Professional Documents
Culture Documents
1. Use FlashBackup to create custom range backup of this address: 10040000-12000000. The
custom range excludes bootloader and pds, which is required to get around rokr bootloader protection.
Choose 'Additional loader for 32 MB' from the dropdown list at the bottom. This allows you to create
backup in normal speed, which takes about 5 minutes to complete (thanks to cdtrix for the info). You
can also untick the checkbox to make a backup, but the process will take around 2.5 hours to finish.
Check "Disable backup compression and support of compressed backups" in Backups page to get
backup in .bin format directly. Without that option checked, by default FlashBackup creates compressed
backup file with .fbp extension. You can get the uncompressed binary backup by renaming the .fbp file
to .cab, then extract it with compression utilities like winzip, winrar, and others.
Since it is not full 32 MB in size, FB will refuse to make fullflash out of it. You need a hex editor to add
empty 256 KB at the beginning of the file to expand its size to 32 MB.
2. Open the bin backup in xvi32. Make sure the cursor is at the beginning of the file. In edit > insert
string:
  - Insert: Hex string
  - Value: 00
  - Insert times: hexadecimal, value: 40000
ÂÂ
4. Use the file to generate E790/E1 ROKR fullflash from flashbackup. Save the flash in cd/dvd and keep
it in a safe place. You will need it later when your modding went wrong, or you need to come clean
before claiming the warranty because of hardware problems etc.
Patching E1 fullflash for E398
I won't write detailed step by step here, as this is intended for people who are familiar with modding.
CG1
Replace the original values at this offsets with these values:
• Locate this hex values: 396BE59FC000. You should find it in the middle part of CG1
• Right above it you should see quite a few of this hex pattern: 47 78 46 C0
• Replace the fifth of that pattern (counting bottom up from current location) with 20 01 47
70
• Save it as different file with .smg extention.
CG18
Replace the first 16 bytes with these values:
Offsets: hexadec.
0: E5
1: 9F
2: 10
3: 04
4: E5
5: 91
6: 10
7: 00
8: E1
9: 2F
A: FF
B: 11
C: 10
D: 04
E: 00
F: 00
Save it.
Replace the original cg1 and 18 with the patched ones in shxcodec, compile it to a nex shx, and there,
your patched firmware
Some version of shxcodec (can't remember which ones) incorrectly written wrong address of
codegroups in the ramdownloader. Split your patched MP and compare its ramdownloader with other
ramdownloader that has similiar cg structure and make sure there are no difference in codegroups
addresses. To check them manually:
-Yrovi-
www.motomodders.net