FORUMS
Remove All Ads from XDA

[R&D] Unlock Bootloaders

5,224 posts
Thanks Meter: 9,893
 
By AdamOutler, Retired Senior Recognized Developer on 13th July 2012, 04:50 AM
Thread Closed Email Thread
11th August 2012, 02:49 AM |#251  
LLStarks's Avatar
Senior Member
Thanks Meter: 540
 
More
Adam, might I recommend making an Odin-friendly file?

Quote:

md5sum -t package_name.tar >> package_name.tar
mv package_name.tar package_name.tar.md5

http://forum.xda-developers.com/show....php?t=1777579
The Following User Says Thank You to LLStarks For This Useful Post: [ View ] Gift LLStarks Ad-Free
11th August 2012, 02:53 AM |#252  
E:V:A's Avatar
Inactive Recognized Developer
Flag -∇ϕ
Thanks Meter: 2,219
 
More
Quote:
Originally Posted by AdamOutler

This may end up with me bricking my device, but I feel like it is worth it to prove or disprove the fact that these files work.

Not a good idea! Why would you wanna risk bricking it? (Which I say is about 90% chance of doing with the little knowledge we have.) Then rather send the thing to me... No, actually we need you to work on this, since you are the driving force and knowledge hub for many of these projects!

I know there's a bounty thread about this out there, but I'm not very happy about that. It simply means that people get greedy about their knowledge and start keeping relevant work for themselves. Let's not go there!
11th August 2012, 02:57 AM |#253  
papi92's Avatar
Senior Member
Thanks Meter: 1,567
 
Donate to Me
More
Files should work if made for Verizon SIII. May soft brick but shouldn't hard brick.

Sent from my SCH-I535 using Tapatalk 2
11th August 2012, 03:09 AM |#254  
incubus26jc's Avatar
Inactive Recognized Developer
Flag Illinois
Thanks Meter: 3,577
 
Donate to Me
More
Quote:
Originally Posted by AdamOutler

Well, I have some supposedly unsecure scandalous sextape files.. I attempted to pack and flash via Odin Tar file. They failed secure checks via Odin, but I believe that means nothing to the actual device itself. I'm going to manually flash these files.

This may end up with me bricking my device, but I feel like it is worth it to prove or disprove the fact that these files work. So, I wanted to post this and then begin preparations. If anyone has any reason I should not flash these files, let me know. I will be out of commission if this fails.

If you brick, we will probably have a new device paid for you in a matter of mins.
The Following 20 Users Say Thank You to incubus26jc For This Useful Post: [ View ] Gift incubus26jc Ad-Free
sextape
11th August 2012, 03:11 AM |#255  
Guest
Thanks Meter: 0
 
More
Quote:
Originally Posted by incubus26jc

If you brick, we will have a new device paid for you in a matter of mins.

That's what I like to hear

Sent from my SPH-D700 using Tapatalk 2
The Following User Says Thank You to For This Useful Post: [ View ] Gift Ad-Free
11th August 2012, 03:11 AM |#256  
Senior Member
Flag San Diego, CA
Thanks Meter: 362
 
More
Quote:
Originally Posted by incubus26jc

If you brick, we will have a new device paid for you in a matter of mins.

Please delete this post....

But with what seems like a very high chance for a hard brick, it seems somewhat foolish to flash this with the recent progress that has been made.....but then again, if it works, it will be AMAZING.
The Following User Says Thank You to skaforey For This Useful Post: [ View ] Gift skaforey Ad-Free
11th August 2012, 03:12 AM |#257  
Quote:
Originally Posted by E:V:A

Somehow I cannot just ignore and stop thinking about this post:

"How to enable/disable the secure boot authentication feature on MSM8660 by using the JTAG"

The reason is that the MSM8660 is essentially the same as our MSM8960 apart some little quirks...(to be determined.)
Here is an edited summary:

NOTE:
a) This solution does not apply to all MSM8660 versions
b) This solution does not apply to the RPM JTAG disable cases
c) This solution only uses for debug purpose.

For some reasons, if you need to to run unsigned software on a secure boot
enabled (the AUTH_EN bit in SECURE_BOOT1 register is blown) MSM8660 chip, the
following instruction is able to disable the secure boot authentication by using
RPM-JTAG.

1. Launch the Daisy Chain RPM-JTAG shortcut (i.e modem_proc\tools\t32\DC7_ARM7_RPM).
2. Execute the cmm script which contain the following command:

Code:
system.option resbreak on
system.up
g 0x7ce8 /o /cmd "r.s r0 0x0" ; 0x0 for disabling the secure boot authentication
wait 1ms
g
Of course, you can simply modify the cmm script (listed below) to enable the
secure boot authentication without blowing SECURE_BOOT1 register on MSM8660 chip
by using RPM-JTAG or short the GPIO_76 pin.
Code:
system.option resbreak on
system.up
g 0x7ce8 /o /cmd "r.s r0 0x1" ;    0x1 for enabling the secure boot authentication
wait 1ms
g 
What is this command doing exactly?
My guess is that 0x7ce8 is an address, but for what?

From what I understand, Josh has already tried this. I havn't been able to contact him recently though.

Quote:
Originally Posted by LLStarks

Adam, might I recommend making an Odin-friendly file?


http://forum.xda-developers.com/show....php?t=1777579

I tried. It didn't work because aboot.img was not accepted by Odin/Loke.


Quote:
Originally Posted by E:V:A

Not a good idea! Why would you wanna risk bricking it? (Which I say is about 90% chance of doing with the little knowledge we have.) Then rather send the thing to me... No, actually we need you to work on this, since you are the driving force and knowledge hub for many of these projects!

I know there's a bounty thread about this out there, but I'm not very happy about that. It simply means that people get greedy about their knowledge and start keeping relevant work for themselves. Let's not go there!

I have JTAG capabilities. Not that I want to use them, but I have them. It may be a while before I'm back up.



Quote:
Originally Posted by papi92

Files should work if made for Verizon SIII. May soft brick but shouldn't hard brick.

Sent from my SCH-I535 using Tapatalk 2

This is what I'm thinking.




So here's what I'm doing..

Code:
adb shell mkdir /sdcard/STUnsec
adb push aboot.mbn /sdcard/STUnsec/
adb push boot.img /sdcard/STUnsec/
adb push persist.img.ext4 /sdcard/STUnsec/
adb push rpm.mbn /sdcard/STUnsec/
adb push sbl1.mbn /sdcard/STUnsec/
adb push sbl2.mbn /sdcard/STUnsec/
adb push SBL3.mbn /sdcard/STUnsec/
adb push tz.mbn /sdcard/STUnsec/

adb shell su -c "dd bs=4096 if=/sdcard/STUnsec/sbl1.mbn of=/dev/block/mmcblk0p2"
adb shell su -c "dd bs=4096 if=/sdcard/STUnsec/sbl2.mbn of=/dev/block/mmcblk0p3"
adb shell su -c "dd bs=4096 if=/sdcard/STUnsec/sbl3.mbn of=/dev/block/mmcblk0p4"
//adb shell su -c "dd bs=4096 if=/sdcard/STUnsec/aboot.mbn of=/dev/block/mmcblk0p5"
adb shell su -c "dd bs=4096 if=/sdcard/STUnsec/rpm.mbn of=/dev/block/mmcblk0p6"
adb shell su -c "dd bs=4096 if=/sdcard/STUnsec/boot.img of=/dev/block/mmcblk0p7"
adb shell su -c "dd bs=4096 if=/sdcard/STUnsec/tz.mbn of=/dev/block/mmcblk0p8"
adb shell su -c "dd bs=4096 if=/sdcard/STUnsec/persist.img.ext4 of=/dev/block/mmcblk0p16"
The Following 7 Users Say Thank You to AdamOutler For This Useful Post: [ View ] Gift AdamOutler Ad-Free
11th August 2012, 03:14 AM |#258  
Quote:
Originally Posted by AdamOutler

So here's what I'm doing..

Code:
adb shell mkdir /sdcard/STUnsec
adb push aboot.mbn /sdcard/STUnsec/
adb push boot.img /sdcard/STUnsec/
adb push persist.img.ext4 /sdcard/STUnsec/
adb push rpm.mbn /sdcard/STUnsec/
adb push sbl1.mbn /sdcard/STUnsec/
adb push sbl2.mbn /sdcard/STUnsec/
adb push SBL3.mbn /sdcard/STUnsec/
adb push tz.mbn /sdcard/STUnsec/

adb shell su -c "dd bs=4096 if=/sdcard/STUNSEC/sbl1.mbn of=/dev/block/mmcblk0p2"
adb shell su -c "dd bs=4096 if=/sdcard/STUNSEC/sbl2.mbn of=/dev/block/mmcblk0p3"
adb shell su -c "dd bs=4096 if=/sdcard/STUNSEC/sbl3.mbn of=/dev/block/mmcblk0p4"
//adb shell su -c "dd bs=4096 if=/sdcard/STUNSEC/aboot.mbn of=/dev/block/mmcblk0p5"
adb shell su -c "dd bs=4096 if=/sdcard/STUNSEC/rpm.mbn of=/dev/block/mmcblk0p6"
adb shell su -c "dd bs=4096 if=/sdcard/STUNSEC/boot.img of=/dev/block/mmcblk0p7"
adb shell su -c "dd bs=4096 if=/sdcard/STUNSEC/tz.mbn of=/dev/block/mmcblk0p8"
adb shell su -c "dd bs=4096 if=/sdcard/STUNSEC/persist.img.ext4 of=/dev/block/mmcblk0p16"


not to be a downer, but this wont work
at best you might be able to get some info from where it hangs on boot
but it will brick
jtag will be your only option

just because the L300 has the same chipset, doesnt mean its bootchain will work

if that was the case, the sprint sgs3's bootchain would have worked, especially since it has more in common

save yourself the time of jtag'ing

(my two cents)
The Following 3 Users Say Thank You to invisiblek For This Useful Post: [ View ]
sextape
11th August 2012, 03:18 AM |#259  
Guest
Thanks Meter: 0
 
More
Quote:
Originally Posted by AdamOutler

From what I understand, Josh has already tried this. I havn't been able to contact him recently though.


I tried. It didn't work because aboot.img was not accepted by Odin/Loke.




I have JTAG capabilities. Not that I want to use them, but I have them. It may be a while before I'm back up.




This is what I'm thinking.




So here's what I'm doing..

Code:
adb shell mkdir /sdcard/STUnsec
adb push aboot.mbn /sdcard/STUnsec/
adb push boot.img /sdcard/STUnsec/
adb push persist.img.ext4 /sdcard/STUnsec/
adb push rpm.mbn /sdcard/STUnsec/
adb push sbl1.mbn /sdcard/STUnsec/
adb push sbl2.mbn /sdcard/STUnsec/
adb push SBL3.mbn /sdcard/STUnsec/
adb push tz.mbn /sdcard/STUnsec/

adb shell su -c "dd bs=4096 if=/sdcard/STUNSEC/sbl1.mbn of=/dev/block/mmcblk0p2"
adb shell su -c "dd bs=4096 if=/sdcard/STUNSEC/sbl2.mbn of=/dev/block/mmcblk0p3"
adb shell su -c "dd bs=4096 if=/sdcard/STUNSEC/sbl3.mbn of=/dev/block/mmcblk0p4"
//adb shell su -c "dd bs=4096 if=/sdcard/STUNSEC/aboot.mbn of=/dev/block/mmcblk0p5"
adb shell su -c "dd bs=4096 if=/sdcard/STUNSEC/rpm.mbn of=/dev/block/mmcblk0p6"
adb shell su -c "dd bs=4096 if=/sdcard/STUNSEC/boot.img of=/dev/block/mmcblk0p7"
adb shell su -c "dd bs=4096 if=/sdcard/STUNSEC/tz.mbn of=/dev/block/mmcblk0p8"
adb shell su -c "dd bs=4096 if=/sdcard/STUNSEC/persist.img.ext4 of=/dev/block/mmcblk0p16"

Adam just remember the aboot is different but if you know how to flash a boot headers you can get your device into download mode and reflash the stock tar

Sent from my SPH-D700 using Tapatalk 2

---------- Post added at 06:18 PM ---------- Previous post was at 06:16 PM ----------

Quote:
Originally Posted by invisiblek

not to be a downer, but this wont work
at best you might be able to get some info from where it hangs on boot
but it will brick
jtag will be your only option

just because the L300 has the same chipset, doesnt mean its bootchain will work

if that was the case, the sprint sgs3's bootchain would have worked, especially since it has more in common

save yourself the time of jtag'ing

(my two cents)

Big difference is this file is unsecured im still working on a dev or unsecured i535 file

Sent from my SPH-D700 using Tapatalk 2
The Following 6 Users Say Thank You to For This Useful Post: [ View ] Gift Ad-Free
11th August 2012, 03:20 AM |#260  
LLStarks's Avatar
Senior Member
Thanks Meter: 540
 
More
I don't see how flashing an L300 bootchain will work when the L710 chain didn't.
The Following User Says Thank You to LLStarks For This Useful Post: [ View ] Gift LLStarks Ad-Free
11th August 2012, 03:20 AM |#261  
I ended up with a brick. I didn't flash aboot.img. I flashed everything but. When I rebooted, it never turned back on.

I see this USB device when connected to the computer.
Code:
Bus 001 Device 037: ID 05c6:9008 Qualcomm, Inc. Gobi Wireless Modem (QDL mode)
The Following 16 Users Say Thank You to AdamOutler For This Useful Post: [ View ] Gift AdamOutler Ad-Free
Thread Closed Subscribe to Thread

Tags
d2vzw, locked bootloader
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes