Disconnect batterry, Short-Circuit + Plug cable
install first, qcom driver.
plug in the cable when short-circuiting.
stop short-circuiting when you plug in the cable. it will work.
Question OnePlus 10 Pro - QDLoader HS-USB - EDL Test Point [9008] MSM
- Thread starter Metromas
- Start date
-
- Tags
- oneplus 10 pro
install first, qcom driver.
plug in the cable when short-circuiting.
stop short-circuiting when you plug in the cable. it will work.
Rom2Box does not yet support the VIP Verification system. Although Sahara and connection supports are available, an Authorized account is still required.
welp tried that no dice :/ kinda wish someone could help via discord or something.
I tried Windows 10 in a virtual machine using VMware I did see one com Port but it was com Port one and that was for a shared thing between Windows 11
It could / should work in 11, but have seen people have problems with multiple things.. I've not had any of the driver issues on 10 with any of my devices... Least that's me.
Speaking of support, can I get some insight on
{Mod edit: Paid service information removed - Oswald Boelcke} Think this would work on the 10?
Last edited by a moderator:
Stay away from it. Msm tools are free and shouldn't have to pay someone for that garbage.
Last edited by a moderator:
1.) Sadly, Msm tool is no longer free. Sure OPPO technicians are loving this.
2.) I'm not in it for personal use. I'm interested in figuring out how to emulate the process. 20 bucks isn't a bad price at trying it. Though I have no idea how to do it.
Sorry mate, I'm not going to be adopting the abomination that is windows 11 anytime over the next few years...
I wouldn't even call it windows anymore.
AkayamiShurui
Senior Member
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
6Best way to extract would be to c$ into the computer you'll be using over the network from a secondary machine.
Whitelist a keylogger (there are tonnes of them out there) make sure to test this first.
Start the keylogger and c$ into the target machine from the second device.
Once OnePlus has the files copied for use by the tech, using the remote computer, pull the files they've used and then finish the call.
You'll then have the files on the secondary device and the log in details from the keylogger.
It's not hard, just ridiculous anyone has to do this.
I was resigned to the fact that this device wasn't going to get any love at all and nothing has changed on that front.
I genuinely hope that im wrong, but I'm doubting it. Could very well spark the end of OnePlus, sick and tired of OEMs turning their backs on the very people who made them popular in the first place.5
AFAIK, there's no need to crack the EXE. All you need is a one-time Oneplus password(if you're able to get one) and a transparent proxy. Once you capture the network data via log-in the first time, you can create an EXE to set up a localhost server and respond to the MSM Tool with the data captured during the last login via windivert. Launching a MITM attack is the answer. If the communication is encrypted by SSL, the encryption can be forced removed by SSL-Strip. Once we see what the client and server are talking about, then we encrypt the data again with our self-generated Root CA certificate and we add our self-generated Root CA certificate to the trusted certificate storge.3Mod Edit: Quoted Post Deleted
You're referring to the MSM tool and a techs log in? If you're a OnePlus tech you're going to get fired, if you're not then what exactly are you selling??? It's a free tool, you've just keylogger stolen the details, nothing more.. trying to make money off people ?? That's shocking behaviour, genuinely awful..2Got a random reply from OnePlus stating that "There's nothing that can be done" and I must send them the device.
Don't get why they are conveniently forgetting about Msm tool. Are they not supposed to remote flash phones anymore?2
You are 100% correct that QFIL COULD do it... But the problem is that there are 2 different versions of the Firehose programmer.... One is an Elf file, and that one is what comes in all these fw bundles we can access. This one is the one that requires "VIP authentication" in order for it to allow the flash to proceed. BUT there is also a 2nd Firehose programmer, and although everyone refers to them as "patched" loaders, they are not really patched by some hacker so to say... They are in fact patched by Qualcomm as programmers for Offline flashing of a device. This was confirmed to me by a Qualcomm tech who revealed too much during a chat. The Firehose I'm talking about is not an Elf, but a hex/bin file ... It is able to be used not with QFIL, but instead the "software download" feature in qpst. It's just very rare that we can get our hands on one of these firehoses.
On a side note it was also explained that "The msmtool is not designed nor controlled by Oppo/BBK, and instead it is a created tool made by Qualcomm for flashing devices on certain chipsets. It's just a lucky ordeal that BBK manufactures most of the devices with those chipsets...". But Realme, Xiaomi, Redmi, Oppo, OnePlus, and some other devices ALL have at least one device that uses an MSM tool, and all of those companies were not originally Shenzhen corps...
This info throws a slight curve ball into the mix with breaking the authentication algorithm... Cuz if it's designed by Qualcomm I can 100% guarantee that it is an unbreakable algorithm! Qualcomm unfortunately has 100's of millions of dollars invested into the research and design of their security! Remember they design chips for a huge number of companies across many spectrums, so cracking their code would literally upend several of their major buyers.... Let's hope that is not the reality, cuz if it is we are in for some super disappointment.
