|
- UID
- 73330
- 诚信度
- 0
- 注册时间
- 2008-3-4
- 最后登录
- 2008-12-19
|
楼主
发表于 2008-5-20 21:33
| 只看该作者
radio 1.65.17.10 问题已经完全解决!
有人用此方法出现问题,请慎用,望楼主公布QQ号码,在线释疑。--jincr
xda原帖
http://forum.xda-developers.com/showthread.php?t=393337
May 19th, 2008
With my new and revolutionary tool "FrankenKaiser" you can now finally jailbreak your locked to "Radio from Hell" Kaiser
================================================== ====
DISCLAIMER: This method involves erasing SPL & OS and requires correct data entry by the user. I will not take any responsibility for any malfunctions and or damages caused by using this method and software.
================================================== ====
Pay attention: this method will only work on a Kaiser device with radio version 1.65.17.10 (check your radio version in the boot splash screen!)
Note that you can not use copy & paste with MTTY, you must type the data exactly as written in the steps below. If in a step it is said to type a command always type them without the quotes.
Note that during the entire procedure you should uncheck "Allow usb connections" in Activesync.
I have tested the method on my own Kaiser, which was security locked and had original 1.65.17.10 installed. I'm on WinXP btw. GSLEON3 also succesfully unbricked his Kaiser with FrankenKaiser which had radio 1.64.08.21 installed. That should give you some confidence
So read very carefully and apply following instructions:
0) download and unzip the attached files on your PC in a single directory.
It contains all needed to jailbreak or unbrick your device, such as MTTY 1.42, my revolutionary FrankenKaiser program, screenshots to accompany this readme, the appropriate drivers to connect to the radio bootloader ("Drivers MotoQ"), and two softload SPLs (SPL1.56-KAIS-unbricker.nb and sspl-0.92-jumpspl-force-usb.nb)
1) Enter tricolor bootloader and make absolutely sure you have a HardSPL installed (either "olipof" or "1.1.JockyW"). If not you must first install a HardSPL.
2) Connect with MTTY (USB) and type "rtask a" followed by Enter, then type "radata 90000000 1" followed by enter (Note that this is not echoed to screen!!)
Close MTTY and replug the USB cable. If you haven't installed them yet, your PC will now prompt you to install three drivers. Do a manual install of the MotoQ drivers. After the drivers are installed look them up in device manager and check which COM port is allocated to "Qualcomm diagnostics interface (COMxx)" => see screenshot "1. device manager search com.JPG" (on my PC it is COM4 but it may be anything else!).
3) Remove and reinsert battery and enter tricolor bootloader, and connect with MTTY (USB)
hit enter and when the Cmd> prompt is shown type "task 2a" (this erases SPL, OS and Splash, we used to call that a "hard brick") => see screenshot "2. mtty-tricolor - task 2a.JPG"
After power cycling, the device will now enter the radio bootloader called oemsbl. Utterly the phone will look dead and the display is black, but it is still possible to connect with MTTY using the COM port as found in step 2. I indicate that in the next steps with MTTY (COMn) => see screenshot "3. mtty-com-connect.JPG". Also note that you never have to redo steps 1-3 again.
4) Remove and reinsert battery, switch on and connect with MTTY (COMn). Type "setboot", if you are connected correctly the reply should be "ARM9BootMode:0". If you see nothing check in device manager if the drivers are loaded. If you got the reply to "setboot" you can type "radata 90000000 1" which will put the phone in a special "dload mode". Again note that, like in step 2, nothing is echoed to screen!!
Close MTTY.
5) Replug USB cable !!
6) Run FrankenKaiser in a DOS box: FrankenKaiser-V1.9517.exe /dev/com9 SPL1.56-KAIS-unbricker.nb
(note substitute /dev/com9 by the com port indicated by diag driver in device manager, e.g. /dev/com4 on my PC)
You should see:
Code:
=== FrankenKaiser Unbricker for HTC Kaiser (c)2008 by jockyw2001
=== Jailbreaker for the 'Radio from Hell 1.65.17.10'
=== Donations happily accepted, paypal to jocky_wilson@hotmail.com
=== ATTENTION: only use this particular version with Kaiser:
=== radio version R1.65.17.10 - oemsbl HTC_BOOT V1.9517
SPL file read
Just be patient while I'm working ...
7e 02 6a d3 7e
Replug USB cable now!
Connect with MTTY and follow instructions !!!If you don't see "7e 02 6a d3 7e" underneath the line "Just be patient while I'm working ...", you have either not replugged the usb cable, not installed the drivers correctly or type the wrong com port (/dev/comx) in the command line parameters.
=> see screenshot "4. dos box - frankenkaiser.JPG"
7) Run MTTY (COMn) and carefully enter following commands:
echo_on
setboot 1
=> see screenshot "5. mtty-echo_on setboot 1.JPG"
mb 9de8bc => dump HTC security area
mw 9de8bc 1 31313131 (replaces first half CID by SuperCID "1111")
mw 9de8c0 1 31313131 (replaces second half CID by SuperCID "1111")
mw 9de8e4 1 00000000 (Sets security flag to 0, sec unlocked)
mb 9de8bc => dump HTC security area again and check if CID and security flag are modified in memory
=> see screenshot "6. mtty-mb 9de8bc.JPG"
setinfo
powerdown
=> see screenshot "7. mtty- setinfo - powerdown.JPG"
Close MTTY
At this point your Kaiser is unjailed, security unlocked (and SIM unlocked) and SuperCID Now we need to prepare another run with FrankenKaiser to softload a SPL which will allow us to flash a HardSPL. In principle steps 1-7 need never to be done again.
8) Remove and reinsert battery, then press & hold the send button (the button with the green telephone) and then power on. Connect with MTTY (COMn) and this time enter "dload" to put phone in dload mode. If the phone is switched on correctly in that way, the green LED will be on. (GSLEON3 told me that with his Kaiser he must already press the send button before he reinserts the battery)
Close MTTY !!
9) Replug USB cable !!
10) Run FrankenKaiser in a DOS box: FrankenKaiser-V1.9517.exe /dev/com9 SPL1.56-KAIS-unbricker.nb
(note substitute /dev/com9 by the com port indicated by diag driver in device manager)
11) Run MTTY (COMn)
type "echo_on" (the reply in MTTY should be "ECHO ON MODE". if you see that it means you never have to perform steps 1-7 again. If you don't something went wrong in steps 1-7)
type "setboot 0" (the reply in MTTY should be "ARM9BootMode:0")
type "cego" => tri-color screen should be visible and the reply in MTTY should be "Boot CE manually..." followed on the next line by "Done."
=> see screenshot "8. mtty-setboot 0 - cego.JPG"
If after "cego" you don't see a tri-color bootloader screen, then unplug usb cable and unplug and reinsert battery and try steps 8-11 again.
If still no tri-color screen, then repeat again but this time in step 10 run FrankenKaiser with the other SPL "sspl-0.92-jumpspl-force-usb.nb".
Close MTTY
12) Replug USB cable and flash HardSPL
13) Remove and reinsert battery, enter tricolor bootloader and flash Splash
14) Remove and reinsert battery, enter tricolor bootloader and flash OS
15) Remove and reinsert battery, enter tricolor bootloader and flash Radio
This I hope shows the power of FrankenKaiser: it manages to unjail, security unlock, SIM unlock and superCID a device which is basically in a bricked state w/o the need to flash a patched radio. Look forward to other FrankenKaiser tools such as a fast SPL loader and radio dumper.
Special versions of FrankenKaiser will be released for the new HTC models Diamond and Raphael and more
大致翻译了一下,不是很准确,提供一个参考,以原文为准!
注意:这种模式仅适用于安装的1.65.17.10版本的radio的kaiser(可以在开启画面中看到你的radio版本)
需要注意的是,在使用MTTY时,不能使用复制和粘贴功能,你必须按照下面的步骤准确的键入,并且在相应步骤中输入下面步骤中的命令,但不要输入引号。
还要注意的是在进行操作时,你应在Activesync.中取消“允许usb连接”。
仔细阅读和遵循下面的介绍:
0) 下载附件并解压到你电脑的一个独立文件夹中,包含MTTY1.42,FrankenKaiser程序,截屏,连接radio bootloader的驱动,还有spl(SPL1.56-KAIS-unbricker.nb and sspl-0.92-jumpspl-force-usb.nb)
1) 进入三色屏,并且确认你已经刷了hardspl("olipof" or "1.1.JockyW"),如果没有的话,你首先要安装HardSPL
2) 连接MTTY(USB),并且键入“rtask a“,接着回车,然后键入"radata 90000000 1"并回车(这一步骤在屏幕上没有显示)
关闭MTTY,并且重新拔插USB连接线,如果你还没安装驱动,你的电脑将让你安装三个驱动,人工安装MotoQ驱动。之后,在设备管理器中管理和检测COM端口的分配情况,"Qualcomm diagnostics interface (COMxx)"(看截屏1. device manager search com.JPG),在我的电脑上是com4,但是也可以其他任意端口。
3) 重新安装电池并进入三色屏模式,用USB连接电脑,开启MTTY并回车,当看到Cmd>提示,键入"task 2a"(这会擦除SPL,OS和Splash,我们称“硬砖”?)看截图"2. mtty-tricolor - task 2a.JPG"
重启电源后,手机将进入被成为oemsbl 的radio bootloader模式,电话黑屏,但仍然能够通过在第二步建立的COM端口连接MTTY,可以看"3. mtty-com-connect.JPG".需要注意不要再重复1-3步!
