FORUMS
Remove All Ads from XDA

DEV ONLY - NAND access + Full Unlock for Lumia 710 & 800

1,408 posts
Thanks Meter: 7,057
 
By biktor_gj, Senior Member on 7th April 2012, 09:40 PM
Post Reply Email Thread
28th January 2013, 01:30 AM |#1171  
Senior Member
Flag Budapest
Thanks Meter: 166
 
More
Yes, that's exactly what I recommended. (Internal card readers are usually PCI/PCIE-based, which present the card directly to the OS, rather than emulating a USB flash drive.)

If you use Linux, changing the bootloader may be even easier, as it will show up as a separate block device "/dev/mmcblkXboot1" (or maybe boot0 - you will need to check it yourself). By default, this device will not be writable, to guard against accidental overwrites - read the documentation for enabling writes to the boot partitions.
The Following 2 Users Say Thank You to .NetRolller 3D For This Useful Post: [ View ] Gift .NetRolller 3D Ad-Free
 
 
5th February 2013, 10:44 AM |#1172  
Bph&co's Avatar
Senior Member
Thanks Meter: 100
 
More
Hi,

I am still yet to see somebody implement off power read/write of the eMMC chip. ATF manages with so many wires by the fact that the chip
is still wired to the CPU and all control signals are handled correct. If you watch the protocol on screen you will see that ATF FGPA asserts
low's and high's(high levels slightly higher than phone's 1s and lows via bridging few gates in parallel to assert low impedance on the bus) during
the important boot mode check when the eMMC is in 1bit SDIO mode, immediately after restart.

To use external MMC reader and not powered phone PCB you will need bit more lines connected, maybe less with a small microcontroller
development board and using the HW SDIO interface(most chips have it these days) e. g. - STM32F4Discovery, but you still need to cook
custom boot sequence yourself.

The standard firmware in off the shelf reader would probably not manage to take control of the eMMC as i suspect it not communicate in 1 bit
SDIO mode, probably do in the beginning and then switches to wider interface.

BR
7th February 2013, 12:25 PM |#1173  
Senior Member
Flag Budapest
Thanks Meter: 166
 
More
Actually, the eMMC chip documentation shows that it fully supports 1-bit MMC (not SDIO, and not SPI) mode, and only switches to a higher bus width when explicitly requested to do so.

EDIT: Not very relevant, but open the Lumia 710 boot loader MBN in a hex editor, and go to address 0x1E490 for a good laugh. Or, if you have the Lumia 800 Qualcomm boot loader image, it's @ 0x1E52C.
8th February 2013, 08:38 AM |#1174  
Bph&co's Avatar
Senior Member
Thanks Meter: 100
 
More
Hi,

I guess 1-bit MMC = SDIO, sorry my bad. The phone for sure switches to wider bus after initial boot sequence, i haven't reversed this part, not sure
where it is, probably the bootrom. But during this initial chip inquiry is the golden opportunity to take control and off course hats off to X-Shadow for
the hack and implementation (!).

What version of the bootloader ? I have some old diss, i have ptr to a string at this location.

BR

Quote:
Originally Posted by .NetRolller 3D

Actually, the eMMC chip documentation shows that it fully supports 1-bit MMC (not SDIO, and not SPI) mode, and only switches to a higher bus width when explicitly requested to do so.

EDIT: Not very relevant, but open the Lumia 710 boot loader MBN in a hex editor, and go to address 0x1E490 for a good laugh. Or, if you have the Lumia 800 Qualcomm boot loader image, it's @ 0x1E52C.

8th February 2013, 04:27 PM |#1175  
Senior Member
Flag Budapest
Thanks Meter: 166
 
More
How about accessing the eMMC while the board is otherwise down? In that case, no worries about switching to a higher bit width.
24th March 2014, 06:47 PM |#1176  
Member
Thanks Meter: 13
 
More
Files removed, can you reupload ?
Post Reply Subscribe to Thread

Tags
android, bootloader, full unlock, interopunlock, nand

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes