Thanks to FusioN and n0wheremany for this:
Sometimes our Motorola E398 dies in a very bad way - nothing helps. This can happen if you end up with damaged flash memory, where the firmware and all program memory are stored
After such crash in practice nothing can help at all - no forceboot, no testpoint, no existing known recovery method! And here comes one method, which can probably still be able to revive your phone, even with dead flash memory. We already have one successful revival using that..
Sympthoms:
- Ramldr shows errors like ERR Г
- MFF and PST cannot flash, they show errors.
We need the following:
- Phone corpse
- Full backup of the phone firmware
- Charged battery or at least USB charger
- Ramldr by Vilko
- Loader for Ramldr (ldr_*.bin)
- Hex editor (like XVI32)
- Good understanding and following the procedure below
What to do:
0. Test Point (it is not required)
1. Search for the broken cells
2. Making backup in peaces
3. Final stage of recovery
3a. Making our own ldr_part*.bin
3b. Recovery and obtaining working phone
0. Test point is alraedy discussed in the revival and survival. It is not required anyway.
1. Get ldr_*.bin, open it with Hex editor, "jump" (в XVI32 - [Ctrl]+[G]) to address F8 (that is the start of the flash memory), put value 10 00 00 00 (4 bytes)
Jump to address FC and put value 12 00 00 00
Save the file.
Connect the phone, go to bootloader and in ramldr click on send ramldr -> choose our new updated ldr_*.bin
When you see err: divide the region of the memory (10 00 00 00 - 12 00 00 00) in two equal length pieces and change the ldr_*.bin with the new values. Here is the example:
Region: 10 00 00 00 - 12 00 00 00
1 Piece: 10 00 00 00 - 10 FF FF FF
2 Piece: 11 00 00 00 - 12 00 00 00
And thus, it is possible to find the "broken addresses". It may be necessary to divide erroneous region to in half and pass regions many times..
From the phone with broken memory that we mentioned the region was: 10 F3 FF FF - 10 F6 00 00
2. As soon as we found the bad memory now it is time to make the backup
Hint: address 10 00 00 00 in the phone is addres 00 00 00 00 in the backup
Here is how you can do it:
Part 1 - from address 00 00 00 00 to the start address of the broken memory we will call it part1.bin
Part 2 - From the end address of the broken memory to address 02 00 00 00 (which is 12 00 00 00 in phone memory),
we will call it part2.bin
Hint: use the windows calculator to calculate the addresses in the "Scientific Mode" using Hex type
3. 3a. Now it is time for recovery. Prepare your ldr_*.bin files:
ldr_part1.bin
ldr_part2.bin
* They can be more in case you have more than 1 erroneous memory part
We need to change addresses now:
1). In ldr_part1.bin on address F8 write 10 00 00 00, and on address FC - the start address of erroneous memory part
2). In ldr_part2.bin on address F8 write the start address of the erroneous memory part and on FC write 12 00 00 00
3b. Start ramldr, connect our corpse and load it in bootloader mode, use "Send Ramldr" and choose ldr_part1.bin. Now choose "erase", you will see ACK ERASE, and select "base addr" as "10000000". Choose "send binary"
and send part1.bin. Restart the phone (you may need to remove the battery and start back in bootloader using the 4 and 5 pin method)
Do exactly the same with ldr_part2.bin/part2.bin.
Sometimes our Motorola E398 dies in a very bad way - nothing helps. This can happen if you end up with damaged flash memory, where the firmware and all program memory are stored
After such crash in practice nothing can help at all - no forceboot, no testpoint, no existing known recovery method! And here comes one method, which can probably still be able to revive your phone, even with dead flash memory. We already have one successful revival using that..
Sympthoms:
- Ramldr shows errors like ERR Г
- MFF and PST cannot flash, they show errors.
We need the following:
- Phone corpse
- Full backup of the phone firmware
- Charged battery or at least USB charger
- Ramldr by Vilko
- Loader for Ramldr (ldr_*.bin)
- Hex editor (like XVI32)
- Good understanding and following the procedure below
What to do:
0. Test Point (it is not required)
1. Search for the broken cells
2. Making backup in peaces
3. Final stage of recovery
3a. Making our own ldr_part*.bin
3b. Recovery and obtaining working phone
0. Test point is alraedy discussed in the revival and survival. It is not required anyway.
1. Get ldr_*.bin, open it with Hex editor, "jump" (в XVI32 - [Ctrl]+[G]) to address F8 (that is the start of the flash memory), put value 10 00 00 00 (4 bytes)
Jump to address FC and put value 12 00 00 00
Save the file.
Connect the phone, go to bootloader and in ramldr click on send ramldr -> choose our new updated ldr_*.bin
When you see err: divide the region of the memory (10 00 00 00 - 12 00 00 00) in two equal length pieces and change the ldr_*.bin with the new values. Here is the example:
Region: 10 00 00 00 - 12 00 00 00
1 Piece: 10 00 00 00 - 10 FF FF FF
2 Piece: 11 00 00 00 - 12 00 00 00
And thus, it is possible to find the "broken addresses". It may be necessary to divide erroneous region to in half and pass regions many times..
From the phone with broken memory that we mentioned the region was: 10 F3 FF FF - 10 F6 00 00
2. As soon as we found the bad memory now it is time to make the backup
Hint: address 10 00 00 00 in the phone is addres 00 00 00 00 in the backup
Here is how you can do it:
Part 1 - from address 00 00 00 00 to the start address of the broken memory we will call it part1.bin
Part 2 - From the end address of the broken memory to address 02 00 00 00 (which is 12 00 00 00 in phone memory),
we will call it part2.bin
Hint: use the windows calculator to calculate the addresses in the "Scientific Mode" using Hex type
3. 3a. Now it is time for recovery. Prepare your ldr_*.bin files:
ldr_part1.bin
ldr_part2.bin
* They can be more in case you have more than 1 erroneous memory part
We need to change addresses now:
1). In ldr_part1.bin on address F8 write 10 00 00 00, and on address FC - the start address of erroneous memory part
2). In ldr_part2.bin on address F8 write the start address of the erroneous memory part and on FC write 12 00 00 00
3b. Start ramldr, connect our corpse and load it in bootloader mode, use "Send Ramldr" and choose ldr_part1.bin. Now choose "erase", you will see ACK ERASE, and select "base addr" as "10000000". Choose "send binary"
and send part1.bin. Restart the phone (you may need to remove the battery and start back in bootloader using the 4 and 5 pin method)
Do exactly the same with ldr_part2.bin/part2.bin.
Now it is the tricky part - if the bad memory block is not critical for the phone system - your phone will work! Unfortunately if it is - it is time for you to buy a new phone :)
Tidak ada komentar:
Posting Komentar