移除并重新放入电池,开机并用(COMn)连接MTTY,键入"setboot",如果你连接正确,那么返回为"ARM9BootMode:0"。如果没有看到的话,检查设备管理器驱动是否调用。如果返回的是"setboot",你可以键入"radata 90000000 1",这样将使手机进入特别的l "dload "模式。再次强调的是,正如第二步一样,屏幕上也没有显示。
关闭 MTTY.
5)拔插USB连接线!!
6) 在DOS命令提示框中运行FrankenKaiser:FrankenKaiser-V1.9517.exe /dev/com9 SPL1.56-KAIS-unbricker.nb(需要注意的是参数/dev/com9,是驱动的端口,例如我的端口是/dev/com4)
你应该看到:
Code:
=== FrankenKaiser Unbricker for HTC Kaiser (c)2008 by jockyw2001
=== Jailbreaker for the 'Radio from Hell 1.65.17.10'
=== Donations happily accepted, paypal to jocky_wilson@hotmail.com
=== ATTENTION: only use this particular version with Kaiser:
=== radio version R1.65.17.10 - oemsbl HTC_BOOT V1.9517
SPL file read
Just be patient while I'm working ...
7e 02 6a d3 7e
Replug USB cable now!
Connect with MTTY and follow instructions !!!
如果你在"Just be patient while I'm working ..."下面不能看到"7e 02 6a d3 7e",你或者没有重新拔插usb连接线,或者没正确安装驱动,或者输入错误的端口号(/dev/comx),参考截屏"4. dos box - frankenkaiser.JPG"
7) 运行MTTY (COMn),并准确输入下面的命令
echo_on
setboot 1
看截屏"5. mtty-echo_on setboot 1.JPG"
mb 9de8bc (转存HTC security area)
mw 9de8bc 1 31313131 (用SuperCID "1111"替代first half CID)
mw 9de8c0 1 31313131 (用SuperCID "1111"替代 second half CID)
mw 9de8e4 1 00000000 (设置安全标记为0,再次解锁)
mb 9de8bc (再次转存dump HTC security area 并检测内存中的CID 和安全标记)
看截屏 "6. mtty-mb 9de8bc.JPG"
setinfo
powerdown
看截屏 "7. mtty- setinfo - powerdown.JPG"
关闭MTTY
这时你的kaiser是SIM unlockedand SuperCID,现在我们需要准备运行FrankenKaise来启动一个SPL,这个SPL运行刷 HardSPL.,原则上1-7步,永远不要再次运行。
8) 移除并再次安装电池,然后按住第二键(绿色电话按键)然后打开电源,通过(COMn)连接MTTY,这次进入"dload"模式,并将电话置入dload模式中。如果电话正确打开,那么将亮起绿色的LED灯(GSLEON3告诉我他的kaiser必须在重新装入电池前按第二键)
关闭MTTY!!
9)重新拔插USB连接线!!
10)在DOS命令提示框中运行FrankenKaiser:FrankenKaiser-V1.9517.exe /dev/com9 SPL1.56-KAIS-unbricker.nb
(注意参数/dev/com9,是由设备管理器中驱动分配的端口)
11) 通过COMn运行MTTY
键入"echo_on"(MTTY应该返回"ECHO ON MODE",如果你能看到这个,意味着你不必执行第1到7步,否则,则在第一到第七步中出错)
键入 "setboot 0" (屏幕显示"ARM9BootMode:0")
键入 "cego" (三色屏应该能看到了,而且在MTTY中应该显示"Boot CE manually..."在最后一行显示为“Done”)
看截屏 "8. mtty-setboot 0 - cego.JPG"
If still no tri-color screen, then repeat again but this time in step 10 run FrankenKaiser with the other SPL "sspl-0.92-jumpspl-force-usb.nb".
如果在键入"cego"后,你不能看到三色屏,那么重新拔插USB连接线和重新安装电池,再次重复8-11步。
如果仍然没有三色屏,那么再次重复但是这次在第10步运行FrankenKaiser和另一个 SPL "sspl-0.92-jumpspl-force-usb.nb"
关闭MTTY
12) 拔插USB连接线,刷HardSPL
13) 移除并再装入电池,进入三色屏启动并刷Splash
14) 移除并再装入电池,进入三色屏启动并刷OS
15) 移除并再装入电池进入三色屏启动并刷Radio
[ 本帖最后由 jincr 于 2008-5-21 07:30 编辑 ] |
附件: 您所在的用户组无法下载或查看附件
-
1
评分次数
-
|
发表于 2008-5-20 21:36
| 
