PDA

View Full Version : Why is a fls 4 megs, when a MCU+PPM 3.5 megs?



bobl
24-07-2003, 05:26 PM
I'm sorry, I didn't know really what to search for, if someone can suggest something that heralds useful results I'd be greatful.

However, my question as in the subject...:)

I downloaded ASGAARD(3410) V05.30.fls ...A modded 5.30 fls by Asgaardo, which is 4 megs.

I then downloaded a 3410 5.30 MCU + PPM and their total size is 3.5 megs.

I then converted it to fls with nat con, and obviously the fls was still 3.5 megs...What has Asgaardo done?

And on the subject of flashing, does anyone got anything to say about Knok 2k3 and Knok 95...I can't search on the subject cause 2k3 and 95 are both shorter than four chars...:(

Cheers, sorry for the flood of questions :(

Bob

jeep
24-07-2003, 06:00 PM
What he's done is to distribute a full backup, instead of MCU+PPM. I noticed this on the 3310 mod he did too.

There are 4 parts to a full flash.... MCU, PPM, PMM and EEPROM. Everyone knows MCU and PPM, but forget the others. PMM is the bit that stores your customised ringtones, java midlets, phonebook (if you don't use the sim memory), custom dictionary, call register etc., and the EEPROM has the phone's settings (IMEI, snake high score amongst other things)

I'll give a lot more information on PMM shortly, see my other post :)

For 3410.....


MCU 00200000 - 004CFFFF (2.8M)
PPM 004D0000 - 0056FFFF (640k)
PMM 00570000 - 005FDFFF (568k)
EEPROM 005FE000 - 005FFFFF (8k)Total memory in phone = 4M.


(Actually, the EEPROM part moves around sometimes - but it's easier to show it at the end)


Just use a hex editor and chop the PMM/EEPROM bit off before killing the checks and flashing it :)

No comment on Knok2k3 - I've only used Knok95.


George

bobl
24-07-2003, 06:06 PM
Ah, thank you :)

But of course if it's a modded flash it'll just have DEADFA1D already applied ;), so just set the FAID as normal I guess...and set the IMEI? :(

No thanks, I'll just combine a MCU+PPM+Nfade with deadfaid applied.

I also hexedited the last 8 bytes of the flash, so that the last twelve read DEADDEADFA1D

Apparantly that's good practise...apparantly

I guess I'll just upload that fls with Knok...between 00200000 - 00570000

Or 56FFFFF

:)

Cheers mate

Bob

jeep
24-07-2003, 06:39 PM
I've just downloaded that file to have a proper look.... :)

MCU checksum 1 is DEAD = ok - killed as well :)
MCU checksum 2 is FFFF = oops.
Flash checksum is FFFFFFFF = oops as well?

The DEAD DEADFA1D bit is these last two checksums - that should be offset 36FFFA...

I can see the MCU check has been disabled, but I don't know how the FAID one works exactly. As you saw, DEAD DEADFA1D is definitely missing, so use g3n0lite or similar to kill everything and be sure :D

I think you're ready for the cable arriving now!


George

pico
24-07-2003, 06:51 PM
I can't search on the subject cause 2k3 and 95 are both shorter than four chars...

just add "*" to end of your query.. :)

bobl
24-07-2003, 07:11 PM
duh....I'm stupid aren't I :(

"knok*2k3" and "knok*95"

:)

I just will wait till my cables arrives, take a fubu and hope for the best :)

Cheers all

Bob

pico
24-07-2003, 08:19 PM
duh....I'm stupid aren't I

no one says that.. just a tip :)
usefull for other boards too
not that too many people like to search in these times:D

NokDoc
26-07-2003, 03:44 AM
Hi,

Mr. Jeep,

>> As you saw, DEAD DEADFA1D is definitely missing.

Just for Ur information, those values not necessarily has to be there, in end of ppm after a DeadMcu/Faid patch.

Pure cosmetic.

The old mcuchk2 location is rerouted to mcuchk1 loc (at 22h), and the flash check value has sort of been replaced by an imaginary value.

Also, the DEAD value for mcuchk1 is free of choice.

Since actually that value is the result of it's own sum, which made it Dead.

Off topic:

I prove Mr. Pico's milk theory is wrong. ;)

NokDoc

jeep
26-07-2003, 06:53 AM
Thanks for the info, NokDoc.

I'd figured out the 0x0024-29 hack for MCU #1 (very neat), but haven't looked into the end of PPM checks.


George

bobl
26-07-2003, 09:28 AM
I see...Let's go back to Newbie level :), I am still confused :P

Let's consider a 3310. Those flashes can be deadfaided...so while testing I could flash to my hearts content and never have to use an Mbus cable.

When I set the faid the first time, I've set it to DEADFA1D...so the checksum always comes up correctly.

I believe I can then upload a normal backup (w/out Deadfaid) and then set the faid correctly on a 3310.

But I can't do this on a 3410? Once I start using deadfaid I cannot go back. I don't really understand why I can't set the faid correctly and go back to my original backup.

Could someone whack some sense into me :)?

Cheers

Bob

NokDoc
26-07-2003, 11:58 AM
Hi,

>> Once I start using deadfaid I cannot go back.

I not understand why go back, since I never done that before myself.

DeadFaid is only size of flash depending, so once a phone is patched, it will accept every new mcu/ppm version, as long as that is patched too.

In theory, a 8210 DeadFaid file would be faid accepted when it is flashed into a 3310.

If only the software would run then, but that's another cause.

Ur problem might be that U use a file with a bad flash check calc.
(those last 4 bytes in ppm)

For unpatched files, that value is used for the calc of the faid number.

There is no tool known, that can recalc the good required value.

Though they do calc 'a' number, which in the end also lead U to a wrong faid calc too.

So only precalculated factory files would work.

That's all I can think of.

NokDoc

pico
26-07-2003, 12:13 PM
hi nokdoc
i drink milk also, but the quote is fun for me :)