DEV ONLY - NAND access + Full Unlock for Lumia 710 & 800
- Thread starter biktor_gj
- Start date
By the way the device-dependent stuff is repeated again just before the certificate (thanks chessdragon136):
---------- Post added at 03:09 PM ---------- Previous post was at 02:40 PM ----------
Sweet! I got the .esco repack working now.
And I changed both device-dependant areas. Still rejected the bootloader though
Flash File: RM801_12w07_prod_generic_nokia_osbl.esco
Sending certificate...Done.
Sending file...Failed.
try with changing just the first
if we are lucky nokia may have failed hard and use one for the sigcheck and one that actually does the work.I expect only a portion of the data is signed
Here is an upload zip containing three .esco's:
* Original Lumia 710 Qualcomm Bootloader (+cert)
* As above with top half of cert modified (device dependant area 1)
* As above with entire cert modified (device dependant area 1 + 2)
All of them fail on Lumia 800.
http://www.mediafire.com/?7q44c0231uaa9cp
* Original Lumia 710 Qualcomm Bootloader (+cert)
* As above with top half of cert modified (device dependant area 1)
* As above with entire cert modified (device dependant area 1 + 2)
All of them fail on Lumia 800.
http://www.mediafire.com/?7q44c0231uaa9cp
Can you also upload just a repacked unchanged version of the .esco, so someone with a 710 can check if that works. Then we can exclude whether the packing (also) causes a problem or not..
Last edited:
It's a long shot, but I'm guessing you tried flashing them with the Nokia Support Tool as well as NSSPro??
Also, on a separate note - has anyone tried flashing to a firmware (11414) with an older version of the Diagnostics app which allows you to change the USB mode from "Zune" to "Serial"?? Perhaps then you could get it recognised by the QPST tool (linked earlier) and possibly flash and/or extract files that way?
Really exciting reading this thread
So, as we see, my files can really unlock Nokia dload and make it Qualcomm. I'm really glad with it. Now it's important to find the way to unlock Lumia 800s.
Good luck, guys. Thank you for interup-unlock)
Good luck, guys. Thank you for interup-unlock)
The question really is... Can QPST put the phone in Download Mode? From within QPST you can jump from one mode to another, maybe even execute something directly on the RAM (and if you can do that, forget about certificates and stuff since you only inject our unlocked bootloader to ram and execute it from there, then reflash the 2nd partition and reboot, then, unlocked bootloader on flash).
Qualcomm's Diagnostics interfaces ARE available on EVERY phone, locked and unlocked. The only thing that's preventing me from tampering around is I can't seem to find any suitable drivers for the MSM7630 surf based board.
As soon as you put the phone USB mode in Serial (Diagnostics App), four devices appear, and all of them are Qualcomm's serial ports, and the four of them can link to QPST, but need drivers!
If you force usbserial in linux you can talk with AT commands to the AMSS on the phone. I think you can even tether your internet connection with it. But can't find drivers to link it to QPST in Windows...
eMMC download mode works for unlocked bootloaders, btw...
Qualcomm's Diagnostics interfaces ARE available on EVERY phone, locked and unlocked. The only thing that's preventing me from tampering around is I can't seem to find any suitable drivers for the MSM7630 surf based board.
As soon as you put the phone USB mode in Serial (Diagnostics App), four devices appear, and all of them are Qualcomm's serial ports, and the four of them can link to QPST, but need drivers!
If you force usbserial in linux you can talk with AT commands to the AMSS on the phone. I think you can even tether your internet connection with it. But can't find drivers to link it to QPST in Windows...
eMMC download mode works for unlocked bootloaders, btw...
lol that is also the same for samsung ( the flashing app is looking for serts )
they hacked the flash tool and then we could load engineering roms
it is good possible by just hacking the flashtool will make it able to flash wrong signed files ( wrong because phone normally always look for a cert but in this case just a normal one from or nokia or Qcom)
@xsacha, how exactly can you check if a firmware has the Qualcomm or NOKIA DLOAD bootloader? I've got a hunch and trying some stuff out, but without flashing the firmware how is it possible? I saw somewhere your using a hex editor but on what file exactly in the RM-803 posted in the other thread (in particular)? Cheers!
Last edited:
I'm pretty sure you can find out by looking at the size of the osbl file. I may be wrong, but I think the Nokia DLOAD osbl file is approximately ~932KB...
Open the .esco file on a Hex editor and look for "Nokia DLOAD" (or "Qualcomm CDMA Technologies MSM")
Yup got it.. You firstly need to unpack the .esco and look at the .mbn file inside.. we're looking at the NOKIA DLOAD .esco file to be 932kb and 933 kb, whereas the Qualcomm one is 835kb.. I went through each and every firmware available on NaviFirm for the Lumia 710 and 800 and I can confirm NONE have the qualcomm bootloader (anymore) (maybe Nokia addressed the issue).
Even the one posted by xorizont has the NOKIA DLOAD bootloader on Navifirm.. If you guys have any OLD firmware files you downloaded.. could you please host them somewhere so I can take a look?
Maybe downgrading to one of those (if they have the Qualcomm bootloader) might do the trick!
Even the one posted by xorizont has the NOKIA DLOAD bootloader on Navifirm.. If you guys have any OLD firmware files you downloaded.. could you please host them somewhere so I can take a look?
Maybe downgrading to one of those (if they have the Qualcomm bootloader) might do the trick!
I have a ton of old firmwares from months ago back when I was testing them for battery performance issues... All of them have the 932KB osbl esco file
I tried to open with HEX Editor 2 esco files extracted from 2 updates downloaded with navifirm...
First image is relative to release 11465 : first occurrence of DLOAD is at address 590D0.
Second image is relative to latest release (12070) : first occurrence of DLOAD is at address 5DF0 ("Secure DLOAD started")
First image is relative to release 11465 : first occurrence of DLOAD is at address 590D0.
Second image is relative to latest release (12070) : first occurrence of DLOAD is at address 5DF0 ("Secure DLOAD started")
Attachments
I'm a noob in all this, but is there no way to port the 710 bootloader to the 800? We know what parts are different. Wouldn't it work to sort-of copy paste the unknown parts in the 710 bootloader? I really don't know, the idea sounds too simple to be true, but maybe you can try it out?
I have a ton of old firmwares from months ago back when I was testing them for battery performance issues... All of them have the 932KB osbl esco file
Could you please list which ones you have checked? So we can tick them off the list.. There must be one that they forgot the Qualcomm bootloader in, as with the Lumia 710!
Cheers!
---------- Post added at 08:09 PM ---------- Previous post was at 08:06 PM ----------
xscacha has been trying to do that, he posted a few firmwares in previous post but to no success.. Feel free to grab the .esco file from: http://narod.ru/disk/45935058001.2aaca38c9acf622332f4a81b5bf0e331/RM-803.rar.html
credit xorizont
---------- Post added at 08:11 PM ---------- Previous post was at 08:09 PM ----------
I can confirm Nokia is onto this, and fixed any firmware on NaviFirm with the Qualcomm bootloader! So any stored versions you have on your PCs could prove useful!
NaviFirm doesn't get every file from Nokia Care Suite. I've been also digging into this. Put NCS in online mode, you'll find 11414 firmwares in there. Still haven't found anything witch qcsbl yet, but still looking. The more people we look into it, the more probable we'll find something!
Regards,
Regards,
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
81UPDATE: First custom rom with Interop Unlock flashed succesfully. Requires hard reset after installing and an unlocked bootloader. See post for proof:
http://xdaforums.com/showpost.php?p=24818275&postcount=242
BIG THANK YOU TO ULTRASHOT!
Without you I couldn't have done it!
NOTICE: Testing full unlock (XIP unlock etc) with ultrashot. Will post new files as soon as I get a working build which doesn't get stucked on boot
Disclaimer:
I AM NOT RESPONSIBLE IF YOU LOOSE DATA, BREAK YOUR PHONE, OR SET YOUR HOUSE ON FIRE. DO THIS AT YOUR OWN RISK. BTW, REQUIRES A HARD RESET SO YOU WILL LOOSE ALL THE DATA IN YOUR PHONE BY FLASHING THIS. IF UNSURE, DON'T DO IT.
PLEASE STOP PM'ING ME FOR HELP, I CAN'T REPLY 20 PMS/HR. Please use the forum, maybe someone can create a discussion topic to help others and leave this for links and development. Thank you very much!
PLEASE STOP SENDING ME PMS ASKING FOR HELP AND USE THE DEDICATED THREAD
THIS THREAD IS FOR DEVELOPMENT ONLY, PLEASE RESPECT THAT AND USE THE Q&A THREAD FOR YOUR QUESTIONS.
LINKS:
Lumia 800: Full Unlock
New firmware: May 16, 2012 (removed foursquare and stuff)
sdb3.rar: Flash it to PARTITION #3. It contains 12070's amss & adsp. Not absolutely required but if you have an older version this should give you better battery life.
http://www.mediafire.com/?kwjladlgvq81rha
OS-NEW:
As always, flash it to PARTITION #9.
Part1: http://www.mediafire.com/?21by2oj7acnhkhw
Part2: http://www.mediafire.com/?wkeduvp9l4199qh
Part3: http://www.mediafire.com/?cnbkms40dy4y06z
Part4: http://www.mediafire.com/?rabunpmnaqclq3o
Complete Mediafire folder access: http://www.mediafire.com/?uo2dqcl34b9cy
___________________
Alternate ROM with Full Unlock + Some apps:
Part1: http://www.mediafire.com/?8gnqm418v32im3e
Part2: http://www.mediafire.com/?bgtg2t5infrnua1
Part3: http://www.mediafire.com/?l0sl5hbr0v9gfi1
Part4: http://www.mediafire.com/?emt2dfswdhn0z0w
Apps preinstalled:
DS Supertool
File Deployer
Metro Theme
WebServer
WinTT
WM Device Center
WP7 Root Tool
___________________
Lumia 710: Interop Unlock (no full unlock yet)
ROM Based on: RM803_059N2L6_1600.3015.8107.12070_010
Mediafire folder access: http://www.mediafire.com/?9z6og65ozgrnr
http://www.mediafire.com/download.php?d3bj3dkfbffbakn
http://www.mediafire.com/download.php?l35zjaebdrsm315
http://www.mediafire.com/download.php?ys5bapu8ubezybo
http://www.mediafire.com/download.php?tnadd4uuoxhatv3
CAUTION: I don't have a 710, so these images AREN'T TESTED. Use at your own risk. Be careful, people are reporting problems with this rom.
Full Unlock Image for Lumia 710 by lucifer3006 -BE CAREFUL, IT HAS BUGS, FOR TESTING PURPOSES ONLY- (thanks ultrashot & lucifer3006): http://www.mediafire.com/?p3318y5l19abb
You have a mirror of all the stuff on mediafire on xdafil.es: http://xdafil.es
Thank you mousey_!
PLEASE DO A FULL BACKUP OF THE NAND BEFORE PLAYING AROUND.
If you are developing fixes for the bootloader 'problem', feel free to grab a copy of the rest of partitions and stuff I posted over this thread here: http://www.mediafire.com/?kknt4lnc3tn7w
INSTRUCTIONS:
Requires an unlocked bootloader (a.k.a. qualcomm development bootloader).
Easy to check: Turn the phone OFF, then press and hold VOLUME UP + POWER until you notice a short vibration. Plug in to the computer. If the phone turns up in disk mode (USB Mass Storage Device), then you have an unlocked bootloader. IF you're in Windows, it will ask if you want to format the disk. SAY NO OR IT WILL EXPLODE (it won't explode but you might break it)
If the device detected by the computer is Nokia DLOAD you have a locked bootloader and you're out of luck, at least for now.
I used 'dd' in Linux, I guess you can do it with Windows version too (http://www.chrysocome.net/dd) but it's more involved to find the appropiate partition:
dd if=./os-new.nb of=/dev/sdX9
Where X is the disk detected by your linux distribution.
After that, you'll need to hard reset the phone. Hold Power button for 10 seconds to exit Qualcomm's disk mode, and press and hold POWER+VOLUMEDOWN+CAMERA until you feel the phone vibrate. After that, RELEASE power button but KEEP HOLDING volume down + camera for five or more seconds. This will trigger the hard reset.
Now time to play with bootloaders and try to get this to work for everyone!
If you like my work and want to donate for a beer (or two), follow this link22
Well, you can always make a backup and then restore via zune. The thing is the dumped OS is about 600Mb, the generated image is 378Mb. I don't know how it will reside on the flash, you could always check where the flash starts to get filled with zeros and clean it up before the first boot... If they had done it right and separated user data from the main OS we wouldn't have this problem...
INTEROP UNLOCK ACHIEVED!
Now time for a nice beeer
I'll put mediafire to work and upload the image I just did. Everyone who has an unlocked bootloader: after you flash this to the phone, DO A HARD RESET, otherwise it will get stucked on 'Installing Applications'12Hey everyone,
I was hoping to be able to crack Nokia's osbl, but time already run out and wasn't able to get it. So sorry, guys, but I had to return both Lumias. It's been a fun month, and at least I helped getting custom roms for at least some of you.
I'll be uploading here all the files I have on my computer so anyone can mirror them or use them for whatever you might need. If I can help you with something else (development related please) feel free to drop me a PM.
Once again big thank you to Ultrashot, Beidl, Xsacha, cdbase, ceesheim, HeathCliff & everyone that helped out with this. Now back to my (almost) forgotten Galaxy S2 & to try Boot 2 Gecko and see what progress has been done since the last time I checked8Btw, here is my DppImplant app.
Implants DPP partition with your stock Live Id to a custom rom.
Usage:
1) Put backup of the biggest partition to the folder with DppImplant.exe and call it "stock.nb"
2) Put "os-new.nb" there - target firmware in which you want to see your old Live Id.
3) Open DppImplant.exe. It will extract DPP from stock.nb and create mydpp.bin file. (After that you won't really need to have stock.nb in that folder).
"os-new.nb" will be patched.
4) Done.
P.S. if you open DPP using Notepad or any hex editor, you'll see saved Live Id.6Ok L710 fully unlocked
Those 2 parts are wrong. I used to narod.ru
---------- Post added at 07:29 PM ---------- Previous post was at 06:40 PM ----------
http://www.youtube.com/watch?v=-rQbFp7yasc
CAN WE KEEP THIS FOR DEVELOPMENT ONLY PLEEEEEEEEEEEEEASSSEEEEE?
Gift from our friends at Qualcomm:
Full AMSS firmware + Secboot Sources (Qualcomm loader)! Grab it while it's hot!
http://www.mediafire.com/?ir2h15f663ja6wc
New posts
-
How To Guide [GUIDE] [Magisk] [Unlock / ROOT / Keep Root] OOS 14.0.0.202- Latest: mustangtim49
-
-
Themes / Apps / Mods [GCAM] SGCAM With Baran V1.5 Stable Config- Latest: Baran Aspect #Tapas