General EDL Flash Tool Leak
- Thread starter OppoTech123
- Start date
This will need further analysis. I'll download the OP10 Pro files directly from the tool. Afaik, the files are hosted on Amazon S3 service. Let's see if those files are any different
9rt is not excluded from this nonsense. He is also an OPPO. I wouldn't be here if it had msm xd/.OnePlus 9 or 9Rt is excluded from this nonsense. Luck you .
Here's a 9r Msm tool. Password dmxv
TeraBox - Free Cloud Storage Up To 1 TB, Send Large Files Online
TeraBox offers 1 tb free cloud storage & online file transfer. Login or Download TeraBox app to get 1 tb storage and use it on your PC, Mac, iPhone & Android.
Though I'm not an expert on the firehose, I'm even more sure that the non-encrypted zip file is a non-encrypted MSM firmware package. (I think it is the base file used to create a .ofp)
I found these articles(All written in Mandarin, here's the link with Google Translate):
https://lixiaogang03-github-io.translate.goog/2020/10/20/刷机工具/?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=zh-TW&_x_tr_pto=wapp
https://www-twblogs-net.translate.g...-TW&_x_tr_tl=en&_x_tr_hl=zh-TW&_x_tr_pto=wapp
These articles introduce how to use the QPST flash tool(Which can be downloaded from https://createpoint.qti.qualcomm.com/to) to flash a "flat build".
Most of the files mentioned in the article can also be found in the 10T firmware package, such as:
Update: It turns out that my guess was wrong, the tool doesn't create a .ofp file. Eventually, I found a way to load the Non-encrypted 10T firmware package by hosting the package on the localhost Apache server and redirecting the traffic to localhost. So there's no need to really download the file again, it takes less than 1 minute to copy the file.
The tool simply unzips all the files in a single directory and creates some metadata points to the directory so the tool can recognize it. Then it triggers an integrity checking screen before flashing. (Importing a .ofp doesn't trigger an integrity checking screen) And no data was transferred during the unzip process.
The previous known failure was confirmed by the community when using a .ofp file. The result with the Non-encrypted zip firmware is still unknown, and I think it is still worth a try on 10T, 10Pro, or 9RT because the algorithm of the .ofp file is still unknown and this tool seems to only use Non-encrypted zip firmware. This tool is unified for OPPO devices and OnePlus devices, if there's a success it would be great news for all the devices on the device list.
And my journey with the tool has to stop here because I don't own a 10T, 10Pro, or 9RT.
Last edited:
Thanks , the thread not only 10rt or 9rt etc , we are the trappeds that oneplus or oppo decrypt them program file or loader of download , oem lock and based oneline server verfiy ofp file and only permit customer service fix our phone ,its nor free , and not premium how to it , form 8 series later .
If we can use edl flash our phone and not customer server of oneline , its beneficial for everyone . Now we should unitive for ours free recovery our phone by edl mode and nor oem authorized and await .
If we can use edl flash our phone and not customer server of oneline , its beneficial for everyone . Now we should unitive for ours free recovery our phone by edl mode and nor oem authorized and await .
zopostyle
Senior Member
Sounds like MSM is no go, it is what it is... Oppo did their job well....
I'll be honest though, of all the ROMs I've ever flashed on OnePlus devices.. which is a lot..
I've never once required any MSM tool to save my device, it's either been stock recovery, a new ROM, TWRP or if I've really really needed it if RMA'd the device..
Do we really need MSM? Would that work everyone has put in to get MSM working have been better spent getting TWRP functional? Testing is only booting as is actual use and it could offer a recovery avenue as well as a flashing method.
Not all phone have a method from my experience, a tonne of HTC device didn't and they were my favourite devices.
I'll be honest though, of all the ROMs I've ever flashed on OnePlus devices.. which is a lot..
I've never once required any MSM tool to save my device, it's either been stock recovery, a new ROM, TWRP or if I've really really needed it if RMA'd the device..
Do we really need MSM? Would that work everyone has put in to get MSM working have been better spent getting TWRP functional? Testing is only booting as is actual use and it could offer a recovery avenue as well as a flashing method.
Not all phone have a method from my experience, a tonne of HTC device didn't and they were my favourite devices.
Can't say it is no go currently, the result is still unknown. There are some OPPO backend APIs still working great until now with token setup, and another firmware format that is not encrypted .ofp was discovered(Non-encrypted MSM zip pack). The community only confirmed the failure with the hex edited binary when flashing .ofp firmware, but the following solution is still open for testing:
- Flashing the Non-encrypted MSM zip pack with the token obtained.
And the above option can be tested on 9RT, 10 pro, 10T, Nord series, or even other newest OPPO devices that use the latest Sahara protocol because the tool is unified for OPPO and OnePlus devices, all those devices on the list may have a chance. The result is still unknown. The only problem is that people who own those devices haven't stood out for trying other solutions. I only have 8T, I don't own those devices so I can not test them. @hackslash was finding people to try for 10 pro.
Point I was making is do we actually need it?? From past experience I don't think we do, I never have... Sending the device back for RMA isn't going to kill me or anyone else.
I've watched this and other threads since their inception and it appears every angle has been covered, time will tell I guess.
I'm sure there is someone out there with a bricked device if we're only waiting on someone to test.
I agree with this. I have only ever had to use MSM once when I absent mindedly locked the bootloader with a patched boot.img due to late night not thinking. Other than that, I have had no need. I remember the good ole days of the OG Moto Droid, flashing multiple broken ROMs in a single night just via stock recovery before there was ever TWRP. Never had a magic flashing tool like MSM. Maybe the difference is now the devices are more temperamental with their boot sequence, but as I have mentioned in other threads, I think the current OOS/COS flavors are great and so I don't have any desire to tinker around with custom ROMs. I do sympathize with the few that might want that, but I think that is going to be less and less of an option with the direction that Android is heading.
It's honestly just fun.
I really don't have any other reason for why I'm doing it xD
The zip files downloaded from the Flash Tool are unique. It doesn't sends a sign request to the server, unlike other OPF files which do require a sign request before flashing. Instead it sends a unique device model request which is failing for some reason. I'll share the endpoints soon, hopefully.
I didn't mean to sound defeatist there by the way..I love the way everyone rallied together, it shows great cohesion from the community... I'm just starting to think if it's possible that's all...
Still optimistic, just increasingly sceptical.
Still optimistic, just increasingly sceptical.
Last edited:
@OppoTech123 thanks a lot, but can you also publish tools for OnePlus 10T ?
kernel sources for that phone got released early, and lack of flash tool access for developers is the main thing holding back ROMs to get going faster than with most newly released OnePlus devices. Please man
It's not often that someone arrives on XDA that has the ability to give the finger to OnePlus/Oppo's anti development stance that it has employed for the last few years (against its roots of being known as dev friendly brand), to bring some hope.
kernel sources for that phone got released early, and lack of flash tool access for developers is the main thing holding back ROMs to get going faster than with most newly released OnePlus devices. Please man
It's not often that someone arrives on XDA that has the ability to give the finger to OnePlus/Oppo's anti development stance that it has employed for the last few years (against its roots of being known as dev friendly brand), to bring some hope.
There's no OnePlus reseller in my region, I received my device oversea, and I'm the one who can not send RMA
Sending back to CHINA requires paying high customs duty of 40% so maybe I would just buy a new phone. And this is the reason I still stick with OnePlus 8T, lol.
I don't know much about OPPO's RMA but I know that if you f*ked up your SAMSUNG and sent it to RMA and if they can't immediately fix it by a single flashing, they will treat it as man-made damage and refuse to fix it for free. I once f*ked up the partition of my SAMSUNG device but I wasn't able to know the default partition table of the device so I sent it back and the employee just asked me to replace the motherboard(300USD) and it is not free because it is man-made damage so I refused. A few months later, I fixed my device by finding a leaked .pit file with the Odin flash tool, lol.
Anyway, I was just messing with this tool for fun.
The tool is unified for all OnePlus devices and OPPO devices, it is the thing you want. If the community finds a way to use it, it can be used on Oneplus 10T for sure. OPPO uses the same tool for all their devices from now on.@OppoTech123 thanks a lot, but can you also publish tools for OnePlus 10T ?
kernel sources for that phone got released early, and lack of flash tool access for developers is the main thing holding back ROMs to get going faster than with most newly released OnePlus devices. Please man
It's not often that someone arrives on XDA that has the ability to give the finger to OnePlus/Oppo's anti development stance that it has employed for the last few years (against its roots of being known as dev friendly brand), to bring some hope.
4 days RMA here...I wouldn't buy a phone if it didn't offer it, also the reason I wouldn't buy an overseas device.
You shouldn't have to pay a penny.
You shouldn't have to pay a penny.
Considering some of the posts here about a lack of 10 Pro / 10T owners' cooperation.. what do you think the chances are if i sent you my 10T overseas?
I mean it looks like you're a decent reverse engineer and you said the road ends for you as you don't own a relevant device - if you really want to invest time and effort into hacking the leaked EDL tool further, feel free to PM me and we can arrange the sending of my device (at my risk for everything, including bricks). I am really like 'bleh' if i have to keep using ColorOS on it, its my worst nightmare, so i would go back to buying a second hand 9 Pro for running LineageOS in the meanwhile before 10T gets some ROMs facilitated by having tools available.
I'm constantly asking for devs to step in with getting development going, but if more than 'begging' i can make a meaningful contribution to the community in achieving this then ill go with it.
* Note: If you don't think that you are the right person to accept this challenge, i would be interested in hearing the best candidates next (only reputable users that are known for device development/contributions to community efforts to reverse or crack vendor tools)
Last edited:
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
2
NO... thats is not what the EDL mode is for. EDL is short for Emergency Download, and what it is used for recovering your device from a catastrophic failure such as a bootloop without the ability to enter the normal recovery or bootloader modes. It is designed to be a method for "Deep - Low level flashingg", or think of it as kind of an alternative method of jump-starting your car, when you dont have a spare battery or another car to use. EDL is only capable of that... It does not allow you to pick and choose the exact files you wish to load, and from what you're describing, it sounds like you simply need a way to load a patched boot.img. Look in one of the top posts of this forum, and you will find the links and steps to root the 10 Pro.2Man honestly I don't have any truly awesome suggestions... Currently with the state of things , safety of your devices is priority 1. Because as you said, 1 misstep can take you from functional to disabled and needing repair! Then there is no "free" ... I'm happy you rescued your device.
One thing is I heard about something called a "deep sleep cable" ... Another member brought his phone back from the dead, AND said through the cable and something called QuadComs... He unbricked his phone with no MSM tool. And his phone was DEAD ... UNRESPONSIVE.
Obviously I need more data before I can make specific claims, but he is reliable so I tend to believe it was as good/easy as he made it sound!1
Yes... I believe.. as long as the device has a Qualcomm chipset, then yes, that's what EDL is built for.... If it's a MTK device, you would use SpFlash tool...1so
sounds promising hopefully its legit and would get out to the public
btw whats your phone i found out that you're trying to root it?
also you might be interested in patching firehose files that alone would solve everything -
16Hello all, i am here to leak OPPO tech tool that allows one plus 10 pro to be flashed. Sadly i cannot share login but if you are able to bypass login screen the tool does not need to authenticate with server to flash device in EDL mode. Attached is screen shot of login screen and file. The tool picks up device in EDL mode and allows user to select the OPF file associated for device (please note you must have this downloaded externally ideally from msm tool for your device)
I wish you luck bypassing this login and fixing your phones.
15
Ok .. just putting this out there... I MAY have pulled together a script that will automate the whole flash process .. including the auth, and sign verifications... But I truly do not know if it is going to be device specific, or if I can fandangle a slightly wider base from the data. Now 1st. Don't start asking me to drop the code into public chat. I worked my butt off and bricked my own devices SEVERAL times in order to test/work out the kinks ... (Proxifier/Fiddler were not friendly and butted heads a lot, so alternate avenues were taken) but before I could compile the whole script and run in one sweep, the Oppo account I was using expired. (Temp accounts ARE device specific). If you want ANY further development on this, I NEED someone to DM me, an active Oppo acct. I don't care if you want to change the password , 24hrs after you give me the info .. that's completely fine. If everything works properly, 24 hrs is about 23 hrs too much! But I need an ACTIVE , WORKING account that I can login to the msmtool, or the miflash server with, (preferred MSM so I don't gotta rewrite anything). And if I can perform a successful EDL unbrick without any errors, then I can strip parts of the Online MSM tool.exe , and with luck, force the Frankenstein'd version I pieced together, to package back up into a simple "Click, Select, Start, Wait, Celebrate" , exe file. With everything that you need, all put into portable container mode, and require no installation. (Or at bare minimum you can run it all inside a windows sandbox, cuz that's what I've been doing, so there's 0 chance of any persistent tracker left behind after each flash, and at the same time you can feel safe running it, cuz in a sandbox it cant harm you !).
So again... If anyone still cares, and has any resources to obtain a login/pw that works, DM me , and WAIT FOR ME TO REPLY before you send the login, so you know exactly WHEN I got it, and you can change whatever .... Let's say .... 6-12 hrs after you grant me access!
Otherwise it seems like this topic has died and no one cares anymore... Which rly don't bother me, cuz after this bunch of Diseased Unicorn Poo
that Oppo/OnePlus pulled with literally going from "Developer Friendly" to "We'll eat your soul before we allow consumer modifications !" 
I am officially done with this company, and I truly hope a good 20% of their customer base feels the same, because the only way they will reverse their ignorant position , rivaling Apple IOS level lunacy, is if their yearly bonus checks are a few zeros short, and sales drop. (Shouldn't be a problem because T-Mobile just loosened the reigns and allowed Verizon to begin pre ordering the 10R for next year... So NA will at least have 2 major carriers .... But I don't think it will help sales ... Verizon is the Hitler Regime of Bootloader and device unlocking... They might go as far as to request an official Red/Black design with little bands around the top! Lol.
Anyways ... Login/pw ... Oppo account... DM....
Let's see if I can rain on the MSMTool Mafia's day just a lil bit. This tool should be provided FREE ... We're at over 1 year since released, and NO PUBLIC MASS CONSUMER UNBRICK , yet they throw the FW around on the main website, with official tags and signatures .... And even then .. one wrong action, and youre doin the "1-Ploo-Salloop!" (Infinite boot loop!) ... So if you can brick, using the files THEY provide, without knowing your current device setup!, They need to provide a method out! (And yes this can happen, because if you had previously done ANY modifications, such as rooting, forgetting to unhide magisk app, disable modules, or making any alterations to your initrc file , or had successfully swapped regions, then tried to flash the STOCK rollback, in order to bring your device back to factory spec, YOU WILL BOOTLOOP!)
((I have further details regarding what is one factor causing this to happen... It's the Baseband/Modem/Build.prop versioning that is putting your device out of spec. Each different Rollback/Upgrade package specifies an EXACT build # and patch date that each region has a slightly different variation of, and while you THINK you're fooling your device, You are ABSOLUTELY NOT! Part of the downloaded FW verification that happens before your phone reboots to complete the changes, is a quick matchup of some key files which your phone FAILS to notify you, when they do not match the requested info... And therefore those files are NOT replaced by your phone during the update/rollback.... So for anyone who knows Android.... This is a very big NO NO... you cannot update parts of a boot script... Parts of the system ... Parts of the recovery partition, but not also make the Android security patch, Kernel, modem, and other pertinent variables match their new counterparts. WHY? Can you use Android 13's Kernel, to run Android 12's security requirements, load 12's lower boot.img, but keep 13's modem, and flip a coin as to which recovery part will stay, then smash that all together under a security patch that is lower than your device was on! This is exactly what creates the "unresponsive device" brick. Cuz NOTHING is the right version necessary for secure boot and trust zone to approve/verify each other. Aka BRICK.
Ok rant over....
login/pw active Oppo acct.. DM..
Ty15This tool seems to be intended for use with mediatek devices.
I wouldn't bet on it working with this phone, but here's how to bypass the login screen anyway.
Open DownloadTool.exe with a hex editor
Find '74 4b 8d 45 d4'
Replace '74 4b' with '90 90'
Save, launch, enter any username/password/code and click login.
If you go to 'Software Package Management', you can specify a folder where your .ofp is located.8
yoo guys shout out to this man for helping me unbricking me my phone. 5 months no reply for oneplus, he just solved it in one night only! thanks alot bro.
@xuanhoang1811
