Archive for December, 2007

Treo 680 ROM hacking 3

December 16, 2007 Leave a comment

The new 2.11 AT&T ROM release has prompted me to take a look behind the scenes of the romupdater.prc and I’ve discovered a few interesting new things beyond the commands we knew already :

? / help (lists the very few commands we knew before)
low <directory> (Flash LowRider IPL,SPL,TPL and OS. From RAM or SD directory)
list (lists the ROM images)
lt (list ROM tokens)
->prnm – Product name (TREO680)
->hser – HotSync/Handspring serial number (PMGG0BCxxxxx)
->hwvr – H/W version (A)
->Gime – IMEI *beware the Mobile Phones (Reprogramming) Act 2002*
->BTid – Bluetooth ID
->crnm – Carrier name (ROW)
->revn – ROM revision (2.11)
->gmfl – GM flag (GM)
->CleS – Cameraless ID
->Skip – Skip camera ID
->KBlo – Keyboard localization
->TScb – Screen calibration
->GoUc – Network Unlock PIN
->GpUc – Operator Unlock PIN
->Gvlt – GSM voice life timer (240)
->???? – GSM data life timer
->???? – Warranty date code
->HTCM – ?no idea? (FC6B07E…)
->HRST – ?no idea?
->Nohr – ?no idea?
dt <token> (delete ROM token)
wt <token> <value> (write ROM token)
su (superuser mode)
superuser mode enabled
duinit (Device Updater modifies carrier settings?)
DuLibInitialize returned: 0x0000
rev [list] (Show hardware revision or list all IPL files)
Board ID: LOW
HW Rev: cvt
reset (Soft reset)
listcards (Lists the SD cards available)
Vol: 0x0002  Attr: 0x00000001
updatebinfs (Requires superuser mode)
updateipl <low-ipl-cvt.pdb> (Requires superuser mode)
Using low-ipl-cvt.pdb
Updating the IPL…
Updating from SD card… Comparing image with flash…
Diff at offset 0x00000000
From File:
18, F0, 9F, E5, 18, F0, 9F, E5
From Flash:
6C, 6F, 77, 2D, 69, 70, 6C, 2D
Flashing section…Done!
Verifying section…Done!
updatespl (Requires superuser mode)
updatetpl <dir index> <filename> (Requires superuser mode)
format [ace|angus|low] <force> (?)
lowsize (?)
Low MaxOS Size: 0x2100000
Low BinFS Size: 0x02400000
Checking os file size (/ROM/ …
OS size on SD: 0x00849D91
MaxOS >= 0x00849E00
>> You can flash your device
pmhreset (?)
hreset (*Hard reset*, requires superuser mode)
fboot (?)
Fastboot mode enabled…
check [ace|angus|brahma] (No LOW option)
cleartokens (Clear ROM tokens)
verifyp (ERROR!)
verifyb (?)
low-ipl- (?)
aceroff (?)
angusroff (?)
hdread (?, brahma-only)
hdfill (?, brahma-only)
norread (?, resets device)
norfill (?)
smallrom <filename> (?)
No file specified. Assuming /ROM/Brahma_Release_EVT1_efgs.smallrom
Smallrom updated unsuccessfully.

What do dvt,evt,p1,p2 refer to?
M-Systems EVT3 = ?
M-Systems Ace/Camino = EVT2 = Treo650 / Treo680?
M-Systems Angus = T5?

lt and wt are useful for avoiding the official ROM update version checks as we can modify both carrier name (ROW/CNG,ROG,etc) and revision number (1.09/2.11,etc)

Tags: , ,

Palm to add A2DP support ?

December 15, 2007 Leave a comment

The hidden preferences page is already present in the latest updated ROM images for AT&T.

Tags: , ,