[SUCCESS] Interop-Unlocking LUMIA - with JTAG

Search This thread

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,933
Seattle
Flashing official non-AT&T firmware for the Lumia 925 should be done using Nokia Care Suite. There's a (HUGE!) thread on un-branding WP8 devices by flashing a different official ROM to them.

Technically you *could* un-brand an AT&T ROM via JTAG, but it wouldn't be worth the time.
 

beka909

Senior Member
Jan 25, 2012
86
3
Flashing official non-AT&T firmware for the Lumia 925 should be done using Nokia Care Suite. There's a (HUGE!) thread on un-branding WP8 devices by flashing a different official ROM to them.

Technically you *could* un-brand an AT&T ROM via JTAG, but it wouldn't be worth the time.

I am getting FFU error via NCS
 

HATA28

Senior Member
Jun 7, 2009
54
20
Europe
Off Topic

Off topic: Can anyone tell me if a developer device (a Lumia 920.3 dev kit for example) would give full access to the filesystem and registry?
Thanks in advance
 

Sakura_PL

Member
Jul 1, 2007
6
0
Which entries in the registry have to change to get full access to file system in WP8 or WP8.1 by MTP or by File Manager from phone?
 

marcio-msa

Senior Member
Mar 1, 2016
98
21
GUARULHOS
ATF NITRO activation J-TAG :crying::crying:

I bought a ATF NITRO but do not have the JTAG activation.

I have some other program that to use the JTAG dolf clip without activation
 

Top Liked Posts

  • There are no posts matching your filters.
  • 29
    Hi there:)

    Well, as we really need Interop Unlock for our Lumia phones, i decided to check this out myself.
    As i already have ATF Box for a long time, i decided to buy JTAG activation and dolphin clip + lumia jigs, that i do not have to solder my phone.
    Also i have ordered a Lumia 520 testing phone on ebay.

    So, as the ATF Team made an awesome JTAG software update, i'm trying to interop unlock that Lumia 520 the hardware way, as just software seems to be too tough...

    Well, what i did so far:
    1. Freshly flashed Lumia 520 RM-914 with latest stock rom
    2. Did the setup/beginning after turning it on for 1st time
    3. developer unlocked it with SDK on PC
    4. Made Full Dump with JTAG from dev-unlocked phone
    5. Mounted MainOS partition of dump with program "OSFMount" (-->appears as Local harddisk example drive E: )
    6.Loaded the SOFTWARE hive with regedit on PC from "E:\Windows\System32\config"
    7. Edited the following values:
    PortalUrlInt = http://127.0.0.1
    PortalUrlProd = http://127.0.0.1
    MaxUnsignedApp = 10003
    8. unloaded SOFTWARE hive
    9. unmounted dump-image
    10. wrote image back via jtag

    I thought it might be a good Idea to dev-unlock the phone before messing with the registry, to make sure "DeveloperUnlockState = 1" gets written the "legal" way, as the key is not available in registry before.
    Maybe it's better to just modify an existing key, than adding a new one...


    Well, long story short: The result is not totally satisfying.:(

    After writing the modified image back to the EMMC, the phone is booting up, but i can NOT deploy homebrew apps that require interop unlock, like @GoodDayToDies "EnableAllSideloading.xap" for example.
    But i can deploy "nomal" apps like @cpuguys "Toastlauncher" and @GoodDayToDies "Webserver"

    The weird thing: If i check the reg-values via WebServer on the Phone, i can see my edited values.
    So the changes ARE written to the phone. The phone just doesn't use them...

    So, the good thing: phone is booting with modified rom :good:
    But, the bad thing: Changes are not working. :confused:


    EDIT:

    SUCCESS!!!
    After adding
    ID_CAP_DEVELOPERUNLOCK_API.jpg

    i could successfully sideload "EnableAllSideloading.xap"

    After executing enableallsideloading i could sideload latest WPHTweaks build.

    Now i have 3rd tile row enabled! :)
    Lumia_520_3rd_tile_row.jpg


    awesome!


    Also member @myst02 is working on interop-unlocking the lumia phones. So we decided to make this a together-project.
    See his achievements here: http://xdaforums.com/showthread.php?t=2713098&page=10
    :good:
    15
    Ok - i finally received my AT&T Lumia 520 (RM-915) from ebay :)

    So - as i don't really need 2 520s, i'm willing to donate my interop unlocked RM-914 phone - the one with the broken screen - to a clever developer ;)
    So, i first though about @GoodDayToDie: Would you like to have my Rm-914 Lumia 520?
    Maybe this would help you researching the not-working EnableAllSideloading on 8.1...

    So, if you would like to have it, i'd be happy to send it to you.
    I just need to know, if it's better to give it interop unlock on GDR3 or 8.1 to you.

    Just let me know if you're interested or name another dev who might need the phone.
    15
    Interop-unlocked Lumia 520 has arrived! I haven't had time to hack on it yet, but I've got plans. HUGE thanks to @lordmaxey for this!
    12
    Sorry, chinese guys were doing this for ages and hit news multiple times with it :D
    Also, I was constantly reminding everyone that unlock via JTAG is possible ;)

    There is one *bad* point in making this method public: according to docs, JTAG must be disabled. But Nokia doesn't really disable it the way Microsoft wants everyone to follow. I wouldn't tell you what can happen after this becoming public.



    Hi,

    Just some info about JTAG on Nokia Lumias...

    Nokia Disables it in the QFUSE, but there is a bug/hole in Qualcomm SOCs that enables you to still use JTAG Debugging by using unorthodox ways of HALTING (Entrer DEBUG Mode).

    This bug/hole was already rectified starting Snapdragon 800 (MSM8974 and its "family members), that is why there is currently no 3rd Party JTAG Box that can support these new SOCs if the Device Manufaturer sets the correct JTAG disable bits in QFUSE. I heard it is still possible via SWD but will very limited memory access. This holds true not only for Nokia, but for all other Manufacturers as well (Samsung, LG, HTC etc). Anything below Snapdragon 800 (with very few exceptions) can be debugged via JTAG even if the Manufacturer disables all JTAG bits in the QFUSE.

    For Snapdragon 800, not all is lost. One can still use ISP for the eMMC if the CLK, CMD, DATA0 lines are exposed on the PCB (which is usually the case because of external pull-up resistors to VccQ).

    Now as this method (Interop Unlock via JTAG) might be frowned upon because of the "hardware-approach" nature of the hack, it may still prove to be useful for developers who still want to explore a software-approach hack. I mean the developer will have more control "exploring" the possibilities when he is working on an already "unlocked" device.


    Anyway, I am willing to donate my Engineering Lumia 925 with "z" apps to any Senior Developer who is determined to find a "software only" hack.

    I will also provide a complimentary JTAG Box + Complete set of JIGS to allow "solderless" JTAG connection for the Lumia 925 (Just in case the Developer needs to revive the phone or if he wants to perform the hardware-method interop unlock on it).


    The reason for my generosity is nothing sinister. I simply have no practical use for this phone anymore and I am always a big supporter to anything Nokia...



    Best Regards,
    ATF Developer
    10
    SUCCESS!!

    SUCCESS!!!
    After adding
    ID_CAP_DEVELOPERUNLOCK_API.jpg

    i could successfully sideload "EnableAllSideloading.xap"

    After executing enableallsideloading i could sideload latest WPHTweaks build.

    Now i have 3rd tile row enabled! :)
    Lumia_520_3rd_tile_row.jpg


    awesome!