Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

DEV ONLY - NAND access + Full Unlock for Lumia 710 & 800

OP biktor_gj

27th April 2012, 02:19 PM   |  #731  
ombadboy's Avatar
Senior Member
London
Thanks Meter: 12
 
145 posts
Join Date:Joined: Oct 2008
Donate to Me
More
Quote:
Originally Posted by biktor_gj

Don't worry, I will build a new custom rom with full unlock based on Tango as soon as I find a firmware with full language support and not only English+Chinese... anyone knows where to find it? I only found one on navifirm and it was that english & chinese...

About bootloaders.... Anyone noticed this?

Code:
/sys_boot/keystore/key.str..Keystore read & decrypt failed!.Random seed init failed!....Security init (%d @ 0x%x)...
Security init status 0x%x...
DETAIL: Keys 0x%08x, 0x%08x, 0x%08x, 0x%08x.......`..@-.O`...`..0*. *..*..`....`...`..O`...*G.*....P.. ....0....3/.J_...*c.V..P..*.......`..
.*mc.tc..@./
Security init skipped!..
======= Secure DLOAD started =======
Version: %d.%d.%d
Compiled: Feb 17 2012, 10:35:39.
====================================
Extracted from one of the latest OSBLs out there...
Anyway of tricking it into that USB HID device it shows sometimes after rebooting from the bootloader?

You can find all the languages in this thread mate: http://forum.xda-developers.com/show....php?t=1579419
The Following User Says Thank You to ombadboy For This Useful Post: [ View ]
27th April 2012, 08:55 PM   |  #732  
ombadboy's Avatar
Senior Member
London
Thanks Meter: 12
 
145 posts
Join Date:Joined: Oct 2008
Donate to Me
More
Just out of curiosity (no chef my self), do you extract rom, replace langs and repack? Or is there more work to be done (for lang inclusions that is)
27th April 2012, 09:41 PM   |  #733  
Junior Member
Thanks Meter: 4
 
12 posts
Join Date:Joined: Feb 2012
Guys dont give up! I hope you get the Bootloader unlocked soon for the Lumia 800 with the Nokia DLOAD

A friend of mine made this :
Last edited by n73gamer; 27th April 2012 at 09:48 PM.
The Following 3 Users Say Thank You to n73gamer For This Useful Post: [ View ]
28th April 2012, 12:09 AM   |  #734  
Member
Flag Birmingham
Thanks Meter: 6
 
48 posts
Join Date:Joined: Nov 2011
More
Hey Guys just a little heads up, Zune is telling me i have an update but my phone's
Versions are as follows ;

OS: 7.10.8107.79
F/W Rev no. 1600.2487.8107.12070
H/W Rev no. 112.1402.2.3
Radio: 1.6.00.24
Bootloader: 7.35.0.0
Chip: 0.74.2.1

I will update an reply with any changes to the bootloader value and the result when going into the bootloader mode

Edit: This is a Nokia update not MS



The update downloaded really fast, Not a full ROM, I'm guessing. (Could be tweaks to the BL, Maybe they found a loophole before we did ?)

---------- Post added at 11:09 PM ---------- Previous post was at 10:40 PM ----------

Sorry wasn't anything important. Just the 12072 F/w
http://blog.vodafone.com.au/blog/nok...2070-25042012/

BL Hasn't changed.
Last edited by Ricehead; 27th April 2012 at 11:46 PM.
28th April 2012, 01:35 AM   |  #735  
Senior Member
Flag mumbai
Thanks Meter: 101
 
388 posts
Join Date:Joined: Jan 2012
Donate to Me
More
yeaa...done this last nite...Theres a thread about this update..
battery performance
charging time fixed
camera addition
volume bug still not fixed
28th April 2012, 02:14 AM   |  #736  
Konner920's Avatar
Senior Member
Flag Norman, OK
Thanks Meter: 45
 
216 posts
Join Date:Joined: Sep 2010
More
I'm probably either lost or just dumb, but can someone clarify with me if it's possible to even activate WP7 to access windows live services, I have the Lumia 710 and I have the Tango rom flashed.

edit: called microsoft and they gave me a product key.

EDIT2: it wont read on zune.

EDIT: last time I restarted zune and it works now.
Last edited by Konner920; 28th April 2012 at 03:32 AM.
28th April 2012, 11:29 AM   |  #737  
biktor_gj's Avatar
OP Senior Member
Thanks Meter: 235
 
665 posts
Join Date:Joined: Jan 2008
A little update...

