Tag Archives: Resurrection

RIFF JTAG – HTC Ozone XV6175 (HTC Chief) Unbrick, Boot Repair, Unlock, IMEI Repair, CID Update supported

Posted on by

31.03.2011    HTC Ozone XV6175 (HTC Chief) Unbrick, Boot Repair, Unlock, IMEI Repair, CID Update supported

Resurrecting HTC Chief is easy:
Resurrector will reflash radio’s boot zone and will re-write PDA’s SPL to 0.44.0000 SPL version.
Additionally, the zone which contains Model ID is re-flashed too. Thus after resurrection phone will have Model ID = ‘CEDA10000’.
As well, you can change CID – for this make sure ‘Repair Custom ID’ field is checked in the Resurrection Guide dialog.

To resurrect HTC Chief:

  • Solder JTAG cable to HTC Chief JTAG pads;
  • Make sure HTC Chief is selected in the list of models;
  • Insert battery and connect USB Cable;
  • Click Resurrect button;
  • Wait till software signals a successful operation completion;
  • Disconnect power supply, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally, you can flash it using known flashing methods.

Please click “Check For Updates” button in order to download and apply new files. Closing all running application before starting update process is recommended.

RIFF JTAG – RoverPC EVO V7 Unbrick – Dead boot repair supported

Posted on by

21.03.2011  RoverPC EVO V7 Unbrick – Dead boot repair supported

RoverPC Evo V7 resurrection is simple. Phone is auto powered on with USB Data Cable connected to the PC. Battery presence is not required; connection can be established with detached board.

To resurrect RoverPC Evo V7:

  • Solder JTAG cable to RoverPC Evo V7 JTAG pads;
  • Connect USB cable to phone and PC;
  • Make sure RoverPC Evo V7 is selected in the list of models;
  • Make sure a fixed TCK frequency is selected;
  • Click Resurrect button;
  • Wait till software signals a successful operation completion;
  • Disconnect USB cable, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally, you can flash it using original firmware downloader software to restore it to the working state.

To enter download mode:

  • Disconnect PC cable;
  • Insert battery;
  • Hold both ‘Volume Down’ and ‘Camera’ keys and press Power-On.

Please click “Check For Updates” button in order to download and apply new files. Closing all running application before starting update process is recommended.

RIFF JTAG – Huawei E153U Broadband modem unbrick – dead boot repair supported

Posted on by

17.03.2011  Huawei E153U Broadband modem unbrick – dead boot repair supported

Resurrecting Huawei E153U is simple. Just make sure you solder all JTAG signals and insert modem into a USB port for it to get powered.
If modem is not detected by RIFFBOX JTAG, disconnect JTAG connector, re-insert modem into USB and then connect back the JTAG connector.
There are secured (QCSBL is signed) and non-secured (QCSBL is not signed) modem revisions exist. Resurrector will automatically detect board revision and will select proper data to be flashed.
No matter what h/w revision is you can select which partitions are to be flashed during resurrection process.

To resurrect Huawei E153U:

  • Solder JTAG cable to Huawei E153U JTAG pads;
  • Insert Huawei E153U modem into any USB port for power;
  • Make sure Huawei E153U is selected in the list of models;
  • Click Resurrect button;
  • Wait till software signals a successful operation completion;
  • De-solder JTAG wires;

Please click “Check For Updates” button in order to download and apply new files. Closing all running application before starting update process is recommended.

RIFF JTAG – Toshiba Portege G900 Unbrick, Dead Boot repair supported

Posted on by

14.03.2011 Toshiba Portege G900 Unbrick, Dead Boot repair supported

Resurrection of Toshiba Portégé G900 PDA part is not hard. Battery is required for successful HALT operation. If USB Data Cable is connected phone is auto powered on when battery is inserted.
If during connect operation (“Establish communication with the phone…”) after 2-3 passes there is still no success (progress bar keeps running from 0 to 100% and so on) then remove battery and insert it again. If USB cable is not connected then press and hold Power On key.
Current resurrector re-flashes only the EBOOT and secondary EBOOT area, and will not re-write IPL area (though write of this area is supported too).
Please note: DiskOnChip G4 memory has security features, due to which there is a risk of permanently blocking the access to the flash memory while re-flashing the IPL areas. Current resurrector will not touch the IPL zone, but it is possible you’re already holding such killed device in hands. If it is so you will see this error:
****************************************************************
Detected a Not Initialized FLASH1 Chip ID: 0x0400/0xFBFF
ERROR: Selected FLASH Chip was not initialized by the DCC Loader
****************************************************************

This can happen due to unknown protection keys used or due to permanently blocked MDOC chip. If latter is true we advise you to solder a new flash memory chip or throw this phone away to the trash bin.

