Tag Archives: Boot Files

RIFF JTAG – eMMC Partition Table FullFlash Image Files Processing Plugin (eMMCDiskPartitions.dll) v2.00

Posted on by

23.11.2012   RIFF JTAG – eMMC Partition Table FullFlash Image Files Processing Plugin (eMMCDiskPartitions.dll) v2.00

This plugin is a powerfull tool which enormously simplifies resurrection process (providing you have the required boot files from an official firmware or you have a ‘donor’ device) for those devices which are not yet supported by a dedicated resurrector DLL.

This plugin works with eMMC image files and phones which have following formatting:

  •  Image Files or Phones with Standard Master Boot Record (MBR) and Extended Boot Record (EBR) formatting. Most of eMMC-bootable mobile phones have their eMMC memory formatted in such style. In this case partitions are accessed in standard way, by Partition ID: for example boot loader partitions or OS image partition (compare with qualcomm MIBIB partitioning: while ‘MIBIB’-type partitions have standalone partition descriptor block which contains info on all partitions and is posistioned in a definite NAND address, the eMMC partitioning is one MBR sector at fixed position + a chain of EBR sectors which are scattered throughout the eMMC address space in a literally random way);
  •  Image Files or Phones which do not have standard Master Boot Record (MBR) and Extended Boot Record (EBR) formatting, but instead, partition information for such phones is taken from the PIT Table (some Samsung phones);
  •  Image Files or Phones which do not have standard Master Boot Record (MBR) and Extended Boot Record (EBR) formatting, but instead, partition information for such phones is taken from the EFI Table (some Samsung, LG, Pantech and other phones).

Please note, in previous versions this plugin worked only with devices from topic #1, while #2 was supported by different plugin. Now everything is combined in this plugin (as well as EFI support added), and other eMMC plugin (PIT-Based) become obsolete, and no longer will be supported.

With the help of this plugin you can do:

  •  Disassemble a full (or, since eMMC full image files are too large, a partial) eMMC Image File previously obtained with JTAG Manager (DCC Read/Write Page);
  •  Inspect each partition contents;
  •  Save separate partitions to HDD;
  •  Save all partitions as standalone files to HDD;
  •  Build-up your own full image file: for this you need to read from device (by clicking “Load Image from Device” button) or open from file (by clicking “Load Image from File” button) the eMMC partitioning data and then by selecting desired partitions click “Inject Into Partition” button to upload data from file into selected partition. Then you can save all full image file to HDD or flash injected partitions directly into device;
  •  Write a chosen partition directly into device;
  •  Read a chosen partition directly from device and substitute old partition contents to new ones;
  •  Create eMMC partitioning snapshot (that is storing info on full EBR chain: each EBR sector position).
  •  Restore eMMC partitioning from previously taken file: it is convenient if eMMC memory is erased and all formatting data is lost.
  •  Plugin supports new RIFF™ shrinked binary files format (*.riffpbin): which allows to shrink huge eMMC Image files into small sized-files (for example, Image File for 14GB empty eMMC chip is shrinked into ~10 KByte(!) size), thus HDD space is preserved, while performance is not visibly effected.

Please note, direct read/write operations from/to the device will require proper resurrector to be set (Resurrector Settings: thus before clicking the Activate Plugin button make sure proper model is selected as well as other settings like TCK/RTCK frequencies).

This plugin will support all possible devices, based either on Samsung Exynos or Qualcomm cores with eMMC memory as boot device.

Please visit RIFF Box FAQ page for detailed instructions !

Sample partition layout from Pantech Sky IM A850L boot repair pack, based on QUALCOMM APQ8064:
.

RIFF JTAG – HTC Flyer WiFi (PG41400) Unbrick, S-off, CID update supported

Posted on by

RIFF JTAG – HTC Flyer WiFi (PG41400) Unbrick, S-off, CID update supported

Repairing bricked HTC Flyer WiFi (PG41400) is easy with the RIFF Box. Phone is auto powered on with USB Data Cable connected to the PC while battery is connected. Please note, battery presense is required.
Some (or all) revisions of HTC Flyer boards have JTAG interface disabled (that is enable MARM JTAG Fuse is blown in the MSM8255 chip). In this case the JTAG may be enabled only by firmware itself. This is done by the DBL loader, so writing to DBL area is artificially disabled in the DCC Loader code. DCC Loader will discard all flashing attempts into DBL zone and will respond with success code as if flashing succeeded. In this way DBL zone is protected while user still can flash full image files seamlessly.
Resurrector will reflash radio’s boot zone (except DBL area) and will re-write PDA’s SPL to 1.11.0011 version. Additionally to SPL and Radio zones, the zone which contains Model ID is re-flashed too. Thus after resurrection phone will have Model ID = ‘PG4140000’.
There is option to reflash android BOOT and RECOVERY zones. Recovery zone is flashed with ClockworkMod Recovery 4.0.1.4. In addition, you can set S-OFF (unlock HBOOT so you will be able to flash any ROM) by selecting S-OFF HBOOT version in the resurrector settings.
Sometimes (for example after rooting attempts) phone has a modified DBL loader (which may not accept official HTC boot files). To restore phone functionality you need to reflash DBL loader. There is option to reflash DBL code (DBL area will be temporary unlocked for reflashing). But please note, reflashing DBL area is very dangerous, since in case flashing stops in the middle, you will have briked phone with permanently disabled JTAG interface.
Please note, if your phone has the DBL loader damaged and MCU has JTAG FUSE blown then there is no way to resurrect your phone via JTAG interface.

To resurrect HTC Flyer WiFi:

  •  Solder JTAG cable to HTC Flyer JTAG pads;
  •  Insert battery and connect USB Data cable;
  •  Make sure HTC Flyer (PG41400) is selected in the list of models;
  •  If you use only battery, press Power On key;
  •  Click Resurrect button;
  •  Wait till software signals a successful operation completion;
  •  Disconnect power supply, de-solder JTAG wires;


 Now phone is in bootable condition, that is, even if it does not start up normally you can flash it using known flashing methods. You can use CWM recovery to flash any ZIP file – for this during resurrection add BOOT & RECOVERY zones to be resurrected too.

To enter download mode:

  •  Disconnect PC cable;
  •  Insert battery;
  •  Hold ‘Volume Down’ key and press ‘Power ON’ button.

.

RIFF JTAG – HTC Flyer (PG41100) Unbrick, Unlock, IMEI, S-off, update supported

Posted on by

06.04.2012  RIFF JTAG – HTC Flyer (PG41100) Unbrick, Unlock, IMEI, S-off, update supported

Repairing bricked HTC Flyer (PG41100) is easy with the RIFF Box. Phone is auto powered on with USB Data Cable connected to the PC while battery is connected. Please note, battery presense is required.
Some (or all) revisions of HTC Flyer boards have JTAG interface disabled (that is enable MARM JTAG Fuse is blown in the MSM8255 chip). In this case the JTAG may be enabled only by firmware itself. This is done by the DBL loader, so writing to DBL area is artificially disabled in the DCC Loader code. DCC Loader will discard all flashing attempts into DBL zone and will respond with success code as if flashing succeeded. In this way DBL zone is protected while user still can flash full image files seamlessly.
Resurrector will reflash radio’s boot zone (except DBL area) and will re-write PDA’s SPL to 1.11.0003 version. Additionally to SPL and Radio zones, the zone which contains Model ID is re-flashed too. Thus after resurrection phone will have Model ID = ‘PG4110000’.
There is option to reflash android BOOT and RECOVERY zones. Recovery zone is flashed with ClockworkMod Recovery 4.0.1.4. In addition, you can set S-OFF (unlock HBOOT so you will be able to flash any ROM) by clicking “Make S-OFF” checkbox in the resurrector settings.
Sometimes (for example after rooting attempts) phone has a modified DBL loader (which may not accept official HTC boot files). To restore phone functionality you need to reflash DBL loader. There is option to reflash DBL code (DBL area will be temporary unlocked for reflashing). But please note, reflashing DBL area is very dangerous, since in case flashing stops in the middle, you will have briked phone with permanently disabled JTAG interface.
Please note, if your phone has the DBL loader damaged and MCU has JTAG FUSE blown then there is no way to resurrect your phone via JTAG interface.

To resurrect HTC Flyer:

  •  Solder JTAG cable to HTC Flyer JTAG pads;
  •  Insert battery and connect USB Data cable;
  •  Make sure HTC Flyer is selected in the list of models;
  •  If you use only battery, press Power On key;
  •  Click Resurrect button;
  •  Wait till software signals a successful operation completion;
  •  Disconnect power supply, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally you can flash it using known flashing methods. You can use CWM recovery to flash any ZIP file – for this during resurrection add BOOT & RECOVERY zones to be resurrected too.
.

RIFF JTAG – eMMC Partition Plugin v1.0 (Qualcomm EBR-MBR based eMMC flash images processing)

Posted on by

RIFF JTAG – eMMC Partition Plugin v1.0 (Qualcomm EBR-MBR based eMMC flash images processing)

This plugin works with eMMC image files which have standard Master Boot Record (MBR) and Extended Boot Record (EBR) formatting. Most of eMMC-bootable mobile phones have their eMMC memory formatted in such style. In this case partitions are accessed in standard way, by Partition ID: for example boot loader partitions or OS image partition (compare with qualcomm MIBIB partitioning: while ‘MIBIB’-type partitions have standalone partition descriptor block which contains info on all partitions and is posistioned in a definite NAND address, the eMMC partitioning is one MBR sector at fixed position + a chain of EBR sectors which are scattered throughout the eMMC address space in a literally random way).
This plugin is a powerfull tool which enormously simplifies resurrection process (providing you have the required boot files from an official firmware or you have a ‘donor’ device) for those devices which are not yet supported by a dedicated resurrector DLL.
Please note, such phones as Samsung Exynos MCU based pohones (for example I9100, P6200, P6800, N7000, I9220 and etc), though have eMMC chip, are not partitioned in MBR way and thus are not the subject for the current plugin. These phones are to be processed by different plugin.

With the help of this plugin you can do:

  •  Disassemble a full (or, since eMMC full image files are too large, a partial) eMMC Image File previously obtained with JTAG Manager (DCC Read/Write Page);
  •  Inspect each partition contents;
  •  Save separate partitions to HDD;
  •  Save all partitions as standalone files to HDD;
  •  Build-up your own full image file: for this you need to read from device (by clicking “Load Image from Device” button) or open from file (by clicking “Load Image from File” button) the eMMC partitioning data and then by selecting desired partitions click “Inject Into Partition” button to upload data from file into selected partition. Then you can save all full image file to HDD or flash injected partitions directly into device;
  •  Write a chosen partition directly into device;
  •  Read a chosen partition directly from device and substitute old partition contents to new ones;
  •  Create eMMC partitioning snapshot (that is storing info on full EBR chain: each EBR sector position).
  •  Restore eMMC partitioning from previously taken file: it is convenient if eMMC memory is erased and all formatting data is lost.
  •  Plugin supports new RIFF™ shrinked binary files format (*.riffpbin): which allows to shrink huge eMMC Image files into small sized-files (for example, Image File for 14GB empty eMMC chip is shrinked into ~10 KByte(!) size), thus HDD space is preserved, while performance is not visibly effected.

Please note, direct read/write operations from/to the device will require proper resurrector to be set (Resurrector Settings: thus before clicking the Activate Plugin button make sure proper model is selected as well as other settings like TCK/RTCK frequencies).
.

RIFF JTAG – CDMA Update – 3 New models supported

Posted on by

24.11.2010  CDMA Update – 3 New models supported

  • LG RD3540
  • LG RD3610
  • LG RD6100

Please start JTAG Manager and click “Check for Updates” button. You’ll be notified about new DLL, download it and restart the software.
There is 3 new DLL-s for LG CDMA models, containing pinout, boot files and firmware parts for listed models.

RIFF JTAG – CDMA Update – 4 new LG CDMA Models supported

Posted on by

23.11.2010  CDMA  Update –  4 new LG CDMA Models supported

  • LG RD3000
  • LG RD3100
  • LG RD3500
  • LG RD3510

Please start JTAG Manager and click “Check for Updates” button. You’ll be notified about new DLL, download it and restart the software.
There is 4 new DLL-s for LG CDMA models, containing pinout, boot files and firmware parts for listed models.

RIFF JTAG – Samsung WAVE S8500 Unbrick/Repair beta support

Posted on by

31.08.2010 Samsung WAVE S8500 Unbrick/Repair boot beta support

This is beta test, and it is not available trough “Check for updates” button.


What You need to repair it ?

– RIFF Box
– Micro USB Cable
– Full charged battery (4.2v)
CMM + ELF
Samsung_S8500_PDA.dll
Pinout
– Multiloader
– USB Drivers
– Firmware files

Procedure:

– Solder RIFF JTAG cable (use very thin wires for PCB, because of battery)
– Insert battery
– Connect Micro USB cable to phone and PC port
– Start the JTAG Manager and select Samsung S8500 PDA from the list
– Switch to “DCC Read/Write” TAB
– Set everything as on photo bellow:

– Press “Read memory” and wait to be finished
– Now switch to “JTAG Read/Write” TAB and press “Connect&Get ID” then “Halt the Target” buttons
– Click “Execute Script” and select CMM file
– Press “Run Script” button

– Ram loader will be uploaded and after its uploaded, phone will automaticaly enter download mode, and detected by PC
– IMPORTANT ! ! ! Now You must disconnect JTAG Cable from RIFF Box
– Start Multiloader 5.62, set “Boot change” and select Boot files folder
– Press download – and wait for process to be finished
– Now phone contains valid bootloader, and can be flashed, so You can desolder JTAG wires from PCB

To enter download mode hold LOCK+Volume Down + Power on Keys.

Problems which You may have:

– Target not detected – check all wires and tp, check battery, 4.2v is a MUST !
– Wrong DCC answer – low battery, or TCK too high, You can use 100KHz TCK too !
– “It not work” – no idea about this lol