Anyone over here knows assembler?

This function:
Code:
ROM:00005C40 ; ---------------------------------------------------------------------------
ROM:00005C40
ROM:00005C40 loc_5C40                                ; CODE XREF: ROM:00005A74j
ROM:00005C40                                         ; ROM:00005A98j ...
ROM:00005C40                 ADR     R0, aSecurityInitSk ; "Security init skipped!"
ROM:00005C44                 BL      sub_1DEF8
ROM:00005C48                 B       loc_5B1C
ROM:00005C48 ; ---------------------------------------------------------------------------
is called from:
Code:
ROM:00005A54 ; ---------------------------------------------------------------------------
ROM:00005A54
ROM:00005A54 loc_5A54                                ; CODE XREF: ROM:00005A14j
ROM:00005A54                 ADD     R2, SP, #8
ROM:00005A58                 ADD     R1, SP, #0xC
ROM:00005A5C                 ADR     R0, aSys_bootKeys_0 ; "/sys_boot/keystore/key.str"
ROM:00005A60                 BL      sub_B244
ROM:00005A64                 MOVS    R4, R0
ROM:00005A68                 ADREQ   R0, aKeystoreReadDe ; "Keystore read & decrypt failed!"
ROM:00005A6C                 BEQ     loc_5A94
ROM:00005A70
ROM:00005A70 loc_5A70                                ; CODE XREF: ROM:00005A50j
ROM:00005A70                 CMP     R4, #1
ROM:00005A74                 BNE     loc_5C40
ROM:00005A78                 ADD     R4, SP, #0x10
ROM:00005A7C                 MOV     R0, R4
ROM:00005A80                 MOV     R1, #0x24 ; '$'
ROM:00005A84                 BL      sub_5588
ROM:00005A88                 CMP     R0, #0
ROM:00005A8C                 BNE     loc_5A9C
ROM:00005A90                 ADR     R0, aRandomSeedInit ; "Random seed init failed!"
ROM:00005A94
ROM:00005A94 loc_5A94                                ; CODE XREF: ROM:00005A6Cj
ROM:00005A94                 BL      sub_1DEF8
ROM:00005A98                 B       loc_5C40
ROM:00005A9C ; ---------------------------------------------------------------------------
Now, how can we make the key.str reading fail so we can skip the security initialization? Maybe it's nothing, and if security init is skipped it breaks and doesnt even let you flash, but it's another approach to be looked at, no?

Any help out there?
Now to search the nand dumps to try to find that key.str...

EDIT:
Could it have something to do with this?
Code:
FUNCTION  OSBL_ENCRYPT_KEYSTORE

DESCRIPTION
   Encrypt plain key store file.
 
DEPENDENCIES
  Must be done before APPS is released.
  
RETURN VALUE
  None

SIDE EFFECTS
  None

===========================================================================*/
static void osbl_encrypt_keystore( bl_shared_data_type *bl_shared_data )
{
#ifdef FEATURE_SDCC_BOOT
  if ( FALSE == boot_encrypt_file(PLAIN_KEY_STORE_FILE_NAME, ENCRYPT_KEY_STORE_FILE_NAME) )
    OSBL_ERR_FATAL( BL_ERR_OSBL );
#endif
}
Last edited by biktor_gj; 28th April 2012 at 11:40 AM.
The Following User Says Thank You to biktor_gj For This Useful Post: [ View ]
28th April 2012, 01:47 PM   |  #738  
ombadboy's Avatar
Senior Member
London
Thanks Meter: 12
 
145 posts
Join Date:Joined: Oct 2008
Donate to Me
More
Quote:
Originally Posted by biktor_gj

A little update...

Anyone over here knows assembler?

This function:

Code:
ROM:00005C40 ; ---------------------------------------------------------------------------
ROM:00005C40
ROM:00005C40 loc_5C40                                ; CODE XREF: ROM:00005A74j
ROM:00005C40                                         ; ROM:00005A98j ...
ROM:00005C40                 ADR     R0, aSecurityInitSk ; "Security init skipped!"
ROM:00005C44                 BL      sub_1DEF8
ROM:00005C48                 B       loc_5B1C
ROM:00005C48 ; ---------------------------------------------------------------------------
is called from:
Code:
ROM:00005A54 ; ---------------------------------------------------------------------------
ROM:00005A54
ROM:00005A54 loc_5A54                                ; CODE XREF: ROM:00005A14j
ROM:00005A54                 ADD     R2, SP, #8
ROM:00005A58                 ADD     R1, SP, #0xC
ROM:00005A5C                 ADR     R0, aSys_bootKeys_0 ; "/sys_boot/keystore/key.str"
ROM:00005A60                 BL      sub_B244
ROM:00005A64                 MOVS    R4, R0
ROM:00005A68                 ADREQ   R0, aKeystoreReadDe ; "Keystore read & decrypt failed!"
ROM:00005A6C                 BEQ     loc_5A94
ROM:00005A70
ROM:00005A70 loc_5A70                                ; CODE XREF: ROM:00005A50j
ROM:00005A70                 CMP     R4, #1
ROM:00005A74                 BNE     loc_5C40
ROM:00005A78                 ADD     R4, SP, #0x10
ROM:00005A7C                 MOV     R0, R4
ROM:00005A80                 MOV     R1, #0x24 ; '$'
ROM:00005A84                 BL      sub_5588
ROM:00005A88                 CMP     R0, #0
ROM:00005A8C                 BNE     loc_5A9C
ROM:00005A90                 ADR     R0, aRandomSeedInit ; "Random seed init failed!"
ROM:00005A94
ROM:00005A94 loc_5A94                                ; CODE XREF: ROM:00005A6Cj
ROM:00005A94                 BL      sub_1DEF8
ROM:00005A98                 B       loc_5C40
ROM:00005A9C ; ---------------------------------------------------------------------------
Now, how can we make the key.str reading fail so we can skip the security initialization? Maybe it's nothing, and if security init is skipped it breaks and doesnt even let you flash, but it's another approach to be looked at, no?

Any help out there?
Now to search the nand dumps to try to find that key.str...

EDIT:
Could it have something to do with this?
Code:
FUNCTION  OSBL_ENCRYPT_KEYSTORE

DESCRIPTION
   Encrypt plain key store file.
 
DEPENDENCIES
  Must be done before APPS is released.
  
RETURN VALUE
  None

SIDE EFFECTS
  None

===========================================================================*/
static void osbl_encrypt_keystore( bl_shared_data_type *bl_shared_data )
{
#ifdef FEATURE_SDCC_BOOT
  if ( FALSE == boot_encrypt_file(PLAIN_KEY_STORE_FILE_NAME, ENCRYPT_KEY_STORE_FILE_NAME) )
    OSBL_ERR_FATAL( BL_ERR_OSBL );
#endif
}

I got some knowledge on MIPS assembly and some RISC, but that's about it.. not any ARM. Could help you with it after my exams are done, if you dont figure it out by then, since it's a hectic period at the moment!
The Following 2 Users Say Thank You to ombadboy For This Useful Post: [ View ]
28th April 2012, 02:20 PM   |  #739  
Senior Member
Thanks Meter: 42
 
184 posts
Join Date:Joined: Nov 2009
Quote:
Originally Posted by biktor_gj

A little update...

Any help out there?
Now to search the nand dumps to try to find that key.str...

EDIT:
Could it have something to do with this?

Code:
FUNCTION  OSBL_ENCRYPT_KEYSTORE

DESCRIPTION
   Encrypt plain key store file.
 
DEPENDENCIES
  Must be done before APPS is released.
  
RETURN VALUE
  None

SIDE EFFECTS
  None

===========================================================================*/
static void osbl_encrypt_keystore( bl_shared_data_type *bl_shared_data )
{
#ifdef FEATURE_SDCC_BOOT
  if ( FALSE == boot_encrypt_file(PLAIN_KEY_STORE_FILE_NAME, ENCRYPT_KEY_STORE_FILE_NAME) )
    OSBL_ERR_FATAL( BL_ERR_OSBL );
#endif
}

Good catch, it seems that 'boot_encrypt_file' is not defined in the Hisense source? That's weird right? or have they stripped out everything regarding FEATURE_SDCC_BOOT?
28th April 2012, 03:46 PM   |  #740  
g-gabber's Avatar
Junior Member
Flag Ебать!
Thanks Meter: 16
 
26 posts
Join Date:Joined: Apr 2012
More
If the security initialisation was skipped, that means that public-keys were not propetly loaded. Result you will be not able to load any cert for flash files
Last edited by g-gabber; 28th April 2012 at 03:56 PM.

The Following User Says Thank You to g-gabber For This Useful Post: [ View ]
Post Reply Subscribe to Thread

Tags
android, bootloader, full unlock, interopunlock, nand
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes