5,605,373 Members 39,615 Now Online
XDA Developers Android and Mobile Development Forum

[release] JumpSPL v1.0, or how-to CID unlock ANY device!

Tip us?
 
pof
Old
(Last edited by pof; 6th October 2007 at 02:41 AM.)
#1  
pof's Avatar
Retired Moderator - OP
Thanks Meter 59
Posts: 3,564
Join Date: Mar 2005
Location: Barcelona

 
DONATE TO ME
Default [release] JumpSPL v1.0, or how-to CID unlock ANY device!

JumpSPL is a WinCE application that allows to place a custom file on device's RAM memory and execute the arbitrary code contained on it by jumping into its physical memory address.

This method is tipically used to load a patched bootloader in RAM and execute it, so with JumpSPL you can potentially bypass any bootloader protections put by the manufacturer on a Windows Mobile based device, but you have to patch the bootloader yourself.

I'll be updating comment #2 with links to patched SPLs and future projects using JumpSPL, if you use JumpSPL in your project please post a comment or PM me.

JumpSPL should work on any WinCE device (not necessarily manufactured by HTC), although I have only tested it on HTC devices.

For more details and usage instructions please see the included README file.

DONATIONS:


Your donations are a strong incentive to continue research on new devices, if you find JumpSPL useful please cosider making a PayPal donation. Any donation amount is greatly appreciated
Attached Files
File Type: zip JumpSPLv1.zip - [Click for QR Code] (8.7 KB, 20018 views)
 
pof
Old
(Last edited by pof; 6th October 2007 at 05:07 AM.)
#2  
pof's Avatar
Retired Moderator - OP
Thanks Meter 59
Posts: 3,564
Join Date: Mar 2005
Location: Barcelona

 
DONATE TO ME
Default Patched SPLs

Notes on patching & testing custom SPLs:
  • Disassemble the SPL using radare (free) or IDA Pro (commercial).
  • You need to press the bootloader buttons after loading your custom SPL with JumpSPL, otherwise device will reboot. You can also patch the SPL to enter bootloader mode automatically, so you don't have to press the buttons.
  • Some devices require that you unplug and re-plug the USB cable after the SPL has been loaded.
  • On some devices (TI OMAP) you'll see a white screen instead of the usual tri-color screen, don't worry about that, you're in bootloader mode.
  • Use patched SPLs with caution, try to flash splash screens to do the initial tests and avoid bricking your device.
  • To know the jump address you can use itsutils 'pmemdump -p' and try to find a copy of the SPL in memory. You can find the virtual address with dumpromx.exe.

Projects using JumpSPL:
Attached SPL patches:
  • Kaiser Jump address is 0x00000000
  • Artemis & Herald Jump address is 0x10000000
Attached Files
File Type: zip herald_JumpSPL_pof_v1.zip - [Click for QR Code] (222.5 KB, 2526 views)
File Type: zip artemis_jumpSPL_pof_v1.zip - [Click for QR Code] (213.8 KB, 2177 views)
File Type: zip kaiser_JumpSPL_pof_v1.zip - [Click for QR Code] (101.1 KB, 4891 views)
 
Mi|enko
Old
#3  
Mi|enko's Avatar
Senior Member
Thanks Meter 80
Posts: 1,372
Join Date: Jul 2006
Dude. If you can get this to work on the T-Mobile Wing, you will be my own personal hero. :)
 
pof
Old
#4  
pof's Avatar
Retired Moderator - OP
Thanks Meter 59
Posts: 3,564
Join Date: Mar 2005
Location: Barcelona

 
DONATE TO ME
@Mi|enko: Patched SPL for T-Mobile Wing (Herald) attached to comment #2
 
kalavera
Old
#5  
Member
Thanks Meter 2
Posts: 39
Join Date: Mar 2006
So ... its possible this way to CID unlock a Prophet G4 ? Can you make a version for prophet?
 
pof
Old
#6  
pof's Avatar
Retired Moderator - OP
Thanks Meter 59
Posts: 3,564
Join Date: Mar 2005
Location: Barcelona

 
DONATE TO ME
@kalavera: I don't own a Prophet, but yes should be possible to CID unlock it using this tool. Olipro and the-equinoxe have patched the Wizard's G4 SPL, which should be very close to prophet's, they will be able to help you with the SPL patches.
 
chev
Old
#7  
chev's Avatar
Senior Member
Thanks Meter 40
Posts: 363
Join Date: Jul 2006
what patch is compatible to wizard?
PinoyPride !
Xda2> Dopod 838> Dopod 838 pro> HTC dream> Galaxy S1> >Atrix 4g> Galaxy S2> HTC Sensation > Samsung Galaxy Note 2

Device: Samsung Galaxy Note 2 N7100
Microsd: 16gb Class 10
Rom: Stock
Rooted with PhilZ Touch Recovery

Device: HTC Sensation Z710e
Microsd: 16gb Class 10
Current Rom: Android Revolution 6.8.0
Hboot: 1.27 JuopunutBear
Battery: 2x Anker 1900MAH and Stock HTC battery
 
hdubli
Old
#8  
Senior Member
Thanks Meter 9
Posts: 1,134
Join Date: Dec 2004
Finally I could convert Dopod C800 into a fully working Atlas.Long live POF
Just too many devices, can"t list them here now
twitter : http://twitter.com/hdubli
 
ImCoKeMaN
Old
#9  
Member
Thanks Meter 4
Posts: 61
Join Date: Jan 2007
Good work Pof!! This could have saved me a bit of time custom compiling my own HaRET for the Titan Hard-SPL. I'm sure it will speed up the unlocking of many future devices!
 
zaharakis
Old
#10  
zaharakis's Avatar
Senior Member
Thanks Meter 41
Posts: 705
Join Date: Dec 2006
Location: khalkis/Greece

 
DONATE TO ME
thanks again my friend!!

you did it again
My devices: GT-N7100 / iPhone 5s 32GB / iPad Air wifi +4G 32GB

"the satisfaction to make others happy,is best payment ever"
Dimitris


Enjoying Driving my moto http://www.youtube.com/watch?v=30ZcSK1xBbg

http://zaharakis.blogspot.com/

https://twitter.com/Dim_Zaharakis

http://instagram.com/zaharakis#

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


XDA PORTAL POSTS

Android App Review: Auto Config Free – XDA Developer TV

In this weeks episode of XDA Xposed Tuesday, we talked about customization of … more

Cloupload is a Beautiful and Fully Functional CloudApp Client for Android

If you’re a Mac OS X user who frequently uploads screenshots, … more

Microsoft Finally Brings Remote Desktop to Windows Phone

You may recall that back in October of last year, Microsoft released itsofficial … more

SideControl Gains New Powers through Xposed

You may recall that a little overa month ago, we first talked about SideCutsby XDA Forum … more