this maybe the firmware we are looking for, but he says he TRIED flashing which gives him qualcomm, for HW rev. 2.3, and we are already on 2.4.
Last edited:
DEV ONLY - NAND access + Full Unlock for Lumia 710 & 800
- Thread starter biktor_gj
- Start date
this maybe the firmware we are looking for, but he says he TRIED flashing which gives him qualcomm, for HW rev. 2.3, and we are already on 2.4.
You didnt try the driver i had posted earlier in this thread, did you? For me QPST is working fine on windows 7 both with lumia 710 and 800.
Last edited:
Hmm, sorry I didn't find it earlier, thanks for the link. I'll try later today.
Edit: I tried it and had to modify the driver USB\VID_05C6&PID_9006&REV_0000&MI_00
USB\VID_05C6&PID_9006&MI_00 to erase the &MI_00 part, than it recognised it (had to go into test mode on win7 aswell), now i get this, the phone is apparently recognised as Qualcomm HS-USB Diagnostics 9006 , but qpst doesnt see it when connected, here a picture of it all http://dl.dropbox.com/u/24268926/lumiaQPST.jpg
any ideas ?
Edit2: thanks for the help guys, i somehow managed to get the 11414 firmware flashed with nss with "refurbish". phone restarted at least 10 times and than it started flashing, after this i can use the vol up + power button combo (it gives a short vibration unlike the long one before), but it now says Nokia DLOAD when i do it and connect to the linux pc, guess im out of luck =/ Might be the previous owner actually used NCS for flashing the 12070 update ...
thanks again all for the help.
Last edited:
It's just the firmware for the country code for my phone from navifirm+, I'll try to set up a link later, so you can play around. I do think there is a "bug" with my phone though, as it won't short vibrate when I press vol up + power (tried it on my gf's lumia 800, that has 2.3 and 12070 and it immediately made the short vibrate and went black screen, I didn't have a pc to test if it went into qualcomm or nokia dload though - but I assume it went into qualcomm, since it's one of the first batches and was never ncs flashed.
Edit: here is the link http://dl.dropbox.com/u/24268926/059L7F7.7z
Last edited:
So, I tried reconstructing the SplashScreen.dll and other GFX driver files (from XIP), but either I miss something or I just absolutely suck at using OSBuilder.
Must be useful for getting the right memory addresses and GPIOs for LK.
Could someone tell me how to get this done?
So, I tried reconstructing the SplashScreen.dll and other GFX driver files (from XIP), but either I miss something or I just absolutely suck at using OSBuilder.
Must be useful for getting the right memory addresses and GPIOs for LK.
Could someone tell me how to get this done?
My friend, that is hard as hell without haret sniffing data while you power cycle the screen..
Sent from my GT-I9100 using XDA
Hi biktor_gj,
I tried to open your usb-sniffs, but it failes, cause my usblyzer is ver 2.0 Build 25 and reports, that your files are older, unsupported version. Which one do u use?
BTW: Did not have the chance (and time) to sniff the second part after reboot yet. There is a difficulty to manage the device change, when the nokia boots into the service mode. USBLyzer doesn't care about the newly created device and I'm not fast enough to change it to sniff that device, so I did not get the first handshake pakets, which are so important to get (possibly) the cert and private key that decrypt the mtpz-session.
Regards
BTW2: Have a crazy thought: What would be, if the encryption of the snapshot made by zune before update, is only the encryption done by mtpz, nothing more. Then it should be as simple as to find the encryption scheme and parameters of that encryption process to decrypt such a backup to original data stream and store into a imgfs-partition. If further a tool exists, that can extract files from that imgfs-partition and rebuild it after changing something (something like OSbuilder, enhanced with a feature to extract and rebuild the "user"-part of dumps), you should be able to change any file in that backup, which does not have a signature. The (offline in backup) stored registry-files shouldn't have a signature, because registry is dynamically merged from different parts at runtime, and changes with any newly installed app. so interop unlock could be possible and also the restore of all settings, app, mails, sms ... all in one. What a dream!
Hey, I used version 1.6 which is what I had at hand at the time... anyway I think one of the files is corrupt, so I have to find some time to redo the whole mess on the locked lumia. I'll send you a new file as soon as I find time to do it.
About the backup... If you're doing it with Zune putting the phone in offline mode before doing the backup you'll have a hard time catching those packets. It's easier if you just put it in uLDR mode (camera+power), then connect to the PC, start capturing, and then run updateWP.exe to do the backup for you... What I don't know if it will require to flash a FFU afterwards (since I'm only playing with this I never had anything to save from any phone
)The problem with the backup is it is just from the userstore, so if some registry keys are read only... they won't be overwritten when flashing back, unless, maybe, if storage write protect is disabled in wmstore driver, which can't be touched unless you have full unlock... but worth a try anyway
Hey, I used version 1.6 which is what I had at hand at the time... anyway I think one of the files is corrupt, so I have to find some time to redo the whole mess on the locked lumia. I'll send you a new file as soon as I find time to do it.
About the backup... If you're doing it with Zune putting the phone in offline mode before doing the backup you'll have a hard time catching those packets. It's easier if you just put it in uLDR mode (camera+power), then connect to the PC, start capturing, and then run updateWP.exe to do the backup for you... What I don't know if it will require to flash a FFU afterwards (since I'm only playing with this I never had anything to save from any phone
The problem with the backup is it is just from the userstore, so if some registry keys are read only... they won't be overwritten when flashing back, unless, maybe, if storage write protect is disabled in wmstore driver, which can't be touched unless you have full unlock... but worth a try anyway
Are you sure the backup is only userstore? I think I once restored a device and my developer unlock was back with the restore. Also it restores your OS and FW; is this included in the userstore?
Sure? not at all, but the last backup I did occupied like 30 mb and the OS is 400Mb. Maybe the modified registry keys are saved too and that's why you got developer unlock back? No idea really...
[OSBL]
Okay, next approach at osbl. Making my way with my tiny little brain I though, is this where it compares the keys?
Code:
ROM:0003D074 ; ---------------------------------------------------------------------------
ROM:0003D074
ROM:0003D074 loc_3D074 ; CODE XREF: ROM:0003D050j
ROM:0003D074 MOV R3, #0
ROM:0003D078 MOV R2, #1
ROM:0003D07C MOV R1, #3
ROM:0003D080 STMFA SP, {R0-R3}
ROM:0003D084 MOV R0, LR
ROM:0003D088 MOV R2, R5
ROM:0003D08C MOV R1, R12
ROM:0003D090 MOV R3, R6
ROM:0003D094 STR R7, [SP]
ROM:0003D098 BL sub_66918
ROM:0003D09C CMP R0, #1
ROM:0003D0A0 MOVEQ R0, #0
ROM:0003D0A4 BEQ loc_3D0B8
ROM:0003D0A8 ADR R1, aCcirsassapss_0 ; "CciRsaSsaPssSign - RSA_SIGN returned an"...
ROM:0003D0AC MOV R0, R4
ROM:0003D0B0 BLX sub_787AC
ROM:0003D0B4
ROM:0003D0B4 loc_3D0B4 ; CODE XREF: ROM:0003D044j
ROM:0003D0B4 ; ROM:0003D060j ...
ROM:0003D0B4 MOV R0, #0x20 ; ' '
ROM:0003D0B8
ROM:0003D0B8 loc_3D0B8 ; CODE XREF: ROM:0003D0A4j
ROM:0003D0B8 ADD SP, SP, #0x14
ROM:0003D0BC LDMFD SP!, {R4-R7,PC}
ROM:0003D0C0Interesting part:
ROM:0003D09C CMP R0, #1
ROM:0003D0A0 MOVEQ R0, #0
ROM:0003D0A4 BEQ loc_3D0B8
If that CMP & MOVEQ are replaced with NOP's, should it directly jump to loc_3D0B8 and keep going like if the RSA signature was nice and pretty, or am I dreaming?
It's just strange it restores the OS but does not store the OS in the backup... It won't download the whole OS again, will it? Hmmm, it could be that they indeed only copy the modified registry, or maybe the whole registry, because that isn't very big. Maybe backups are compressed?
I did some static analysis on the Windows Phone 7 Connector for MacOS X with IDA + otool, but the mid-terms started before I could try to make a Zune simulator and try to get data out of the device. MS used libmtp (and lots of custom opcodes), so it shouldn't be too hard to hack a Zune simulator with python + libmtp.
I'm still busy next week but I'm willing to share my files, so PM me if you want to play with x86 asm + objective-c.
My Backups are always 6,5 GB of data, my phone had 5 gB free memory so there seems a difference to the whole partition size of 15 GB, except the backuped date are compressed and encrypted.
And I managed now the complete sniff. In capture settings one can activate the capture of hotplugged devices, so the complete process from starting backup with WP7easybackup, boot recycle and starting the backupprocess is sniffed. This is the good news, the bad is: Obvoious the protocol of making the backup is mtpz, the way of encryption is a other then described here. No Certificates are involved. So the question: Is someone of you able to analyze the mtp(z) protocol from my usb capture? I'ld pm that files, cause the sniffs contain UIDs of the phone.
Regards
On the WP7C there is a string "DoradoCrypt". My initial guess was that it is the Windows Media DRM cryptography, but "Dorado" is the codename for the Windows Zune application. I don't have any idea what it actually is.
Check the MTP/PTP opcode being used for sync:
Code:
0x1000: "PTP_OPCODE_UNDEFINED"
0x1001: "PTP_OPCODE_GETDEVICEINFO"
0x1002: "PTP_OPCODE_OPENSESSION"
0x1003: "PTP_OPCODE_CLOSESESSION"
0x1004: "PTP_OPCODE_GETSTORAGEIDS"
0x1005: "PTP_OPCODE_GETSTORAGEINFO"
0x1006: "PTP_OPCODE_GETNUMOBJECTS"
0x1007: "PTP_OPCODE_GETOBJECTHANDLES"
0x1008: "PTP_OPCODE_GETOBJECTINFO"
0x1009: "PTP_OPCODE_GETOBJECT"
0x100A: "PTP_OPCODE_GETTHUMB"
0x100B: "PTP_OPCODE_DELETEOBJECT"
0x100C: "PTP_OPCODE_SENDOBJECTINFO"
0x100D: "PTP_OPCODE_SENDOBJECT"
0x100E: "PTP_OPCODE_INITIATECAPTURE"
0x100F: "PTP_OPCODE_FORMATSTORE"
0x1010: "PTP_OPCODE_RESETDEVICE"
0x1011: "PTP_OPCODE_SELFTEST"
0x1012: "PTP_OPCODE_SETOBJECTPROTECTION"
0x1013: "PTP_OPCODE_POWERDOWN"
0x1014: "PTP_OPCODE_GETDEVICEPROPDESC"
0x1015: "PTP_OPCODE_GETDEVICEPROPVALUE"
0x1016: "PTP_OPCODE_SETDEVICEPROPVALUE"
0x1017: "PTP_OPCODE_RESETDEVICEPROPVALUE"
0x1018: "PTP_OPCODE_TERMINATECAPTURE"
0x1019: "PTP_OPCODE_MOVEOBJECT"
0x101A: "PTP_OPCODE_COPYOBJECT"
0x101B: "PTP_OPCODE_GETPARTIALOBJECT"
0x101C: "PTP_OPCODE_INITIATEOPENCAPTURE"
0x6101: "LUAP_OPCODE_OPENCONNECTION"
0x6102: "LUAP_OPCODE_CLOSECONNECTION"
0x6103: "LUAP_OPCODE_SENDBUFFER"
0x6104: "LUAP_OPCODE_RECEIVEBUFFER"
0x6105: "WATSON_OPCODE_RECEIVEFILE"
0x6106: "WATSON_OPCODE_CLEARDUMPS"
0x6107: "MTPZ_OPCODE_SEND_DEVICE_DATABASE"
0x6107: "MTPZ_OPCODE_SEND_DEVICE_DB"
0x6108: "POWER_OPCODE_GETGASGAUGEINFO"
0x6109: "TEST_SENDFILE_OPCODE_SENDFILEPATH"
0x610A: "TEST_SENDFILE_OPCODE_SENDFILEOBJECT"
0x610B: "TEST_SENDFILE_OPCODE_RECVFILEOBJECT"
0x9101: "JAN_OPCODE_GETSECURETIMECHALLENGE"
0x9102: "JAN_OPCODE_SETSECURETIMERESPONSE"
0x9103: "JAN_OPCODE_SETLICENSERESPONSE"
0x9104: "JAN_OPCODE_GETSYNCLIST"
0x9105: "JAN_OPCODE_SENDMETERCHALLENGEQUERY"
0x9106: "JAN_OPCODE_GETMETERCHALLENGE"
0x9107: "JAN_OPCODE_SETMETERRESPONSE"
0x9108: "JAN_OPCODE_CLEANDATASTORE"
0x9109: "JAN_OPCODE_GETLICENSESTATE"
0x910A: "JAN_OPCODE_SENDJANUSCOMMAND"
0x910B: "JAN_OPCODE_SENDJANUSREQUEST"
0x9170: "MTP_OPCODE_AAVT_OPENMEDIASESSION"
0x9171: "MTP_OPCODE_AAVT_CLOSEMEDIASESSION"
0x9172: "MTP_OPCODE_AAVT_GETNEXTDATABLOCK"
0x9173: "MTP_OPCODE_AAVT_SETCURRENTTIMEPOSITION"
0x9180: "MTP_OPCODE_WMDRMND_SENDREGISTRATIONREQUEST"
0x9181: "MTP_OPCODE_WMDRMND_GETREGISTRATIONRESPONSE"
0x9182: "MTP_OPCODE_WMDRMND_GETPROXIMITYCHALLENGE"
0x9183: "MTP_OPCODE_WMDRMND_SENDPROXIMITYRESPONSE"
0x9184: "MTP_OPCODE_WMDRMND_SENDWMDRMNDLICENSEREQUEST"
0x9185: "MTP_OPCODE_WMDRMND_GETWMDRMNDLICENSERESPONSE"
0x9201: "WMP_OPCODE_GETMODIFIEDPUIDS"
0x9202: "WMP_OPCODE_GETACQUIREDCONTENT"
0x9204: "WMP_OPCODE_COMMITFIRMWARE"
0x9212: "ARGO_OPCODE_SETHANDSHAKECHALLENGE"
0x9213: "ARGO_OPCODE_GETHANDSHAKERESPONSE"
0x9214: "ARGO_OPCODE_STARTSYNC"
0x9215: "ARGO_OPCODE_STOPSYNC"
0x9216: "ARGO_OPCODE_RESETHANDSHAKE"
0x9217: "MTPZ_OPCODE_RETRIEVEDEVICEDATABASE"
0x9218: "MTPZ_OPCODE_GETMODIFIEDITEMS"
0x9219: "MTPZ_OPCODE_GETACQUIREDITEMS"
0x921A: "MTP_OPCODE_AUTO_OPENMEDIASESSION"
0x921B: "MTP_OPCODE_AUTO_CLOSEMEDIASESSION"
0x921C: "MTP_OPCODE_AUTO_GETNEXTDATABLOCK"
0x921D: "MTP_OPCODE_AUTO_SETCURRENTTIMEPOSITION"
0x9220: "XNA_OPCODE_OPENCONNECTION"
0x9221: "XNA_OPCODE_CLOSECONNECTION"
0x9222: "XNA_OPCODE_SENDBUFFER"
0x9223: "XNA_OPCODE_RECEIVEBUFFER"
0x9224: "MTPZ_OPCODE_GET_WLAN_NIC_CAPABILITY"
0x9225: "MTPZ_OPCODE_GET_WLAN_NETWORK_LIST"
0x9226: "MTPZ_OPCODE_GET_WLAN_PROFILE_LIST"
0x9227: "MTPZ_OPCODE_SET_WLAN_PROFILE_LIST"
0x9228: "MTPZ_OPCODE_TEST_WLAN_CONFIGURATION"
0x9229: "MTPZ_OPCODE_RESET_TO_FACTORY_DEFAULTS"
0x922A: "MTPZ_OPCODE_SET_SYNC_PROGRESS"
0x922B: "MTPZ_OPCODE_PASSTHROUGH_CONTROL"
0x922C: "MTPZ_OPCODE_PASSTHROUGH_SEND_DATA"
0x922D: "MTPZ_OPCODE_PASSTHROUGH_RECEIVE_DATA"
0x922E: "MTPZ_OPCODE_MARKETPLACE_SET_CREDENTIALS"
0x922F: "MTPZ_OPCODE_GET_CLOUD_SYNC_PROGRESS"
0x9230: "MTPZ_OPCODE_CLOUD_SYNC_CONTROL"
0x9231: "MTPZ_OPCODE_SET_PROXY_INFO"
0x9232: "MTPZ_OPCODE_REPLACEOBJECT"
0x9233: "MTPZ_OPCODE_TEST_WLAN_SYNC_CONNECTION"
0x9234: "MTPZ_OPCODE_GET_DEVICE_ASSETS"
0x9240: "MANUF_OPCODE_CREATEKEYVAULT"
0x9242: "MANUF_OPCODE_BLOWFUSES"
0x9243: "MANUF_OPCODE_SETMODELID"
0x9300: "DU_OPCODE_GETASYNCOPSTATUS"
0x9301: "DU_OPCODE_CANCELASYNCOP"
0x9302: "DU_OPCODE_STARTUPDATESCAN"
0x9303: "DU_OPCODE_GETUPDATESCANRESULTS"
0x9304: "DU_OPCODE_PREINSTALLCLEANUP"
0x9305: "DU_OPCODE_STARTMAINOSPREINSTALLACTIONS"
0x9306: "DU_OPCODE_REBOOT"
0x9307: "DU_OPCODE_STARTPREBACKUPACTIONS"
0x9308: "DU_OPCODE_STARTPRERESTOREACTIONS"
0x9309: "DU_OPCODE_STARTULDRPREINSTALLACTIONS"
0x930A: "DU_OPCODE_STARTIUINSTALL"
0x930B: "DU_OPCODE_GETINSTALLRESULTS"
0x930C: "DU_OPCODE_REPORTDOWNLOADSTATUS"
0x930D: "DU_OPCODE_SETLOGGING"
0x930E: "DU_OPCODE_GETDEVICEUPDATELOG"
0x930F: "DU_OPCODE_GETDUOBJECTINFO"
0x9310: "DU_OPCODE_GETDUOBJECT"
0x9311: "DU_OPCODE_SENDDUOBJECTINFO"
0x9312: "DU_OPCODE_GETERRORLOG"
0x9313: "DU_OPCODE_PLUGIN_SYNC_GET"
0x9314: "DU_OPCODE_PLUGIN_SYNC_SET"
0x9315: "DU_OPCODE_SENDDUOBJECT"
0x9316: "DU_OPCODE_STARTPOSTBACKUPACTIONS"
0x9317: "DU_OPCODE_STARTPOSTRESTOREACTIONS"
0x9350: "MTPZ_OPCODE_SENDCSPQUERY"
0x9351: "MTPZ_OPCODE_GETCSPRESPONSE"
0x9360: "MTPZ_OPCODE_MOBILE_PSEUDOHANDSHAKE"
0x9361: "MTPZ_OPCODE_MOBILE_STARTSYNC"
0x9362: "MTPZ_OPCODE_MOBILE_STOPSYNC"
0x9363: "MTPZ_OPCODE_MOBILE_PSEUDOHANDSHAKERESET"
0x9364: "MTPZ_OPCODE_FORCE_APP_UPDATE"
0x9365: "MTPZ_OPCODE_ASYNC_FORMATSTORE"
0x9366: "MTPZ_OPCODE_ASYNC_FORMATSTORE_GETSTATUS"
0x9401: "MTPZ_OPCODE_PMX_MARKSPACE_GETCHALLENGE"
0x9402: "MTPZ_OPCODE_PMX_MARKSPACE_SETCHALLENGE"
0x9801: "MTP_OPCODE_GETOBJECTPROPSSUPPORTED"
0x9802: "MTP_OPCODE_GETOBJECTPROPDESC"
0x9803: "MTP_OPCODE_GETOBJECTPROPVALUE"
0x9804: "MTP_OPCODE_SETOBJECTPROPVALUE"
0x9805: "MTP_OPCODE_GETOBJECTPROPLIST"
0x9806: "MTP_OPCODE_SETOBJECTPROPLIST"
0x9807: "MTP_OPCODE_GETINTERDEPENDENTPROPDESC"
0x9808: "MTP_OPCODE_SENDOBJECTPROPLIST"
0x9810: "MTP_OPCODE_GETOBJECTREFERENCES"
0x9811: "MTP_OPCODE_SETOBJECTREFERENCES"
0x9888: "TEST_OPCODE_DELAYEDRESPONSE"
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
81UPDATE: First custom rom with Interop Unlock flashed succesfully. Requires hard reset after installing and an unlocked bootloader. See post for proof:
http://xdaforums.com/showpost.php?p=24818275&postcount=242
BIG THANK YOU TO ULTRASHOT!
Without you I couldn't have done it!
NOTICE: Testing full unlock (XIP unlock etc) with ultrashot. Will post new files as soon as I get a working build which doesn't get stucked on boot
Disclaimer:
I AM NOT RESPONSIBLE IF YOU LOOSE DATA, BREAK YOUR PHONE, OR SET YOUR HOUSE ON FIRE. DO THIS AT YOUR OWN RISK. BTW, REQUIRES A HARD RESET SO YOU WILL LOOSE ALL THE DATA IN YOUR PHONE BY FLASHING THIS. IF UNSURE, DON'T DO IT.
PLEASE STOP PM'ING ME FOR HELP, I CAN'T REPLY 20 PMS/HR. Please use the forum, maybe someone can create a discussion topic to help others and leave this for links and development. Thank you very much!
PLEASE STOP SENDING ME PMS ASKING FOR HELP AND USE THE DEDICATED THREAD
THIS THREAD IS FOR DEVELOPMENT ONLY, PLEASE RESPECT THAT AND USE THE Q&A THREAD FOR YOUR QUESTIONS.
LINKS:
Lumia 800: Full Unlock
New firmware: May 16, 2012 (removed foursquare and stuff)
sdb3.rar: Flash it to PARTITION #3. It contains 12070's amss & adsp. Not absolutely required but if you have an older version this should give you better battery life.
http://www.mediafire.com/?kwjladlgvq81rha
OS-NEW:
As always, flash it to PARTITION #9.
Part1: http://www.mediafire.com/?21by2oj7acnhkhw
Part2: http://www.mediafire.com/?wkeduvp9l4199qh
Part3: http://www.mediafire.com/?cnbkms40dy4y06z
Part4: http://www.mediafire.com/?rabunpmnaqclq3o
Complete Mediafire folder access: http://www.mediafire.com/?uo2dqcl34b9cy
___________________
Alternate ROM with Full Unlock + Some apps:
Part1: http://www.mediafire.com/?8gnqm418v32im3e
Part2: http://www.mediafire.com/?bgtg2t5infrnua1
Part3: http://www.mediafire.com/?l0sl5hbr0v9gfi1
Part4: http://www.mediafire.com/?emt2dfswdhn0z0w
Apps preinstalled:
DS Supertool
File Deployer
Metro Theme
WebServer
WinTT
WM Device Center
WP7 Root Tool
___________________
Lumia 710: Interop Unlock (no full unlock yet)
ROM Based on: RM803_059N2L6_1600.3015.8107.12070_010
Mediafire folder access: http://www.mediafire.com/?9z6og65ozgrnr
http://www.mediafire.com/download.php?d3bj3dkfbffbakn
http://www.mediafire.com/download.php?l35zjaebdrsm315
http://www.mediafire.com/download.php?ys5bapu8ubezybo
http://www.mediafire.com/download.php?tnadd4uuoxhatv3
CAUTION: I don't have a 710, so these images AREN'T TESTED. Use at your own risk. Be careful, people are reporting problems with this rom.
Full Unlock Image for Lumia 710 by lucifer3006 -BE CAREFUL, IT HAS BUGS, FOR TESTING PURPOSES ONLY- (thanks ultrashot & lucifer3006): http://www.mediafire.com/?p3318y5l19abb
You have a mirror of all the stuff on mediafire on xdafil.es: http://xdafil.es
Thank you mousey_!
PLEASE DO A FULL BACKUP OF THE NAND BEFORE PLAYING AROUND.
If you are developing fixes for the bootloader 'problem', feel free to grab a copy of the rest of partitions and stuff I posted over this thread here: http://www.mediafire.com/?kknt4lnc3tn7w
INSTRUCTIONS:
Requires an unlocked bootloader (a.k.a. qualcomm development bootloader).
Easy to check: Turn the phone OFF, then press and hold VOLUME UP + POWER until you notice a short vibration. Plug in to the computer. If the phone turns up in disk mode (USB Mass Storage Device), then you have an unlocked bootloader. IF you're in Windows, it will ask if you want to format the disk. SAY NO OR IT WILL EXPLODE (it won't explode but you might break it)
If the device detected by the computer is Nokia DLOAD you have a locked bootloader and you're out of luck, at least for now.
I used 'dd' in Linux, I guess you can do it with Windows version too (http://www.chrysocome.net/dd) but it's more involved to find the appropiate partition:
dd if=./os-new.nb of=/dev/sdX9
Where X is the disk detected by your linux distribution.
After that, you'll need to hard reset the phone. Hold Power button for 10 seconds to exit Qualcomm's disk mode, and press and hold POWER+VOLUMEDOWN+CAMERA until you feel the phone vibrate. After that, RELEASE power button but KEEP HOLDING volume down + camera for five or more seconds. This will trigger the hard reset.
Now time to play with bootloaders and try to get this to work for everyone!
If you like my work and want to donate for a beer (or two), follow this link22
Well, you can always make a backup and then restore via zune. The thing is the dumped OS is about 600Mb, the generated image is 378Mb. I don't know how it will reside on the flash, you could always check where the flash starts to get filled with zeros and clean it up before the first boot... If they had done it right and separated user data from the main OS we wouldn't have this problem...
INTEROP UNLOCK ACHIEVED!
Now time for a nice beeer
I'll put mediafire to work and upload the image I just did. Everyone who has an unlocked bootloader: after you flash this to the phone, DO A HARD RESET, otherwise it will get stucked on 'Installing Applications'12Hey everyone,
I was hoping to be able to crack Nokia's osbl, but time already run out and wasn't able to get it. So sorry, guys, but I had to return both Lumias. It's been a fun month, and at least I helped getting custom roms for at least some of you.
I'll be uploading here all the files I have on my computer so anyone can mirror them or use them for whatever you might need. If I can help you with something else (development related please) feel free to drop me a PM.
Once again big thank you to Ultrashot, Beidl, Xsacha, cdbase, ceesheim, HeathCliff & everyone that helped out with this. Now back to my (almost) forgotten Galaxy S2 & to try Boot 2 Gecko and see what progress has been done since the last time I checked8Btw, here is my DppImplant app.
Implants DPP partition with your stock Live Id to a custom rom.
Usage:
1) Put backup of the biggest partition to the folder with DppImplant.exe and call it "stock.nb"
2) Put "os-new.nb" there - target firmware in which you want to see your old Live Id.
3) Open DppImplant.exe. It will extract DPP from stock.nb and create mydpp.bin file. (After that you won't really need to have stock.nb in that folder).
"os-new.nb" will be patched.
4) Done.
P.S. if you open DPP using Notepad or any hex editor, you'll see saved Live Id.6Ok L710 fully unlocked
Those 2 parts are wrong. I used to narod.ru
---------- Post added at 07:29 PM ---------- Previous post was at 06:40 PM ----------
http://www.youtube.com/watch?v=-rQbFp7yasc
CAN WE KEEP THIS FOR DEVELOPMENT ONLY PLEEEEEEEEEEEEEASSSEEEEE?
Gift from our friends at Qualcomm:
Full AMSS firmware + Secboot Sources (Qualcomm loader)! Grab it while it's hot!
http://www.mediafire.com/?ir2h15f663ja6wc
