FORUMS

Download Sony’s new AOSP-like concept for Xperia Z3

Over in our forums, Recognized Contributor Jozinek has posted a very … more

OnePlus 2 vs Moto X Style: Which is The Better Flagship?

Two big industry names have announced their newest flagship phones within the … more

Making Your Own Xposed Modules Is Easier Than You Think

Close to the heart of XDA is the Xposed Framework by Rovo89. Most of … more

ZenFone 2 Lolliflash and ZenPower Giveaway!

We recently did an in-depth review of the Asus Zenfone 2 but one of the things people may … more

DEV ONLY - NAND access + Full Unlock for Lumia 710 & 800

966 posts
Thanks Meter: 3,079
 
By biktor_gj, Senior Member on 7th April 2012, 09:40 PM
Post Reply Subscribe to Thread Email Thread
13th April 2012, 06:46 AM |#221  
biktor_gj's Avatar
OP Senior Member
Thanks Meter: 3,079
 
Donate to Me
More
One thing, did anyone have time to check what does the other recovery mode?
Camera+Power drops me (on both phones, locked and unlocked) with with an open usb port declared as Windows Phone, and with a picture of a phone and a laptop on lumia's screen
I dont kniw if thats for zune updates but it seems so.
When I get back home Ill try to capture usb traffic from connection and firmware upgrade in NCS. If it can change the bootloader from windows phone, or it can reboot to some ram address it's worth checking out...will report with what I find.

Sent from my GT-I9100 using XDA
 
 
13th April 2012, 07:07 AM |#222  
Junior Member
Thanks Meter: 1
 
More
NCS detects it like flash mode, but reboot the phone after few seconds.
13th April 2012, 08:19 AM |#223  
ap3rus's Avatar
Member
Flag 812
Thanks Meter: 9
 
More
Quote:
Originally Posted by xsacha

Which part are you confused about?

You need to flash the qualcomm_osbl.mbn on to your device somehow and then you will have the Qualcomm bootloader (ala 'disk mode').
It's not some magic here, it's quite straightforward. I've opened the bootloaders in hex editor and know what I'm talking about . Everything you see being done is quite blatant in the bootloader but not in the nokia_osbl.mbn which overwrites it.

I'm talking about Fuse service and changing operating mode; looking to the nokia care suite at first sight, it's written in .NET without any obfuscation, just use Reflector and search, i'm going to do it on weekend

Quote:
Originally Posted by rescbr

VID_045E&PID_04EC: WindowsPhone7ProductOperatingMode.Normal
VID_0421&PID_05EF: WindowsPhone7ProductOperatingMode.Ncsd
VID_05C6&PID_QCOM: WindowsPhone7ProductOperatingMode.FTM
VID_0421&PID_05EE: WindowsPhone7ProductOperatingMode.OSBL
VID_0421&PID_5F4 : WindowsPhone7ProductOperatingMode.WinDIAG
VID_0421&PID_05ED: WindowsPhone7ProductOperatingMode.CareFTM

13th April 2012, 09:11 AM |#224  
biktor_gj's Avatar
OP Senior Member
Thanks Meter: 3,079
 
Donate to Me
More
Quote:
Originally Posted by ap3rus

I'm talking about Fuse service and changing operating mode; looking to the nokia care suite at first sight, it's written in .NET without any obfuscation, just use Reflector and search, i'm going to do it on weekend

We should take a look at FTM modes...
13th April 2012, 10:13 AM |#225  
Member
Thanks Meter: 11
 
More
Read carefully what jaxbot said , he already done it and basically Ftm is- factory test mode and don't give Qualcomm like the rest of those modes ,TRUE is somewhere else there's no time to loose on sth that someone already checked

Sent from my Lumia 800 using Board Express
13th April 2012, 12:17 PM |#226  
ap3rus's Avatar
Member
Flag 812
Thanks Meter: 9
 
More
Quote:
Originally Posted by cdbase

Read carefully what jaxbot said , he already done it and basically Ftm is- factory test mode and don't give Qualcomm like the rest of those modes ,TRUE is somewhere else there's no time to loose on sth that someone already checked

Sent from my Lumia 800 using Board Express

Anyway it's just so interesting for me to try every mode
13th April 2012, 02:11 PM |#227  
ombadboy's Avatar
Senior Member
London
Thanks Meter: 26
 
Donate to Me
More
Quote:
Originally Posted by xsacha

Which part are you confused about?

You need to flash the qualcomm_osbl.mbn on to your device somehow and then you will have the Qualcomm bootloader (ala 'disk mode').
It's not some magic here, it's quite straightforward. I've opened the bootloaders in hex editor and know what I'm talking about . Everything you see being done is quite blatant in the bootloader but not in the nokia_osbl.mbn which overwrites it.

I think thats possible using ATF Box no?
13th April 2012, 03:54 PM |#228  
Member
Thanks Meter: 11
 
More
Quote:
Originally Posted by xsacha

Which part are you confused about?

You need to flash the qualcomm_osbl.mbn on to your device somehow and then you will have the Qualcomm bootloader (ala 'disk mode').
It's not some magic here, it's quite straightforward. I've opened the bootloaders in hex editor and know what I'm talking about . Everything you see being done is quite blatant in the bootloader but not in the nokia_osbl.mbn which overwrites it.

so be kind to tell me from which firmware /country variant/cyan ,black ,white/ product code if you knw that , is that qualcomm_osbl file this could make it easier
13th April 2012, 05:05 PM |#229  
Senior Member
Thanks Meter: 70
 
More
I did some Research with Jaxbot yesterday. In a nutshell: It is possible to DD the sdb9 Partition that contains every data on the phone. This file can be dumped into its contents with nb7split and OSBuilder. By using an .hv editor it is possible to eidt the registry. The missing piece is to recombine the dumped files into an disc dump that can be rewritten to the lumia. It seems like the next Version of OSBuilder supports this.
13th April 2012, 07:19 PM |#230  
biktor_gj's Avatar
OP Senior Member
Thanks Meter: 3,079
 
Donate to Me
More
Thats what Ive veen doing with ultrashot, the problem seems to be with the kernel not booting after restore.. going to try with a fresh firm now

Edit: given that you already dumped the contents, my rom ended with maxunsignedapp set to the maximum value (2147483647) . According to ultrashot, OSBuilder doesnt do that by itself, could you check how it is in your rom?
Sent from my GT-I9100 using XDA
Last edited by biktor_gj; 13th April 2012 at 07:37 PM.
13th April 2012, 07:38 PM |#231  
Junior Member
Thanks Meter: 10
 
More
Quote:
Originally Posted by ombadboy

I think thats possible using ATF Box no?

It should not need the box hardware. Unfortunately the ATF software is packed with Themida. I haven't tried to unpack it yet.

But what ATF does, NCS (or even Zune) should do too.
The Following User Says Thank You to rescbr For This Useful Post: [ View ]

Read More
Post Reply Subscribe to Thread

Tags
android, bootloader, full unlock, interopunlock, nand
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes