Interop-Unlock Lumia 800 plus bootloader and NAND access [Q&A]

Search This thread

saud__19

Senior Member
Dec 26, 2008
127
18
Riyadh
I have my lumia 710 with revision 2.1
I had a locked bootloader, but I have unlocked it while flashing 12050 firmware with NCS. Really interesting

---------- Post added at 01:17 PM ---------- Previous post was at 01:05 PM ----------

http://narod.ru/disk/45935058001.2aaca38c9acf622332f4a81b5bf0e331/RM-803.rar.html

.not sure, but I think I've flashed my lumia 710 with this firmware and had unlocked my bootloader

well maybe someone with Lumia 710 dload try to flash. Actually, i already have lumia 800. i was thinking of flashing this firmware then try the steps to interop. by the way it is hard to download from the Russian website so i uploaded the file on mediafire after split it into two files.

file 1: http://www.mediafire.com/?79z739zzf5cuhxa

file 2: http://www.mediafire.com/?6fed8oaz87j9ln9
 
  • Like
Reactions: xorizont

g-gabber

Member
Apr 15, 2012
26
16
Ебать!
Hi,

I have Nokia 710 with a locked bootload.
I'm going now to download this firmware and will try to flash it with NCS.
I will post a result soon.

BR
 

g-gabber

Member
Apr 15, 2012
26
16
Ебать!
Damn, great!

This is true managed to unlock the bootloader :)
Big thanks goes to xorizont, Спасибо дружище!

PHP:
Device Descriptor:
bcdUSB:             0x0200
bDeviceClass:         0x00
bDeviceSubClass:      0x00
bDeviceProtocol:      0x00
bMaxPacketSize0:      0x40 (64)
idVendor:           0x05C6 (Qualcomm, Inc)
idProduct:          0x9006
bcdDevice:          0x0000
iManufacturer:        0x03
0x0409: "Qualcomm, Incorporated"
iProduct:             0x02
0x0409: "Qualcomm CDMA Technologies MSM"
iSerialNumber:        0x00
bNumConfigurations:   0x01

ConnectionStatus: DeviceConnected
Current Config Value: 0x01
Device Bus Speed:     High
Device Address:       0x01
Open Pipes:              4

Endpoint Descriptor:
bEndpointAddress:     0x81  IN
Transfer Type:        Bulk
wMaxPacketSize:     0x0200 (512)
bInterval:            0x20

Endpoint Descriptor:
bEndpointAddress:     0x01  OUT
Transfer Type:        Bulk
wMaxPacketSize:     0x0200 (512)
bInterval:            0x20

Endpoint Descriptor:
bEndpointAddress:     0x02  OUT
Transfer Type:        Bulk
wMaxPacketSize:     0x0200 (512)
bInterval:            0x00

Endpoint Descriptor:
bEndpointAddress:     0x82  IN
Transfer Type:        Bulk
wMaxPacketSize:     0x0200 (512)
bInterval:            0x00

Configuration Descriptor:
wTotalLength:       0x0037
bNumInterfaces:       0x02
bConfigurationValue:  0x01
iConfiguration:       0x01
0x0409: "Qualcomm Configuration"
bmAttributes:         0xE0 (Bus Powered Self Powered Remote Wakeup)
MaxPower:             0xFA (500 Ma)

Interface Descriptor:
bInterfaceNumber:     0x00
bAlternateSetting:    0x00
bNumEndpoints:        0x02
bInterfaceClass:      0xFF
bInterfaceSubClass:   0xFF
bInterfaceProtocol:   0xFF
iInterface:           0x00

Endpoint Descriptor:
bEndpointAddress:     0x81  IN
Transfer Type:        Bulk
wMaxPacketSize:     0x0200 (512)
bInterval:            0x20

Endpoint Descriptor:
bEndpointAddress:     0x01  OUT
Transfer Type:        Bulk
wMaxPacketSize:     0x0200 (512)
bInterval:            0x20

Interface Descriptor:
bInterfaceNumber:     0x14
bAlternateSetting:    0x00
bNumEndpoints:        0x02
bInterfaceClass:      0x08
bInterfaceSubClass:   0x06
bInterfaceProtocol:   0x50
iInterface:           0x00

Endpoint Descriptor:
bEndpointAddress:     0x02  OUT
Transfer Type:        Bulk
wMaxPacketSize:     0x0200 (512)
bInterval:            0x00

Endpoint Descriptor:
bEndpointAddress:     0x82  IN
Transfer Type:        Bulk
wMaxPacketSize:     0x0200 (512)
bInterval:            0x00
 
  • Like
Reactions: terminal 7

suzughia

Senior Member
Apr 8, 2012
62
30
Nice will update first thread with this awesome info!

Sent from my Lumia 800 using XDA Windows Phone 7 App
 

suzughia

Senior Member
Apr 8, 2012
62
30
the rom is not tested - I've corrected the first post.

If you want to try make a backup before with "dd" so you can restore your phone via linux, if so you will be a pioneer of lumia 710 testing.
 

g-gabber

Member
Apr 15, 2012
26
16
Ебать!

g-gabber

Member
Apr 15, 2012
26
16
Ебать!
Yeah, it works,

finally I managed to flash RM803_059N2L6_1600.3015.8107.12070_010 and to deploy some xap files.

hAlMS.jpg


6hDZu.jpg


WP7 Root Tools 0.9 is incompartible with Nokia 710 till now

NSWZE.jpg



br g
 
Last edited:

deylo

Member
Apr 15, 2012
40
3
lumia 710 available for testing

i have been reading the forums here for some days now and just joined so that i can join in the fun! anyways i have a locked tmobile lumia 710 and since it's not fully usable to me, i am willing to assist and try anything that the developers think may be beneficial to us all. just let me know...
 

suzughia

Senior Member
Apr 8, 2012
62
30
you can try to discover if you have a locked or a unlocked bootloader, if you've got a locked one you can downgrade it flashing the one linked on the first page with Nokia Care Suite, then you can try the rom interop-unlocked for the 710.

Also you can help developing the 800 bootloader downgrade trying a modified bootloader cert into your lumia 710.

Thanks!
 

lilstevie

Senior Recognized Developer
Apr 17, 2009
1,339
1,040
i have been reading the forums here for some days now and just joined so that i can join in the fun! anyways i have a locked tmobile lumia 710 and since it's not fully usable to me, i am willing to assist and try anything that the developers think may be beneficial to us all. just let me know...

the 710 is pretty much open now, there is a signed version of the qualcomm bootloader floating around now that will allow you to flash it with NSS or NCS
 

Top Liked Posts

  • There are no posts matching your filters.
  • 17
    *Updates*
    • Added ROMs & updated Links and Q&A - 21/04/2012
    • Updated Links - 16/04/2012
    • Now is possible to downgrade Nokia bootloader to Qualcomm one on the Lumia 710 More Info - 15/04/2012


    Questions & Answers


    Q: I've a Lumia 800 or 710 can I Interop-Unlock it?
    A: The short answer is yes if you have a Lumia 710 - you must firstly downgrade your bootloader - and "maybe" for the Lumia 800, because only some of them can be Interop-Unlocked at the moment.

    Q: I've got a Lumia 710 how can I downgrade my bootloader to the Qualcomm one?
    A: You must flash this firmware with Nokia Care Suite (mirror splitted in two parts: Part1 Part2)

    Q: Cool how can I discover if I'm a lucky owner or not?
    A: For first go to "Settings -> About -> more info" and if your "Hardware revision number" ends with 2.4 you are probably screwed out.

    Q: I've got 2.4 hw rev how can I check eventually?
    A: You don't need to check if your hw rev is 2.4 and your Lumia came with firmware 11500 or higher you have the new nokia bootloader.

    Q: I've got 2.3 hw rev how can I check if I'm eligible?
    A: If you've got hw rev 2.3 but you have flashed your device with a firmware 11500 or higher - flashed mean with Nokia Care Suite because Zune doesn't update your bootloader - you have the new Nokia Bootloader; if you want eventually to check see below "check if my device is interop-unlockable".

    Q: So at the moment which can be interop-unlocked?
    A: As for now can be interop-unlocked hw rev 2.3 with firmware version 11141 or below.

    Q: I've got the NOKIA DLOAD can I put the Qualcomm bootloader?
    A: Yes but ONLY if you have a Lumia 710, on the 800 is not possible at the moment.

    Q: Can I get the Qualcomm bootloader by downgrading my Lumia ?
    A: No, you can't flash the Qualcomm bootloader with a backup, as explained here.

    Q: I have interop-unlocked my Lumia but now I can't access Windows Live services!
    A: You can find your solution here.

    Q: I've got the NOKIA DLOAD how can I flash my device?
    A: You can ONLY flash your device with Nokia Care Suite.

    Q: I've got the Qualcomm bootloader how can I flash my device?
    A: You can ONLY flash your device with Qualcomm QPST.

    The Story so far: Nokia Interop-Unlock plus bootloader and NAND access

    As many of you may have seen our beloved user biktor_gj found firstly that some Lumia 800 and 700 have Qualcomm unlocked bootloader that expose the entire nand of the device as removable media and permit to read write it. This discover lead to make custom rom as you can easily write raw data back to the NAND with dd linux - or any unix like variant - with the modifications for gaining Interop-Unlock.

    As for now we have a tested Lumia 800 Rom that lead us to a Interop-Unlocked Lumia 800, pay attention that the devices, as stated Heathcliff74 here, is not fully rooted and need more patching.

    Check if my device is Interop-Unlockable

    • Shut down your device
    • Hold pushed VOL + and POWER
    • Plug into your USB, you will hear a short vibration
    • If you are running Windows it will ask to format an USB drive, say no!

    if you are running Linux you will se something like this:

    Code:
    [  655.912077] usb 2-2: new high speed USB device number 9 using ehci_hcd
    [  661.797096] usb 2-2: USB disconnect, device number 9
    [  765.836050] usb 2-2: new high speed USB device number 10 using ehci_hcd
    [  765.968707] usb 2-2: config 1 has an invalid interface number: 20 but max is 1
    [  765.968713] usb 2-2: config 1 has no interface number 1
    [  766.869700] usbcore: registered new interface driver uas
    [  766.905673] Initializing USB Mass Storage driver...
    [  766.905816] scsi2 : usb-storage 2-2:1.20
    [  766.906108] usbcore: registered new interface driver usb-storage
    [  766.906110] USB Mass Storage support registered.
    [  767.906264] scsi 2:0:0:0: Direct-Access     Qualcomm MMC Storage      2.31 PQ: 0 ANSI: 2
    [  767.964504] sd 2:0:0:0: Attached scsi generic sg2 type 0
    [  767.968542] sd 2:0:0:0: [sdb] 31047680 512-byte logical blocks: (15.8 GB/14.8 GiB)
    [  767.969066] sd 2:0:0:0: [sdb] Write Protect is off
    [  767.969069] sd 2:0:0:0: [sdb] Mode Sense: 0f 0e 00 00
    [  767.970061] sd 2:0:0:0: [sdb] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
    [  767.977005]  sdb: sdb1 sdb2 sdb3 sdb4 < sdb5 sdb6 sdb7 sdb8 sdb9 >
    [  767.977264] sdb: p9 size 30632075 extends beyond EOD, enabling native capacity
    [  767.983196]  sdb: sdb1 sdb2 sdb3 sdb4 < sdb5 sdb6 sdb7 sdb8 sdb9 >
    [  767.983463] sdb: p9 size 30632075 extends beyond EOD, truncated
    [  767.988075] sd 2:0:0:0: [sdb] Attached SCSI removable disk

    then you can Interop-Unlock your Lumia with one of the following ROM:

    Lumia 800: Interop Unlock (no full unlock yet)
    ROM based on: RM819_059P453_1600.2487.8107.12070_002
    Mediafire folder access: http://www.mediafire.com/?kknt4lnc3tn7w
    http://www.mediafire.com/download.php?yx44fkyfgu41yne
    http://www.mediafire.com/download.php?86qevy94hm0zrsa
    http://www.mediafire.com/download.php?vdbyehr99i7dirq
    http://www.mediafire.com/download.php?47d57h9avew1bxa

    Lumia 710: Interop Unlock (no full unlock yet)
    ROM Based on: RM803_059N2L6_1600.3015.8107.12070_010
    Mediafire folder access: http://www.mediafire.com/?9z6og65ozgrnr
    http://www.mediafire.com/download.php?d3bj3dkfbffbakn
    http://www.mediafire.com/download.php?l35zjaebdrsm315
    http://www.mediafire.com/download.php?ys5bapu8ubezybo
    http://www.mediafire.com/download.php?tnadd4uuoxhatv3
    CAUTION: these images AREN'T TESTED. Use at your own risk.

    PLEASE DO A FULL BACKUP OF THE NAND BEFORE PLAYING AROUND

    if you want to flash this is the procedure on linux:

    dd if=./os-new.nb of=/dev/sdX9

    Where X is the disk detected by your linux distribution.

    After that, you'll need to hard reset the phone:
    • Hold Power button for 10 seconds to exit Qualcomm's disk mode, and press and hold POWER+VOLUMEDOWN+CAMERA until you feel the phone vibrate.
    • After that, RELEASE power button but KEEP HOLDING volume down + camera for five or more seconds.

    This will trigger the hard reset.

    If when you plug your device and you see NOKIA DLOAD for now your out of luck because your bootloader is locked and you can't flash the roms above.


    Lumia 710 & 800 ROMs

    Full Unlocked ROM for Nokia Lumia 710 by lucifer3006:
    Direct: http://xdafil.es/Lumia710/ROM/full-unlock-os-new.nb
    Zipped: http://xdafil.es/Lumia710/ROM/Zipped

    Full Unlocked ROM for Nokia Lumia 800 by biktor_gj:
    Direct Link: http://xdafil.es/Lumia800/ROM/full-unlock-os-new.nb
    Zipped Files: http://xdafil.es/Lumia800/ROM/Zipped


    Qualcomm Disk layout

    Completed the file uploads: http://www.mediafire.com/?kknt4lnc3tn7w

    • Dump_in_parts.part*.rar : Dump of the OS partition (IMGFS dump)
    • Dumpmap-imgfsobjects.zip: logs and stuff from OSBuilder
    • sd*.rar: compressed DD dumps of the rest of the filesystem
    • NOT INCLUDED:
    • Partition #5: contains product code and stuff from phone, 64kb
    • Partition #4: Extended partition container for partitions 5-9
    • Partition #9: Cannot post that enormous partition, 15Gb in size (but should be enough with the dumped os).

    LUMIA 800 FLASH FILE SYSTEM LAYOUT:

    Partition Begin End Blocks ID
    /dev/sdb1 * 1 1000 500 4d Initial Bootloader - SECBOOT

    /dev/sdb2 1001 4000 1500 46 Second stage loader? - OSBL, also looks like it has the download mode and seems to init LCD, enable USB etc.

    /dev/sdb3 4001 304000 150000 c W95 FAT32 (LBA) - Writable partition with EMMCBOOT, AMSS etc.
    EMMCBoot is responsible for loading Windows Kernel (nk.exe). I got a copy of Samsung Galaxy i9001's emmcboot.mbn, and putted it in there. It tries to start, but seems to crash (expected). But hey! it tries to boot it (it even vibrates for 1/10 of a second), so getting something else (did anyone say...android?)running on this phone should be easier than in lots of other phones... Does anyone have u-boot ports for Qualcomm 8255?

    /dev/sdb4 304001 31037579 15366789+ 5 Extended partition which holds the OS
    /dev/sdb5 304006 304133 64 ef EFI (FAT-12/16/32) - Linux detects it as an EFI partition, but it's just 64Kb size, and seems to have some markers, not sure yet what it is, but could be anything from IMEI and simlock to an actual efi partiton for WinCE...
    EDIT AGAIN: this partition contains phone serial number and product code, and possibly imei and simlock. For sure its not an efi partition

    /dev/sdb6 304134 310277 3072 58 3Mb size
    /dev/sdb7 393216 399359 3072 4a 3Mb size
    /dev/sdb8 399360 405503 3072 4b 3Mb size
    These three partitions have similar start and end data on their partitions, no idea what they are, since I haven't been able to see if it's even a file system. All the documentation I see seems to tell Windows Mobile uses exFAT for the filesystem, but can't seem to find its header anywhere on the flash... still looking. It could even be where WinMo stores application installers for first boot on the device (but could be perfectly wrong)

    All of them start with the following header (hex):
    7D 8D 27 82 D7 40 F8 90 53 22 82 43 6D EC 6F 69 49

    /dev/sdb9 524288 31156362 15316037+ 48
    This las partition is 15Gb size, and contains all the Operating System and all the data on the phone.

    Anyone know about how does Windows Phone manage filesystems on NAND? Some help would be really appreciated...

    The file system for the 15Gb partition has _wmstore header, still incompatible with some kitchens, but still looking...

    Here's part of the header:
    Code:
    _wmstore
    !zLH?k
    _wmpart_B
    _wmpart_S
    _wmpart_S
    _wmpart_N
    _wmpart_U
    _wmpart_D
    _wmpart_I
    _wmpart_P
    _wmpart_U
    PSBdX
    GFCB
    SRPX


    LK Bootloader for Lumia

    beldi setupped a git repo of LK Android bootloader for Lumia devices here

    Code:
    *** Compiling the LK Android bootloader ***
    ** Tested on Ubuntu 11.10 with Lumia 710 **
    
    1) Get the toolchain and install:
      wget https://sourcery.mentor.com/public/gnu_toolchain/arm-none-linux-gnueabi/arm-2009q1-203-arm-none-linux-gnueabi-i686-pc-linux-gnu.tar.bz2
      sudo tar xvf arm-2009q1-203-arm-none-linux-gnueabi-i686-pc-linux-gnu.tar.bz2 --directory /opt/
    
    2) Compile the bootloader:
      PATH=/opt/arm-2009q1/bin:$PATH TOOLCHAIN_PREFIX=arm-none-linux-gnueabi- PROJECT=msm7630_surf make EMMC_BOOT=1
    
    3) Get your Lumia into diagnostics mode (turn it on using VOL UP + VOL DOWN + POWER)
    
    4) BACKUP EVERY SINGLE FILE FROM THE 150MB PARTITION! (Just to be safe)
    
    5) Replace the image/emmcboot.mbn file with your freshly compiled LK bootloader
      cp <repo dir>/build-msm7630_surf/EMMCBOOT.MBN /media/<mount point>/image2/emmcboot.mbn
    
    6) Unmount the bootloader partition from your PC and pull the phone's battery
    
    7) Turn on, wait a few moments, and plug the phone to the PC
    
    8) Test the fastboot connection:
      fastboot devices
      fastboot getvar version

    for now is working only the fastboot protocol but nothing more, is in current alpha stage.

    For ANY NON TECHNICAL question please post here instead of posting into the dev thread.

    Links.

    • NAND access + InteropUnlock for Lumia 710 & 800 Dev Thread ONLY tech posts.
    • Unlocks explained by Heathcliff74Here
    • Qualcomm Product Support Tool (QPST™) 2.7 Here
    • Nokia.WIndows.Phone.Test.Introduction: Here
    • OSBuilder V 1.4.205 (16.04.2012) : Changelog & Download
    8
    I have my lumia 710 with revision 2.1
    I had a locked bootloader, but I have unlocked it while flashing 12050 firmware with NCS. Really interesting

    ---------- Post added at 01:17 PM ---------- Previous post was at 01:05 PM ----------

    http://narod.ru/disk/45935058001.2aaca38c9acf622332f4a81b5bf0e331/RM-803.rar.html

    the same files but uploaded to mediafire:
    file 1: http://www.mediafire.com/?79z739zzf5cuhxa
    file 2: http://www.mediafire.com/?6fed8oaz87j9ln9

    .not sure, but I think I've flashed my lumia 710 with this firmware and had unlocked my bootloader
    5
    Yes you are right, I had checked that too,
    but I'm a bit scary to brick my phone :D

    Ok, I tried it on mine. I have rewritten the whole partition with nokia_osbl.mbn extracted from RM803_12w07_prod_generic_updated_nokia_osbl.esco. It booted just fine and Nokia Care Suite flashing works again.

    Here are the exact steps I used to recover the Nokia DLOAD bootloader after unlock:
    1) Download _http_://nds2.fds-fire.nokia.com/p/d/fds_fire/1203/2211/7000248136/RM803_12w07_prod_generic_updated_nokia_osbl.esco
    2) Rename the file to RM803_12w07_prod_generic_updated_nokia_osbl.zip and open it. It should contain two files, one will be named nokia_osbl.mbn. Extract that one.
    3) Connect the Nokia 710 phone in the Qualcomm bootloader mode to the computer (ie. boot it with holding the volume up key) and wait till it shows as a disk.
    4) Open HxD as administrator and select Extras -> Open disk. Find the Removable disk that matches the connected Nokia device. Don't forget to uncheck the "read-only" mode! The partition with the boot loader should start at sector 1001, you can navigate to it using the toolbar at the top.
    5) Verify that it starts with the bytes 0B 00.
    6) Open nokia_osbl.mdn in HxD and copy the whole file over to the disk starting at the sector 1001. Save it.
    7) Unplug the device and reboot it. Now it should be flashable with NCS again.
    5
    So, I'm really glad to see, that my copy of files is working and lets people downgrade their bootrom to qualcomm mode and then flash interup-unlock. This small participation is really important for me.
    Big Russian thanx to everybody =)

    Also, I'm sorry for my English)
    4
    what are the benefits of putting an linux kernel, can i still acess wp7 software, and could i flash android on it ?

    What would be the benefit of ripping your brains out and replacing them with brains of a horse? Would you still be able to talk? Or would you be able to win horse-track-races? Or would it just be a bloody mess? ;)