After reading this thread http://forum.xda-developers.com/showthread.php?t=2632814 posted by @hutchinsane_ I mounted my Lumia's .ffu with ImgMount and used the Raw Disk Tool from OSForensics to check out some of the partition files. In doing so I came across the ACPI and SMBios files which I hadn't seen before when using ImgMount. Not sure if these are any use to the devs and haven't really looked at them(not that I'd know what to do with them anyways) but here are some screenshots of the partitions I was able to mount and the files inside. The files from screenshot G are contained in the DATA folder from screenshot F and the files from screenshot I are contained in the EFIESP folder. The ACPI/SMBIOS files are here http://www.mediafire.com/download/q1vx7g6b7523xvf/Lumia_ACPI_SMBios.zip.
Another screenshot of the partitions listed. Partition 25 seems to be encrypted...
tonbonz said:
After reading this thread http://forum.xda-developers.com/showthread.php?t=2632814 posted by @hutchinsane_ I mounted my Lumia's .ffu with ImgMount and used the Raw Disk Tool from OSForensics to check out some of the partition files. In doing so I came across the ACPI and SMBios files which I hadn't seen before when using ImgMount. Not sure if these are any use to the devs and haven't really looked at them(not that I'd know what to do with them anyways) but here are some screenshots of the partitions I was able to mount and the files inside. The files from screenshot G are contained in the DATA folder from screenshot F and the files from screenshot I are contained in the EFIESP folder. The ACPI/SMBIOS files are here http://www.mediafire.com/download/q1vx7g6b7523xvf/Lumia_ACPI_SMBios.zip.
Click to expand...
Click to collapse
The ACPI and SMBIOS files are in the PLAT partition, at least this is the case on the HTC 8S. Didn't know about the Raw Disk Viewer, looks interesting. Will try it on my HTC Rom though once I'm at home (school, duh.. ) Do you have any idea what could possibly be the content of partition 25?
hutchinsane_ said:
The ACPI and SMBIOS files are in the PLAT partition, at least this is the case on the HTC 8S. Didn't know about the Raw Disk Viewer, looks interesting. Will try it on my HTC Rom though once I'm at home (school, duh.. ) Do you have any idea what could possibly be the content of partition 25?
Click to expand...
Click to collapse
Thanks for checking this out. Congrats on your work with the HTC rom!!! I wasn't sure which section to post in but I didn't wanna jack your thread and the devs didn't seem to want us "Nokia owners" there I'm assuming because the security on the Lumia roms is so damn tight you can't do anything without breaking the signature. I was just looking for another way to poke around the rom I'm a total noob so have no idea what could be on partition 25 but some of the partitions that claim to be empty still have data on them I just couldn't get them to mount or figure out how to extract it. Oh totally off topic but could you posssibly post the harware ID for an HTC device here http://forum.xda-developers.com/showthread.php?t=2636111 so
@bruce142 can create a script? Thanks in advance!!!
I'll get my hardware ID once I get my device back I guess so, since at least one guy tried it (I think) and it didn't work so well. Bummer that the MAINOS on the HTC 8S Rom is Bitlocker encrypted, the header looks messed up anyway. I think they used some kind of different encryption in addition to bitlocker, even if it's only spliting up the headers.
Or they may be using a different type or protocol or revision of bitlocker, I think you get the idea.
hutchinsane_ said:
I'll get my hardware ID once I get my device back I guess so, since at least one guy tried it (I think) and it didn't work so well. Bummer that the MAINOS on the HTC 8S Rom is Bitlocker encrypted, the header looks messed up anyway. I think they used some kind of different encryption in addition to bitlocker, even if it's only spliting up the headers.
Or they may be using a different type or protocol or revision of bitlocker, I think you get the idea.
Click to expand...
Click to collapse
I was able to read partition 25 by saving the whole disk as an image then when mounting the image with OSMount it asks which partition. These are the files contained in the MMOS folder in screenshot G at the beginning of this thread. I'll see about mounting the others when I have more time.
the smbios is identical to the ones in the htc 8x ruu. have you seen any files with keyboard shortcut configurations and explanation how the windows meta button in any of the lumias
grilledcheesesandwich said:
the smbios is identical to the ones in the htc 8x ruu. have you seen any files with keyboard shortcut configurations and explanation how the windows meta button in any of the lumias
Click to expand...
Click to collapse
do you about this menu on 8x
?
on my phone changed imei. pictured designated place soldering red circle.
do you think that there for track passes?
Related
I am not rooted.
I have researched and every time someone talks about this topic they start refering to doing things in root. I am a Linux user specifically a Linux Mint 13 KDE. However! I don't work with the terminal and have not since my DOS days, nor do I want to. IMO I'm too old to bother with it.
Now I use ES File Explorer as my file browser and I see there seems to be a duplication of almost everything on my device yet there is not enough room on the Nexus 4 16GB to hold 2 of everything I have loaded onto it.
So I assume the extra stuff I see are sym-links (I don't realy understand what they are just that they are not real). Am I correct?
Why when an app looks for duplicates does it show the stuff in /storage/emulated/legacy etc. and in /storage/emulated/0 etc. and report them as the same size?
Why am I allowed to create a folder in /storage/emulated/0 or /storage/emulated/legacy if they just contain sym-links? IMO I should not have access to those folders without being rooted.
Why when I add a folder in /storage/emulated/0 or /storage/emulated/legacy does it show up in /sdcard?
donec said:
I use ES File Explorer as my file browser and I see there seems to be a duplication of almost everything on my device yet there is not enough room on the Nexus 4 16GB to hold 2 of everything I have loaded onto it.
So I assume the extra stuff I see are sym-links (I don't realy understand what they are just that they are not real). Am I correct?
Why when an app looks for duplicates does it show the stuff in /storage/emulated/legacy etc. and in /storage/emulated/0 etc. and report them as the same size?
Why am I allowed to create a folder in /storage/emulated/0 or /storage/emulated/legacy if they just contain sym-links? IMO I should not have access to those folders without being rooted.
Why when I add a folder in /storage/emulated/0 or /storage/emulated/legacy does it show up in /sdcard?
Click to expand...
Click to collapse
I was going to post a simpler version of this question: Why do I have [Android 4.2.2 on a Nexus 7] /storage/emulated/0/, /storage/emulated/legacy/, and /storage/sdcard0/ when they seem to have exactly the same contents? When, if I create something in /storage/emulated/0/ it's duplicated in the other two locations?
But I noticed this thread and decided to check it out. I am shocked that it'' gotten no response in five months.
Eric Weir said:
I was going to post a simpler version of this question: Why do I have [Android 4.2.2 on a Nexus 7] /storage/emulated/0/, /storage/emulated/legacy/, and /storage/sdcard0/ when they seem to have exactly the same contents? When, if I create something in /storage/emulated/0/ it's duplicated in the other two locations?
But I noticed this thread and decided to check it out. I am shocked that it'' gotten no response in five months.
Click to expand...
Click to collapse
They are basically the same thing. 2 mount points pointing to the same storage device and partition.
If you create something in one folder, it will show up in the other. Same applies for deleting stuff.
They do not take away more storage space, as it is only available once but shown twice.
You also don't need to worry about it in any way because file browsers normally set their default directory to one of these locations.
As far as i know, Google changed the mount points in Android 4.2 to /storage/emulated/0/ due to them switching to MTP and EXT4(?) for the sdcard. The other mount points are still there for compatibility.
Don't quote me on that, though.
They changed it for multi-user feature
Sent from my Nexus 4
Can I delete "legacy"
Nuu~ said:
They are basically the same thing. 2 mount points pointing to the same storage device and partition.
If you create something in one folder, it will show up in the other. Same applies for deleting stuff.
They do not take away more storage space, as it is only available once but shown twice.
You also don't need to worry about it in any way because file browsers normally set their default directory to one of these locations.
As far as i know, Google changed the mount points in Android 4.2 to /storage/emulated/0/ due to them switching to MTP and EXT4(?) for the sdcard. The other mount points are still there for compatibility.
Don't quote me on that, though.
Click to expand...
Click to collapse
Can I delete the legacy folder without harming anything?
DEFI4NT said:
Can I delete the legacy folder without harming anything?
Click to expand...
Click to collapse
Did you read the post that you quoted ?
"If you create something in one folder, it will show up in the other. Same applies for deleting stuff."
DEFI4NT said:
Can I delete the legacy folder without harming anything?
Click to expand...
Click to collapse
Why would you even want to delete it in the first place? You wouldn't be gaining anything is just another mount point.
Sent from my Nexus 4 using Tapatalk
....
/storage, /sdcard are sym linked folders,that means when you open one of those, it redirects to the original(/data/media/0), as for the 0 is just a multi user feature implemented in android 4.2, but only enabled on tablet androids.
Why do this Sym-Link?: simple so it dosent break apps(not only file explorer type of app, but all apps).
Still dont get, why it would break?.Simple. android api have lots of ways to write/read files from folders, u can do manually,u can get the data path, u can get the sdcard path, etc,etc. so to not break that they just does these sym links, thats why in one app the storage contentents are listed on /sdcard but on others, is /storage, etc,etc. one example of an app that broke because of these changes to android is titanium backup, u need to change the internal storage on it, so it work.
Are they really symlinks?
I want to make sure that they are sym linked files/ folders and not additional copies as it will directly impact the storage.
Emulated storage is the only reason i have not upgraded yet to Android 4.4 yet, despite ROMs being available ages ago..
1. Please let me know for confirmation, if there is no impact on storage space.
2. Can Link2SD be used in 4.4 with emulated storage?
3. If there is a file and its sym link/ copy; are the rights equally assigned to both files/ folders?
I mean to ask if there is a provision to have root previlege on the original file and read only rights on the sym link ? Is it possible??
the main reason for this question is that, if by mistake i do something on the sym lilnk, it should not affect the original file.
and whatever change i wish to operate on, i can do it on the original file itself.
Regards
Dwipen
opssemnik said:
/storage, /sdcard are sym linked folders,that means when you open one of those, it redirects to the original(/data/media/0), as for the 0 is just a multi user feature implemented in android 4.2, but only enabled on tablet androids.
Why do this Sym-Link?: simple so it dosent break apps(not only file explorer type of app, but all apps).
Still dont get, why it would break?.Simple. android api have lots of ways to write/read files from folders, u can do manually,u can get the data path, u can get the sdcard path, etc,etc. so to not break that they just does these sym links, thats why in one app the storage contentents are listed on /sdcard but on others, is /storage, etc,etc. one example of an app that broke because of these changes to android is titanium backup, u need to change the internal storage on it, so it work.
Click to expand...
Click to collapse
dwipen said:
I want to make sure that they are sym linked files/ folders and not additional copies as it will directly impact the storage.
Emulated storage is the only reason i have not upgraded yet to Android 4.4 yet, despite ROMs being available ages ago..
1. Please let me know for confirmation, if there is no impact on storage space.
2. Can Link2SD be used in 4.4 with emulated storage?
3. If there is a file and its sym link/ copy; are the rights equally assigned to both files/ folders?
I mean to ask if there is a provision to have root previlege on the original file and read only rights on the sym link ? Is it possible??
the main reason for this question is that, if by mistake i do something on the sym lilnk, it should not affect the original file.
and whatever change i wish to operate on, i can do it on the original file itself.
Regards
Dwipen
Click to expand...
Click to collapse
1- impact? no they are like .ink files in windows
2- yes link2sd works
3- the permissions are the same
maybe someone here can explain whats going on
So my phone seems to have two systems (or probably more) running and it IS using up my memory. See attached photos. I own a 32gb Optimus G pro. Rooted and custom recovery. Beeen trying out a few ROMs. Well somehow I noticed that there is some kind of ghost app/system using up my memory. I only use 7.36 of my sd card (internal). Yet I only have 6gb of memory left. And I just noticed my calendar has double the entries.
Is there a fix??? Or do I have to reflash stock kitkat???
What happened? The only irregular thing that happened is when I was restoring a nandroid backup I fell asleep and woke up 3 hours later and noticed that somehow the phone was making another backup. Could that be the cause. Restoring doesn't fix this. What can I do?
I can't rfactory reset since I have a custom recovery. Doing it in the custom recovery has no effect.
Oh and I did flash freegee's cwm over hoangnova's cwm. Someone told me to update cwm through freegee because I couldn't flash any custom roms.
I have similar problem.
liovag said:
Hello,
I have order Meizu m1 note 32 gb version blue color from fastcardtech.com and i have received a couple of days ago. Today i notice that in storage menu, the file system holds 17.13GB
The phone is unrooted.
How is this possible, I am very disappointed, and frustrated.
This is a big thing. I have pay for 32GB version and i suspect that they fraud me.
Also i have connect the phone via usb to my pc and i saw that the total size is only 11,9GB and not 32.
Also i have install to the phone the ES File Explorer to check the storage capacity and i saw that the phone have 11.94 GB Total capacity and not 32 i suspect that you have change something to the phone software. to look 32gb but actually is only 16GB version. This is fraud.
I have make factory reset with erasing data and upgrade the system but remains the same. :/
Please give me your advice.
View attachment 3407558
View attachment 3407559
View attachment 3407560
Click to expand...
Click to collapse
Imagine a HOUSE. The house = the storage location. Everything in it is your data... furniture etc. These are your files.
storage location \legacy = the back door.
storage location \0 = the front door.
If you delete a file = take your chair and throw it in the yard. Its gone from the house no matter if you entered the front door or back door.
yes, it consumes double storage!
I also have the same observation. Whatever the explaination from previous replies, it consumes my storage double! And it hurts if you only have 8 GB internal storage in my Moto G.
X-plore app can show the storage mapping in my root folder.
What we need now is a solution how to avoid this double storage consumption.
So, we have two identical houses, instead of one house with two doors!
Why2 said:
I also have the same observation. Whatever the explaination from previous replies, it consumes my storage double! And it hurts if you only have 8 GB internal storage in my Moto G.
X-plore app can show the storage mapping in my root folder.
What we need now is a solution how to avoid this double storage consumption.
So, we have two identical houses, instead of one house with two doors!
Click to expand...
Click to collapse
I completely understood the analogy about the house and furniture but it does not answer the above question.
Why does it reflect as double the amount of storage being used if it is technically one spot. Its not like its one spot with different files, its one spot with duplicate paths of ONE file that are somehow reflecting as double files, using double the amount of space.
Sorry I'm trying my best to explain and work logic into this lol
II've been trying to change the destination file for utorrent on my android from storage/emulated/legacy to storage/external_SD, for some reason when I do this utorrent says "file not found", and will only download to storage/emulated/legacy, can anyone help with this? It would be greatly appreciated
Found these in my dump files and was wondering if they would be of any use in "jailbreaking" the Lumia phones? At the very least would it be possible to rewrite the ffuloader.efi in order to use it to modify .ffu files?
tonbonz said:
Found these in my dump files and was wondering if they would be of any use in "jailbreaking" the Lumia phones? At the very least would it be possible to rewrite the ffuloader.efi in order to use it to modify .ffu files?
Click to expand...
Click to collapse
I'm not an expert but I think it's not possible, since there's a signature check system in uefi..so even if someone would be able to modificy the ffuloader file in the correct way, without a SIGNED .ffu the system couldn't boot anyway. And, as far as I know, nobody is able to generate a valid signature. And, of course, disabling the signature-check system is something unknown.
It isn't really Nokia - FFU is Microsoft reference format. There is currently no way to edit anything serious except Data partition
Your hope would be that there is a private key embedded in one of those files inside the ffu...then we'd be home free! ffu in of itself isn't really anything special..think of it as a zip file.
I have been doing way too much reading into the bootlaoders and how they work. I found the following quote interesting (taken from
http://forum.xda-developers.com/showpost.php?p=37245426&postcount=21):
any current qualcomm chipset with blown secure fuses require valid signature in order to execute loader from flash ( emmc,nor,nand ) or from peripheral boot ( emergency loader )
every phone producer ( sony, htc, nokia, zte, etc ) have own OEM ID number, which is blown on hardware level, so every phone model can have specific loader ( but usually manufacturers using same OEM ID for all phones on same chipset )
some manufacturer for unknown reasons use unsecure chipsets ( which accept unsigned loaders ) - perfect example nokia lumia series until 9xx
Click to expand...
Click to collapse
What I was curious about was if you edit the .ffu file with a hex editor at all it changes the CRC that the .vpl from the NCS packages looks for and when flashing you get a corrupt .ffu warning. Changing the CRC in the .vpl gets a corrupt .vpl error. What I noticed was if I unmount the .ffu, mounted using the image mounting tool from another thread,using disk manager the temp virtual disk file stays the same size as the.ffu file (4.12G). However I didn't know about the CRC check at this time. So now I remounted the .ffu, changed nothing but the registry key for interop unlock, and unmounted the disk. Once again the temp virtual disk file created is the the same size as the rom .ffu.Upon checking the CRC of the virtual disk it also remained the same as the rom's .ffu file. However you can not simply change the file name back to rm-860blahblahblah.ffu. So thought maybe these could be used in some way to open or mount the rom so when unmounted you were left with original .ffu. I'm sure there is more than the CRC that is being checked. As i've stated many times before I am still learning as I go but am highly interested in learning and spend tons of free time reading and exploring files. Just now getting around to trying to understand the boot process.
There are integrated hashtables in the FFU.
I thought about this too, but any editing to the ffu, without resiging the ffu will result in an error when you flash it, because the boot loader won't install unsigned .ffus. From what I've heard anyways.
Sent from my Nokia 521 using XDA Windows Phone 8 App
These were in the secure boot policy Certificates seen in the pictures from the first post.
How to remove files from the section "factory" without reformatting it?
Nik782 said:
How to remove files from the section "factory" without reformatting it?
Click to expand...
Click to collapse
What does "the section 'factory'" mean? A directory?
http:
//i2.imageban.ru/out/2015/08/28/4ec3f3dcbdd9bbbce1b164d4faad84a4.png
Nik782 said:
http:
//i2.imageban.ru/out/2015/08/28/4ec3f3dcbdd9bbbce1b164d4faad84a4.png
Click to expand...
Click to collapse
Okay, so it's the factory partition you're talking about.
I would not recommend touching any files from that area of your Nook - some very essential stuff is in there, and you really don't want to mess around with it (at least, not until you become a bit more experienced with hacking and development).
I do not see the need for a chapter on this file \Linux Ext Volume 1\factory.zip.
Standard System Restore is still not possible, because of the reduced partition of the cache. Unzip the archive is simply nowhere.
For disaster recovery NST I have several stored images.
I am not afraid to experiment. If there is a way to delete the file from the partition is ready to try.
Excuse me, I use the Google-translator.
All the problem is solved.
I use the program Paragon ExtFS 2.41
Edited - Added A new procedure and no more reset anymore.
:good::good::good::good::good::good::good::good:
people who have audio problem after "root unlock" can use this trick temporary.in this trick there is no issue in audio..and i think the audio fix option will come soon.
ok here is The latest trick for interop unloking listed lumia devices.i will write the post shortly.the 60% work will do the wpinternal app.so u have to read the post.
Device supported:
Lumia 520,521,525,620,625,810,820,822,920,925,1020,720 (Other devices is not suported in WPINternals that's why those devices owner have to wait).
**1st a big thanks to "Heathcliff74" for his awesome tool.and 2nd Big thanks to "AndroidXsK" for the SBL3 partitions.
ok here is the procedure.
1st follow this link to unlock ur bootloader.The wpinternals app has all Answers of ur questions.
http://forum.xda-developers.com/windows-phone-8/development/windows-phone-internals-unlock-t3257483
1st download the tool and read the getting started section carefully. (don't do anything just read).
2nd download the SBL3 Partion files from this link. --- http://forum.xda-developers.com/showpost.php?p=64100811&postcount=267
now with the Wpinternals app unlock ur bootloader with the supported SBL3 partitions.
here u have to choose exact partition which match with ur phone..
well if u have a same cpu which matches with sbl3 partion supported phone u can use that for ur phone also..suppose u r using lumia 521/525 but there is no sbl3 partition for those phone then u can use 520 sbl3 partition .bcz 520 has the same processor.i think u understood.
after unlocking bootloader ur phone will reboot to normal mode..keep connected ur phone with pc by USB ..now from the wpinternal app go to manual mode and select "mass storage mode" in the app.the phone will boot again and will go black(unresponsive) ..don't worry.then u will find a new mounted drive partition in ur pc.it's ur phone mainos partition.
go to that drive and u will se some folders .if u don't know pls don't play with those folders.just go to (windows>packages>registry files) folders..u will find many reg files just copy the "Software.reg" file in ur desktop.we will work with that file.
now open 7zip file manager (don't have just download or install)
select the software reg file from desktop.
after clciking on software reg u will see a file named software without any extension.
right click on the file and click "edit".
now a notepad tab will open with many lines..
now add these quoted(add without quotes) lines from the attachment at the end of the software file lines.
View attachment 3566593
now save the file by pressing "Ctrl+S"
now a msg box will appear on 7z file manager just click yes...
after that put/replace the modified software.reg files in the (new mounted drive>windows>packages>registry files) folder.
now soft reset ur phone by clicking "volume down+power button" for 10 second.
then the phone will boot up normally..now u have to must give a hard reset ur phone to get the new capabilities unlocked...
2nd Procedure(No reset anymore) :
Thanks to @_wook_
There's easier way, no need fot 7zip at all
Just switch device to the mass storage mode, go to [MainOS mount point]:\windows\system32\config\ and copy SOFTWARE to some location on PC, then make duplicate just in case you mess up with some registry entry.
Open RegEdit.exe and click on HKLM > File> Load Hive and select file you copied from your MainOS partition drive, then type in the name - anything like lumiaSofware...
Edit what you want (probably capabilities... or something) and unload hive by selecting the lumiaSoftware > File > Unload Hive.
Close RegEdit (no need for it anymore); copy your SOFTWARE file to the place where you got it from (There will be more files, with LOG or similar extension, disregard them). Eject device and hold down power button for 10 seconds (or at least until it vibrates) and voila, you edited your registry with success.
Important notes:
You can mess up your System, but probably you will be able to repair it by re-flashing ffu again - not tested.
Maybe I skipped some step in tutorial and you will be confused what to do next, so, just in case you don't have clue what I am talking about, then this is no good tutorial for you, no good at all!
In case Explorer.exe tells you that you don't have permission to access to [MainOS MP]:\windows\system32\config just press enter (it will be ok I think). Maybe this will cause an issue for some path, or for some devices, not causing any issue to me.
I have crazy phone and a lot of things works on it...
I am using Win10 and Win 10 Mobile.
In case you don't know who is the guy named Explorer.exe forget everything you read in this post and go to some place else.
Best regards and be safe
//edit:
Uploaded attachment for detailed instructions.
attachment Link - forum.xda-developers.com/attachment.php?attachmentid=3563171&d=1449110333
Remember, this works on my device, there might be some issues with it I don't know and I haven't found any so far. Maybe it will brick your phone, mine is working good so far...
Zip file contains screenshots with steps from 0001 to 0031.
And, please, If i had nerve to write entire post, have nerve to read it too...
N.B.-
somethings u must be remembered that the unlock will be parmanent.and i will not responsible for any kind of harm in ur phone.and devices which (like 720) doesn't have sbl3 partitions,u can also unlock ur device by dumping ur phone partition.for this u have to read WPinternals getting started section.
******Sorry for my bad english**************
audio working?
reksden said:
audio working?
