Tag Archives: Resurrection

RIFF JTAG – eMMC Partition Plugin v1.0 (Qualcomm EBR-MBR based eMMC flash images processing)

Posted on by

RIFF JTAG – eMMC Partition Plugin v1.0 (Qualcomm EBR-MBR based eMMC flash images processing)

This plugin works with eMMC image files which have standard Master Boot Record (MBR) and Extended Boot Record (EBR) formatting. Most of eMMC-bootable mobile phones have their eMMC memory formatted in such style. In this case partitions are accessed in standard way, by Partition ID: for example boot loader partitions or OS image partition (compare with qualcomm MIBIB partitioning: while ‘MIBIB’-type partitions have standalone partition descriptor block which contains info on all partitions and is posistioned in a definite NAND address, the eMMC partitioning is one MBR sector at fixed position + a chain of EBR sectors which are scattered throughout the eMMC address space in a literally random way).
This plugin is a powerfull tool which enormously simplifies resurrection process (providing you have the required boot files from an official firmware or you have a ‘donor’ device) for those devices which are not yet supported by a dedicated resurrector DLL.
Please note, such phones as Samsung Exynos MCU based pohones (for example I9100, P6200, P6800, N7000, I9220 and etc), though have eMMC chip, are not partitioned in MBR way and thus are not the subject for the current plugin. These phones are to be processed by different plugin.

With the help of this plugin you can do:

  •  Disassemble a full (or, since eMMC full image files are too large, a partial) eMMC Image File previously obtained with JTAG Manager (DCC Read/Write Page);
  •  Inspect each partition contents;
  •  Save separate partitions to HDD;
  •  Save all partitions as standalone files to HDD;
  •  Build-up your own full image file: for this you need to read from device (by clicking “Load Image from Device” button) or open from file (by clicking “Load Image from File” button) the eMMC partitioning data and then by selecting desired partitions click “Inject Into Partition” button to upload data from file into selected partition. Then you can save all full image file to HDD or flash injected partitions directly into device;
  •  Write a chosen partition directly into device;
  •  Read a chosen partition directly from device and substitute old partition contents to new ones;
  •  Create eMMC partitioning snapshot (that is storing info on full EBR chain: each EBR sector position).
  •  Restore eMMC partitioning from previously taken file: it is convenient if eMMC memory is erased and all formatting data is lost.
  •  Plugin supports new RIFF™ shrinked binary files format (*.riffpbin): which allows to shrink huge eMMC Image files into small sized-files (for example, Image File for 14GB empty eMMC chip is shrinked into ~10 KByte(!) size), thus HDD space is preserved, while performance is not visibly effected.

Please note, direct read/write operations from/to the device will require proper resurrector to be set (Resurrector Settings: thus before clicking the Activate Plugin button make sure proper model is selected as well as other settings like TCK/RTCK frequencies).
.

RIFF JTAG – HTC 7 Pro (HTC Gold) Unbrick, Unlock, IMEI and CID repair supported

Posted on by

02.04.2012  RIFF JTAG – HTC 7 Pro (HTC Gold) Unbrick, Unlock, IMEI and CID repair supported

Repairing bricked  HTC 7 Pro is easy with RIFF Box. Phone is auto powered on with USB Data Cable connected to the PC while battery is connected.
Resurrector will re-flash radio’s boot zone and will re-write PDA’s SPL to 0.71.1000 or 0.00.1000 SPL version (depends on your choice). Additionally to SPL and Radio zones, the zone which contains Model ID is re-flashed too. Thus after resurrection phone will have Model ID = ‘PC9210000’.

To resurrect HTC 7 Pro:

  •  Solder JTAG cable to HTC 7 Pro JTAG pads;
  •  Insert USB Data cable into board and PC;
  •  Make sure HTC 7 Pro is selected in the list of models;
  •  Click Resurrect button;
  •  Wait till software signals a successful operation completion;
  •  Disconnect power supply, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally, you can flash it using known flashing methods.

To enter download mode:

  •  Disconnect PC cable;
  •  Insert battery;
  •  Hold ‘Volume Down’ key and press ‘Power ON’ button. In few seconds you should see TriColor picture.

.

RIFF JTAG – Samsung SCH-I500 Galaxy S Mesmerize/Fascinate Unbrick Supported

Posted on by

27.03.2012    RIFF JTAG – Samsung SCH-I500 Galaxy S Mesmerize/Fascinate Unbrick Supported

Repairing bricked  Samsung SCH-I500 Galaxy S Mesmerize/Fascinate is easy with RIFF Box.
I500 is based on the S5PCxxx Processor (ARM core is Cortex-A8). Please note the adaptive clocking mode (RTCK) is not available on this processor, so make sure to select a fixed TCK frequency.
To establish the JTAG connection attach battery cable and press Power On key.
In case after resurrection the download mode is not initiated (LCD remains blank) do repeat resurrection with ‘Clone Gremlin zone’ option checked.

To resurrect Samsung I500:

  •  Solder JTAG cable to Samsung I500 JTAG pads;
  •  Attach battery cable and press Power On key;
  •  Make sure Samsung I500 is selected in the list of models;
  •  Make sure a fixed TCK frequency is selected;
  •  Click Resurrect button;
  •  Wait till software signals a successful operation completion;
  •  Disconnect USB cable, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally, you can flash it using original Samsung downloader software to restore it to the working state.
.

RIFF JTAG – HTC Sensation XL X315 / Bass (HTC Runnymede) Unbrick, Unlock, IMEI and CID update supported

Posted on by

21.03.2012    RIFF JTAG – HTC Sensation XL X315 / Bass (HTC Runnymede) Unbrick, Unlock, IMEI and CID update supported

Repairing bricked  HTC SensationXL (PI39200) is easy using RIFF Box. Phone is auto powered on with USB Data Cable connected to the PC while battery is connected.
Some (or all) revisions of HTC SensationXL boards have JTAG interface disabled (that is enable MARM JTAG Fuse is blown in the MSM8255 chip). In this case the JTAG may be enabled only by firmware itself. This is done by the FSBL loader, so writing to FSBL area is artificially disabled in the DCC Loader code. DCC Loader will discard all flashing attempts into FSBL zone and will respond with success code as if flashing succeeded. In this way FSBL zone is protected while user still can flash full image files seamlessly.
Resurrector will reflash radio’s boot zone (except FSBL area) and will re-write PDA’s SPL to 1.25.0004 version. Additionally to SPL and Radio zones, the zone which contains Model ID is re-flashed too. Thus after resurrection phone will have Model ID = ‘PG3920000’.
There is option to reflash BOOT and RECOVERY zones.
Please note, if your phone has the FSBL loader damaged and MCU has JTAG FUSE blown then there is no way to resurrect your phone via JTAG interface.

To resurrect HTC SensationXL:

  •  Solder JTAG cable to HTC SensationXL JTAG pads;
  •  Insert battery and connect USB Data cable;
  •  Make sure HTC SensationXL is selected in the list of models;
  •  If you use only battery, press Power On key;
  •  Click Resurrect button;
  •  Wait till software signals a successful operation completion;
  •  Disconnect power supply, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally you can flash it using known flashing methods.

To enter download mode:

  •  Disconnect PC cable;
  •  Insert battery;
  •  Hold ‘Volume Down’ key and press ‘Power ON’ button.

.

RIFF JTAG – HTC EVO View 4G Unbrick, Unlock, IMEI and CID update supported

Posted on by

19.03.2012    RIFF JTAG – HTC EVO View 4G Unbrick, Unlock, IMEI and CID update supported

Repairing bricked HTC EvoView4G is easy using RIFF Box. Phone is auto powered on with USB Data Cable connected to the PC while battery is connected. Please note, battery presense is required.
Some (or all) revisions of HTC EvoView4G boards have JTAG interface disabled (that is enable MARM JTAG Fuse is blown in the MSM8255 chip). In this case the JTAG may be enabled only by firmware itself. This is done by the FSBL loader, so writing to FSBL area is artificially disabled in the DCC Loader code. DCC Loader will discard all flashing attempts into FSBL zone and will respond with success code as if flashing succeeded. In this way FSBL zone is protected while user still can flash full image files seamlessly.
Resurrector will reflash radio’s boot zone (except FSBL area) and will re-write PDA’s SPL to 1.38.0000 version. Additionally to SPL and Radio zones, the zone which contains Model ID is re-flashed too. Thus after resurrection phone will have Model ID = ‘PG4120000’.
There is option to reflash BOOT and RECOVERY zones.
Please note, if your phone has the FSBL loader damaged and MCU has JTAG FUSE blown then there is no way to resurrect your phone via JTAG interface.

To resurrect HTC EvoView4G:

  •  Solder JTAG cable to HTC EvoView4G JTAG pads;
  •  Insert battery and connect USB Data cable;
  •  Make sure HTC EvoView4G is selected in the list of models;
  •  If you use only battery, press Power On key;
  •  Click Resurrect button;
  •  Wait till software signals a successful operation completion;
  •  Disconnect power supply, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally you can flash it using known flashing methods.

To enter download mode:

  •  Disconnect PC cable;
  •  Insert battery;
  •  Hold ‘Volume Down’ key and press ‘Power ON’ button.

.

RIFF JTAG – HTC EVO 3D (HTC Shooter) Unbrick – Boot Repair Supported, World First ! ! !

Posted on by

14.03.2012   RIFF JTAG – HTC EVO 3D  (HTC Shooter) Unbrick – Boot Repair Supported, World First  ! ! !

Repairing bricked HTC EVO 3D (PG86300) is easy with the RIFF Box. Phone is auto powered on with USB Data Cable connected to the PC while battery is connected.
Resurrector will reflash radio’s boot zone (except FSBL area) and will re-write PDA’s SPL version 1.49.0007. Additionally to SPL and Radio zones, the zone which contains Model ID is re-flashed too. Thus after resurrection phone will have Model ID = ‘PG8630000’.
There is option to reflash BOOT and RECOVERY zones.

To resurrect HTC EVO 3D:

  •  Solder JTAG cable to HTC EVO 3D JTAG pads;
  •  Insert batter and connect USB Data cable;
  •  Make sure HTC EVO 3D is selected in the list of models;
  •  If you use only battery, press Power On key;
  •  Click Resurrect button;
  •  Wait till software signals a successful operation completion;
  •  Disconnect power supply, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally you can flash it using known flashing methods.

To enter download mode:

  •  Disconnect PC cable;
  •  Insert battery;
  •  Hold ‘Volume Down’ key and press ‘Power ON’ button.

.

RIFF JTAG – HTC Sensation (HTC Pyramid) Unbrick, ModelID, CID, IMEI repair Supported

Posted on by

14.03.2012   RIFF JTAG – HTC Sensation  (HTC Pyramid)  Unbrick, ModelID, CID, IMEI repair Supported

Repairing bricked HTC Sensation is easy with the RIFF Box. Phone is auto powered on with USB Data Cable connected to the PC while battery is connected.

Resurrector will reflash radio’s boot zone (except FSBL area) and will re-write PDA’s SPL version 1.18.0000. Additionally to SPL and Radio zones, the zone which contains Model ID is re-flashed too. Thus after resurrection phone will have Model ID = ‘PG5813000’.
There is option to reflash BOOT and RECOVERY zones.

To resurrect HTC Sensation:

  •  Solder JTAG cable to HTC Sensation JTAG pads;
  •  Insert batter and connect USB Data cable;
  •  Make sure HTC Sensation is selected in the list of models;
  •  If you use only battery, press Power On key;
  •  Click Resurrect button;
  •  Wait till software signals a successful operation completion;
  •  Disconnect power supply, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally you can flash it using known flashing methods.

To enter download mode:

  •  Disconnect PC cable;
  •  Insert battery;
  •  Hold ‘Volume Down’ key and press ‘Power ON’ button.

.

RIFF JTAG Manager v1.39 Released ! Many new updates !

Posted on by

25.02.2012    JTAG Manager 1.39 released

Whats new:

  • Fixed bug which caused poping-up of ‘Out of Free Disk space’ window error while real error was just a failed HASH.
  • eMMC chip size is now represented not only in bytes but additionally, for visual convenience, in Mega/Giga bytes
  • Addres/Length fields on DCC Read/Write and JTAG Read/Write pages are changed into custom GUI representation:   now 12(or 8)-digit hex values are shown in more human ‘readable’ way.
  • For more convenient work with the DCC Read/Write page features there was added standard lengths list, so user can set ‘human readable’ length value instead of manual typing of correct hexadecimal length value. For this just click combo box near Data Length field and select a desired length.

    Example:
    .

    Now its possible to select any value from 1MB to 16GB, plus, in case of writing file, You can simply use “File Size” to automatically read opened file size and use it’s length.

  •  Added balloon hints to suggest what to do in case user has ‘DLL was not Accepted’ issue.
  • Selected resurrector DLL version is shown in logging windows now along with Model name, for example:
    “Selected Resurrector: [NoName x1234 V1.00]”
  •  Added “Search for DLL” button on the Resurrection page:
    As RIFFBOX grows up on number of supported devices, searching visually through the big lists of supported models for a definite device name became a tiresome procedure.
    Now user can search for required model simply typing part of model name in the search dialog (for this select “Search for DLL for this Model Name” and type some part of device name you’re looking for)

    Example:
    .

    .
    Besides this, there is feature to search for resurrectors compatible with specific IDCODE. For example, if you have a not supported device in hands with ID = 0xXXXXXXXX, you can search for DLLs which work with such ID and try to connect your device using one of such ‘compatible’ DLLs. (for this select “Search for DLL with same IDCODE” and type IDCODE you’re looking for)

    Example:
    .

PLEASE NOTE!!! New resurrectors data base format is used in 1.39 version, thus
upon first start the JTAG MANGER WILL RESTART 1-5 TIMES in order to re-load and re-fresh all existing resurrector DLLs.

RIFF JTAG – HTC ThunderBolt 4G ADR6400 (HTC Mecha) Unbrick – Boot repair supported

Posted on by

14.02.2012     HTC ThunderBolt 4G ADR6400 (HTC Mecha) Unbrick – Boot repair supported

Resurrecting HTC Thunderbolt CP (Modem Part) part is easy.
Phone is auto powered on with USB Data Cable connected to the PC while battery is inside; sometimes during connection pressing Power On key may be required.
Please note, CP Part’s power is controlled by the AP Part, thus you may experience constant connection loses after definite ammounts of time (1-2-5-x seconds). If this keeps interferring the resurrection process, solder additionall JTAG interface cable to the AP pads, select AP resurrector DLL, go to the JTAG Read/Write page and halt AP core, then switch back to the CP JTAG interface.

To resurrect HTC Thunderbolt CP (Modem Part) Part:

  •  Solder JTAG cable to HTC Thunderbolt CP JTAG pads;
  •  Insert USB Data cable into board and PC;
  •  Make sure HTC Thunderbolt CP is selected in the list of models;
  •  Click Resurrect button;
  •  Wait till software signals a successful operation completion;
  •  Disconnect power supply, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally, you can flash it using known flashing methods.

Resurrecting HTC Thunderbolt AP (PDA Part) is easy. Phone is auto powered on with USB Data Cable connected to the PC while battery is connected.
Resurrector will reflash radio’s boot zone and will re-write PDA’s SPL to 1.04.0000 version. Additionally to SPL and Radio zones, the zone which contains Model ID is re-flashed too. Thus after resurrection phone will have Model ID = ‘PG0510000’.
There is option to reflash BOOT and RECOVERY zones.

_

RIFF JTAG – Samsung Galaxy Precedent SCH-M828 Unbrick supported

Posted on by

09.02.2012     Samsung Galaxy Precedent SCH-M828 Unbrick supported

Samsung M828 resurrection is simple. Phone is auto powered when USB Data Cable is inserted while battery is inside. If you don’t use USB cable, make sure to hold Power On button during JTAG connection establishing phase.
To resurrect Samsung M828 do this:

  •  Solder JTAG cable to Samsung M828 JTAG pads;
  •  Insert battery and connect USB cable to phone and PC;
  •  Make sure Samsung M828 is selected in the list of models;
  •  Click Resurrect button;
  •  Wait few seconds until software signals a successful operation completion;
  •  Disconnect USB cable, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally, you can flash it using original Samsung downloader software to restore it to the working state.

To enter download mode:

  •  Disconnect PC cable;
  •  Insert battery;
  •  Hold both ‘Volume Down’ and ‘Camera’ keys and press Power-On to enter Download Mode;

_