FORUMS

Anyone have a bricked 6800 needing fixed? The JTAG Project

246 posts
Thanks Meter: 5
 
By madman34, Senior Member on 13th March 2008, 12:41 PM
Thread Deleted Email Thread
Greetings all,
Just off of the success of fixing the frustration of the broken audio adapter after upgrading to a new ROM problem, I think that a new and even more valeuable project is at hand: UnBricking these that are really bricked.

Ok, here is my thought and experience in as short a summery as I can give. Almost ALL consumber products these days evolved from general purpose processors with outboard EPROM or EEPROM, RAM, and peripheral components. As the devices develope, custom chipsets come into play to reduce size, component count, weight, power consumption, cost, etc, while upping the reliability, battery life, features, speed, and just the joy factor of these things. Look at them as they get better and better, just the transition from 6th gen 6700 to the 7th gen 6800 how much better it works. This goes for everything from the PDA/Smartphones, to the refrigerator, to satellite receivers, everything. A problem was that as more stuff gets crammed onto a smaller number of chips, they needed a way to initially configure these things so they would not come out as dumb boxes. Enter the JTAG interface. For those who do not know the acronym, look it up, but basically it is a standard interface and protocol to communicate with dedicated microprocessors and program them, without having to exactly speak the language of each model and brand. When you get a device off the production line at the end it goes to a workstation that has a JTAG interface jig and a PC configured to load the initial stuff, like the bootloader and basic stuff needed to make it what it is. I have been working with stuff for many years now and have JTAGGed satellite receivers, cell phones, air cards, cars, yes even cars use it, and a standard set of software talks to it all. The only difference is the connector or jig that is used and the BIN file you load. This is usually createable from the bootloader file that we usually load up to the USB port with the RUU, but without a bootloader in it already we can not do anything with it, so we need to JTAG like OLIPRO2.40 straight to the memory address range it needs to go to. JTAG software will, thru the interface, establish communication with, communicate, identify, and program the flash directly, heck you can put the entire ROM on it if you want. I do this all the time with other devices, so I know it is possible.


If you have a 6800 that is bricked thru software error and NOT broken by any crazy stuff done to it afterwards, then JTAGging WILL fix it. I propose to start the JTAG project for the 6800 series HTC devices, as I see an ever increasing number of these getting bricked it needs to be done. The ONLY way one should be touched inside is if it is known to be bricked by software error that you can not get back out of and thats all that is wrong with it, and very important that there is no possibility of returning it to your carrier under warranty for repair. HTC would do exactly what I propose and send it back fixed but probably charge a bunch. I have not killed mine, and do not intend to do so just for this project, but if anyone has one that is just a paperweight and meets the above criteria and has nothing to loose and plenty of time (cause my paying job takes priority) I would be happy to take this on and find, probe, and JTAG your device, fix it and provide before, during, and afterwards logging of what is done. I would then prepare a package of instructions and software on how everyone else can do it as well.


Anyone got a really dead one that they would care to try ???????
13th March 2008, 01:15 PM |#2  
1999TL's Avatar
Senior Member
Flag Washington D.C.
Thanks Meter: 4
 
More
I hope I'm not on the list. I haven't seen JTAG since I went to the DD-WRT forums.
13th March 2008, 01:17 PM |#3  
1999TL's Avatar
Senior Member
Flag Washington D.C.
Thanks Meter: 4
 
More
Sounds like a great project for those in need.
13th March 2008, 05:31 PM |#4  
morganlowe's Avatar
Senior Member
Thanks Meter: 16
 
More
Mmm, JTAG... DD-WRT and old CNC machines..

I'm curious about this, how do you interface with the phone for JTAG? I just skimmed the article [dont have my glasses] but would love to know.
13th March 2008, 05:33 PM |#5  
Senior Member
Thanks Meter: 0
 
More
JTAG fixed my Hermes
JTAG does work - it brought my bricked hermes back to life!
13th March 2008, 05:47 PM |#6  
Shadowmite's Avatar
Senior Member
Thanks Meter: 52
 
More
Quote:
Originally Posted by morganlowe

Mmm, JTAG... DD-WRT and old CNC machines..

I'm curious about this, how do you interface with the phone for JTAG? I just skimmed the article [dont have my glasses] but would love to know.

You have to find the 4 or 5 connection points needed and determine memory layout. The problem with his idea here is the cpu in the 6800 is SPECIAL. No public datasheets, and it's proprietary as heck. Good luck finding the jtag points for the kaiser or 6800 or any msm7000 series device using the msm as the cpu.
13th March 2008, 05:57 PM |#7  
morganlowe's Avatar
Senior Member
Thanks Meter: 16
 
More
Quote:
Originally Posted by Shadowmite

You have to find the 4 or 5 connection points needed and determine memory layout. The problem with his idea here is the cpu in the 6800 is SPECIAL. No public datasheets, and it's proprietary as heck. Good luck finding the jtag points for the kaiser or 6800 or any msm7000 series device using the msm as the cpu.

I was thinking the same thing, there's not much on this chip out there... I have JTAG stuff for old school EPROMs and such, even got a cable for Linksys routers... I would worry about digging into my phone though. I know with Sprint you can add insurance at anytime, but you must wait 30 days to make a first claim... I got some old Treo 600s for Sprint I could donate to someone needing a phone as a temp.
13th March 2008, 06:00 PM |#8  
Senior Member
Flag Dallas
Thanks Meter: 0
 
More
Quote:
Originally Posted by Shadowmite

You have to find the 4 or 5 connection points needed and determine memory layout. The problem with his idea here is the cpu in the 6800 is SPECIAL. No public datasheets, and it's proprietary as heck. Good luck finding the jtag points for the kaiser or 6800 or any msm7000 series device using the msm as the cpu.

And the great Shadowmite emerges from the......shadows?

Long time no see! (TC)
13th March 2008, 06:52 PM |#9  
OP Senior Member
Thanks Meter: 5
 
More
JTAG prober
Quote:
Originally Posted by Shadowmite

You have to find the 4 or 5 connection points needed and determine memory layout. The problem with his idea here is the cpu in the 6800 is SPECIAL. No public datasheets, and it's proprietary as heck. Good luck finding the jtag points for the kaiser or 6800 or any msm7000 series device using the msm as the cpu.

JTAG points are usually together in a pattern and not scattered, and JTAG prober software is wonderful for getting the pinout by analyzing the signals it sees, JKEYS is good as is QXDM (Qualcomm Extensible Diagnostic Monitor) is what I used for doing the same thing with a Sierra Wireless 580 card that uses the MSM5500. The card was corrupted during a flash update and I was able to JTAG and get it back and use it as a test card to this day. QXDM even can unlock the protected memory and change things you are not allowed to change (ESN), it is pretty much all powerfull as far as the Qualcomm chips go. By the way, before Nortel I worked for Qualcomm and still have access so I was reeeeeeeal happy to see HTC start useing this chipset ;)
13th March 2008, 07:20 PM |#10  
Shadowmite's Avatar
Senior Member
Thanks Meter: 52
 
More
You go ahead and try then, let us know if you succeed.
13th March 2008, 08:14 PM |#11  
OP Senior Member
Thanks Meter: 5
 
More
Will do when,,,,,,
Quote:
Originally Posted by Shadowmite

You go ahead and try then, let us know if you succeed.

When a unit becomes available I will do it ;)
Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes