I apologize for the title, but this is relevant to Oneplus 10 Pro.
On approx Nov 12th last month, i joined heavily in the discussion regarding Region changing, or using MSM Tool to flash a different fw for our devices. That same day i successfully jumped from the 2419 Tmobile branded fw, to the 2415 Global FW, without a hitch. I then immediately posted success replies to those who were interested. In the 1st full reply regarding my process, i identified several "requirements" in both editing an accompanying file, as well as which version(s) were needed in order to do the jumps. Exactly 3 days later, OPPO took down their official posting that linked to the Rollback packages, and the Beta 1 Android 13 builds to download including the local update apks needed. Seamlessly they linked an identical page with NEW links to download, that had the same names almost. (i have screenshots of the file size differences for proof) ... but almost 70% of you all who attempted my instructions, but downloaded the UPDATED packages, resulted in a bootloop, or unresponsive device!
1st... im sorry for that! When i hard linked the files that i KNEW worked, i never expected oneplus to be sneaky and change the contents, but keep my links headed to these newer packages... I just really did not fathom a company which we all used to support, turning against us in an act of really sinister nature. They had to be aware that once these files were changed out, it would create numerous bootloops and bricks, yet they would not provide us an Unbrick method.
I addressed the altered files swiftly once i verified the changes, and then began urging people to be careful and also realize that there were new things that were done to the FW and i did not have any ideas how they would react, especially on the Tmobile Variants of the 10 Pro and 10 T... but i made THIS FORUM, my ground zero because doing the same method WORKED on the 10 Pro... but after a few modifications, i was stuck in the Unresponsive Brick state ppl were encountering.
(My 10T still worked like a champ though, which confused me as usually OLDER devices have less structural security than newer ones, and the 10 pro was almost a year older!! To Assume something makes an A** of U & ME.)
So with this forum as ground zero, it was where i was focusing probably close to 30-40 hrs a week, trying to troubleshoot and collaborate with other Devs/users about methods to break the MSM TOOL Authentication, so we would all have a WORKING, UNBRICK TOOL, that no one had to send some person a crypto payment to then let them log into your computer! (Stranger Danger!!!!)
It seemed like every time we had SOME MEASURE of success, either by luck, or even finding an alternative tool not meant for this device, that was capable of a successful flash.... we were instantly "knee-capped" by a sniper, and either the new tool no longer functioned properly or it outright broke.... (Secrecy Tool... used to unlock crucial Engineering Mode sections got blucked thru the instructed installation, with no new solution.... which also somehow there are screenshots of an Engineering app, RUNNING ON A ONEPLUS 10 Pro, that had 3 or 4 more options than we do.... hmmm) Anyways just one example of an OPPO intervention.
I have helped with SAMSUNG Root exploits that were SERIOUS flaws, and it took Samsung a few weeks to try patching... BUT I KNOW that BBK, with all the 40 different devices released each year, DOES NOT have a team dedicated to scouring for OUR semi-glitchy NON WORKING theories. (1st clue)
Anyways, here is the main point.... About 2 weeks ago i revealed that i was going ALL IN on finding a way to give us an MSM Flash tool that would bypass all the login stuff and let us do a local UNBRICK FLASH. I gave a few too many clues as to what my Goal Line was looking at. In about 24 hrs i was sent a "Cease and Desist Order" via email, to an address that is not associated to either THIS account on XDA, nor ANY account connected to the Oneplus Community. It was an address linked to a Qualcomm Developer profile i created, and another Android development site. Yet that site doesn't have any info linking to XDA. (2nd clue)
After the 1st order i got... i received a less formal , but just as direct email, from BBK/Oppo requesting that i stop ANY reverse engineering activity that they are now aware of my actions, and failure to comply, or if a release of any tool that had identifying data which could be proven as OPPO programming tools, they would refer my actions to the Department of Justice, cyber crimes division. I TOOK THAT ONE SERIOUSLY, and notified my family attorney! .... I then just within the past 48 hours posted some updates, as well as theories regarding other NON-ASSOCIATED programs that were readily available , and created by the manufacturer Qualcomm.... (because they cannot come at me, for apps that EVERYONE already can dl.... ) WELL UPDATE: Yesterday 12/26 around 9:39pm Central i received another FORMAL "Cease and Desist Order" from Oppo/BBK... but this time it was informing me that they intend to press Qualcomm into filing an official complaint against me, for "Copyright Infringement" , and "Illegally Accessing Unauthorized Applications by Qualcomm, to Reverse Engineer their security" ... <=== my lawyer laughed at this one.... but im not... and now i must tell you that "officially" i cannot release a public tool, if in fact i am able to mitigate their security. Under the "Bug Bounty" Programs offered by both Google, and Qualcomm, I have FULL AUTHORITY to continue researching the same thing i was doing prior to the letters. Oppo cannot TRUMP both Qualcomm, and Google who expressly approve hackers and security testers WITHOUT RESTRICTION, to do whatever we have to, in order to break their respective programs, AS LONG AS I USE THE FAIR REPORTING PRACTICES, AND NOTIFY THEM OF THE BUG/EXPLOIT FOUND... and then Once they acknowledge receipt of the complete process, a 90-day counter begins, and UNTIL THAT EXPIRES, i am not allowed to disclose, ,or discuss any specifics regarding what i have found, in order to give them adequate time to patch/replace the vulnerable process/application.
NOW HERE IS WHY I AM WRITING THIS NOTICE.... I was contacted BY VOICE, by a Qualcomm Technical Support Administrator, who was actually trying to reach out to THE PERSON WHO REPORTED ME TO OPPO.... TMOBILE ..... GOOGLE AND QUALCOMM.!!!!
I played along and when they asked me about what i was trying to report exactly, i asked them to read me back just what i had sent them , because I was "busy over the past few days, and had made several reports, so i needed a refresh of which report it was...."
They read me back THE ENTIRE EMAIL, including the header, which stated the Email address, as well as the Username (???) and then in the first sentence, they said, "Hello.... I'm sorry to contact you this way, but i did not locate any other means of contact to report criminal activity being performed on your applications and devices. My name is <XDA-NAME> ,and im a member at XDA-Developers, who has seen some alarming discussions regarding your newest Smartphone processor, and also the applications you use to interact with them... I cant go into too much detail here, because it would take much more than i feel comfortable typing, but it is urgent that you contact me regarding the XDA USER: "Beatbreakee" . I have acquired his contact email, and phone from online public data channels, and i will include those at the bottom, but you need to act fast and stop this hacker, before he creates a serious security risk in your company!
Followed by a jumble of Email addresses... only 1 which was mine.... and several phone numbers from WAY BACK... that i havent had in years, but also one current number... which they mistakenly called ME instead of him.
So i first off want this to be noted that i have ZERO intention of revealing who the "Concerned Citizen" was that felt that my usage of the READILY AVAILABLE DOWNLOADS of QPST, and QXDM were of such a nefarious intent! So plz dont ask, because i dont Dox people.... I leave that to politicians and tv journalists....
I just wanted everyone who takes the time to read this, to be AWARE that you really cannot trust ANYONE you dont have a good repertoire with... and be advised that some of the people who ask for help, and also have EXTREMELY SPECIFIC questions pertaining to some thing youre discussing, may have totally malicious intentions as to how they use the info you tell them.
All i can say is that the user REALLY reported me, BECAUSE I WAS BOISTEROUSLY EXCLAIMING THAT I INTEND TO BUILD A FREE, OFFLINE, UNBRICK TOOL, TO STOP THE EXTORTION BY PPL WHO HAVE NO AUTHORITY TO CHARGE US FOR A SOLUTION WHICH SHOULD BE FREE.....
In other words, they snitched me out so i wouldnt hurt their gestapo over fixing our phones..... (Kinda trashy.... dontcha think!)
But thats all the details i can provide ... sorry i wont break America , any more than it already is.... So you get to stay in the shadows PERSON.... But you should know that NOW i have the green light to use any available programs/software within public domain, in order to achieve my intended goal.... because all i have to do is make the report to QualComm because THEY INVENTED AND DO THE CODING FOR THE MSMTOOL.... NOT OPPO! ..... good try! (oh and i told them EXACTLY what i was attempting to do, which is how i learned of their bug bounty... and they not only were not concerned... but they laughed because the versions we have around on the internet, are SEVERAL YEARS behind the current tools, and are neutered enough to not pose a security risk
So i will continue to work diligently people... but if i find success, i wont be able to give any disclosure other than confirmation, and then it will take 90 days before i can actually say something legally! This sucks, cuz we need the tool NOW.... and the Oneplus 11 is being released In January in China! (Yikes)
ok thats all.... Happy New Year everyone...... (including the person who wants our devices to stay bricked unless we pay them!)