EVERYONE BEWARE - THERE IS NO BACKUP OF YOUR CURRENT ROM IF YOU SCREW UP. THERE IS ALWAYS A POSSIBILITY OF KILLING YOUR IPAQ

Still doing some testing on the working product, but yes it's done. Basically bypassed the CRC check in the SKD.dll file and updated the nbf headers to match the 6315 specs. I'll post photos of the new bootup screen...

I've been digging a bit too, although I was trying to extract my old ROM first.

Let have more detail on what you patched/edited in the DLL etc.

cheers...

Of course I tried so much stuff I can't remember exatly...but in the ipaqcsdk.dll there are subroutines that do a CRC file check and a CRC header check. basically change the jumpzero commands to jumps. then in each NFB file I changed the headers to match the 6315. 631X vs 636X, etc. Big stumper was the text is all like 13 chars off. What I mean is if you look at the headers, a is really n, b is really o, c is really p, etc.

Changed the header references version #'s only (paying special attention to spaces, etc.) to match what the "wrong device" error dialogue said it was looking for. (1.00.01 vs the 1.00.38, etc.)

HEREs the BIG TIP and where I was stuck for some time. There is also text in the nbf headers that says "Pneevre-Tra" . This reads "Carrier-Gen". Change this in the headers to "Pneevre-GZB" which translates to "Carrier-TMO". Note this APPEARS to be case sensitive.

Maybe you can figure out the crc method and not have to edit the DLL and just update the CRC in the NBF files but I could not.

Really cool features on the 6365 that aren't on the 6315 for using w/other carriers (automatic GPRS, etc.). BT is version 3400 now, etc. Neat stuff.

thx. Interesting re: the 16 chars ascii addition. sneaky.

i noticed the IPAQROM.NBF has all the WAP gateway IP login info and apn names for all providers. This will probably be helpful for folks that are on Cingular etc (where they hide this info).

I wonder if a comparison with the 6340 and 6365 would be enough to figure out the checksum...probably not, but i may look.

I think the checksum is simply a calculation against the NFB file itself and I think the results are the first few lines in each NFB file.

It appears to grab the GPRS settings from the network itself.

This is excellent news! Does it mean your PDA now shows as 6365 after the ROM update? Can you post the files you changed here? Thank you!

Shows as a 6315 since I rewrote the ROM header and that's apparently where the info comes from. As an added bonus all that TMobile crap is gone now.

I'd prefer not to post file here for obvious reasons. You can see my NBF instructions above. As for the CRC bypass open ipaqpcsdk.dll in a hex editor. Bytes 000030E5, 0000310B need to both be changed to EB. (I think they are 74 currently if memory serves).

OK, AT YOUR OWN RISK!!!

edit

edit

edit

sorry for all these "edit" posts...computer issues.

thx beaups, saved me some time

I'm now upgraded to a 6365 ROM on my 6315.

- Nice networking screen that allows you to change more phone network settings.

- Standard HP bootupscreen (not tmo)

Glad it worked for you.

hello beaups, could you please tell me how to change the jumpzero commands to jumps?

as above...
As for the CRC bypass open ipaqpcsdk.dll in a hex editor. Bytes 000030E5, 0000310B need to both be changed to EB. (they are 74).

get winhex (you'll need full version to save) or any hex editor and find the addresses I referenced above and change them to EB.

i just did a soft reset. now all i'm getting is vertical bars, no bootup. wierd.....

I've done several no issues. You didn't restore from backup did you? Need to freshly reinstall all apps.

I think it's important to make sure ALL nbf files are correctly edited. When the update shows you the available updates you should see a bootloader update, GSM updates, rom updates, etc. If any are missing you need to relook at everything to make sure it's just right.

Any luck yet? Did you try a hard reset?