Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,770,363 Members 48,829 Now Online
XDA Developers Android and Mobile Development Forum

[R&D][QUALCOMM] Using QDL, EHostDL and DIAG interfaces & features

Tip us?
 
afkfurby
Old
#51  
afkfurby's Avatar
Member
Thanks Meter 18
Posts: 31
Join Date: Dec 2010
Location: Zurich

 
DONATE TO ME
found this on the internet, it's an older revision but might be helpful.
Attached Files
File Type: pdf DMSS.pdf - [Click for QR Code] (170.2 KB, 340 views)
...
The Following 3 Users Say Thank You to afkfurby For This Useful Post: [ Click to Expand ]
 
starteam
Old
#52  
starteam's Avatar
Junior Member
Thanks Meter 1
Posts: 28
Join Date: Apr 2013
my phone is LG Optimus G Pro and korean F240L;it is bricked ,when connected PC,apear "QHSUSB_Dload",after installed its driver,become “QualcommHS-USB QDLoader 9008 (COMx)”
I want use QPST emmcswdownload fix it,but how can I get the HEX file of APQ8064T(SnapDragon 600), MPRG8064?.hex .
Who can Tell me ?
 
E:V:A
Old
#53  
E:V:A's Avatar
Recognized Developer
Thanks Meter 1743
Posts: 1,331
Join Date: Dec 2011
Location: -∇ϕ
Quote:
Originally Posted by SouL Shadow View Post
  • To provide a partial Open Source (Linux) replacement for QPST and QXDM
Are we getting any closer to this? (Or are there already some other free software out there we can use? [Unfortunately I've been out of the loop for a while, so I'm not well updated on what people are doing...] I'd love to see an open source QXDM prototype...
MSM8960 Info, Architecture and Bootloader(s)
El Grande Partition Table Reference
How to talk to the Modem with AT commands

[REF][ServiceMode] How to make your Samsung perform dog tricks
[REF|R&D|RF] RF/Radio properties of Samsung ServiceMode

Want to know when your phone is getting tracked or tapped?

Help us develop the IMSI Catcher / Spy Detector!
(To be part of the EFF & The Guardian Project toolsets.)
_______________________________
If you like what I do, just click THANKS!
Everything I do is free, altruism is the way!
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
I do not answer support related PM's.

 
darkspr1te
Old
#54  
darkspr1te's Avatar
Senior Member
Thanks Meter 442
Posts: 826
Join Date: Sep 2012
Quote:
Originally Posted by E:V:A View Post
[/LIST] Are we getting any closer to this? (Or are there already some other free software out there we can use? [Unfortunately I've been out of the loop for a while, so I'm not well updated on what people are doing...] I'd love to see an open source QXDM prototype...
I am not currently working on anything due to not having a Qualcomm device at the moment.
But I am will to assist anyone who does continue the work.

Sent from my A210 using Tapatalk HD
New Debrick Tools, See Below:- (I no longer will respond to unsolicited PM's)

Goto Brixfix V2
My Documentation in debricking Qualcomm Device
[SHV-E160]Rooting & Rom info
Tegrak Clean Roms
Korean Galaxy Note Development/Root/ROMS

비밀의 dark
도화의 spr1te
 
rafael_mfr
Old
#55  
rafael_mfr's Avatar
Senior Member
Thanks Meter 67
Posts: 345
Join Date: Jul 2011
Location: Recife

 
DONATE TO ME
I've 3 Padfone 2 devices. Two of them are with qhsusb_dload state and don't turn on. But there is one in properly conditions, how can I fix the others? Can I use QPST EMMCSOFTWAREDOWNLOAD to repair them? I tried already without successfull. Thanks!

Sent from my PadFone 2 using Tapatalk 2
 
SouL Shadow
Old
#56  
SouL Shadow's Avatar
Senior Member - OP
Thanks Meter 294
Posts: 459
Join Date: Jun 2010
Location: Stratford, CT
Quote:
Originally Posted by E:V:A View Post
[/LIST] Are we getting any closer to this? (Or are there already some other free software out there we can use? [Unfortunately I've been out of the loop for a while, so I'm not well updated on what people are doing...] I'd love to see an open source QXDM prototype...
I've been busy with other real life events. I also under estimated both the massive scope of such a project and the limited interest others have shown in it. The original goal was to create an app that could be used instead of QPST to help recover bricked phones. To do that in a forward thinking way, I wanted to implement the core protocols that underlie both QPST and QXDM. With the changes to Qualcomm's security (ex: sec boot 3), such a program seems less useful, until it supports a lot of QXDM-like features, which would take a while to implement (tens of thousands). Despite being out of work since May, I've actually had less free time as I have been taking many classes to update and expand my computer skills.

I've been so busy that I've only flashed 2 different ROMs in the past 6 months!

For anyone interested, the Gobi3000 source contains most of the needed backend written in C++. The trick is to further separate the Gobi features from the protocol implementations, fill in the blanks and begin adding higher level services using these protocols. That is what I was planning to do. It's faster and easier than starting from scratch, but you'll need a good understanding of C++ namespaces, classes and templates.

Anyway, I'll continue to watch this thread and others for miracles news. Anyone who wants to actively work on this is free to use this thread. Being an R&D thread, active and on-topic discussion is always encouraged! I get email notifications of thread and private messages so I can update the OP or answer a question if needed. Anyone asking for unbricking help or qualcomm docs will be ignored.
-SLS-
The Following 3 Users Say Thank You to SouL Shadow For This Useful Post: [ Click to Expand ]
 
insink71
Old
(Last edited by insink71; 19th November 2013 at 06:48 AM.)
#57  
insink71's Avatar
Senior Member
Thanks Meter 250
Posts: 605
Join Date: Nov 2010
Location: Greenville, SC

 
DONATE TO ME
Default interested

Quote:
Originally Posted by darkspr1te View Post
I am not currently working on anything due to not having a Qualcomm device at the moment.
But I am will to assist anyone who does continue the work.

Sent from my A210 using Tapatalk HD
I would be interested in such and have a few qualcomm devices. Also, I have my stand-by riff box Good news I suppose is I could disassemble resurrect dll's [riffbox also uses windows] to see what critical portions of radio are rewritten to debrick [for target devices]. Translating it to python might be a learning experience. Might could help w/ providing a hosting mirror as well ref: https://teamblueridge.org/projects/files

Rob

PS more interested in per device unbricking [like you did] [perhaps adding other service options like sim unlock, supercid but probably not off-s] since I have a comparative tool; developing open source qpst beyond my skill set.

Phones:
HTC:
  • Droid Eris - desirec
  • Droid Incredible 2 - vivow
  • EVO 4G - supersonic
  • Evo Design 4G - kingdom
  • Google G1 - dream
  • G2 - vision
  • One V - primoc
  • Wildfire S - marvelc & marvel
LG:
  • Google Nexus 4 - mako
Motorola:
  • Droid Bionic - targa
Samsung:
  • Google Galaxy Nexus - maguro

Tablets:
  • (Asus) Google Nexus 7 - grouper
  • B&N Nook Color - encore
  • HP Touchpad 32GB - tenderloin



 
Heathcliff74
Old
(Last edited by Heathcliff74; 28th November 2013 at 07:24 PM.)
#58  
Heathcliff74's Avatar
Recognized Developer
Thanks Meter 2054
Posts: 1,439
Join Date: Dec 2010

 
DONATE TO ME
Default Qualcomm msm8960 on Windows Phone 8 devices

Hi,

I'm from the Windows Phone camp. In the past I've been working on a lot of Windows Phone 7 devices. Currently I'm working on 2 Windows Phone 8 devices: Samsung Ativ S (I8750) and Nokia Lumia 920 (RM-821). The Samsung device is an R&D device which has non-blown fuses, which means that QPST and other goodies are available on this device. The Nokia device is a retail device, which is fully secured. Both have the Qualcomm msm8960 chipset.

I'm quite new to hardware-hacking. I've been reading in this forum and other docs to catch up a little. But I'm still in the dark on some things. This thread seems to be the most appropriate one to ask my question.

For my current research I'm interested in one thing specifically: I want to read the OEM_PK_HASH from the QFuse of the devices. The Nokia has its fuses blown, so that won't be possible. But I'd like to be able to read the QFuse data from the Samsung.

