Saturday, September 22, 2007

my w810i, service cable and file system hacking.. :)

Well, i've been working off and on with my W810i (make that 2, long story w/the whole one not working an then buying a 2nd used one on ebay and then frankensteining the best parts from each into a 'new' W810i, mwaa) and trying to hack it.

the best site to for CID49 hacking is one of my hangout sites, . a few members over there were the first to get into the CID49 filesystem using free apps and a service cable. mad props to the original hackers! so, the last few weeks i've been doing a ton of reading and playing. i'm using my w810i w/the weird battery problem as my test machine and i purchased a totalmultiserver credit just in case (use it to flash the firmware if i mess it up bad).

the first few tries of mine were unsuccessful. i didn't have a service cable or the right firmwares or tools. also, trying to understand the whole process was very confusing w/the conflicting guides and all. so last week i received my 2in1 service cable (self-powered, usb) and finally figured out how to get it all working and fix my phone if i screw up.

here's a quick overview of what you need to do and need (a full recipe will be posted over at later this weekend).

Things you will need:
-W810i phone
-Service Cable (cruizer, 2in1, 4in1 will work)
-DCU-60 USB cable (optional, you can use this for all operations except the completing in SEMCtool)
-XS++ (software, for flashing)
-W810i firmware files (FS and MAIN, i would recommend using R4CK003; also try to match the FS and MAIN regions, i used HK for both)
-Far Manager and SEFP plugins (also has the 'magic' firmware that lets you get to the FS via far manager)
-SEMCtool v8.4 Free (i use this only for completing the flash after the first flash, also it will only work w/certain firmwares; R4CK003 works)

WARNING! I am not responsible for any possible bricking of phones; hacking your phone involves a risk which you accept. This may also void warranty w/Sony too.

Also, BACKUP ALL DATA prior to doing this. Firmware flashing will wipe the whole phone when you flash the FS (filesystem).

Flashing the Main and FS Firmware:

  • Install the USB Flash Drivers for your Service Cable, also do the same for your DCU-60 cable (one that came w/phone).

  • Download and install XS++

  • Open XS++. Power off your phone, remove sim card and ms and battery. Put battery back in but leave off.

  • Click on Start in XS++, hold the C button on your W810i and connect it to your DCU-60 USB Cable. Once you do this, you will see the status log bring up some information about your phone. Now click the check boxes next to "Flash Main Firmware" and "Flash File System". Browse to the firmware files (i used W810_R4CK003_FS_HONGKONG.fbn for my FS and W810_R4CK003_MAIN_HONGKONG.mbn for my MAIN). Leave the Customize File System unchecked; we will do the completing/finalizing of the phone in SEMCtool w/our service cable.|

  • Click Flash to start the flashing. It should only take a few minutes to do. Once its done. Remove the cable and the battery. Put your battery back in and power up your phone. It may take a few seconds to power up and once it does it will give you a please wait. the phone is just customizing itself for the area (languages, settings, etc); let it finish. once your at your Startup Menu you can power off the phone. If you go into Start Phone, you prob will get a configuration error; this is because we have not completed/finalized the phone.

Completing the Phone w/SEMCtool v8.4 Free and a service cable:

  • Open up SEMCtool v8.4 Free.

  • Remove your battery and put back in and connect to service cable.

  • Go to the Flash ARM option.

  • Click on the "Complete phone after flash use after flash FS File" option.

  • Click Do Selected Jobs.

  • You will be asked to remove the battery and unplug and replug, do as it tells you.

  • Once it finishes (again, takes about 3-4 minutes), remove your battery, pop in your SIM card, and power up your phone. Hopefully you will get the setup wizard and not an error.

We now should have a very hackable firmware on our phone, R4CK003 and also a working phone. R4CK003 is nice because SEMCtool repairs will work on it and you can easily complete the phone vs bruteforcing w/XS++ (which also takes up to 10 hours).

Now we can easily use Far Manager and the SEFP plugin to hack our FS file system.

Quickie on Far Manager and Adding more flash themes:

  • First, you will need to flash the magic firmware ( w810_p3k_dcu.49R.ssw ) to your W810i. Open up XS++ and click Start, connect your phone w/C button held. Choose ONLY THE "Flash Main Firmware" option. Browse to the w810_p3k_dcu.49R.ssw file and hit Flash.

    It should only be a 5 block flash and may hang on Finishing Flash. Just click Stop and yes to warning.

  • Download and install Far Manager and also be sure to install the SEFP sony patches.

  • Open Far Manager.

  • Hit F11 to bring up the plugin window, go to the SEFP option.

    Choose your cable type, i prefer to use my DCU-60. Otherwise, if you use your service cable, choose the appropriate com port and speed (for mine, com4, 921600 speed). Then click on "Enter the Matrix"

  • Let it connect, it may take a minute or two to get to the main screen (shows MAIN and FS as options).

  • Once you see MAIN and FS, double-click on FS (file system), we can now copy files and edit files in the W810i's file system. In this example, lets add some more flash themes!


  • just copy the flash files (.swf) to here.

    Once your done, click the ".." until you get a warning "Do you wish to SHUTDOWN CSFSloader?", choose Yes and then exit Far Manager.

  • Lastly, we will need to reflash our MAIN firmware back to the phone to get it to work. Open up XS++ and click Start. Connect your phone holding the C button and click the "Flash Main Firmware" option. We will want to again use the MAIN R4CK003 Main firmware i used previously (this way we will not need to Complete the phone again or bruteforce it if we didn't have a servicecable). Click Flash.

  • Once your done, remove and put back in the battery and power up the phone. To get the flash themes to work, you will also need the .thm theme file on your phone or memory stick.

Hopefully that made a little more sense! Happy hacking!

Also, a quick and easy way to get rid of both the camera focus and shutter sounds is to create a text file called: camerafocus.txt and then rename to camerafocus.3gp, do the same w/camershutter.3gp. Then in Far Manager copy the 0 byte files we created to the FS\TPA\preset\system\sound !