[ABANDONED] Bootloader unlock - discuss bootloader matters here

Search This thread
By:
Advanced…
L

lord0815

Senior Member
Feb 24, 2011
162
21
Mainz
joydeep1985 said:
Donation isnt the factor . how should we trust you ? thats the thing . and let him provide a proof of concept (POC) :D if he askes for it . he should provide it with a proof. we wd be responsible enuf to hide his identity . 20k in indian rupees is a big amount . if not 400$ . what soever . how we are supposed to trust you as well as that guy. rest members would take of if proper informations are there . and admins would handle the rest for transfers . :eek:
Click to expand...
Click to collapse

Honestly we should find a way for every defy user...
And its not my intention to spent some money for the bin file and make myself
money with this file - thats where we get criminal -dealing with stolen files for money....
 
J

joydeep1985

Senior Member
Jun 19, 2011
408
90
Bangalore
lord0815 said:
Honestly we should find a way for every defy user...
And its not my intention to spent some money for the bin file and make myself
money with this file - thats where we get criminal -dealing with stolen files for money....
Click to expand...
Click to collapse

we owe a big time to quarx and Epsylon3 ....fooling people around to make some money isnt a honest thing . and in anyway if someone tries to do that . someway or other he would be sued and sued. xda is a big community. its not easy to fool an entire community like tht .. thts why i asked how we are supposed to believe until we have the proof . and the proof of everything that works .


and also Senior member arpith also said :D :D

Believe everything Trust Nothing :D :D


Edit : :eek::eek: he also created a thread in dev section saying that . he said he would be uploading pics . :confused: lets see if he is really speaking truth or else !!!! ;) ;) kicking wont hav been much easy
 
Last edited:
crazy4tricks

crazy4tricks

Senior Member
Dec 20, 2008
142
48
Mumbai
hemil said:
Hezz asking for 20k indian.rupees......it makes 400$....if everyone donates 20 $ den the defy is unlocked

Sent from my GT-I9100 using xda premium
Click to expand...
Click to collapse
dude we need POC (proof of concept). as i have tried almost all cities service centers in India and personally visited 2 in Mumbai.. those poor guys only have RSD lite and most of them don't even know what is unlocked boot loader.. :mad: (still they are authorized to service)
 
L

leodfs

Senior Member
Sep 8, 2011
277
71
@hemil, I dont doubt of your intentions, but how did you approach this guy? You started talking about OMAP tools and bin file or he did? He could be just cold-reading you to take your money...
 
arpith.fbi

arpith.fbi

Senior Member
May 1, 2011
1,354
538
Bangalore
@hemil
U already mentioned tat he unlocked ur phone..so u can atleast show some proof by taking the snapshot when ur phone is connected to RSDlite..
 
arpith.fbi

arpith.fbi

Senior Member
May 1, 2011
1,354
538
Bangalore
Guys one more thing..i just got a lead in treasure hut :D
I got a contact of a VP of TI..will be meeting him in few days as he is out of country...
 
royale1223

royale1223

Senior Member
Oct 31, 2011
468
684
Calicut
@hemil If there is 1% chance that you are right, I'l take it. But before that I've gotta know that there is 1% chance. Pm me. This discussion is not suited for forums.
 
L

leodfs

Senior Member
Sep 8, 2011
277
71
You must log in or register to reply here.

Similar threads

samcripp
[Project Cheesecake] Unlocking the DEFY bootloader! - ABANDONED
Replies
839
Views
238K
57op
57op
nidhish91
Defy Custom Kernel Thread[2nd boot source released][Test Kernel released]
Replies
1K
Views
249K
A
americanpittbull
K
  • Locked
(BOOTLOADER UNLOCK SOCIAL MEDIA CAMPAIGN) Operation: Mosh started by [TSON]
Replies
90
Views
22K
2
2Pints
rootdefyxt320
[USERS CAN REQUEST][TUTORIAL]Motorola Defy Mini XT320/XT321 Custom SBF with fastboot
Replies
175
Views
86K
T
tezzar
crakeron
  • Poll
[Guide][zip][Root needed] Unsimlock your Defy (v1.3)[NEW:JB support!]
Replies
521
Views
183K
krestian
krestian

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 23
    V
    viper520
    OK, me again :p
    Finally, I got the unlock truth....from the one who really really knows about embedded development.

    First, "TI OMAP Board Configure Tool" is just a tool from TI, obviously it's not for public download. Just for the companys which bought their OMAP Development Board. This tool can be used for flash the nand chip, configure the kernel arm board, preboot the board (just like the "tethered" in Apple IOS device) etc.
    Second, the 16MB .bin file is a baseboard project file from Moto. This file contains project header, preboot code and a tiny uboot system etc.
    Third, the factory reset mode can be used for configure hardware parameters (such as cpu/ram freq, sensors etc) and software parameters (such as nand write address, device type [s/se], secure switch, environment etc) and hardware self-check.

    The customer service uses the "TI OMAP Board Configure Tool" to configure the broken phone, such as flash firmware, preboot to factory mode etc.
    When they got the broken phone, they use the RSD first, if it does not work they will use the "TI OMAP Board Configure Tool" to preboot the phone into factory reset mode (with baseboard project file).
    In the factory reset mode, hardware self-check is the first thing, if the hardware is OK they will try to configure the software parameters (such as switch off the sercure check so that they can flash *ANY* sbf, empty the environment varible so that the phone will become a eng-board, etc).

    So, the unlocking process is just get into the factory reset mode and switch off the secure check or empty the environment varible(to be eng-board) or open the fast boot mode.

    The truth of the JS unlock process is they use a tool to empty the environment varible, so the IMEI of unlocked device has become an invalid 00000012345 etc. Obviously, this may take some side-effects.

    At last, the man told me that DO NOT SIMPLY TRY TO UNLOCK WITH RECOVERY(or similar utils in phone), because the linux can not access to the most important things, because this things are not stored in mtd partitions, the linux won't (can't) mount then. Or you can just hack the bootloader program to bypass the secure check, but it's difficult!

    He says except the TI tools, we can research on RSD tool and will find some useful addresses, so that we can write some zero into the address and empty the environment varible.

    Now I think there is a easiest way to go, come on everybody let's find out the man who learned to use the JTag (or other) to dump the data of entire nand chip of a unlocked device, and grab out the header of the data. This data is the unlocked configuration.
    View
    20
    K
    kevin_diu
    It can be dangerous for your Defy on this stage!!


    Please donate to our developer, Epsylon3 :
    http://xdaforums.com/showthread.php?t=1446106


    Summary : (Thanks coleho_ and t0desicy)
    http://xdaforums.com/showpost.php?p=21579211&postcount=521
    http://daccurso.eu/defy/

    Helping with unlock :
    http://xdaforums.com/showpost.php?p=21402316&postcount=167

    MMCBLK dump :
    http://www.mediafire.com/?khnvrrr82azwq89

    Full dump from a unlocked defy : (Thanks sykoism)
    http://xdaforums.com/showpost.php?p=21398414&postcount=157

    Quick Links :
    Unlocking steps by customer service: http://xdaforums.com/showpost.php?p=21394172&postcount=137 (Thanks viper520)
    and: http://xdaforums.com/showpost.php?p=21395694&postcount=145 (Thanks ericlaw02)

    And thanks who helping us to trying to unlock bootloader! Any suggestions ARE WELCOME! :D
    View
    18
    S
    scholbert
    Some thoughts....

    Hi folks,

    let me first point out, that i do not personaly own a Defy and that i'm not fully aware of all the bootloaders floating around.
    I had been PM'ed by furrabbit.nh to give some comments on the attempt to unlock the Defy.

    Let me further point out that i am willing to consider the report from the chinese guy as trustworthy.
    So i'd like to refer to this translation over here:
    http://xdaforums.com/showpost.php?p=21395694&postcount=145

    Mmmmh so how to start...
    The security on OMAP processors is a real engineering masterpiece, once the CPU has been set to HS mode.
    By blowing the HS fuse bit the device gets nearly uncrackable.
    There are only to exceptions:
    1. You got Motorolas private key and are able to sign your code
    2. You got a engineering bootloader (signed as well) that does match the hash keys hard-coded into the device

    It seems that there is such a code, if we trust the chinese report :rolleyes:

    So what does omapinfo give us?
    You might refer to the public datasheet of the OMAP3630, which in fact kind of a subset from the OEM variant which includes also all the security stuff.
    Tell me if you need the link or something...

    Code: 
    STATE :      205
    Simply tells us that the device marked as high security device (not in GP mode).
    By setting the HS bit the internal ROM is aware about the use case of the platform.
    In other words the internal ROM code "knows" it is executed on a securtity enabled smartphone.
    The internal ROM's bootcode then treats external devices with certain security aspects and prohibits low level debugging as well (e.g. JTAG access).
    See my thread over here covering the Milestone hardware:
    http://xdaforums.com/showthread.php?t=849632

    Code: 
    PKEY0 : c57aa19e 
PKEY1 : 31fe2d32 
PKEY2 : 2e48bc96 
PKEY3 : 15fcea7b 
PKEY4 : 876578f3
    These device specific hash keys are stored in particular area called efuse bank.
    The dedicated registers simply represent the setting of a particular area of fuse bits.
    Often these bits are unique to a certain platform or device model, in this case all Defy's of a certain series will have the same keys.
    Thoughts about efuses:
    http://xdaforums.com/showthread.php?t=911611
    Maybe it's not up to date concerning all information, but gives an idea.

    The internal ROM loader inside OMAP uses these keys to check the consistancy of the very first loader
    stored in external memory (mbmloader).
    Usually this is NAND flash or an eMMC storage device.

    The ROM knowing it is run in HS mode, then expects a certain format for this very first block as well.
    E.g. there are certain keys to grant the rights for the bootcode to access special memory areas.

    These keys are even higher level security... i really have to skip some points here,
    because i would be too much to explain it all and it's already late.

    Code: 
    CPU-ID: 2b89102f
    This is obvious, if you have a look into the public OMAP3630 manual.
    It also hard coded value and represents the silicon verison the processor itself relies on.
    There's no specific effect on the security lock.
    CPU-ID: 1b89102f -> OMAP36xx ES1.1
    CPU-ID: 2b89102f -> OMAP36xx ES1.2
    So you may find 1. generation and 2. genration devices here... no big deal.
    See page 204 in OMAP36xx manual.

    If the story of the chinese guy is true and the service really handed out the same piece of hardware,
    there might be hope to convert a usual phone to an engineering one.
    The engineering bootloader which is used by Motorola simply has to match the pkeys of the customer phones.

    Another story is to flash this loader succesfully to your device if you have not the right tools. So maybe that's why the service needs this mysterious OMAP board configuration tool.
    A good thing would be to have the original SBF file of that bootcode.

    At least this technique sounds similar to other manufacturers who decided to open up their bootloader.
    I guess my comment is not quite complete, but i'll have to sleep now.

    Anyway i'll have a look here recently and try to answer questions if i'll find some time.
    I also apologize for this technical overdose, but i was asked to put my thoughts down here ;)

    Happy hacking and good luck!

    scholbert
    View
    18
    O
    Otto.BR
    leodfs said:
    @Otto.Br What was your defy problem, where did you take and do you know if it went to anywhere else during repair?:cool:
    Click to expand...
    Click to collapse

    I was changing the bootlogo again with this instructions.
    then i issued a REBOOT comand on terminal emulator and the phone just showed a black screen, then i pulled the battery, and realized the phone was still connected thru USB, after that the phone wouldn't power up anymore. so i took it to the Moto service center in downtown São Paulo (Av. São Luis 153, Galeria Metrópole). they said their lab was unavailable, so they shipped my phone (wich, by the way, is made in Brasil) back to the factory.

    I haven't reallized it was unlocked (SE) until i read this thread, I'll try to flash a Ecláir SBF to se what's what.

    BTW my last SBF flash was JRDNEM_U3_3.4.2_179-002_CEE_DEBLUR for CM7.

    - - - - - - - - - - - - - - - - - - - - - - - - - -

    EDIT: Successfully flashed this 2.1 Ecláir ROM
    JORDN_U3_6.36.0_SIGNED_USAJRDNTMOB1B4B5DE1028.0R_JORDANTMO_P022_HWp3_Service1FF

    EDIT 2: Also successfully flashed the 2.3 Gingerbread Chinese ROM
    p3a_jordan_umts_jordan_china-user-2.3.4-4.5.3-66-62-test-keys-ChinaRetail-CN

    YEAH!! I really have a unlocked DEFY!!!:D
    if you guys need anything from me just ask!

    Now, back to froyo CEE => CM7 :D thanks Quarx, Epsylon 3 and Maniac 103 for this awesome ROM! and everyone else here for the support! my thanks meter went CRAZY! :D
    View
    13
    arpith.fbi
    arpith.fbi
    :(:(:(:(:(

    ---------- Post added at 09:22 PM ---------- Previous post was at 09:22 PM ----------

    M so sorry guys to inform that, but today it dint workout :( :( .. talk just broke down it between...
    Anyways i have told my classmate who works for Nokia Siemens in Bangkok to ask her Motorola guys for such tools.:p
    I will also be trying to talk to another classmate who is in Texas Instruments for the OMAP tool..
    The treasure hunt has begun...we will do watever u can to get the "KEY" to the treasure...we know tat only unlocking bootloader can unlock the door of unlimited opportunity :)
    I know u guys had some hopes on me today..but its not just today..the day will come :) :)
    I will be traveling 500km tomorrow to talk to one more guy who can help :)
    View

New posts