into FTM Mode? is the the one where you hold down both volume buttons or a different one?

[fonix232]

hedgepigdaniel, on Mar 22 2011, 05:29, said:

So are you saying you have managed to extract all the internal memory from a blade? does that mean it will be possible to flash gen1/gen2 files between phones?

Also how do you boot into FTM Mode? is the the one where you hold down both volume buttons or a different one?

As you have a Gen2 device, it is not yet been rooted, flashed with CWM, etc, right?
If so, FTM mode is achieved as recovery mode: hold down the Volume Down button while switching on the phone.
The DFU mode should equal the FTM mode (same debug interface is loaded) what you were talking about (hold down both volume buttons), but I'm not sure it will work!

hecatae, please share the method, so some more experienced Gen2 users can dump their phone -> we can make a TPT of it

[hedgepigdaniel]

fonix232, on Mar 22 2011, 16:39, said:

As you have a Gen2 device, it is not yet been rooted, flashed with CWM, etc, right?
If so, FTM mode is achieved as recovery mode: hold down the Volume Down button while switching on the phone.
The DFU mode should equal the FTM mode (same debug interface is loaded) what you were talking about (hold down both volume buttons), but I'm not sure it will work!

hecatae, please share the method, so some more experienced Gen2 users can dump their phone -> we can make a TPT of it

Ah ok, that clears things up. I have a gen1 blade - I am just curious. The reason I asked is because I Found the admin password for this program in post 45 of this thread, which had a NV backup function that resembled what is at the top of this thread. I tried to use it on my gen1 using both volume buttons boot, and it recognised my phone, but it didn't do anything because it said my phone was in "download mode"

[Slash.it]

Unfortunately , you can't get a raw nand image dump by just using QPST. You can however get a full RAM dump by putting the phone in download mode (by switching it on while holding the Vol+ and Vol- keys) and using revskills. You can then "cut" the obtained image and extract oemsbl & C.

P.S. Diagnostic (FTM) Mode and Download Mode are not the same. While in Download Mode, you can send the phone a bootloader and have it run on the ARM9 (baseband) processor. With a properly written/patched bootloader you have full access to the phone hardware, including the nand. Phone flasher sends its own bootloader (armprgZTE.bin) to the phone and then use it to flash the images... we could patch it to allow nand reading.

P.P.S. NV items contain values that must be stored in a Non-Volatile way (e.g. IMEI, lock status, ...).

Edited by Slash.it, 22 March 2011 - 08:55 AM.

[hecatae]

Slash.it, on Mar 22 2011, 08:53, said:

Unfortunately , you can't get a raw nand image dump by just using QPST. You can however get a full RAM dump by putting the phone in download mode (by switching it on while holding the Vol+ and Vol- keys) and using revskills. You can then "cut" the obtained image and extract oemsbl & C.

P.S. Diagnostic (FTM) Mode and Download Mode are not the same. While in Download Mode, you can send the phone a bootloader and have it run on the ARM9 (baseband) processor. With a properly written/patched bootloader you have full access to the phone hardware, including the nand. Phone flasher sends its own bootloader (armprgZTE.bin) to the phone and then use it to flash the images... we could patch it to allow nand reading.

P.P.S. NV items contain values that must be stored in a Non-Volatile way (e.g. IMEI, lock status, ...).

so what on earth did QPST Memory Debug dump then?

I know Diagnostic Mode and Download Mode are not the same, Diagnostic Mode has a big FTM Icon in the middle of the screen, Download Mode shows a black screen.

Edited by hecatae, 22 March 2011 - 09:16 AM.

[Slash.it]

hecatae, on Mar 22 2011, 10:14, said:

so what on earth did QPST Memory Debug dump then?

You can dump the RAM, but not the nand. In fact, I bet that's what "Memory" in "QPST Memory Debug" means.

[hecatae]

Slash.it, on Mar 22 2011, 09:17, said:

You can dump the RAM, but not the nand. In fact, I bet that's what "Memory" in "QPST Memory Debug" means.

ok, any help you can give with PSAS from revskills would be appreciated

[wbaw]

so ... any idea how to dump the hidden area of the nand? any working method at all?

[hecatae]

wbaw, on Mar 22 2011, 09:24, said:

so ... any idea how to dump the hidden area of the nand? any working method at all?

http://forum.revskil...c.php?f=13&t=36

reversing QC mobiles for beginners

[wbaw]

hecatae, on Mar 22 2011, 09:36, said:

http://forum.revskil...c.php?f=13&t=36

reversing QC mobiles for beginners

That guide tells you what to do with the files once you have them. Unless you mean the easiest way is creating a custom bootloader from decompiled source & hoping it works on a new phone (we wouldn't be able to test it on a new phone without risk of bricking it)?

We need to be able to convince somebody with a new 2.2 phone to get them from a phone, unless we can get an official zte 2.2 update. starting to sound like it might be easier to get a zte update than mess around getting it off a phone.

Edited by wbaw, 22 March 2011 - 09:48 AM.

[hecatae]

wbaw, on Mar 22 2011, 09:44, said:

We need to be able to convince somebody with a new 2.2 phone to get them from a phone, unless we can get an official zte 2.2 update. starting to sound like it might be easier to get a zte update than mess around getting it off a phone.

I'm agreeing with that.