====== Patches ======

Patches are saved as .vkp format, which is a renamed text file with description patch itself. Each patch line should start with an +offset to which address it is patched. You can revert patches as original content is first part after offset every line. You can join patches by adding **<del>+1000;</del>** between two patches, which just resets the offset value. Comments are done with ";" in front till end of line \\
#'must have' patches:
If you don't have SIM inside when you work on your phone, install patch for no SIM first. \\
See if there is are heapshift patches and apply chosen one. \\
Patch elfpack from [[https://justdanpo.ru/data/support/elfpack/]], it is [[sony_ericsson:compiled_elfs|the only thing you'll really need]]. \\
On DB2020 flash QuickAccess (QA) vkp. mandatory for way faster connection for patching.\\


Warning: You can brick your phone. I am not responsible. This is no guide, just a collection. Go read the warnings of everybody else, they apply here too. \\

===== Tools =====

ALWAYS make a backup your personal GDFS - FIRST! \\
<hidden tools liste here>
Have GordonsGate Driver set up.\\
SEUS (Sony Ericsson Update Service) is the official tool. Instead use: \\
Far manager with SEFP2 and CXC plugins + tutorials\\
-> ALT+F7 for search in FAR-Manager
->sefp2w.145 / 144 can not delete files on red phones! -> sefp2w.139 definitely works!
http://forum.farmanager.com/viewtopic.php?t=5163

[[https://sony.yt/topic/944-far-how-to-patch-permanently-a2-based-phones/]] \\
jdflasher (no A2)\\
A2-Uploader \\
XS++ \\
Setool2 Lite \\
SEMCtool v2.2 \\
SeTool2 [[https://support.setool.net/showthread.php?3-UPDATES-AND-NEWS&p=116763&viewfull=1#post116763|(change server address to use)]] \\
WotanServer / other smartcard locked services? \\
hardware dongles: z3x box, Sonicsbox (Sonics SE Tools 1.120), cruiser cable,  \\
jjpatcher+bpatch for CID80+ jar patcher \\
patch joiner or just add +1000; between patches \\
</hidden>
See [[sony_ericsson:links#forums|Link collection]] to find downloads. \\


===== Patch porting tools =====
Learn how to port patches yourself if you want to. \\

See these 4 video tutorials on YT: \\
[[https://www.youtube.com/watch?v=oDMDYai_Up0]] \\
[[https://www.youtube.com/watch?v=mG5Dj9EhkSU]] \\
[[https://www.youtube.com/watch?v=8OFonc2gkXM]] \\
[[https://www.youtube.com/watch?v=2iQrq8wgNY0]] \\
\\


Patch porting tools and tutorial: 
{{ :sony_ericsson:other:patch_porting_tools.zip |}} \\

Get relevant tools from [[https://justdanpo.ru/data/projects/gsm/]] \\

use "read3150" also for DB3210 to retreive phone_app.cxc and use ida_cxcldr to open it in IDA \\
there is no .raw for A2, only for DB2010/20 (for which you use GExtract, main2raw and babe2raw) \\

VKP means V_Klay Patch which is taken from a patcher tool for Siemens known as V_Klay Patcher. \\
<hidden Show vkp convention>
<code>
Original v1:

;Phone model and firmware version
;Description
;Recommendations (optional)
;(c) Author
;(p) Porter (if patch is ported from any other phone/firmware)
;(!) Important information, for example: (!) HeapShift. (optional)
;(i) Not important information (optional)
;(r) Respects (or nickname of man who provided any information for patch) (optional)
;(e) Nickname of man, who edited patch's code changing patch's functionality (optional) (optional)

The v2. if I may call this like that, is described in SEDEV Recovery Patch Help:

1. "Created" - C, c, Copyright Symbol, also can be used TradeMark Symbol, but this symbol currently is not recommended - tag for creators of the patch.
2. "Edited" - E, e - this covers modding, enhancing or other changes from base patch.
3. "Updated" - U, u - this covers updating and big fixing only. Updating means that the developer changes date / time / credits / some very small enhancing can be addressed as update too.
4. "Ported" - P, p - Only for crediting people who ported patch.
5. "Idea by" - I, i - Registered Symbol can also be used - this covers all who assisted in development ONLY.
6. The Information Symbol ( circle with "i" in the middle ) - Can be used to add (!) type information, if needed - for informative part ( non-tagged comment lines ), compatibility, requirement or other important data.
</code>
</hidden> \\

See [[se-archive|se-developers.net archive]] \\
<hidden idc howto>
<code>
Open a dissassembler as IDA, apply the patch with the IDC script, disassemble it.
If you want to change it, write your .asm file and compile it with FASMARM. 

1.- Open firmware in IDA (You know this step already?)
2.- Apply patch wih IDC script.
3.- Disassemble
4.- Make .asm file
5.- Port
6.- Reassemble 
</code>
</hidden> \\
Download idc.rar: [[icd-download]] downloaded x times \\
Download ARM Patch Compiler.rar: [[http://web.archive.org/web/20101128230944/http://se-developers.net/viewtopic.php?f=28&t=243|A GUI for Armpc (by Edgpaez on 17 Jan 2009)]]: downloaded x times \\

Entrypoint Converter 1.1 \\

[[cxc2raw download]] \\
<hidden cxc2raw release note>
<code>
http://web.archive.org/web/20101128170128/http://se-developers.net/viewtopic.php?f=38&t=771
http://www.se-developers.net/viewtopic.php?f=38&t=771

Cxc2raw
by mc_kibel on 03 Feb 2010 12:53


Hello,
it's a simple app by me (thanks to ndt and den_po).
I was too lazy to run winhex everytime after using read3150 :D
Just drag'n'drop phone_app.cxc file on .exe, that's all.
It autmatically detect if cxc header is 0x1000 (phone) or 0x2000 (read3150), then app removes header.
By the way app will show some info about current .cxc, for example:


    cxc2raw
    (c) mc_kibel
    Thanks: ndt, den_po
    File from: Read3150.exe
    Cxc file size:
    ->30881440b
    ->30157kb
    ->29mb
    Cxc header size:
    ->0x2000
    ->8192b
    Platform: DB3210
    Firmware base address: 0x14000000
    Succes!
    Press any key to continue...


Edit: Little update, sorry for that :D Support phone_app.cxc from DB3150 / DB3210 / and added DB3350.
</code>
</hidden>

**__se-developers.net archived links:__** \\
[[http://web.archive.org/web/20101128212417/http://se-developers.net/viewtopic.php?f=38&t=297|[Tutorial] Porting and Compiling ASM files]] \\

[[http://web.archive.org/web/20101128213057/http://se-developers.net/viewtopic.php?f=38&t=139|using Smelter]] \\

[[http://web.archive.org/web/20101128212559/http://se-developers.net/viewtopic.php?f=38&t=146|VKP Patch Structure]] \\

[[http://web.archive.org/web/20101128211618/http://se-developers.net/viewtopic.php?f=38&t=275|[Tutorial] Making ASM File]] \\

[[http://web.archive.org/web/20101128212044/http://se-developers.net/viewtopic.php?f=38&t=267|[Tutorial] Advanced patch porting]] \\

[[http://web.archive.org/web/20101128212141/http://se-developers.net/viewtopic.php?f=38&t=153|Porting Lib Functions]] \\

[[http://web.archive.org/web/20101128212648/http://se-developers.net/viewtopic.php?f=38&t=147|Open Firmware with IDA]] \\

[[http://web.archive.org/web/20101128172733/http://se-developers.net/viewtopic.php?f=38&t=825|Calculate phone_app base address]] \\

[[http://web.archive.org/web/20101128114755/http://se-developers.net/viewtopic.php?f=28&t=229|ARM Assembly]] \\

[[http://web.archive.org/web/20101128113845/http://se-developers.net/viewtopic.php?f=28&t=450|Writing patch in IAR and using elf2vkp?]] \\

[[http://web.archive.org/web/20101128113304/http://se-developers.net/viewtopic.php?f=28&t=537|findbl_IDA-Plugin]] \\

http://www.se-developers.net/viewtopic.php?f=38&t=250

[[a|a]] \\
\\
**Find more, usefull stuff at mobilefree** \\
===== C901 patches =====
To me, C901 is the perfect latest bar type SE phone. W995/C905 are awesome CID53 A2 phones too, but I cannot arrange with a slider. Sony camera module is IMO pretty good for photos, even better with driver mod. Recording video only useable for quick snapshot. Fell in love with the video-led as torch. Created elfs for tracking free call minutes, hireminder for alarm triggered by accelerometer and modified SEns9x input bcfg controls because I liked playing it so much. And the not-so-KISS-anymore TorchC901 elf. \\
I've actively used it as daily driver till mid 2023 and do sometimes w/o SIM. I felt forced to have a 1+6 lineageOS-microG phone in the world of google apps :'( \\
In 2015 I collected and saved all available patches on mobilefree.ru for C901 and google translated the non-english descriptions. I've repeated it with other forums. \\

heapshift \\
elfpack \\
No-SIM patch \\
Keylock popup removal \\
video camera light as torch fix | see my other "cool" elfs\\

\\
I for myself joined the patches separated by **<del>'+1000'</del>** and always flashed as a bunch. Following Is my personal archive of plugins for C901. \\

===== K810 patches =====
K800 was my second SE phone type. It was a good phone and upgrade to K750. I loved the two top buttons in emulator games. The red camera LED could be used as flashlight. Decent photo camera with XENON flash. Had troubles with joystick, patch as workaroud. M2 memory cards. Velour paint can get sticky after years (see lifehacks:liquid). \\
I had it crossflashed K800 -> K810 with fixed drivers. \\
I did not go so deep with K800, but I want to share the messy collection of my HDD anyways. \\
On DB2020, flash fast access vkp. mandatory for way faster connection for patching. \\
Tartes mod elfpack 1.9.2 ? \\
Heapshift\\
No-SIM patch \\
red-led flashlight + key-trigger customization and jar lcd-screen colour light\\
Joystick workaround \\
===== W800 patches =====
K750 was my first Sony Ericsson phone, which was crossflashed to W800, as soon as I got to know what magic was out there. \\
It is a good phone and a huge upgrade to my first old Nokia 3510i. Patching and modding was awesome, the world of J2ME apps discovered. Had trouble with joystick, patch as workaround. Dimmable LED flash was awesome torch, triggered by camera shutter (A2 cannot dim) and flashing on incoming call. Useable camera for its times. The start of personal good ringtones and iMY. \\

\\ Following is the little stuff I have found on my HDD. \\