Firmware modding with X100 - GSM-Forum

Japris · 08-07-2004, 21:38

Hello!

I decided to post here if somebody will found these instructions useful. I bought X100 few months ago and found that it is badly crippled by software. That is very very very aggravating, but it means that these crippled features can be hacked. Now I found that our Russian fellows have did modifications I have been waiting for:

http://sgh-x100.nm.ru/

There are modifications for enabling whole 8 MB memory for java, disabling DRM and other neat tricks. Too bad that modifications are for russian version of firmware. i decided to try though and used E700 downloaded to upload russian patched firmware to my X100. And it worked. I thought that it could be possible to port these binary patches to other verisons of firmwares too and it was.

Now, you have to remember that all work (reading disassemlbed code, doing modifications needed) has been done by russian guys, I don't understand anything about machine language, just did some simple search&replace by hex editor.

Ok, I used PatchX100.zip. There is xml-formatted file which contains addresses and modifications needed. I took russian firmware and opened it to hex editor and wrote up hex codes needed to modify and few surrounding hex codes. And then searched matching codes for my local firmware. And did same modifications. Have to say that I didn't expect it to work but it did. I have now X10XBWK1 with 8MB java memory, disabled DRM etc. There seems to be no CRC checks or that kind of tricks. Modifications probably can be done to other version of firmwares too. Just use hex editor to found corresbonding bytes. And remember that it is perfectly possible to ruin everything, to make you phone dead by triggering some CRC checks or modifying wrong bytes etc. I don't even guarantee that my modifications are correctly done since I don't understand machine language. However, you can try

It could be nice if everybody would post needed patches to here for their own firmwares I think.

But, here is X10XBWK1 firmware section for PatchX.xml:

----------------------------
<File title="X100XBWK1" name="X100XBWK1.bin" size="11357000" comment="Patches for X100XBWK1">
<Patch title="Enable full 8 MB memory for java" comment="This patch enables full 8 MB for Java middlets.\nCredits: Jabberwock">
<Change offset="0x0003A73F" from="15" to="7D">
<Change offset="0x0003A76D" from="15" to="7D">
<Change offset="0x0003A81B" from="15" to="7D">
<Change offset="0x0003A873" from="03" to="10">
<Change offset="0x000571D0" from="03" to="10">
</Patch>
<Patch title="Remove key unlock delay" comment="Remove two second delay after unlocked keypad.\nCredits: Vadiks, Engr">
<Change offset="0x0055E8DF" from="02" to="00">
</Patch>
<Patch title="All folders patch." comment="All folders patch ??? What it does?.\nCredits: DaveGibson, Jabberwock">
<Change offset="0x000D0C8A" from="1C38E7F20000" to="78203841E7FB">
<Change offset="0x000F77BA" from="88" to="88">
</Patch>
<Patch title="Remove DRM protection." comment="Remove DRM protection.\nCredits: Vadiks, Engr">
<Change offset="0x00012E27" from="01" to="00">
</Patch>
</File>
----------------------------

What needs to be done is removing MMF and MMS size limits. Didn't have time to do that. But try yourself.

Ps. please please please, if you don't know what you are doing (or know that you don't know), don't do it!

Japris · 08-08-2004, 00:07

MMF size hack ported to x100xbwk1. Tried to port mms size limits, butt differences between russian and xb version of firmwares were too much. Well who cares about mms anyways

tolgaturkey · 01-01-2005, 23:09

hi with which program change this section ?

Hackrack · 06-04-2006, 17:42

Thanks! Buddy 4 sharing ur experiment.

I will check also to my firmware.

08-07-2004, 21:38	#1 (permalink)
Japris Junior Member Join Date: Aug 2004 Age: 42 Posts: 2 Member: 76799 Status: Offline Thanks Meter: 0	Firmware modding with X100 Hello! I decided to post here if somebody will found these instructions useful. I bought X100 few months ago and found that it is badly crippled by software. That is very very very aggravating, but it means that these crippled features can be hacked. Now I found that our Russian fellows have did modifications I have been waiting for: http://sgh-x100.nm.ru/ There are modifications for enabling whole 8 MB memory for java, disabling DRM and other neat tricks. Too bad that modifications are for russian version of firmware. i decided to try though and used E700 downloaded to upload russian patched firmware to my X100. And it worked. I thought that it could be possible to port these binary patches to other verisons of firmwares too and it was. Now, you have to remember that all work (reading disassemlbed code, doing modifications needed) has been done by russian guys, I don't understand anything about machine language, just did some simple search&replace by hex editor. Ok, I used PatchX100.zip. There is xml-formatted file which contains addresses and modifications needed. I took russian firmware and opened it to hex editor and wrote up hex codes needed to modify and few surrounding hex codes. And then searched matching codes for my local firmware. And did same modifications. Have to say that I didn't expect it to work but it did. I have now X10XBWK1 with 8MB java memory, disabled DRM etc. There seems to be no CRC checks or that kind of tricks. Modifications probably can be done to other version of firmwares too. Just use hex editor to found corresbonding bytes. And remember that it is perfectly possible to ruin everything, to make you phone dead by triggering some CRC checks or modifying wrong bytes etc. I don't even guarantee that my modifications are correctly done since I don't understand machine language. However, you can try It could be nice if everybody would post needed patches to here for their own firmwares I think. But, here is X10XBWK1 firmware section for PatchX.xml: ---------------------------- <File title="X100XBWK1" name="X100XBWK1.bin" size="11357000" comment="Patches for X100XBWK1"> <Patch title="Enable full 8 MB memory for java" comment="This patch enables full 8 MB for Java middlets.\nCredits: Jabberwock"> <Change offset="0x0003A73F" from="15" to="7D"> <Change offset="0x0003A76D" from="15" to="7D"> <Change offset="0x0003A81B" from="15" to="7D"> <Change offset="0x0003A873" from="03" to="10"> <Change offset="0x000571D0" from="03" to="10"> </Patch> <Patch title="Remove key unlock delay" comment="Remove two second delay after unlocked keypad.\nCredits: Vadiks, Engr"> <Change offset="0x0055E8DF" from="02" to="00"> </Patch> <Patch title="All folders patch." comment="All folders patch ??? What it does?.\nCredits: DaveGibson, Jabberwock"> <Change offset="0x000D0C8A" from="1C38E7F20000" to="78203841E7FB"> <Change offset="0x000F77BA" from="88" to="88"> </Patch> <Patch title="Remove DRM protection." comment="Remove DRM protection.\nCredits: Vadiks, Engr"> <Change offset="0x00012E27" from="01" to="00"> </Patch> </File> ---------------------------- What needs to be done is removing MMF and MMS size limits. Didn't have time to do that. But try yourself. Ps. please please please, if you don't know what you are doing (or know that you don't know), don't do it!

06-04-2006, 17:42	#4 (permalink)
Hackrack Junior Member Join Date: Nov 2004 Age: 39 Posts: 17 Member: 92042 Status: Offline Thanks Meter: 0	Thanks! Thanks! Buddy 4 sharing ur experiment. I will check also to my firmware.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
CiPhone (3G) firmware modding question	ColonelZap	Chinese Models & Cloned Phones	4	11-05-2008 09:26
d500 firmware modding	wreksta	SWIFT Platform	2	03-06-2006 20:40
How to BACKUP the firmware of an X100....	masterdwarf01	SYSOL Platform	0	03-16-2004 12:32
I need downloader and firmware for sgh-x100!	masterdwarf01	SYSOL Platform	0	02-10-2004 20:53

08-08-2004, 00:07	#2 (permalink)
Japris Junior Member Join Date: Aug 2004 Age: 42 Posts: 2 Member: 76799 Status: Offline Thanks Meter: 0	MMF size hack ported to x100xbwk1. Tried to port mms size limits, butt differences between russian and xb version of firmwares were too much. Well who cares about mms anyways <File title="X100XBWK1" name="X100XBWK1.bin" size="11357000" comment="Patches for X100XBWK1"> <Patch title="MMF max. size to 224 kB" comment="Increases the maximum size of MMF's to 224 kB\nCredits: Vadiks, Shrike"> <Change offset="0x0005049D" from="74B6A0" to="7C5D00"> <Change offset="0x0014314D" from="01" to="07"> <Change offset="0x00143199" from="01" to="07"> <Change offset="0x001431DD" from="74B6A0" to="7C5D00"> <Change offset="0x0014321B" from="01" to="07"> <Change offset="0x001432EF" from="01" to="07"> <Change offset="0x00143365" from="74B6A0" to="7C5D00"> <Change offset="0x0014340D" from="01" to="07"> <Change offset="0x001434AB" from="01" to="07"> <Change offset="0x001434E5" from="74B6A0" to="7C5D00"> <Change offset="0x001435C3" from="01" to="07"> <Change offset="0x001435FD" from="01" to="07"> <Change offset="0x00143707" from="01" to="07"> <Change offset="0x0014375F" from="01" to="07"> <Change offset="0x001437C5" from="74B6A0" to="7C5D00"> <Change offset="0x00143815" from="74B6C8" to="7C5D28"> </Patch> </File>

01-01-2005, 23:09	#3 (permalink)
tolgaturkey Junior Member Join Date: Dec 2004 Age: 53 Posts: 1 Member: 100673 Status: Offline Thanks Meter: 0	hi with which program change this section ?