RIFF JTAG – HTC Desire CDMA Supported

Posted on October 24, 2011 by admin

24.10.2011 HTC Desire CDMA Supported

Resurrecting HTC Desire CDMA is easy. Phone is auto powered on with USB Data Cable connected to the PC. Battery presence is not required; connection can be established with detached board.
In case you have no USB cable near, make sure battery is charged enough and hold Power On button during initiation of JTAG connection.
Resurrector will reflash radio’s boot zone and will re-write PDA’s SPL to 1.60.0000 version. Additionally to SPL and Radio zones, the zone which contains Model ID is re-flashed too. Thus after resurrection phone will have Model ID = ‘PP9940000’.
Additionally, you can check ‘Repair RECOVERY zones’ to reflash android BOOT and RECOVERY code.

To resurrect HTC Desire CDMA:

Solder JTAG cable to HTC Desire CDMA JTAG pads;
Insert USB Data cable into board and PC;
Make sure HTC Desire CDMA is selected in the list of models;
If you use battery, press Power On key;
Click Resurrect button;
Wait till software signals a successful operation completion;
Disconnect power supply, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally, you can flash it using known flashing methods.

To enter download mode:

Disconnect PC cable;
Insert battery;
Hold ‘Back’ key and press ‘Power ON’ button.

RIFF JTAG – HTC Supersonic (EVO 4G) Unbrick, Unlock, IMEI, CID, ModelID repair supported

Posted on October 24, 2011 by admin

24.10.2011 HTC Supersonic (EVO 4G) Unbrick, Unlock, IMEI, CID, ModelID repair supported

Resurrecting HTC Supersonic (EVO 4G) is easy. Phone is auto powered on with USB Data Cable connected to the PC. Battery presence is not required; connection can be established with detached board.
In case you have no USB cable near, make sure battery is charged enough and hold Power On button during initiation of JTAG connection.
Resurrector will reflash radio’s boot zone and will re-write PDA’s SPL to 2.16.0001 version. Additionally to SPL and Radio zones, the zone which contains Model ID is re-flashed too. Thus after resurrection phone will have Model ID = ‘PC3610000’.
Additionally, you can check ‘Repair RECOVERY zones’ to reflash android BOOT and RECOVERY code. If selected, then ClockworkMod Recovery v5.0.2.2 will be flashed. Using this recovery you will be able to install zip files from the SD Card, for example you will be able to acquire ROOT rights by installing su-2.3.6.3-efgh-signed.zip file.

To resurrect HTC Supersonic:

Solder JTAG cable to HTC Supersonic JTAG pads;
Insert USB Data cable into board and PC;
Make sure HTC Supersonic is selected in the list of models;
If you use battery, press Power On key;
Click Resurrect button;
Wait till software signals a successful operation completion;
Disconnect power supply, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally, you can flash it using known flashing methods.

To enter download mode:

Disconnect PC cable;
Insert battery;
Hold ‘Volume Down’ key and press ‘Power ON’ button.

RIFF JTAG – Samsung i520 PDA and Modem parts supported

Posted on October 24, 2011 by admin

24.10.2011 Samsung i520 PDA and Modem parts supported

The Samsung i520 has PDA and Modem modules. The PDA Module is based on the OMAP2430 Processor, and Modem Module is based on the MSM6275 Processor. Both modules are working independently and thus firmware (boot zones) may be damaged either in one of them or in both.
Please note, if alive PDA Module always stays at splash screen upon power up then firmware of the Modem Module is damaged.
Charged battery is required for successful JTAG connection. Do not use an external power supply.

To resurrect Samsung i520 PDA Module please do:

Solder JTAG cable to the Samsung i520 PDA pads;
Insert battery;
Make sure Samsung i520 is selected in the list of models,
Click Resurrect button;
Press ‘Power ON’ key;
Wait till software signals a successful operation completion;
Disconnect USB cable, de-solder JTAG wires;

Below are the steps which we do ourselves to resurrect a dead i550 modem:

Solder two JTAG cables to PDA and Qualcomm pads;
Connect USB data cable to phone and PC;
Insert battery. LCD shows Samsung logo;
Make sure Samsung i550 Modem is selected in the list of models, then click Resurrect button. The resurrection module will ask first to attach RIFF JTAG connector to PDA JTAG;
Step finished successfully, now the module asks to attach RIFF JTAG connector to MSM (modem) JTAG;
Resurrection sequence started, modem is being flashed;
Software signaled a successful operation completion;
Remove battery and put it back again;
Now phone starts booting, no more permanent Samsung logo.
De-solder JTAG wires.

Now phone is in bootable condition, that is, even if it does not start up normally, you can flash it using original Samsung downloader software to restore it to the working state.

To different download modes:

Disconnect PC cable and insert battery;
Hold both ‘1’ and ‘4’ keys and press ‘Power ON’ button: do not release keys until phone will enter PDA Download Mode.
Hold both ‘4 and ‘7’ keys and press ‘Power ON’ button: do not release keys until phone will enter All Download Mode.
Hold both ‘7 and ‘*’ keys and press ‘Power ON’ button: do not release keys until phone will enter Modem Download Mode.

For firmware re-flash we used Apollo 2.80 software – the original Samsung Apollo flasher. Please note, if modem part is damaged you will need to use Modem Module resurrector before starting all firmware reflash.

RIFF JTAG – Samsung Corby II – S3850 supported

Posted on October 24, 2011 by admin

24.10.2011 Samsung Corby II – S3850 supported

Samsung S3850 resurrection is simple. Battery is not required. To power the board it’s most convenient to use an USB Data Cable.
In orger to contact to JTAG pads you may need to carefully scratch off paint covering (mask layer) above them.

To resurrect Samsung S3850 do this:

Solder JTAG cable to Samsung S3850 JTAG pads;
Insert battery and connect USB cable to phone and PC;
Make sure Samsung S3850 is selected in the list of models
Click Resurrect button;
Wait few seconds until software signals a successful operation completion;
Disconnect USB cable, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally, you can flash it using original Samsung downloader software to restore it to the working state.

To enter download mode:

Disconnect PC cable;
Insert battery;
Hold both ‘Volume Up’ and ‘Call’ keys and press Power-On.

RIFF JTAG – Samsung Z500 supported !

Posted on October 19, 2011 by admin

19.10.2011 RIFF JTAG – Samsung Z500 supported !

Resurrection of Samsung Z500 requires battery or external power supply (we didn’t test whether phone is powered on using only a USB cable). You can use RIFF BOX’s 4.2V output for power (requires 1.16 firmware version or later and the 4.2V Output feature enabled in the JTAG Manager).

To resurrect Samsung Z500:

Solder JTAG cable to Samsung Z500 JTAG pads;
Insert battery (or connect external power supply to the battery pads);
Make sure Samsung Z500 is selected in the list of models;
Click Resurrect button;
Press Power-On key shortly;
Wait till software signals a successful operation completion;
Disconnect power supply, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally, you can flash it using known flashing methods.

To enter download mode:

Disconnect PC cable;
Insert battery;
Hold ‘9’ key and press ‘Power ON’ button. In few seconds you should see light-blue screen.

RIFF JTAG – HTC Desire Z (HTC Vision) Unbrick, Unlock, IMEI&CID repair supported

Posted on October 12, 2011 by admin

12.10.2011 HTC Desire Z (HTC Vision) Unbrick, Unlock, IMEI&CID repair supported

Resurrecting HTC Desire Z is easy. Phone is auto powered on with USB Data Cable connected to the PC while battery is connected.
Some (or all) revisions of HTC Desire Z boards have JTAG interface disabled (that is enable MARM JTAG Fuse is blown in the MSM7230 chip). In this case the JTAG may be enabled only by firmware itself. This is done by the FSBL loader, so writing to FSBL area is artificially disabled in the DCC Loader code. DCC Loader will discard all flashing attempts into FSBL zone and will respond with success code as if flashing succeeded. In this way FSBL zone is protected while user still can flash full image files seamlessly.

Resurrector will reflash radio’s boot zone (except FSBL area) and will re-write one of selected PDA’s SPL versions (0.76.2000 or 0.85.0005). Additionally to SPL and Radio zones, the zone which contains Model ID is re-flashed too. Thus after resurrection phone will have Model ID = ‘PC1010000’.
There is option to reflash BOOT and RECOVERY zones.

Please note, if your phone has the FSBL loader damaged and MCU has JTAG FUSE blown then there is no way to resurrect your phone via JTAG interface.

To resurrect HTC Desire Z:

Solder JTAG cable to HTC Desire Z JTAG pads;
Insert batter and connect USB Data cable;
Make sure HTC Desire Z is selected in the list of models;
If you use only battery, press Power On key;
Click Resurrect button;
Wait till software signals a successful operation completion;
Disconnect power supply, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally you can flash it using known flashing methods.

To enter download mode:

Disconnect PC cable;
Insert battery;
Hold ‘Volume Down’ key and press ‘Power ON’ button.

RIFF JTAG -Samsung Galaxy II, OMAP4430 version supported (Samsung i9100G, Samsung i9108)

Posted on October 7, 2011 by admin

07.10.2011 Samsung Galaxy II, OMAP4430 version supported (Samsung i9100G, Samsung i9108)

Samsung I9108 is based on the OMAP4430 Processor (Cortex-A9 Dual-Core). JTAG pads are very small; professional experience in soldering is required to connect wires to the JTAG interface. There is a big variety of versions of Galaxy II devices: GT-I9100, GT-I9100G, GT-I9100L, GT-I9100M, GT-I9100T, GT-I9101, GT-I9103, GT-I9108, GT-I9188, and maybe more. Some of them are based on different hardware platform – the Samsung S5PV310 (Cortex-A9 Dual-Core). Thus make sure first which exact hardware version you have on hands.

Note, one simple way to connect over JTAG – connect USB cable to PC and insert battery. In this case phone is automatically powered on.
Current DLL is still a beta one. It will work only with phones which have killed X-Loader.

To resurrect Samsung I9108:

Solder JTAG cable to Samsung I9108 JTAG pads;
Connect USB cable to phone and PC;
Insert battery;
Make sure Samsung I9108 is selected in the list of models;
Make sure a fixed TCK frequency is selected;
Click Resurrect button;
Wait till software signals a successful operation completion;
Disconnect USB cable, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally, you can flash it using original Samsung downloader software to restore it to the working state.

To enter download mode:

Disconnect PC cable;
Insert battery;
Hold both ‘Volume Down’ and ‘Home’ keys and press Power-On.

RIFF JTAG – JTAG Manager v1.36, RIFF Box firmware v1.27, GDB Server v1.05 released

Posted on October 7, 2011 by admin

07.10.2011 JTAG Manager v1.36, RIFF Box firmware v1.27 released

Whats new :

JTAG Manager 1.36
—————————
– Added fast presets for automatic selection of settings for most common operations on DCC Read/Write page
For this click Settings by Code button and select a desired preset from list and then click Apply Settings.
For example if user selects “Write Full Image into NAND memory” the valid settings on the DCC Read/Write page
for writting full images into devices with NAND memory will be automatically selected
– Fixed serious bug which caused resurrector DLLs which do upload data into RAM to upload broken data
For example DLLs which start Downlad Mode directly use this feature.
– Added feature to accept text name of memory chip from DCC Loader and display it (currently used to display eMMC memory product name)
– Fixed bug for resumming interrupted DCC Read: ifvcurrently cached file size was greater than > 2GB
(that is if read was interrupted on point when there was already more than 2GB of data read) the new reading data was not appended to the readout file end, but instead the file was corrupted.
– Fixed bug for saving big files (after reading on DCC Read/Write page): if size exceeded 0x7FFFFFFF bytes JTAG Manager show no free disk space error.
– Added TEGRA2 chipset selection in the Target list
– Fixed an issue with the resurrection progress bar: in some cases during resurrection operations the progress bar would always stay at 0%.

