Hello,

I've been researching the Hermes BootLoader, the ROM Upgrade Utility issues a "info 3" command and gets some data and a checksum. This data is then used by the RUU to generate a dynamic password, then the RUU issues the command "password XXXX" and starts the upgrade process.

As this password is dynamic, you can't access the BootLoader in "privileged?" mode, but I don't know which bootloader commands are privileged.

I researched this because without password you cannot use command "d2s" or "s2d" to make ROM backups to SD, but after discovering how to access the bootloader with the correct password it is also not possible to issue these commands :(

BTW, in the attached file is described the method I used to access the bootloader with correct password. If someone could provide more information on the Hermes Bootloader, please reply to this topic or write a wiki article!

Enjoy! :D

I've written a page on the wiki with information on the Hermes Bootloader, if you find anything incorrect or missing feel free to edit ;)

http://wiki.xda-developers.com/index.php?pagename=Hermes_BootLoader

Algoritm hax0r3d ;)
http://forum.xda-developers.com/viewtopic.php?p=351363#351363

LOL! Thanks, will try that with the Hermes when I'm back home :)

LOL! Thanks, will try that with the Hermes when I'm back home :)

I tried it with the data on the wiki, and it produced the same password, so it's likely to work ;)
If you want me to send the program I used for debugging, send me a PM with your email/IM address and I'll contact you :)

okay I think i am going to have to send my tytn back. After loading my TYTN in bootloader I did and info 8 and got the current print out. I think that it is tell me that my extended ROM is shot. Does any one know what this means? and can you tell me how to re-format my extended ROM?
I was going to post the results but made the post to long. the results are in the attached text file and help greatly appreciated
[/code]

Tried the algorithms on the Hermes and the bootloader password and radio-password were deciphered correctly :) Thanks TheBlasphemer!! :D

Full usb log here (http://forum.xda-developers.com/download.php?id=14306) (zipped text file).

@LuckyBos: this thread is for discussing bootloader password, if you want to ask other questions about the bootloader not related to passwords please post a new topic. Btw, try to flash a new rom and see if info 8 still shows the errors, if it does post a new topic about it ;)

where is the posix password generator? :D

This method will not work on bricked hermes caused by telstra wm6 because non of the WM5 shipped roms would work on these bricked hermese. considering this issue that ROMUpgradeUT.exe only appears to be inside of the WM5 Roms and not in the wm6 shipped roms and ROMUpgrade.exe cannot connect to these bricked hermese that was caused by wm6 ROMs.

does it mean that we can flash a rom to our bricked phone under wm5?