General EDL Flash Tool Leak

Search This thread

dladz

Senior Member
Aug 24, 2010
14,985
5,340
Liverpool
Huawei Watch 2
OnePlus 10 Pro
Hey, I have a bricked OnePlus 10 Pro that I'm willing to try absolutely anything with. I don't use XDA much anymore ( someone tagged me ) so if you would like me to try something I'd appreciate if you tag me in a Twitter post with @_AndroidAsh ( I think my DM's are locked ) and we can communicate from there. To give you an idea of time zone I am in the UK where it is exactly 11pm on Tuesday 27th.

Thanks 🤝
@hackslash didn't you say you needed a test subject?
 

ues_t

Senior Member
Jul 16, 2022
96
34
Exactly.
The goal right now is to dump the entire network traffic and all USB packets. All that requires is a valid MSM account. There really is no need for a device, and the chances of brick are non existent, since it's a EDL Flash.

That dump requires a one time effort by someone to allow me or someone else to setup the necessary tools and perform the flash and dump. The sad part is that the entire process requires a valid MSM Account. The last one we got eventually expired and no one stood up to boot his device for EDL and do one complete EDL Flash. Unless we have a new MSM account, things won't change, at all, for the time being.
Maybe I can do a web scraping the next time I flash with the msm tool since I'll be upgrading my device to android 13 recently

But I can't do USB capture, my computer window10 has been shut down a lot of services by me, which makes some applications unavailable

Dumping some authorization tokens here. I need someone to use Fiddler's AutoResponder to test offline login and flashing. Please do not PM me with the password, if you have a bricked device, please try setting up Fiddler's AutoResponder to see if login works, and consequently flashing.

Request #1 User Login
Request
POST https://service-sg.myoppo.com/api/tools/login HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: MsmDownloadTool_v2.0.69_oneplus
Host: service-sg.myoppo.com
Content-Length: 853
Cache-Control: no-cache

app_id=TOOL&timestamp=1663686290&sign=3ba67700dd28f80f54fe341666c8a916&s_msg=VTYOEJTcFl0A7lBugQohN7hraQ69X2qfu4C1K4oCApYLcBMrC5w0HzQuHBAt%2FT7A
DY96zfMdbawA0JRFTNrYR1baZofuzfTX%2BkCmRqhOScNW6faPDPTQrmqlyUSbekLp
%2BcGuNyc4IJfn%2BlfyFIAtlglhda058cssD6bln6DyjBZwZxvBo9hCvTgughsX67IT
yYjXQ87rc%2Fua7mhsNs0bZi5UCx5il7CmF58gPOPOATKC6SV6Cwgl%2FpV1LMXV8E1%2F
P9BwdLFlQZinbdxLL3hsaGVlaOB%2B8n7P939bWcMZaSXZ4zdspxoT65j7t7oFtzte
SYsM7JqqawznCaYVzZGawaq9LHJOlkhi4eBCH632HhqA0DMIjj9Dvq8kRK%2Bg1ElM
2uIqq5Zl%2F9AQDxxlBLO%2B6l5SdyYjLaRgKQenCDfA9j9gJKb8TAlrenyc1vOQWf49
VHQCR4a2lizrvMgg%2BFM1dEPnAZQbRqK6zfY0sTjkQYxtu4%2FG4Ogn84eGX5Ttjb8k
IzjtGoVVyUEw2XeDyLyBfZIoNLB5w9n0mC0ZNrJtDlvsKnB1lwn4D783Q%2Bj%2BtK28
sYJW5g%2BtkWV%2Fzcz%2FBeOsx8zSmVWexlTDkDmCd6bC4LIZrOUqA8p6sZ0ylpWkVUTv
8PeTyYV7Zqsk1Ba3ZYnS3HpXh52d43pe49tNgl5gkUc%3D&s_msg_md_5=ff208e0ddfdb2e762c5f102f7fa8da95

Response
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 521
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
Date: Tue, 20 Sep 2022 15:04:51 GMT

{"Data":{"response":{"message":"0000","token":"db67f796-f52a-4e6a-9009-b5c862a11a0f","status":"0","countryname":"EG","usertype":"7","signData":"Y4/hX/0r6/eeIcIh8l4mZSEp0Q91t5ea3PS91BPc6DoRwY5wkIIVhDIMCE0bvtjf+eF2LvhpHGP6/YUmbxet7wpFXwU4O/816SJe6v/4PDGm5s6ea+uuGaJhuOR2l1cfwexuB8Avajk3LyWoz7K7rL3wsUEqvG5tPk+YR8yP+9Fpm1zJnVhxSBAZoPNVFXYNX1oh2wOPcTdK/DtDo9dKt0QCdbugC2nyT25S+Ax6e+FyqgHCWWIn6zqs29mU3R52wtdMdDk9LSkrpMsMakB/kDvyUOzqX66NrZYL48YOQtqj2q2tSwk6D+uWUw6jZPXgEKXsAAvklySi9KvJJMTyEA=="}},"ErrorCode":0,"Message":null}

Request #2 Second Stage Token Verification
Request
https://service-sg.myoppo.com/api/tools/cloud_validate HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: MsmDownloadTool_v2.0.69_oneplus
Host: service-sg.myoppo.com
Content-Length: 137
Cache-Control: no-cache

app_id=TOOL&timestamp=1663686291&sign=f74a758c15ae34fa098e4ec847ac3401&token=db67f796-f52a-4e6a-9009-b5c862a11a0f&random=aEkwJZYT6cd4COoL

Response
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 84
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
Date: Tue, 20 Sep 2022 15:04:53 GMT

{"Data":{"status":1,"message":"invalid","signData":""},"ErrorCode":0,"Message":null}
Can this crawl result be used to log in before?
 
Last edited by a moderator:

ues_t

Senior Member
Jul 16, 2022
96
34
If it can be used to log in, then I should provide it this way, because I don't want to spend a long time on setting up the device
 

evilhawk00

Senior Member
Feb 22, 2014
140
136
Taipei
play.google.com
OnePlus 8T
Any good news brother?
Done all the necessary setup part. Now the problem is the device owner hasn't managed to open the back glass. Have to wait until the test point exposes, don't know how long will it takes, maybe hours or even days. The device is hardbricked badly so it is only possible to enter EDL like that.

My original testing partner didn't show up as expected, but I already arranged my time for that so I changed my partner, but that's a terribly hardbricked device, so it can't boot or enter EDL by pressing buttons
 
Last edited:

badmaan

Senior Member
Jan 10, 2016
65
82
Istanbul
I have a bricked OnePlus 10 Pro which I can put into EDL mode via testpoints. PM me.
Screenshot_2022-09-27-01-30-39-519_com.miui.gallery.jpg
 

Attachments

  • Screenshot_2022-09-27-01-30-39-519_com.miui.gallery.jpg
    Screenshot_2022-09-27-01-30-39-519_com.miui.gallery.jpg
    1 MB · Views: 55

Dariukaslt93

Member
May 11, 2018
6
1
Hello. I've 9RT M2110 bricked and can get into EDl 9008 mode with volume and power buttons. But at the moment I'm at work and finish 22h UK time and around 22:30 would be at home.
 
  • Like
Reactions: metrixx02

Canuck Knarf

Senior Member
Dec 19, 2015
453
142
Google Pixel 6 Pro
OnePlus 10 Pro
Last edited:
  • Angry
Reactions: Savio Dantes

xuanhoang1811

Member
Sep 30, 2022
28
10
Why you taking back off ...no need to do that to get in edl mode...but I have done it that way and it was not needed to do.
This guy can help. You will see his Whatsapp phone number

Thanks for share his contact, that you haven't faced the situation that you cannot boot to edl with any buttons
 
  • Angry
Reactions: Savio Dantes

Canuck Knarf

Senior Member
Dec 19, 2015
453
142
Google Pixel 6 Pro
OnePlus 10 Pro
Thanks for share his contact, that you haven't faced the situation that you cannot boot to edl with any buttons
That's the thing every phone should be able to get to edl mode.
Hold all three buttons in have device manager open look and see what pops up under ports if you dont see 9008 pop up...That means you need to install Qualcomm USB drivers
 

Attachments

  • Qualcomm USB Driver V1.0.exe.zip
    20.1 MB · Views: 44

Top Liked Posts

  • There are no posts matching your filters.
  • 2
    Man honestly I don't have any truly awesome suggestions... Currently with the state of things , safety of your devices is priority 1. Because as you said, 1 misstep can take you from functional to disabled and needing repair! Then there is no "free" ... I'm happy you rescued your device.

    One thing is I heard about something called a "deep sleep cable" ... Another member brought his phone back from the dead, AND said through the cable and something called QuadComs... He unbricked his phone with no MSM tool. And his phone was DEAD ... UNRESPONSIVE.

    Obviously I need more data before I can make specific claims, but he is reliable so I tend to believe it was as good/easy as he made it sound!
    1
    would this tool work on xiaomi/redmi/poco phones?
    Yes... I believe.. as long as the device has a Qualcomm chipset, then yes, that's what EDL is built for.... If it's a MTK device, you would use SpFlash tool...
    1
    so
    Man honestly I don't have any truly awesome suggestions... Currently with the state of things , safety of your devices is priority 1. Because as you said, 1 misstep can take you from functional to disabled and needing repair! Then there is no "free" ... I'm happy you rescued your device.

    One thing is I heard about something called a "deep sleep cable" ... Another member brought his phone back from the dead, AND said through the cable and something called QuadComs... He unbricked his phone with no MSM tool. And his phone was DEAD ... UNRESPONSIVE.

    Obviously I need more data before I can make specific claims, but he is reliable so I tend to believe it was as good/easy as he made it sound!
    sounds promising hopefully its legit and would get out to the public
    btw whats your phone i found out that you're trying to root it?
    also you might be interested in patching firehose files that alone would solve everything
  • 16
    Hello all, i am here to leak OPPO tech tool that allows one plus 10 pro to be flashed. Sadly i cannot share login but if you are able to bypass login screen the tool does not need to authenticate with server to flash device in EDL mode. Attached is screen shot of login screen and file. The tool picks up device in EDL mode and allows user to select the OPF file associated for device (please note you must have this downloaded externally ideally from msm tool for your device)

    I wish you luck bypassing this login and fixing your phones.


    flash.png
    15
    But, doesn't OPPO actually approve of the selling of MSM accounts/flashes?

    Remember, OPPO tech said OPPO makes him buy credits from OPPO to use MSM. Unreleated but, I was thinking it was designed as a second revenue source. Since there devices)dub brands can be really cheap.
    Ok .. just putting this out there... I MAY have pulled together a script that will automate the whole flash process .. including the auth, and sign verifications... But I truly do not know if it is going to be device specific, or if I can fandangle a slightly wider base from the data. Now 1st. Don't start asking me to drop the code into public chat. I worked my butt off and bricked my own devices SEVERAL times in order to test/work out the kinks ... (Proxifier/Fiddler were not friendly and butted heads a lot, so alternate avenues were taken) but before I could compile the whole script and run in one sweep, the Oppo account I was using expired. (Temp accounts ARE device specific). If you want ANY further development on this, I NEED someone to DM me, an active Oppo acct. I don't care if you want to change the password , 24hrs after you give me the info .. that's completely fine. If everything works properly, 24 hrs is about 23 hrs too much! But I need an ACTIVE , WORKING account that I can login to the msmtool, or the miflash server with, (preferred MSM so I don't gotta rewrite anything). And if I can perform a successful EDL unbrick without any errors, then I can strip parts of the Online MSM tool.exe , and with luck, force the Frankenstein'd version I pieced together, to package back up into a simple "Click, Select, Start, Wait, Celebrate" , exe file. With everything that you need, all put into portable container mode, and require no installation. (Or at bare minimum you can run it all inside a windows sandbox, cuz that's what I've been doing, so there's 0 chance of any persistent tracker left behind after each flash, and at the same time you can feel safe running it, cuz in a sandbox it cant harm you !).

    So again... If anyone still cares, and has any resources to obtain a login/pw that works, DM me , and WAIT FOR ME TO REPLY before you send the login, so you know exactly WHEN I got it, and you can change whatever .... Let's say .... 6-12 hrs after you grant me access!

    Otherwise it seems like this topic has died and no one cares anymore... Which rly don't bother me, cuz after this bunch of Diseased Unicorn Poo 💩 that Oppo/OnePlus pulled with literally going from "Developer Friendly" to "We'll eat your soul before we allow consumer modifications !" 👹 I am officially done with this company, and I truly hope a good 20% of their customer base feels the same, because the only way they will reverse their ignorant position , rivaling Apple IOS level lunacy, is if their yearly bonus checks are a few zeros short, and sales drop. (Shouldn't be a problem because T-Mobile just loosened the reigns and allowed Verizon to begin pre ordering the 10R for next year... So NA will at least have 2 major carriers .... But I don't think it will help sales ... Verizon is the Hitler Regime of Bootloader and device unlocking... They might go as far as to request an official Red/Black design with little bands around the top! Lol.

    Anyways ... Login/pw ... Oppo account... DM....

    Let's see if I can rain on the MSMTool Mafia's day just a lil bit. This tool should be provided FREE ... We're at over 1 year since released, and NO PUBLIC MASS CONSUMER UNBRICK , yet they throw the FW around on the main website, with official tags and signatures .... And even then .. one wrong action, and youre doin the "1-Ploo-Salloop!" (Infinite boot loop!) ... So if you can brick, using the files THEY provide, without knowing your current device setup!, They need to provide a method out! (And yes this can happen, because if you had previously done ANY modifications, such as rooting, forgetting to unhide magisk app, disable modules, or making any alterations to your initrc file , or had successfully swapped regions, then tried to flash the STOCK rollback, in order to bring your device back to factory spec, YOU WILL BOOTLOOP!)

    ((I have further details regarding what is one factor causing this to happen... It's the Baseband/Modem/Build.prop versioning that is putting your device out of spec. Each different Rollback/Upgrade package specifies an EXACT build # and patch date that each region has a slightly different variation of, and while you THINK you're fooling your device, You are ABSOLUTELY NOT! Part of the downloaded FW verification that happens before your phone reboots to complete the changes, is a quick matchup of some key files which your phone FAILS to notify you, when they do not match the requested info... And therefore those files are NOT replaced by your phone during the update/rollback.... So for anyone who knows Android.... This is a very big NO NO... you cannot update parts of a boot script... Parts of the system ... Parts of the recovery partition, but not also make the Android security patch, Kernel, modem, and other pertinent variables match their new counterparts. WHY? Can you use Android 13's Kernel, to run Android 12's security requirements, load 12's lower boot.img, but keep 13's modem, and flip a coin as to which recovery part will stay, then smash that all together under a security patch that is lower than your device was on! This is exactly what creates the "unresponsive device" brick. Cuz NOTHING is the right version necessary for secure boot and trust zone to approve/verify each other. Aka BRICK.

    Ok rant over....

    login/pw active Oppo acct.. DM..

    Ty
    15
    This tool seems to be intended for use with mediatek devices.
    I wouldn't bet on it working with this phone, but here's how to bypass the login screen anyway.

    Open DownloadTool.exe with a hex editor
    Find '74 4b 8d 45 d4'
    Replace '74 4b' with '90 90'
    Save, launch, enter any username/password/code and click login.
    If you go to 'Software Package Management', you can specify a folder where your .ofp is located.
    8
    hello, i've just get an msm account from guest. Did your phone fix and can i test it ?
    yoo guys shout out to this man for helping me unbricking me my phone. 5 months no reply for oneplus, he just solved it in one night only! thanks alot bro. 💯 @xuanhoang1811
    7
    I have a bricked OnePlus 10 Pro which I can put into EDL mode via testpoints. PM me.
    Screenshot_2022-09-27-01-30-39-519_com.miui.gallery.jpg