General MSM TOOLS

Search This thread

tap77

Member
May 12, 2012
19
9
Oslo
Hi,

Since i got my oneplus 10 pro, i have as many others been searching for a MSM tool for our device, but has been unable to locate one. The best and closest thing i found was a site that apparently had MSM tool for every region, but the rar file needed a password to extract so it was of no use. Until today. I checked the same site and for some reason the password was now shown on the site, so i downladed NE2213GDPR_11_A.10_2022022602530000 and it worked!

All files are present but the MSM tool need login though, but maybe we can find a way to get around this?

The OFP file is present and my understanding is that this is the file that contains the firmware MSM tool uses to flash via edl, so maybe we can get a "cracked" msm tool/exe that dosent need login?

The site is: https://www.gsmmafia.com/oneplus-10-pro-flash-file/
Password: ne2210*@gsmmafia45
 
Last edited:

EtherealRemnant

Senior Member
Sep 15, 2007
3,732
1,166
37
Denver, CO
It isn't possible to work around this new situation because the Sahara protocol used to communicate with the device has changed. My understanding is that the old software wouldn't work even if the ROM was repackaged into another device's MSM Tool.

It seems that from now on, MSM Tool requires a technician to flash, leaks are no good because it also seems like there is a token generation happening which means that even if the credentials leak, it won't do any good.

Maybe someone can disassemble the MSM Tool EXE itself and find a way to bypass/patch out the login requirement but I would think that they would have tried to protect against this too.
 

g96818

Senior Member
Dec 27, 2014
531
150
you want to try use the oppo/realme ofp flash tools. I was researching this before, but gave up. oneplus is now part of oppo again, which is why it sucks.
 
  • Like
Reactions: dladz and tap77

dladz

Senior Member
Aug 24, 2010
14,196
4,767
Liverpool
Huawei Watch 2
OnePlus 8
There is always a way to crack a tool, always, even Denuvo can be cracked, it's just a matter of will and ability.

That's not to say that it wouldn't seem impossible, every check in has a fall back option, including this tool, i'd say lets get it available to all and some exposure, then i'm sure progress can be made, even if it leads to something else.

In all fairness though the options that the other guys have mentioned all seem to be pretty robust, personally i've never needed anything other than recovery on the 10 pro so i've maybe been lucky. Would be good to get some actual proof of concepts from people who've been in sticky situations, what worked, what didn't and where do we stand now.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 5
    Hi
    Please support the post on the OnePlus official forum

    Please share recovery tool (EDL mode) MSMDownloadTool for OnePlus 10 Pro

    Thanks
    4

    Unfortunately, I doubt that will help. What we really need is someone who is good at cracking software to crack the MSM tool for us. The site listed above ( https://www.gsmmafia.com/oneplus-10-pro-flash-file/ ) has all the different versions of the MSM tools, they are just locked down. Using x64dbg on the actual MSM tool just crashes the debugger (most likely security features detect it and force close the program). But from what I could tell, it's not the MSM tool that needs to be cracked necessarily. When you run the MSM tool it creates a new directory in local user app data where it extracts the .dll files and also a .exe file (can't remember the name but think it's something devui.exe or something). If you run this file, it's the login program for the MSM tool. You can load it in x64dbg without any crashing and edit it. I unfortunately wasn't able to figure it out and gave up, but if we can get someone with more knowledge and know how on this, we will have the MSM tools cracked. I would say maybe start a bounty, but not sure if it would be an issue with the mods as technically cracking software goes against the TOS. Either way, hopefully we can get it soon as having MSM just in case is always a good thing.

    Edit: So the name of the exe that is the login to the MSM tool is called FTGUIDev.exe and it's located in the AppData\Local\OPPO Flash Tool Series 3.0\ folder after trying to run the MSM tool. If anyone knows how to crack it, it should allow us to replace it and then use all of the MSM tools on that site.
    3
    Those who are selling Msm fix have to be some Qualcomm or oneplus technician right?
    Imagine if they published their credentials. They get canned in a second.
    Secondly, I wonder how they can get away with charging people. Whole thing really seems sketchy.

    It may be a OnePlus tech, but more than likely it's someone who used a keylogger to capture the techs credentials while the tech was logging into the tool to flash their device. It's extremely sketchy to do that and then go around trying to charge people to use it via WhatsApp. That's why I've been saying we need someone who knows how to crack it and bypass the login all together and we won't have to deal with that. I tried, I failed. Someone with more skills needs to take a look at it and I guarantee they will be able to figure it out.
    3
    It isn't possible to work around this new situation because the Sahara protocol used to communicate with the device has changed.
    I don't have a One Plus 10 but I have curiousity and I know a bit about Sahara/Firehose
    I wouldn't think that the Sahara protocol itself has changed, that's in the PBL in ROM.
    It looks like the Firehose loader (prog_firehose_ddr.elf) has added some authentication stuff?
    It could be patched and resigned if Secure Boot is not enabled.
    Code:
    /sources/services/tme_messages/src/ImageAuthPblUtils.cpp
    boot_elf_auth.c
    Auth Metadata
    not authorized
    Requesting VIP img authentication elf_buf = 0x%x, elf_buf_len = %d
    Returned from verifying VIP img authentication: data = 0x%x, data_len = %d
    Authenticate module requires buffer to be %d (0x%x) aligned, input buffer is not aligned Addr 0x%x size
    VIP img authentication failed with smc_status = 0x%x, rsp_0 = 0x%x
    Authentication of signed hash failed %d
    Secure Boot *not* enabled BUT VIP *is* enabled. Therefore will *not* check digital signature on Digest Table. This allows easier testing on non-secure targets%c
    Gosh, I wish that I were a VIP!
    Still, there is something strange about this ELF, it doesn't look like my other loaders.
    1
    Those who are selling Msm fix have to be some Qualcomm or oneplus technician right?
    Imagine if they published their credentials. They get canned in a second.
    Secondly, I wonder how they can get away with charging people. Whole thing really seems sketchy.
  • 5
    Hi
    Please support the post on the OnePlus official forum

    Please share recovery tool (EDL mode) MSMDownloadTool for OnePlus 10 Pro

    Thanks
    4

    Unfortunately, I doubt that will help. What we really need is someone who is good at cracking software to crack the MSM tool for us. The site listed above ( https://www.gsmmafia.com/oneplus-10-pro-flash-file/ ) has all the different versions of the MSM tools, they are just locked down. Using x64dbg on the actual MSM tool just crashes the debugger (most likely security features detect it and force close the program). But from what I could tell, it's not the MSM tool that needs to be cracked necessarily. When you run the MSM tool it creates a new directory in local user app data where it extracts the .dll files and also a .exe file (can't remember the name but think it's something devui.exe or something). If you run this file, it's the login program for the MSM tool. You can load it in x64dbg without any crashing and edit it. I unfortunately wasn't able to figure it out and gave up, but if we can get someone with more knowledge and know how on this, we will have the MSM tools cracked. I would say maybe start a bounty, but not sure if it would be an issue with the mods as technically cracking software goes against the TOS. Either way, hopefully we can get it soon as having MSM just in case is always a good thing.

    Edit: So the name of the exe that is the login to the MSM tool is called FTGUIDev.exe and it's located in the AppData\Local\OPPO Flash Tool Series 3.0\ folder after trying to run the MSM tool. If anyone knows how to crack it, it should allow us to replace it and then use all of the MSM tools on that site.
    4
    Greetings to all!
    I unpacked the ColorOS A12 OFP image https://mega.nz/folder/zAci1YrZ#-gNY7OJ3IsOo-SY6kV4VXQ
    Maybe someone can create it under QFil Tool v2.0.3.5

    Original image NE2210domestic_11_A.12_2022030701060000.zip
    OplusFlashTool_v3.0.16.20_for_Dev.zip (requires authorization)
    3
    Hi,

    Since i got my oneplus 10 pro, i have as many others been searching for a MSM tool for our device, but has been unable to locate one. The best and closest thing i found was a site that apparently had MSM tool for every region, but the rar file needed a password to extract so it was of no use. Until today. I checked the same site and for some reason the password was now shown on the site, so i downladed NE2213GDPR_11_A.10_2022022602530000 and it worked!

    All files are present but the MSM tool need login though, but maybe we can find a way to get around this?

    The OFP file is present and my understanding is that this is the file that contains the firmware MSM tool uses to flash via edl, so maybe we can get a "cracked" msm tool/exe that dosent need login?

    The site is: https://www.gsmmafia.com/oneplus-10-pro-flash-file/
    Password: ne2210*@gsmmafia45
    3
    It isn't possible to work around this new situation because the Sahara protocol used to communicate with the device has changed. My understanding is that the old software wouldn't work even if the ROM was repackaged into another device's MSM Tool.

    It seems that from now on, MSM Tool requires a technician to flash, leaks are no good because it also seems like there is a token generation happening which means that even if the credentials leak, it won't do any good.

    Maybe someone can disassemble the MSM Tool EXE itself and find a way to bypass/patch out the login requirement but I would think that they would have tried to protect against this too.