Firmware 1.27
—————————
– Added TEGRA2 debugging support (dual-core Cortex-A9)
– Added new breakpoint type: “address mismatch” which allows geniune single-stepping on Cortex-A8,A9 (CoreSight) targets
(thus GDB Server can now perform low-level single step commands)

RIFF GDB Server v1.05
—————————–
– Added Thumb2 instructions CBNZ and CBZ for single stepping
– Added more Thumb2 32-bit branch exctructions for single stepping
– Added CoreSight low-level signle-stepping support (at least RIFF BOX Firmware v1.27 is required)

RIFF JTAG -CDMA Samsung F619 supported

Posted on October 7, 2011 by admin

07.10.2011 CDMA Samsung F619 supported

The Samsung F619 board is auto powered on with USB Data Cable connected to the PC. Battery presence is not required; connection can be established with detached board.

To resurrect Samsung F619:

Solder JTAG cable to Samsung F619 JTAG pads;
Connect USB cable;
Make sure Samsung F619 is selected in the list of models;
Click Resurrect button;
Wait till software signals a successful operation completion;
Disconnect power supply, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally, you can flash it using known flashing methods.

To enter download mode:

Disconnect PC cable;
Insert battery;
Hold ‘9’ key and press ‘Power ON’ button.

RIFF JTAG – Samsung i997 infuse 4g Unbrick, Boot repair supported

Posted on October 7, 2011 by admin

07.10.2011 Samsung i997 infuse 4g Unbrick, Boot repair supported

Samsung I997 is based on the S5PCxxx Processor (ARM core is Cortex-A8).
Note, one simple way to connect over JTAG – connect USB cable to PC and insert battery. In this case phone is automatically powered on. But note, in very rare cases it is possible that you will have to hold Power On key during initial connection.
In case after resurrection (after you have tried with both boot versions) the download mode is not initiated (LCD remains blank) do repeat resurrection with ‘Clone Gremlin zone’ option checked.

To resurrect Samsung I997:

Solder JTAG cable to Samsung I997 JTAG pads;
Connect microUSB cable to phone and PC;
Insert battery;
Make sure Samsung I997 is selected in the list of models;
Make sure a fixed TCK frequency is selected;
Click Resurrect button;
Wait till software signals a successful operation completion;
Disconnect USB cable, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally, you can flash it using original Samsung downloader software to restore it to the working state.

To enter download mode:

Disconnect PC cable;
Insert battery;
Hold both ‘Volume Down’ and ‘Home’ keys and press Power-On.

RIFF Box – eMMC/JTAG support

Rocker Team Flashing Interface

RIFF JTAG – HTC Desire CDMA Supported

RIFF JTAG – HTC Supersonic (EVO 4G) Unbrick, Unlock, IMEI, CID, ModelID repair supported

RIFF JTAG – Samsung i520 PDA and Modem parts supported

RIFF JTAG – Samsung Corby II – S3850 supported

RIFF JTAG – Samsung Z500 supported !

RIFF JTAG – HTC Desire Z (HTC Vision) Unbrick, Unlock, IMEI&CID repair supported

RIFF JTAG -Samsung Galaxy II, OMAP4430 version supported (Samsung i9100G, Samsung i9108)

RIFF JTAG – JTAG Manager v1.36, RIFF Box firmware v1.27, GDB Server v1.05 released

RIFF JTAG -CDMA Samsung F619 supported

RIFF JTAG – Samsung i997 infuse 4g Unbrick, Boot repair supported