To resurrect Toshiba G900 PDA part:

  • Solder JTAG wires to the Toshiba G900 PDA pads;
  • Connect USB cable to phone and PC;
  • Make sure Toshiba G900 PDA is selected in the list of models;
  • Insert battery and click Resurrect button;
  • Wait till software signals a successful operation completion;
  • Disconnect USB cable, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally, you can flash it using known flashing methods.

To enter USB download mode:

  • Disconnect PC cable;
  • Insert battery;
  • Hold ‘Left soft’ key (which is exactly above the Dial key) and press ‘Power ON’ button. In few seconds you should see red download screen.

To enter SD-card download mode:

  • Disconnect PC cable;
  • Insert battery;
  • Hold ‘D’ key and press ‘Power ON’ button.

Additional info:

  • Phone has DiskOnChip G4 memory type, which has security features. It has two password protected partitions (Password1 = 12345678, Password2 = 00000000);
  • IPL re-flash is not performed in this resurrector on purpose. While re-flashing the IPL area there is a risk of permanently blocking the memory chip.
  • Any write access (Erase or Write) on MDOC NAND memory range 0x00000000 to 0x0017FFFF is rejected by the DCC Loader. For full image writing convenience access to that range will not rise any error, data will just be ignored and reported as if it was written successfully, thus you still can write full image files using ‘Auto FullFlash Size’ checked.

Please click “Check For Updates” button in order to download and apply new files. Closing all running application before starting update process is recommended.

RIFF JTAG – CDMA Samsung SPH-D700 Galaxy S Epic 4G Unbrick, Dead Boot repair supported

Posted on by

14.03.2011 CDMA Samsung SPH-D700 Galaxy S Epic 4G Unbrick, Dead Boot repair supported

Samsung SPH-D700 is based on the S5PC110 Processor (ARM core is Cortex-A8). Depending on firmware state resurrection can be a bit confusing: for successful connection you will require charged battery. Please note – no matter whether you have USB cable or not – it must not be connected to phone. This is important.
Resurrector will reflash IBL, PBL, SPL and PARAM areas. Additionally you can select KERNEL and RECOVERY partitions to be reflashed too. Though them are required only for recovery mode and not needed for following USB firmware update by Odin software. So if you don’t need recovery mode don’t select these 2 partitions – otherwise you will just waste time waiting for them to be reflashed.
If after resurrection the download mode still cannot be initiated (LCD remains blank) do repeat resurrection with ‘Clone Gremlin zone’ option checked.

To resurrect Samsung SPH-D700:

  • Solder JTAG cable to Samsung SPH-D700 JTAG pads;
  • Make sure USB cable or charger is not connected;
  • Make sure Samsung SPH-D700 is selected in the list of models;
  • Make sure a fixed TCK frequency is selected;
  • Insert battery;
  • Click Resurrect button;
  • Press Power On key; when you will see “Establish communication with the phone…” message – press Power On ey again (and hold it pressed for 1-2 seconds);
  • Wait till software signals a successful operation completion;
  • Disconnect USB cable, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally, you can flash it using original Samsung downloader software to restore it to the working state.

To enter download or recovery mode:

  • Disconnect PC cable;
  • Insert battery;
  • Hold ‘1’ key on the keypad and press Power-On to enter download mode;
  • Hold both ‘Volume Down’ and ‘Camera’ keys and press Power-On to enter recovery mode.

Please click “Check For Updates” button in order to download and apply new files. Closing all running application before starting update process is recommended.

RIFF JTAG – Samsung SGH-i607 BlackJack PDA Unbrick, Dead Boot repair supported

Posted on by

12.03.2011  Samsung SGH-i607 BlackJack PDA Unbrick, Dead Boot repair supported

Resurrecting Samsung i607 PDA part is easy. Phone requires battery presence in order to establish JTAG connection. If you additionally connect charger the phone will be auto powered on and there will be no need to press Power on key.
In case you experience connection problems, de-power phone completely, disconnect charger (if it was used), then insert battery, click Resurrection button in the JTAG Manger and immediately (within 0…1 seconds) press Power On key.

To unbrick Samsung i607 PDA part:

  • Solder JTAG cable to Samsung i607 PDA JTAG pads;
  • Make sure Samsung i607 PDA is selected in the list of models;
  • If only battery is connected – press Power On key shortly;
  • Click Resurrect button;
  • Wait till software signals a successful operation completion;
  • Disconnect power supply, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally, you can flash it using known flashing methods.

Please click “Check For Updates” button in order to download and apply new files. Closing all running application before starting update process is recommended.

RIFF JTAG – HTC Tattoo A3232 (HTC Click 1100) Unlock, Unbrick, IMEI repair, CID Update

Posted on by

10.03.2011 HTC Tattoo A3232 (HTC Click 1100) Unlock, Unbrick, IMEI repair, CID Update supported

Resurrecting HTC Click is easy. Phone is auto powered on with USB Data Cable connected to the PC while battery is inside.
There are two different hardware versions exist – one based on the MSM7225 chipset (CLIC10000) and other – on the ESM7225 chipset (CLIC11000). In resurrector settings you can select a desired version.
Resurrector will reflash radio’s boot zone and will re-write PDA’s SPL to 0.52.0001 SPL version.
As well, you can change CID – for this make sure ‘Repair Custom ID’ field is checked in the Resurrection Guide dialog.

To resurrect HTC Click:

  • Solder JTAG cable to HTC Click JTAG pads;
  • Make sure HTC Click is selected in the list of models;
  • Click Resurrect button;
  • Wait till software signals a successful operation completion;
  • Disconnect power supply, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally, you can flash it using known flashing methods.

To Unlock HTC Click :

  • Solder JTAG cable to HTC Click JTAG pads;
  • Make sure HTC Click is selected in the list of models;
  • Click Resurrect button;
  • Select “Unlock Settings” TAB
  • Select Unlock method
  • Click “Unlock”

Please click “Check For Updates” button in order to download and apply new files. Closing all running application before starting update process is recommended.

RIFF JTAG – ASUS P526 Unbrick, Dead Boot repair supported

Posted on by

10.03.2011   ASUS P526 Unbrick, Dead Boot repair supported

Resurrection of ASUS P526 is slightly complicated. JTAG pads are very small and sensitive thus extreme care must be taken when soldering wires to the board. Battery must be connected in order to establish JTAG connection.
Current resurrector re-flashes only the IPL area, and will not re-write MDOC XLOADER area (though write of this area is supported too).
Please note: DiskOnChip G4 memory has security features, due to which there is a risk of permanently blocking the access to the flash memory while re-flashing the XLOADER areas. Current resurrector will not touch the XLOADER zone, but it is possible you’re already holding such killed device in hands. If it is so you will see this error:
****************************************************************
Detected a Not Initialized FLASH1 Chip ID: 0x0400/0xFBFF
ERROR: Selected FLASH Chip was not initialized by the DCC Loader
****************************************************************

This can happen due to unknown protection keys used or due to permanently blocked MDOC chip. If latter is true we advise you to solder a new flash memory chip or throw this phone away to the trash bin.

To resurrect ASUS P526:

  • Solder JTAG cable to ASUS P526 JTAG pads;
  • Insert battery and connect USB cable to phone and PC;
  • Make sure ASUS P526 is selected in the list of models;
  • Click Resurrect button;
  • Wait till software signals a successful operation completion;
  • Disconnect USB cable, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally, you can flash it using known flashing methods.
If phone not enters download mode after resurrection then it means XLOADER was damaged too but memory chip is still usable. In this case repeat resurrection using RAM Downloader Mode and when USB connection is established reflash the phone with official firmware.

To enter download mode:

  • Disconnect PC cable;
  • Insert battery;
  • Move ‘Lock’ slider down, hold ‘OK’ key (on the left) and press ‘Power ON’ button. In few seconds you should see TriColor picture.

Additional info:

  • Phone has DiskOnChip G4 memory type, which has security features. It has two password protected partitions (Password1 = 12345678, Password2 = 00000000);
  • XLOADER re-flash is not performed in this resurrector on purpose. While re-flashing the XLOADER area there is a risk of permanently blocking the memory chip.
  • Any write access (Erase or Write) on MDOC NAND memory range 0x00000000 to 0x0017FFFF is rejected by the DCC Loader

Please click “Check For Updates” button in order to download and apply new files. Closing all running application before starting update process is recommended.

