+ Reply to Thread
Page 1 of 11 1 2 3 4 5 ... LastLast
Results 1 to 20 of 220
  1. #1
    n00b alquimista's Avatar
    Join Date
    03-05-2008
    Location
    CA
    Posts
    130

    Post SCH-i760 ROM R&D

    I've been really digging deep into my i760 lately. Here's what I have so far for R&D on the i760 ROM.

    I. Working Dial Codes:
    Service Mode:
    1. dial **772
    2. then enter 000000 at the prompt
    Debug Mode:
    1. !!From the touch keypad!! dial **33284
    2. then enter 000000 at the prompt
    II. Opened the BOOT.RGU and found out the partitions and well just look:
    Code:
    [HKEY_LOCAL_MACHINE\System\StorageManager\IMGFS]
    "FriendlyName"="Image-Update Filesystem"
    "Dll"="imgfs.dll"
    "Paging"=dword:1
    "ShadowROM"=dword:1
    [HKEY_LOCAL_MACHINE\System\ImageUpdate\UpdateApp]
    "InputFileName"="UAInput.000"
    "OutputFileName"="UAOutput.000"
    "PersistentRoot"="\\OSRoot"
    "PersistentTempName"="UATemp"
    "RAMTempDir"="\\UATemp"
    "DisplayDLL"="uldrui.dll"
    "ValidatorLogPath"="\\Release\\UpdateValidator.log"
    "UpdateAppLogPath"="\\OSRoot\\UpdateApp.log"
    "UpdateSettingsDir"="IUSettingsBackup"
    [HKEY_LOCAL_MACHINE\System\StorageManager\MSPART]
    "Dll"="mspart.dll"
    [HKEY_LOCAL_MACHINE\System\StorageManager\Profiles]
    "AutoMount"=dword:1
    "AutoPart"=dword:0
    "AutoFormat"=dword:0
    "MountFlags"=dword:0
    "DefaultFileSystem"=""
    "PartitionDriverName"="MSPART"
    "Folder"="Mounted Volume"
    [HKEY_LOCAL_MACHINE\System\StorageManager\PartitionTable]
    "01"="FATFS"
    "04"="FATFS"
    "06"="FATFS"
    "07"="NTFS"
    "0B"="FATFS"
    "0C"="FATFS"
    "0E"="FATFS"
    "0F"="FATFS"
    "20"="BOOT"
    "21"="BINFS"
    "22"="RAWFS"
    "23"="RAWFS"
    "25"="IMGFS"
    "26"="BINARY"
    [HKEY_LOCAL_MACHINE\System\StorageManager\Profiles\MSFlash]
    "PartitionDriver"="mspart.dll"
    "MountAsROM"=dword:1
    "MountHidden"=dword:1
    "Folder"="Flash Disk"
    "Name"="FLASH Disk Block Device"
    Notes:
    Here's what I think. The partitions at 21 and 25 seem to contain the files we are looking for, the ROM files. It seemed important that the drivers be noted as well "mspart.dll" and "imgfs.dll".

    III. Tools
    I aggregated all the files that the XDA hacker known as "itsme" uses to grab rom files and or just work with a PPC via the cmd prompt. In total its about 2Mb so I had to use megashare:
    http://www.MegaShare.com/388243
    All the latest versions of the itsutils are in there, including the seperate dumprom executable. I copied all the usage info into an rtf file titled "readme". DO NOT ATTEMPT USING ANY OF THESE FILES IF YOU HAVE NO CLUE WHAT YOU ARE DOING. SRSLY: I probably shouldn't be messing with this stuff, but I just can't help myself

    IV. What I Need Now:
    Now what I need to do is application unlock the phone. That way I can use romdump to see if my thoughts are correct. All the methods I found while scouring the net haven't worked for me.... yet.

    V. HELP?
    Any ideas? Experience? Apps? Anything? All help, comments, crit, knowledge, etc. is welcome.

    Me go sleepy time now. Kthnxbye
    Last edited by alquimista; 04-08-2008 at 11:33 AM.
    I wouldn't say I've been missing it Bob.

  2. #2
    Theme Builder JASTECH's Avatar
    Join Date
    04-02-2008
    Location
    Earth
    Posts
    604
    alquimista, Good Job! This is a start, and from here we can only move forward. I will keep digging on my end. Thanks, JASTECH
    CM Stacker832/GA-X38-DQ6/Q6600/G.Skill 4GB(2x2GB) DDR2 1000 Dual Kit/EVGA 8800 GTS
    2xSamsung SH-S203B/Zalman ZM-MFC2 <--"For Sale or trade"/HIPER HPU-4B580-MS
    Microsoft VISTA Ultimate 64bit/Ubuntu 7.10/Kaspersky Internet Security (8.346)Beta Tester

  3. #3
    Registered User
    Join Date
    07-21-2005
    Posts
    44
    Quote Originally Posted by alquimista View Post
    Now what I need to do is application unlock the phone.
    I was able to application unlock my phone using the instructions on xda-developers (I don't recall which ones) and succesfully used the ImgsTools to dump both the xip and rom portions of the phone. Is there a particular file you were looking for?

    If you want to make your life easier and avoid editing the registry settings, you should be able to remove all security settings using the gui provided by microsoft. DO NOT USE THIS TOOL IF YOU DON'T KNOW WHAT YOU ARE DOING; YOUR WILL CAUSE YOUR PHONE TO STOP FUNCTIONING! FYI, I found out the hard way that, although you can backup the security settings on your phone, there is no way to restore them. Since the samsung root certs are not part of the tool's development profiles, your phone will no longer want to run its own drivers.... (oops!)

    P.S. If you want info on rom cooking for other samsung phones, check out Samsung i607 Blackjack ROM cooking (Applies to i600 and other Samsung phones) - xda-developers and Samsung i718 (i710, i718+) ROM Kitchen - xda-developers .
    Last edited by whirlwind; 04-07-2008 at 11:07 PM.

  4. #4
    n00b alquimista's Avatar
    Join Date
    03-05-2008
    Location
    CA
    Posts
    130
    Quote Originally Posted by whirlwind View Post
    Is there a particular file you were looking for?
    To start, thanks. The WMsec Power Toy is sweeeeet!!!

    To answer your question... I guess the short answer would be, I want whatever files I need to set my i760 free.

    Now a question for you, I have aquired two versions of the Samsung's official "Product Support Tool" or PST. From what I can tell, this is something that is normally available to vendors (like VZW stores etc). There's alot of stuff included. Would this be helpful in rocovering root certs? :

    Also, I don't want to cross any legal lines here in PDAphonehome so let me know if I am pooping in mrailing's backyard. Basically, what files can I NOT post in this forum?

    I'll try to app unlock my phone tomorrow. Time for sleepy.
    I wouldn't say I've been missing it Bob.

  5. #5
    Too much travel Bugwart's Avatar
    Join Date
    01-05-2004
    Location
    Asan, Korea
    Posts
    183
    Great post.

    One correction:
    Debug mode is **33284 (at least on my i760)

  6. #6
    Apple Member mynticelx's Avatar
    Join Date
    02-12-2004
    Posts
    125
    I am in full support - but other than that, I can't offer much

  7. #7
    n00b alquimista's Avatar
    Join Date
    03-05-2008
    Location
    CA
    Posts
    130
    Quote Originally Posted by Bugwart View Post
    Great post.

    One correction:
    Debug mode is **33284 (at least on my i760)
    Bugwort, thanks for catching that. It would so totally suck if there were people out there dialing the wrong stuff and then getting frustrated with me.It actually spells DEBUG kewl :o)@Mynticelx - Thanks for the support. SRSLY, It's always good to know that someone is reading and supports one's efforts. THX!!!@Whirlwind - I rand the povisioning tool from thw WM security pwr toys. I set it to "security off". This seems to allow me to install unsigned apps. As long as I connect to activesync as "guest" I can be very hacktastical now.tnx & more to come...
    I wouldn't say I've been missing it Bob.

  8. #8
    Registered User
    Join Date
    07-21-2005
    Posts
    44
    Quote Originally Posted by alquimista View Post
    Now a question for you, I have aquired two versions of the Samsung's official "Product Support Tool" or PST. From what I can tell, this is something that is normally available to vendors (like VZW stores etc). There's alot of stuff included. Would this be helpful in rocovering root certs? :

    While you could probably reinstall the root certs from the ROM, I didn't try to figure out how as I just hard reset my phone and the certs came back

    As for the PST tool, do you have files specific to the i760? I have SamsungPSTLite (version 1.0.002) from the good ol' i730 days, but I haven't been able to get it to work with my i760 yet because a) I don't have the necessary i760 dll and b) my attempts to modify the i730 dll to make it work have failed (not that I have spent too much time on it). If you have any information on how to get the PST tool working with our phones, I would be very interested!

    Whirlwind

  9. #9
    n00b alquimista's Avatar
    Join Date
    03-05-2008
    Location
    CA
    Posts
    130
    Quote Originally Posted by whirlwind View Post
    As for the PST tool, do you have files specific to the i760? I have SamsungPSTLite (version 1.0.002) from the good ol' i730 days, but I haven't been able to get it to work with my i760 yet because a) I don't have the necessary i760 dll and b) my attempts to modify the i730 dll to make it work have failed (not that I have spent too much time on it). If you have any information on how to get the PST tool working with our phones, I would be very interested!

    Whirlwind
    I've collected a few different versions of PST. I haven't had time to really play with any yet. I'll se what I can do tonight, then repot back.
    I wouldn't say I've been missing it Bob.

  10. #10
    Theme Builder JASTECH's Avatar
    Join Date
    04-02-2008
    Location
    Earth
    Posts
    604
    "I've collected a few different versions of PST. I haven't had time to really play with any yet. I'll se what I can do tonight, then repot back."

    Is that any different then "reskillet" back? Just asking
    CM Stacker832/GA-X38-DQ6/Q6600/G.Skill 4GB(2x2GB) DDR2 1000 Dual Kit/EVGA 8800 GTS
    2xSamsung SH-S203B/Zalman ZM-MFC2 <--"For Sale or trade"/HIPER HPU-4B580-MS
    Microsoft VISTA Ultimate 64bit/Ubuntu 7.10/Kaspersky Internet Security (8.346)Beta Tester

  11. #11
    n00b alquimista's Avatar
    Join Date
    03-05-2008
    Location
    CA
    Posts
    130

    Red face

    Quote Originally Posted by JASTECH View Post
    &quot;I've collected a few different versions of PST. I haven't had time to really play with any yet. I'll se what I can do tonight, then repot back.&quot;

    Is that any different then &quot;reskillet&quot; back? Just asking
    Huh? What's "reskillit"?
    Anyway, none of the versions of samsungs PST, that I have found, include the i760 .dll. So no luck there. I did find a little app that shows all the function calls in a DLL. Maybe I ca use that to compare all the PST device specific dll files and then reverse engineer one for the i760. BTW - No luck so far combing the net for the i760 dll ... yet.
    Here's a littl list of stuff that I was able to do with the tools I have.
    I used **33284 to set the phone to DM instead of HK and then used the control panel to set the data connection to "modem through USB". My PC recognized the i760 as a samsung modem and installed 2 drivers and failed to install a third driver that showed up as "unknown". I have no clue what this is supposed to do, but it pretty much worked. I think this may be one of the functions that the PST app does with greater ease so you can have a data connection directly to the i760's shadow ROM.
    I was able to use "itsme"s cmd tools to map the memory on the phone (including all partitions). I grabbed the driver for the i760's keyboard. Hopefully I can use it to make a NES emu work better with button mapping.
    So basically I have accomplished nothing of note, but I'm digging and learning.
    I'm going to see how far down the rabbit hole I cand get before I brick my phone.
    I wouldn't say I've been missing it Bob.

  12. #12
    Registered User
    Join Date
    01-13-2006
    Location
    New Jersey
    Posts
    1,525
    Quote Originally Posted by alquimista View Post
    I've been really digging deep into my i760 lately. Here's what I have so far for R&D on the i760 ROM.

