|
Welcome to the GSM-Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. Only registered members may post questions, contact other members or search our database of over 8 million posts. Registration is fast, simple and absolutely free so please - Click to REGISTER! If you have any problems with the registration process or your account login, please contact contact us . |
|
Register | FAQ | Donate | Forum Rules | Root any Device | ★iPhone Unlock★ | ★ Direct Codes ★ | Direct Unlock Source | Search | Today's Posts | Mark Forums Read |
BlackBerry (RIM) Blackberry phones discussion, firmwares, tutorial, media, repairs. |
| LinkBack | Thread Tools | Display Modes |
05-07-2009, 09:37 | #1 (permalink) |
Crazy Poster Join Date: Jan 2009
Posts: 51
Member: 957095 Status: Offline Thanks Meter: 16 | Useful BB USB Commands Code: read BSN <-: 01 00 1C 00 80 FE 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 02 00 00 read freq_map <-: 01 00 1C 00 80 FE 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 07 00 00 write parts list<-: 01 00 18 02 38 FF 10 02 01 00 00 00 00 00 00 00 5D 5C 5B 5A 48 57 56 2D 31 31 36 39 35 2D 30 30 38 2D 31 00 4D 46 49 2D 31 34 36 37 38 2D 30 31 31 00 4D 45 50 2D 30 34 31 30 33 2D 30 30 32 00 43 46 47 2D 31 30 39 39 36 2D 30 31 39 00 4E 56 43 2D 31 36 35 30 34 2D 30 30 31 00 50 52 4C 2D 31 35 33 33 36 2D 30 30 32 00 53 46 49 2D 31 34 35 36 32 2D 30 32 34 00 41 50 50 2D 31 34 38 35 39 2D 30 31 39 00 50 52 44 2D 31 32 31 39 30 2D 30 30 32 00 41 53 59 2D 31 33 33 36 31 2D 30 30 31 00 56 53 4D 2D 31 31 36 39 37 2D 30 30 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0B 00 00 00 A0 00 00 00 clear MEP <-: 01 00 68 00 2E FF 60 00 9C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 read VSM:01 00 0c 00 3a ff 04 00 00 00 02 ff (segment1) <- : 01 00 0c 00 3a ff 04 00 00 01 02 ff (segment2) <- : 01 00 0c 00 3a ff 04 00 00 02 02 ff (segment3) These commands need to be sent over the RIM Cal task channel - <-: 00 00 18 00 07 ff 00 00 52 49 4d 20 43 61 6c 20 74 61 73 6b 00 00 00 00 ; request an open with RIM Cal task ->: read response <-: 00 00 08 00 0a 01 00 0b ; complete handshake ->: read repsonse <-: 01 00 0c 00 3a ff 04 00 00 00 02 ff ; request VSM file ->: read out VSM file -mobytes |
The Following 9 Users Say Thank You to mobytes For This Useful Post: |
05-11-2009, 11:20 | #6 (permalink) |
Crazy Poster Join Date: Jan 2009
Posts: 51
Member: 957095 Status: Offline Thanks Meter: 16 | The same access levels apply when sending commands directly. The good news is that you don't need to install the multi-loader software, and can use CFP to load the appropriate MFI file to gain broader access for customization purposes. However, there are hundreds of commands that are exposed in MML. Check out the typeLib with OLE-COM object viewer and you can see this under Type Libraries ->RIMRADIOCOMLib. Notice that there is a command to toggle RTAS. I wonder what that does. -mobytes |
The Following User Says Thank You to mobytes For This Useful Post: |
05-11-2009, 16:04 | #7 (permalink) |
Freak Poster Join Date: Apr 2009
Posts: 158
Member: 1007877 Status: Offline Sonork: BoBo Thanks Meter: 26 | @mobytes yes, i know the CTP tools. but how to add the code to command line? As ctp -u command "01 00 1C 00 80 FE 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 02 00 00" |
05-11-2009, 17:44 | #8 (permalink) |
Crazy Poster Join Date: Jan 2009
Posts: 51
Member: 957095 Status: Offline Thanks Meter: 16 | I'm not using CFP to send USB commands. I'm using a third pary USB driver from Jungo - windrvr6.sys in place of rimusb.sys. The Jungo drivers include a sample console application - usb_diag.exe. As an illustration - Code: C:\WinDriver\samples\usb_diag\WIN32>usb_diag.exe Enter device vendor id (hex) (=0x1234): fca Enter device product id (hex) (=0x5678): 1 Please make sure the device is attached: DeviceAttach: received and accepted attach for vendor id 0xfca, product id 0x1, interface 0, device handle 0x00883E70 Main Menu (active Dev/Prod/Interface/Alt. Setting: 0xfca/0x1/0/0) ---------- 1. Display device configurations 2. Change interface alternate setting 3. Reset Pipe 4. Read/Write from pipes 6. Refresh 99. Exit Enter option: 4 Control pipe: pipe num. 0x0: packet size 64, type Control, dir In & Out, interval 0 (ms) Alternate Setting: 0 pipe num. 0x85: packet size 64, type Bulk, dir In, interval 0 (ms) pipe num. 0x5: packet size 64, type Bulk, dir Out, interval 0 (ms) pipe num. 0x83: packet size 64, type Bulk, dir In, interval 0 (ms) pipe num. 0x3: packet size 64, type Bulk, dir Out, interval 0 (ms) pipe num. 0x82: packet size 64, type Bulk, dir In, interval 0 (ms) pipe num. 0x2: packet size 64, type Bulk, dir Out, interval 0 (ms) pipe num. 0x84: packet size 64, type Bulk, dir In, interval 0 (ms) pipe num. 0x4: packet size 64, type Bulk, dir Out, interval 0 (ms) Read/Write from/to device's pipes using Single Blocking Transfers --------------------- 1. Read from pipe 2. Write to pipe 3. Listen to pipe (continuous read) 99. Main menu Enter option: 2 Please enter the pipe number (hex): 0x3 Please enter the size of the buffer (dec): 24 Please enter the input buffer (hex): 00 00 18 00 07 ff 00 00 52 49 4d 20 43 61 6c 20 74 61 73 6b 00 00 00 00 Transferred 24 bytes Read/Write from/to device's pipes using Single Blocking Transfers --------------------- 1. Read from pipe 2. Write to pipe 3. Listen to pipe (continuous read) 99. Main menu Enter option: 3 Please enter the pipe number (hex): 0x83 Press <Enter> to start listening. While listening, press <Enter> to stop <Enter> Start listening to pipe 00 00 2C 00 08 01 00 00 52 49 4D 20 43 61 6C 20 | 74 61 73 6B 00 00 00 00 00 00 00 00 01 80 0C 00 | 02 80 0C 00 03 01 00 00 04 01 00 00 | .Ç.......... Stop listening to pipe Read/Write from/to device's pipes using Single Blocking Transfers --------------------- 1. Read from pipe 2. Write to pipe 3. Listen to pipe (continuous read) 99. Main menu Enter option: 2 Please enter the pipe number (hex): 0x3 Please enter the size of the buffer (dec): 8 Please enter the input buffer (hex): 00 00 08 00 0a 01 00 0b Transferred 8 bytes Read/Write from/to device's pipes using Single Blocking Transfers --------------------- 1. Read from pipe 2. Write to pipe 3. Listen to pipe (continuous read) 99. Main menu Enter option: 3 Please enter the pipe number (hex): 0x83 Press <Enter> to start listening. While listening, press <Enter> to stop <Enter> Start listening to pipe 00 00 08 00 10 01 00 0B | ........ 00 00 0C 00 13 01 01 00 00 00 00 00 | ............ Stop listening to pipe Read/Write from/to device's pipes using Single Blocking Transfers --------------------- 1. Read from pipe 2. Write to pipe 3. Listen to pipe (continuous read) 99. Main menu Enter option: 2 Please enter the pipe number (hex): 0x3 Please enter the size of the buffer (dec): 28 Please enter the input buffer (hex): 01 00 1c 00 80 fe 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 06 00 0 Transferred 28 bytes Read/Write from/to device's pipes using Single Blocking Transfers --------------------- 1. Read from pipe 2. Write to pipe 3. Listen to pipe (continuous read) 99. Main menu Enter option: 3 Please enter the pipe number (hex): 0x83 Press <Enter> to start listening. While listening, press <Enter> to stop <Enter> Start listening to pipe 01 00 1C 00 81 FE 14 00 04 0E 00 04 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | ............ 00 00 0C 00 13 01 01 00 01 00 00 00 | ............ Stop listening to pipe 1. Invoked the usb_diag console utility. 2. Entered the vendor id / product id 3. Selected write to pipe 0x3 4. Entered the command bytes to open the RIM Cal task channel 5. Selected listen to pipe 0x83 (Got an ACK with channel parameters) 6. Selected write to pipe 0x3 7. Entered pipe command bytes to complete the handske 8. Entered the command bytes to read the platform id (a.k.a hwid) 9. Got a response of 0x04 0x00 0x0E 0x04 Hope that helps. -mobytes |
05-12-2009, 04:33 | #9 (permalink) |
Crazy Poster Join Date: Jan 2009
Posts: 51
Member: 957095 Status: Offline Thanks Meter: 16 | writing a VSM file to the device Let's say that you want to send the following VSM file to your device - 01 00 00 BC 00 00 00 00 FF FF FF FF 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 After opening the RIM Cal task channel you would send out - 01 00 28 00 3A FF 20 00 0X 00 02 FF 01 00 00 BC 00 00 00 00 FF FF FF FF 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 where x=1 to write (x=0 to read) Piece of cake! -mobytes |
05-12-2009, 04:52 | #10 (permalink) | |
Junior Member Join Date: May 2009
Posts: 11
Member: 1025826 Status: Offline Thanks Meter: 0 | Quote:
| |
05-12-2009, 05:12 | #13 (permalink) | |
Crazy Poster Join Date: Jan 2009
Posts: 51
Member: 957095 Status: Offline Thanks Meter: 16 | Quote:
| |
Bookmarks |
Thread Tools | |
Display Modes | |
| |
Similar Threads | ||||
thread | Thread Starter | Forum | Replies | Last Post |
Z3X SmartPhone 2.3.50 update You use under battery cable? Why? Use only USB cable ;) | mk | Z3X-Team Products | 123 | 11-09-2010 05:27 |
Z3X SmartPhone 2.3.50 update You use under battery cable? Why? Use only USB cable ;) | mk | Service Products News & Updates | 0 | 02-19-2010 13:34 |
How to use bb server to unlock new bb ? | abote didier | FuriousGold | 1 | 11-05-2009 15:12 |
Unsupported simlock type ! BB 8900 using bb tool [SOLVED] | jorgeluism | FuriousGold | 1 | 08-26-2009 20:30 |
How to use BB suspended by RIM? | tedyjohar | BlackBerry (RIM) | 2 | 05-18-2009 09:58 |
|