D
Deleted member 3665957
Guest
Greetings.
warning.
if you are not developer, please quit reading that post.
wait for user friendly tool with one big button.
here ( View attachment qsd8250.7z) is toolset to permanently "unlock" semcboot of qsd8250 semc phones ( x10a,x10i, so-o1b )
that means, you can use own kernel and so on.
it is much more better,stable,faster method, than present "bypass".
steps,precautions, etc.
unpack archive to any directory.
if you using eset antivirus or similar ****, it will find evil virus in adb.exe.
ignore that, it is not virus in any way, it is standard android debug bridge, bundled in one file to save space and usability.
now, if your phone unlocked officially:
flash phone with standard 2.0,2.1 android firmware,because kernel mapper module compiled for "2.6.29" kernel.
of course, enable "usb debugging"
run qsd8250_semc.cmd,
( if you want, examine it before run, it is pretty straightforward. )
you will get similar output
bingo, your phone now has unlocked bootloader.
if your phone unlocked by setool2 software, use qsd8250_setool2.cmd
if your phone unlocked by 3rd-party software other than setool2, do not run anything -
it will disable radio capability of your phone and you will need to unlock phone by setool2 software.
hopefully, mizerable flea and mOxImKo will release something similar for your phone.
to find out what tool was used to unlock your phone, use that ( View attachment s1tool.7z ) tool.
if you will see "NOT RECOGNIZED SIMLOCK CERTIFICATE", you are out of luck.
okay, now about other details.
1.
unlocked bootloader require unlocked loader, yep ?
loader\loader.sin is special unlocked loader, which will be accepted ONLY after your "unlock" semcboot with previous steps.
to distinguish unlocked semcboot and original semcboot, first letter in version tag of semcboot output will be lower case, i. e. "r8A033"
( same applies for loader version tag )
so, all that stuff with signatures are not for us, so i removed them - loader will ignore signature part of SIN file.
2.
we should make SIN file somehow, right ?
for that i prepared "dumb" bin2sin utility.
[input] - is input binary file.
[partition info]
android implementation on s1 semc qualcomm phones based on partitions,so we MUST define it for our file.
you can get required partition info from standard semc sin files, it is first 0x10 bytes of DATA, right after header, i.e.
[type] - partition type, 9 - partition without spare, 0xA - partition with spare.
kernel partition is partition without spare.
if that parameter omitted, type = 9
[block size] - nand block size, if omitted, it is standard size 0x20000
there is example in sinTools\example_build.cmd
3.
kernel should be prepared specially to be accepted by semcboot.
for that there is tool bin2elf.
we need 2 segments:
segment 1 is unpacked linux kernel image, i.e.
( x10/kernel/arch/arm/boot/Image )
it looks like entrypoint and load address for segment 1 is always same for all qsd8250-based semc phone, it is 0x20008000
attributes for image 0x0
segment 2 is ramdisk.
it looks like entrypoint and load address for segment 1 is always same for all qsd8250-based semc phone, it is 0x24000000
set attributes for ramdisk 0x80000000, that is extremly important.
there is simple kernel example in sinTools\example_build.cmd
ps.
patched semcboot is doing exactly same thing as official "bootloader unlock" ( for some idiotic reasons called "rooting" ) , it skips checking of aARM firmware part ONLY.
it will NOT unlock your phone from network.
after procedure, you CAN use Emma/seUS safely.
warning.
if you are not developer, please quit reading that post.
wait for user friendly tool with one big button.
here ( View attachment qsd8250.7z) is toolset to permanently "unlock" semcboot of qsd8250 semc phones ( x10a,x10i, so-o1b )
that means, you can use own kernel and so on.
it is much more better,stable,faster method, than present "bypass".
steps,precautions, etc.
unpack archive to any directory.
if you using eset antivirus or similar ****, it will find evil virus in adb.exe.
ignore that, it is not virus in any way, it is standard android debug bridge, bundled in one file to save space and usability.
now, if your phone unlocked officially:
flash phone with standard 2.0,2.1 android firmware,because kernel mapper module compiled for "2.6.29" kernel.
of course, enable "usb debugging"
run qsd8250_semc.cmd,
( if you want, examine it before run, it is pretty straightforward. )
you will get similar output
Code:
process requires standard 2.x android firmware.
Press any key to continue . . .
Getting ROOT rights.
1464 KB/s (585731 bytes in 0.390s)
error: protocol fault (no status)
Waiting ...
Removing NAND MPU restrictions via SEMC backdoor. Permanent. Require ROOT rights.
192 KB/s (3087 bytes in 0.015s)
success
Waiting ...
Getting ROOT rights.
Waiting ...
Writing patched semcboot. Two step process
First, we need get access to semcboot area
504 KB/s (8064 bytes in 0.015s)
Second, we need to write semcboot ;)
1531 KB/s (588236 bytes in 0.375s)
successfully wrote 0001ff80
Press any key to continue . . .
bingo, your phone now has unlocked bootloader.
if your phone unlocked by setool2 software, use qsd8250_setool2.cmd
if your phone unlocked by 3rd-party software other than setool2, do not run anything -
it will disable radio capability of your phone and you will need to unlock phone by setool2 software.
hopefully, mizerable flea and mOxImKo will release something similar for your phone.
to find out what tool was used to unlock your phone, use that ( View attachment s1tool.7z ) tool.
if you will see "NOT RECOGNIZED SIMLOCK CERTIFICATE", you are out of luck.
okay, now about other details.
1.
unlocked bootloader require unlocked loader, yep ?
loader\loader.sin is special unlocked loader, which will be accepted ONLY after your "unlock" semcboot with previous steps.
to distinguish unlocked semcboot and original semcboot, first letter in version tag of semcboot output will be lower case, i. e. "r8A033"
( same applies for loader version tag )
so, all that stuff with signatures are not for us, so i removed them - loader will ignore signature part of SIN file.
2.
we should make SIN file somehow, right ?
for that i prepared "dumb" bin2sin utility.
Syntax : bin2sin [input] [partition info, 32 digits] [type] [block size]
[input] - is input binary file.
[partition info]
android implementation on s1 semc qualcomm phones based on partitions,so we MUST define it for our file.
you can get required partition info from standard semc sin files, it is first 0x10 bytes of DATA, right after header, i.e.
[type] - partition type, 9 - partition without spare, 0xA - partition with spare.
kernel partition is partition without spare.
if that parameter omitted, type = 9
[block size] - nand block size, if omitted, it is standard size 0x20000
there is example in sinTools\example_build.cmd
3.
kernel should be prepared specially to be accepted by semcboot.
for that there is tool bin2elf.
Syntax : bin2Elf.exe [nbrOfSegments] [EntryPoint] [Segment1] [LoadAddress1] [Attributes1] ...
we need 2 segments:
segment 1 is unpacked linux kernel image, i.e.
( x10/kernel/arch/arm/boot/Image )
it looks like entrypoint and load address for segment 1 is always same for all qsd8250-based semc phone, it is 0x20008000
attributes for image 0x0
segment 2 is ramdisk.
it looks like entrypoint and load address for segment 1 is always same for all qsd8250-based semc phone, it is 0x24000000
set attributes for ramdisk 0x80000000, that is extremly important.
there is simple kernel example in sinTools\example_build.cmd
ps.
patched semcboot is doing exactly same thing as official "bootloader unlock" ( for some idiotic reasons called "rooting" ) , it skips checking of aARM firmware part ONLY.
it will NOT unlock your phone from network.
after procedure, you CAN use Emma/seUS safely.
Last edited by a moderator: