Help: New SPVs from Smart has v1.09 bootloader

[Guest BrAGoL]

it surely will be... ;)

mind to ask, does anyone here tried to do the downgrade and unlocking of version 1.09?

[Guest sonborj]

@bragol

reading the upper threads mukhang the others tried it na to no avail...

i read somewhere that its the bootloader that does the trick when it comes to 'talking' to the Tanager. So i think its the question of how to downgrade this bootloader that will unlock the mystery. nitpicking lang.

[Guest spv_dman]

Indeed the bootloader will be the key in replacing the ROM. But it seems the smart 1.6 won't allow it. The canary mode won't accept other bootloaders. In other ROMs bootloader, when you insert a card with a preloaded bootloader, it prompts whether you want it to be replaced. This ROM does not. Might be the only option is to hack the ROM.

Personally, I'm not for unlocking the SAP as this is really intended for a telecoms who've locked it in the first place. In this case SMART. They've invested on this project and on a management's perspective, this will turn to loses since other telcos will be earning from it through usages.

What I don't like with ROM lock though is SAP users lose the flexibility to manipulate and install the ROM of their choice. Take for example smart 1.5. It's been discovered that this is power hungry. So most of us replaced it with other ROMs like qtek, imate etc. Later it turned out that this third party ROMS are better than SMARTs.

Maybe in the future they may want to consider having the SAP locked but not depriving us the option to change the OS.

Someone in this forum already knows theoretically how to break the supposed unbreakable. Just wait. ;)

[Guest gpcarreon (MVP)]

..Someone in this forum already knows theoretically how to break the supposed unbreakable. Just wait.  ;)

hmmm :roll: sino kaya tong nilalang na to?

malamang promil kid cya...gifted child! o baka bonakid...batang may laban! hehe

[Guest rodnav]

@ pzee

KID? are we talking of the little boy with 2 warnings. you did say kid, right. hehe

peace

[Guest JDimeRolla10]

hmmm :roll: sino kaya tong nilalang na to?

malamang promil kid cya...gifted child! o baka bonakid...batang may laban! hehe

Umiinom daw ng United Merican Tiki Tiki...

Libre ko ng 1 beer makauna o...

[Guest gpcarreon (MVP)]

@rodnav

yung may 2 warnings? ahh si... cya ba yung nakaka alam na theoretically how to break the unbreakable?...indeed, a gifted child!

o sige, yung unang maka break ng unbreakable, bibigyan ko ng isang lata ng sustagen premium para lalo ma-boost mga neurons nya.... ;)

[Guest dewslat]

i wanna dare to unlock the damn bastard ROM!!! wheres the copy!!! try this wolfman... In USBterm, there are certain codes you have to enter just like on the 1.5, like password SMARTPHONEHTC to enable you to use the commands in USBTerm.. Why dont you try that!!

Parasites Rules!!!

EAT ME!!! ;)

[Guest rodnav]

nice one dewslat. maybe he'll try

at least may comic relief tayo dito.

the forum is more colorful with you around. welcome back.

[Guest grifter]

..Someone in this forum already knows theoretically how to break the supposed unbreakable. Just wait.  :lol:

Theory is different from actuality. ;)

The key here is to replace the 1.09 bootloader. If you find a way to do that, then you can do whatever you want with the SAP. :D

I'm guessing that in order to upgrade/change the 1.09 bootloader, there's some sort of password or code sequence to trigger bootloader changes.

I'm betting that the password/code sequence will be embedded in the new SMART1.6 ROM update when it is released to the public.

Now, if we could only trace the USB communications happening while the upgrading is in progress, we may find out the secret. :lol:

[Guest kintsay]

parang awa niyo na, gawan niyo na nang paraan.

:cry:

[Guest dewslat]

parang awa niyo na, gawan niyo na nang paraan.

:cry:

ey, dude, u new here? i presure u are... what ROM version u have?

I got this leek info from a friend i know who is from smart(im not telling). he said that there is really a code.. If i could only get a hold on those 1.6 ur telling. Bootloader is where you start everything, they cancelled the boot from disk.. this theory is the same when you order the bios to boot from C: and not from A:

Problem is, how to extract the password... Come on SMART!!

[Guest grifter]

@dewslat,

assuming you get the code, what will you do with it? How do you use it?

[Guest dewslat]

Ok... Here.. when i get the code.. i can use the USBTerm to replace the bootloader...

using the command

qfs 1 [Card to Bootloader]

But of course, you must need a bootloader from other users..

when you change the bootloader, then, you can downgrade it, unlock, etcs!!!

GETZ!!

