A great tutorial for creating ROKR E1 full flash and to patch it to work on E398. Posted by Yrovi in this thread
Creating Fullflash for E1
1. Using flashbackup, make custom range backup of this address: 10040000-12000000. This will create backup of almost everything sans BL and PDS. Since it is not full 32 MB in size, FB will refuse to make fullflash out of it. You need a hex editor to add empty 256 KB at the beginning of the file to expand its size to 32 MB.
2. Open the bin backup in xvi32. Make sure the cursor is at the beginning of the file. In edit > insert string:
- Insert: Hex string
- Value: 00
- Insert times: hexadecimal, value: 40000
3. Save it, e.g: "proper size full backup.bin"
4. Use the file to generate E790/E1 ROKR fullflash from flashbackup
Patching E1 fullflash for E398
I won't write detailed step by step here, as this is intended for people who are familiar with modding.
1. Split E1 fullflash with shxcodec.
2. Edit CG1 and CG18 smg with hex editor.
Replace the original values at this offsets with these values:
At the beginning part (this is CG0):
The middle part:
- Locate this hex values: 396BE59FC000. You should find it in the middle part of CG1
- Right above it you should see quite a few of this hex pattern: 47 78 46 C0
- Replace the fifth of that pattern (counting from the bottom up from current location) with 20 01 47 70
- Save it as different file with .smg extention.
Replace the first 16 bytes with these values:
Replace the original cg1 and 18 with the patched ones in shxcodec, compile it to a nex shx, and there, your patched firmware
Things to consider before flashing:
Some version of shxcodec (can't remember which ones) incorrectly written wrong address of codegroups in the ramdownloader. Split your patched MP and compare its ramdownloader with other ramdownloader that has similiar cg structure and make sure there are no difference in codegroups addresses. To check them manually:
codegroup, memory address, offsets in file:
3, 10040000-1007FFFF, 110-117
1, 10080000-10CFFFFF, 100-107
15, 10D00000-10F3FFFF, 170-177
4, 10F40000-110FFFFF, 118-11F
2, 11100000-11F5FFFF, 108-10F
7, 11F80000-11F90000, 130-137
18, 11FE0000-11FE07FF, 188-18F
Hope that helps.