Do we know what commands does the bootloader accept through mtty?
If we find all of them and what each one does, couldn't we be able to revive a bricked device using mtty? <=The main idea belongs to htctouchp;)
Here is a list of possible commands(we will have to see which are real commands):
Command "Usage" Parameters
1.ESetDsbDBGMSGT

2.ClearDBGMSG

3.ReadExtROM

4.WLANReset

5.SDSelect

6.emapiCountryID

7.emapiINIT

8.emapiWlanMac

9.emapiPwrDwn

10.emapiRead

11.emapiTest

12.emapi

13.getdevinfo

14.ruustart

15.ruurun

16.progress

17.wdata

18.password

19.set

20.SetDebugMethod

21.checksum

22.ResetDevice

23.BTRouting

24.task "Unknown command"

25.lnbs

26.ls

wow!!! another great thread brother ;).i really hope that some expert can guide us here.
u have not mentioned the 'task' command here. i was also sure that this command didnt exist for elf/elfins. but today i used snoopypro while flashing a ROM and what i saw was 'task 28' when the ruu was just about to finish. after seeing that, i'm confused a bit :D

PS: this might be useful a bit:
http://wiki.xda-developers.com/index.php?pagename=Hermes_BootLoader

Very nice....

task command does not work for me...

you may want to add "lnbs"

wow!!! another great thread brother .i really hope that some expert can guide us here.
u have not mentioned the 'task' command here. i was also sure that this command didnt exist for elf/elfins. but today i used snoopypro while flashing a ROM and what i saw was 'task 28' when the ruu was just about to finish. after seeing that, i'm confused a bit :D

PS: this might be useful a bit:
http://wiki.xda-developers.com/index.php?pagename=Hermes_BootLoader

:eek: :eek: what is that snoopypro? u can actually see what is being flashed on the device?

hey great going guys. these threads are gonna be rocking helpful for everyone. spl thnx to htctouchp for initiating this idea :)

is this (http://forum.xda-developers.com/showthread.php?t=379318) something similar?

:eek: :eek: what is that snoopypro? u can actually see what is being flashed on the device?

hey great going guys. these threads are gonna be rocking helpful for everyone. spl thnx to htctouchp for initiating this idea :)

is this (http://forum.xda-developers.com/showthread.php?t=379318) something similar?
snoopy pro is just a usb port sniffer, it will record everything that passes a port. u cant actually see the flashing data, but u can make a log file out of it and after the flashing is over, u can analyze that log file. that post which u've given as reference, does the same thing. it records the session (usblog data) using snoopypro which later on u can open in hex editor. just try it out while flashing a ROM, and analyze the log later on. may be u can also find something useful ;)

Hey guys!
Has anyone used the ls command?
Is it used like:
>ls
or
>ls c:\dump.nb
or
>ls \"Storage Card"\dump.nb
I tried the first one and waited,waited,waited...but (1)I got bored and (2)nothing was really downloaded to my pc so aborted:o You can see what mtty shows right below:
Cmd>ls
clean up the image temp buffer at 0x8C100000 Length 0x03A00000
BOOTLOAD_PAGE_TABLE_BASE_C_VIRTUAL= 0x8C080000
Clear image temp buffer done .
MTTYDownloadImage
start download

*Edit1:I'm asking for this command because I think it's a way to dump your rom(IPL,SPL,OS,etc.)
*Edit2:I found this nice tool (http://forum.xda-developers.com/showthread.php?t=285003), but it seems it doesn't work for my phone!Could anyone give it a try too and confirm?

Reading through an SPL.nbh file with a hex editor yielded the following known commands (as listed in the first post here):

SetDsbDBGMSGT
ClearDBGMSG
ReadExtROM
WLANReset
SDSelect
emapiCountryID
emapiInit
emapiWlanMac
emapiPwrDwn
emapiRead
emapiTest
emapi
getdevinfo
ruustart
ruurun
progress
wdata
password
set
SetDebugMethod
checksum
ResetDevice
BTRouting
lnbs
ls

Attached is a text file with a copy/paste of the results from issueing these commands in MTTY.

From what I can figure out you can load an NB or NBH file using lnbs or ls, BUT only ony a Super-CID or CID-unlocked device otherwise you get an error


Not allow operation!
Error : DownloadImage return error (code = 0xFFFFFFFF)


So, bootloader commands issued through MTTY can be ery usefull for retrieving your Device ID and Model ID, and once CID unlocked you could load an image through MTTY instead of using RUUloader etc, but it looks tricky to figure out how to get things working for a CID-locked/bricked device.

Logic would indicate that somewhere in the NBH file would be a checksum relating to the Vendor-ID and/or Device-ID, having an NBH file where the ID and checksum don'y match would result in the 270 error - corrupt image (one could assume).

So, the big question in my mind at the moment is "How can one figure out where the checksum is in the NBH file". If we can figure out the address of where it resides, we could maybe use the checksum command to pull that info back? Then theoretically, to fix a bricked device all we would need to do would be hex-edit the NBH file to replace the vendor-ID and checksum with the correct one for the particular bricked device?

Thoughts/comments from any of our resident experts in USPL etc would be greatly appreciated!

Craig

good effort Craig :)
but how to revive an Elf(in) stuck in bootloader is still a mystery for most of us. lets hope for the best that someone out of us can unfold this mystery someday :)

Does anybody knows more comands Im searching for a hardreset via MTTY or a Cleaning DOC leaving behind the task 28 cuase in cmd> dont works... only in usb> i used it just once in a G3 HTCwizard then i cant do it anymore.

Maybe "format" command before the CMD>

Do we know what commands does the bootloader accept through mtty?
If we find all of them and what each one does, couldn't we be able to revive a bricked device using mtty? <=The main idea belongs to htctouchp;)
Here is a list of possible commands(we will have to see which are real commands):
Command "Usage" Parameters
1.ESetDsbDBGMSGT

2.ClearDBGMSG

3.ReadExtROM

4.WLANReset

5.SDSelect

6.emapiCountryID

7.emapiINIT

8.emapiWlanMac

9.emapiPwrDwn

10.emapiRead

11.emapiTest

12.emapi

13.getdevinfo

14.ruustart

15.ruurun

16.progress

17.wdata

18.password

19.set

20.SetDebugMethod

21.checksum

22.ResetDevice

23.BTRouting

24.task "Unknown command"

25.lnbs

26.ls





Hi do you know a command for unlock the CID, because i tried to flash my phone P3300 an his broken, I can enter only in bootloader, every time when I try to intall a rom shows me error 300, so I think I didn't unlock the CID first time! Thank you and sorry for my english

Hi

You mention your device is P3300, this forum is about the Elf/in P3450 and P3452. No surprise it doesn't work ;)...

Use this link http://forum.xda-developers.com/forumdisplay.php?f=316 :)