Lumia 1520 Starting work on custom ROM !

[WojtasXda]

Hi Everyone !!

Work on the first custom rom WP8 for Huawei w1 been completed successfully .

Time for something new !

I would like to announce that I start work on Custom ROM for nokia lumia 1520. First attempt at flashing the modified file ffu done successfully .

Unfortunately, in another attempt something went wrong. I switched the phone in Download mode, QPST can repair the phone but I dont have appropriate files (currently). I have Riff Box JTAG but this programator does not support L1520 and i need ATF jtag.

I'll keep you informed about the progress !! :fingers-crossed:

I collect money for the ATF and the new phone, otherwise I can't continue to work. In the future, project will be developed for many other devices with WP8.

 

[hutchinsane_]

Interesting. First of all: Congrats on the succesfull flash,
second of all: I hope you can resurrect your Lumia 1520 how did you get the 1520 to accept the modified rom though? Though Lumias check the signature after the flashing process has completed?

 

[WojtasXda]

Thanks for congrats

I can ressurect my lumia in 2 ways:

1. I need have repair boot files for QPST
2. I need AFT JTAG

I have methods to cheat the verification process. In the same way I did in Huawei W1. :victory:

These are my priorities:
1. Development and refinement the ability to flash the modified FFU file.
2. Ability to run the phone in mass storage mode
3. Modification software
4. Adapting WP8CRUU for Luma 1520

 

[hutchinsane_]

Thanks for congrats

I can ressurect my lumia in 2 ways:

1. I need have repair boot files for QPST
2. I need AFT JTAG

I have methods to cheat the verification process. In the same way I did in Huawei W1. :victory:

These are my priorities:
1. Development and refinement the ability to flash the modified FFU file.
2. Ability to run the phone in mass storage mode
3. Modification software
4. Adapting WP8CRUU for Luma 1520

Getting the boot files might be the trickier method, but you could try what I described in your other post. I guess the ATF Box is your best chance. I'll look through the 1520 update cabs maybe theres something in there that'll help you build the mbn boot image, like on htcs. (which are, for the 8s encrypted, for the 8x not, as far as I know.) If you feel okay with it you can shoot me a message with tips on how you managed to do that, if not, that's not a problem

 

[reksden]

Thanks for congrats

I can ressurect my lumia in 2 ways:

1. I need have repair boot files for QPST
2. I need AFT JTAG

I have methods to cheat the verification process. In the same way I did in Huawei W1. :victory:

These are my priorities:
1. Development and refinement the ability to flash the modified FFU file.
2. Ability to run the phone in mass storage mode
3. Modification software
4. Adapting WP8CRUU for Luma 1520

Are you reading this thread: http://www.coolxap.com/forum-199-1.html ?
I received a lot of information about huawei w1 on this site. When read about it in December 2013.

 

[fonix232]

Actually if the verification bypass works (which, knowing MS's tight security on Nokias, I highly doubt), it just needs to be released as a method, and after that, anyone can make their own custom ROM.

I'd definitely make some changes to the system (clear out some default apps, add some of my own, change the accent colours, allow interop and other caps to any apps, increase custom app limit), but that would break the built-in system updater. So beware modders, DO NOT use official updates when on modded firmware!

 

[myst02]

Hi Everyone !!

Work on the first custom rom WP8 for Huawei w1 been completed successfully .

Time for something new !

I would like to announce that I start work on Custom ROM for nokia lumia 1520. First attempt at flashing the modified file ffu done successfully .

Unfortunately, in another attempt something went wrong. I switched the phone in Download mode, QPST can repair the phone but I dont have appropriate files (currently). I have Riff Box JTAG but this programator does not support L1520 and i need ATF jtag.

I'll keep you informed about the progress !! :fingers-crossed:

Hi,
I have an ATF Box (lordmaxey & me interop unlocked our Lumias with it, do you remember me ) and would like to help you. Feel free to PM me

Another question, did you just modify the .ffu file via Hex Editor? I've tried it myself a long time ago, but it didn't work and I had to repair it with my ATF. Is there a bug in newer Nokia FFU files?

myst02

 

[hutchinsane_]

Flashing the custom ROM is not hard, so I would give it a try
Just be sure you don't touch boot partitions, so you will be able to boot into flashmode
On L520, I could simply flash ANY ffu using CareSuite, so flashing works, just need idea, what to change in ROM

How are you able to bypass signature checking though? Funny how on Lumias you can apparently edit the MainOS Partition but cannot touch the Boot ones, and on HTC it's exactly the reverse.

 

[WojtasXda]

Guys ... the only barrier that separates us from the Custom ROM are 2 files that i need to create and adapt to the device. I mean MPRG8974.mbn ((hex) and msimage8974.mbn . Anyone who has knowledge on this topic, please help !!

This is my other topic about mprg/misimage
http://xdaforums.com/hardware-hacking/hardware/qpst-help-create-mprg-msimage-mbn-t2949492

Here is a lot of information about QPST
http://xdaforums.com/showthread.php?t=2136738

how to build mprg and msimage [/url]
http://blog.csdn.net/ziyouwa/article/details/16331545

 

[ngame]

Start phone recovery process in CareSuite, select official firmware, press start

When it asks you, to connect the phone, just replace the ffu file with the modified one



Boot partition should not be touched, as the SoC checks its signature, and your phone will be stuck in quallcomm's DLMODE

how to modify FFU ? have you any tool for it ?
I know we can Convert it using ImgMounnt but how to reconvert it to ffu ?

 

[WojtasXda]

Start phone recovery process in CareSuite, select official firmware, press start

When it asks you, to connect the phone, just replace the ffu file with the modified one



Boot partition should not be touched, as the SoC checks its signature, and your phone will be stuck in quallcomm's DLMODE

Okay, good, Are you sure that your phone will not reject the file when it encounters an error?
How do you think why was invented HSPL ?

For Huawei just enough to crack the flash tool in PC to be able to upload an unsigned app / ffu file. Phone does not validate the data but Huawei is different story. While working on the Custom ROM I used QPST with MPRG ,MSIMAGE, xml's and other files. JTAG also be useful. Without QPST not have been possible creating Custom ROM for Huawei.

Therefore necessary there is start working on the most needed things.

how to modify FFU ? have you any tool for it ?
I know we can Convert it using ImgMounnt but how to reconvert it to ffu ?

Do you think it is that simple? If yes, where are the custom roms? Where these modified files? Of course there are tools to build files ffu, signing and opening them, but they are not available for "ordinary" people.

Well ... I go learn and explore the dark side of QPST

Regards

 

[ngame]

Okay, good, Are you sure that your phone will not reject the file when it encounters an error?
How do you think why was invented HSPL ?

For Huawei just enough to crack the flash tool in PC to be able to upload an unsigned app / ffu file. Phone does not validate the data but Huawei is different story. While working on the Custom ROM I used QPST with MPRG ,MSIMAGE, xml's and other files. JTAG also be useful. Without QPST not have been possible creating Custom ROM for Huawei.

Therefore necessary there is start working on the most needed things.

Do you think it is that simple? If yes, where are the custom roms? Where these modified files? Of course there are tools to build files ffu, signing and opening them, but they are not available for "ordinary" people.

Well ... I go learn and explore the dark side of QPST

Regards

I know it's not easy and simple and I know there's at least one tool to create and edit ffu files and it's also not public but i thought he developed a FFU Editor app ! or he flashed Custom Rom many times !
and also I think you mean Phone Image Designer of Microsoft :

 

[ngame]

I have used HxD hex editor to find the partition headers, then used OSFMount to mount them. You can either mount a part of the ffu, or copy the partition to a separate image



As far as I know (my bricked 520 proves it) SoC's built-in ROM checks the first partition's signature using the public key in Q-Fuse, so let's crack RSA and stuff like that. SPL/HSPL was used to load CE, NT on ARM uses UEFI

you bricked your phone when you try this way ?
If( YourAnswer == "Yes" )
{
MessageBox.Show("Surely This way can't be useful or it's not the complete way and we need to research more");
}
else
{
//More Details go here
}

 

[ngame]

This happened when I tried to modify first partition (shown in attachments in previous post)

I'm not sure, if I added that in this thread, too, but only try, if you have JTAG box, so you won't mess up everything

Unfortunately I have no JTAG box (riff , atf and etc.)
I will look for way you provide and check it .
I have to find someone with JTAG in Mashad,Iran . Is there anyone ?

 

[WojtasXda]

it is necessary to learn how to create MPRG / MSIMAGE and use QPST Then jtag will not be needed. These files are obtained by reading the data from the memory EMMC in this case VHD would be the best solution.

 

[ngame]

OK OK your way worked
I could create 3 Partitions from my L920 (RM-821) Rom .
I couldn't access MainOS partition in this ROM .
sounds good to find this working way but need to work on it hours and hours .

 

[WojtasXda]

Once found something like MPRG in ffu
Open another SoC's MPRG, and look for the first 8 0r 16 bytes in ffu file

I do not know if this is true, but MPRGXXXX.bin or MPRG.hex (Intel hex) suitable for many devices. Msimage is built only for the appropriate device.

@WojtasXda : Are you using caresuite to flash the rom, or do you have another tool?

Yes i have own tools for example WP8RUU or WP8CRUU

 

[GoodDayToDie]

Things that might be of interest to a custom ROM developer:

* I've just made big progress in figuring out how capabilities work on the phone. Setting them via custom ROM is definitely one of the easier ways it might be done, if you can create arbitrary registry keys and set arbitrary values in them.
* One particularly valuable thing you could add to a non-Samsung ROM is the RPC driver/service/whatever that lets Samsung's RCPComponent library work. I don't know how hard it would be to hack that in, though. The binaries and the registry keys for the service shouldn't be hard to obtain, but I don't know if there will be problems with signatures or anything. Still, if you can get it working, this would mean that Samsung homebrew, and everything we can do with it (such as write arbitrary places in the registry and move files around as SYSTEM) becomes available on the 1520.

Somewhat relatedly, I find myself in need of a new phone (I think my ATIV S may be unrecoverable, and it wasn't even due to a hack I was doing!) and this piques my interest in getting a 1520...

 

[ngame]

Also (just an idea) RT certificates could be added. Maybe some(!) RT apps could run on the phones

These apps work now on WP8.1
wp8.1 supports appx and appxbundle formats so we don't have problem with running them on phones .
If you mean running apps like Multimedia 8 on phone I think we will run into resolution problem .

 

[GoodDayToDie]

Not going to happen. First of all, the ported desktop apps only work when signature enforcement is off ("jailbroken") even *on RT*; until/unless we get a signature bypass for WP8 that's a complete non-starter.
The other major problem is that all the base libraries for RT are different than for WP. This extends all the way down to the really core stuff like Kernel32.DLL; RT (like normal Windows) has one, but WP8 doesn't (the functions are split into kernelbase.dll and kernel32legacy.dll). Then there's all the code (like support for the normal desktop interface) that WP8 just flat out doesn't have.

I'm not saying it's impossible to get RT code running on WP8... but it's probably easier to port the entire RT OS to the phone (which is *not* easy, but is possible) than it is to get RT software running on WP8 OS.