Click to expand...
Click to collapse
Yes..thats why i said temporary solution..
Riyad_ said:
Yes..thats why i said temporary solution..
Click to expand...
Click to collapse
okay, but i have lumia 720(((
The version of 7z that you use ?
reksden said:
okay, but i have lumia 720(((
Click to expand...
Click to collapse
No rpoblem..u can try this by dumping ur phone mainos partition.check wpinternals.net
titi66200 said:
The version of 7z that you use ?
Click to expand...
Click to collapse
version 9.34..also works with version 9.20
Thanks
Riyad_ said:
No rpoblem..u can try this by dumping ur phone mainos partition.check wpinternals.net
Click to expand...
Click to collapse
okay, this instruction is older, i get interop unlock with oem setting and system and other reg(huawei w1 with 8.0 05420). but i flashed dump with interop unlock.
Why not writing reg values directly here ?
"C:\Windows\System32\Config"
Thank you so much Riyad_,
this a great notice and I will use now the toturial in my lumia 520
Riyad_ said:
:good::good::good::good::good::good::good::good:
people who have audio problem after "root unlock" can use this trick temporary.in this trick there is no issue in audio..and i think the audio fix option will come soon.
ok here is The latest trick for interop unloking listed lumia devices.i will write the post shortly.the 60% work will do the wpinternal app.so u have to read the post.
Device supported:
Lumia 520,521,525,620,625,810,820,822,920,925,1020,720 (Other devices is not suported in WPINternals that's why those devices owner have to wait).
**1st a big thanks to "Heathcliff74" for his awesome tool.and 2nd Big thanks to "AndroidXsK" for the SBL3 partitions.
ok here is the procedure.
1st follow this link to unlock ur bootloader.The wpinternals app has all Answers of ur questions.
http://forum.xda-developers.com/windows-phone-8/development/windows-phone-internals-unlock-t3257483
1st download the tool and read the getting started section carefully. (don't do anything just read).
2nd download the SBL3 Partion files from this link. --- http://forum.xda-developers.com/showpost.php?p=64100811&postcount=267
now with the Wpinternals app unlock ur bootloader with the supported SBL3 partitions.
here u have to choose exact partition which match with ur phone..
well if u have a same cpu which matches with sbl3 partion supported phone u can use that for ur phone also..suppose u r using lumia 521/525 but there is no sbl3 partition for those phone then u can use 520 sbl3 partition .bcz 520 has the same processor.i think u understood.
after unlocking bootloader ur phone will reboot to normal mode..keep connected ur phone with pc by USB ..now from the wpinternal app go to manual mode and select "mass storage mode" in the app.the phone will boot again and will go black(unresponsive) ..don't worry.then u will find a new mounted drive partition in ur pc.it's ur phone mainos partition.
go to that drive and u will se some folders .if u don't know pls don't play with those folders.just go to (windows>packages>registry files) folders..u will find many reg files just copy the "Software.reg" file in ur desktop.we will work with that file.
now open 7zip file manager (don't have just download or install)
select the software reg file from desktop.
after clciking on software reg u will see a file named software without any extension.
right click on the file and click "edit".
now a notepad tab will open with many lines..
now add these quoted(add without quotes) lines from the attachment at the end of the software file lines.
View attachment 3562770
now save the file by pressing "Ctrl+S"
now a msg box will appear on 7z file manager just click yes...
after that put/replace the modified software.reg files in the (new mounted drive>windows>packages>registry files) folder.
now soft reset ur phone by clicking "volume down+power button" for 10 second.
then the phone will boot up normally..now u have to must give a hard reset ur phone to get the new capabilities unlocked...
N.B.-
somethings u must be remembered that the unlock will be parmanent.and i will not responsible for any kind of harm in ur phone.and devices which (like 720) doesn't have sbl3 partitions,u can also unlock ur device by dumping ur phone partition.for this u have to read WPinternals getting started section.
******Sorry for my bad english**************
Click to expand...
Click to collapse
I get the black screen with sad face reboot loop.
into the ffu ? How ?
There's easier way, no need fot 7zip at all
Just switch device to the mass storage mode, go to [MainOS mount point]:\windows\system32\config\ and copy SOFTWARE to some location on PC, then make duplicate just in case you mess up with some registry entry.
Open RegEdit.exe and click on HKLM > File> Load Hive and select file you copied from your MainOS partition drive, then type in the name - anything like lumiaSofware...
Edit what you want (probably capabilities... or something) and unload hive by selecting the lumiaSoftware > File > Unload Hive.
Close RegEdit (no need for it anymore); copy your SOFTWARE file to the place where you got it from (There will be more files, with LOG or similar extension, disregard them). Eject device and hold down power button for 10 seconds (or at least until it vibrates) and voila, you edited your registry with success.
Important notes:
You can mess up your System, but probably you will be able to repair it by re-flashing ffu again - not tested.
Maybe I skipped some step in tutorial and you will be confused what to do next, so, just in case you don't have clue what I am talking about, then this is no good tutorial for you, no good at all!
In case Explorer.exe tells you that you don't have permission to access to [MainOS MP]:\windows\system32\config just press enter (it will be ok I think). Maybe this will cause an issue for some path, or for some devices, not causing any issue to me.
I have crazy phone and a lot of things works on it...
I am using Win10 and Win 10 Mobile.
In case you don't know who is the guy named Explorer.exe forget everything you read in this post and go to some place else.
Best regards and be safe
//edit:
Uploaded attachment for detailed instructions.
Remember, this works on my device, there might be some issues with it I don't know and I haven't found any so far. Maybe it will brick your phone, mine is working good so far...
Zip file contains screenshots with steps from 0001 to 0031.
And, please, If i had nerve to write entire post, have nerve to read it too...
_wook_ said:
There's easier way, no need fot 7zip at all
Just switch device to the mass storage mode, go to [MainOS mount point]:\windows\system32\config\ and copy SOFTWARE to some location on PC, then make duplicate just in case you mess up with some registry entry.
Open RegEdit.exe and click on HKLM > File> Load Hive and select file you copied from your MainOS partition drive, then type in the name - anything like lumiaSofware...
Edit what you want (probably capabilities... or something) and unload hive by selecting the lumiaSoftware > File > Unload Hive.
Close RegEdit (no need for it anymore); copy your SOFTWARE file to the place where you got it from (There will be more files, with LOG or similar extension, disregard them). Eject device and hold down power button for 10 seconds (or at least until it vibrates) and voila, you edited your registry with success.
Important notes:
You can mess up your System, but probably you will be able to repair it by re-flashing ffu again - not tested.
Maybe I skipped some step in tutorial and you will be confused what to do next, so, just in case you don't have clue what I am talking about, then this is no good tutorial for you, no good at all!
In case Explorer.exe tells you that you don't have permission to access to [MainOS MP]:\windows\system32\config just press enter (it will be ok I think). Maybe this will cause an issue for some path, or for some devices, not causing any issue to me.
I have crazy phone and a lot of things works on it...
I am using Win10 and Win 10 Mobile.
In case you don't know who is the guy named Explorer.exe forget everything you read in this post and go to some place else.
Best regards and be safe
Click to expand...
Click to collapse
Have you tested this?.
Rivo17 said:
Have you tested this?.
Click to expand...
Click to collapse
Of course, but, i recommend you to try first post. As I wrote, I have a crazy phone...
In that case, you must better edit your post for avoid confusion. Just saying.
_wook_ said:
There's easier way, no need fot 7zip at all
Just switch device to the mass storage mode, go to [MainOS mount point]:\windows\system32\config\ and copy SOFTWARE to some location on PC, then make duplicate just in case you mess up with some registry entry.
Open RegEdit.exe and click on HKLM > File> Load Hive and select file you copied from your MainOS partition drive, then type in the name - anything like lumiaSofware...
Edit what you want (probably capabilities... or something) and unload hive by selecting the lumiaSoftware > File > Unload Hive.
Close RegEdit (no need for it anymore); copy your SOFTWARE file to the place where you got it from (There will be more files, with LOG or similar extension, disregard them). Eject device and hold down power button for 10 seconds (or at least until it vibrates) and voila, you edited your registry with success.
Important notes:
You can mess up your System, but probably you will be able to repair it by re-flashing ffu again - not tested.
Maybe I skipped some step in tutorial and you will be confused what to do next, so, just in case you don't have clue what I am talking about, then this is no good tutorial for you, no good at all!
In case Explorer.exe tells you that you don't have permission to access to [MainOS MP]:\windows\system32\config just press enter (it will be ok I think). Maybe this will cause an issue for some path, or for some devices, not causing any issue to me.
I have crazy phone and a lot of things works on it...
I am using Win10 and Win 10 Mobile.
In case you don't know who is the guy named Explorer.exe forget everything you read in this post and go to some place else.
Best regards and be safe
//edit:
Uploaded attachment for detailed instructions.
Remember, this works on my device, there might be some issues with it I don't know and I haven't found any so far. Maybe it will brick your phone, mine is working good so far...
Zip file contains screenshots with steps from 0001 to 0031.
And, please, If i had nerve to write entire post, have nerve to read it too...
Click to expand...
Click to collapse
Loading hive and searching for capabilities i think it's more complicated...just adding some line is much more easier .but ur tut is good too.
djamol said:
Why not writing reg values directly here ?
"C:\Windows\System32\Config"
Click to expand...
Click to collapse
i was confused about it that's why i used software.reg. ..
Rivo17 said:
I get the black screen with sad face reboot loop.
Click to expand...
Click to collapse
i also got this 1st time. try again resetting or flash the ffu again.
Hi,
I've been able to use vcREG 1.5 on a 950XL to execute any exe file via services.exe, except it's getting stopped by Code Integrity. That's also why putting older NdtkSvc.dll doesn't work on the newer phone (aside from the fact that it has to be in c:\windows). I thought oh maybe any valid arm executable signed by microsoft would be enough, so I copied some executables from the Raspberry Pi Windows 10 IoT image, but I could only get them to run inside the app sandbox because they weren't in the system catalog :'(
Example:
21-March-2016 15:04:08.339601 0x000003D4 0x00000F88 Verbose Microsoft-Windows-CodeIntegrity Code Integrity completed validating file hash. Status 0xC0000428.
21-March-2016 15:04:08.339631 0x000003D4 0x00000F88 Error Microsoft-Windows-CodeIntegrity Code Integrity determined that a process (\Device\HarddiskVolume37\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume39\WPSystem\ftpd.exe that did not meet the Windows signing level requirements.
So now the trick is to find an executable on the system that currently exists, that can be used to gain further access... I've been trying various things like OOBE stuff etc without any luck so far.
Hoping someone else has some ideas... maybe even executing a dll function to import registry from a file or something directly, then we could unlock interop on 950's..
Thanks
Great work
maybe you can MTP your 950/950xl and look for the files in the \windows folder
micheal
Can you tell me how to execute a exe via services.exe ? Thanks?
naiple said:
Can you tell me how to execute a exe via services.exe ? Thanks?
Click to expand...
Click to collapse
use vcREG1.5 to edit HKLM\SYSTEM\ControlSet001\Services\NlpmService\ImagePath
Change it to whatever executable you want, reboot and it will run as LOCAL SYSTEM, provided that it is signed correctly.
NOTE: Changing this will stop your Glance screen from working, so take note of the original value and restore it after you are done if you use glance.
megasounds said:
Great work
maybe you can MTP your 950/950xl and look for the files in the \windows folder
micheal
Click to expand...
Click to collapse
Actually using MTP isn't the best thing for that, because you are missing out on more than half of the available executable files as they are not viewable via MTP on 950/XL due to permissions. It's best to mount the FFU image and look around that way.
I have already looked and tested most of them, thus why I was asking if anyone else had some ideas.
darkfires said:
use vcREG1.5 to edit HKLM\SYSTEM\ControlSet001\Services\NlpmService\ImagePath
Change it to whatever executable you want, reboot and it will run as LOCAL SYSTEM, provided that it is signed correctly.
NOTE: Changing this will stop your Glance screen from working, so take note of the original value and restore it after you are done if you use glance.
Click to expand...
Click to collapse
Thanks! I will try it on my lumia
darkfires said:
use vcREG1.5 to edit HKLM\SYSTEM\ControlSet001\Services\NlpmService\ImagePath
Change it to whatever executable you want, reboot and it will run as LOCAL SYSTEM, provided that it is signed correctly.
NOTE: Changing this will stop your Glance screen from working, so take note of the original value and restore it after you are done if you use glance.
Click to expand...
Click to collapse
I can't find NlpmService because my lumia730 don't have a Glance screen ... is there any way else to run a exe?
naiple said:
I can't find NlpmService because my lumia730 don't have a Glance screen ... is there any way else to run a exe?
Click to expand...
Click to collapse
I only decompiled the NdtkSvc on 950XL, the one on 730 might be different. But to answer your question there is only one other way, and it will kill USB so you won't be able to connect to it via PC at all until you reverse the change. If you post your NdtkSvc.dll I can check it for you.
HKLM\SYSTEM\ControlSet001\Services\NokDeviceHubSvc\ImagePath
darkfires said:
I only decompiled the NdtkSvc on 950XL, the one on 730 might be different. But to answer your question there is only one other way, and it will kill USB so you won't be able to connect to it via PC at all until you reverse the change. If you post your NdtkSvc.dll I can check it for you.
HKLM\SYSTEM\ControlSet001\Services\NokDeviceHubSvc\ImagePath
Click to expand...
Click to collapse
Ahh, i find the Nlpmservice. Don't know why i cant find it yesterday... And if you need any thing(unlocked bootloader, uefi...) from 730 or 540 i can post it, both are prototype and can enter massStorage. Hope i can help you. Thank you for the answer
naiple said:
Ahh, i find the Nlpmservice. Don't know why i cant find it yesterday... And if you need any thing(unlocked bootloader, uefi...) from 730 or 540 i can post it, both are prototype and can enter massStorage. Hope i can help you. Thank you for the answer
Click to expand...
Click to collapse
I'm trying to do something different and I found this topic so if you still have these devices can you extract NlpmService.dll file from System32 and upload it here for me?