Search results

Hi, Thanks for the fast response! No rush really. I only need the Compass app and fitness features. All else is off to save battery. BR

Hi guys, Does anyone have a copy of the actual rooting guide ? First post links to some 'under construction' image. Thanks!

Oh i see, that is why will not show as disk,but a folder in Temp directory

Great job! Thanks for sharing. But how do you unmount ? Just closing the folder ?

Hi, You need to make sure the phone is in Normal Mode and detected by NSS, so product type/imei etc could be read and checked before rebooting to OSBL mode and doing the restore process. BR

Hi, I stopped work on this as there was no interest apparently, while i had time to do it. Maybe in few months time i will have a look. To dump you need JTAG i believe. BR

Hi, The 800 will also require very precise and somehow risky cut on the shielding to get good access to the TP locations. Maybe there is a better way via IR station and full removal of the shield, but i have no idea how to do that. Also i don't offer such service, maybe for a bottle of Jack...

Hi, In theory the ELF file contains all needed info. In case not - use ARM little endian. BR

Hi, If the 900 baseband soft is anything like the 710/800, then you need to dump the image somehow, drag to IDA and look for the AT processor task. There is a huge handler table with at command string + ptr to C handler for each entry. The main problem is that IDA will not automatically parse...

Hi, I guess 1-bit MMC = SDIO, sorry my bad. The phone for sure switches to wider bus after initial boot sequence, i haven't reversed this part, not sure where it is, probably the bootrom. But during this initial chip inquiry is the golden opportunity to take control and off course hats off to...

Hi, I am still yet to see somebody implement off power read/write of the eMMC chip. ATF manages with so many wires by the fact that the chip is still wired to the CPU and all control signals are handled correct. If you watch the protocol on screen you will see that ATF FGPA asserts low's and...

My trial finished, so i had to sent back the phone. Anyway, it more or less clear now. A friend promised to send me full dump, so will do some IDA work to see if anything is possible. BR

Another update, after last nights fiasco, it seems the 920 employs the good old BB5 SL3 simlock, probably with 20 digits codes only. The lame Qcom NV file system with 8 digit codes is just left there unused. So the codes read via simple json call are not working, do not enter them, it will...

Ok, the valid WinUsb class to talk to the json handler in the NSC app is: // WP8 driver class DEFINE_GUID(GUID_CLASS_NOKIA_WIN_DRIVER_WP8, 0x7EAFF726,0x34CC,0x4204,0xB0, 0x9D, 0xF9, 0x54, 0x71, 0xB8, 0x73, 0xCF); Pipe 7 seems to be the output, pipe 6 the input, but JSON protocol seems to be...

So seems Nokia coders had some time and decided to return to old FBUS protocol format for the test mode application: 1B 00 10 35 00 0E 00 00 7F A0 00 01 00 08 01 00 88 00 00 00 1B 10 00 35 00 4E 00 00 7F A1 00 01 00 07 00 48 00 88 00 04 02 00 00 00 08 34 01 2E 4E 54 43 20 72 65 73 69...

Thanks, that was very useful information. Exactly the same here on Win7 64, lots of devices without driver. This is one crazy USB device there: Device Descriptor: bcdUSB: 0x0200 bDeviceClass: 0x00 bDeviceSubClass: 0x00 bDeviceProtocol: 0x00 bMaxPacketSize0...

Hi, Not yet, but will do some scans today and get better clue. To other guys that asked about test mode - it is just a drop down box in latest NCS. On lower level is just: {"jsonrpc": "2.0","id": 3,"method": "SetDeviceM ode","param s":{"Messag eVersion":0 ,"DeviceMod e":"Test"," ResetMethod...

Hi, Very interesting info. I assumed you already know this as you released support for this generation first. I also saw two cert like type files i have seen before in BB5 with the flash files, but would not assume they would mix it up again. If the bb core sw is anything like 7.xx there...

Hello, I got the 920 for few weeks, then i have to give it back. So there is no time to waste. Is there anyone working on the phone already ? I mean rooting, exploiting, etc ? Few points i already see: - updated NCS application, v 1.18, seems to support much more info (simlocks status...

Hi, This software require special dongle to work. Also all WP7 features are copy & paste from NSS free release few months ago. Anyway if you decide to run it on your computer, make sure you have very good antivirus that can detect custom made, non standart Ring0 rootkits. The authors have long...

Hi, I did only two of my test 710s. On the first i just ripped off the shield with the pliers, but this phone is only for testing, not going to be used for actual calling, so it is ok. I wouldn't recommend this on your phone. On the second phone, which was brand new, i just used 8 mm drill to...

Be careful when you solder the wires and remove metal shields. On the pullup resistors, replace the ROHS solder with good, leaded solder first, use flux, then solder the wires. Otherwise you will get connection problems. Also make sure you use short as possible wires, the SPI speed is bit higher...

Hi, Two problems here: - some very good soldering skills are required. People who have them, probably already have ATF (mobile phone shops, etc), so maybe waste of time to re-implement. I don't see regular users doing this by themselves - some extra hardware is needed, so far looks like custom...

Hi guys, In case you missed it, Lumia's have been completely hacked by an old friend, Phillipines hacker (X-Shadow). It will need to get your hands dirty(soldering needed,removing of metal shields), also no free software available yet. But is a good start, could be used for rooting, boot...

Hi, Quick follow up on the re-locking issue. Sim unlock via NSS is permanent (it changed the simlock area as original operator code does). But there seems to be a way to relock the phone again, i haven't found the exact mechanism yet(busy with other stuff). So - after sim unlock and restore...

Unlock does a temporary patch on the baseband firmware, to allow entry of incorrect unlock code. If you click unlock again and the patch is found, the baseband is restored to previous state. Not really important, it's more of a optional thing to do.

I wish developing unlocking solution was that cheap. To make current 710 sim unlock, even with free root available: - The CPU has two cores, one run WP os, the other baseband, both talk to each other via shared memory drivers (low level), then higher level is done via onrpc servers. Installing...

Hi, Not sure about that. But will play with this when i have some free time. My unlock is the same as entering original provider code, i just patch the validity check in the baseband (good guy/bad guy check) temporary, so during entering any wrong code, the phone is fooled to set the unlock...

It has been pointed many times that is not possible at the current moment, sorry. No, the unlock is in a separate partition that has phone unique encryption and generic flashing can not touch it, it stays the same during the lifetime of the phone, unless modification is requested via API...

Hi, No, the phone will stay unlocked after firmware upgrade. It is possible to be read and decoded, but was too much work. Fooling the phone to accept fake code and unlock itself (switch the unlock flag) was much easier. Regards

Hi, Just few random thoughts on the subject: - Why Nokia/MS choose to use such CPU for it's flagship phone ? Even microcontrollers these days have laser cut ROM with built in USB driver - There are some professional third party tools for Qualcomm phones(mostly Android) that allow JTAG recovery...

Hi, Some people reported problems with NSS phone detection, etc. There was Beta update to address some of those problems, sorry forgot to post it here. Anyway here the details: ----------------------------------------------------------------------- 1. Underpowered computers are unable to read...

Hi, You start the phone in Normal Mode ? Is the phone with blank screen after install or just restarts to Normal Mode ? BR

Hi, I try to keep most NSS functions free for everybody. There is only small subset of features that are valuable to proffessional unlockers and require the annual subscription. If anyone feels that excited and generous he can subscribe, even if the subscription is not needed ;) Regards

Hi, If you have a phone, check what the Simlock saves as backup. Also after unlock you can try the Restore button and see what is loaded. BR

Yes, it is the best way. But what is the point to get code from the network and come to mobile phone hacking forum at all ? You just call them, get the code, enter and you are back to celebrity big brother in no time. No need to hack stuff, no soldering, no exploits.

http://forum.xda-developers.com/showthread.php?t=1620629

Hi, When the phone restarts after the change to OSBL mode command, does it stay with dark screen, or just enters the long boot process and comes in Normal Mode ? If the latter, you maybe have baseband/ROM mismatch, where some commands are not recognized - e.g. the restart. Battery level is...

Hi, For normal flashing when you have Nokia dload loader - not possible to skip the certificate. When you have Qcom loader installed, you can pretty much write to every part of the NAND chip, but some areas are very risky as some people that clicked format in windows have already found out...

Second time is not needed. It is just restores the baseband firmware to original.

There are few drivers needed - Zune, Nokia Care Suite, Microsoft USB disk drivers. Make sure Zune and NCS are installed and working.

Hi, Yes it is to unlock the sim restriction, so the phone can be used on any carrier. Just the guys at MS are on some strange drug, the unlock code they call - PIN, and the unblock code - PUK. BR

Hi, Thanks for the pictures. If you want to help me debug the problem, PM me your e-mail so we can get in touch. BTW, latest Nss is out today, sim unlock for all phones with Qcom bootloader here. Regards

Hi guys, Here the new NSS version (0.50) that allows sim unlock if your Lumia is rooted (710,800). How to unlock: 1. Make sure all drivers are installed, phone is visible by NSS in Normal, OSBL and NAND mode 2. Make sure you have Qcom loader 3. Plug the phone via USB cable 4. Start NSS, go to...

Hi, What happens when you click 'Parse FS' ? BR

Hi, You also need NCS installed for the drivers (Nokia specific). BR

Hi, I just been told in another forum that some networks provide PUK codes from Nokia database. Maybe you can call the guys who sold you the PIN and ask for PUK instead, not sure if it will work. Regards

Hi, Only if you have sfs backup from before you blocked the PIN. You need to restore, and then enter the valid PIN you got. BR

Hi, Could this be enabled on unlocked 710 and used for OS level debugging ? To monitor a process crash, virtual memory addresses, registers, etc ? In the link it said something about using IDA as debugger, possible ? BR

Hi, If the Qcom loader still running in RAM - yes, you can fix. If removed from USB, watchdog restarted it, battery drained, etc - no way for now to fix. Regards