jockyw2001
17th February 2008, 02:51 PM
Most of you know how to enter the "normal" SPL bootloader where the famous tri-color screen is shown on the device display: if the device is powered off you press and hold the camera button and then press power on.
What most of you don't know is that there is also a radio bootloader aka OEMSBL. The OEMSBL is loaded just before the SPL. Just like the SPL it supports a interactive command mode with various commands. The command set available depends on the security state of your device. The most interesting command available in both states is "radata" which is normally used to flash a new radio rom. Perhaps it can be used for unbricking purposes. I will continue to research this.
(EDIT: unfortunately to enter radio bootloader by keypressing only works on security unlocked devices)
To enter radiobootloader mode:
if the device is powered off you press and hold the camera button *and* the send button and then press power on.
If it is the first time you enter this mode Windows will prompy you to install 3 drivers: a modem and 2 COM ports (diagnostics and NMEA). Use the attched drivers from the Motorola Q (it also has a qualcomm MSM7200 chipset). Look in device manager on which COM port the diagnostics port driver sits (usually COM4 or COM5). Then start MTTY and connect to that COM port. The commands you type are not echoed on your PC screen.
On a standard device (not security unlocked) following commands are supported:
radata
powerdown
setboot
GO2AMSS
rseed
pmic_vib_off
pmic_vreg
pmic_level
pmic_vib_on
rpass
On a security unlocked device (see here (http://forum.xda-developers.com/showthread.php?t=361236)) there is much more:
For a help screen, use command ? or h
Available monitor commands are:
? [command]
h [command]
mb [StartAddr [Count [Filler]]]
mh [StartAddr [Count [Filler]]]
mw [StartAddr [Count [Filler]]]
setboot [0/1/2/3]
setatcmd [0:SIO/1:UART/2:USB/3:DPRAM]
setsmdloop [0:disable/1:enable]
setmpatch [0x1: CPU Freq/0x2: acoustic/0x4: simdoor/0x8: RTC]
setiot [0:Disable/1:Enable]
eraseall [erase all setting flags]
setdiag [0:USB/1:UART/2:DPRAM/3:SIO]
partition
checksum
format
setinfo
readadc
cego
setgpio
getgpio
gpio
version
powerdown
platformid
radata
showexplog [n]
usbdppulldown [n]
usbdmpulldown [n]
usbdppullup [n]
usbdmpullup [n]
Headsetpullhigh [n]
rfid
wpmic [PM_VREG] [0/1]
What most of you don't know is that there is also a radio bootloader aka OEMSBL. The OEMSBL is loaded just before the SPL. Just like the SPL it supports a interactive command mode with various commands. The command set available depends on the security state of your device. The most interesting command available in both states is "radata" which is normally used to flash a new radio rom. Perhaps it can be used for unbricking purposes. I will continue to research this.
(EDIT: unfortunately to enter radio bootloader by keypressing only works on security unlocked devices)
To enter radiobootloader mode:
if the device is powered off you press and hold the camera button *and* the send button and then press power on.
If it is the first time you enter this mode Windows will prompy you to install 3 drivers: a modem and 2 COM ports (diagnostics and NMEA). Use the attched drivers from the Motorola Q (it also has a qualcomm MSM7200 chipset). Look in device manager on which COM port the diagnostics port driver sits (usually COM4 or COM5). Then start MTTY and connect to that COM port. The commands you type are not echoed on your PC screen.
On a standard device (not security unlocked) following commands are supported:
radata
powerdown
setboot
GO2AMSS
rseed
pmic_vib_off
pmic_vreg
pmic_level
pmic_vib_on
rpass
On a security unlocked device (see here (http://forum.xda-developers.com/showthread.php?t=361236)) there is much more:
For a help screen, use command ? or h
Available monitor commands are:
? [command]
h [command]
mb [StartAddr [Count [Filler]]]
mh [StartAddr [Count [Filler]]]
mw [StartAddr [Count [Filler]]]
setboot [0/1/2/3]
setatcmd [0:SIO/1:UART/2:USB/3:DPRAM]
setsmdloop [0:disable/1:enable]
setmpatch [0x1: CPU Freq/0x2: acoustic/0x4: simdoor/0x8: RTC]
setiot [0:Disable/1:Enable]
eraseall [erase all setting flags]
setdiag [0:USB/1:UART/2:DPRAM/3:SIO]
partition
checksum
format
setinfo
readadc
cego
setgpio
getgpio
gpio
version
powerdown
platformid
radata
showexplog [n]
usbdppulldown [n]
usbdmpulldown [n]
usbdppullup [n]
usbdmpullup [n]
Headsetpullhigh [n]
rfid
wpmic [PM_VREG] [0/1]