    I. Working Dial Codes:
    Service Mode:
    1. dial **772
    2. then enter 000000 at the prompt
    Debug Mode:
    1. !!From the touch keypad!! dial **33284
    2. then enter 000000 at the prompt
    II. Opened the BOOT.RGU and found out the partitions and well just look:
    Code:
    [HKEY_LOCAL_MACHINE\System\StorageManager\IMGFS]
    &quot;FriendlyName&quot;=&quot;Image-Update Filesystem&quot;
    &quot;Dll&quot;=&quot;imgfs.dll&quot;
    &quot;Paging&quot;=dword:1
    &quot;ShadowROM&quot;=dword:1
    [HKEY_LOCAL_MACHINE\System\ImageUpdate\UpdateApp]
    &quot;InputFileName&quot;=&quot;UAInput.000&quot;
    &quot;OutputFileName&quot;=&quot;UAOutput.000&quot;
    &quot;PersistentRoot&quot;=&quot;\\OSRoot&quot;
    &quot;PersistentTempName&quot;=&quot;UATemp&quot;
    &quot;RAMTempDir&quot;=&quot;\\UATemp&quot;
    &quot;DisplayDLL&quot;=&quot;uldrui.dll&quot;
    &quot;ValidatorLogPath&quot;=&quot;\\Release\\UpdateValidator.log&quot;
    &quot;UpdateAppLogPath&quot;=&quot;\\OSRoot\\UpdateApp.log&quot;
    &quot;UpdateSettingsDir&quot;=&quot;IUSettingsBackup&quot;
    [HKEY_LOCAL_MACHINE\System\StorageManager\MSPART]
    &quot;Dll&quot;=&quot;mspart.dll&quot;
    [HKEY_LOCAL_MACHINE\System\StorageManager\Profiles]
    &quot;AutoMount&quot;=dword:1
    &quot;AutoPart&quot;=dword:0
    &quot;AutoFormat&quot;=dword:0
    &quot;MountFlags&quot;=dword:0
    &quot;DefaultFileSystem&quot;=&quot;&quot;
    &quot;PartitionDriverName&quot;=&quot;MSPART&quot;
    &quot;Folder&quot;=&quot;Mounted Volume&quot;
    [HKEY_LOCAL_MACHINE\System\StorageManager\PartitionTable]
    &quot;01&quot;=&quot;FATFS&quot;
    &quot;04&quot;=&quot;FATFS&quot;
    &quot;06&quot;=&quot;FATFS&quot;
    &quot;07&quot;=&quot;NTFS&quot;
    &quot;0B&quot;=&quot;FATFS&quot;
    &quot;0C&quot;=&quot;FATFS&quot;
    &quot;0E&quot;=&quot;FATFS&quot;
    &quot;0F&quot;=&quot;FATFS&quot;
    &quot;20&quot;=&quot;BOOT&quot;
    &quot;21&quot;=&quot;BINFS&quot;
    &quot;22&quot;=&quot;RAWFS&quot;
    &quot;23&quot;=&quot;RAWFS&quot;
    &quot;25&quot;=&quot;IMGFS&quot;
    &quot;26&quot;=&quot;BINARY&quot;
    [HKEY_LOCAL_MACHINE\System\StorageManager\Profiles\MSFlash]
    &quot;PartitionDriver&quot;=&quot;mspart.dll&quot;
    &quot;MountAsROM&quot;=dword:1
    &quot;MountHidden&quot;=dword:1
    &quot;Folder&quot;=&quot;Flash Disk&quot;
    &quot;Name&quot;=&quot;FLASH Disk Block Device&quot;
    Notes:
    Here's what I think. The partitions at 21 and 25 seem to contain the files we are looking for, the ROM files. It seemed important that the drivers be noted as well &quot;mspart.dll&quot; and &quot;imgfs.dll&quot;.

    III. Tools
    I aggregated all the files that the XDA hacker known as &quot;itsme&quot; uses to grab rom files and or just work with a PPC via the cmd prompt. In total its about 2Mb so I had to use megashare:
    MegaShare.com Free Webhosting
    All the latest versions of the itsutils are in there, including the seperate dumprom executable. I copied all the usage info into an rtf file titled &quot;readme&quot;. DO NOT ATTEMPT USING ANY OF THESE FILES IF YOU HAVE NO CLUE WHAT YOU ARE DOING. SRSLY: I probably shouldn't be messing with this stuff, but I just can't help myself

    IV. What I Need Now:
    Now what I need to do is application unlock the phone. That way I can use romdump to see if my thoughts are correct. All the methods I found while scouring the net haven't worked for me.... yet.

    V. HELP?
    Any ideas? Experience? Apps? Anything? All help, comments, crit, knowledge, etc. is welcome.

    Me go sleepy time now. Kthnxbye

    By BOOT do you mean the Bootloader section? If so how do you know that is it?
    Make some nice money from home:
    http://www.tvtravelbiz.com/ds9916

  13. #13
    n00b alquimista's Avatar
    Join Date
    03-05-2008
    Location
    CA
    Posts
    130

    Question boot.rgu

    Quote Originally Posted by Dominick_7 View Post
    By BOOT do you mean the Bootloader section? If so how do you know that is it?
    To be honest, I don't know. Its a registry file that seems to only pertain to booting the phone and its placed in the universal windows folder. I could only see it when I changed my security settings using the WM5 Security Power Toy. The main reason I think so, is because its literally called "boot.rgu". An .rgu file is a set of registry entries, the name "boot" points to the idea that these reg entries are only used when "booting" the machine. I don't think it's for a hard reset, just for a regular old soft reset. Although, it could be the reverse. I really don't know for sure.

    Lots of files started appearing once I started changing security settings on my i760, there were some in the registry (via PHM reg edit) and some with various desktop tools.

    Anyhew, Why do you ask? Does this make it important?

    Any knowledge or advice would be much appreciated here. Right now, I feel like a blind man at an orgy, I have to feel my way through.
    I wouldn't say I've been missing it Bob.

  14. #14
    Theme Builder JASTECH's Avatar
    Join Date
    04-02-2008
    Location
    Earth
    Posts
    604
    alquimista, I was being funny for only a moment. You stated that you would "repot" instead if "Repost" so I was being funny I thought when I chose "reskillet"....repot"...Get it? I thought it would go with the "Kitchen" when it's time to "cook" a ROM...Ok, it's just me I guess
    CM Stacker832/GA-X38-DQ6/Q6600/G.Skill 4GB(2x2GB) DDR2 1000 Dual Kit/EVGA 8800 GTS
    2xSamsung SH-S203B/Zalman ZM-MFC2 <--"For Sale or trade"/HIPER HPU-4B580-MS
    Microsoft VISTA Ultimate 64bit/Ubuntu 7.10/Kaspersky Internet Security (8.346)Beta Tester

  15. #15
    n00b alquimista's Avatar
    Join Date
    03-05-2008
    Location
    CA
    Posts
    130
    Quote Originally Posted by JASTECH View Post
    alquimista, I was being funny for only a moment. You stated that you would "repot" instead if "Repost" so I was being funny I thought when I chose "reskillet"....repot"...Get it? I thought it would go with the "Kitchen" when it's time to "cook" a ROM...Ok, it's just me I guess
    Man am I dense. Sorry I didn't catch that reference.

    I am usually digging into my i760 on borrowed time, so I post from my i760 when I have a spare moment. Obviously, I need to brush up on my skillz with teh slide out qwerty keyboard.

    NOTE: I am working on importing some reg keys and values from my MotoQ so that we can have regular profiles to select from. I'll let you know how it goes.

    L8s
    I wouldn't say I've been missing it Bob.

  16. #16
    Theme Builder JASTECH's Avatar
    Join Date
    04-02-2008
    Location
    Earth
    Posts
    604
    Sounds good, I will keep checking this thread and the net to find out what I can.
    CM Stacker832/GA-X38-DQ6/Q6600/G.Skill 4GB(2x2GB) DDR2 1000 Dual Kit/EVGA 8800 GTS
    2xSamsung SH-S203B/Zalman ZM-MFC2 <--"For Sale or trade"/HIPER HPU-4B580-MS
    Microsoft VISTA Ultimate 64bit/Ubuntu 7.10/Kaspersky Internet Security (8.346)Beta Tester

  17. #17
    Registered User
    Join Date
    07-18-2007
    Posts
    453
    Quote Originally Posted by JASTECH View Post
    alquimista, I was being funny for only a moment. You stated that you would "repot" instead if "Repost" so I was being funny I thought when I chose "reskillet"....repot"...Get it? I thought it would go with the "Kitchen" when it's time to "cook" a ROM...Ok, it's just me I guess
    One man's pot is another man's saucepan.

  18. #18
    Registered User
    Join Date
    10-29-2004
    Location
    PA
    Posts
    165

    Bat signal

    Isn't there a batphone we could use to call Superdave and get the DLL?

  19. #19
    n00b alquimista's Avatar
    Join Date
    03-05-2008
    Location
    CA
    Posts
    130
    Superdave is probably an official member of the JLA. We could bypass the batphone and call them directly. Anyone got the JLA number handy? Are they in the verizon network?

    NOTE: I imported the profile registry settingsfrom my MotoQ, but it doesn't do jack squat cause of WM6 and its fancy pants applet driven control panel. There are freeware apps out there that do create profiles, but none of them work quite right. I would most likely hav to rewrite the volume control menu that pops up when you use the volume up/down hardware buttons so that it included profiles and the speaker setting as well. I think I'm gonna pass on that till I can assuredly back up the i760 ROM.

    L8s

  20. #20
    "...please try your call again..." crouton976's Avatar
    Join Date
    03-06-2007
    Posts
    56
    alquimista, I think your parents are lying to you.... you may very well be the love child of Superdave, who in his awesometasticness decided that it would be better for you not to know your father, so you would have a curious mind from the start. Let's just hope the 2 of you don't meet one day, each weilding a light-saber

    Seriously, I don't have much to offer other than support at this point... mainly because I'm too busy buying a house, raising a newborn baby and trying to learn Linux all at the same time.... how do I do it you ask?? :red bull:



    keep it up!!!
    Those who dream by day are cognizant of many things which escape those who dream only by night.
    - Edgar Allan Poe

+ Reply to Thread
Page 1 of 11 1 2 3 4 5 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts