PDA

View Full Version : Submenus and SIM Services menu



Ice Draagon
17-10-2004, 12:37 AM
Okey, so far we can change the root menu on our phone.

How about the submenus not extracted by the dump_menu script? I mean, in Messages/Inbox, that part has submenus the when you select the Read item, there's an Option selection that you select Erase, Edit, Reply, etc.

Can we make additional features to access those too?

And another: phones that support SIM Toolkit Applications have SIM Service menu. This in turn runs the menus stored on the SIM like Mobile Banking, Extra Inbox, Extra Phone Book, etc.

The idea is to only show the desired menus on the SIM service and "hide" the other non-essentials like Fun & Games, Psychic, etc.

This feature does not change the menus on the SIM but the idea is to make the phone only show the desired menus from the SIM.

Could this be done?


Thanks and more power!

danwood76
17-10-2004, 01:34 AM
Okey, so far we can change the root menu on our phone.

How about the submenus not extracted by the dump_menu script? I mean, in Messages/Inbox, that part has submenus the when you select the Read item, there's an Option selection that you select Erase, Edit, Reply, etc.

Can we make additional features to access those too?


This is possible and quite easy
These menus are the same style as g3n0lite :)

All you need to do is find a piece of text from that menu
(I found the menu you get when you are in call a while ago)
YOu need to find the hex address for that text and search it in the flash if youhit the right one you will find several menus all from that

you can then edit it to what you like
so you can put whatever you like there ;)

regards,
Danny

Ice Draagon
17-10-2004, 02:51 AM
Thanks danwood76. You're a great help. :D

kraze1984
19-10-2004, 01:00 PM
This is possible and quite easy
These menus are the same style as g3n0lite :)

All you need to do is find a piece of text from that menu
(I found the menu you get when you are in call a while ago)
YOu need to find the hex address for that text and search it in the flash if youhit the right one you will find several menus all from that

you can then edit it to what you like
so you can put whatever you like there ;)

regards,
Danny

I tried to change the menu Games, that is shown only with some old version of g3n0lite by joox, using your method. But even if i change the number of menu items in it (adding strings and changing the number in header) i always get 6 items, where the item #5 is not shown (3310 v 6.07). Are there any possibilities to bypass this problem? I would like to add 'Stones' item directly in this list.

dvirus666
19-10-2004, 04:18 PM
In the 3310 v 06.33 flash @ 0x00120EEC you will get this in g3nolite..

[0x00320E60] (0x06) (0xC0) (0x0101) [0x001114C6]
# --------------
[0x00000000] [0x00000000] [0x00000000] (0x0179) (0x00DC) (0x0000) (0x0065) (0x0000) (0x0024)
[0x00319447] [0x00000000] [0x00000000] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Snake II
[0x0031944A] [0x00000000] [0x00000001] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Space impact
[0x003193F0] [0x00000000] [0x00000002] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Bantumi
[0x0031942F] [0x00000000] [0x00000003] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Pairs II
[0x0031942F] [0x00000000] [0x00000004] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Pairs II
[0x00319423] [0x00000000] [0x00000000] (0x0179) (0x1162) (0x0000) (0x0052) (0x0000) (0x0024) Settings
# --------------

At the top change the 0x001114C6 to 0x00000000.
Delete one of the PAIRS II.
Change the menu count from 0x06 to 0x05
save changes.

You can now add stones to this menu like i done on mine..

[0x00396090] (0x06) (0xC0) (0x0101) [0x00000000]
# --------------
[0x00000000] [0x00000000] [0x00000000] (0x0179) (0x00DC) (0x0000) (0x0065) (0x0000) (0x0024)
[0x00319447] [0x00000000] [0x00000000] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Snake II
[0x0031944A] [0x00000000] [0x00000001] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Space impact
[0x00318D1E] [0x00000000] [0x000000C3] (0x0179) (0x05E0) (0x0000) (0x0052) (0x0000) (0x0024) Stones
[0x003193F0] [0x00000000] [0x00000002] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Bantumi
[0x0031942F] [0x00000000] [0x00000003] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Pairs II
[0x00319423] [0x00000000] [0x00000000] (0x0179) (0x1162) (0x0000) (0x0052) (0x0000) (0x0024) Settings
# --------------

Ice Draagon
20-10-2004, 09:22 AM
Okey, I found some submenus not extracted by dump_menu.nrx

But I can't find the INBOX (options) submenu of the 6150 with items Erase, Reply, Edit, Use Number, Forward, Print via IR, etc.


How about the menus on the SIM? Is it possible to make a patch that will only select certain menu items extracted from the SIM toolkit and display it on the phone?

danwood76
20-10-2004, 10:47 AM
How about the menus on the SIM? Is it possible to make a patch that will only select certain menu items extracted from the SIM toolkit and display it on the phone?

SIM menus are different as they are taken off the SIM card itself
I think it would be quite hard to decode that stuff

I will try to find you a messages menu
Give me a couple of days
(off topic I will look at power menu also)

regards,
Danny

Ice Draagon
20-10-2004, 12:49 PM
Thanks man. It already took me 4 days and 3 nights (until the wee hours in the morning) trying to find the stuff. Even using a hex editor combined with G3nolite and Nokix. :???:

danwood76
20-10-2004, 03:44 PM
Thanks man. It already took me 4 days and 3 nights (until the wee hours in the morning) trying to find the stuff. Even using a hex editor combined with G3nolite and Nokix. :???:

Hehe

I use a hex editor winarm and a few other tools like PPM manager to export text chunks

I found your menu
I think:
[0x002D8910] (0x07) (0x68) (0x0101) [0x00000000]
# --------------
[0x00000000] [0x00000000] [0x00000000] (0x012F) (0x00DC) (0x0000) (0x0000) (0x0000) (0x001A)
[0x002DCA1E] [0x00000000] [0x00000001] (0x012F) (0x0389) (0x0000) (0x0050) (0x0000) (0x001A) Edit
[0x002DCA21] [0x00000000] [0x00000002] (0x012F) (0x0389) (0x0000) (0x0050) (0x0000) (0x001A) Erase
[0x002DC78A] [0x00000000] [0x00000004] (0x012F) (0x0389) (0x0000) (0x0050) (0x0000) (0x001A) Copy
[0x002DCA0F] [0x00000000] [0x00000003] (0x012F) (0x0389) (0x0000) (0x0050) (0x0000) (0x001A) Caller groups
[0x002DC9A3] [0x00000000] [0x00000005] (0x012F) (0x0389) (0x0000) (0x0050) (0x0000) (0x001A) Send via IR
[0x002DC991] [0x00000000] [0x00000006] (0x012F) (0x0389) (0x0000) (0x0050) (0x0000) (0x001A) Print via IR
[0x002DC514] [0x00000000] [0x00000007] (0x012F) (0x0389) (0x0000) (0x0050) (0x0000) (0x001A) Send
# --------------

It is at offset 0x000D89D0

Enjoy ;)

regards,
Danny

Ice Draagon
21-10-2004, 12:58 AM
Nope, that's the <phonebook entry>/Detail/Options.

BTW in 6150, the pointer to Phonebook menu is at offset 0x000D0514. And at ffsets 0x000D7xxxx there's a lot of pointer to items under the LifeChart menu.

Strings like, Glossary Editor, Glucose, etc. I think Lifechart is a network provider service for diet/health conscious subscribers.

kraze1984
21-10-2004, 12:30 PM
In the 3310 v 06.33 flash @ 0x00120EEC you will get this in g3nolite..

[0x00320E60] (0x06) (0xC0) (0x0101) [0x001114C6]
# --------------
[0x00000000] [0x00000000] [0x00000000] (0x0179) (0x00DC) (0x0000) (0x0065) (0x0000) (0x0024)
[0x00319447] [0x00000000] [0x00000000] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Snake II
[0x0031944A] [0x00000000] [0x00000001] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Space impact
[0x003193F0] [0x00000000] [0x00000002] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Bantumi
[0x0031942F] [0x00000000] [0x00000003] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Pairs II
[0x0031942F] [0x00000000] [0x00000004] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Pairs II
[0x00319423] [0x00000000] [0x00000000] (0x0179) (0x1162) (0x0000) (0x0052) (0x0000) (0x0024) Settings
# --------------

At the top change the 0x001114C6 to 0x00000000.
Delete one of the PAIRS II.
Change the menu count from 0x06 to 0x05
save changes.

You can now add stones to this menu like i done on mine..

[0x00396090] (0x06) (0xC0) (0x0101) [0x00000000]
# --------------
[0x00000000] [0x00000000] [0x00000000] (0x0179) (0x00DC) (0x0000) (0x0065) (0x0000) (0x0024)
[0x00319447] [0x00000000] [0x00000000] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Snake II
[0x0031944A] [0x00000000] [0x00000001] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Space impact
[0x00318D1E] [0x00000000] [0x000000C3] (0x0179) (0x05E0) (0x0000) (0x0052) (0x0000) (0x0024) Stones
[0x003193F0] [0x00000000] [0x00000002] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Bantumi
[0x0031942F] [0x00000000] [0x00000003] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Pairs II
[0x00319423] [0x00000000] [0x00000000] (0x0179) (0x1162) (0x0000) (0x0052) (0x0000) (0x0024) Settings
# --------------

Thank you for advice!

grreetzzz

danwood76
22-10-2004, 12:41 AM
Here is a little patch I just created that will show most of the menu locations not dumped by nokix or g3n0lite

You can use it in dumper mode or in normal patch mode

Basically it dumps the locations of any menu headers it finds
it can dump a lot of menus but it does get all the standard ones I think

If you use this on new firmware types than 6210 please not that it may take a while to dump all the locations and it may appear to have crashed just leave it and it will locate them :)

About the SMS menu

I think this menu is slightly different from the rest as it is not actually called from another menu but from a function

You may need to find the function of that menu to change it

regards,
Danny

Ice Draagon
22-10-2004, 02:18 AM
Thanks again man.

Regarding SMS menu: Now I gave up looking for that. Anyway, my regards and more power.

ShadoW2004
22-10-2004, 02:22 PM
2 danwood76

I damped adresses from 3310v.6.07 with your script but genolite cant read it how to read menus from this adresses?

mestrini
22-10-2004, 03:47 PM
2 danwood76

I damped adresses from 3310v.6.07 with your script but genolite cant read it how to read menus from this adresses?


That's because genolite looks for the "normal" menu structure. If you check the box "Force Offset" you order genolite to bypass that restriction and it reads whatever address you give :D

and remember to subtract 200000h to the addresses given by Dan's patch ;)

you must try more before saying it's not possible or asking for help 8-)

ShadoW2004
24-10-2004, 06:02 AM
Thank you mestrini

ShadoW2004
27-11-2004, 08:28 PM
In the 3310 v 06.33 flash @ 0x00120EEC you will get this in g3nolite..

[0x00320E60] (0x06) (0xC0) (0x0101) [0x001114C6]
# --------------
[0x00000000] [0x00000000] [0x00000000] (0x0179) (0x00DC) (0x0000) (0x0065) (0x0000) (0x0024)
[0x00319447] [0x00000000] [0x00000000] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Snake II
[0x0031944A] [0x00000000] [0x00000001] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Space impact
[0x003193F0] [0x00000000] [0x00000002] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Bantumi
[0x0031942F] [0x00000000] [0x00000003] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Pairs II
[0x0031942F] [0x00000000] [0x00000004] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Pairs II
[0x00319423] [0x00000000] [0x00000000] (0x0179) (0x1162) (0x0000) (0x0052) (0x0000) (0x0024) Settings
# --------------

At the top change the 0x001114C6 to 0x00000000.
Delete one of the PAIRS II.
Change the menu count from 0x06 to 0x05
save changes.

You can now add stones to this menu like i done on mine..

[0x00396090] (0x06) (0xC0) (0x0101) [0x00000000]
# --------------
[0x00000000] [0x00000000] [0x00000000] (0x0179) (0x00DC) (0x0000) (0x0065) (0x0000) (0x0024)
[0x00319447] [0x00000000] [0x00000000] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Snake II
[0x0031944A] [0x00000000] [0x00000001] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Space impact
[0x00318D1E] [0x00000000] [0x000000C3] (0x0179) (0x05E0) (0x0000) (0x0052) (0x0000) (0x0024) Stones
[0x003193F0] [0x00000000] [0x00000002] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Bantumi
[0x0031942F] [0x00000000] [0x00000003] (0x0179) (0x1130) (0x0000) (0x0052) (0x0000) (0x0024) Pairs II
[0x00319423] [0x00000000] [0x00000000] (0x0179) (0x1162) (0x0000) (0x0052) (0x0000) (0x0024) Settings
# --------------


But how remove Stones from first patched menu (main) is not enable edit it after patching by NokiX ?

dvirus666
27-11-2004, 08:47 PM
But how remove Stones from first patched menu (main) is not enable edit it after patching by NokiX ?

Please explain whats the problem is. I did not understand what you said. Sorry.

Electronic79
27-11-2004, 08:57 PM
But how remove Stones from first patched menu (main) is not enable edit it after patching by NokiX ?
@ ShadoW2004

Try to do this:

1. Do not add Stones in the main_menu.txt file
2. Process the project with verbose level at least 1
3. Remember Stones 0x5E0 ID
4. Configure games menu with Stones in genolite.
ATTENTION!
In the first brackets of Stones string in the menu you have to point address of the unused string in text chunk. I use "Birthday" - It's address is [0x0031909F].
So it will be:
[0x0031909F] [0x00000000] [0x000000C3] (0x0179) (0x05E0) (0x0000) (0x0052) (0x0000) (0x0024) Birthday
Then using PPMMaker you have to change "Birthday" with "Stones" (this line is 262). Good luck!

mestrini
28-11-2004, 03:05 AM
u can use text entry number 13 of COMM lang since it's empty ;)

spaceimpact33
28-11-2004, 11:14 AM
when u run the stones.nrx it automaticaly add the text "Stones" to the ppm. all you need to do is add these lines to the stones.nrx just after:


/* add pointer to 5e0 functions table */
id=add_5e0_id(stones_handler,find_action(x2d(5eb),x2d(5eb)))
call value "arg/stones",id,pool
add these lines:


stid=create_string(getenv("text/stones"))
say "Stones Text id 0x00"d2x(stid)


once Processing is sucessfully complete processed look for
"Stones Text id" in the output
then just use that value in g3n0lite when u create ur menu

Spaceimpact33 ;)

ShadoW2004
28-11-2004, 07:29 PM
2 spaceimpact33

Thank You so BIG!!!

ShadoW2004
28-11-2004, 09:28 PM
Ok, I got it

# Processing: stones.nrx
Inserting...
Strings file: stones_ppm.txt
Stones Text id 0x003364F0
Access with 'stones' 5E0 ID
Done!

But where is 5e0 ID adress?

ShadoW2004
28-11-2004, 09:49 PM
Oh, no need answer :P

Just change this code:

say "Access with 'stones' 5E0 ID"

To:

say "Access with 'stones' 5E0 ID: 0x000000"d2x(id)

And you will see 5E0 ID of Stones!

If you need to see ID of text string and 5e0 ID like this:

# Processing: stones.nrx
Inserting...
Strings file: stones_ppm.txt
Stones Text id 0x003364F0
Access with 'stones' 5E0 ID: 0x000000C9
Done!

Just download changed file and rename it to stones.nrx