• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[EXE/BINARIES] Some binaries from W10M OEM KIT

Search This thread

djamol

Senior Member
Jun 3, 2014
444
406
30
Pune
www.twitter.com
Some binaries from Window 10 Mobile OEM KIT.
MobileOS-arm-fre.zip etc.

Included most of the great stuff, like icacls.exe for ARM too. That's great thing.
Developermenu.efi for Mass Storage Mode etc.

Notes:-
Don't fill-up MainOS with this stuff. (MainOS is less in size and need some space for update process. Another reason is, if your device is not secure boot unlocked then device will get bricked on Hard Reset. You need to flash FFU again.)
You can put it here "C:\Data\Test\Bin"
I.e. "C:\Data\Test\Bin\cmd.exe"
"C:\Data\Test\Bin\EN-US\cmd.exe.mui"

While dumping UEFI Variables from developermenu.efi need to create directory (LOGs) in efiesp.
Like this:- "C:\EFIESP\LOGs"
 

Attachments

  • System32.7z
    4.6 MB · Views: 1,055
  • developermenu.efi.rename.zip
    770.3 KB · Views: 1,046
  • wpdmp.efi.rename.zip
    711.8 KB · Views: 774
Last edited:

naiple

Member
Sep 30, 2015
18
13
How to the enable Mass Storage Mode? What I should do with Developermenu.efi?

You can replace the resetphone.efi with developermenu.efi. But you need disable uefi secure boot or provision test certificates first.
And i think you need copy the bmpx to EFIESP\Windows\System32\boot\ui.
 

Attachments

  • boot.ums.zip
    12.8 KB · Views: 332

naiple

Member
Sep 30, 2015
18
13
Some pictures about wp dev menu[emoji6]
31f2b56e82a1a0e17e98f127584d7583.jpg
d58b2f8ff2ead583d88b802d2312102f.jpg


Sent from my E5823 using XDA-Developers mobile app
 

RandomWP

Member
Oct 1, 2016
22
1
18
You can replace the resetphone.efi with developermenu.efi. But you need disable uefi secure boot or provision test certificates first.
And i think you need copy the bmpx to EFIESP\Windows\System32\boot\ui.
Is any brick risks? How to disable secure boot? Can i normally update system after disabling secure boot? Too many questions...
 
Last edited:

djamol

Senior Member
Jun 3, 2014
444
406
30
Pune
www.twitter.com
Where you find this files?
EFI has no digital signature, can we sign it using original efi's signature? Or this is impossible?

I found this on google search.

Just rename to "example.efi" then go properties, you will see test-signed cert under "digitalSignature".

Original efi means ?
Do you mean retail signed ? Like preview builds etc ?
That's not possible. Only and only Microsoft can sign anything's.
 

djamol

Senior Member
Jun 3, 2014
444
406
30
Pune
www.twitter.com
@RandomWP well if you can factor this, then you can sign anything you want.
"18972448065962940139915565550429542544127483826779617872033880200805531383810112033519462923455689001184704988629643322320935626522386587923114029165693226888726219810642734784485492479939675930712071937232814450059618069452834633402428960910772103556325402321732401344147493693868867659352675032054708935329819089743015709265983846796758594535993753245690111237034446423120148054406212815847368448494321991594739699349012952561409940006424505666495664581055624281399729068036466219150359946643974593913874303450382131958280356742749034844934294785202092112687219434536744337659608947188429328662226650888351316620003"
 

djamol

Senior Member
Jun 3, 2014
444
406
30
Pune
www.twitter.com
Secure boot blocks files without digital signature, right?

Yes, exactly.
Retail Secure boot policy don't allowed any unsigned stuff or any other signed stuff (non-production certs).
We need stuff which are only signed by Microsoft digital certificates which contain in phone sb database. I.e pk,kek,db etc.

So why we need to disable secure boot to flash any unsigned rom or efi apps.
 
Last edited:

RandomWP

Member
Oct 1, 2016
22
1
18
Yes, exactly.
Secure boot don't allowed any unsigned stuff or any other signed stuff (non-production certs).
We need stuff which are only signed by Microsoft digital certificates which contain in phone sb database. I.e pk,kek,db etc.

So why we need to disable secure boot policy to flash any unsigned rom or efi apps.

And we can't sign our EFI apps using MS setificate :crying:
Or we can sign files using any setificate, but we can't get MS sertificate?
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 7
    We need only to hack Microsoft and steal private key. :laugh:
    Or disable secure boot, it is easier. :)

    true
    (full sb unlock, not debug policy)
    BOGzmlo.png
    6
    Some binaries from Window 10 Mobile OEM KIT.
    MobileOS-arm-fre.zip etc.

    Included most of the great stuff, like icacls.exe for ARM too. That's great thing.
    Developermenu.efi for Mass Storage Mode etc.

    Notes:-
    Don't fill-up MainOS with this stuff. (MainOS is less in size and need some space for update process. Another reason is, if your device is not secure boot unlocked then device will get bricked on Hard Reset. You need to flash FFU again.)
    You can put it here "C:\Data\Test\Bin"
    I.e. "C:\Data\Test\Bin\cmd.exe"
    "C:\Data\Test\Bin\EN-US\cmd.exe.mui"

    While dumping UEFI Variables from developermenu.efi need to create directory (LOGs) in efiesp.
    Like this:- "C:\EFIESP\LOGs"
    2
    OMG .
    WP Security is all gone :D
    yes, all WPs, not just lumia
    2
    haha finally a secure boot exploit that works, good job @vcfan
    I guess I can say goodbye to the debug policies and the sad faces then :)

    Edit: out of curiosity, is it unlockable outside the phone, or that's required to have the phone OS working? Thinking about helping @snickler bricked phones
    2
    This is awesome! Question @vcfan, is this a retail phone or eng phone? I do also see that you have an AT&T 1520 like I do (mine's the one that's in brick hell :D). What's your product code? This is fascinating that you have the RDC, whereas mine doesn't have it.

    All of our phones are retail
    950xl , 640XL and 1520
    We also start testing on ativ s and more