5,594,282 Members 43,540 Now Online
XDA Developers Android and Mobile Development Forum

DEV ONLY - NAND access + Full Unlock for Lumia 710 & 800

Tip us?
 
ombadboy
Old
#731  
ombadboy's Avatar
Senior Member
Thanks Meter 12
Posts: 131
Join Date: Oct 2008
Location: London

 
DONATE TO ME
Quote:
Originally Posted by biktor_gj View Post
Don't worry, I will build a new custom rom with full unlock based on Tango as soon as I find a firmware with full language support and not only English+Chinese... anyone knows where to find it? I only found one on navifirm and it was that english & chinese...

About bootloaders.... Anyone noticed this?
Code:
/sys_boot/keystore/key.str..Keystore read & decrypt failed!.Random seed init failed!....Security init (%d @ 0x%x)...
Security init status 0x%x...
DETAIL: Keys 0x%08x, 0x%08x, 0x%08x, 0x%08x.......`..@-.O`...`..0*. *..*..`....`...`..O`...*G.*....P.. ....0....3/.J_...*c.V..P..*.......`..
.*mc.tc..@./
Security init skipped!..
======= Secure DLOAD started =======
Version: %d.%d.%d
Compiled: Feb 17 2012, 10:35:39.
====================================
Extracted from one of the latest OSBLs out there...
Anyway of tricking it into that USB HID device it shows sometimes after rebooting from the bootloader?
You can find all the languages in this thread mate: http://forum.xda-developers.com/show....php?t=1579419
The Following User Says Thank You to ombadboy For This Useful Post: [ Click to Expand ]
 
ombadboy
Old
#732  
ombadboy's Avatar
Senior Member
Thanks Meter 12
Posts: 131
Join Date: Oct 2008
Location: London

 
DONATE TO ME
Just out of curiosity (no chef my self), do you extract rom, replace langs and repack? Or is there more work to be done (for lang inclusions that is)
 
n73gamer
Old
(Last edited by n73gamer; 27th April 2012 at 08:48 PM.)
#733  
Junior Member
Thanks Meter 4
Posts: 12
Join Date: Feb 2012
Guys dont give up! I hope you get the Bootloader unlocked soon for the Lumia 800 with the Nokia DLOAD

A friend of mine made this :
The Following 3 Users Say Thank You to n73gamer For This Useful Post: [ Click to Expand ]
 
Ricehead
Old
(Last edited by Ricehead; 27th April 2012 at 10:46 PM.)
#734  
Member
Thanks Meter 6
Posts: 46
Join Date: Nov 2011
Location: Birmingham
Hey Guys just a little heads up, Zune is telling me i have an update but my phone's
Versions are as follows ;

OS: 7.10.8107.79
F/W Rev no. 1600.2487.8107.12070
H/W Rev no. 112.1402.2.3
Radio: 1.6.00.24
Bootloader: 7.35.0.0
Chip: 0.74.2.1

I will update an reply with any changes to the bootloader value and the result when going into the bootloader mode

Edit: This is a Nokia update not MS



The update downloaded really fast, Not a full ROM, I'm guessing. (Could be tweaks to the BL, Maybe they found a loophole before we did ?)

---------- Post added at 11:09 PM ---------- Previous post was at 10:40 PM ----------

Sorry wasn't anything important. Just the 12072 F/w
http://blog.vodafone.com.au/blog/nok...2070-25042012/

BL Hasn't changed.
[Nokia Lumia 800 - Black] Mango 7.5 Locked BootLoader


Used to be a hardcore gamer, Now just a casual teenage tech nut.
 
surya467
Old
#735  
Senior Member
Thanks Meter 99
Posts: 386
Join Date: Jan 2012
Location: mumbai

 
DONATE TO ME
yeaa...done this last nite...Theres a thread about this update..
battery performance
charging time fixed
camera addition
volume bug still not fixed


Mobile History:
Quote:
nokia 3310>>
sony erricson z530i>>
Motorola L9>>
Sony erricson k790i>>
Nokia 5800 with WP8 Apollo Firmware>>
Lumia 800 Black with Official WP 7.8
HTC HD2 LEO512 HD02 and NexusHD2 ROM on SDCard Dual boot
 
Konner920
Old
(Last edited by Konner920; 28th April 2012 at 02:32 AM.)
#736  
Konner920's Avatar
Senior Member
Thanks Meter 45
Posts: 214
Join Date: Sep 2010
Location: Norman, OK
I'm probably either lost or just dumb, but can someone clarify with me if it's possible to even activate WP7 to access windows live services, I have the Lumia 710 and I have the Tango rom flashed.

edit: called microsoft and they gave me a product key.

EDIT2: it wont read on zune.

EDIT: last time I restarted zune and it works now.
Too many phones to list.

Current device: Moto G
 
biktor_gj
Old
(Last edited by biktor_gj; 28th April 2012 at 10:40 AM.)
#737  
biktor_gj's Avatar
Senior Member - OP
Thanks Meter 233
Posts: 665
Join Date: Jan 2008
A little update...

Anyone over here knows assembler?

This function:
Code:
ROM:00005C40 ; ---------------------------------------------------------------------------
ROM:00005C40
ROM:00005C40 loc_5C40                                ; CODE XREF: ROM:00005A74j
ROM:00005C40                                         ; ROM:00005A98j ...
ROM:00005C40                 ADR     R0, aSecurityInitSk ; "Security init skipped!"
ROM:00005C44                 BL      sub_1DEF8
ROM:00005C48                 B       loc_5B1C
ROM:00005C48 ; ---------------------------------------------------------------------------
is called from:
Code:
ROM:00005A54 ; ---------------------------------------------------------------------------
ROM:00005A54
ROM:00005A54 loc_5A54                                ; CODE XREF: ROM:00005A14j
ROM:00005A54                 ADD     R2, SP, #8
ROM:00005A58                 ADD     R1, SP, #0xC
ROM:00005A5C                 ADR     R0, aSys_bootKeys_0 ; "/sys_boot/keystore/key.str"
ROM:00005A60                 BL      sub_B244
ROM:00005A64                 MOVS    R4, R0
ROM:00005A68                 ADREQ   R0, aKeystoreReadDe ; "Keystore read & decrypt failed!"
ROM:00005A6C                 BEQ     loc_5A94
ROM:00005A70
ROM:00005A70 loc_5A70                                ; CODE XREF: ROM:00005A50j
ROM:00005A70                 CMP     R4, #1
ROM:00005A74                 BNE     loc_5C40
ROM:00005A78                 ADD     R4, SP, #0x10
ROM:00005A7C                 MOV     R0, R4
ROM:00005A80                 MOV     R1, #0x24 ; '$'
ROM:00005A84                 BL      sub_5588
ROM:00005A88                 CMP     R0, #0
ROM:00005A8C                 BNE     loc_5A9C
ROM:00005A90                 ADR     R0, aRandomSeedInit ; "Random seed init failed!"
ROM:00005A94
ROM:00005A94 loc_5A94                                ; CODE XREF: ROM:00005A6Cj
ROM:00005A94                 BL      sub_1DEF8
ROM:00005A98                 B       loc_5C40
ROM:00005A9C ; ---------------------------------------------------------------------------
Now, how can we make the key.str reading fail so we can skip the security initialization? Maybe it's nothing, and if security init is skipped it breaks and doesnt even let you flash, but it's another approach to be looked at, no?

Any help out there?
Now to search the nand dumps to try to find that key.str...

EDIT:
Could it have something to do with this?
Code:
FUNCTION  OSBL_ENCRYPT_KEYSTORE

DESCRIPTION
   Encrypt plain key store file.
 
DEPENDENCIES
  Must be done before APPS is released.
  
RETURN VALUE
  None

SIDE EFFECTS
  None

===========================================================================*/
static void osbl_encrypt_keystore( bl_shared_data_type *bl_shared_data )
{
#ifdef FEATURE_SDCC_BOOT
  if ( FALSE == boot_encrypt_file(PLAIN_KEY_STORE_FILE_NAME, ENCRYPT_KEY_STORE_FILE_NAME) )
    OSBL_ERR_FATAL( BL_ERR_OSBL );
#endif
}
The Following User Says Thank You to biktor_gj For This Useful Post: [ Click to Expand ]
 
ombadboy
Old
#738  
ombadboy's Avatar
Senior Member
Thanks Meter 12
Posts: 131
Join Date: Oct 2008
Location: London

 
DONATE TO ME
Quote:
Originally Posted by biktor_gj View Post
A little update...

Anyone over here knows assembler?

This function:
Code:
ROM:00005C40 ; ---------------------------------------------------------------------------
ROM:00005C40
ROM:00005C40 loc_5C40                                ; CODE XREF: ROM:00005A74j
ROM:00005C40                                         ; ROM:00005A98j ...
ROM:00005C40                 ADR     R0, aSecurityInitSk ; "Security init skipped!"
ROM:00005C44                 BL      sub_1DEF8
ROM:00005C48                 B       loc_5B1C
ROM:00005C48 ; ---------------------------------------------------------------------------
is called from:
Code:
ROM:00005A54 ; ---------------------------------------------------------------------------
ROM:00005A54
ROM:00005A54 loc_5A54                                ; CODE XREF: ROM:00005A14j
ROM:00005A54                 ADD     R2, SP, #8
ROM:00005A58                 ADD     R1, SP, #0xC
ROM:00005A5C                 ADR     R0, aSys_bootKeys_0 ; "/sys_boot/keystore/key.str"
ROM:00005A60                 BL      sub_B244
ROM:00005A64                 MOVS    R4, R0
ROM:00005A68                 ADREQ   R0, aKeystoreReadDe ; "Keystore read & decrypt failed!"
ROM:00005A6C                 BEQ     loc_5A94
ROM:00005A70
ROM:00005A70 loc_5A70                                ; CODE XREF: ROM:00005A50j
ROM:00005A70                 CMP     R4, #1
ROM:00005A74                 BNE     loc_5C40
ROM:00005A78                 ADD     R4, SP, #0x10
ROM:00005A7C                 MOV     R0, R4
ROM:00005A80                 MOV     R1, #0x24 ; '$'
ROM:00005A84                 BL      sub_5588
ROM:00005A88                 CMP     R0, #0
ROM:00005A8C                 BNE     loc_5A9C
ROM:00005A90                 ADR     R0, aRandomSeedInit ; "Random seed init failed!"
ROM:00005A94
ROM:00005A94 loc_5A94                                ; CODE XREF: ROM:00005A6Cj
ROM:00005A94                 BL      sub_1DEF8
ROM:00005A98                 B       loc_5C40
ROM:00005A9C ; ---------------------------------------------------------------------------
Now, how can we make the key.str reading fail so we can skip the security initialization? Maybe it's nothing, and if security init is skipped it breaks and doesnt even let you flash, but it's another approach to be looked at, no?

Any help out there?
Now to search the nand dumps to try to find that key.str...

EDIT:
Could it have something to do with this?
Code:
FUNCTION  OSBL_ENCRYPT_KEYSTORE

DESCRIPTION
   Encrypt plain key store file.
 
DEPENDENCIES
  Must be done before APPS is released.
  
RETURN VALUE
  None

SIDE EFFECTS
  None

===========================================================================*/
static void osbl_encrypt_keystore( bl_shared_data_type *bl_shared_data )
{
#ifdef FEATURE_SDCC_BOOT
  if ( FALSE == boot_encrypt_file(PLAIN_KEY_STORE_FILE_NAME, ENCRYPT_KEY_STORE_FILE_NAME) )
    OSBL_ERR_FATAL( BL_ERR_OSBL );
#endif
}
I got some knowledge on MIPS assembly and some RISC, but that's about it.. not any ARM. Could help you with it after my exams are done, if you dont figure it out by then, since it's a hectic period at the moment!
The Following 2 Users Say Thank You to ombadboy For This Useful Post: [ Click to Expand ]
 
Briefcase
Old
#739  
Senior Member
Thanks Meter 42
Posts: 184
Join Date: Nov 2009
Quote:
Originally Posted by biktor_gj View Post
A little update...

Any help out there?
Now to search the nand dumps to try to find that key.str...

EDIT:
Could it have something to do with this?
Code:
FUNCTION  OSBL_ENCRYPT_KEYSTORE

DESCRIPTION
   Encrypt plain key store file.
 
DEPENDENCIES
  Must be done before APPS is released.
  
RETURN VALUE
  None

SIDE EFFECTS
  None

===========================================================================*/
static void osbl_encrypt_keystore( bl_shared_data_type *bl_shared_data )
{
#ifdef FEATURE_SDCC_BOOT
  if ( FALSE == boot_encrypt_file(PLAIN_KEY_STORE_FILE_NAME, ENCRYPT_KEY_STORE_FILE_NAME) )
    OSBL_ERR_FATAL( BL_ERR_OSBL );
#endif
}
Good catch, it seems that 'boot_encrypt_file' is not defined in the Hisense source? That's weird right? or have they stripped out everything regarding FEATURE_SDCC_BOOT?
 
g-gabber
Old
(Last edited by g-gabber; 28th April 2012 at 02:56 PM.)
#740  
g-gabber's Avatar
Junior Member
Thanks Meter 16
Posts: 26
Join Date: Apr 2012
Location: Ебать!
If the security initialisation was skipped, that means that public-keys were not propetly loaded. Result you will be not able to load any cert for flash files

The Following User Says Thank You to g-gabber For This Useful Post: [ Click to Expand ]
Tags
android, bootloader, full unlock, interopunlock, nand
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes