Question OnePlus 10 Pro - QDLoader HS-USB - EDL Test Point [9008] MSM

Search This thread
By:
Advanced…
Metromas

Metromas

Senior Member
Oct 20, 2019
79
24
25
Turkey
metromas.com
Hello
The test point on this phone was shared by me for the first time on the internet. But there is no software available to install it. So my phone is still dead.

9008 usb Requirements to establish a connection:
- Disconnect the battery
- Plug your cable into the phone
- Connect the other end of the cable to the computer when short-circuiting the marked area.
- If the drivers are installed, the connection will be successful.

OnePlus-10-Pro-edl-9008-location.png


1660392438149.png


www.droidwin.com

OnePlus 10 Pro EDL Test Point HS-USB QDLoader 9008

This guide will make you aware of the EDL Test Point on your OnePlus 10 Pro that could be used to boot your device to EDL Mode for unbrick.
www.droidwin.com www.droidwin.com
 
Last edited:
M

mustafa.faiz

New member
Apr 24, 2020
3
0
Metromas said:
Hello
The test point on this phone was shared by me for the first time on the internet. But there is no software available to install it. So my phone is still dead.

9008 usb Requirements to establish a connection:
- Disconnect the battery
- Plug your cable into the phone
- Connect the other end of the cable to the computer when short-circuiting the marked area.
- If the drivers are installed, the connection will be successful.

View attachment 5649009
Click to expand...
Click to collapse
contct me i will fix your phone if software problem +992919474848 whatsapp only
 
dladz

dladz

Senior Member
Aug 24, 2010
16,008
5,964
Liverpool
Nothing Phone 2
Mod Edit: Quoted Post Deleted

You're referring to the MSM tool and a techs log in? If you're a OnePlus tech you're going to get fired, if you're not then what exactly are you selling??? It's a free tool, you've just keylogger stolen the details, nothing more.. trying to make money off people ?? That's shocking behaviour, genuinely awful..
 
Last edited by a moderator:
  • Like
Reactions: prudhivisekhar, null0seven and spevil07
dladz

dladz

Senior Member
Aug 24, 2010
16,008
5,964
Liverpool
Nothing Phone 2
{Mod Edit: Quoted Post Deleted}
Either way buddy, you can't sell usage of a free tool, certainly not promote it... You also made it sound like you were the one selling it as a "service"

Perhaps be more specific when you explain things...

To be clear, anybody selling the use of the MSM tool is a tool themselves.
 
Last edited by a moderator:
  • Like
Reactions: damajor and Prant
Ph0nysk1nk

Ph0nysk1nk

Senior Member
Jul 28, 2016
235
123
So, there's only one guy who's selling the Msm login info it seems.

I wonder how oneplus would react if they found out. Wonder if an email over there would do anything about this fool.... But probably not.
 
henryhan123

henryhan123

Member
Jul 20, 2022
13
10
Metromas said:
Hello
The test point on this phone was shared by me for the first time on the internet. But there is no software available to install it. So my phone is still dead.

9008 usb Requirements to establish a connection:
- Disconnect the battery
- Plug your cable into the phone
- Connect the other end of the cable to the computer when short-circuiting the marked area.
- If the drivers are installed, the connection will be successful.

View attachment 5649009
Click to expand...
Click to collapse
Hi, how did you figure out the test point? My Realme GT 2 PRO is dead bricked too, but i am not sure which are the correct test points:

REALME.jpg
 
N

nguyenlucky

Senior Member
Jan 30, 2013
505
183
danang
ColorOS MSM tools always require internal account to log in. As OnePlus moves to ColorOS as its codebase since Android 12, free MSM tool (like with pure OxygenOS before) no longer exists I'm afraid.

I cannot find any free OxygenOS 12 MSM tool for any devices
 
  • Sad
  • Like
Reactions: Prant and Metromas
dladz

dladz

Senior Member
Aug 24, 2010
16,008
5,964
Liverpool
Nothing Phone 2
nguyenlucky said:
ColorOS MSM tools always require internal account to log in. As OnePlus moves to ColorOS as its codebase since Android 12, free MSM tool (like with pure OxygenOS before) no longer exists I'm afraid.

I cannot find any free OxygenOS 12 MSM tool for any devices
Click to expand...
Click to collapse
And your won't make. They've locked that down.

Unless you run

a keylogger and take it!
 
  • Like
Reactions: Prant
Prant

Prant

Senior Member
Jan 23, 2017
152
114
OnePlus 7 Pro
OnePlus 10 Pro
dladz said:
And your won't make. They've locked that down.

Unless you run

a keylogger and take it!
Click to expand...
Click to collapse
I took a brief look into it over the weekend, some stuff is tied to the login like important setup files get streamed in to the tool. But it all looks like, if someone had a login, they could cache that info and crack it that way. Just needs the setup/flashing instructions from server basically. Would take longer to manually reverse their proprietary format.
 
Ph0nysk1nk

Ph0nysk1nk

Senior Member
Jul 28, 2016
235
123
Alright then, maybe we should look at this a different way. How would we be able to get a remote session with oneplus/ a technician?

Clearly it's possible as that one loser did it. It's just how he did it.
 
J

jeffsga88

Senior Member
Jan 5, 2016
955
741
OnePlus 9 Pro
Ph0nysk1nk said:
Alright then, maybe we should look at this a different way. How would we be able to get a remote session with oneplus/ a technician?

Clearly it's possible as that one loser did it. It's just how he did it.
Click to expand...
Click to collapse

The easiest way used to be to reach out to support and tell them that your phone did an update and it won't boot into the system anymore. Then they would set up a remote session to flash your phone. The more difficult part at that point was you needed to set up a keylogger on your computer and run it when they do it and then disconnect before they can delete the files. If you feel comfortable doing that, then no problem. I wouldn't want to set up a keylogger on my own computer, so would have to either run a VM that I can actually get into EDL with or a clean set up just for that purpose. Either way, it's possible and hopefully someone is able to do it. The good part is we have the MSM for each device already, just need to crack it so we can freely use it as needed.
 
  • Like
Reactions: Metromas
You must log in or register to reply here.

Similar threads

g96818
How To Guide OnePlus 10 Pro NE2215 ***ROOTED*** (13.1.0.591(EX01) Update)
Replies
528
Views
72K
A
afiqzman
empty.cad
General Oneplus 10 Pro Global Rom India / eu
Replies
354
Views
68K
Canuck Knarf
Canuck Knarf
T
General MSM TOOLS
Replies
788
Views
111K
N
neelchauhan
A
How To Guide Enable Native Call Recording + OP Stock Dialer on OnePlus 10 Pro
Replies
168
Views
53K
S
spiridonas
VovaHouse
How To Guide Root Oneplus 10 Pro (Color OS - Oxygen OS)
Replies
195
Views
47K
T
Thehaluzer

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 6
    dladz
    dladz
    Best way to extract would be to c$ into the computer you'll be using over the network from a secondary machine.

    Whitelist a keylogger (there are tonnes of them out there) make sure to test this first.

    Start the keylogger and c$ into the target machine from the second device.

    Once OnePlus has the files copied for use by the tech, using the remote computer, pull the files they've used and then finish the call.

    You'll then have the files on the secondary device and the log in details from the keylogger.

    It's not hard, just ridiculous anyone has to do this.

    I was resigned to the fact that this device wasn't going to get any love at all and nothing has changed on that front.

    I genuinely hope that im wrong, but I'm doubting it. Could very well spark the end of OnePlus, sick and tired of OEMs turning their backs on the very people who made them popular in the first place.
    View
    5
    evilhawk00
    evilhawk00
    jeffsga88 said:
    Unfortunately, all options require log in except company option (although those seem to check network you're on and I'm assuming some type of hardware key as it fails with a network issue error when trying that option). Also, MSM is encrypted so it's not a straightforward method to decompile and crack it. Unfortunately, that leads me to believe we're more likely to get credentials and hope OnePlus just doesn't care enough to delete the credentials from their database than to crack the program itself.
    Click to expand...
    Click to collapse
    AFAIK, there's no need to crack the EXE. All you need is a one-time Oneplus password(if you're able to get one) and a transparent proxy. Once you capture the network data via log-in the first time, you can create an EXE to set up a localhost server and respond to the MSM Tool with the data captured during the last login via windivert. Launching a MITM attack is the answer. If the communication is encrypted by SSL, the encryption can be forced removed by SSL-Strip. Once we see what the client and server are talking about, then we encrypt the data again with our self-generated Root CA certificate and we add our self-generated Root CA certificate to the trusted certificate storge.
    View
    3
    dladz
    dladz
    Mod Edit: Quoted Post Deleted

    You're referring to the MSM tool and a techs log in? If you're a OnePlus tech you're going to get fired, if you're not then what exactly are you selling??? It's a free tool, you've just keylogger stolen the details, nothing more.. trying to make money off people ?? That's shocking behaviour, genuinely awful..
    View
    2
    Ph0nysk1nk
    Ph0nysk1nk
    Got a random reply from OnePlus stating that "There's nothing that can be done" and I must send them the device.

    Don't get why they are conveniently forgetting about Msm tool. Are they not supposed to remote flash phones anymore?
    View
    2
    beatbreakee
    beatbreakee
    Seriousfreedom said:
    It just seems to me that qfil would be able to do the same thing but I really don't know
    Click to expand...
    Click to collapse
    You are 100% correct that QFIL COULD do it... But the problem is that there are 2 different versions of the Firehose programmer.... One is an Elf file, and that one is what comes in all these fw bundles we can access. This one is the one that requires "VIP authentication" in order for it to allow the flash to proceed. BUT there is also a 2nd Firehose programmer, and although everyone refers to them as "patched" loaders, they are not really patched by some hacker so to say... They are in fact patched by Qualcomm as programmers for Offline flashing of a device. This was confirmed to me by a Qualcomm tech who revealed too much during a chat. The Firehose I'm talking about is not an Elf, but a hex/bin file ... It is able to be used not with QFIL, but instead the "software download" feature in qpst. It's just very rare that we can get our hands on one of these firehoses.

    On a side note it was also explained that "The msmtool is not designed nor controlled by Oppo/BBK, and instead it is a created tool made by Qualcomm for flashing devices on certain chipsets. It's just a lucky ordeal that BBK manufactures most of the devices with those chipsets...". But Realme, Xiaomi, Redmi, Oppo, OnePlus, and some other devices ALL have at least one device that uses an MSM tool, and all of those companies were not originally Shenzhen corps...

    This info throws a slight curve ball into the mix with breaking the authentication algorithm... Cuz if it's designed by Qualcomm I can 100% guarantee that it is an unbreakable algorithm! Qualcomm unfortunately has 100's of millions of dollars invested into the research and design of their security! Remember they design chips for a huge number of companies across many spectrums, so cracking their code would literally upend several of their major buyers.... Let's hope that is not the reality, cuz if it is we are in for some super disappointment.
    View

New posts