RIFF JTAG – JTAG Manager v1.15, RIFF Box firmware v1.14 released

Posted on by

05.10.2010 JTAG Manager v1.15, RIFF Box firmware v1.14 released

Whats new:

Firmware 1.14
———————
– code is optimized to avoid deadlocks in Cortex-A8 handling routines (deadlocks appear due to communication errors);
– Cortex-A8 debug is now available in ARM/Thumb modes (use the GDBServer for this);
– ARM946E core support is added (which is mostly a debug access to the CP15 coprocessor);
– added new RESET type for ARM9xxx cores: HW_RESET – targets which have dedicated TRST can be halted
at the very first instruction core executes after the system reset signal (NRST) was applied.
Importance of this: if some harmfull/”unlucky” code is written to a boot zone of a device, which (code)
on the device startup results in h/w blocking, jtag disabling, core resetting, etc., then connecting via JTAG to such target
becomes an impossible task, since JTAG host has not enough time to halt the target before it becomes unusable by a harmfull code.
Using HW_RESET type ensures the target’s core does not execute even a single instruction after the reset signal (NRST) was applied.
– removed bug which could cause deadlocks of box during a h/w script execution.
____________
JTAG Manager 1.15
———————
– added extended flash chip info handling for example for NOR memories support by DCC Loaders;
– added Resume feature for interrupted writes (which could be performed by WriteMemory button (DCC Page) or by Resurrector DLL):
if target loses power, connection is broken or any other malfuntion happens during write operation, software will store current
write context; you can reconnect target and start write/resurrection again – software will prompt you whether to start again or to continue write from the
interrupted point. This feature is applicable to all write conditions (writes by resurrectors, or manual writes through the DCC Read/Write page features).
– added 3 buttons on Box Service page for quick access to the RIFF’s manual PDFs;
– fixed a not harmfull bug inside of the core reset (when NRST is applied) command sequence;
– added feature: if write error appears and ‘Ignore’ is choosen, user can order software to apply ‘Ignore’ for further write errors automatically;
– added standalone setup dialog for automatic write errors handling;
– added BAD Blocks Handling feature using the following algo:
If there are data chunks A B C & D to be written into blocks 1 2 3 & 4 respectively, and for example block 3 is found to be BAD, then software will write:
data A -> into block 1
data B -> into block 2
——–> block 3 is bypassed (and marked as bad)
data C -> into block 4
data D -> into block 5
It’s clear that block 5 was not intended to accept the data D. Thus:
– if block 5 had some other info then this info will be lost and will be overwritten with the data D.
– if block 5 was free for use, then nothing bad happens.

So, main conclusions:
———————
1. BAD Blocks Handling is IMPOSSIBLE (POINTLESS) for writting FULL images (user can chose only ‘Ignore’ option)
2. When writting data chunks of length less than full flash size user is prompted to select 2 options:
a) Overlap (in example above this would mean to write data D into block 5)
b) Cut Excess (in example above this would mean to not touch original 5th block’s contents and just discard data D to be written)

************************************************** ************************************************** *********************************
NOTE: Bad block handling is allowed by default only through the DCC Read/Write page write.
—– Old Resurrector DLLs were not adapted for this feature, thus Bad Block handling will be implemented only in new DLLs.
If you meet a Bad Block Error during resurrection contact support in order to update DLL to a Bad Blocks adapted version.
************************************************** ************************************************** *********************************

– solved problem which caused update module to display files for download which were already up-to-date for cases
when JTAG Manager was installed on FAT (FAT/FAT32) file systems.
– very dangerous bug fixed: “Irnored” word misspelling is corrected to the valid “Ignored” one

RIFF JTAG – JTAG Manager v1.12

Posted on by

JTAG Manager 1.12
——————
– Added mutlichain options support for CMM scripts
– Added advanced multichain setup (“Advanced…” in the TAP# field)
– Added Cortex-A8 processor selection
– Added BOX pinout button (which is placed on Resurrection page)

Firmware 1.12
——————
– Addedd Cortex-A8 core 16-bit and 8-bit bus read/writes (which are be used in scripts mostly)
– Addedd CoreSight DAP ROM Table processing for automatic ARM core search.
– Addedd advanced MultiChain selection (IRPRE, IRPOST, DRPRE, DRPOST) in case simple TAP number is impossible to select (like in OMAP850)
– Addedd feature to set custom timeout after NRST is asserted back to high level
(for backward compatibility default timeout for ARM9 is set to 10ms, for other cores – 0ms)

Please start the JTAG Manager and click “Check for updates” button. You’ll be notified about new updates. Download everything and restart the software.
Box firmware will be updated automatically, but in case box stucks in bootcore mode, update firmware manually. Make sure to select v1.12 firmware.

Enjoy making $$$$ with RIFF Box !