I know how to put the Samsung in Qualcomm COM mode and Qualcomm DLOAD mode. In both cases I can connect QPST. In COM mode I can use the normal Software Downloader (to make a backup of NV) and other tools. In DLOAD mode, I can run the eMMC Software Download app. In the eMMC Software Download app, a QFuse button is available. There I can add addresses and then press the Read button. I'm not able to get this working correctly. First of all, I do know the address where OEM_PK_KEY should be, but I don't know the values for LSB and MSB. When I try to read an address, I always get this error:

Code:
Fuse blowing - QfpromRead - response command field (0x3) not equal to 0x35
Fuse read completed
Click image for larger version

Name:	ReadQFuse.png
Views:	156
Size:	45.4 KB
ID:	2420836

I read that it might be necessary to send a Flash Programmer image to the chip first. It will be loaded in RAM and then communicate with the client on the PC. So I tried that. I selected MPRG8960.hex, but when I try to send it to the chip, the eMMC Software Download app just becomes unresponsive.

Click image for larger version

Name:	DownloadProgrammer.png
Views:	111
Size:	45.7 KB
ID:	2420246

When I forcibly restart the eMMC Software Download app, nothing is changed; same error when I try to read the QFuse data.

My questions are:
- Why do I get the error message and how do I get around that?
- Which LSB and MSB values do I need to have, to be able to read the OEM_PK_HASH?

Any other information that could help me in the good direction is welcome.

Thanks a lot all, for posting all this info on XDA.

Ciao,
Heathcliff74

www.wp7roottools.com

Developer of "WP7 Root Tools"
Pioneer of "Interop Unlock"
Pioneer in Native Code Development on WP7


Also look at some of my other work:
Collection of all official WP7 updates, language packs and OEM updates
Guide for deploying files to your WP7 device


If you have questions about unlocking, please read this before you start mailing me, because my mailboxes are full

The Following 2 Users Say Thank You to Heathcliff74 For This Useful Post: [ Click to Expand ]
 
darkspr1te
Old
#59  
darkspr1te's Avatar
Senior Member
Thanks Meter 442
Posts: 826
Join Date: Sep 2012
Have a look at cdmatools and rev, I cover the usage of them plus other Qualcomm tools in my debrick of shv-e160, Qpst also has companion progs like qdart and qdm

Sent from my a210 using Tapatalk
New Debrick Tools, See Below:- (I no longer will respond to unsolicited PM's)

Goto Brixfix V2
My Documentation in debricking Qualcomm Device
[SHV-E160]Rooting & Rom info
Tegrak Clean Roms
Korean Galaxy Note Development/Root/ROMS

비밀의 dark
도화의 spr1te
 
stepw
Old
#60  
stepw's Avatar
Senior Member
Thanks Meter 15
Posts: 561
Join Date: Feb 2007
Quote:
Originally Posted by Heathcliff74 View Post
- Why do I get the error message and how do I get around that?
- Which LSB and MSB values do I need to have, to be able to read the OEM_PK_HASH?

Any other information that could help me in the good direction is welcome.

Thanks a lot all, for posting all this info on XDA.

Ciao,
Heathcliff74
According to DMSS Download Protocol specs (attached to this thread) Command (0x03) = NAK response packet. This must be the response you receive when command 0x35 is sent to the phone to read QFPROM. The phone doesn't seem to support this command, or command parameters were not accepted.

Perhaps if you sniff the entire packet with a USB sniffer, you can get extended NAK reason and if it's listed in Table 3-5 NAK reason codes in the same document, that should give you an idea why phone rejects command 0x35.

LSB/MSB values are likely OEM specific. Some OEMs include backdoors in their ROMs or bootloaders that can be used to read QFPROM and map QFuses to MSB/LSB.

PS Have you reviewed http://forum.xda-developers.com/show...php?t=1856327? Plenty of useful info over there, MSM8960 in general and QFuses in particular, specifically for LG handsets...

The Following User Says Thank You to stepw For This Useful Post: [ Click to Expand ]
Tags
qdl, qualcomm, r&d
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes