DEV ONLY - NAND access + Full Unlock for Lumia 710 & 800

Search This thread
By:
Advanced…
biktor_gj

biktor_gj

Senior Member
Jan 25, 2008
1,408
7,008
One thing, did anyone have time to check what does the other recovery mode?
Camera+Power drops me (on both phones, locked and unlocked) with with an open usb port declared as Windows Phone, and with a picture of a phone and a laptop on lumia's screen
I dont kniw if thats for zune updates but it seems so.
When I get back home Ill try to capture usb traffic from connection and firmware upgrade in NCS. If it can change the bootloader from windows phone, or it can reboot to some ram address it's worth checking out...will report with what I find.

Sent from my GT-I9100 using XDA
 
ap3rus

ap3rus

Senior Member
May 8, 2010
109
10
Saint-Petersburg
xsacha said:
Which part are you confused about?

You need to flash the qualcomm_osbl.mbn on to your device somehow and then you will have the Qualcomm bootloader (ala 'disk mode').
It's not some magic here, it's quite straightforward. I've opened the bootloaders in hex editor and know what I'm talking about :). Everything you see being done is quite blatant in the bootloader but not in the nokia_osbl.mbn which overwrites it.
Click to expand...
Click to collapse

I'm talking about Fuse service and changing operating mode; looking to the nokia care suite at first sight, it's written in .NET without any obfuscation, just use Reflector and search, i'm going to do it on weekend ;)

rescbr said:
VID_045E&PID_04EC: WindowsPhone7ProductOperatingMode.Normal
VID_0421&PID_05EF: WindowsPhone7ProductOperatingMode.Ncsd
VID_05C6&PID_QCOM: WindowsPhone7ProductOperatingMode.FTM
VID_0421&PID_05EE: WindowsPhone7ProductOperatingMode.OSBL
VID_0421&PID_5F4 : WindowsPhone7ProductOperatingMode.WinDIAG
VID_0421&PID_05ED: WindowsPhone7ProductOperatingMode.CareFTM
Click to expand...
Click to collapse
 
C

cdbase

Senior Member
Aug 24, 2009
74
11
Read carefully what jaxbot said , he already done it and basically Ftm is- factory test mode and don't give Qualcomm like the rest of those modes ,TRUE is somewhere else there's no time to loose on sth that someone already checked

Sent from my Lumia 800 using Board Express
 
ap3rus

ap3rus

Senior Member
May 8, 2010
109
10
Saint-Petersburg
cdbase said:
Read carefully what jaxbot said , he already done it and basically Ftm is- factory test mode and don't give Qualcomm like the rest of those modes ,TRUE is somewhere else there's no time to loose on sth that someone already checked

Sent from my Lumia 800 using Board Express
Click to expand...
Click to collapse

Anyway it's just so interesting for me to try every mode :)
 
ombadboy

ombadboy

Senior Member
Oct 11, 2008
318
31
London
xsacha said:
Which part are you confused about?

You need to flash the qualcomm_osbl.mbn on to your device somehow and then you will have the Qualcomm bootloader (ala 'disk mode').
It's not some magic here, it's quite straightforward. I've opened the bootloaders in hex editor and know what I'm talking about :). Everything you see being done is quite blatant in the bootloader but not in the nokia_osbl.mbn which overwrites it.
Click to expand...
Click to collapse

I think thats possible using ATF Box no?
 
C

cdbase

Senior Member
Aug 24, 2009
74
11
xsacha said:
Which part are you confused about?

You need to flash the qualcomm_osbl.mbn on to your device somehow and then you will have the Qualcomm bootloader (ala 'disk mode').
It's not some magic here, it's quite straightforward. I've opened the bootloaders in hex editor and know what I'm talking about :). Everything you see being done is quite blatant in the bootloader but not in the nokia_osbl.mbn which overwrites it.
Click to expand...
Click to collapse

so be kind to tell me from which firmware /country variant/cyan ,black ,white/ product code if you knw that , is that qualcomm_osbl file this could make it easier :)
 
C

ChrisKringel

Senior Member
Jan 6, 2009
356
70
I did some Research with Jaxbot yesterday. In a nutshell: It is possible to DD the sdb9 Partition that contains every data on the phone. This file can be dumped into its contents with nb7split and OSBuilder. By using an .hv editor it is possible to eidt the registry. The missing piece is to recombine the dumped files into an disc dump that can be rewritten to the lumia. It seems like the next Version of OSBuilder supports this.
 
biktor_gj

biktor_gj

Senior Member
Jan 25, 2008
1,408
7,008
Thats what Ive veen doing with ultrashot, the problem seems to be with the kernel not booting after restore.. going to try with a fresh firm now

Edit: given that you already dumped the contents, my rom ended with maxunsignedapp set to the maximum value (2147483647) . According to ultrashot, OSBuilder doesnt do that by itself, could you check how it is in your rom?
Sent from my GT-I9100 using XDA
 
Last edited:
C

ChrisKringel

Senior Member
Jan 6, 2009
356
70
It was set to something like 7fffff (binary only 1s)... Dream Spark unlocked... How did you repack your edited contents?

Sent from my Lumia 800 using Board Express
 
C

cdbase

Senior Member
Aug 24, 2009
74
11
If someone need those here you have qualcomm_xxx.dll drivers :
 

Attachments

  • Qualcomm.rar
    44.7 KB · Views: 150
biktor_gj

biktor_gj

Senior Member
Jan 25, 2008
1,408
7,008
ChrisKringel said:
It was set to something like 7fffff (binary only 1s)... Dream Spark unlocked... How did you repack your edited contents?

Sent from my Lumia 800 using Board Express
Click to expand...
Click to collapse

I repacked using OSBuilder (beta)

ANNOUNCEMENT: IT'S STILL BOOTING, BUT THE FIRST CUSTOM ROM FOR THE LUMIA IS FLASHED AND BOOTING ON MY (bootloader unlocked) LUMIA!

Now if the thing decides to finish 'installing applications' and finally starts I'll check if its Interop Unlocked!
Wouldn't it be fantastic for a Friday to have Interop Unlock? :)

I'll be back in a moment!... or two, god knows how much time this thing is going to need... or maybe it's not even finishing because something was lost within OS Builder, but hey, I'll tell you when I know something more...
 

Attachments

  • IMG_20120413_214751.jpg
    IMG_20120413_214751.jpg
    205.6 KB · Views: 237
  • Like
Reactions: anseio, sHaHiN786 and murga
sHaHiN786

sHaHiN786

Senior Member
Jan 12, 2010
547
125
Manchester
biktor_gj said:
I repacked using OSBuilder (beta)

ANNOUNCEMENT: IT'S STILL BOOTING, BUT THE FIRST CUSTOM ROM FOR THE LUMIA IS FLASHED AND BOOTING ON MY (bootloader unlocked) LUMIA!

Now if the thing decides to finish 'installing applications' and finally starts I'll check if its Interop Unlocked!
Wouldn't it be fantastic for a Friday to have Interop Unlock? :)

I'll be back in a moment!... or two, god knows how much time this thing is going to need... or maybe it's not even finishing because something was lost within OS Builder, but hey, I'll tell you when I know something more...
Click to expand...
Click to collapse

Sweet work! Crossing fingers! :D
 
C

ChrisKringel

Senior Member
Jan 6, 2009
356
70
biktor_gj said:
I repacked using OSBuilder (beta)

ANNOUNCEMENT: IT'S STILL BOOTING, BUT THE FIRST CUSTOM ROM FOR THE LUMIA IS FLASHED AND BOOTING ON MY (bootloader unlocked) LUMIA!

Now if the thing decides to finish 'installing applications' and finally starts I'll check if its Interop Unlocked!
Wouldn't it be fantastic for a Friday to have Interop Unlock? :)

I'll be back in a moment!... or two, god knows how much time this thing is going to need... or maybe it's not even finishing because something was lost within OS Builder, but hey, I'll tell you when I know something more...
Click to expand...
Click to collapse

Our Approach was Dumping the device and unlocking the dump in order to prevent the loss of personal data… But I guess it's pretty much the same thing...
 
A

amaric

Senior Member
Dec 16, 2007
149
12
I think I'm gonna bring down XDA servers with my refreshes :) Can't wait to see how it's going to end.
 
biktor_gj

biktor_gj

Senior Member
Jan 25, 2008
1,408
7,008
ChrisKringel said:
Our Approach was Dumping the device and unlocking the dump in order to prevent the loss of personal data… But I guess it's pretty much the same thing...
Click to expand...
Click to collapse

What I found is the nand seems to get dirty, maybe some data gets stalled after repacking. My phone triggered a hard reset by itself when I dumped the new os-new.nb to the flash. I think it got stucked. Rebuilding the rom just in case...
 
C

ChrisKringel

Senior Member
Jan 6, 2009
356
70
biktor_gj said:
What I found is the nand seems to get dirty, maybe some data gets stalled after repacking. My phone triggered a hard reset by itself when I dumped the new os-new.nb to the flash. I think it got stucked. Rebuilding the rom just in case...
Click to expand...
Click to collapse

I can also imagine, that something gets packed wrong. OSBuilder is intended for clean roms and not something that has already several gigs of userdata...
 
biktor_gj

biktor_gj

Senior Member
Jan 25, 2008
1,408
7,008
ChrisKringel said:
I can also imagine, that something gets packed wrong. OSBuilder is intended for clean roms and not something that has already several gigs of userdata...
Click to expand...
Click to collapse

And it has to deal with a 15Gb file to parse... that's why it complains about arithmetic overflow when dumping the file...

Anyway, I wasn't sure of what it was doing after 15 minutes, so I changed some more reg keys just in case and I'm dumping it back to the phone... cross fingers.. ;)
 
You must log in or register to reply here.

Similar threads

suzughia
Interop-Unlock Lumia 800 plus bootloader and NAND access [Q&A]
Replies
450
Views
293K
W
wassim.0
lucifer3006
[ROM] RainbowMod 2.2 for Lumia 710 [Updated 04.08.2013]
Replies
439
Views
414K
thinhx2
thinhx2
lucifer3006
[ROM] RainbowMod 2.2 for Lumia 800 [Updated 04.08.2013]
Replies
146
Views
314K
M
mdrayhann70@gmail.com
N
[Tutorial] 100% Noob's guide to full unlock Lumia 710 RM-809 ROGERS (UPDATED 5/30/12)
Replies
177
Views
117K
S
shinnen
B
[GUIDE] How to flash a dead Lumia 800 RM-801
Replies
100
Views
196K
K
kaimano76

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 81
    biktor_gj
    biktor_gj
    UPDATE: First custom rom with Interop Unlock flashed succesfully. Requires hard reset after installing and an unlocked bootloader. See post for proof:
    http://xdaforums.com/showpost.php?p=24818275&postcount=242
    BIG THANK YOU TO ULTRASHOT!
    Without you I couldn't have done it!
    NOTICE: Testing full unlock (XIP unlock etc) with ultrashot. Will post new files as soon as I get a working build which doesn't get stucked on boot ;)

    Disclaimer:
    I AM NOT RESPONSIBLE IF YOU LOOSE DATA, BREAK YOUR PHONE, OR SET YOUR HOUSE ON FIRE. DO THIS AT YOUR OWN RISK. BTW, REQUIRES A HARD RESET SO YOU WILL LOOSE ALL THE DATA IN YOUR PHONE BY FLASHING THIS. IF UNSURE, DON'T DO IT.
    PLEASE STOP PM'ING ME FOR HELP, I CAN'T REPLY 20 PMS/HR. Please use the forum, maybe someone can create a discussion topic to help others and leave this for links and development. Thank you very much!

    PLEASE STOP SENDING ME PMS ASKING FOR HELP AND USE THE DEDICATED THREAD
    THIS THREAD IS FOR DEVELOPMENT ONLY, PLEASE RESPECT THAT AND USE THE Q&A THREAD FOR YOUR QUESTIONS.
    LINKS:
    Lumia 800: Full Unlock
    New firmware: May 16, 2012 (removed foursquare and stuff)
    sdb3.rar: Flash it to PARTITION #3. It contains 12070's amss & adsp. Not absolutely required but if you have an older version this should give you better battery life.
    http://www.mediafire.com/?kwjladlgvq81rha
    OS-NEW:
    As always, flash it to PARTITION #9.
    Part1: http://www.mediafire.com/?21by2oj7acnhkhw
    Part2: http://www.mediafire.com/?wkeduvp9l4199qh
    Part3: http://www.mediafire.com/?cnbkms40dy4y06z
    Part4: http://www.mediafire.com/?rabunpmnaqclq3o
    Complete Mediafire folder access: http://www.mediafire.com/?uo2dqcl34b9cy
    ___________________
    Alternate ROM with Full Unlock + Some apps:
    Part1: http://www.mediafire.com/?8gnqm418v32im3e
    Part2: http://www.mediafire.com/?bgtg2t5infrnua1
    Part3: http://www.mediafire.com/?l0sl5hbr0v9gfi1
    Part4: http://www.mediafire.com/?emt2dfswdhn0z0w
    Apps preinstalled:
    DS Supertool
    File Deployer
    Metro Theme
    WebServer
    WinTT
    WM Device Center
    WP7 Root Tool

    ___________________
    Lumia 710: Interop Unlock (no full unlock yet)
    ROM Based on: RM803_059N2L6_1600.3015.8107.12070_010
    Mediafire folder access: http://www.mediafire.com/?9z6og65ozgrnr
    http://www.mediafire.com/download.php?d3bj3dkfbffbakn
    http://www.mediafire.com/download.php?l35zjaebdrsm315
    http://www.mediafire.com/download.php?ys5bapu8ubezybo
    http://www.mediafire.com/download.php?tnadd4uuoxhatv3
    CAUTION: I don't have a 710, so these images AREN'T TESTED. Use at your own risk. Be careful, people are reporting problems with this rom.
    Full Unlock Image for Lumia 710 by lucifer3006 -BE CAREFUL, IT HAS BUGS, FOR TESTING PURPOSES ONLY- (thanks ultrashot & lucifer3006): http://www.mediafire.com/?p3318y5l19abb

    You have a mirror of all the stuff on mediafire on xdafil.es: http://xdafil.es
    Thank you mousey_!

    PLEASE DO A FULL BACKUP OF THE NAND BEFORE PLAYING AROUND.
    If you are developing fixes for the bootloader 'problem', feel free to grab a copy of the rest of partitions and stuff I posted over this thread here: http://www.mediafire.com/?kknt4lnc3tn7w


    INSTRUCTIONS:
    Requires an unlocked bootloader (a.k.a. qualcomm development bootloader).
    Easy to check: Turn the phone OFF, then press and hold VOLUME UP + POWER until you notice a short vibration. Plug in to the computer. If the phone turns up in disk mode (USB Mass Storage Device), then you have an unlocked bootloader. IF you're in Windows, it will ask if you want to format the disk. SAY NO OR IT WILL EXPLODE (it won't explode but you might break it)
    If the device detected by the computer is Nokia DLOAD you have a locked bootloader and you're out of luck, at least for now.

    I used 'dd' in Linux, I guess you can do it with Windows version too (http://www.chrysocome.net/dd) but it's more involved to find the appropiate partition:
    dd if=./os-new.nb of=/dev/sdX9
    Where X is the disk detected by your linux distribution.
    After that, you'll need to hard reset the phone. Hold Power button for 10 seconds to exit Qualcomm's disk mode, and press and hold POWER+VOLUMEDOWN+CAMERA until you feel the phone vibrate. After that, RELEASE power button but KEEP HOLDING volume down + camera for five or more seconds. This will trigger the hard reset.

    Now time to play with bootloaders and try to get this to work for everyone!

    If you like my work and want to donate for a beer (or two), follow this link
    View
    22
    biktor_gj
    biktor_gj
    ChrisKringel said:
    I'd suggest renaming on of the colors. Would be great if it was possible to interop the phone without losing data.
    Click to expand...
    Click to collapse

    Well, you can always make a backup and then restore via zune. The thing is the dumped OS is about 600Mb, the generated image is 378Mb. I don't know how it will reside on the flash, you could always check where the flash starts to get filled with zeros and clean it up before the first boot... If they had done it right and separated user data from the main OS we wouldn't have this problem...

    INTEROP UNLOCK ACHIEVED!

    Now time for a nice beeer ;)
    I'll put mediafire to work and upload the image I just did. Everyone who has an unlocked bootloader: after you flash this to the phone, DO A HARD RESET, otherwise it will get stucked on 'Installing Applications'
    View
    12
    biktor_gj
    biktor_gj
    Hey everyone,

    I was hoping to be able to crack Nokia's osbl, but time already run out and wasn't able to get it. So sorry, guys, but I had to return both Lumias. It's been a fun month, and at least I helped getting custom roms for at least some of you.

    I'll be uploading here all the files I have on my computer so anyone can mirror them or use them for whatever you might need. If I can help you with something else (development related please) feel free to drop me a PM.

    Once again big thank you to Ultrashot, Beidl, Xsacha, cdbase, ceesheim, HeathCliff & everyone that helped out with this. Now back to my (almost) forgotten Galaxy S2 & to try Boot 2 Gecko and see what progress has been done since the last time I checked :)
    View
    8
    U
    ultrashot
    Btw, here is my DppImplant app.
    Implants DPP partition with your stock Live Id to a custom rom.
    Usage:
    1) Put backup of the biggest partition to the folder with DppImplant.exe and call it "stock.nb"
    2) Put "os-new.nb" there - target firmware in which you want to see your old Live Id.
    3) Open DppImplant.exe. It will extract DPP from stock.nb and create mydpp.bin file. (After that you won't really need to have stock.nb in that folder).
    "os-new.nb" will be patched.
    4) Done.

    P.S. if you open DPP using Notepad or any hex editor, you'll see saved Live Id.
    View
    6
    biktor_gj
    biktor_gj
    djtonka said:
    Ok L710 fully unlocked :)
    Those 2 parts are wrong. I used to narod.ru

    ---------- Post added at 07:29 PM ---------- Previous post was at 06:40 PM ----------
    http://www.youtube.com/watch?v=-rQbFp7yasc
    Click to expand...
    Click to collapse


    CAN WE KEEP THIS FOR DEVELOPMENT ONLY PLEEEEEEEEEEEEEASSSEEEEE?

    Gift from our friends at Qualcomm:

    Full AMSS firmware + Secboot Sources (Qualcomm loader)! Grab it while it's hot!

    http://www.mediafire.com/?ir2h15f663ja6wc
    View

New posts