BattleMail in S45i v04 and probably all FW - GSM-Forum

fishu · 04-08-2003, 21:30

Hi!! Sorry for my poor english

When i`m viewing images in my backup firmware v.04 /use ffModifier - Siemens Flash Modifier v1.02b/ i see pictures from game BattleMail Kung-Fu /title screen - image Id 352, probably all pictures from ID 254 to ID 354 are from this game/. It`s posible to activate this game??

Kite · 04-10-2003, 13:18

i've post the same question in another topic... they've said there are only the images, and the game can't be acrivated.. but i'm not very sure....

fishu · 04-10-2003, 15:40

well, maybe they`ve right, but i don`t give up and i still search

Kite · 04-11-2003, 14:31

Fishu, you have posted this patch:

Use Explorer without sim card:
05A656 : C5 04 --> 59 05

it works right..thanks.

Can you say me what software have you used to find this patch? i've tried with a lot of software to disassemble the flash, but without luck..

fishu · 04-11-2003, 16:03

I use only hex editor and Siemens language editor /by Skylord/

I analyzing how rizaPN make patch, and searching in firmware. Yesterday i find how to activate menu Java /in Surf & Fun menu/, but i can`t enter to this menu, because java not exist in this firmware. Tommorow i will write how i`m making changes in firmware, because today i`m very busy, sorry.

fishu · 04-12-2003, 02:53

Ok, Kite, maybe you understand what i write /i just came from party

/:
For example you have some value in hex editor like that /from rizaPN patch band selection/:
00056F80 3009 1A02 5E01 5F01 0000 0809 1A02 0000
00056F90 F601 3009 1A02 5C00 5D00 0000 0C09 1A02
00056FA0 0000 F701 3009 1A02 7700 7800 0000 0809
00056FB0 1A02 0000 F901 3009 1A02 D100 D200 0000
00056FC0 0809 1A02 0000 0502 CC7B F500 D07B F500

1. look on the value F601, F701, F901 - they grove up!!
2. look on the 5E01 5F01 or 5C00 5D00 or 7700 7800 or D100 D200
3. when you use siemens language editor and decompile LGpack from flash and save language pack to file you will have a lot of text /but not all!!/. Then you can find for example band selection. There are 2 entry with number 209 and 210 when you use calculator and change this value to hex you will hav D1 and D2. This value exist in the firmware on offset 56FBA and 56FBC. Next when you make +12 to offset /56FBA+12=56FC6/ you will find 0502 and when you change this to other value /for example to FA01 like a rizPN, or 5905/ you activate this menu!!
4. But somtimes you must make only +10 because some entry not exist twince like agenda /in calendar/!!
5. In offset 56F84 you have 5E01 this mean 15E /hex/ = 350 /dec/ and this is choose network!!
6. When i change a lot value from other to 5905 /this probably mean always on/ i activate menu java. When i find correct value i will write it.

I hope that you understand some from this /because my english is realy poor/

Kite · 04-13-2003, 12:29

Great, i have understood.. i hope you will find anything with your searches.. and i'll try to help you..

fishu · 04-15-2003, 18:09

Kite, maybe you can help mi with BattleMail:
i thing that i find menu of this game in:
00059C30 1A02 0300 5905 0000 0000 FC04 FF7F 0000
00009C40 0809 1A02 0300 5905 6802 0000 0000 0000

in 059C3A is FC04 that is 04FC /hex/ = 1276
and in position 1276 in languge file exist string "BattleMail"
and in 059C46 is 5905 but menu is hide!! I don`t know what mean FF7F /059C3C/ and 0300 in /059C44/, i will check it. Any idea??

update:
oher games menu starts: 05C106

Kite · 04-15-2003, 18:52

mmm...i can try...when you find new patches, how do you test them, by uploading the firmware? or it's possible to find an emulator in the net?

fishu · 04-15-2003, 19:13

Maybe are emulators for phone, but i flash my phone by partial flash and test it. Some time ago i download emulator for mt50 from orginal siemens site, but i don`t know is this program can read firmware from file.

Kite · 04-15-2003, 19:18

i don't know anything:

when you convert 2 entry to hexadecimal, for example, you find 4d and 4e, you must search in the firmware the values 4d00 4e00, is it wrong? but when you search these entries, you find a lot of "4d00 4e00"..why? what i have to do at this point?

fishu · 04-15-2003, 19:24

Kite you say about menu "Display", right??
I think that most menus are on offset 05xxxx , you must find not string "4d00 4e00", but "4e00 4d00" sometimes you must reverse value

rizapn · 04-16-2003, 07:05

Just for your info :
I did upload two tools for doing flash patching by ourself. Please read the "Flash Patching Tools" topics under Siemens Software section ...

RizaPN

Kite · 04-16-2003, 09:00

Riza, you used fishu's method to create new patches? your patches are very complicated, can you say us your method?

rizapn · 04-16-2003, 10:14

Please read the "Siemens Entry-Point" topics in the "GSM Programming" section (it was sent long-long time ago) and you will see what was done by me for doing flash patching ...

RizaPN

04-08-2003, 21:30	#1 (permalink)
fishu Junior Member Join Date: Feb 2003 Location: Poland Posts: 24 Member: 20967 Status: Offline Thanks Meter: 0	BattleMail in S45i v04 and probably all FW Hi!! Sorry for my poor english When i`m viewing images in my backup firmware v.04 /use ffModifier - Siemens Flash Modifier v1.02b/ i see pictures from game BattleMail Kung-Fu /title screen - image Id 352, probably all pictures from ID 254 to ID 354 are from this game/. It`s posible to activate this game??

04-12-2003, 02:53	#6 (permalink)
fishu Junior Member Join Date: Feb 2003 Location: Poland Posts: 24 Member: 20967 Status: Offline Thanks Meter: 0	Ok, Kite, maybe you understand what i write /i just came from party /: For example you have some value in hex editor like that /from rizaPN patch band selection/: 00056F80 3009 1A02 5E01 5F01 0000 0809 1A02 0000 00056F90 F601 3009 1A02 5C00 5D00 0000 0C09 1A02 00056FA0 0000 F701 3009 1A02 7700 7800 0000 0809 00056FB0 1A02 0000 F901 3009 1A02 D100 D200 0000 00056FC0 0809 1A02 0000 0502 CC7B F500 D07B F500 1. look on the value F601, F701, F901 - they grove up!! 2. look on the 5E01 5F01 or 5C00 5D00 or 7700 7800 or D100 D200 3. when you use siemens language editor and decompile LGpack from flash and save language pack to file you will have a lot of text /but not all!!/. Then you can find for example band selection. There are 2 entry with number 209 and 210 when you use calculator and change this value to hex you will hav D1 and D2. This value exist in the firmware on offset 56FBA and 56FBC. Next when you make +12 to offset /56FBA+12=56FC6/ you will find 0502 and when you change this to other value /for example to FA01 like a rizPN, or 5905/ you activate this menu!! 4. But somtimes you must make only +10 because some entry not exist twince like agenda /in calendar/!! 5. In offset 56F84 you have 5E01 this mean 15E /hex/ = 350 /dec/ and this is choose network!! 6. When i change a lot value from other to 5905 /this probably mean always on/ i activate menu java. When i find correct value i will write it. I hope that you understand some from this /because my english is realy poor/ Last edited by fishu; 04-12-2003 at 02:59.

04-15-2003, 18:09	#8 (permalink)
fishu Junior Member Join Date: Feb 2003 Location: Poland Posts: 24 Member: 20967 Status: Offline Thanks Meter: 0	Kite, maybe you can help mi with BattleMail: i thing that i find menu of this game in: 00059C30 1A02 0300 5905 0000 0000 FC04 FF7F 0000 00009C40 0809 1A02 0300 5905 6802 0000 0000 0000 in 059C3A is FC04 that is 04FC /hex/ = 1276 and in position 1276 in languge file exist string "BattleMail" and in 059C46 is 5905 but menu is hide!! I don`t know what mean FF7F /059C3C/ and 0300 in /059C44/, i will check it. Any idea?? update: oher games menu starts: 05C106 Last edited by fishu; 04-15-2003 at 18:51.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Edit your language in i9, i68 p168 and probably other phones	lecatla	Chinese Models & Cloned Phones	21	03-05-2010 13:17
all tesypoint moto all in one .old and new	Dr/MoBiLE MiSR	Smart-Clip	1	10-22-2007 13:39
Question about EEPROM in S45i (durability).	ntcn	x4x, x5x Flashpatching	18	09-13-2004 05:15
S45 v21 vs. S45 v30 vs. S45i v04	-V-O-Y-A-G-E-R-	x1x to x45/x50	0	06-27-2003 15:57
Please calculate MAP for S45i v04 thanx	Monty	Phone Unlocking Codes & Maps	1	12-27-2002 15:45

04-10-2003, 13:18	#2 (permalink)
Kite Junior Member Join Date: Apr 2003 Location: Italy Age: 44 Posts: 38 Member: 26307 Status: Offline Thanks Meter: 0	i've post the same question in another topic... they've said there are only the images, and the game can't be acrivated.. but i'm not very sure....

04-10-2003, 15:40	#3 (permalink)
fishu Junior Member Join Date: Feb 2003 Location: Poland Posts: 24 Member: 20967 Status: Offline Thanks Meter: 0	well, maybe they`ve right, but i don`t give up and i still search

04-11-2003, 14:31	#4 (permalink)
Kite Junior Member Join Date: Apr 2003 Location: Italy Age: 44 Posts: 38 Member: 26307 Status: Offline Thanks Meter: 0	Fishu, you have posted this patch: Use Explorer without sim card: 05A656 : C5 04 --> 59 05 it works right..thanks. Can you say me what software have you used to find this patch? i've tried with a lot of software to disassemble the flash, but without luck..

04-11-2003, 16:03	#5 (permalink)
fishu Junior Member Join Date: Feb 2003 Location: Poland Posts: 24 Member: 20967 Status: Offline Thanks Meter: 0	I use only hex editor and Siemens language editor /by Skylord/ I analyzing how rizaPN make patch, and searching in firmware. Yesterday i find how to activate menu Java /in Surf & Fun menu/, but i can`t enter to this menu, because java not exist in this firmware. Tommorow i will write how i`m making changes in firmware, because today i`m very busy, sorry.

04-13-2003, 12:29	#7 (permalink)
Kite Junior Member Join Date: Apr 2003 Location: Italy Age: 44 Posts: 38 Member: 26307 Status: Offline Thanks Meter: 0	Great, i have understood.. i hope you will find anything with your searches.. and i'll try to help you..

04-15-2003, 18:52	#9 (permalink)
Kite Junior Member Join Date: Apr 2003 Location: Italy Age: 44 Posts: 38 Member: 26307 Status: Offline Thanks Meter: 0	mmm...i can try...when you find new patches, how do you test them, by uploading the firmware? or it's possible to find an emulator in the net?

04-15-2003, 19:13	#10 (permalink)
fishu Junior Member Join Date: Feb 2003 Location: Poland Posts: 24 Member: 20967 Status: Offline Thanks Meter: 0	Maybe are emulators for phone, but i flash my phone by partial flash and test it. Some time ago i download emulator for mt50 from orginal siemens site, but i don`t know is this program can read firmware from file.

04-15-2003, 19:18	#11 (permalink)
Kite Junior Member Join Date: Apr 2003 Location: Italy Age: 44 Posts: 38 Member: 26307 Status: Offline Thanks Meter: 0	i don't know anything: when you convert 2 entry to hexadecimal, for example, you find 4d and 4e, you must search in the firmware the values 4d00 4e00, is it wrong? but when you search these entries, you find a lot of "4d00 4e00"..why? what i have to do at this point?

04-15-2003, 19:24	#12 (permalink)
fishu Junior Member Join Date: Feb 2003 Location: Poland Posts: 24 Member: 20967 Status: Offline Thanks Meter: 0	Kite you say about menu "Display", right?? I think that most menus are on offset 05xxxx , you must find not string "4d00 4e00", but "4e00 4d00" sometimes you must reverse value

04-16-2003, 07:05	#13 (permalink)
rizapn No Life Poster Join Date: Mar 2002 Location: -[r0]- Age: 53 Posts: 834 Member: 9891 Status: Offline Thanks Meter: 2	Just for your info : I did upload two tools for doing flash patching by ourself. Please read the "Flash Patching Tools" topics under Siemens Software section ... RizaPN

04-16-2003, 09:00	#14 (permalink)
Kite Junior Member Join Date: Apr 2003 Location: Italy Age: 44 Posts: 38 Member: 26307 Status: Offline Thanks Meter: 0	Riza, you used fishu's method to create new patches? your patches are very complicated, can you say us your method?

04-16-2003, 10:14	#15 (permalink)
rizapn No Life Poster Join Date: Mar 2002 Location: -[r0]- Age: 53 Posts: 834 Member: 9891 Status: Offline Thanks Meter: 2	Please read the "Siemens Entry-Point" topics in the "GSM Programming" section (it was sent long-long time ago) and you will see what was done by me for doing flash patching ... RizaPN