Symptoms: once you do burnflash you cannot downgrade/upgrade the unit.
Possible scenario:
1. if you update the firmware via cnut or burnflash it will soft reboot w/c causes programming to a halt since
boot.image is erased after a reboot
2. ftp boot.image plus addwebfile won't work because of lack of space.(boot.image will be added to the file system)
3. P10 is also prone to brick
Possible scenario:
1. zaphdwcfg will erase boot data or overwrite null values w/c can cause reboot during upgrade.
2. zaphdwcfg can cause mac command to write wrong address.
3. if you have a spare p10 after burnflash with boot.image, try > resetdefault > zaphdwcfg > mac aa:bb:cc first than
> resetdefault > zaphdwcfg > Factory Programming tab > save changes... it might solve the upgrading issue i cannot test it since i already did the later.
4. bootinfo doesnt show any data, boot data erased/corrupt highly probable.
Invoking the tst will dump .sh files to your canopy and base on the script files it turns off the RF using rfoff command uses bitset to enable editing of some sort and using poke to write the files on the memory.
rfoff
bitset 70001004 00000001
poke 70002600 80726800
poke 70002604 807B2800
poke 70001004 010000b1
poke 70000010 8001D100
poke 70000014 1A0D1000
poke 70001000 068100D0
poke 70002668 07C49000
poke 70000010 0001D100
poke 70001000 469900D0
poke 70001084 FC000000
all firmwares have a peekblock, peek, poke to play with the memory, the codes are viewable only after resetdefault command. With this it's possible we can achieve permanent esn on P9/P10/P11 we just need to map esn address and the bitset address,i have identified a couple of address using this script.
Set oShell = CreateObject("WScript.Shell")
oShell.run"cmd.exe"
WScript.Sleep 500
oShell.SendKeys"telnet -f c:\MemoryDump.txt 169.254.1.1"
oShell.SendKeys "~"
WScript.Sleep 1000
oShell.SendKeys"peekblock 0 200000"
oShell.SendKeys "~"
oShell.SendKeys "~"
basically it saves the buffer to the MemoryDump.txt, you can modify the address range to your liking
NOTE: 8.x boot.image and 9.x firmware have different address range ex: 7000000 - 7000000F
P9
1. i tested this on my P9 and zaphdwcfg won't brick P9
2. bitset/peek/poke on p9 with 9.5 firmware is possible to have permanent ESN on any firmware , im still on the process
of finding memory address.
Downgrading to 7.3.6 firmware
downgrading P9 to 7.3.6 firmware using CNUT, it's supposed to work but not working at the moment.
Symptoms:
1. saving the esn via web gui will still revert to the old esn.
2. doing the mac xx:xx:xx on the command line will reflect the new esn on the webgui but after reboot still no esn change.
Telnet Commands using help are very limited
and typing pleh will give you Engineering commands, same commands viewable fer resetdefault on 8.x to higher firmware
NOTE:
I'm sharing my observation for you to be part of finding the big kahuna, i'm limited with my hardware since i need to experiment and the probability of hardware failure is highly possible.. you can do your own experiments. GOOD LUCK
Credits to menace465inc, Jtag aka Rapist and PinoyNyaks crew for non stop search for permanent esn w/c i ignored the past years. :)
10 comments:
thanks sa very useful info about perma sir A malaking tulong to sa mga naadik sa perma brick...
Wow, very nice info, though dami kong di nagets, pag-aralan ko to! :)
Thanks Master A. Keep it up.
ok now im certain that you didnt do your education here in the philippines. and if u did you have extensive experience in your feild working in another country. nice work i should admit. but i am also limited because of hardware. heheheheh.
and my 1010111 binary is kinda rusty. =p
01100110 01110101 01100011 01101011 00100000 01111001 01101111 01110101 WEEPIZ. Huwag ka na mag-ingles kasi pansin kung gaano ka 01101011 01100001 01100010 01101111 01100010 01101111. Walang kuwenta talaga kung magpost ka. Siguro ampangit mo at hindi ka napapansin sa totoong buhay. Kaya kung saan saan ka umeepal. Sabi mo sa thread mo sa symb kumukuha ka ng medicine, sinungaling ka. 01110101 01101100 01101111 01101100. Gumawa ka ng sarili mong blog at dun mo icopy paste lahat ng ginagawa ni Boss A. Boy IMBENTO.
Sir ginawa ko po dati ng perma ako. nasira ata candy ko. pag nag upgrade ako. nagreboot during upgrade pag programming na. me solution po ba?
hahahahahahhahaha. nakakatawa naman mga comment d2. siguro na sabugan yun sa mga pasabog ko. tumpak ba ip ni AP mr Anonymous? =p bastos talaga tsk tsk tsk kahit private blog binababoy mo mah man. ma hiya ka naman! ndi mo blog ito. tsk tsk tsk.
gandang hapon boss A .... maraming salamat po .. nasubok ko ren to dati p9 pero ki boss rey ko galing ung tut ... sana madagdag na to at ma permahan na p9 at p11 ... salamat po ulit ..
http://home2.paulschou.net/tools/xlate/
nahirapan ako pag intindi ...heheheh
i salute u!
yong p10 success na yong perma... p9 na lng ang next target
Post a Comment