I think the code is still

password SMARTPHONEHTC

cuz i dont think that the one who made the soft are local developers... just give it a try

[Guest ulo]

Here's what i found on bootloader 1.09, there's no qfs 1-9 only qfs 10-12.

qfs 10 - format card

qfs 11 - bootloader + CE+GSM > card

qfs 12 - card > bootloader+CE+GSM

It doesnt accept the command qfs1 which is card > bootloader

[Guest sonborj]

@rodnav

yung may 2 warnings? ahh si... cya ba yung nakaka alam na theoretically how to break the unbreakable?...indeed, a gifted child!

o sige, yung unang maka break ng unbreakable, bibigyan ko ng isang lata ng sustagen premium para lalo ma-boost mga neurons nya.... ;)

@pzee

i cant imagine kaSPAMyan ko pala si wonder kid... hehehe... gifted child nga siguro to. pero may problema to ... attention disorder something... peace wonderkid...

@ulo

hanep yan dre ah....can those commands do the downgrade?

[Guest rodnav]

@ulo

qfs 12,

maybe a card with bootloader, ROM and GSM would do the trick!

[Guest kintsay]

i actually acquired one recently only to find out na 1.09 ang bootloader. according to my expert compadre (who does the unlocking), no one has hacked thru the new versions of SPV OS nor with the bootloader 1.09.

Kaya parang awa niyo na, paganahin na na natin ito! :twisted:

[Guest grifter]

Ok... Here.. when i get the code.. i can use the USBTerm to replace the bootloader...

using the command 

qfs 1  [Card to Bootloader]But of course, you must need a bootloader from other users..

when you change the bootloader, then, you can downgrade it, unlock, etcs!!!

GETZ!!

I think the code is still

password SMARTPHONEHTC 

cuz i dont think that the one who made the soft are local developers... just give it a try

well, according to @ulo, there's no qfs 1 command in the new 1.09 bootloader. so no go.

[Guest Will]

if someone with 'decent' knowledge and winhex/sdcard reader has this actual version, please pm me, i'd like to try a couple of things.

Will

[Guest dewslat]

Where's the pics Will?

hmmm... "qfs 12", i dont thing that wont do.. the code is probably changed.. Will, how can we get the code...

damn it, i cant sleep!!! haunted by the 1.6 ROM :?

[Guest Will]

pic broken.. oops.

Thanks to all who pm'd me, as soon as I think/work out anything i'll report back! From the posts i've recieved all the 'obvious' tricks are already prooven wrong.

Beware modifying and playing with bootloaders can result in completely dead phones, so be care full out there!

I have no idea how to get the codes for the unlock, or if this is going to help, this is probably going to be an issue worldwide, so i'm sure someone will crack it..

It's hard to test stuff without the phone..

[Guest Will]

Some thoughts on what has been tried.

Loaded mmc with bootloader (.93)

Unable to copy direct from card to the phone on entering bootloader mode...

(does it try to copy/what error does it give)

Loaded mmc with bootloader+GSM+CE+IPSM

(does the bootloader detect the presence of the pboot, or just the other options?)

UPDATE Approach. (on Canary Screen)

-tried upgrading the SAP using QTek rom. Hangs on detecting my phone ROM version.

-tried upgrading the SAP using SAP 1.5 ROM, result: same as Qtek. it hangs.

-tried upgrading the SAP using SAP 1.38 ROM. it detects the phone. but when the upgrade starts i get an error thats says cannot copy rom image file.

USBterm Approach

-used the same MMC bootloader .93 backup tried qfs 12. error: Wrong media type.

-used the Full Backup(boot.93,+GSM+CE+IPSM) , error: Wrong media type.

UPDATE Approach (Smartphpone on Activesync)

- i tried Qtek, Eurotel, and SAP 1.5. hangs on detecting the phone model.

- i tried SAP 1.38 ROM, detects the phone, screen goes white then same error as above can't read from ROM image. ERROR 104. BAD- resulted in DEAD PHONE!!

Questions unanswered.

Can you copy the bootloader to a sdcard either in the bootloader or using usbterm.

If 1.7 rom is based on same improvements as the upcoming (we hope) Orange update, this has a new gsm stack...

[Guest mlkanapi]

@ will,

Do you believe there's a difference between using an MMC vs SD card when you copy the bootloader and use this to do what you plan?

I had a working 128Mb SD card with a 0.93 bootloader and complete COPY ALL option from a phone running Smart 1.37.Click here to see pictures. I had been using this to unlock my friends phones. I never recovered after I had tried Imate's upgrade and as I was trying to downgrade back to Smart 1.37, my phone went completely dead.

I just got my phone back after the motherboard was replaced and now I have a v1.09 bootloader and a 1.6.0.7 ROM.

I am a bit hesitant to do something to cause my phone to be a paperweight again

[Guest Arisme]

Could you check if the following USBTerm commands are successful (ie, output some gibberish on the screen) ? they are harmless :wink:

password SMARTPHONEHTC

rbmc x 0 0x20000

(modified as I forgot the x :oops:)