====== Patches ======
Patches are saved as .vkp format, which is a renamed text file with description patch itself. Each patch line should start with an +offset to which address it is patched. You can revert patches as original content is first part after offset every line. \\
You can join patches into a single .vkp by adding **+0** between two patches, which just resets the offset value. Comments are done with ";" in front till end of line \\
__'must have' patches__:
If you don't have SIM inside when you work on your phone, install patch for no SIM first. \\
See if there is are heapshift patches and apply the needed one. \\
Patch elfpack from [[https://justdanpo.ru/data/support/elfpack/]], or see Farids versions. Elfloader is [[sony_ericsson:compiled_elfs|the only thing you'll really need]]. \\
On DB2020 flash QuickAccess (QA) vkp - mandatory for way faster connection for patching.\\
Tip: Copy/backup CXC in a state you have liked, then you do not have to reflash complete FW when you screw up patching. You can get clean cxc by extracting MAIN fw. If you use FAR manager for patching VKP, there is always a cached version locally: AppData\Roaming\farcxcpatcher\cache \\
Warning: I am not responsible. You can brick your phone (then just try to reflash). This is no guide, just a collection. Go read the warnings of everybody else, they apply here too. \\
====== runtime vkp ======
If you use runtime vkp, don't make it as Daemon
Downside already told by iron master in his original thread in mobilefree.
Runtime vkp cant use heap address, so if the patch use heap it need to be rewritten.
If you use runtime vkp, don't make it as Daemon (don't do runtimevkp as daemon)
It look like has race condition that make phone crash.
Its very useful for testing patch on the fly 😅
\\
I'm already using offline pather in farcxcpatcher, I can open phone_app and drag patches there.
===== Tools =====
ALWAYS make a backup your personal GDFS - FIRST! \\
Have GordonsGate Driver set up.\\
SEUS (Sony Ericsson Update Service) is the official tool. Instead use: \\
Far manager with SEFP2 and CXC plugins + tutorials\\
-> ALT+F7 for search in FAR-Manager
->sefp2w.145 / 144 can not delete files on red phones! -> sefp2w.139 definitely works!
http://forum.farmanager.com/viewtopic.php?t=5163
[[https://sony.yt/topic/944-far-how-to-patch-permanently-a2-based-phones/]] \\
[[https://www.topsony.com/forum/showthread.php/10301-Flashing-with-jdflasher]] \\
jdflasher (no A2)\\
A2-Uploader \\
XS++ \\
Setool2 Lite \\
SEMCtool v2.2 \\
SeTool2 [[https://support.setool.net/showthread.php?3-UPDATES-AND-NEWS&p=116763&viewfull=1#post116763|(change server address to use)]] \\
WotanServer / other smartcard locked services? \\
hardware dongles: z3x box, Sonicsbox (Sonics SE Tools 1.120), cruiser cable, \\
jjpatcher+bpatch for CID80+ jar patcher \\
patch joiner or just add +1000; between patches \\
See [[sony_ericsson:links#forums|Link collection]] to find downloads. \\
===== Patch porting +tools =====
Learn how to port patches yourself if you want to. Do not start with patch creating, as you need to search and add hooks manually by looking inside firmware target. If you are new to all this, start programming elf first (it is much easier bc you do not need to know about hooks and offsets in firmware. If you want to create patches, first learn about patch porting and arm assembler (thumb instruction for most part of firmware). \\
To start patch porting, see these 4 video tutorials on YT made by blacklizard: \\
[[https://www.youtube.com/watch?v=oDMDYai_Up0]] \\
[[https://www.youtube.com/watch?v=mG5Dj9EhkSU]] \\
[[https://www.youtube.com/watch?v=8OFonc2gkXM]] \\
[[https://www.youtube.com/watch?v=2iQrq8wgNY0]] \\
\\
Patch porting tools downloaded somewhere 2011:
{{ :sony_ericsson:other:patch_porting_tools.zip |}} \\
Get relevant tools from [[https://justdanpo.ru/data/projects/gsm/]] \\
> use "read3150" also for DB3210 to retreive phone_app.cxc and use ida_cxcldr to open it in IDA \\
> there is no .raw for A2, only for DB2010/20 (for which you use GExtract, main2raw and babe2raw) \\
VKP means V_Klay Patch which is taken from a patcher tool for Siemens known as V_Klay Patcher. \\
Original v1:
;Phone model and firmware version
;Description
;Recommendations (optional)
;(c) Author
;(p) Porter (if patch is ported from any other phone/firmware)
;(!) Important information, for example: (!) HeapShift. (optional)
;(i) Not important information (optional)
;(r) Respects (or nickname of man who provided any information for patch) (optional)
;(e) Nickname of man, who edited patch's code changing patch's functionality (optional) (optional)
The v2. if I may call this like that, is described in SEDEV Recovery Patch Help:
1. "Created" - C, c, Copyright Symbol, also can be used TradeMark Symbol, but this symbol currently is not recommended - tag for creators of the patch.
2. "Edited" - E, e - this covers modding, enhancing or other changes from base patch.
3. "Updated" - U, u - this covers updating and big fixing only. Updating means that the developer changes date / time / credits / some very small enhancing can be addressed as update too.
4. "Ported" - P, p - Only for crediting people who ported patch.
5. "Idea by" - I, i - Registered Symbol can also be used - this covers all who assisted in development ONLY.
6. The Information Symbol ( circle with "i" in the middle ) - Can be used to add (!) type information, if needed - for informative part ( non-tagged comment lines ), compatibility, requirement or other important data.
\\
Open a dissassembler as IDA, apply the patch with the IDC script, disassemble it.
If you want to change it, write your .asm file and compile it with FASMARM.
1.- Open firmware in IDA (You know this step already?)
2.- Apply patch wih IDC script.
3.- Disassemble
4.- Make .asm file
5.- Port
6.- Reassemble
\\
Download idc.rar: [[icd-download]] downloaded x times \\
Download ARM Patch Compiler.rar: [[http://web.archive.org/web/20101128230944/http://se-developers.net/viewtopic.php?f=28&t=243|A GUI for Armpc (by Edgpaez on 17 Jan 2009)]]: downloaded x times \\
Entrypoint Converter 1.1 \\
[[cxc2raw download]] \\
http://web.archive.org/web/20101128170128/http://se-developers.net/viewtopic.php?f=38&t=771
http://www.se-developers.net/viewtopic.php?f=38&t=771
Cxc2raw
by mc_kibel on 03 Feb 2010 12:53
Hello,
it's a simple app by me (thanks to ndt and den_po).
I was too lazy to run winhex everytime after using read3150 :D
Just drag'n'drop phone_app.cxc file on .exe, that's all.
It autmatically detect if cxc header is 0x1000 (phone) or 0x2000 (read3150), then app removes header.
By the way app will show some info about current .cxc, for example:
cxc2raw
(c) mc_kibel
Thanks: ndt, den_po
File from: Read3150.exe
Cxc file size:
->30881440b
->30157kb
->29mb
Cxc header size:
->0x2000
->8192b
Platform: DB3210
Firmware base address: 0x14000000
Succes!
Press any key to continue...
Edit: Little update, sorry for that :D Support phone_app.cxc from DB3150 / DB3210 / and added DB3350.
\\
+14000000 for phone_app
+10000000 for phone_emp
There is a new version of elf2vkp: [[https://github.com/siemens-mobile-hacks/elf2vkp]] \\
There is a safer method than using heap for patches (explained by denpo on mobilefree): #TODO: insert link (I've lost it..) \\
**__se-developers.net archived links:__** \\
[[http://web.archive.org/web/20101128212417/http://se-developers.net/viewtopic.php?f=38&t=297|[Tutorial] Porting and Compiling ASM files]] \\
[[http://web.archive.org/web/20101128213057/http://se-developers.net/viewtopic.php?f=38&t=139|using Smelter]] \\
[[http://web.archive.org/web/20101128212559/http://se-developers.net/viewtopic.php?f=38&t=146|VKP Patch Structure]] \\
[[http://web.archive.org/web/20101128211618/http://se-developers.net/viewtopic.php?f=38&t=275|[Tutorial] Making ASM File]] \\
[[http://web.archive.org/web/20101128212044/http://se-developers.net/viewtopic.php?f=38&t=267|[Tutorial] Advanced patch porting]] \\
[[http://web.archive.org/web/20101128212141/http://se-developers.net/viewtopic.php?f=38&t=153|Porting Lib Functions]] \\
[[http://web.archive.org/web/20101128212648/http://se-developers.net/viewtopic.php?f=38&t=147|Open Firmware with IDA]] \\
[[http://web.archive.org/web/20101128172733/http://se-developers.net/viewtopic.php?f=38&t=825|Calculate phone_app base address]] \\
[[http://web.archive.org/web/20101128114755/http://se-developers.net/viewtopic.php?f=28&t=229|ARM Assembly]] \\
[[http://web.archive.org/web/20101128113845/http://se-developers.net/viewtopic.php?f=28&t=450|Writing patch in IAR and using elf2vkp?]] \\
[[http://web.archive.org/web/20101128113304/http://se-developers.net/viewtopic.php?f=28&t=537|findbl_IDA-Plugin]] \\
http://www.se-developers.net/viewtopic.php?f=38&t=250
[[sony_ericsson:forum_threads|Also see se-developers.net archive]] \\
\\
**Find more, usefull stuff at mobilefree** \\
===== Phone patches =====
#TODO: upload translated patches
==== C901 patches ====
__**In 2015 I have collected and saved all available patches on mobilefree.ru for C901 and google translated the non-english descriptions.**__ I've repeated it with other forums. \\
{{ :sony_ericsson:c901:patches:c901_patches_mobilefree-2016.zip |}}
Mandatory patches: \\
heapshift \\
elfpack \\
No-SIM patch \\
Keylock popup removal \\
video camera light as torch fix -> see my torch elf "Torch901"\\
Some patches need Drawstring fix and int2strid fix \\
To me, C901 is the perfect latest bar type SE phone. W995/C905 are awesome CID53 A2 phones too, but I cannot arrange with a slider. Sony camera module is IMO pretty good for photos, even better with driver mod. Recording video only useable for quick snapshot. Fell in love with the video-led as torch, unfortunately A2 phones cannot dim LED. Created elfs for tracking free call minutes, hireminder for alarm triggered by accelerometer and modified SEns9x input bcfg controls because I liked playing it so much. And the not-so-KISS-anymore TorchC901 elf. \\
I've actively used it as daily driver till mid 2023 and do sometimes w/o SIM. I felt forced to have a 1+6 lineageOS-microG phone in the world of google apps :'( \\
\\
I for myself joined the patches separated by **'+0'** and always flashed as a bunch. Following Is my personal archive of plugins for C901: \\
**#TODO: add dl-link** \\
==== K810 patches ====
K800 was my second SE phone type. It was a good phone and upgrade to K750. I loved the two top buttons in emulator games. The red camera focus LED could be used as flashlight. Decent photo camera with XENON flash. Had troubles with joystick, patch as workaround. M2 memory cards. Velour paint can get sticky after years (see lifehacks:liquid). \\
I had it crossflashed K800 -> K810 with fixed drivers. \\
I did not go so deep with K800, but I want to share the messy collection of my HDD anyways. \\
Mandatory patches: \\
On DB2020, flash fast access vkp. mandatory for way faster connection for patching. \\
Tartes mod elfpack 1.9.2 ? \\
Heapshift\\
No-SIM patch \\
red-led flashlight + key-trigger customization and jar lcd-screen colour light\\
Joystick workaround \\
**#TODO: add dl-link** \\
==== W800 patches ====
K750 was my first Sony Ericsson phone, which was crossflashed to W800, as soon as I got to know what magic was out there. \\
It is a good phone and a huge upgrade to my first&old Nokia 3510i. Patching and modding was awesome, the world of J2ME apps discovered. Had trouble with joystick, patch as workaround. Dimmable LED flash was awesome torch, triggered by camera shutter and flashing on incoming call. Useable camera for its times. The start of personal good ringtones and iMY. \\
\\ Following is the little stuff I have found on my HDD. \\
**#TODO: add dl-link** \\