MSM7227 S1Boot has been patched to ignore SIN header signature by the_laser.
You need phone which you either did not unlock by cable, or phone which you unlocked via SEtool2 only.
If you unlocked with Omnius, in C:\ProgramData\Omnius for SE\Backups\Xperia X8
you have file called: Xperia X8_IMEI_DATE_SIMLock.opd
Note, the fixed S1Boot for other tools should come soon.
Restore that TA backup, then use semc.cmd in the_laser's release to unlock bootloader - you'll restore SIM lock this way!
Currently there is no unlocked bootloader for Omnius unlocked phones.
* Kernel build instructions in second post.
* Original post by the_laser with unlock instructions in third post.
What will this allow:
* custom kernels
* better/fully working Gingerbread
* no need for chroot to avoid init crash bug
* overclock/Synaptics fake DT/Cypress real DT/MDDI fix built in kernel
This will not enable:
* real DT on Synaptics digitizer
To make custom kernel:
1) Compile it.
2) Grab Image, not zImage
3) Make ramdisk.gz (cpio ramdisk content, then gzip the cpio archive)
4) Place both files in ./msm7227/sinTools
5) Name then image and ramdisk, no extension, remove existing files
6) Exectue example_build.cmd
7) Grab result.elf.sin from result.zip, rename to kernel.sin and pack in ftf bundle with patched loader.sin from ./msm7227/loader
8) Flash with FlashTool.
Greetings.
warning.
if you are not developer, please quit reading that post.
wait for user friendly tool with one big button.
here ( View attachment msm7227.7z) is toolset to permanently "unlock" semcboot of msm7227 semc phones.
that means, you can use own kernel and so on.
steps,precautions, etc.
unpack archive to any directory.
if you using eset antivirus or similar ****, it will find evil virus in adb.exe.
ignore that, it is not virus in any way, it is standard android debug bridge, bundled in one file to save space and usability.
now, if your phone unlocked officially:
flash phone with standard 2.0,2.1 android firmware,because kernel mapper module compiled for "2.6.29" kernel.
of course, enable "usb debugging"
run msm7227_semc.cmd,
( if you want, examine it before run, it is pretty straightforward. )
you will get similar output
Code:
process requires standard 2.x android firmware.
Press any key to continue . . .
Getting ROOT rights.
1743 KB/s (585731 bytes in 0.328s)
error: protocol fault (no status)
Waiting ...
Removing NAND MPU restrictions via SEMC backdoor. Permanent. Require ROOT rights.
192 KB/s (3087 bytes in 0.015s)
success
Waiting ...
Getting ROOT rights.
Waiting ...
Writing patched semcboot. Two step process
First, we need get access to semcboot area
504 KB/s (8064 bytes in 0.015s)
Second, we need to write semcboot ;)
1130 KB/s (596916 bytes in 0.515s)
successfully wrote 0003ff00
Press any key to continue . . .
bingo, your phone now has unlocked bootloader.
if your phone unlocked by setool2 software, use msm7227_setool2.cmd
if your phone unlocked by 3rd-party software other than setool2, do not run anything -
it will disable radio capability of your phone and you will need to unlock phone by setool2 software.
to find out if you can safely unlock bootloader, here (View attachment s1tool.7z) is tool.
if you will see "NOT RECOGNIZED SIMLOCK CERTIFICATE", you should not use either of .cmd.
hopefully, mizerable flea and mOxImKo will release something similar for your phone.
okay, now about other details.
1.
unlocked bootloader require unlocked loader, yep ?
loader\loader.sin is special unlocked loader, which will be accepted ONLY after your "unlock" semcboot with previous steps.
to distinguish unlocked semcboot and original semcboot, first letter in version tag of semcboot output will be lower case, i. e. "r8A029"
( same applies for loader version tag )
so, all that stuff with signatures are not for us, so i removed them - loader will ignore signature part of SIN file.
2.
we should make SIN file somehow, right ?
for that i prepared "dumb" bin2sin utility.
Syntax : bin2sin [input] [partition info, 32 digits] [type] [block size]
Click to expand...
Click to collapse
[input] - is input binary file.
[partition info]
android implementation on s1 semc qualcomm phones based on partitions,so we MUST define it for our file.
you can get required partition info from standard semc sin files, it is first 0x10 bytes of DATA, right after header, i.e.
e10 kernel partition info
03000000010000402001000040000000
Click to expand...
Click to collapse
[type] - partition type, 9 - partition without spare, 0xA - partition with spare.
kernel partition is partition without spare.
if that parameter omitted, type = 9
[block size] - nand block size, if omitted, it is standard size 0x20000
there is example in sinTools\example_build.cmd
3.
kernel should be prepared specially to be accepted by semcboot.
for that there is tool bin2elf.
Syntax : bin2Elf.exe [nbrOfSegments] [EntryPoint] [Segment1] [LoadAddress1] [Attributes1] ...
Click to expand...
Click to collapse
we need 2 segments:
segment 1 is unpacked linux kernel image, i.e.
( e10/kernel/arch/arm/boot/Image )
it looks like entrypoint and load address for segment 1 is always same for all msm7227-based semc phone, it is 0x00208000
attributes for image 0x0
segment 2 is ramdisk.
it looks like entrypoint and load address for segment 1 is always same for all msm7227-based semc phone, it is 0x01000000
set attributes for ramdisk 0x80000000, that is extremly important.
there is simple kernel example in sinTools\example_build.cmd
ps.
@blagus:
NAND MPU disabler has only one relation to rFoNe - he took it from setool2, together with entire idea for msm7227 bypass.
your 6-wings friend with many nicks done exactly same.
NAND MPU has nothing to do with memory firewall, so it will not help with kexec things, however, who will care now.
edit:
there was minor flaw in msm7227_setool2.cmd - i forgot to change source bootwriter name and both .cmd wrote same semc boot:
flawed:
@echo Second, we need to write semcboot
bootTools\adb.exe push my7227bootwrite_semcSL /data/local/tmp/my7227bootwrite_setool2SL
Click to expand...
Click to collapse
correct:
@echo Second, we need to write semcboot
bootTools\adb.exe push my7227bootwrite_setool2SL /data/local/tmp/my7227bootwrite_setool2SL
Click to expand...
Click to collapse
of course, every developer or man with capability to read fixed it immediately.
just in case, i uploaded "fixed" package.
Ok, just because someone is asking what the hell is happened, got a request by Blagus to delete all posts but his first 2 and the_laser one, thread is now closeed untill Blagus will say me to open it.
How to verify if the bootloader on your phone is really unlocked
the_laser (earlier in this thread) said:
unlocked bootloader require unlocked loader, yep ?
loader\loader.sin is special unlocked loader, which will be accepted ONLY after your "unlock" semcboot with previous steps.
to distinguish unlocked semcboot and original semcboot, first letter in version tag of semcboot output will be lower case, i. e. "r8A029"
Click to expand...
Click to collapse
This means s1tool log file can provide us with verification if we unlocked bootloader correctly.
S1tool link: http://forum.xda-developers.com/showpost.php?p=17374120&postcount=26
Example of log file (mine):
Code:
9/9/2011 21:41:44 Welcome to S1 identify tool
9/9/2011 21:45:13
9/9/2011 21:45:13 TO CONNECT NEXT PHONES
9/9/2011 21:45:13 X10 Xperia,E10 Xperia Mini,E15 Xperia X8,U20 Xperia Mini Pro
9/9/2011 21:45:13 LT15 Xperia ARC,MT15 Xperia NEO,R800 Xperia PLAY
9/9/2011 21:45:13 PRESS AND HOLD "BACK" BUTTON...
9/9/2011 21:45:13
9/9/2011 21:45:13 PLEASE ATTACH TURNED OFF PHONE NOW
9/9/2011 21:45:13
9/9/2011 21:45:46
[B][U]9/9/2011 21:45:46 RUNNING S1_EROM VER "r8A029"[/U][/B]
9/9/2011 21:45:46 SOFTWARE AID: 0001
9/9/2011 21:45:46 LOADER AID: 0001
9/9/2011 21:45:49 FLASH ID: "002C/00BC"
9/9/2011 21:45:49 LOADER VERSION: "R4A045"
9/9/2011 21:45:49
9/9/2011 21:45:49 MODEL (from GDFS): X8
9/9/2011 21:45:49 SOFTWARE VERSION: 1236-9291_2.1.1.A.0.6
9/9/2011 21:45:49 CUSTOM VERSION: 1241-3178_R1B
9/9/2011 21:45:49 FILESYSTEM VERSION: WORLD-1-8_2.1.1.A.0.6
9/9/2011 21:45:49 SERIAL NO: CB511SPH7Q
9/9/2011 21:45:49
[B][U]9/9/2011 21:45:49 SEMC SIMLOCK CERTIFICATE[/U][/B]
9/9/2011 21:45:49 Elapsed:36 secs.
If the line RUNNING S1_EROM FROM VER "#8A029" has a lowercase "r" letter replacing the "#" (RUNNING S1_EROM FROM VER "r8A029"), your bootloader has been unlocked . If it has an uppercase "R" replacing the "#" (RUNNING S1_EROM FROM VER "R8A029"), your bootloader is NOT unlocked .
Cheers ,
SpyderX
Im confused !!
are you saying my phone has to have been sim unlocked for this to work because i have not had my x8 sim unlocked and i unlocked my boot loader perfectly fine. and thanks to the devs for all their hard work. now just gotta compile my own kernal
Welcome to S1 identify tool
TO CONNECT NEXT PHONES
X10 Xperia,E10 Xperia Mini,E15 Xperia X8,U20 Xperia Mini Pro
LT15 Xperia ARC,MT15 Xperia NEO,R800 Xperia PLAY
PRESS AND HOLD "BACK" BUTTON...
PLEASE ATTACH TURNED OFF PHONE NOW
RUNNING S1_EROM VER "r8A029"
SOFTWARE AID: 0001
LOADER AID: 0001
FLASH ID: "0020/00BC"
LOADER VERSION: "R4A045"
MODEL (from GDFS): E15i
SOFTWARE VERSION: 1236-9291_2.1.1.A.0.6
CUSTOM VERSION: 1241-4091_R3B
FILESYSTEM VERSION: WORLD-1-8_2.1.1.A.0.6
SERIAL NO: CB511RZG51
SEMC SIMLOCK CERTIFICATE
Elapsed:56 secs.
Click to expand...
Click to collapse
Success ! ty Dev ! you r the best !
lotus13 said:
Success ! ty Dev ! you r the best !
Click to expand...
Click to collapse
i turned off my phone, click button in s1tool and connect my phone to computer with pressed back button? and nothing writes only
2011. 09. 09. 19:02:20 Welcome to S1 identify tool
2011. 09. 09. 19:03:03
2011. 09. 09. 19:03:03 TO CONNECT NEXT PHONES
2011. 09. 09. 19:03:03 X10 Xperia,E10 Xperia Mini,E15 Xperia X8,U20 Xperia Mini Pro
2011. 09. 09. 19:03:03 LT15 Xperia ARC,MT15 Xperia NEO,R800 Xperia PLAY
2011. 09. 09. 19:03:03 PRESS AND HOLD "BACK" BUTTON...
2011. 09. 09. 19:03:03
2011. 09. 09. 19:03:03 PLEASE ATTACH TURNED OFF PHONE NOW
2011. 09. 09. 19:03:03
2011. 09. 09. 19:03:39 PROCEDURE STOPPED BY USER
2011. 09. 09. 19:03:39 Elapsed:250 secs.
Please help...
tony-noob said:
i turned off my phone, click button in s1tool and connect my phone to computer with pressed back button? and nothing writes only
2011. 09. 09. 19:02:20 Welcome to S1 identify tool
2011. 09. 09. 19:03:03
2011. 09. 09. 19:03:03 TO CONNECT NEXT PHONES
2011. 09. 09. 19:03:03 X10 Xperia,E10 Xperia Mini,E15 Xperia X8,U20 Xperia Mini Pro
2011. 09. 09. 19:03:03 LT15 Xperia ARC,MT15 Xperia NEO,R800 Xperia PLAY
2011. 09. 09. 19:03:03 PRESS AND HOLD "BACK" BUTTON...
2011. 09. 09. 19:03:03
2011. 09. 09. 19:03:03 PLEASE ATTACH TURNED OFF PHONE NOW
2011. 09. 09. 19:03:03
2011. 09. 09. 19:03:39 PROCEDURE STOPPED BY USER
2011. 09. 09. 19:03:39 Elapsed:250 secs.
Please help...
Click to expand...
Click to collapse
1.TURN OFF YOUR PHONE.
2.Open S1tool.CLick DO JoB(right side)
3.On your phone:
a.Pressing the back key.connect you phone.untill s1tool says:SEMC SIMLOCK CERTIFICATE
b.DO NOT RELEASE THE BACK KEY!
lotus13 said:
1.TURN OFF YOUR PHONE.
2.Open S1tool.CLick DO JoB(right side)
3.On your phone:
a.Pressing the back key.connect you phone.untill s1tool says:SEMC SIMLOCK CERTIFICATE
b.DO NOT RELEASE THE BACK KEY!
Click to expand...
Click to collapse
i do this 5 times but nothing... its normal if i don't have unlocked sim?can this cause this problem?
lotus13 said:
1.TURN OFF YOUR PHONE.
2.Open S1tool.CLick DO JoB(right side)
3.On your phone:
a.Pressing the back key.connect you phone.untill s1tool says:SEMC SIMLOCK CERTIFICATE
b.DO NOT RELEASE THE BACK KEY!
Click to expand...
Click to collapse
Don't have the step 3.On your phone
Just
1.TURN OFF YOUR PHONE.
2.Open S1tool.CLick DO JoB(right side)
3.Pressing the back key.and then connect you phone.untill s1tool says:SEMC SIMLOCK CERTIFICATE
b.DO NOT RELEASE THE BACK KEY!
lovex8 said:
Don't have the step 3.On your phone
Just
1.TURN OFF YOUR PHONE.
2.Open S1tool.CLick DO JoB(right side)
3.Pressing the back key.and then connect you phone.untill s1tool says:SEMC SIMLOCK CERTIFICATE
b.DO NOT RELEASE THE BACK KEY!
Click to expand...
Click to collapse
LOOOOOOOOOOOOOOOL =)))
When i said : On your phone , i meant that the next steps should be done on the phone.as you see a.b.c.
you r an idiot.sorry for telling you this
I'm sorry to misunderstand you 'turn on your phone'..XD
Just forget what I said...I'm really sorry...
Aftrer connecting i got this message
Welcome to S1 identify tool
TO CONNECT NEXT PHONES
X10 Xperia,E10 Xperia Mini,E15 Xperia X8,U20 Xperia Mini Pro
LT15 Xperia ARC,MT15 Xperia NEO,R800 Xperia PLAY
PRESS AND HOLD "BACK" BUTTON...
PLEASE ATTACH TURNED OFF PHONE NOW
llbug:[\\?\USB#Vid_0fce&Pid_adde#5&256bc46a&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}] open error: "The device does not recognize the command"
Elapsed:30 secs.
where is the problem?
@ognjenr
Install X8 adb drivers.
Read this:
http://forum.xda-developers.com/showthread.php?t=1254225
First post step 7
By the way devs, I noticed that bootloader unlocking process puts 4 files in /data/local/tmp (expl, fixPart, mapper_2.6.29.ko and (in my case) my7227bootwrite_semcSL) and executes them.
Is it safe to remove these files? If no, what happens if we remove this files? And what happens if we format our phone's /data partition? Will these files be removed?
Sorry for asking so many questions but these questions are quite important as these pertain to S1Boot and meddling with S1boot can cause hard bricks .
SpyderX said:
By the way devs, I noticed that bootloader unlocking process puts 4 files in /data/local/tmp (expl, fixPart, mapper_2.6.29.ko and (in my case) my7227bootwrite_semcSL) and executes them.
Is it safe to remove these files? If no, what happens if we remove this files? And what happens if we format our phone's /data partition? Will these files be removed?
Sorry for asking so many questions but these questions are quite important as these pertain to S1Boot and meddling with S1boot can cause hard bricks .
Click to expand...
Click to collapse
android delete all files in this folder by each reboot,so after reboot they will be deleted.
XperianPro said:
android delete all files in this folder by each reboot,so after reboot they will be deleted.
Click to expand...
Click to collapse
No, android doesn't. I've rebooted my phone 6 times ever since unlocking my bootloader and the files are still there. Please do your research and experiment with what you have read before posting false information , especially because you are a "pro".
mine only got "available_frequencies" in data/local/tmp. i dont see those file you have
@moaj
Now that's very strange. Can you put an empty file in /data/local/tmp, reboot, and then see if the empty file is still there? Post your results here.
@Devs
To reiterate in case you only read the last few posts:
By the way devs, I noticed that bootloader unlocking process puts 4 files in /data/local/tmp (expl, fixPart, mapper_2.6.29.ko and (in my case) my7227bootwrite_semcSL) and executes them.
Is it safe to remove these files? If no, what happens if we remove this files? And what happens if we format our phone's /data partition? Will these files be removed?
Sorry for asking so many questions but these questions are quite important as these pertain to S1Boot and meddling with S1boot can cause hard bricks.
Hi !
First of all, sorry fot my bad english, I'm french.
Further to a factory reset, I have two problems which appeared on my Play. In the first place, my Play is not recognized by none of my PC, while everything worked well before. Then, the button Home doesn't work anymore.
I made others factory reset since, but it changes nothing... And I cannot change version Android because my bootloader is locked ("bootloader unlock allowed: NO").
So, do you have any idea to repair my Play ? :crying:
Thanks :laugh:
Shokuboo said:
Hi !
First of all, sorry fot my bad english, I'm french.
Further to a factory reset, I have two problems which appeared on my Play. In the first place, my Play is not recognized by none of my PC, while everything worked well before. Then, the button Home doesn't work anymore.
I made others factory reset since, but it changes nothing... And I cannot change version Android because my bootloader is locked ("bootloader unlock allowed: NO").
So, do you have any idea to repair my Play ? :crying:
Thanks :laugh:
Click to expand...
Click to collapse
I would highly recommend you FTF back to stock completely. This will make your phone brand new out of the box state software wise and should resolve whatever issue you are having.
There is one thread that has all the FTF files in one list, but I could only find this.
http://forum.xda-developers.com/showthread.php?t=1627627
Some other links that may help:
http://forum.xda-developers.com/showthread.php?t=1048422
http://forum.xda-developers.com/showthread.php?t=1589399
Thanks for your help !
But now, I can't drag and drop the ".ftf" file into FlashTool. (I have a little sign "stop", who mean I can't do that).
Here, what FlashTool give me :
20/043/2012 23:43:54 - INFO - <- This level is successfully initialized
20/043/2012 23:43:54 - INFO - Flashtool Version 0.9.0.0 built on 2012-07-19 22:57:15
20/043/2012 23:43:54 - INFO - You can drag and drop ftf files here to start flashing them
20/043/2012 23:43:59 - INFO - Device connected with USB debugging on
20/044/2012 23:44:00 - INFO - Connected device : R800
20/044/2012 23:44:00 - INFO - Installed version of busybox : N/A
20/044/2012 23:44:00 - INFO - Android version : 2.3.4 / kernel version : 2.6.32.9-perf
20/044/2012 23:44:01 - INFO - Pushing C:\Flashtool\.\devices\R800\busybox\1.19.0\busybox to /data/local/tmp/busybox
20/044/2012 23:44:01 - INFO - Remounting system read-write
20/044/2012 23:44:02 - ERROR - Error mounting /system rw
20/044/2012 23:44:02 - INFO - Root Access Allowed
Maybe it's because of the "Error mounting system read-write" ? So, do you have else idea to reinstall the Frimware ?
EDIT: Now I have:
21/001/2012 00:01:20 - INFO - <- This level is successfully initialized
21/001/2012 00:01:20 - INFO - Flashtool Version 0.9.0.0 built on 2012-07-19 22:57:15
21/001/2012 00:01:20 - INFO - You can drag and drop ftf files here to start flashing them
21/001/2012 00:01:28 - INFO - Device connected with USB debugging off
21/001/2012 00:01:28 - INFO - For 2011 devices line, be sure you are not in MTP mode
21/001/2012 00:01:29 - INFO - Device connected with USB debugging on
21/001/2012 00:01:29 - INFO - Connected device : R800
21/001/2012 00:01:29 - INFO - Installed version of busybox : BusyBox v1.19.0 (2011-08-14 23:46:58 CDT) multi-call binary.
21/001/2012 00:01:29 - INFO - Android version : 2.3.4 / kernel version : 2.6.32.9-perf
21/001/2012 00:01:30 - INFO - Root Access Allowed
But it's always impossible to install the frimware, are you sure I can with a locked bootloader ?
EDIT 2: Ok, that's work ! I just have to copy/paste the frimware in the right folder (Falshtool/ Frimwares/).
Thanks !!
dear my friends ,urgent i need solution,have almost all programators like sigma kay ,hcu client dc phoenix ,octopus ..hcu client info
2018-12-25 02:38:06.103 Autodetect COM port and phone type start!
2018-12-25 02:38:07.212 Found COM port: COM83
2018-12-25 02:38:07.222 Found phone type: Huawei Android phone (Qualcomm CPU)
2018-12-25 02:38:07.234 Open COM port COM83 (DBAdapter Reserved Interface (COM83))...
2018-12-25 02:38:07.350 Start read phone info!
2018-12-25 02:38:07.478 Read phone secure info...
2018-12-25 02:38:07.739 Read phone basic info...
2018-12-25 02:38:07.849 Read phone info done!
Model: CAN-L11
IMEI: 8623****88888888
Firmware ver.: MSM8953C10B384_AMSS Nov 2 201810:28:29
Firmware model: CAN-L01
Dataver: CAN-L11C10B391_DATA_CAN-L11_hw_ru
SN: FPFD**********
PCB SN: DU4********
WiFi MAC: 182:76:8E:06:B1
BlueTooth MAC: 182:76:8D:F0:B0
Vendor: hw
Country: ru
RAM: 3GB
eMMC: 32GB
eMMC ID: 150100525831424D4206983DC6062400
HUN: 0000000000000000
IMEI 1 Sim Lock status:
NET: unlocked
NETSUB: unknown
SP: unknown
lets begin
customer brought can-l11 with android 6 ,in trying to flash it with nougat firmware ,it become dead ,only qualcom 9008 device recognized by pc ,so i flashed board firmware from dc support ,there is only Cannes-AL10_M001077_Board_Software_China_Nonspecific_Android_6.0_EMUI_4.1_firehorse
after that phone turns on but no imei,no serial ,no service nothing ,i have no backup ,
please i ask all members of this forum ,is any way to make phone fully in working condition ,please help me
i repaired imei .serial bluetooth wifi but signall of net is missing ,i think modem ,modemst1 and modemst2 partitions are missing ,please urgent i need your help,even 112 calling is impossible