Question Help: Unbrick OnePlus 10 Pro (NE2213)

Search This thread

Metromas

Senior Member
Oct 20, 2019
69
13
24
Turkey
My phone was bricked during the update with the fastboot dev tool, so my phone is now off, I can get it to connect mode 9008 on my laptop. button combinations and charge response not working. If anyone has a solution or knows, please help.
 

jeffsga88

Senior Member
Jan 5, 2016
911
715
OnePlus 9 Pro
If you can actually log into it then that's great..

Doesn't work. It's the old MSM tool and not the one we need (it's for fajita OnePlus 6 or 7 I think) and not the 10 Pro. Unfortunately the older tools may connect to the 10 pro, but will never be able to flash them as they expect ops format but we use ofp format on the 10 pro.
 
  • Like
Reactions: dladz

jeffsga88

Senior Member
Jan 5, 2016
911
715
OnePlus 9 Pro
Is there any way to alter from ofp to ops?

Not that I know of but, possibly. Also not sure if it would read/flash correctly using the old tool. From what I've read they made changes to how the new tool communicated with EDL, if that's the case then it wouldn't matter. Not 100% sure though. I guess easy way to test would be running that tool, using readback mode (pressing F8 while in tool) and connecting the 10 pro via EDL and see if it can successfully pull the boot.img. Maybe I'll try that when I get a chance, unless someone else wants to try first. I'm assuming if it worked out would just need to convert the format of the flash package then.
 
  • Like
Reactions: dladz

dladz

Senior Member
Aug 24, 2010
14,551
5,022
Liverpool
Huawei Watch 2
OnePlus 10 Pro
Not that I know of but, possibly. Also not sure if it would read/flash correctly using the old tool. From what I've read they made changes to how the new tool communicated with EDL, if that's the case then it wouldn't matter. Not 100% sure though. I guess easy way to test would be running that tool, using readback mode (pressing F8 while in tool) and connecting the 10 pro via EDL and see if it can successfully pull the boot.img. Maybe I'll try that when I get a chance, unless someone else wants to try first. I'm assuming if it worked out would just need to convert the format of the flash package then.
I've just updated to the latest beta so I'm probably not the best test subject
 

EtherealRemnant

Senior Member
Sep 15, 2007
3,983
1,309
37
Denver, CO
I've just updated to the latest beta so I'm probably not the best test subject
Beta version shouldn't have any effect on things since EDL is intentionally kept separate from the OS.

Converting OFP to OPS should simply be a matter of using the Oppo decrypt tools just like any other MSM edit but I dunno if it will actually work.


Use ofp_qc_decrypt.py to decrypt and then opscrypto.py to encrypt. Really should be as simple as that to repackage it but if the device is expecting some sort of encrypted handshake as seems to be suggested, the repack wouldn't do any good.
 

dladz

Senior Member
Aug 24, 2010
14,551
5,022
Liverpool
Huawei Watch 2
OnePlus 10 Pro
Beta version shouldn't have any effect on things since EDL is intentionally kept separate from the OS.

Converting OFP to OPS should simply be a matter of using the Oppo decrypt tools just like any other MSM edit but I dunno if it will actually work.


Use ofp_qc_decrypt.py to decrypt and then opscrypto.py to encrypt. Really should be as simple as that to repackage it but if the device is expecting some sort of encrypted handshake as seems to be suggested, the repack wouldn't do any good.
Nah you missed my point. I don't actually want to start testing. I'm enjoying the phone.

As for converting, can only try. Just need guinea pig
 

EtherealRemnant

Senior Member
Sep 15, 2007
3,983
1,309
37
Denver, CO
Nah you missed my point. I don't actually want to start testing. I'm enjoying the phone.

As for converting, can only try. Just need guinea pig
My point is that you should be able to do that on any OS version and readback doesn't actually change any of the partitions on your phone, it would just let us know if EDL can communicate with the older MSM at all. It would just reboot back to the OS when it was done (or if the handshake failed).
 

Canuck Knarf

Senior Member
Dec 19, 2015
204
28
Google Pixel 6 Pro
OnePlus 10 Pro
Beta version shouldn't have any effect on things since EDL is intentionally kept separate from the OS.

Converting OFP to OPS should simply be a matter of using the Oppo decrypt tools just like any other MSM edit but I dunno if it will actually work.


Use ofp_qc_decrypt.py to decrypt and then opscrypto.py to encrypt. Really should be as simple as that to repackage it but if the device is expecting some sort of encrypted handshake as seems to be suggested, the repack wouldn't do any good.
I'm working on this next.
 

EtherealRemnant

Senior Member
Sep 15, 2007
3,983
1,309
37
Denver, CO
I'm working on this next.
Since I have installed Pop! on my old NVMe drive, I decided to try it for myself. Spoiler alert: it doesn't work.

The OFP has an entirely different structure to the OPS. In fact it doesn't even use settings.xml, it uses Setting.xml, and that file has an entirely different structure as well. There is no way that this will work.

Taking a quick look at the two settings files, it seems like the one for the OPS has the patch and program information contained in the file, the OFP has them split into separate patch and rawprogram files. Additionally the super.img in the OFP has been split into separate files (but there is a super_map.csv that says which regions use what files and they can be merged with simg2img back to a full super).

It's not a simple conversion for sure. Even the arguments in the Setting section of the file are entirely different and there is no lite firehose with the new MSM Tool either.
 
  • Love
Reactions: Prant

Top Liked Posts

  • There are no posts matching your filters.
  • 2
    Anyone planning to do this should install a keylogger...

    Share it and were in business
    Flashing does not work if keylogger is installed
    login is protected by OTP, even if you get login info, you can not do anything.
    and if somehow info is leaked, that account gets blocked instantly,
    It's more than just login :)
    1
    Here's another tool as well...But i have no info about it. The guy installed it on my computer to help get back from EDL
    Hmm. Could be promising. The tool uses .NET Framework. A quick peek into the resources show an encrypted resource using CryptoStream. I believe the "Token" the tool asks for decrypts the encrypted resource to reveal the actual credentials or something else that is then passed over to the MSM Tool. Pretty interesting but I guess it is useless unless we know the token. Or maybe someone more knowledgeable can debug the EXE properly. The tool has some protection for dotPeek (and probably other debuggers too) as in, it kills itself when it identifies the target process is running.
    1
    Hmm. Could be promising. The tool uses .NET Framework. A quick peek into the resources show an encrypted resource using CryptoStream. I believe the "Token" the tool asks for decrypts the encrypted resource to reveal the actual credentials or something else that is then passed over to the MSM Tool. Pretty interesting but I guess it is useless unless we know the token. Or maybe someone more knowledgeable can debug the EXE properly. The tool has some protection for dotPeek (and probably other debuggers too) as in, it kills itself when it identifies the target process is running.
    Maybe that's why he wouldn't do on my laptop....I had spyric hidden on my laptop and told me to use another computer
  • 3
    Mod Edit: Quoted Post Deleted

    Share it here brother
    2
    Anyone planning to do this should install a keylogger...

    Share it and were in business
    Flashing does not work if keylogger is installed
    login is protected by OTP, even if you get login info, you can not do anything.
    and if somehow info is leaked, that account gets blocked instantly,
    It's more than just login :)
    2
    He can't. It's done by someone else...with team viewer... But it dose work...I got it done.
    Anyone planning to do this should install a keylogger...

    Share it and were in business
    2
    Mod Edit: Quoted Post Deleted

    Cool, now why don't you help the community out and figure out a way to make it offline instead of charging for it?
    1
    Is there any way to alter from ofp to ops?

    Not that I know of but, possibly. Also not sure if it would read/flash correctly using the old tool. From what I've read they made changes to how the new tool communicated with EDL, if that's the case then it wouldn't matter. Not 100% sure though. I guess easy way to test would be running that tool, using readback mode (pressing F8 while in tool) and connecting the 10 pro via EDL and see if it can successfully pull the boot.img. Maybe I'll try that when I get a chance, unless someone else wants to try first. I'm assuming if it worked out would just need to convert the format of the flash package then.