General MSM TOOLS

Search This thread
By:
Advanced…
les.inkk

les.inkk

Member
Apr 28, 2011
9
7
$cronos_ said:
use ida pro to decompile and use hex-rays plugin to turn it into (not that great) c code. then create a breakpoint at the activation part and write some code to make it always return 1. then recompile and sign it
Click to expand...
Click to collapse
Hello, I'm Hoping i can get help with finding a working MSM Tool that will work for my OnePlus 10 Pro NE2210. I've read that there's an issue with logging into the actual tool. I'm hoping there's a Bypass for this, if there's anyone that can help me it'll be truly appreciated.. Thanks in advance. Bless..!!
 
  • Like
Reactions: LowaEastSide
dladz

dladz

Senior Member
Aug 24, 2010
16,023
5,976
Liverpool
Nothing Phone 2
les.inkk said:
Hello, I'm Hoping i can get help with finding a working MSM Tool that will work for my OnePlus 10 Pro NE2210. I've read that there's an issue with logging into the actual tool. I'm hoping there's a Bypass for this, if there's anyone that can help me it'll be truly appreciated.. Thanks in advance. Bless..!!
Click to expand...
Click to collapse
No mate, there isn't, many have tried and all have failed to get it working.

Without a valid log in (credit) it won't happen.

You need to pay for it or RMA / call service center
 
  • Like
Reactions: LowaEastSide
les.inkk

les.inkk

Member
Apr 28, 2011
9
7
dladz said:
No mate, there isn't, many have tried and all have failed to get it working.

Without a valid log in (credit) it won't happen.

You need to pay for it or RMA / call service center
Click to expand...
Click to collapse
Thanks for the quick response. so if someone bricks there devices trying to flash TWRP, or trying to root there device there F%$ked. However , there are people that can sign in and fix it, but i have to pay them? Correct? how easy is it to root the Oneplus 10 Pro without the possibility of Bricking it? sorry for all the questions, is that i just purchased the White NE2210 OnePlus 10 Pro without Knowing all the is going on. Really sucks, I should have purchased the Pixel 7 Pro.
 
  • Like
Reactions: LowaEastSide and dladz
dladz

dladz

Senior Member
Aug 24, 2010
16,023
5,976
Liverpool
Nothing Phone 2
les.inkk said:
Thanks for the quick response. so if someone bricks there devices trying to flash TWRP, or trying to root there device there F%$ked. However , there are people that can sign in and fix it, but i have to pay them? Correct? how easy is it to root the Oneplus 10 Pro without the possibility of Bricking it? sorry for all the questions, is that i just purchased the White NE2210 OnePlus 10 Pro without Knowing all the is going on. Really sucks, I should have purchased the Pixel 7 Pro.
Click to expand...
Click to collapse
I agree you should have got the pixel...

Rooting is easy from my perspective, I've got the UK version NE2213 I couldn't advise on the 2210 but it should be the same albeit with different boot images obviously.

In regards to RMA this simply means to return to the manufacturer.

If you brick your device then you could simply restore it via recovery, if that's borked then you have Fastboot commands / Fastboot enhance to flash your OS back..

If that fails then yes I'd go RMA, if that's not possible then find someone who has the MSM tool available however oppo apparently charge techies to use that tool which is the defining reason why Devs and most people who are in the know are completely avoiding oppo / OnePlus and similar Chinese crap from now on.

My advice to you would be to check the root threads, mines quite in depth and gives you the method to root yourself, as do others.

Don't use the boot images I've posted as they're for the 2213, but Fastboot enhance, local update APK and ADB files will all work.

Good luck to you buddy.

PS: listing paid for services here on XDA AFAIK isn't allowed, I don't personally know of any but Google should be your friend here.
 
les.inkk

les.inkk

Member
Apr 28, 2011
9
7
dladz said:
I agree you should have got the pixel...

Rooting is easy from my perspective, I've got the UK version NE2213 I couldn't advise on the 2210 but it should be the same albeit with different boot images obviously.

In regards to RMA this simply means to return to the manufacturer.

If you brick your device then you could simply restore it via recovery, if that's borked then you have Fastboot commands / Fastboot enhance to flash your OS back..

If that fails then yes I'd go RMA, if that's not possible then find someone who has the MSM tool available however oppo apparently charge techies to use that tool which is the defining reason why Devs and most people who are in the know are completely avoiding oppo / OnePlus and similar Chinese crap from now on.

My advice to you would be to check the root threads, mines quite in depth and gives you the method to root yourself, as do others.

Don't use the boot images I've posted as they're for the 2213, but Fastboot enhance, local update APK and ADB files will all work.

Good luck to you buddy.

PS: listing paid for services here on XDA AFAIK isn't allowed, I don't personally know of any but Google should be your friend here.
Click to expand...
Click to collapse
thanks for all the information you provided. I'm just glad there's options other than the msm tool out there. ill definitely figure it out. I have used the Payload method once with the OP7t, so with a lil tinkering i should be fine. Thanks again Friend. I should Have known better to offer paying, i come from the generation of one hand washes the other. Bless..!!
 
  • Like
Reactions: dladz
ues_t

ues_t

Senior Member
Jul 16, 2022
119
38
In my opinion, we don’t need to crack msmtool. We can use this packet to create an environment for the software by grabbing the data packet for the next flash.
 
dladz

dladz

Senior Member
Aug 24, 2010
16,023
5,976
Liverpool
Nothing Phone 2
les.inkk said:
thanks for all the information you provided. I'm just glad there's options other than the msm tool out there. ill definitely figure it out. I have used the Payload method once with the OP7t, so with a lil tinkering i should be fine. Thanks again Friend. I should Have known better to offer paying, i come from the generation of one hand washes the other. Bless..!!
Click to expand...
Click to collapse
Use the thanks button buddy.

No worries, it's a horrible state of affairs unfortunately, I only hope that everyone giving OnePlus and oppo the finger makes them and other companies change their tact, although I doubt it.
 
  • Like
Reactions: LowaEastSide
LowaEastSide

LowaEastSide

Senior Member
May 20, 2010
326
143
New York N.Y. (THE CITY THAT NEVER SLEEPS)
OnePlus 8 Pro
OnePlus 10 Pro
Its the
EugenStanis said:
I was thinking about switching from 9 pro to a newer one but without MSM Tool it doesn't make sense at all. OnePlus seem's to be dead in terms of development. Probably Pixel is best way as for n
Click to expand...
Click to collapse

EugenStanis said:
I was thinking about switching from 9 pro to a newer one but without MSM Tool it doesn't make sense at all. OnePlus seem's to be dead in terms of development. Probably Pixel is best way as for now...
Click to expand...
Click to collapse
That's exactly what I did. I have the International Dual Sim OnePlus 8 Pro, and I Love this device. However, it's been over 2 years I've had this phone running flawless on No Limit Rom. So I figured to upgrade and found the White NE2210 (12gig Ram , 516 Storage) for a great price nas jumped on it without any research. I would have never thought MSM TOOL would have been dead cause OnePlus always has been open source. I've had a OnePlus ever since the 3T. So I'm like WTF. I'll definitely figure it out. All I actually need is a stock O.S and Root, then I'm Good.
 
dladz

dladz

Senior Member
Aug 24, 2010
16,023
5,976
Liverpool
Nothing Phone 2
LowaEastSide said:
I just purchased the NE2210 and am looking to root it, however I am worried about bricking it cause sh*t happens. Now that there's no access to the MSM tool there's no to reflash back to stock. So I'm am wondering how , and where you found someone to fix it remotely for you. I ask just in case I'm ever in your situation. Thanks in advance.
Click to expand...
Click to collapse
Just by rooting you wouldn't need the MSM tool, that overkill...rooting is simply a booting procedure..nothing more.

Once it works then you install the image directly using magisk, beyond that it'll just fail and your phone will boot normally with the stock boot image..

So there is no need to worry about rooting as it's risk free.

If you flash on the other hand then you'd need to just go back to the stock boot image by flashing that.
 
LowaEastSide

LowaEastSide

Senior Member
May 20, 2010
326
143
New York N.Y. (THE CITY THAT NEVER SLEEPS)
OnePlus 8 Pro
OnePlus 10 Pro
Hey
dladz said:
Just by rooting you wouldn't need the MSM tool, that overkill...rooting is simply a booting procedure..nothing more.

Once it works then you install the image directly using magisk, beyond that it'll just fail and your phone will boot normally with the stock boot image..

So there is no need to worry about rooting as it's risk free.

If you flash on the other hand then you'd need to just go back to the stock boot image by flashing that.
Click to expand...
Click to collapse
Hey, would you happen to know if there's any development for XxX No Limit on the OnePlus 10 pro? Or let's say I Root my device and decide to run the No Limit script through Magisk it would fail correct? The reason I'm wondering is because I was able to run the latest No Limit 12.4 on both my OP7T, and OP8 Pro. It would actually be amazing if it works. What you think?
 
dladz

dladz

Senior Member
Aug 24, 2010
16,023
5,976
Liverpool
Nothing Phone 2
LowaEastSide said:
Hey

Hey, would you happen to know if there's any development for XxX No Limit on the OnePlus 10 pro? Or let's say I Root my device and decide to run the No Limit script through Magisk it would fail correct? The reason I'm wondering is because I was able to run the latest No Limit 12.4 on both my OP7T, and OP8 Pro. It would actually be amazing if it works. What you think?
Click to expand...
Click to collapse
You can root sure, but there is no development planned or being done from any of the popular Devs at this time.

There was some work being done towards getting lineage to boot but that had been fruitless up until now.

You can try the xXx ROM but I honestly couldn't at for sure if it would work..

A recovery wipe should fix it if safe mode doesn't help.
 
  • Like
Reactions: LowaEastSide
LowaEastSide

LowaEastSide

Senior Member
May 20, 2010
326
143
New York N.Y. (THE CITY THAT NEVER SLEEPS)
OnePlus 8 Pro
OnePlus 10 Pro
Thanks, il
dladz said:
You can root sure, but there is no development planned or being done from any of the popular Devs at this time.

There was some work being done towards getting lineage to boot but that had been fruitless up until now.

You can try the xXx ROM but I honestly couldn't at for sure if it would work..

A recovery wipe should fix it if safe mode doesn't help.
Click to expand...
Click to collapse
Thanks, I'ma give it a try. Its a great Rom for sure. Have it running on my 8 Pro which is my main Device for now till my 10 Pro finally arrives with in a few days.
 
  • Like
Reactions: dladz
dladz

dladz

Senior Member
Aug 24, 2010
16,023
5,976
Liverpool
Nothing Phone 2
LowaEastSide said:
Thanks, il

Thanks, I'ma give it a try. Its a great Rom for sure. Have it running on my 8 Pro which is my main Device for now till my 10 Pro finally arrives with in a few days.
Click to expand...
Click to collapse
The best ROM on the 8 pro or infact any of the devices I've ever used was Evo X.

No limits afaik isn't actually a ROM.

Just some tweaks, which also has a kernel, bare in mind that will not work but the tweaks might...actually I'm thinking I've tried to flash this, can't remember.

Best of luck buddy, really hope it works.
 
You must log in or register to reply here.

Similar threads

O
General EDL Flash Tool Leak
Replies
747
Views
100K
S
Sschris17
Metromas
Question OnePlus 10 Pro - QDLoader HS-USB - EDL Test Point [9008] MSM
Replies
115
Views
20K
S
sahilali
Metromas
  • Locked
Question [CLOSED] OnePlus 10 Pro - Unbrick with MSM
Replies
1
Views
4K
K
Kosta26
N
Question Fingerprint not working after using MSM tool NE2215
Replies
29
Views
2K
I
innoxentraheel
Canuck Knarf
General One Time Free log in to MSM only for Oneplus 10 pro
Replies
30
Views
3K
A
Austin2125

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 18
    Grovez
    Grovez
    I found out how to bypass the login prompt. Whether or not the tool will actually work is yet to be determined.
    I don't have a oneplus 10 pro, but would be really curious if this works for anyone.
    In order to avoid potential legal issues, and so you don't have to trust any files I upload, here are the instructions to crack the msm login...

    Using a download from the previously-linked rar, you should have a copy of 'MsmDownloadTool.exe'
    Use 7-zip to open the exe as an archive, and extract all the files into a new folder.
    Open 'FTGUIDev.exe' with a hex editor (HxD is good)
    Find the hex value '0f84e7000000b8'
    Replace the 84 with an 85

    Save the modified exe and launch it.
    Choose a server other than 'in company'
    Put whatever for userID/Password/Verify, click login.


    I hope this is useful.

    Screenshot_2022-09-02_23-07-33.png
    View
    9
    O
    OppoTech123
    Hello all, i am here to leak OPPO tech tool that allows one plus 10 pro to be flashed. Sadly i cannot share login but if you are able to bypass login screen the tool does not need to authenticate with server to flash device in EDL mode. Attached is screen shot of login screen and file. The tool picks up device in EDL mode and allows user to select the OPF file associated for device (please note you must have this downloaded externally ideally from msm tool for your device)

    I wish you luck bypassing this login and fixing your phones.

    flash.png
    View
    9
    beatbreakee
    beatbreakee
    BTW... I am STILL in need of someone to share me access to a MSM Tool account that is active... Again... i dont care if its a guest account... or regular. You can change your password 12 hours after you give me the login info.... I am VERY close to being able to spoof an authentication, and signature response back to the phone in order to allow generic flashing of the 2213, 2215, and 2217. I just need to do about 2, maybe 3 more flashes, an hour between each, so i can decipher the algorithm that generates the token for the response. I have 9... i need 12, as they are partially calculated by a timestamp. So ANYONE who can help me with an account that is active, and maybe it is close to expiring anyways, please DM me, with the info to gain access.

    I am working under an authenticated letterhead, permissions document sent to me by Qualcomm, which completely supercedes ANY legal action brought forth by Oneplus/Oppo/BBK. The letter expressly provides me permission to use any of the tools/functions which are originated/derived from a Qualcomm Tool in any fashion. MSM is written and designed by qualcomm. I am permitted to use whatever, in the "Research, and Penetration Testing, of any and all protocols called upon by a function of any process that begins in a device with a qualcomm chipset.!"

    They make the MSM Tool... but access to the servers which are used to flash each qualcomm device is controlled by their respective manufacturers.
    View
    8
    beatbreakee
    beatbreakee
    so heres what the OTP guys are doing...

    Be prepared... this is a VERY long detailed post...

    so what they are basically doing is....

    they are running their own "last pass" kind of server from AWS... Where they are daily logging in to their amazon web server account, and updating the MSM TOOL login, so that it refreshes every time one of them needs to pull an OTP. But its up to whoever admins the account as to how long tokens last for.

    then they created (or cloned) that GA_Login tool, which is just a general purpose login tool which can be made to work with any app. It comes with modified code so that you can attach it to any program written under a certain language. (different versions of the login tool for different program languages) Then the tool officially has access to manipulate the login values of whatever app.

    I believe the tool has legit licenses with the companies otherwise they would be violating the reverse engineering laws, and everyone who is profiting from it would be subject to an arresting offense! That would depend on the companies to press charges. But its easy to gain permission from a company for this purpose because you arent altering the code, only adding further security to mask passwords!

    So the OTP being generated, are just a valid login that is masked by a secure password masking system. Unfortunately it is unable to be decrypted due to mitigations involved with packet capture and the login relies on an internet connection. Now unfortunately thru further inspection, the OFP flashing app DOES maintain a secure check of the VIP Authentication signature, and that signature is verified on the phone itself through a command called by the Linux Library "Libqmi" ... this can be built and programmed by anyone, but the actual procedure for JUST doing a VIP Auth signature, is not detailed on how to perform this.

    THIS is what the QFIL application is doing when the sahara programmer is called.... the sahara programmer has a heavily encrypted HASHING ALGORITHM which sends one value to your phone, and then your phone verifies and calculates a response to send back to the Sahara.... The sahara already knows the correct answer even though it sits waiting, and if a single character is off, then sahara shuts down the communication portal, and sends us back an error. At that time, the phone is stuck in perpetual FAILED mode, and needs to be reset in order to try again.

    The problem with this is that during a FULL BRICK state, meaning no communication without shorting the Test Points, while the battery is disconnected, then there is no way to get a valid time stamp from your device. The timestamp is part of the sahara's calculation. Thus this is why manually flashing thru QFIL continues to fail. The PATCHED Firehose loaders, simply have the TIMESTAMP requirement removed from the calculation, so that the only thing verified is the devices SOC and board information.

    The MSM ONLINE tool, does its own timestamp calculations and intercepts the communication of the Sahara, then injects the current valid timestamp in real time, which then gives the approved signature to the sahara, and authorizes your flash.

    Conclusion: Someone who has .elf file coding skills needs to completely disassemble the loader, which can be pulled from ANY OP 10series.... or actually ANY Snapdragon 845 r 1, based phone, and compare that to several other loaders of recent related chipsets... ie Snapdragon 845 r 2, or possibly even Snapdragon 865... but if they are fluent enough working with elf files, they should be able to locate the instruction code that requests a timestamp, as part of the signature, and delete/disable that requirement. THEN recompile that loader and we will have the file needed from OFFLINE flashes via the patched MSM Tool, or Qfil.

    The login is the ONLY requirement of the MSMTool!
    It is the sahara firehose itself that is killing our ability to continue flashing once the login is bypassed. Whether the phone is in brickstate or not has no value to the value being submitted to the sahara. OPPO programmed our phones to interrupt communication thru the USB, on a BUTTON, or ADB request to enter EDL mode. This is why when connecting via the command line, or thru the recovery mode shortcut, there is a slight 3-5 second delay until your phone is detected in 9008 mode.

    1. When entering by holding the VOL buttons and plugging the usb in, the phone loses communication to the TIMESTAMP function, which makes the sahara fail offline, due to no MSM Tool server intervention. (remember the MSM server is not maintained by OPPO, but is actually built by Qualcomm... they just provide access to OPPO for repair functions.)

    ^^This will cause QFIL to fail, because a valid VIP cant be generated without the timestamp! ... But the MSM server can interject the correct timestamp being that its online and always in sync^^

    2. When entering EDL via cli, the phone is SUPPOSED to go straight into QCOMM DOWNLOAD MODE... with no interruption, but OPPO amended a "Reboot" command into the opperand forcing the usb to lose connection to the board and breaking the sync, and thus forcing the timestamp to be invalid once the connection is made again with the programmer.

    ^^This is why COLOROS is a game changer... Because they pushed their own, RECOVERY, and FASTBOOT protocols as overlays of the REAL Qcomm Recovery and Fastboot. Recovery and Fastboot are requirements of Qcomm/Android devices. But HOW they are laid out to us are completely up to the manufacturers. The ColorOS Recovery, and Fastboot (D) that is made by OPPO, alters the timestamp being generated, to force a standard 12hr format instead of 24hr ... Sahara doesnt know wtf AM, or PM is... so anything from ColorOS is gibberish in the timestamp.

    THERE IS ONE CAVEAT...

    All androids with altered Fastboot and Recovery protocols, ,MUST include a "Debug Boot Image". These actually communicate to the Qualcomm diagnostic function. Although atm i have no idea how to BOOT into these images, as they are not the same as the normal .img files we use for everything else. Calling on one of these images, is a process completely different than standard android boot.img ... so again i believe this to be one of the functions of LIBQMI .... this library makes a connection to the device over usb but more importantly the SERIAL communicator console on the board. Once this communication is connected, you have full control over all partitions/filesystems inside the entire device, without regulation. You could technically tell your smartphone it is now a smart TOASTER, (but this would certainly crash immediately without the proper functions being built into the chipset.)

    So now i task ANYONE who might have decent Linux knowledge to research QMI and how it communicates, to find the proper commands/access to call upon the Debug.img , which you can pull our of any downloaded fw.

    I will still be working on alternate methods, but as of now QMI seems to be our only answer.

    And final statement. OTP cannot be spoofed in any method to gain authorized MSM access, anymore than you being able to spoof authentication into a "last pass" account to gain control over someones password collection. They both maintain about the same level of encryption.

    I hope thats detailed enough to get to everyones thoughts, as i probably wont be able to answer anything much deeper for the time being. I have personally put myself into a financial situation, by the amount of time i have devoted to this, and now need to create a miracle or 2 in order to recover from the domino effect that i hadnt realized i triggered until today. Sorry i couldnt do a hell of a lot more... if i had the financial resources to not worry about bills for a month or two i could totally crack this thing wide open, and probably put a devastating hurt on OPPO in the process... but Electricity, Rent, Car, Insurance, Food, and general living, all factor in to the amount of time i can spend on this. (which sucks because bounties are upwards of 50K or more for the discovery of holes in the functions i was working on, and according to Qcomm i was very close to a pretty high critical cve being declared!) 😖
    View
    8
    Renate
    Renate
    I looked around for any Firehose loaders that had this getsigndata/verify.
    Only OnePlus and Oppo.
    The solution seems clear: don't buy them.

    OTOH, Lenovo/Motorola has signed loaders with restrictions.
    You can't read most partitions.
    The solution seems clear: don't buy them.
    View

New posts