Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[UPDATED 8/26/2014]HTC 8x wp8 GDR2 UEFI Extracted From .cab update

OP grilledcheesesandwich

15th August 2014, 05:32 PM   |  #11  
Member
Thanks Meter: 18
 
73 posts
Join Date:Joined: Sep 2013
More
Quote:
Originally Posted by grilledcheesesandwich

i tarballed the bios after i extracted it so i could browse it in a flatview

Problem is, even if you manage to repack the different modules, (You could Use Andys Tool for that, I got into Bios modding some time ago ) the phone will detect it and since the signature has been broken it won't flash. But I am quite interested in the volume dump since I have a HTC 8S motherboard stuck in recovery mode because I tried to flash the 8X rom on it, with the 8S signature ('t was an accident) You could try to get the offset you need to change with UIFR by Donovan http://donovan6000.blogspot.de/2014/...extractor.html

cheers, hutchinsane_
15th August 2014, 05:59 PM   |  #12  
Senior Member
Thanks Meter: 251
 
300 posts
Join Date:Joined: Nov 2006
More
@grilledcheesesandwich I noticed lol.

From what I can gather, if one uses the Y-Cable method to flash the HTC 8x, it bypasses the signature checking done by the standard RUU. I do know that the nbh files for the HTC 8x are unencrypted. I have always wondered about hand-editing the mainOS partition to enable a developer unlock for our devices. The only issue is that I have the T-Mobile variant, which has AWS HSPA+ enabled and unlocked. This radio firmware is not in the standard RUU for the EURASIA ROMS, so I never bothered with it because I Can't lose AWS support.
The Following User Says Thank You to compu829 For This Useful Post: [ View ]
16th August 2014, 07:46 AM   |  #13  
OP Member
Thanks Meter: 30
 
82 posts
Join Date:Joined: Oct 2013
More
Quote:
Originally Posted by hutchinsane_

Problem is, even if you manage to repack the different modules, (You could Use Andys Tool for that, I got into Bios modding some time ago ) the phone will detect it and since the signature has been broken it won't flash. But I am quite interested in the volume dump since I have a HTC 8S motherboard stuck in recovery mode because I tried to flash the 8X rom on it, with the 8S signature ('t was an accident) You could try to get the offset you need to change with UIFR by Donovan http://donovan6000.blogspot.de/2014/...extractor.html

cheers, hutchinsane_

ok here is what i have so far. Ideas are still out there.
I need to find a tool that can extract a perfect capsule. from the uefi. even though the uegi binary partition is write protected. the capsule may be writeable. no need to worry about signatures and keys as long as the capsule is back to its origiinal size and expands as normal after being flashed to the device. also no alteratiin can been done to Security module within the capsule. thats ok because all the modules are contained within there own class and to do not require signature verification. this has worked with Intel and Amtel Uefi bios. From what i can tell Htc8x has an embedded amtel at24c128bn eeprom security chip present and if there eeprom is as easy as there tpm (trusted platform module) being used for security validation in uefi bios boot process used on pc motherboards we should in some theory be the case here too.
My overal plan is not to only expand the new development into custom roms. the plan is to fully defy microsofts most secure mobile retail device by handing them a fully customizeable device without loosing the featured security.
To my knowledge every htc 8x has the built in feature to change usb connection mode when pluged in to a pc. the only reason we cannot use this feature the same feature offered in pre android 4.3 devices is because the value in the registry is set to disableDialogmenu and the value is set to (1). i think if we can change this to (0) wen will have a popup menu present when plugging in to a pc. i found this key earlier today while searching my phones registry. i will post up this key later.

Another is Andrid. HTC One S Ville U has identical hardware. believe this the hboot for ville U is built just like the uefi for the 8x. so close in fact like you can cee the ebl module refrences the ville u. ok so heres more. when i tore apart ruu ville u i found the exact same files that exist withing the ruu accord. the files im refering to are the platform info files that check for firmware cimpatibility. the only alteration needed would be to replace the secure boot binaries in the ville u rom.zip and inject my certificates i have been holding onto.

i have 2 platform verification keys (pvk) i have found from encrypted jtag nand dumps. probably useless. itsva good refrence start on a possible challenge with DPP partition.
l

self signing certs is not a problem. i have everything to work around the issue of kek db dbx ovk and pvk keys and certificates. found a dev who put together a wpdeveloper pack that creats all needed certificates for wp soc oem ihv developemt and also remotly sets up all the needed requirements and resources to build and flash a signed ffu. i can assure hyc 8x ffu exist. but the only way to get a qualcomm accord u full flash uodate is to build it. you do not have to be an oem to build a ffu. there is a process to doing this. all you need is to create an empty zip archive labeled corrextly likr how nokia ffus look. add a specific xml soap scripts. similar to.the ones for cab update checks. mainly the cabs that are labeled emptypackage.
ive came across a few but not enough. i think a workaround would he microsoft cabinet sdk. to rebuild. whats missing. the cab that contaijes all the xml provision licenses is needed for the ffu build. as well. now the documentation on the wpoem site says you need the phone image design tool to build a ffu........o darn dead end.... nope the is another way. some confedientel ihv documents demonstrate like rhe above mentoned empty zip file correctly labeled with correct xml scemas layed out then added to the zip. you must setup your pc environment with microsoft client connextion to redmond. they validate you contoso build zip is accurate and if doen correctly you will returned with a fully built full flash update package. theres lots i didnt not mention. i should not.

so any ways. back to the topic. once i can find all the correct libraries to correctly rebuild this uefi all options will be on the table. moke like endless opportunities in customizations and features. well almost.

litsvofbwork needs done. anybody else has gots guts to conqueror with me head over to mydigitallife and sure uobthere endless threads on uedi bios hacking.


i completely sandboxied hck adk win sdk win kits wpsdk ack and vs2013. zi



ffutool.exe & ffuresources.dll


sent from the moon
The Following User Says Thank You to grilledcheesesandwich For This Useful Post: [ View ]
16th August 2014, 09:29 PM   |  #14  
OP Member
Thanks Meter: 30
 
82 posts
Join Date:Joined: Oct 2013
More
Quote:
Originally Posted by compu829

@grilledcheesesandwich I noticed lol.

From what I can gather, if one uses the Y-Cable method to flash the HTC 8x, it bypasses the signature checking done by the standard RUU. I do know that the nbh files for the HTC 8x are unencrypted. I have always wondered about hand-editing the mainOS partition to enable a developer unlock for our devices. The only issue is that I have the T-Mobile variant, which has AWS HSPA+ enabled and unlocked. This radio firmware is not in the standard RUU for the EURASIA ROMS, so I never bothered with it because I Can't lose AWS support.

i have a rom that supports aws hspa. its not directly tmobile its a wwe rom. also mine is also a tmobile usa variant. and the weird part is its not the same as the other usa versions mine has full lte and gsm support and at one time was sim unlocked. the serial number traced back to being built in germany and was sold here in the usa


I IM GOING TO HELP EVERYONE OUT HERE AND HOST MY COLLECTION OF HTC8X ROMS. AND 8S ROMS.. I keephearing that there is only 2 versions available for the 8x. im going to give everybody at least 6.

Sent from my Galaxy Nexus using XDA Free mobile app
Last edited by grilledcheesesandwich; 17th August 2014 at 03:53 AM.
The Following User Says Thank You to grilledcheesesandwich For This Useful Post: [ View ]
17th August 2014, 12:31 AM   |  #15  
OP Member
Thanks Meter: 30
 
82 posts
Join Date:Joined: Oct 2013
More
Quote:
Originally Posted by hutchinsane_

Problem is, even if you manage to repack the different modules, (You could Use Andys Tool for that, I got into Bios modding some time ago ) the phone will detect it and since the signature has been broken it won't flash. But I am quite interested in the volume dump since I have a HTC 8S motherboard stuck in recovery mode because I tried to flash the 8X rom on it, with the 8S signature ('t was an accident) You could try to get the offset you need to change with UIFR by Donovan http://donovan6000.blogspot.de/2014/...extractor.html

cheers, hutchinsane_

ifr extractor does not work with a htc 8x uefi binary. i got an error instantly i might be doing something wrong. i will do more ttesting with that one.

i heard there was some uefi bios devrlopement going on with the htc one. it may be possibkr to incorporate some of there knowledge into this project. the boards have some similarities minus the processor cores ram and so on. i do know that msm8960 code is compattable with msm8260a htc8x and apq8064 htc one, dna, and ny fAvorite my ifc6410 qualcomm snapdragon 600 itx motjerboard.

if you have the uefi cab update for your htc8s i could eztract a dump of it for you and send it back.
The Following User Says Thank You to grilledcheesesandwich For This Useful Post: [ View ]
18th August 2014, 09:04 AM   |  #16  
OP Member
Thanks Meter: 30
 
82 posts
Join Date:Joined: Oct 2013
More
@
Quote:
Originally Posted by compu829

radio software version is 1.17b.32.19.14_15.62b.32.19
Firmware revision is 3030.0.34101.531
UEFI bootloader version is 0.0.3030.0(173542)
Chipset is the 8260A

Interestingly enough, in the about page is a spot that says "IMS: Not Registered"...I wonder if they are slipped in Wi-Fi calling support and didn't tell anyone?

from the HTC screen:

PM2322002 P S WP8 I
SBL1-303.000.R15
SBL2-303.000.110
SBL3-303.000.008
RPM-303.CRC.76B
TZ-303.000.241
UEFI-0.0.3030.0(173542)
OS-3.41.531.01
eMMC SMS 14910MB F-15
CID T-MOB010
Radio-1.17b.32.19.14_15.62b.32.19
MSM8260A v3.2.1-p1 0x707910e1
Krait:Nom Q6:Fast VDDCX:SLOW 0x30400
Touch FWS1:1195017,13106,41434467
Vdd_dig - 0.5v, 0x4

nice only difference is mine is nom slow. I have a a rom that is almost identical too. what i have found out is that some of the nbh htc windows phone 8 roms floating around out there are incorrectly labeled even the 512kb headers are wrong too. when tearing down and dissecting some of these. it seems as though the partitions change. for instance i have 2 identical extractions and on one change all permissions to alow remote users and any nt or network admin or authority to full control. let all the ruu files give 100% internet access through your firewall. now copy run the ruu in dependency walker and find all the files that the ruu is Depends on. most are in windows active sync installer the others are in you phone. and need to be extracted to and copied to the ruu folder. why am i telling you this? you probably know this being a senior member.

on that note. Ive noticed that the 8s and 8x are obviously different than legacy windows mobile mainly due to gpt guid partition format. within system files from my phone and 8x ruu i have found references to Leo, hd2, Shubert, startrek, Hermes, and a few others. which that lead me into researching how wm, wince, wp7 and ec2013 devices were built using Microsoft sdk's. from what i can see to the best of my knowledge is that newer platforms still use the some of the same source as older designs and even though bsp kits for older builds are not one click compatible with the ec2013, shuffle a few files around and match the folder structures & alter some lines of code for embedded compact and one will just have incorporated classic features into a brand new operating system. i do not believe Qualcomm or Microsoft are hiding easter eggs. my guess is it was all htc. ok so last year i bought an evo shift. yea yea funny haha. i was bored so i got this phone, unlocked it, raw dumped every partition and hex away. in the hboot 7630 build i found strings that referenced windows ce. i never took it any further than that. but i can see now that htc has sloppy source control. or they did this on purpose to see if anybody would catch on.

ok back to wp8. i will make this part quick. the wp8.1 sdk leaked emulator dump OEMprovisioning.exe app can be executed on x64 bit win8.1 desktop pc. strange. i found some registry keys and drivers that allows my phone to run applications in win32 compatibility mode. enough said. i still do not know how it and be incorporated into apps.

about wifi calling. mine says ims not registered too. i dont care on mine. its only purpose to be hacked.

i need to do some work on file write/read app. it some what works. start tiles disappear an it broke my wifi. i need to incorporate the app into a file manager maybe GoodDayToDie's webserver app.

Sent from my Galaxy Nexus using XDA Free mobile app
Last edited by grilledcheesesandwich; 18th August 2014 at 11:27 AM.
24th August 2014, 02:44 PM   |  #17  
utopiate's Avatar
Senior Member
Thanks Meter: 43
 
117 posts
Join Date:Joined: Feb 2011
More
The above is way above my understanding but I have a 8X that I'm more than willing to test with. Let me know if you need some testing
25th August 2014, 10:20 PM   |  #18  
OP Member
Thanks Meter: 30
 
82 posts
Join Date:Joined: Oct 2013
More
Quote:
Originally Posted by utopiate

The above is way above my understanding but I have a 8X that I'm more than willing to test with. Let me know if you need some testing


kind of dangerous if you ask me. if your phone is already bricked and its just lying around as DEAD WEIGHT then whats the worst that could happen. let me throw some stuff together. what is theconditin of your phone?


Sent from my Galaxy Nexus using XDA Free mobile app
26th August 2014, 06:16 PM   |  #19  
utopiate's Avatar
Senior Member
Thanks Meter: 43
 
117 posts
Join Date:Joined: Feb 2011
More
Its in fine working order running the dev preview and so a but buggy. I'm just about to get a new phone so I don't mind testing with it
26th August 2014, 07:31 PM   |  #20  
OP Member
Thanks Meter: 30
 
82 posts
Join Date:Joined: Oct 2013
More
try the hawaei w1 rom flashing method.
i found some registry keys that refrence simpleio.efi in the tmobile variant 8x

Sent from my Galaxy Nexus using XDA Free mobile app

Post Reply Subscribe to Thread

Tags
htc 8x wp8 gdr2 uef ebl
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes