Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,737,870 Members 50,663 Now Online
XDA Developers Android and Mobile Development Forum

[Dev] Bypass "bootloader" [PROPER METHOD]

Tip us?
 
the_laser
Old
(Last edited by the_laser; 8th September 2011 at 04:34 PM.)
#1  
Senior Member - OP
Thanks Meter 771
Posts: 116
Join Date: Feb 2011
Default [Dev] Bypass "bootloader" [PROPER METHOD]

Greetings.

warning.
if you are not developer, please quit reading that post.
wait for user friendly tool with one big button.


here ( qsd8250.7z) is toolset to permanently "unlock" semcboot of qsd8250 semc phones ( x10a,x10i, so-o1b )

that means, you can use own kernel and so on.

it is much more better,stable,faster method, than present "bypass".

steps,precautions, etc.

unpack archive to any directory.

if you using eset antivirus or similar ****, it will find evil virus in adb.exe.
ignore that, it is not virus in any way, it is standard android debug bridge, bundled in one file to save space and usability.


now, if your phone unlocked officially:

flash phone with standard 2.0,2.1 android firmware,because kernel mapper module compiled for "2.6.29" kernel.

of course, enable "usb debugging"

run qsd8250_semc.cmd,
( if you want, examine it before run, it is pretty straightforward. )

you will get similar output

Code:
Select Code
process requires standard 2.x android firmware.
Press any key to continue . . .
Getting ROOT rights.
1464 KB/s (585731 bytes in 0.390s)
error: protocol fault (no status)
Waiting ...
Removing NAND MPU restrictions via SEMC backdoor. Permanent. Require ROOT rights.
192 KB/s (3087 bytes in 0.015s)
success
Waiting ...
Getting ROOT rights.
Waiting ...
Writing patched semcboot. Two step process
First, we need get access to semcboot area
504 KB/s (8064 bytes in 0.015s)
Second, we need to write semcboot ;)
1531 KB/s (588236 bytes in 0.375s)
successfully wrote 0001ff80
Press any key to continue . . .
bingo, your phone now has unlocked bootloader.

if your phone unlocked by setool2 software, use qsd8250_setool2.cmd

if your phone unlocked by 3rd-party software other than setool2, do not run anything -
it will disable radio capability of your phone and you will need to unlock phone by setool2 software.
hopefully, mizerable flea and mOxImKo will release something similar for your phone.


to find out what tool was used to unlock your phone, use that ( s1tool.7z ) tool.
if you will see "NOT RECOGNIZED SIMLOCK CERTIFICATE", you are out of luck.


okay, now about other details.

1.
unlocked bootloader require unlocked loader, yep ?

loader\loader.sin is special unlocked loader, which will be accepted ONLY after your "unlock" semcboot with previous steps.

to distinguish unlocked semcboot and original semcboot, first letter in version tag of semcboot output will be lower case, i. e. "r8A033"

( same applies for loader version tag )

so, all that stuff with signatures are not for us, so i removed them - loader will ignore signature part of SIN file.

2.
we should make SIN file somehow, right ?
for that i prepared "dumb" bin2sin utility.

Quote:
Syntax : bin2sin [input] [partition info, 32 digits] [type] [block size]
[input] - is input binary file.

[partition info]
android implementation on s1 semc qualcomm phones based on partitions,so we MUST define it for our file.

you can get required partition info from standard semc sin files, it is first 0x10 bytes of DATA, right after header, i.e.
Quote:
x10 kernel partition info
03000000220000007502000062000000
[type] - partition type, 9 - partition without spare, 0xA - partition with spare.
kernel partition is partition without spare.
if that parameter omitted, type = 9

[block size] - nand block size, if omitted, it is standard size 0x20000

there is example in sinTools\example_build.cmd

3.
kernel should be prepared specially to be accepted by semcboot.
for that there is tool bin2elf.

Quote:
Syntax : bin2Elf.exe [nbrOfSegments] [EntryPoint] [Segment1] [LoadAddress1] [Attributes1] ...
we need 2 segments:
segment 1 is unpacked linux kernel image, i.e.
( x10/kernel/arch/arm/boot/Image )

it looks like entrypoint and load address for segment 1 is always same for all qsd8250-based semc phone, it is 0x20008000

attributes for image 0x0

segment 2 is ramdisk.

it looks like entrypoint and load address for segment 1 is always same for all qsd8250-based semc phone, it is 0x24000000

set attributes for ramdisk 0x80000000, that is extremly important.

there is simple kernel example in sinTools\example_build.cmd

ps.

patched semcboot is doing exactly same thing as official "bootloader unlock" ( for some idiotic reasons called "rooting" ) , it skips checking of aARM firmware part ONLY.

it will NOT unlock your phone from network.

after procedure, you CAN use Emma/seUS safely.
The Following 161 Users Say Thank You to the_laser For This Useful Post: [ Click to Expand ]
 
bharadwaj1991
Old
#2  
Senior Member
Thanks Meter 47
Posts: 228
Join Date: Feb 2011
I sim unlocked my phone using maxrfon method...does this mean i cannot do this? which should be the same method setool used right?
 
bharadwaj1991
Old
#3  
Senior Member
Thanks Meter 47
Posts: 228
Join Date: Feb 2011
http://www.x10unlocked.com/

that is the site where i did it...it does it in a super secret way...which i think is the same way setool does it.
The Following 3 Users Say Thank You to bharadwaj1991 For This Useful Post: [ Click to Expand ]
 
william0410
Old
#4  
Senior Member
Thanks Meter 5
Posts: 122
Join Date: Jan 2011
Location: Abingdon
Quote:
Originally Posted by haszan1172 View Post
Omg omg omg omg omg. This also means full multi touch and other cool stuff. Soo excited! :-[] trollface
does it? or is it just a bypass?
 
aR_ChRiS
Old
#5  
aR_ChRiS's Avatar
Senior Member
Thanks Meter 260
Posts: 1,327
Join Date: Dec 2010
Location: Bristol, UK
Wondering if devs can incorporate this into flashtool so users can unlock the bl easily..
X10i - es209ra (First Android device and backup phone)
ROM: CM10 SEMC debranded engine
Kernel: Provided Kernel

Nexus 5 16GB - hammerhead
ROM: Carbon KK Builds (ART mode)
Kernel: Franco Kernel Builds

Nexus Prime - maguro
Retired due to broken usb port.
 
kantk20111
Old
#6  
kantk20111's Avatar
Senior Member
Thanks Meter 627
Posts: 1,350
Join Date: Feb 2011
Quote:
Originally Posted by william0410 View Post
does it? or is it just a bypass?
I think so...he mentioned bootloader 'unlock' quite a few times.
Current Device: Sony Xperia Z1

Previous Devices: Galaxy S3 I9300, SE Xperia X10i
The Following 2 Users Say Thank You to kantk20111 For This Useful Post: [ Click to Expand ]
 
-- X10B --
Old
#7  
-- X10B --'s Avatar
Senior Member
Thanks Meter 126
Posts: 480
Join Date: Jan 2011
Location: Antipolo

 
DONATE TO ME
Quote:
Originally Posted by aR_ChRiS View Post
Wondering if devs can incorporate this into flashtool so users can unlock the bl easily..
I guess it wont be easy cause if the person press the wrong (button)method, he will loose radio. As per the_laser said.

Correct me if i am wrong.

sent from my stock gb not rooted and no add ons.
MY AVATAR IS YOU
THE GOOD KISSER




_____________________
DEVICES THAT I ABUSE :

Galaxy S II WHITE
Xperia X10
 
bharadwaj1991
Old
#8  
Senior Member
Thanks Meter 47
Posts: 228
Join Date: Feb 2011
After reading the comments the_laser wrote on the X8 forum i think i got it. This IS a bootloader unlock EXCEPT for it ignoring the aARM thing, which then defines it as a "bypass" rather than a real unlock. But it does everything a real unlock does.

ALSO anybody know about my predicament...i used maxrfon simunlock method and will try this if i know if i can use teh setool2 version cuz i think it follows the same way maxrfon unlock works.
The Following 5 Users Say Thank You to bharadwaj1991 For This Useful Post: [ Click to Expand ]
 
iridaki
Old
#9  
iridaki's Avatar
Retired Forum Moderator / Recognized Themer
Thanks Meter 4648
Posts: 3,688
Join Date: Feb 2007
Location: Edinburgh, Scotland

 
DONATE TO ME
Don't rush into doing it!
It's pretty useless at the moment anyway! You can't do anything more than you already do, until developers give us new things to try (ROMs, kernels, etc).

Xperia X10i via Tapatalk
The Following 6 Users Say Thank You to iridaki For This Useful Post: [ Click to Expand ]
 
andrewddickey
Old
#10  
andrewddickey's Avatar
Senior Member
Thanks Meter 73
Posts: 190
Join Date: Jan 2011
Location: Texas Sucks Sweaty Balls

 
DONATE TO ME
Flashed X10a_2.0.A.0.504_Generic and ran qsd8250_semc.cmd

results:
Code:
Select Code
process requires standard 2.x android firmware.
Press any key to continue . . .
Getting ROOT rights.
* daemon not running. starting it now *
* daemon started successfully *
3530 KB/s (585731 bytes in 0.162s)
error: protocol fault (no status)
Waiting ...
Removing NAND MPU restrictions via SEMC backdoor. Permanent. Require ROOT rights
.
274 KB/s (3087 bytes in 0.011s)
success
Waiting ...
Getting ROOT rights.
Waiting ...
Writing patched semcboot. Two step process
First, we need get access to semcboot area
605 KB/s (8064 bytes in 0.013s)
Second, we need to write semcboot ;)
2735 KB/s (588228 bytes in 0.210s)
successfully wrote 0001ff80
Press any key to continue . . .
Let's see what we can do now.

The Following 4 Users Say Thank You to andrewddickey For This Useful Post: [ Click to Expand ]
Tags
bl unlock, bootloader unlocked, go devs!
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes